1. 14 Jun, 2018 1 commit
  2. 12 Jun, 2018 1 commit
    • Kees Cook's avatar
      treewide: kzalloc() -> kcalloc() · 6396bb22
      Kees Cook authored
      
      
      The kzalloc() function has a 2-factor argument form, kcalloc(). This
      patch replaces cases of:
      
              kzalloc(a * b, gfp)
      
      with:
              kcalloc(a * b, gfp)
      
      as well as handling cases of:
      
              kzalloc(a * b * c, gfp)
      
      with:
      
              kzalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kzalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kzalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kzalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kzalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kzalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kzalloc
      + kcalloc
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kzalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(sizeof(THING) * C2, ...)
      |
        kzalloc(sizeof(TYPE) * C2, ...)
      |
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(C1 * C2, ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      6396bb22
  3. 19 May, 2018 1 commit
    • Mark Rutland's avatar
      efi/libstub/arm64: Handle randomized TEXT_OFFSET · 4f74d72a
      Mark Rutland authored
      
      
      When CONFIG_RANDOMIZE_TEXT_OFFSET=y, TEXT_OFFSET is an arbitrary
      multiple of PAGE_SIZE in the interval [0, 2MB).
      
      The EFI stub does not account for the potential misalignment of
      TEXT_OFFSET relative to EFI_KIMG_ALIGN, and produces a randomized
      physical offset which is always a round multiple of EFI_KIMG_ALIGN.
      This may result in statically allocated objects whose alignment exceeds
      PAGE_SIZE to appear misaligned in memory. This has been observed to
      result in spurious stack overflow reports and failure to make use of
      the IRQ stacks, and theoretically could result in a number of other
      issues.
      
      We can OR in the low bits of TEXT_OFFSET to ensure that we have the
      necessary offset (and hence preserve the misalignment of TEXT_OFFSET
      relative to EFI_KIMG_ALIGN), so let's do that.
      
      Reported-by: default avatarKim Phillips <kim.phillips@arm.com>
      Tested-by: default avatarKim Phillips <kim.phillips@arm.com>
      [ardb: clarify comment and commit log, drop unneeded parens]
      Signed-off-by: Mark Rutland's avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Fixes: 6f26b367 ("arm64: kaslr: increase randomization granularity")
      Link: http://lkml.kernel.org/r/20180518140841.9731-2-ard.biesheuvel@linaro.org
      
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      4f74d72a
  4. 17 May, 2018 1 commit
    • Andy Shevchenko's avatar
      device property: Get rid of union aliasing · 63dcc709
      Andy Shevchenko authored
      Commit 318a1971 (device property: refactor built-in properties
      support) went way too far and brought a union aliasing. Partially
      revert it here to get rid of union aliasing.
      
      Note, all Apple properties are considered as u8 arrays. To get a value
      of any of them the caller must use device_property_read_u8_array().
      
      What's union aliasing?
      ~~~~~~~~~~~~~~~~~~~~~~
      
      The C99 standard in section 6.2.5 paragraph 20 defines union type as
      "an overlapping nonempty set of member objects". It also states in
      section 6.7.2.1 paragraph 14 that "the value of at most one of the
      members can be stored in a union object at any time'.
      
      Union aliasing is a type punning mechanism using union members to store
      as one type and read back as another.
      
      Why it's not good?
      ~~~~~~~~~~~~~~~~~~
      
      Section 6.2.6.1 paragraph 6 says that a union object may not be a trap
      representation, although its member objects may be.
      
      Meanwhile annex J.1 says that "the value of a union member other than
      the last one stored into" is unspecified [removed in C11].
      
      In TC3, a footnote is added which specifies that accessing a member of a
      union other than the last one stored causes "the object representation"
      to be re-interpreted in the new type and specifically refers to this as
      "type punning". This conflicts to some degree with Annex J.1.
      
      While it's working in Linux with GCC, the use of union members to do
      type punning is not clear area in the C standard and might lead to
      unspecified behaviour.
      
      More information is available in this [1] blog post.
      
