05 Apr, 2017
1 commit
-
This module tests the module loader's ELF relocation processing
routines. When loaded, it logs output like below.Relocation test:
-------------------------------------------------------
R_AARCH64_ABS64 0xffff880000cccccc pass
R_AARCH64_ABS32 0x00000000f800cccc pass
R_AARCH64_ABS16 0x000000000000f8cc pass
R_AARCH64_MOVW_SABS_Gn 0xffff880000cccccc pass
R_AARCH64_MOVW_UABS_Gn 0xffff880000cccccc pass
R_AARCH64_ADR_PREL_LO21 0xffffff9cf4d1a400 pass
R_AARCH64_PREL64 0xffffff9cf4d1a400 pass
R_AARCH64_PREL32 0xffffff9cf4d1a400 pass
R_AARCH64_PREL16 0xffffff9cf4d1a400 passAcked-by: Will Deacon
Signed-off-by: Ard Biesheuvel
Signed-off-by: Catalin Marinas
23 Feb, 2017
1 commit
-
Pull arm64 updates from Will Deacon:
- Errata workarounds for Qualcomm's Falkor CPU
- Qualcomm L2 Cache PMU driver
- Qualcomm SMCCC firmware quirk
- Support for DEBUG_VIRTUAL
- CPU feature detection for userspace via MRS emulation
- Preliminary work for the Statistical Profiling Extension
- Misc cleanups and non-critical fixes* tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (74 commits)
arm64/kprobes: consistently handle MRS/MSR with XZR
arm64: cpufeature: correctly handle MRS to XZR
arm64: traps: correctly handle MRS/MSR with XZR
arm64: ptrace: add XZR-safe regs accessors
arm64: include asm/assembler.h in entry-ftrace.S
arm64: fix warning about swapper_pg_dir overflow
arm64: Work around Falkor erratum 1003
arm64: head.S: Enable EL1 (host) access to SPE when entered at EL2
arm64: arch_timer: document Hisilicon erratum 161010101
arm64: use is_vmalloc_addr
arm64: use linux/sizes.h for constants
arm64: uaccess: consistently check object sizes
perf: add qcom l2 cache perf events driver
arm64: remove wrong CONFIG_PROC_SYSCTL ifdef
ARM: smccc: Update HVC comment to describe new quirk parameter
arm64: do not trace atomic operations
ACPI/IORT: Fix the error return code in iort_add_smmu_platform_device()
ACPI/IORT: Fix iort_node_get_id() mapping entries indexing
arm64: mm: enable CONFIG_HOLES_IN_ZONE for NUMA
perf: xgene: Include module.h
...
08 Feb, 2017
2 commits
-
Both of these options are poorly named. The features they provide are
necessary for system security and should not be considered debug only.
Change the names to CONFIG_STRICT_KERNEL_RWX and
CONFIG_STRICT_MODULE_RWX to better describe what these options do.Signed-off-by: Laura Abbott
Acked-by: Jessica Yu
Signed-off-by: Kees Cook -
There are multiple architectures that support CONFIG_DEBUG_RODATA and
CONFIG_SET_MODULE_RONX. These options also now have the ability to be
turned off at runtime. Move these to an architecture independent
location and make these options def_bool y for almost all of those
arches.Signed-off-by: Laura Abbott
Acked-by: Ingo Molnar
Acked-by: Heiko Carstens
Signed-off-by: Kees Cook
03 Feb, 2017
1 commit
-
When building with debugging symbols, take the absolute path to the
vmlinux binary and add it to the special PE/COFF debug table entry.
This allows a debug EFI build to find the vmlinux binary, which is
very helpful in debugging, given that the offset where the Image is
first loaded by EFI is highly unpredictable.On implementations of UEFI that choose to implement it, this
information is exposed via the EFI debug support table, which is a UEFI
configuration table that is accessible both by the firmware at boot time
and by the OS at runtime, and lists all PE/COFF images loaded by the
system.The format of the NB10 Codeview entry is based on the definition used
by EDK2, which is our primary reference when it comes to the use of
PE/COFF in the context of UEFI firmware.Signed-off-by: Ard Biesheuvel
[will: use realpath instead of shell invocation, as discussed on list]
Signed-off-by: Will Deacon
08 Nov, 2016
2 commits
-
Page mappings with full RWX permissions are a security risk. x86
has an option to walk the page tables and dump any bad pages.
