- 09 Aug, 2014 6 commits
-
-
Michael Ellerman authored
I pointed some folks at this and they wondered why it wasn't in the kernel Documentation directory. So now it is. Signed-off-by:
Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.infradead.org/linux-mtdLinus Torvalds authored
Pull MTD updates from Brian Norris: "AMD-compatible CFI driver: - Support OTP programming for Micron M29EW family - Increase buffer write timeout, according to detected flash parameter info NAND - Add helpers for retrieving ONFI timing modes - GPMI: provide option to disable bad block marker swapping (required for Ka-On electronics platforms) SPI NOR - EON EN25QH128 support - Support new Flag Status Register (FSR) on a few Micron flash Common - New sysfs entries for bad block and ECC stats And a few miscellaneous refactorings, cleanups, and driver improvements" * tag 'for-linus-20140808' of git://git.infradead.org/linux-mtd: (31 commits) mtd: gpmi: make blockmark swapping optional mtd: gpmi: remove line breaks from error messages and improve wording mtd: gpmi: remove useless (void *) type casts and spaces between type casts and variables mtd: atmel_nand: NFC: support multiple interrupt handling mtd: atmel_nand: implement the nfc_device_ready() by checking the R/B bit mtd: atmel_nand: add NFC status error check mtd: atmel_nand: make ecc parameters same as definition mtd: nand: add ONFI timing mode to nand_timings converter mtd: nand: define struct nand_timings mtd: cfi_cmdset_0002: fix do_write_buffer() timeout error mtd: denali: use 8 bytes for READID command mtd/ftl: fix the double free of the buffers allocated in build_maps() mtd: phram: Fix whitespace issues mtd: spi-nor: add support for EON EN25QH128 mtd: cfi_cmdset_0002: Add support for locking OTP memory mtd: cfi_cmdset_0002: Add support for writing OTP memory mtd: cfi_cmdset_0002: Invalidate cache after entering/exiting OTP memory mtd: cfi_cmdset_0002: Add support for reading OTP mtd: spi-nor: add support for flag status register on Micron chips mtd: Account for BBT blocks when a partition is being allocated ... -
git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linuxLinus Torvalds authored
Pull fbdev updates from Tomi Valkeinen: - much better HDMI infoframe support for OMAP - Cirrus Logic CLPS711X framebuffer driver - DT support for PL11x CLCD driver - various small fixes * tag 'fbdev-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: (35 commits) OMAPDSS: DSI: fix depopulating dsi peripherals video: hyperv: hyperv_fb: refresh the VM screen by force on VM panic video: ARM CLCD: Fix DT-related build problems drivers: video: fbdev: atmel_lcdfb.c: Add ability to inverted backlight PWM. video: ARM CLCD: Add DT support drm/omap: Add infoframe & dvi/hdmi mode support OMAPDSS: HDMI: remove the unused code OMAPDSS: HDMI5: add support to set infoframe & HDMI mode OMAPDSS: HDMI4: add support to set infoframe & HDMI mode OMAPDSS: HDMI: add infoframe and hdmi_dvi_mode fields OMAPDSS: add hdmi ops to hdmi-connector and tpd12s015 OMAPDSS: add hdmi ops to hdmi_ops and omap_dss_driver OMAPDSS: HDMI: remove custom avi infoframe OMAPDSS: HDMI5: use common AVI infoframe support OMAPDSS: HDMI4: use common AVI infoframe support OMAPDSS: Kconfig: select HDMI OMAPDSS: HDMI: fix name conflict OMAPDSS: DISPC: clean up dispc_mgr_timings_ok OMAPDSS: DISPC: reject interlace for lcd out OMAPDSS: DISPC: fix debugfs reg dump ...
