[PATCH] ext4: Annotate struct ext4_xattr_inode_array with __counted_by()
Add the __counted_by compiler attribute to the flexible array member
inodes to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
Remove the now obsolete comment on the count field.
Signed-off-by: Thorsten Blum
---
fs/ext4/xattr.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h
index bd97c4aa8177..e14fb19dc912 100644
--- a/fs/ext4/xattr.h
+++ b/fs/ext4/xattr.h
@@ -130,8 +130,8 @@ struct ext4_xattr_ibody_find {
};
struct ext4_xattr_inode_array {
- unsigned int count; /* # of used items in the array */
- struct inode *inodes[];
+ unsigned int count;
+ struct inode *inodes[] __counted_by(count);
};
extern const struct xattr_handler ext4_xattr_user_handler;
--
2.45.2
Re: [PATCH AUTOSEL 6.10 02/16] fs: remove accidental overflow during wraparound check
On Sat 27-07-24 20:47:19, Sasha Levin wrote:
> From: Justin Stitt
>
> [ Upstream commit 23cc6ef6fd453b13502caae23130844e7d6ed0fe ]
Sasha, this commit is only about silencing false-positive UBSAN warning.
Not sure if it is really a stable material...
Honza
>
> Running syzkaller with the newly enabled signed integer overflow
> sanitizer produces this report:
>
> [ 195.401651] [ cut here ]
> [ 195.404808] UBSAN: signed-integer-overflow in ../fs/open.c:321:15
> [ 195.408739] 9223372036854775807 + 562984447377399 cannot be represented in
> type 'loff_t' (aka 'long long')
> [ 195.414683] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted
> 6.8.0-rc2-00039-g14de58dbe653-dirty #11
> [ 195.420138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.16.3-debian-1.16.3-2 04/01/2014
> [ 195.425804] Call Trace:
> [ 195.427360]
> [ 195.428791] dump_stack_lvl+0x93/0xd0
> [ 195.431150] handle_overflow+0x171/0x1b0
> [ 195.433640] vfs_fallocate+0x459/0x4f0
> ...
> [ 195.490053] [ cut here ]
> [ 195.493146] UBSAN: signed-integer-overflow in ../fs/open.c:321:61
> [ 195.497030] 9223372036854775807 + 562984447377399 cannot be represented in
> type 'loff_t' (aka 'long long)
> [ 195.502940] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted
> 6.8.0-rc2-00039-g14de58dbe653-dirty #11
> [ 195.508395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.16.3-debian-1.16.3-2 04/01/2014
> [ 195.514075] Call Trace:
> [ 195.515636]
> [ 195.517000] dump_stack_lvl+0x93/0xd0
> [ 195.519255] handle_overflow+0x171/0x1b0
> [ 195.521677] vfs_fallocate+0x4cb/0x4f0
> [ 195.524033] __x64_sys_fallocate+0xb2/0xf0
>
> Historically, the signed integer overflow sanitizer did not work in the
> kernel due to its interaction with `-fwrapv` but this has since been
> changed [1] in the newest version of Clang. It was re-enabled in the
> kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow
> sanitizer").
>
> Let's use the check_add_overflow helper to first verify the addition
> stays within the bounds of its type (long long); then we can use that
> sum for the following check.
