- 20 Nov, 2020 31 commits
-
-
Ido Schimmel authored
If the FIB info (i.e, 'struct fib_info', 'struct fib6_info') uses a nexthop object, then use the object's identifier to resolve the nexthop group. Signed-off-by:
Ido Schimmel <idosch@nvidia.com> Reviewed-by:
Jiri Pirko <jiri@nvidia.com> Signed-off-by:
Jakub Kicinski <kuba@kernel.org>
-
Ido Schimmel authored
Register a listener to the nexthop notification chain and parse notified nexthop objects into the existing mlxsw nexthop data structures. Signed-off-by:
-
Christian Eggers authored
If dsa_switch_ops::port_txtstamp() returns false, clone will be freed immediately. Shouldn't store a pointer to freed memory. Signed-off-by:
Christian Eggers <ceggers@arri.de> Reviewed-by:
Vladimir Oltean <olteanv@gmail.com> Tested-by:
Florian Fainelli <f.fainelli@gmail.com> Link: https://lore.kernel.org/r/20201119110906.25558-1-ceggers@arri.deSigned-off-by:
-
Jakub Kicinski authored
Antonio Cardace says: ==================== netdevsim: add ethtool coalesce and ring settings Output of ethtool-ring.sh and ethtool-coalesce.sh selftests: # ./ethtool-ring.sh PASSED all 4 checks # ./ethtool-coalesce.sh PASSED all 22 checks # ./ethtool-pause.sh PASSED all 7 checks ==================== Link: https://lore.kernel.org/r/20201118204522.5660-1-acardace@redhat.comSigned-off-by:
-
Antonio Cardace authored
Add scripts to test ring and coalesce settings of netdevsim. Signed-off-by:
Antonio Cardace <acardace@redhat.com> Signed-off-by:
-
Antonio Cardace authored
As pointed out by Michal Kubecek, getting the name with the previous approach was racy, it's better and easier to get the name of the device with this patch's approach. Essentialy the function doesn't need to exist anymore as it's a simple 'ls' command. Signed-off-by:
-
Antonio Cardace authored
Factor out some useful functions so that they can be reused by other ethtool-netdevsim scripts. Signed-off-by:
-
Antonio Cardace authored
Add ethtool ring and coalesce settings support for testing. Signed-off-by:
Michal Kubecek <mkubecek@suse.cz> Signed-off-by:
-
Antonio Cardace authored
This will help the refactoring in the next commit when coalesce and ring settings are added. Signed-off-by:
-
Antonio Cardace authored
This bitmask represents all existing coalesce parameters. Signed-off-by:
-
Randy Dunlap authored
Fix build of net/core/stream.o when CONFIG_INET is not enabled. Fixes these build errors (sample): ld: net/core/stream.o: in function `sk_stream_write_space': (.text+0x27e): undefined reference to `tcp_stream_memory_free' ld: (.text+0x29c): undefined reference to `tcp_stream_memory_free' ld: (.text+0x2ab): undefined reference to `tcp_stream_memory_free' ld: net/core/stream.o: in function `sk_stream_wait_memory': (.text+0x5a1): undefined reference to `tcp_stream_memory_free' ld: (.text+0x5bf): undefined reference to `tcp_stream_memory_free' Fixes: 1c5f2ced ("tcp: avoid indirect call to tcp_stream_memory_free()") Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Reported-by:
-
Colin Ian King authored
The call to pc_delete_flow can kfree the iter object, so the following dev_err message that accesses iter->entry can accessmemory that has just been kfree'd. Fix this by adding a temporary variable 'entry' that has a copy of iter->entry and also use this when indexing into the array mcam->entry2target_pffunc[]. Also print the unsigned value using the %u format specifier rather than %d. Addresses-Coverity: ("Read from pointer after free") Fixes: 55307fcb ("octeontx2-af: Add mbox messages to install and delete MCAM rules") Signed-off-by:Colin Ian King <colin.king@canonical.com> Link: https://lore.kernel.org/r/20201118143803.463297-1-colin.king@canonical.comSigned-off-by:
-
Colin Ian King authored
Currently the variable err may be uninitialized if several of the if statements are not executed in function nix_tx_vtag_decfg and a garbage value in err is returned. Fix this by initialized ret at the start of the function. Addresses-Coverity: ("Uninitialized scalar variable") Fixes: 9a946def ("octeontx2-af: Modify nix_vtag_cfg mailbox to support TX VTAG entries") Signed-off-by: -
Colin Ian King authored