-
Linus Torvalds authored
Merge tag 'pwm/for-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm changes from Thierry Reding: "The set of changes for this merge window contains two new drivers: one for Rockchip SoCs and another for STMicroelectronics STiH4xx SoCs. The remainder of the changes are the usual small cleanups such as removing redundant OOM messages, signalling that a PWM chip's operations can sleep and removing an unneeded dependency" * tag 'pwm/for-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: rockchip: Added to support for RK3288 SoC pwm: rockchip: document RK3288 SoC compatible pwm: sti: Remove PWM period table pwm: sti: Sync between enable/disable calls pwm: sti: Ensure same period values for all channels pwm: sti: Fix PWM prescaler handling pwm: sti: Supply Device Tree binding documentation for ST's PWM IP pwm: sti: Add new driver for ST's PWM IP pwm: imx: set can_sleep flag for imx_pwm pwm: lpss: remove dependency on clk framework pwm: pwm-tipwmss: remove unnecessary OOM messages pwm: rockchip: document device tree bindings pwm: add Rockchip SoC PWM support
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpioLinus Torvalds authored
Pull GPIO update from Linus Walleij: "This is the bulk of GPIO changes for the v3.17 development cycle, and this time we got a lot of action going on and it will continue: - The core GPIO library implementation has been split up in three different files: - gpiolib.c for the latest and greatest and shiny GPIO library code using GPIO descriptors only - gpiolib-legacy.c for the old integer number space API that we are phasing out gradually - gpiolib-sysfs.c for the sysfs interface that we are not entirely happy with, but has to live on for ABI compatibility - Add a flags argument to *gpiod_get* functions, with some backward-compatibility macros to ease transitions. We should have had the flags there from the beginning it seems, now we need to clean up the mess. There is a plan on how to move forward here devised by Alexandre Courbot and Mark Brown - Split off a special <linux/gpio/machine.h> header for the board gpio table registration, as per example from the regulator subsystem - Start to kill off the return value from gpiochip_remove() by removing the __must_check attribute and removing all checks inside the drivers/gpio directory. The rationale is: well what were we supposed to do if there is an error code? Not much: print an error message. And gpiolib already does that. So make this function return void eventually - Some cleanups of hairy gpiolib code, make some functions not to be used outside the library private and make sure they are not exported, remove gpiod_lock/unlock_as_irq() as the existing function is for driver-internal use and fine as it is, delete gpio_ensure_requested() as it is not meaningful anymore - Support the GPIOF_ACTIVE_LOW flag from gpio_request_one() function calls, which is logical since this is already supported when referencing GPIOs from e.g. device trees - Switch STMPE, intel-mid, lynxpoint and ACPI (!) to use the gpiolib irqchip helpers cutting down on GPIO irqchip boilerplate a bit more - New driver for the Zynq GPIO block - The usual incremental improvements around a bunch of drivers - Janitorial syntactic and semantic cleanups by Jingoo Han, and Rickard Strandqvist especially" * tag 'gpio-v3.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (37 commits) MAINTAINERS: update GPIO include files gpio: add missing includes in machine.h gpio: add flags argument to gpiod_get*() functions MAINTAINERS: Update Samsung pin control entry gpio / ACPI: Move event handling registration to gpiolib irqchip helpers gpio: lynxpoint: Convert to use gpiolib irqchip gpio: split gpiod board registration into machine header gpio: remove gpio_ensure_requested() gpio: remove useless check in gpiolib_sysfs_init() gpiolib: Export gpiochip_request_own_desc and gpiochip_free_own_desc gpio: move gpio_ensure_requested() into legacy C file gpio: remove gpiod_lock/unlock_as_irq() gpio: make gpiochip_get_desc() gpiolib-private gpio: simplify gpiochip_export() gpio: remove export of private of_get_named_gpio_flags() gpio: Add support for GPIOF_ACTIVE_LOW to gpio_request_one functions gpio: zynq: Clear pending interrupt when enabling a IRQ gpio: drop retval check enforcing from gpiochip_remove() gpio: remove all usage of gpio_remove retval in driver/gpio devicetree: Add Zynq GPIO devicetree bindings documentation ... -
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input updates from Dmitry Torokhov: - big update to Wacom driver by Benjamin Tissoires, converting it to HID infrastructure and unifying USB and Bluetooth models - large update to ALPS driver by Hans de Goede, which adds support for newer touchpad models as well as cleans up and restructures the code - more changes to Atmel MXT driver, including device tree support - new driver for iPaq x3xxx touchscreen - driver for serial Wacom tablets - driver for Microchip's CAP1106 - assorted cleanups and improvements to existing drover and input core * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (93 commits) Input: wacom - update the ABI doc according to latest changes Input: wacom - only register once the MODULE_* macros Input: HID - remove hid-wacom Bluetooth driver Input: wacom - add copyright note and bump version to 2.0 Input: wacom - remove passing id for wacom_set_report Input: wacom - check for bluetooth protocol while setting OLEDs Input: wacom - handle Intuos 4 BT in wacom.ko Input: wacom - handle Graphire BT tablets in wacom.ko Input: wacom - prepare the driver to include BT devices Input: hyperv-keyboard - register as a wakeup source Input: imx_keypad - remove ifdef round PM methods Input: jornada720_ts - get rid of space indentation and use tab Input: jornada720_ts - switch to using managed resources Input: alps - Rushmore and v7 resolution support Input: mcs5000_ts - remove ifdef around power management methods Input: mcs5000_ts - protect PM functions with CONFIG_PM_SLEEP Input: ads7846 - release resources on failure for clean exit Input: wacom - add support for 0x12C ISDv4 sensor Input: atmel_mxt_ts - use deep sleep mode when stopped ARM: dts: am437x-gp-evm: Update binding for touchscreen size ...