      [1]: https://davmac.wordpress.com/2010/02/26/c99-revisited/
      
      
      
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Acked-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Reviewed-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      63dcc709
  5. 14 May, 2018 11 commits
  6. 13 Mar, 2018 1 commit
  7. 12 Mar, 2018 3 commits
  8. 09 Mar, 2018 5 commits
    • Andy Shevchenko's avatar
      efi/apple-properties: Use memremap() instead of ioremap() · 44612d7e
      Andy Shevchenko authored
      
      
      The memory we are accessing through virtual address has no IO side
      effects. Moreover, for IO memory we have to use special accessors,
      which we don't use.
      
      Due to above, convert the driver to use memremap() instead of ioremap().
      
      Tested-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Link: http://lkml.kernel.org/r/20180308080020.22828-12-ard.biesheuvel@linaro.org
      
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      44612d7e
    • Ard Biesheuvel's avatar
      efi: Reorder pr_notice() with add_device_randomness() call · 5b4e4c3a
      Ard Biesheuvel authored
      
      
      Currently, when we receive a random seed from the EFI stub, we call
      add_device_randomness() to incorporate it into the entropy pool, and
      issue a pr_notice() saying we are about to do that, e.g.,
      
        [    0.000000] efi:  RNG=0x87ff92cf18
        [    0.000000] random: fast init done
        [    0.000000] efi: seeding entropy pool
      
      Let's reorder those calls to make the output look less confusing:
      
        [    0.000000] efi: seeding entropy pool
        [    0.000000] efi:  RNG=0x87ff92cf18
        [    0.000000] random: fast init done
      
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Link: http://lkml.kernel.org/r/20180308080020.22828-11-ard.biesheuvel@linaro.org
      
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      5b4e4c3a
    • Ard Biesheuvel's avatar
      efi/arm*: Stop printing addresses of virtual mappings · 1832e641
      Ard Biesheuvel authored
      
      
      With the recent %p -> %px changes, we now get something like this in
      the kernel boot log on ARM/arm64 EFI systems:
      
           Remapping and enabling EFI services.
             EFI remap 0x00000087fb830000 =>         (ptrval)
             EFI remap 0x00000087fbdb0000 =>         (ptrval)
             EFI remap 0x00000087fffc0000 =>         (ptrval)
      
      The physical addresses of the UEFI runtime regions will also be
      printed when booting with the efi=debug command line option, and the
      virtual addresses can be inspected via /sys/kernel/debug/efi_page_tables
      (if enabled).
      
      So let's just remove the lines above.
      
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: default avatarLeif Lindholm <leif.lindholm@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Link: http://lkml.kernel.org/r/20180308080020.22828-4-ard.biesheuvel@linaro.org
      
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      1832e641
    • Andy Shevchenko's avatar
      efi/apple-properties: Remove redundant attribute initialization from unmarshal_key_value_pairs() · 6e98503d
      Andy Shevchenko authored
      
      
      There is no need to artificially supply a property length and fake data
      if property has type of boolean.
      
      Remove redundant piece of data and code.
      
      Reviewed-and-tested-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Link: http://lkml.kernel.org/r/20180308080020.22828-3-ard.biesheuvel@linaro.org
      
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      6e98503d
    • Mark Rutland's avatar
      efi/arm*: Only register page tables when they exist · 6b31a2fa
      Mark Rutland authored
      
      
      Currently the arm/arm64 runtime code registers the runtime servies
      pagetables with ptdump regardless of whether runtime services page
      tables have been created.
      
      As efi_mm.pgd is NULL in these cases, attempting to dump the efi page
      tables results in a NULL pointer dereference in the ptdump code:
      