The shifting of the u16 result from ntohs(proto) by 16 bits to the left will be promoted to a 32 bit signed int and then sign-extended to a u64. In the event that the top bit of the return from ntohs(proto) is set then all then all the upper 32 bits of a 64 bit long end up as also being set because of the sign-extension. Fix this by casting to a u64 long before the shift. Addresses-Coverity: ("Unintended sign extension") Fixes: f0c2982a ("octeontx2-pf: Add support for SR-IOV management function") Signed-off-by: -
Jakub Kicinski authored
Srujana Challa says: ==================== Add Support for Marvell OcteonTX2 Cryptographic This patchset adds support for CPT in OcteonTX2 admin function(AF). CPT is a cryptographic accelerator unit and it includes microcoded Giga Cipher engines. OcteonTX2 SOC's resource virtualization unit (RVU) supports multiple physical and virtual functions. Each of the PF/VF's functionality is determined by what kind of resources are attached to it. When the CPT block is attached to a VF, it can function as a security device. The following document provides an overview of the hardware and different drivers for the OcteonTX2 SOC: https://www.kernel.org/doc/Documentation/networking/device_drivers/marvell/octeontx2.rst This patch series includes: - Patch to update existing Marvell sources to support CPT. - Patch that adds mailbox messages to the admin function (AF) driver, to configure CPT HW registers. - Patch to provide debug information about CPT. ==================== Link: https://lore.kernel.org/r/20201118114416.28307-1-schalla@marvell.comSigned-off-by:
-
Srujana Challa authored
Add entries to debugfs at /sys/kernel/debug/octeontx2/cpt. cpt_pc: dump cpt performance HW registers. Usage: cat /sys/kernel/debug/octeontx2/cpt/cpt_pc cpt_ae_sts: show cpt asymmetric engines current state Usage: cat /sys/kernel/debug/octeontx2/cpt/cpt_ae_sts cpt_se_sts: show cpt symmetric engines current state Usage: cat /sys/kernel/debug/octeontx2/cpt/cpt_se_sts cpt_engines_info: dump cpt engine control registers. Usage: cat /sys/kernel/debug/octeontx2/cpt/cpt_engines_info cpt_lfs_info: dump cpt lfs control registers. Usage: cat /sys/kernel/debug/octeontx2/cpt/cpt_lfs_info cpt_err_info: dump cpt error registers. Usage: cat /sys/kernel/debug/octeontx2/cpt/cpt_err_info Signed-off-by:
Suheil Chandran <schandran@marvell.com> Signed-off-by:
Srujana Challa <schalla@marvell.com> Signed-off-by:
-
Srujana Challa authored
On OcteonTX2 SoC, the admin function (AF) is the only one with all priviliges to configure HW and alloc resources, PFs and it's VFs have to request AF via mailbox for all their needs. This patch adds a mailbox interface for CPT PFs and VFs to allocate resources for cryptography. It also adds hardware CPT AF register defines. Signed-off-by:
Lukasz Bartosik <lbartosik@marvell.com> Signed-off-by:
-
Srujana Challa authored
On OcteonTX2 platform CPT instruction enqueue and NIX packet send are only possible via LMTST operations which uses LDEOR instruction. This patch moves lmt flush function from OcteonTX2 nic driver to include/linux/soc since it will be used by OcteonTX2 CPT and NIC driver for LMTST. Signed-off-by:
-
Tariq Toukan authored
Performance analysis counters are maintained under the MLX4_EN_PERF_STAT definition, which is never set. Clean them up, with all related structures and logic. Signed-off-by:
Tariq Toukan <tariqt@nvidia.com> Reviewed-by:
Moshe Shemesh <moshe@nvidia.com> Link: https://lore.kernel.org/r/20201118103427.4314-1-tariqt@nvidia.comSigned-off-by:
-
Paolo Abeni authored
The static checker is fooled by the non-static locking scheme implemented by the mentioned helpers. Let's make its life easier adding some unconditional annotation so that the helpers are now interpreted as a plain spinlock from sparse. v1 -> v2: - add __releases() annotation to unlock_sock_fast() Signed-off-by:
Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/6ed7ae627d8271fb7f20e0a9c6750fbba1ac2635.1605634911.git.pabeni@redhat.comSigned-off-by:
-
Lorenzo Bianconi authored
Convert netsec driver to xdp_return_frame_bulk APIs. Rely on xdp_return_frame_rx_napi for XDP_TX in order to try to recycle the page in the "in-irq" page_pool cache. Co-developed-by:
Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by:
Lorenzo Bianconi <lorenzo@kernel.org> Link: https://lore.kernel.org/r/01487b8f5167d62649339469cdd0c6d8df885902.1605605531.git.lorenzo@kernel.orgSigned-off-by:
-
Numan Siddique authored