(See e1a58320a38d ("x86/mm: Warn on W^X mappings")). Add a similar
implementation for arm64.Reviewed-by: Kees Cook
Reviewed-by: Mark Rutland
Tested-by: Mark Rutland
Signed-off-by: Laura Abbott
Reviewed-by: Ard Biesheuvel
[catalin.marinas@arm.com: folded fix for KASan out of bounds from Mark Rutland]
Signed-off-by: Catalin Marinas -
ptdump_register currently initializes a set of page table information and
registers debugfs. There are uses for the ptdump option without wanting the
debugfs options. Split this out to make it a separate option.Reviewed-by: Ard Biesheuvel
Reviewed-by: Kees Cook
Reviewed-by: Mark Rutland
Tested-by: Mark Rutland
Signed-off-by: Laura Abbott
Signed-off-by: Catalin Marinas
26 Aug, 2016
1 commit
-
Follow the example set by x86 in commit 9ccaf77cf05915f5 ("x86/mm:
Always enable CONFIG_DEBUG_RODATA and remove the Kconfig option"), and
make these protections a fundamental security feature rather than an
opt-in. This also results in a minor code simplification.For those rare cases when users wish to disable this protection (e.g.
for debugging), this can be done by passing 'rodata=off' on the command
line.As DEBUG_RODATA_ALIGN is only intended to address a performance/memory
tradeoff, and does not affect correctness, this is left user-selectable.
DEBUG_MODULE_RONX is also left user-selectable until the core code
provides a boot-time option to disable the protection for debugging
use-cases.Cc: Catalin Marinas
Acked-by: Ard Biesheuvel
Acked-by: Kees Cook
Acked-by: Laura Abbott
Signed-off-by: Mark Rutland
Signed-off-by: Will Deacon
31 May, 2016
1 commit
-
The SET_MODULE_RONX protections are effectively the same as the
DEBUG_RODATA protections we enabled by default back in commit
57efac2f7108e325 ("arm64: enable CONFIG_DEBUG_RODATA by default"). It
seems unusual to have one but not the other.As evidenced by the help text, the rationale appears to be that
SET_MODULE_RONX interacts poorly with tracing and patching, but both of
these make use of the insn framework, which takes SET_MODULE_RONX into
account. Any remaining issues are bugs which should be fixed regardless
of the default state of the option.This patch enables DEBUG_SET_MODULE_RONX by default, and replaces the
help text with a new wording derived from the DEBUG_RODATA help text,
which better describes the functionality. Previously, the DEBUG_RODATA
entry was inconsistently indented with spaces, which are replaced with
tabs as with the other Kconfig entries.Additionally, the wording of recommended defaults is made consistent for
all options. These are placed in a new paragraph, unquoted, as a full
sentence (with a period/full stop) as this appears to be the most common
form per $(git grep 'in doubt').Cc: Catalin Marinas
Cc: Laura Abbott
Acked-by: Kees Cook
Acked-by: Ard Biesheuvel
Signed-off-by: Mark Rutland
Signed-off-by: Will Deacon
15 Apr, 2016
1 commit
-
The mapping of the kernel consist of four segments, each of which is mapped
with different permission attributes and/or lifetimes. To optimize the TLB
and translation table footprint, we define various opaque constants in the
linker script that resolve to different aligment values depending on the
page size and whether CONFIG_DEBUG_ALIGN_RODATA is set.Considering that
- a 4 KB granule kernel benefits from a 64 KB segment alignment (due to
the fact that it allows the use of the contiguous bit),
- the minimum alignment of the .data segment is THREAD_SIZE already, not
PAGE_SIZE (i.e., we already have padding between _data and the start of
the .data payload in many cases),
- 2 MB is a suitable alignment value on all granule sizes, either for
mapping directly (level 2 on 4 KB), or via the contiguous bit (level 3 on
16 KB and 64 KB),