      /sys/kernel/debug# cat efi_page_tables
      [  479.522600] Unable to handle kernel NULL pointer dereference at virtual address 00000000
      [  479.522715] Mem abort info:
      [  479.522764]   ESR = 0x96000006
      [  479.522850]   Exception class = DABT (current EL), IL = 32 bits
      [  479.522899]   SET = 0, FnV = 0
      [  479.522937]   EA = 0, S1PTW = 0
      [  479.528200] Data abort info:
      [  479.528230]   ISV = 0, ISS = 0x00000006
      [  479.528317]   CM = 0, WnR = 0
      [  479.528317] user pgtable: 4k pages, 48-bit VAs, pgd = 0000000064ab0cb0
      [  479.528449] [0000000000000000] *pgd=00000000fbbe4003, *pud=00000000fb66e003, *pmd=0000000000000000
      [  479.528600] Internal error: Oops: 96000006 [#1] PREEMPT SMP
      [  479.528664] Modules linked in:
      [  479.528699] CPU: 0 PID: 2457 Comm: cat Not tainted 4.15.0-rc3-00065-g2ad2ee7ecb5c-dirty #7
      [  479.528799] Hardware name: FVP Base (DT)
      [  479.528899] pstate: 00400009 (nzcv daif +PAN -UAO)
      [  479.528941] pc : walk_pgd.isra.1+0x20/0x1d0
      [  479.529011] lr : ptdump_walk_pgd+0x30/0x50
      [  479.529105] sp : ffff00000bf4bc20
      [  479.529185] x29: ffff00000bf4bc20 x28: 0000ffff9d22e000
      [  479.529271] x27: 0000000000020000 x26: ffff80007b4c63c0
      [  479.529358] x25: 00000000014000c0 x24: ffff80007c098900
      [  479.529445] x23: ffff00000bf4beb8 x22: 0000000000000000
      [  479.529532] x21: ffff00000bf4bd70 x20: 0000000000000001
      [  479.529618] x19: ffff00000bf4bcb0 x18: 0000000000000000
      [  479.529760] x17: 000000000041a1c8 x16: ffff0000082139d8
      [  479.529800] x15: 0000ffff9d3c6030 x14: 0000ffff9d2527f4
      [  479.529924] x13: 00000000000003f3 x12: 0000000000000038
      [  479.530000] x11: 0000000000000003 x10: 0101010101010101
      [  479.530099] x9 : 0000000017e94050 x8 : 000000000000003f
      [  479.530226] x7 : 0000000000000000 x6 : 0000000000000000
      [  479.530313] x5 : 0000000000000001 x4 : 0000000000000000
      [  479.530416] x3 : ffff000009069fd8 x2 : 0000000000000000
      [  479.530500] x1 : 0000000000000000 x0 : 0000000000000000
      [  479.530599] Process cat (pid: 2457, stack limit = 0x000000005d1b0e6f)
      [  479.530660] Call trace:
      [  479.530746]  walk_pgd.isra.1+0x20/0x1d0
      [  479.530833]  ptdump_walk_pgd+0x30/0x50
      [  479.530907]  ptdump_show+0x10/0x20
      [  479.530920]  seq_read+0xc8/0x470
      [  479.531023]  full_proxy_read+0x60/0x90
      [  479.531100]  __vfs_read+0x18/0x100
      [  479.531180]  vfs_read+0x88/0x160
      [  479.531267]  SyS_read+0x48/0xb0
      [  479.531299]  el0_svc_naked+0x20/0x24
      [  479.531400] Code: 91400420 f90033a0 a90707a2 f9403fa0 (f9400000)
      [  479.531499] ---[ end trace bfe8e28d8acb2b67 ]---
      Segmentation fault
      
      Let's avoid this problem by only registering the tables after their
      successful creation, which is also less confusing when EFI runtime
      services are not in use.
      
      Reported-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: Mark Rutland's avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Link: http://lkml.kernel.org/r/20180308080020.22828-2-ard.biesheuvel@linaro.org
      
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      6b31a2fa
  9. 21 Jan, 2018 1 commit
  10. 19 Jan, 2018 1 commit
    • Matthew Garrett's avatar
      x86/efi: Clarify that reset attack mitigation needs appropriate userspace · a5c03c31
      Matthew Garrett authored
      
      
      Some distributions have turned on the reset attack mitigation feature,
      which is designed to force the platform to clear the contents of RAM if
      the machine is shut down uncleanly. However, in order for the platform
      to be able to determine whether the shutdown was clean or not, userspace
      has to be configured to clear the MemoryOverwriteRequest flag on
      shutdown - otherwise the firmware will end up clearing RAM on every
      reboot, which is unnecessarily time consuming. Add some additional
      clarity to the kconfig text to reduce the risk of systems being
      configured this way.
      
      Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
      Acked-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      a5c03c31
  11. 08 Jan, 2018 1 commit
  12. 03 Jan, 2018 5 commits
  13. 06 Dec, 2017 3 commits
  14. 02 Nov, 2017 1 commit
    • Greg Kroah-Hartman's avatar
      License cleanup: add SPDX GPL-2.0 license identifier to files with no license · b2441318
      Greg Kroah-Hartman authored
      
      
      Many source files in the tree are missing licensing information, which
      makes it harder for compliance tools to determine the correct license.
      
      By default all files without license information are under the default
      license of the kernel, which is GPL version 2.
      
      Update the files which contain no license information with the 'GPL-2.0'
      SPDX license identifier.  The SPDX identifier is a legally binding
      shorthand, which can be used instead of the full boiler plate text.
      
      This patch is based on work done by Thomas Gleixner and Kate Stewart and
      Philippe Ombredanne.
      
      How this work was done:
      
      Patches were generated and checked against linux-4.14-rc6 for a subset of
      the use cases:
       - file had no licensing information it it.
       - file was a */uapi/* one with no licensing information in it,
       - file was a */uapi/* one with existing licensing information,
      
      Further patches will be generated in subsequent months to fix up cases
      where non-standard license headers were used, and references to license
      had to be inferred by heuristics based on keywords.
      
      The analysis to determine which SPDX License Identifier to be applied to
      a file was done in a spreadsheet of side by side results from of the
      output of two independent scanners (ScanCode & Windriver) producing SPDX
      tag:value files created by Philippe Ombredanne.  Philippe prepared the
      base worksheet, and did an initial spot review of a few 1000 files.
      
      The 4.13 kernel was the starting point of the analysis with 60,537 files
      assessed.  Kate Stewart did a file by file comparison of the scanner
      results in the spreadsheet to determine which SPDX license identifier(s)
      to be applied to the file. She confirmed any determination that was not
      immediately clear with lawyers working with the Linux Foundation.
      
      Criteria used to select files for SPDX license identifier tagging was:
       - Files considered eligible had to be source code files.
       - Make and config files were included as candidates if they contained >5
         lines of source
       - File already had some variant of a license header in it (even if <5
         lines).
      
      All documentation files were explicitly excluded.
      
      The following heuristics were used to determine which SPDX license
      identifiers to apply.
      
       - when both scanners couldn't find any license traces, file was
         considered to have no license information in it, and the top level
         COPYING file license applied.
      
         For non */uapi/* files that summary was:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|-------
         GPL-2.0                                              11139
      
         and resulted in the first patch in this series.
      
         If that file was a */uapi/* path one, it was "GPL-2.0 WITH
         Linux-syscall-note" otherwise it was "GPL-2.0".  Results of that was:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|-------
         GPL-2.0 WITH Linux-syscall-note                        930
      
         and resulted in the second patch in this series.
      
       - if a file had some form of licensing information in it, and was one
         of the */uapi/* ones, it was denoted with the Linux-syscall-note if
         any GPL family license was found in the file or had no licensing in
         it (per prior point).  Results summary:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|------
         GPL-2.0 WITH Linux-syscall-note                       270
         GPL-2.0+ WITH Linux-syscall-note                      169
         ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause)    21
         ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)    17
         LGPL-2.1+ WITH Linux-syscall-note                      15
         GPL-1.0+ WITH Linux-syscall-note                       14
         ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause)    5
         LGPL-2.0+ WITH Linux-syscall-note                       4
         LGPL-2.1 WITH Linux-syscall-note                        3
         ((GPL-2.0 WITH Linux-syscall-note) OR MIT)              3
         ((GPL-2.0 WITH Linux-syscall-note) AND MIT)             1
      
         and that resulted in the third patch in this series.
      
       - when the two scanners agreed on the detected license(s), that became
         the concluded license(s).
      
       - when there was disagreement between the two scanners (one detected a
         license but the other didn't, or they both detected different
         licenses) a manual inspection of the file occurred.
      
       - In most cases a manual inspection of the information in the file
         resulted in a clear resolution of the license that should apply (and
         which scanner probably needed to revisit its heuristics).
      