>
> Link: https://github.com/llvm/llvm-project/pull/82432 [1]
> Closes: https://github.com/KSPP/linux/issues/356
> Cc: linux-hardening@vger.kernel.org
> Reviewed-by: Kees Cook
> Signed-off-by: Justin Stitt
> Link:
> https://lore.kernel.org/r/20240513-b4-sio-vfs_fallocate-v2-1-db415872f...@google.com
> Reviewed-by: Jan Kara
> Signed-off-by: Christian Brauner
> Signed-off-by: Sasha Levin
> ---
> fs/open.c | 8 ++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/fs/open.c b/fs/open.c
> index 278b3edcda444..1dd123ba34ee9 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -247,6 +247,7 @@ int vfs_fallocate(struct file *file, int mode, loff_t
> offset, loff_t len)
> {
> struct inode *inode = file_inode(file);
> long ret;
> + loff_t sum;
>
> if (offset < 0 || len <= 0)
> return -EINVAL;
> @@ -319,8 +320,11 @@ int vfs_fallocate(struct file *file, int mode, loff_t
> offset, loff_t len)
> if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
> return -ENODEV;
>
> - /* Check for wrap through zero too */
> - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0))
> + /* Check for wraparound */
> + if (check_add_overflow(offset, len, &sum))
> + return -EFBIG;
> +
> + if (sum > inode->i_sb->s_maxbytes)
> return -EFBIG;
>
> if (!file->f_op->fallocate)
> --
> 2.43.0
>
--
Jan Kara
SUSE Labs, CR
Re: [PATCH] x86/alternatives: Make FineIBT mode Kconfig selectable
> Since FineIBT performs checking at the destination, it is weaker against > attacks that can construct arbitrary executable memory contents. As such, > some system builders want to run with FineIBT disabled by default. Allow > the "cfi=kcfi" boot param mode to be selectable through Kconfig via the > newly introduced CONFIG_CFI_AUTO_DEFAULT. I'm confused as why you think that KCFI is stronger/better than FineIBT. The latter is compatible with execute-only memory, makes use of hardware support, doesn't need LTO, is faster, … moreover, I don't see why an attacker able to "construct arbitrary executable memory contents" wouldn't be able to bypass KCFI as well, since its threat model (https://github.com/kcfi/docs/blob/master/kCFI_whitepaper.pdf) explicitly says "We assume an OS that fully implements the W^X policy [56,58,106] preventing direct code injection in kernel space."
Re: [drivers/gpio] Question about `ljca_gpio_config`: misuse of __counted_by
Hi all,
On 26/07/24 14:07, Linus Walleij wrote:
Hi Haoyu,
On Wed, Jul 24, 2024 at 11:12 AM Haoyu Li wrote:
Dear Linux Developers for GPIO SUBSYSTEM,
We are curious about the use of `struct ljca_gpio_packet *packet` in the
function `ljca_gpio_config`
(https://elixir.bootlin.com/linux/v6.10/source/drivers/gpio/gpio-ljca.c#L80).
```
static int ljca_gpio_config(struct ljca_gpio_dev *ljca_gpio, u8 gpio_id,
u8 config)
{
struct ljca_gpio_packet *packet =
(struct ljca_gpio_packet *)ljca_gpio->obuf;
int ret;
mutex_lock(&ljca_gpio->trans_lock);
packet->item[0].index = gpio_id;
packet->item[0].value = config | ljca_gpio->connect_mode[gpio_id];
packet->num = 1;
ret = ljca_transfer(ljca_gpio->ljca, LJCA_GPIO_CONFIG, (u8 *)packet,
struct_size(packet, item, packet->num), NULL, 0);
mutex_unlock(&ljca_gpio->trans_lock);
return ret < 0 ? ret : 0;
}
```
The definition of `struct ljca_gpio_packet` is at
https://elixir.bootlin.com/linux/v6.10/source/drivers/gpio/gpio-ljca.c#L53.
```
struct ljca_gpio_packet {
u8 num;
struct ljca_gpio_op item[] __counted_by(num);
} __packed;
```
Our question is: The `item` member of `struct ljca_gpio_packet` is annotated with
"__counted_by". Only if we set `packet->num = 1` before accessing
`packet->item[0]`, the flexible member `item` can be properly bounds-checked at run-time
when enabling CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Or there will be a warning from
each access prior to the initialization because the number of elements is zero.
So we think relocating `packet->num = 1` before accessing `packet->item[0]` is
needed.
Here is a fix example of a similar situation :
https://lore.kernel.org/stable/20240613113225.898955...@linuxfoundation.org/.
Please kindly correct us if we missed any key information. Looking forward to
your response!
This is a Gustavo AR Silvia question, so let's loop him in.
(I think you're right, and we should make a patch.)
Yes! `packet->num = 1;` should be relocated:
diff --git a/drivers/gpio/gpio-ljca.c b/drivers/gpio/gpio-ljca.c
index dfec9fbfc7a9..c2a9b4253974 100644
--- a/drivers/gpio/gpio-ljca.c
+++ b/drivers/gpio/gpio-ljca.c
@@ -82,9 +82,9 @@ static int ljca_gpio_config(struct ljca_gpio_dev *ljca_gpio,
u8 gpio_id,
int ret;
mutex_lock(&ljca_gpio->trans_lock);
+ packet->num = 1;
packet->item[0].index = gpio_id;
packet->item[0].value = config | ljca_gpio->connect_mode[gpio_id];
- packet->num = 1;
ret = ljca_transfer(ljca_gpio->ljca, LJCA_GPIO_CONFIG, (u8 *)packet,
struct_size(packet, item, packet->num), NULL, 0);
stable should be CC'd and the following tag included:
Fixes: 1034cc423f1b ("1034cc423f1b4a7a9a56d310ca980fcd2753e11d")
Thanks for catching this! :)
--
Gustavo
Re: [PATCH] ext4: Annotate struct ext4_xattr_inode_array with __counted_by()
On 29/07/24 05:04, Thorsten Blum wrote:
Add the __counted_by compiler attribute to the flexible array member
inodes to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
This change seems to be incomplete. The relationship between `count` and
accesses to `inodes` should be adjusted at least in `ext4_expand_inode_array()`
See this for more details:
https://embeddedor.com/blog/2024/06/18/how-to-use-the-new-counted_by-attribute-in-c-and-linux/
Thanks
--
Gustavo
Remove the now obsolete comment on the count field.