-
- 08 Aug, 2014 34 commits
-
-
Linus Torvalds authored
Merge more incoming from Andrew Morton: "Two new syscalls: memfd_create in "shm: add memfd_create() syscall" kexec_file_load in "kexec: implementation of new syscall kexec_file_load" And: - Most (all?) of the rest of MM - Lots of the usual misc bits - fs/autofs4 - drivers/rtc - fs/nilfs - procfs - fork.c, exec.c - more in lib/ - rapidio - Janitorial work in filesystems: fs/ufs, fs/reiserfs, fs/adfs, fs/cramfs, fs/romfs, fs/qnx6. - initrd/initramfs work - "file sealing" and the memfd_create() syscall, in tmpfs - add pci_zalloc_consistent, use it in lots of places - MAINTAINERS maintenance - kexec feature work" * emailed patches from Andrew Morton <akpm@linux-foundation.org: (193 commits) MAINTAINERS: update nomadik patterns MAINTAINERS: update usb/gadget patterns MAINTAINERS: update DMA BUFFER SHARING patterns kexec: verify the signature of signed PE bzImage kexec: support kexec/kdump on EFI systems kexec: support for kexec on panic using new system call kexec-bzImage64: support for loading bzImage using 64bit entry kexec: load and relocate purgatory at kernel load time purgatory: core purgatory functionality purgatory/sha256: provide implementation of sha256 in purgaotory context kexec: implementation of new syscall kexec_file_load kexec: new syscall kexec_file_load() declaration kexec: make kexec_segment user buffer pointer a union resource: provide new functions to walk through resources kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc() kexec: move segment verification code in a separate function kexec: rename unusebale_pages to unusable_pages kernel: build bin2c based on config option CONFIG_BUILD_BIN2C bin2c: move bin2c in scripts/basic shm: wait for pins to be released when sealing ... -
Joe Perches authored
Commit 3a198059 ("pinctrl: nomadik: move all Nomadik drivers to subdir") move the files, update the patterns Signed-off-by:
Joe Perches <joe@perches.com> Cc: Linus Walleij <linus.walleij@linaro.org> Cc: Alessandro Rubini <rubini@unipv.it> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Joe Perches authored
Several commits have moved files around, update the section patterns. Signed-off-by:
Laurent Pinchart <laurent.pinchart@ideasonboard.com> Cc: Andrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by:
-
Joe Perches authored
One pattern per F: line please... Signed-off-by:
Sumit Semwal <sumit.semwal@linaro.org> Signed-off-by:
-
Vivek Goyal authored
This is the final piece of the puzzle of verifying kernel image signature during kexec_file_load() syscall. This patch calls into PE file routines to verify signature of bzImage. If signature are valid, kexec_file_load() succeeds otherwise it fails. Two new config options have been introduced. First one is CONFIG_KEXEC_VERIFY_SIG. This option enforces that kernel has to be validly signed otherwise kernel load will fail. If this option is not set, no signature verification will be done. Only exception will be when secureboot is enabled. In that case signature verification should be automatically enforced when secureboot is enabled. But that will happen when secureboot patches are merged. Second config option is CONFIG_KEXEC_BZIMAGE_VERIFY_SIG. This option enables signature verification support on bzImage. If this option is not set and previous one is set, kernel image loading will fail because kernel does not have support to verify signature of bzImage. I tested these patches with both "pesign" and "sbsign" signed bzImages. I used signing_key.priv key and signing_key.x509 cert for signing as generated during kernel build process (if module signing is enabled). Used following method to sign bzImage. pesign ====== - Convert DER format cert to PEM format cert openssl x509 -in signing_key.x509 -inform DER -out signing_key.x509.PEM -outform PEM - Generate a .p12 file from existing cert and private key file openssl pkcs12 -export -out kernel-key.p12 -inkey signing_key.priv -in signing_key.x509.PEM - Import .p12 file into pesign db pk12util -i /tmp/kernel-key.p12 -d /etc/pki/pesign - Sign bzImage pesign -i /boot/vmlinuz-3.16.0-rc3+ -o /boot/vmlinuz-3.16.0-rc3+.signed.pesign -c "Glacier signing key - Magrathea" -s sbsign ====== sbsign --key signing_key.priv --cert signing_key.x509.PEM --output /boot/vmlinuz-3.16.0-rc3+.signed.sbsign /boot/vmlinuz-3.16.0-rc3+ Patch details: Well all the hard work is done in previous patches. Now bzImage loader has just call into that code and verify whether bzImage signature are valid or not. Also create two config options. First one is CONFIG_KEXEC_VERIFY_SIG. This option enforces that kernel has to be validly signed otherwise kernel load will fail. If this option is not set, no signature verification will be done. Only exception will be when secureboot is enabled. In that case signature verification should be automatically enforced when secureboot is enabled. But that will happen when secureboot patches are merged. Second config option is CONFIG_KEXEC_BZIMAGE_VERIFY_SIG. This option enables signature verification support on bzImage. If this option is not set and previous one is set, kernel image loading will fail because kernel does not have support to verify signature of bzImage. Signed-off-by:
Vivek Goyal <vgoyal@redhat.com> Cc: Borislav Petkov <bp@suse.de> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Yinghai Lu <yinghai@kernel.org> Cc: Eric Biederman <ebiederm@xmission.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Matthew Garrett <mjg59@srcf.ucam.org> Cc: Greg Kroah-Hartman <greg@kroah.com> Cc: Dave Young <dyoung@redhat.com> Cc: WANG Chao <chaowang@redhat.com> Cc: Baoquan He <bhe@redhat.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Matt Fleming <matt@console-pimps.org> Cc: David Howells <dhowells@redhat.com> Signed-off-by:
-
Vivek Goyal authored
This patch does two things. It passes EFI run time mappings to second kernel in bootparams efi_info. Second kernel parse this info and create new mappings in second kernel. That means mappings in first and second kernel will be same. This paves the way to enable EFI in kexec kernel. This patch also prepares and passes EFI setup data through bootparams. This contains bunch of information about various tables and their addresses. These information gathering and passing has been written along the lines of what current kexec-tools is doing to make kexec work with UEFI. [akpm@linux-foundation.org: s/get_efi/efi_get/g, per Matt] Signed-off-by:
-
Vivek Goyal authored
This patch adds support for loading a kexec on panic (kdump) kernel usning new system call. It prepares ELF headers for memory areas to be dumped and for saved cpu registers. Also prepares the memory map for second kernel and limits its boot to reserved areas only. Signed-off-by:
-
Vivek Goyal authored
This is loader specific code which can load bzImage and set it up for 64bit entry. This does not take care of 32bit entry or real mode entry. 32bit mode entry can be implemented if somebody needs it. Signed-off-by:
-
Vivek Goyal authored
Load purgatory code in RAM and relocate it based on the location. Relocation code has been inspired by module relocation code and purgatory relocation code in kexec-tools. Also compute the checksums of loaded kexec segments and store them in purgatory. Arch independent code provides this functionality so that arch dependent bootloaders can make use of it. Helper functions are provided to get/set symbol values in purgatory which are used by bootloaders later to set things like stack and entry point of second kernel etc. Signed-off-by:
-
Vivek Goyal authored
Create a stand alone relocatable object purgatory which runs between two kernels. This name, concept and some code has been taken from kexec-tools. Idea is that this code runs after a crash and it runs in minimal environment. So keep it separate from rest of the kernel and in long term we will have to practically do no maintenance of this code. This code also has the logic to do verify sha256 hashes of various segments which have been loaded into memory. So first we verify that the kernel we are jumping to is fine and has not been corrupted and make progress only if checsums are verified. This code also takes care of copying some memory contents to backup region. [sfr@canb.auug.org.au: run host built programs from objtree] Signed-off-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
-
Vivek Goyal authored
Next two patches provide code for purgatory. This is a code which does not link against the kernel and runs stand alone. This code runs between two kernels. One of the primary purpose of this code is to verify the digest of newly loaded kernel and making sure it matches the digest computed at kernel load time. We use sha256 for calculating digest of kexec segmetns. Purgatory can't use stanard crypto API as that API is not available in purgatory context. Hence, I have copied code from crypto/sha256_generic.c and compiled it with purgaotry code so that it could be used. I could not #include sha256_generic.c file here as some of the function signature requiered little tweaking. Original functions work with crypto API but these ones don't So instead of doing #include on sha256_generic.c I just copied relevant portions of code into arch/x86/purgatory/sha256.c. Now we shouldn't have to touch this code at all. Do let me know if there are better ways to handle it. This patch does not enable compiling of this code. That happens in next patch. I wanted to highlight this change in a separate patch for easy review. Signed-off-by:
-
Vivek Goyal authored
Previous patch provided the interface definition and this patch prvides implementation of new syscall. Previously segment list was prepared in user space. Now user space just passes kernel fd, initrd fd and command line and kernel will create a segment list internally. This patch contains generic part of the code. Actual segment preparation and loading is done by arch and image specific loader. Which comes in next patch. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by:
-
Vivek Goyal authored
This is the new syscall kexec_file_load() declaration/interface. I have reserved the syscall number only for x86_64 so far. Other architectures (including i386) can reserve syscall number when they enable the support for this new syscall. Signed-off-by:
-
Vivek Goyal authored
So far kexec_segment->buf was always a user space pointer as user space passed the array of kexec_segment structures and kernel copied it. But with new system call, list of kexec segments will be prepared by kernel and kexec_segment->buf will point to a kernel memory. So while I was adding code where I made assumption that ->buf is pointing to kernel memory, sparse started giving warning. Make ->buf a union. And where a user space pointer is expected, access it using ->buf and where a kernel space pointer is expected, access it using ->kbuf. That takes care of sparse warnings. Signed-off-by:
-
Vivek Goyal authored
I have added two more functions to walk through resources. Currently walk_system_ram_range() deals with pfn and /proc/iomem can contain partial pages. By dealing in pfn, callback function loses the info that last page of a memory range is a partial page and not the full page. So I implemented walk_system_ram_res() which returns u64 values to callback functions and now it properly return start and end address. walk_system_ram_range() uses find_next_system_ram() to find the next ram resource. This in turn only travels through siblings of top level child and does not travers through all the nodes of the resoruce tree. I also need another function where I can walk through all the resources, for example figure out where "GART" aperture is. Figure out where ACPI memory is. So I wrote another function walk_iomem_res() which walks through all /proc/iomem resources and returns matches as asked by caller. Caller can specify "name" of resource, start and end and flags. Got rid of find_next_system_ram_res() and instead implemented more generic find_next_iomem_res() which can be used to traverse top level children only based on an argument. Signed-off-by:
-
Vivek Goyal authored
kimage_normal_alloc() and kimage_crash_alloc() are doing lot of similar things and differ only little. So instead of having two separate functions create a common function kimage_alloc_init() and pass it the "flags" argument which tells whether it is normal kexec or kexec_on_panic. And this function should be able to deal with both the cases. This consolidation also helps later where we can use a common function kimage_file_alloc_init() to handle normal and crash cases for new file based kexec syscall. Signed-off-by:
-
Vivek Goyal authored
Previously do_kimage_alloc() will allocate a kimage structure, copy segment list from user space and then do the segment list sanity verification. Break down this function in 3 parts. do_kimage_alloc_init() to do actual allocation and basic initialization of kimage structure. copy_user_segment_list() to copy segment list from user space and sanity_check_segment_list() to verify the sanity of segment list as passed by user space. In later patches, I need to only allocate kimage and not copy segment list from user space. So breaking down in smaller functions enables re-use of code at other places. Signed-off-by:
-
Vivek Goyal authored
Let's use the more common "unusable". This patch was originally written and posted by Boris. I am including it in this patch series. Signed-off-by:
Borislav Petkov <bp@suse.de> Signed-off-by:
-
Vivek Goyal authored
currently bin2c builds only if CONFIG_IKCONFIG=y. But bin2c will now be used by kexec too. So make it compilation dependent on CONFIG_BUILD_BIN2C and this config option can be selected by CONFIG_KEXEC and CONFIG_IKCONFIG. Signed-off-by:
-
Vivek Goyal authored