There is no easy way to distinguish if a conntracked tcp packet is marked invalid because of tcp_in_window() check error or because it doesn't belong to an existing connection. With this patch, openvswitch sets liberal tcp flag for the established sessions so that out of window packets are not marked invalid. A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which sets this flag for both the directions of the nf_conn. Suggested-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Numan Siddique <nusiddiq@redhat.com> Acked-by:
-
Jakub Kicinski authored
Claudiu Manoil says: ==================== enetc: Clean endianness warnings up Cleanup patches to address the outstanding endianness issues in the driver reported by sparse. ==================== Link: https://lore.kernel.org/r/20201119101215.19223-1-claudiu.manoil@nxp.comSigned-off-by:
-
Claudiu Manoil authored
Currently the control buffer descriptor (cbd) fields have endianness restrictions while the commands passed into the control buffers don't (with one exception). This patch fixes offending code, by adding endianness accessors for cbd fields and removing the unnecessary ones in case of data buffer fields. Currently there's no need to convert all commands to little endian format, the patch only focuses on fixing current endianness issues reported by sparse. Signed-off-by:
Claudiu Manoil <claudiu.manoil@nxp.com> Signed-off-by:
-
Claudiu Manoil authored
These particular fields are specified in the H/W reference manual as having network byte order format, so enforce big endian annotation for them and clear the related sparse warnings in the process. Signed-off-by:
-
Oliver Herms authored
This patch adds an IPv6 routes encapsulation attribute to the result of netlink RTM_GETROUTE requests (i.e. ip route get 2001:db8::). Signed-off-by:
Oliver Herms <oliver.peter.herms@gmail.com> Reviewed-by:
David Ahern <dsahern@kernel.org> Link: https://lore.kernel.org/r/20201118230651.GA8861@twsSigned-off-by:
-
Paolo Abeni authored
We must start the retransmission timer only there are pending data in the rtx queue. Otherwise we can hit a WARN_ON in mptcp_reset_timer(), as syzbot demonstrated. Reported-and-tested-by: syzbot+42aa53dafb66a07e5a24@syzkaller.appspotmail.com Fixes: d9ca1de8 ("mptcp: move page frag allocation in mptcp_sendmsg()") Signed-off-by:
Mat Martineau <mathew.j.martineau@linux.intel.com> Reported-by:
Naresh Kamboju <naresh.kamboju@linaro.org> Tested-by:
-
Jakub Kicinski authored
Jacob Keller says: ==================== devlink: move common flash_update calls to core This series moves a couple common pieces done by all drivers of the ->flash_update interface into devlink.c flash update handler. Specifically, the core code will now request_firmware and devlink_flash_update_(begin|end)_notify. This cleanup is intended to simplify driver implementations so that they have less work to do and are less capable of doing the "wrong" thing. For request_firmware, this simplification is done as it is not expected that drivers would do anything else. It also standardizes all drivers so that they use the same interface (request_firmware, as opposed to request_firmware_direct), and allows reporting the netlink extended ack with the file name attribute. For status notification, this change prevents drivers from sending a status message without properly sending the status end notification. The current userspace implementation of devlink relies on this end notification to properly close the flash update channel. Without this, the flash update process may hang indefinitely. By moving the begin and end calls into the core code, it is no longer possible for a driver author to get this wrong. Changes since v3 * picked up acked-by and reviewed-by comments * fixed the ionic driver to leave the print statement in place For the original patch that moved request_firmware, see [1]. For the v2 see [2]. For further discussion of the issues with devlink flash status see [3]. For v3 see [4]. [1] https://lore.kernel.org/netdev/20201113000142.3563690-1-jacob.e.keller@intel.com/ [2] https://lore.kernel.org/netdev/20201113224559.3910864-1-jacob.e.keller@intel.com/ [3] https://lore.kernel.org/netdev/6352e9d3-02af-721e-3a54-ef99a666be29@intel.com/ [4] https://lore.kernel.org/netdev/20201117200820.854115-1-jacob.e.keller@intel.com/ ==================== Link: https://lore.kernel.org/r/20201118190636.1235045-1-jacob.e.keller@intel.comSigned-off-by:
-
Jacob Keller authored