- anything beyond 2 MB exceeds the minimum alignment mandated by the boot
protocol, and can only be mapped efficiently if the physical alignment
happens to be the same,we can simplify this by standardizing on 64 KB (or 2 MB) explicitly, i.e.,
regardless of granule size, all segments are aligned either to 64 KB, or to
2 MB if CONFIG_DEBUG_ALIGN_RODATA=y. This also means we can drop the Kconfig
dependency of CONFIG_DEBUG_ALIGN_RODATA on CONFIG_ARM64_4K_PAGES.Signed-off-by: Ard Biesheuvel
Signed-off-by: Will Deacon
04 Mar, 2016
1 commit
-
In spite of its name, CONFIG_DEBUG_RODATA is an important hardening feature
for production kernels, and distros all enable it by default in their
kernel configs. However, since enabling it used to result in more granular,
and thus less efficient kernel mappings, it is not enabled by default for
performance reasons.However, since commit 2f39b5f91eb4 ("arm64: mm: Mark .rodata as RO"), the
various kernel segments (.text, .rodata, .init and .data) are already
mapped individually, and the only effect of setting CONFIG_DEBUG_RODATA is
that the existing .text and .rodata mappings are updated late in the boot
sequence to have their read-only attributes set, which means that any
performance concerns related to enabling CONFIG_DEBUG_RODATA are no longer
valid.So from now on, make CONFIG_DEBUG_RODATA default to 'y'
Signed-off-by: Ard Biesheuvel
Acked-by: Mark Rutland
Acked-by: Kees Cook
Signed-off-by: Catalin Marinas
09 Jan, 2016
1 commit
-
Let all the archs that implement devmem_is_allowed() opt-in to a common
definition of CONFIG_STRICT_DEVM in lib/Kconfig.debug.Cc: Kees Cook
Cc: Russell King
Cc: Will Deacon
Cc: Benjamin Herrenschmidt
Cc: Martin Schwidefsky
Cc: Thomas Gleixner
Cc: "H. Peter Anvin"
Cc: Andrew Morton
Cc: Greg Kroah-Hartman
Cc: "David S. Miller"
Acked-by: Catalin Marinas
Acked-by: Heiko Carstens
[heiko: drop 'default y' for s390]
Acked-by: Ingo Molnar
Suggested-by: Arnd Bergmann
Signed-off-by: Dan Williams
10 Nov, 2015
1 commit
-
FRAME_POINTER is defined in lib/Kconfig.debug, it is unnecessary to redefine it
in arch/arm64/Kconfig.debug.ARM64 depends on frame pointer to get correct stack trace (also selecting
ARCH_WANT_FRAME_POINTERS). However, the lib/Kconfig.debug definition allows
such option to be disabled. This patch forces FRAME_POINTER always on on arm64.Signed-off-by: Yang Shi
Signed-off-by: Catalin Marinas
20 Oct, 2015
1 commit
-
We use !CONFIG_ARM64_64K_PAGES for CONFIG_ARM64_4K_PAGES
(and vice versa) in code. It all worked well, so far since
we only had two options. Now, with the introduction of 16K,
these cases will break. This patch cleans up the code to
use the required CONFIG symbol expression without the assumption
that !64K => 4K (and vice versa)Cc: Will Deacon
Acked-by: Mark Rutland
Signed-off-by: Suzuki K. Poulose
Reviewed-by: Ard Biesheuvel
Tested-by: Ard Biesheuvel
Signed-off-by: Catalin Marinas
03 Apr, 2015
2 commits
-
Keeping drivers related to HW tracing on ARM, i.e coresight,
under "drivers/coresight" doesn't make sense when other
architectures start rolling out technologies of the same
nature.As such creating a new "drivers/hwtracing" directory where all
drivers of the same kind can reside, reducing namespace
pollution under "drivers/".Signed-off-by: Mathieu Poirier
Signed-off-by: Greg Kroah-Hartman -
Most CoreSight blocks are 64-bit ready. As such move configuration
entries from "arch/arm/Kconfig.config" to the driver's subdirectory
and source the newly created Kconfig from architecture specific
Kconfig.debug files.Signed-off-by: Mathieu Poirier
Acked-by: Catalin Marinas
Signed-off-by: Greg Kroah-Hartman
22 Jan, 2015
1 commit
-
Add page protections for arm64 similar to those in arm.