This patch series does not do kernel signature verification yet. I plan to post another patch series for that. Now distributions are already signing PE/COFF bzImage with PKCS7 signature I plan to parse and verify those signatures. Primary goal of this patchset is to prepare groundwork so that kernel image can be signed and signatures be verified during kexec load. This should help with two things. - It should allow kexec/kdump on secureboot enabled machines. - In general it can help even without secureboot. By being able to verify kernel image signature in kexec, it should help with avoiding module signing restrictions. Matthew Garret showed how to boot into a custom kernel, modify first kernel's memory and then jump back to old kernel and bypass any policy one wants to. This patch (of 15): Kexec wants to use bin2c and it wants to use it really early in the build process. See arch/x86/purgatory/ code in later patches. So move bin2c in scripts/basic so that it can be built very early and be usable by arch/x86/purgatory/ Signed-off-by:
-
David Herrmann authored
If we set SEAL_WRITE on a file, we must make sure there cannot be any ongoing write-operations on the file. For write() calls, we simply lock the inode mutex, for mmap() we simply verify there're no writable mappings. However, there might be pages pinned by AIO, Direct-IO and similar operations via GUP. We must make sure those do not write to the memfd file after we set SEAL_WRITE. As there is no way to notify GUP users to drop pages or to wait for them to be done, we implement the wait ourself: When setting SEAL_WRITE, we check all pages for their ref-count. If it's bigger than 1, we know there's some user of the page. We then mark the page and wait for up to 150ms for those ref-counts to be dropped. If the ref-counts are not dropped in time, we refuse the seal operation. Signed-off-by:
David Herrmann <dh.herrmann@gmail.com> Acked-by:
Hugh Dickins <hughd@google.com> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Ryan Lortie <desrt@desrt.ca> Cc: Lennart Poettering <lennart@poettering.net> Cc: Daniel Mack <zonque@gmail.com> Cc: Andy Lutomirski <luto@amacapital.net> Signed-off-by:
-
David Herrmann authored
Setting SEAL_WRITE is not possible if there're pending GUP users. This commit adds selftests for memfd+sealing that use FUSE to create pending page-references. FUSE is very helpful here in that it allows us to delay direct-IO operations for an arbitrary amount of time. This way, we can force the kernel to pin pages and then run our normal selftests. Signed-off-by:
-
David Herrmann authored
Some basic tests to verify sealing on memfds works as expected and guarantees the advertised semantics. Signed-off-by:
-
David Herrmann authored
memfd_create() is similar to mmap(MAP_ANON), but returns a file-descriptor that you can pass to mmap(). It can support sealing and avoids any connection to user-visible mount-points. Thus, it's not subject to quotas on mounted file-systems, but can be used like malloc()'ed memory, but with a file-descriptor to it. memfd_create() returns the raw shmem file, so calls like ftruncate() can be used to modify the underlying inode. Also calls like fstat() will return proper information and mark the file as regular file. If you want sealing, you can specify MFD_ALLOW_SEALING. Otherwise, sealing is not supported (like on all other regular files). Compared to O_TMPFILE, it does not require a tmpfs mount-point and is not subject to a filesystem size limit. It is still properly accounted to memcg limits, though, and to the same overcommit or no-overcommit accounting as all user memory. Signed-off-by:
-
David Herrmann authored
If two processes share a common memory region, they usually want some guarantees to allow safe access. This often includes: - one side cannot overwrite data while the other reads it - one side cannot shrink the buffer while the other accesses it - one side cannot grow the buffer beyond previously set boundaries If there is a trust-relationship between both parties, there is no need for policy enforcement. However, if there's no trust relationship (eg., for general-purpose IPC) sharing memory-regions is highly fragile and often not possible without local copies. Look at the following two use-cases: 1) A graphics client wants to share its rendering-buffer with a graphics-server. The memory-region is allocated by the client for read/write access and a second FD is passed to the server. While scanning out from the memory region, the server has no guarantee that the client doesn't shrink the buffer at any time, requiring rather cumbersome SIGBUS handling. 