When performing a flash update via devlink, device drivers may inform user space of status updates via devlink_flash_update_(begin|end|timeout|status)_notify functions. It is expected that drivers do not send any status notifications unless they send a begin and end message. If a driver sends a status notification without sending the appropriate end notification upon finishing (regardless of success or failure), the current implementation of the devlink userspace program can get stuck endlessly waiting for the end notification that will never come. The current ice driver implementation may send such a status message without the appropriate end notification in rare cases. Fixing the ice driver is relatively simple: we just need to send the begin_notify at the start of the function and always send an end_notify no matter how the function exits. Rather than assuming driver authors will always get this right in the future, lets just fix the API so that it is not possible to get wrong. Make devlink_flash_update_begin_notify and devlink_flash_update_end_notify static, and call them in devlink.c core code. Always send the begin_notify just before calling the driver's flash_update routine. Always send the end_notify just after the routine returns regardless of success or failure. Doing this makes the status notification easier to use from the driver, as it no longer needs to worry about catching failures and cleaning up by calling devlink_flash_update_end_notify. It is now no longer possible to do the wrong thing in this regard. We also save a couple of lines of code in each driver. Signed-off-by:
Jacob Keller <jacob.e.keller@intel.com> Acked-by:
Vasundhara Volam <vasundhara-v.volam@broadcom.com> Reviewed-by:
-
Jacob Keller authored
All drivers which implement the devlink flash update support, with the exception of netdevsim, use either request_firmware or request_firmware_direct to locate the firmware file. Rather than having each driver do this separately as part of its .flash_update implementation, perform the request_firmware within net/core/devlink.c Replace the file_name parameter in the struct devlink_flash_update_params with a pointer to the fw object. Use request_firmware rather than request_firmware_direct. Although most Linux distributions today do not have the fallback mechanism implemented, only about half the drivers used the _direct request, as compared to the generic request_firmware. In the event that a distribution does support the fallback mechanism, the devlink flash update ought to be able to use it to provide the firmware contents. For distributions which do not support the fallback userspace mechanism, there should be essentially no difference between request_firmware and request_firmware_direct. Signed-off-by:
Shannon Nelson <snelson@pensando.io> Acked-by:
-
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski authored
Signed-off-by:
-
- 19 Nov, 2020 9 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netLinus Torvalds authored
Pull networking fixes from Jakub Kicinski: "Networking fixes for 5.10-rc5, including fixes from the WiFi (mac80211), can and bpf (including the strncpy_from_user fix). Current release - regressions: - mac80211: fix memory leak of filtered powersave frames - mac80211: free sta in sta_info_insert_finish() on errors to avoid sleeping in atomic context - netlabel: fix an uninitialized variable warning added in -rc4 Previous release - regressions: - vsock: forward all packets to the host when no H2G is registered, un-breaking AWS Nitro Enclaves - net: Exempt multicast addresses from five-second neighbor lifetime requirement, decreasing the chances neighbor tables fill up - net/tls: fix corrupted data in recvmsg - qed: fix ILT configuration of SRC block - can: m_can: process interrupt only when not runtime suspended Previous release - always broken: - page_frag: Recover from memory pressure by not recycling pages allocating from the reserves - strncpy_from_user: Mask out bytes after NUL terminator - ip_tunnels: Set tunnel option flag only when tunnel metadata is present, always setting it confuses Open vSwitch - bpf, sockmap: - Fix partial copy_page_to_iter so progress can still be made - Fix socket memory accounting and obeying SO_RCVBUF - net: Have netpoll bring-up DSA management interface - net: bridge: add missing counters to ndo_get_stats64 callback - tcp: brr: only postpone PROBE_RTT if RTT is < current min_rtt - enetc: Workaround MDIO register access HW bug - net/ncsi: move netlink family registration to a subsystem init, instead of tying it to driver probe - net: ftgmac100: unregister NC-SI when removing driver to avoid crash - lan743x: - prevent interrupt storm on open - fix freeing skbs in the wrong context - net/mlx5e: Fix socket refcount leak on kTLS RX resync - net: dsa: mv88e6xxx: Avoid VLAN database corruption on 6097 - fix 21 unset return codes and other mistakes on error paths, mostly detected by the Hulk Robot" * tag 'net-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (115 commits) fail_function: Remove a redundant mutex unlock selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL lib/strncpy_from_user.c: Mask out bytes after NUL terminator. net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() net/smc: fix matching of existing link groups ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 module libbpf: Fix VERSIONED_SYM_COUNT number parsing net/mlx4_core: Fix init_hca fields offset atm: nicstar: Unmap DMA on send error page_frag: Recover from memory pressure net: dsa: mv88e6xxx: Wait for EEPROM done after HW reset mlxsw: core: Use variable timeout for EMAD retries mlxsw: Fix firmware flashing net: Have netpoll bring-up DSA management interface atl1e: fix error return code in atl1e_probe() atl1c: fix error return code in atl1c_probe() ah6: fix error return code in ah6_input() net: usb: qmi_wwan: Set DTR quirk for MR400 can: m_can: process interrupt only when not runtime suspended can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery ... -
git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdmaLinus Torvalds authored
Pull rdma fixes from Jason Gunthorpe: "The last two weeks have been quiet here, just the usual smattering of long standing bug fixes. A collection of error case bug fixes: - Improper nesting of spinlock types in cm - Missing error codes and kfree() - Ensure dma_virt_ops users have the right kconfig symbols to work properly - Compilation failure of tools/testing" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: tools/testing/scatterlist: Fix test to compile and run IB/hfi1: Fix error return code in hfi1_init_dd() RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() RDMA/cm: Make the local_id_table xarray non-irq -
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfJakub Kicinski authored
Alexei Starovoitov says: ==================== 1) libbpf should not attempt to load unused subprogs, from Andrii. 2) Make strncpy_from_user() mask out bytes after NUL terminator, from Daniel. 3) Relax return code check for subprograms in the BPF verifier, from Dmitrii. 4) Fix several sockmap issues, from John. * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf: fail_function: Remove a redundant mutex unlock selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL lib/strncpy_from_user.c: Mask out bytes after NUL terminator. libbpf: Fix VERSIONED_SYM_COUNT number parsing bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list bpf, sockmap: Handle memory acct if skb_verdict prog redirects to self bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self bpf, sockmap: Use truesize with sk_rmem_schedule() bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made selftests/bpf: Fix error return code in run_getsockopt_test() bpf: Relax return code check for subprograms tools, bpftool: Add missing close before bpftool net attach exit MAINTAINERS/bpf: Update Andrii's entry. selftests/bpf: Fix unused attribute usage in subprogs_unused test bpf: Fix unsigned 'datasec_id' compared with zero in check_pseudo_btf_id bpf: Fix passing zero to PTR_ERR() in bpf_btf_printf_prepare libbpf: Don't attempt to load unused subprog as an entry-point BPF program ==================== Link: https://lore.kernel.org/r/20201119200721.288-1-alexei.starovoitov@gmail.comSigned-off-by:
-
Luo Meng authored
Fix a mutex_unlock() issue where before copy_from_user() is not called mutex_locked. Fixes: 4b1a29a7 ("error-injection: Support fault injection framework") Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
Luo Meng <luomeng12@huawei.com> Signed-off-by:
Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
-
Alexei Starovoitov authored