       - When it was not immediately clear, the license identifier was
         confirmed with lawyers working with the Linux Foundation.
      
       - If there was any question as to the appropriate license identifier,
         the file was flagged for further research and to be revisited later
         in time.
      
      In total, over 70 hours of logged manual review was done on the
      spreadsheet to determine the SPDX license identifiers to apply to the
      source files by Kate, Philippe, Thomas and, in some cases, confirmation
      by lawyers working with the Linux Foundation.
      
      Kate also obtained a third independent scan of the 4.13 code base from
      FOSSology, and compared selected files where the other two scanners
      disagreed against that SPDX file, to see if there was new insights.  The
      Windriver scanner is based on an older version of FOSSology in part, so
      they are related.
      
      Thomas did random spot checks in about 500 files from the spreadsheets
      for the uapi headers and agreed with SPDX license identifier in the
      files he inspected. For the non-uapi files Thomas did random spot checks
      in about 15000 files.
      
      In initial set of patches against 4.14-rc6, 3 files were found to have
      copy/paste license identifier errors, and have been fixed to reflect the
      correct identifier.
      
      Additionally Philippe spent 10 hours this week doing a detailed manual
      inspection and review of the 12,461 patched files from the initial patch
      version early this week with:
       - a full scancode scan run, collecting the matched texts, detected
         license ids and scores
       - reviewing anything where there was a license detected (about 500+
         files) to ensure that the applied SPDX license was correct
       - reviewing anything where there was no detection but the patch license
         was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
         SPDX license was correct
      
      This produced a worksheet with 20 files needing minor correction.  This
      worksheet was then exported into 3 different .csv files for the
      different types of files to be modified.
      
      These .csv files were then reviewed by Greg.  Thomas wrote a script to
      parse the csv files and add the proper SPDX tag to the file, in the
      format that the file expected.  This script was further refined by Greg
      based on the output to detect more types of files automatically and to
      distinguish between header and source .c files (which need different
      comment types.)  Finally Greg ran the script using the .csv files to
      generate the patches.
      
      Reviewed-by: default avatarKate Stewart <kstewart@linuxfoundation.org>
      Reviewed-by: default avatarPhilippe Ombredanne <pombredanne@nexb.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b2441318
  15. 27 Oct, 2017 1 commit
    • Ard Biesheuvel's avatar
      efi/libstub: arm: omit sorting of the UEFI memory map · 29f9007b
      Ard Biesheuvel authored
      
      
      ARM shares its EFI stub implementation with arm64, which has some
      special handling in the virtual remapping code to
      a) make sure that we can map everything even if the OS executes
         with 64k page size, and
      b) make sure that adjacent regions with the same attributes are not
         reordered or moved apart in memory.
      
      The latter is a workaround for a 'feature' that was shortly recommended
      by UEFI spec v2.5, but deprecated shortly after, due to the fact that
      it broke many OS installers, including non-Linux ones, and it was never
      widely implemented for ARM systems. Before implementing b), the arm64
      code simply rounded up all regions to 64 KB granularity, but given that
      that results in moving adjacent regions apart, it had to be refined when
      b) was implemented.
      
      The adjacency check requires a sort() pass, due to the fact that the
      UEFI spec does not mandate any ordering, and the inclusion of the
      lib/sort.c code into the ARM EFI stub is causing some trouble with
      the decompressor build due to the fact that its EXPORT_SYMBOL() call
      triggers the creation of ksymtab/kcrctab sections.
      
      So let's simply do away with the adjacency check for ARM, and simply put
      all UEFI runtime regions together if they have the same memory attributes.
      This is guaranteed to work, given that ARM only supports 4 KB pages,
      and allows us to remove the sort() call entirely.
      
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Tested-by: default avatarJeffy Chen <jeffy.chen@rock-chips.com>
      Tested-by: default avatarGregory CLEMENT <gregory.clement@free-electrons.com>
      Tested-by: default avatarMatthias Brugger <matthias.bgg@gmail.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      29f9007b
  16. 25 Oct, 2017 2 commits
  17. 30 Aug, 2017 1 commit