Signed-off-by: Thorsten Blum
---
fs/ext4/xattr.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h
index bd97c4aa8177..e14fb19dc912 100644
--- a/fs/ext4/xattr.h
+++ b/fs/ext4/xattr.h
@@ -130,8 +130,8 @@ struct ext4_xattr_ibody_find {
};
struct ext4_xattr_inode_array {
- unsigned int count; /* # of used items in the array */
- struct inode *inodes[];
+ unsigned int count;
+ struct inode *inodes[] __counted_by(count);
};
extern const struct xattr_handler ext4_xattr_user_handler;
[PATCH 02/11] soc: qcom: socinfo: Add Soc IDs for SM7325 family
Add Soc ID table entries for Qualcomm SM7325 family.
Signed-off-by: Danila Tikhonov
---
drivers/soc/qcom/socinfo.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/soc/qcom/socinfo.c b/drivers/soc/qcom/socinfo.c
index d7359a235e3c..f4e5f7a62206 100644
--- a/drivers/soc/qcom/socinfo.c
+++ b/drivers/soc/qcom/socinfo.c
@@ -401,11 +401,13 @@ static const struct soc_id soc_id[] = {
{ qcom_board_id(SA8540P) },
{ qcom_board_id(QCM4290) },
{ qcom_board_id(QCS4290) },
+ { qcom_board_id(SM7325) },
{ qcom_board_id_named(SM8450_2, "SM8450") },
{ qcom_board_id_named(SM8450_3, "SM8450") },
{ qcom_board_id(SC7280) },
{ qcom_board_id(SC7180P) },
{ qcom_board_id(QCM6490) },
+ { qcom_board_id(SM7325P) },
{ qcom_board_id(IPQ5000) },
{ qcom_board_id(IPQ0509) },
{ qcom_board_id(IPQ0518) },
--
2.45.2
[PATCH 00/11] Add Nothing Phone (1) support
This series of patches adds support for the Nothing Phone (1), identified as nothing,spacewar. The Nothing Phone (1) is built on the Qualcomm Snapdragon 778G+ (SM7325-AE, also known as yupik). SM7325 is identical to SC7280 just as SM7125 is identical to SC7180, so SM7325 devicetree imports SC7280 devicetree as a base. All of these patches are essential for the integration of the Nothing Phone (1) into the kernel. The inclusion of SoC IDs is particularly important, as I encounter crash dumps if the device tree lacks msm and board id information. To: Rob Herring To: Krzysztof Kozlowski To: Conor Dooley To: Bjorn Andersson To: Konrad Dybcio To: "Rafael J. Wysocki" To: Viresh Kumar To: Heikki Krogerus To: Greg Kroah-Hartman To: Kees Cook To: Tony Luck To: "Guilherme G. Piccoli" To: Sudeep Holla To: Andre Przywara To: Rajendra Nayak To: Sibi Sankar To: David Wronek To: Ulf Hansson To: Neil Armstrong To: Heiko Stuebner To: "Rafa?? Mi??ecki" To: Chris Morgan To: Linus Walleij To: Dmitry Baryshkov To: Johan Hovold To: Javier Carrasco To: Luca Weiss To: Krishna Kurapati To: Lorenzo Pieralisi To: Eugene Lepshy Cc: devicet...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Cc: linux-arm-...@vger.kernel.org Cc: linux...@vger.kernel.org Cc: linux-...@vger.kernel.org Cc: linux-hardening@vger.kernel.org Cc: li...