This is for security reasons to prevent certain classes
of exploits. The current method:- Map all memory as either RWX or RW. We round to the nearest
section to avoid creating page tables before everything is mapped
- Once everything is mapped, if either end of the RWX section should
not be X, we split the PMD and remap as necessary
- When initmem is to be freed, we change the permissions back to
RW (using stop machine if necessary to flush the TLB)
- If CONFIG_DEBUG_RODATA is set, the read only sections are set
read only.Acked-by: Ard Biesheuvel
Tested-by: Kees Cook
Tested-by: Ard Biesheuvel
Signed-off-by: Laura Abbott
Signed-off-by: Catalin Marinas
27 Nov, 2014
1 commit
-
In a similar manner to arm, it's useful to be able to dump the page
tables to verify permissions and memory types. Add a debugfs file
to check the page tables.Acked-by: Steve Capper
Tested-by: Steve Capper
Reviewed-by: Mark Rutland
Tested-by: Mark Rutland
Signed-off-by: Laura Abbott
[will: s/BUFFERABLE/NORMAL-NC/]
Signed-off-by: Will Deacon
08 Sep, 2014
1 commit
-
In a similar fashion to other architecture, add the infrastructure
and Kconfig to enable DEBUG_SET_MODULE_RONX support. When
enabled, module ranges will be marked read-only/no-execute as
appropriate.Signed-off-by: Laura Abbott
[will: fixed off-by-one in module end check]
Signed-off-by: Will Deacon
10 Jul, 2014
1 commit
-
The arm64 Image header contains a text_offset field which bootloaders
are supposed to read to determine the offset (from a 2MB aligned "start
of memory" per booting.txt) at which to load the kernel. The offset is
not well respected by bootloaders at present, and due to the lack of
variation there is little incentive to support it. This is unfortunate
for the sake of future kernels where we may wish to vary the text offset
(even zeroing it).This patch adds options to arm64 to enable fuzz-testing of text_offset.
CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET forces the text offset to a random
16-byte aligned value value in the range [0..2MB) upon a build of the
kernel. It is recommended that distribution kernels enable randomization
to test bootloaders such that any compliance issues can be fixed early.Signed-off-by: Mark Rutland
Acked-by: Tom Rini
Acked-by: Will Deacon
Signed-off-by: Catalin Marinas
25 Apr, 2014
1 commit
-
Now that we have equivalent earlycon support, arm64's earlyprintk code
can be removed.Signed-off-by: Rob Herring
Cc: Catalin Marinas
Cc: Will Deacon
Signed-off-by: Greg Kroah-Hartman
08 Apr, 2014
1 commit
-
The Kconfig for CONFIG_STRICT_DEVMEM is missing despite being
used in mmap.c. Add it.Signed-off-by: Laura Abbott
Signed-off-by: Catalin Marinas
03 Oct, 2013
1 commit
-
This config item already exists generically in lib/Kconfig.debug.
Remove the duplicate config in arm64.Signed-off-by: Stephen Boyd
Signed-off-by: Catalin Marinas
20 Mar, 2013
1 commit
-
The Kconfig entry for DEBUG_ERRORS is a verbatim copy of the former arm
entry for that symbol. It got removed in v2.6.39 because it wasn't
actually used anywhere. There are still no users of DEBUG_ERRORS so
remove this entry too.Signed-off-by: Paul Bolle
[catalin.marinas@arm.com: removed option from defconfig]
Signed-off-by: Catalin Marinas
12 Feb, 2013
1 commit
-
This patch is a port of 575320d62 ("ARM: 7445/1: mm: update CONTEXTIDR
register to contain PID of current process") from ARM that introduces a
new Kconfig option which, when enabled, causes the kernel to write the
PID of the current task into the CONTEXTIDR register on context switch.
This is useful when analysing hardware trace, since writes to this
register can be configured to emit an event into the trace stream.Signed-off-by: Will Deacon
[catalin.marinas@arm.com: contextidr_thread_switch() moved to mmu_context.h]
Signed-off-by: Catalin Marinas
23 Jan, 2013
1 commit
-
This patch adds support for "earlyprintk=" parameter on the kernel
command line. The format is:earlyprintk=[,][,]
where is the name of the (UART) device, e.g. "pl011", is
the I/O address. The aren't currently used.The mapping of the earlyprintk device is done very early during kernel
boot and there are restrictions on which functions it can call. A
special early_io_map() function is added which creates the mapping from
the pre-defined EARLY_IOBASE to the device I/O address passed via the
kernel parameter. The pgd entry corresponding to EARLY_IOBASE is
pre-populated in head.S during kernel boot.Only PL011 is currently supported and it is assumed that the interface
is already initialised by the boot loader before the kernel is started.Signed-off-by: Catalin Marinas
Acked-by: Arnd Bergmann
17 Sep, 2012
1 commit
-
This patch adds Makefile and Kconfig files required for building an
AArch64 kernel.Signed-off-by: Will Deacon
Signed-off-by: Catalin Marinas
Acked-by: Tony Lindgren
Acked-by: Nicolas Pitre
Acked-by: Olof Johansson
Acked-by: Santosh Shilimkar
Acked-by: Arnd Bergmann