Daniel Xu says: ==================== 6ae08ae3 ("bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers") introduced a subtle bug where bpf_probe_read_user_str() would potentially copy a few extra bytes after the NUL terminator. This issue is particularly nefarious when strings are used as map keys, as seemingly identical strings can occupy multiple entries in a map. This patchset fixes the issue and introduces a selftest to prevent future regressions. v6 -> v7: * Add comments v5 -> v6: * zero-pad up to sizeof(unsigned long) after NUL v4 -> v5: * don't read potentially uninitialized memory v3 -> v4: * directly pass userspace pointer to prog * test more strings of different length v2 -> v3: * set pid filter before attaching prog in selftest * use long instead of int as bpf_probe_read_user_str() retval * style changes v1 -> v2: * add Fixes: tag * add selftest ==================== Signed-off-by:
-
Daniel Xu authored
Previously, bpf_probe_read_user_str() could potentially overcopy the trailing bytes after the NUL due to how do_strncpy_from_user() does the copy in long-sized strides. The issue has been fixed in the previous commit. This commit adds a selftest that ensures we don't regress bpf_probe_read_user_str() again. Signed-off-by:
Daniel Xu <dxu@dxuuu.xyz> Signed-off-by:
Song Liu <songliubraving@fb.com> Acked-by:
Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/4d977508fab4ec5b7b574b85bdf8b398868b6ee9.1605642949.git.dxu@dxuuu.xyz
-
Daniel Xu authored
do_strncpy_from_user() may copy some extra bytes after the NUL terminator into the destination buffer. This usually does not matter for normal string operations. However, when BPF programs key BPF maps with strings, this matters a lot. A BPF program may read strings from user memory by calling the bpf_probe_read_user_str() helper which eventually calls do_strncpy_from_user(). The program can then key a map with the destination buffer. BPF map keys are fixed-width and string-agnostic, meaning that map keys are treated as a set of bytes. The issue is when do_strncpy_from_user() overcopies bytes after the NUL terminator, it can result in seemingly identical strings occupying multiple slots in a BPF map. This behavior is subtle and totally unexpected by the user. This commit masks out the bytes following the NUL while preserving long-sized stride in the fast path. Fixes: 6ae08ae3 ("bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers") Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc fixes from Michael Ellerman: "Fixes for CVE-2020-4788. From Daniel's cover letter: IBM Power9 processors can speculatively operate on data in the L1 cache before it has been completely validated, via a way-prediction mechanism. It is not possible for an attacker to determine the contents of impermissible memory using this method, since these systems implement a combination of hardware and software security measures to prevent scenarios where protected data could be leaked. However these measures don't address the scenario where an attacker induces the operating system to speculatively execute instructions using data that the attacker controls. This can be used for example to speculatively bypass "kernel user access prevention" techniques, as discovered by Anthony Steinhauser of Google's Safeside Project. This is not an attack by itself, but there is a possibility it could be used in conjunction with side-channels or other weaknesses in the privileged code to construct an attack. This issue can be mitigated by flushing the L1 cache between privilege boundaries of concern. This patch series flushes the L1 cache on kernel entry (patch 2) and after the kernel performs any user accesses (patch 3). It also adds a self-test and performs some related cleanups" * tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations selftests/powerpc: refactor entry and rfi_flush tests selftests/powerpc: entry flush test powerpc: Only include kup-radix.h for 64-bit Book3S powerpc/64s: flush L1D after user accesses powerpc/64s: flush L1D on kernel entry selftests/powerpc: rfi_flush: disable entry flush if present
-
git://github.com/jcmvbkbc/linux-xtensaLinus Torvalds authored
Pull xtensa fixes from Max Filippov: - fix placement of cache alias remapping area - disable preemption around cache alias management calls - add missing __user annotation to strncpy_from_user argument * tag 'xtensa-20201119' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: uaccess: Add missing __user to strncpy_from_user() prototype xtensa: disable preemption around cache alias management calls xtensa: fix TLBTEMP area placement
-