2) A process wants to perform an RPC on another process. To avoid huge bandwidth consumption, zero-copy is preferred. After a message is assembled in-memory and a FD is passed to the remote side, both sides want to be sure that neither modifies this shared copy, anymore. The source may have put sensible data into the message without a separate copy and the target may want to parse the message inline, to avoid a local copy. While SIGBUS handling, POSIX mandatory locking and MAP_DENYWRITE provide ways to achieve most of this, the first one is unproportionally ugly to use in libraries and the latter two are broken/racy or even disabled due to denial of service attacks. This patch introduces the concept of SEALING. If you seal a file, a specific set of operations is blocked on that file forever. Unlike locks, seals can only be set, never removed. Hence, once you verified a specific set of seals is set, you're guaranteed that no-one can perform the blocked operations on this file, anymore. An initial set of SEALS is introduced by this patch: - SHRINK: If SEAL_SHRINK is set, the file in question cannot be reduced in size. This affects ftruncate() and open(O_TRUNC). - GROW: If SEAL_GROW is set, the file in question cannot be increased in size. This affects ftruncate(), fallocate() and write(). - WRITE: If SEAL_WRITE is set, no write operations (besides resizing) are possible. This affects fallocate(PUNCH_HOLE), mmap() and write(). - SEAL: If SEAL_SEAL is set, no further seals can be added to a file. This basically prevents the F_ADD_SEAL operation on a file and can be set to prevent others from adding further seals that you don't want. The described use-cases can easily use these seals to provide safe use without any trust-relationship: 1) The graphics server can verify that a passed file-descriptor has SEAL_SHRINK set. This allows safe scanout, while the client is allowed to increase buffer size for window-resizing on-the-fly. Concurrent writes are explicitly allowed. 2) For general-purpose IPC, both processes can verify that SEAL_SHRINK, SEAL_GROW and SEAL_WRITE are set. This guarantees that neither process can modify the data while the other side parses it. Furthermore, it guarantees that even with writable FDs passed to the peer, it cannot increase the size to hit memory-limits of the source process (in case the file-storage is accounted to the source). The new API is an extension to fcntl(), adding two new commands: F_GET_SEALS: Return a bitset describing the seals on the file. This can be called on any FD if the underlying file supports sealing. F_ADD_SEALS: Change the seals of a given file. This requires WRITE access to the file and F_SEAL_SEAL may not already be set. Furthermore, the underlying file must support sealing and there may not be any existing shared mapping of that file. Otherwise, EBADF/EPERM is returned. The given seals are _added_ to the existing set of seals on the file. You cannot remove seals again. The fcntl() handler is currently specific to shmem and disabled on all files. A file needs to explicitly support sealing for this interface to work. A separate syscall is added in a follow-up, which creates files that support sealing. There is no intention to support this on other file-systems. Semantics are unclear for non-volatile files and we lack any use-case right now. Therefore, the implementation is specific to shmem. Signed-off-by: -
David Herrmann authored
This patch (of 6): The i_mmap_writable field counts existing writable mappings of an address_space. To allow drivers to prevent new writable mappings, make this counter signed and prevent new writable mappings if it is negative. This is modelled after i_writecount and DENYWRITE. This will be required by the shmem-sealing infrastructure to prevent any new writable mappings after the WRITE seal has been set. In case there exists a writable mapping, this operation will fail with EBUSY. Note that we rely on the fact that iff you already own a writable mapping, you can increase the counter without using the helpers. This is the same that we do for i_writecount. Signed-off-by:
-
Joe Perches authored
A series of commits by Christoph Hellwig removed all the files in this directory, remove the pattern. Signed-off-by:
-
Joe Perches authored
Commit 87933a68dce6 ("mfd: pm8921: Remove pm8xxx API now that sub-devices use regmap") removed the file, remove the pattern. Signed-off-by:Stephen Boyd <sboyd@codeaurora.org> Signed-off-by:
-
Joe Perches authored
Commit 8dcedd7e87f4 ("UAPI: (Scripted) Disintegrate include/drm") moved the file, remove the pattern. Signed-off-by: -
Joe Perches authored
This never made it into the kernel tree. Remove it. Signed-off-by:
James Hogan <james.hogan@imgtec.com> Signed-off-by:
-
Joe Perches authored
Commit e55f7cd2 ("usb: ohci: remove ep93xx bus glue platform driver") removed the file, remove the section. Signed-off-by:
-
Joe Perches authored
Fix the picoxcell patterns, add the dts directory too. Signed-off-by:
Jamie Iles <jamie@jamieiles.com> Signed-off-by:
-
Joe Perches authored
Use underscore, not dash Signed-off-by:
-
Joe Perches authored
Use dashes not underscores. Signed-off-by:
-