@mainlining.org Signed-off-by: Danila Tikhonov Danila Tikhonov (9): dt-bindings: arm: qcom,ids: Add IDs for SM7325 family soc: qcom: socinfo: Add Soc IDs for SM7325 family cpufreq: Add SM7325 to cpufreq-dt-platdev blocklist soc: qcom: pd_mapper: Add SM7325 compatible dt-bindings: soc: qcom: qcom,pmic-glink: Document SM7325 compatible usb: typec: ucsi: Add qcom,sm7325-pmic-glink as needing PDOS quirk dt-bindings: arm: cpus: Add qcom kryo670 compatible dt-bindings: vendor-prefixes: Add Nothing Technology Limited dt-bindings: arm: qcom: Add SM7325 Nothing Phone 1 Eugene Lepshy (2): arm64: dts: qcom: Add SM7325 device tree arm64: dts: qcom: sm7325: Add device-tree for Nothing Phone 1 .../devicetree/bindings/arm/cpus.yaml |1 + .../devicetree/bindings/arm/qcom.yaml |6 + .../bindings/soc/qcom/qcom,pmic-glink.yaml|1 + .../devicetree/bindings/vendor-prefixes.yaml |2 + arch/arm64/boot/dts/qcom/Makefile |1 + .../boot/dts/qcom/sm7325-nothing-spacewar.dts | 1261 + arch/arm64/boot/dts/qcom/sm7325.dtsi | 17 + drivers/cpufreq/cpufreq-dt-platdev.c |1 + drivers/soc/qcom/qcom_pd_mapper.c |1 + drivers/soc/qcom/socinfo.c|2 + drivers/usb/typec/ucsi/ucsi_glink.c |1 + include/dt-bindings/arm/qcom,ids.h|2 + 12 files changed, 1296 insertions(+) create mode 100644 arch/arm64/boot/dts/qcom/sm7325-nothing-spacewar.dts create mode 100644 arch/arm64/boot/dts/qcom/sm7325.dtsi -- 2.45.2
[PATCH 03/11] cpufreq: Add SM7325 to cpufreq-dt-platdev blocklist
The Qualcomm SM7325 platform uses the qcom-cpufreq-hw driver, so add
it to the cpufreq-dt-platdev driver's blocklist.
Signed-off-by: Danila Tikhonov
---
drivers/cpufreq/cpufreq-dt-platdev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/cpufreq-dt-platdev.c
b/drivers/cpufreq/cpufreq-dt-platdev.c
index cac379ba006d..18942bfe9c95 100644
--- a/drivers/cpufreq/cpufreq-dt-platdev.c
+++ b/drivers/cpufreq/cpufreq-dt-platdev.c
@@ -166,6 +166,7 @@ static const struct of_device_id blocklist[] __initconst = {
{ .compatible = "qcom,sm6350", },
{ .compatible = "qcom,sm6375", },
{ .compatible = "qcom,sm7225", },
+ { .compatible = "qcom,sm7325", },
{ .compatible = "qcom,sm8150", },
{ .compatible = "qcom,sm8250", },
{ .compatible = "qcom,sm8350", },
--
2.45.2
[PATCH 04/11] soc: qcom: pd_mapper: Add SM7325 compatible
The Qualcomm SM7325 platform is identical to SC7280, so add
compatibility leading to SC7280.
Signed-off-by: Danila Tikhonov
---
drivers/soc/qcom/qcom_pd_mapper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/qcom_pd_mapper.c
b/drivers/soc/qcom/qcom_pd_mapper.c
index a4c007080665..7a35a548c21f 100644
--- a/drivers/soc/qcom/qcom_pd_mapper.c
+++ b/drivers/soc/qcom/qcom_pd_mapper.c
@@ -539,6 +539,7 @@ static const struct of_device_id qcom_pdm_domains[] = {
{ .compatible = "qcom,sm4250", .data = sm6115_domains, },
{ .compatible = "qcom,sm6115", .data = sm6115_domains, },
{ .compatible = "qcom,sm6350", .data = sm6350_domains, },
+ { .compatible = "qcom,sm7325", .data = sc7280_domains, },
{ .compatible = "qcom,sm8150", .data = sm8150_domains, },
{ .compatible = "qcom,sm8250", .data = sm8250_domains, },
{ .compatible = "qcom,sm8350", .data = sm8350_domains, },
--
2.45.2
[PATCH 05/11] dt-bindings: soc: qcom: qcom,pmic-glink: Document SM7325 compatible
Document the SM7325 compatible used to describe the pmic glink on this platform. Signed-off-by: Danila Tikhonov --- Documentation/devicetree/bindings/soc/qcom/qcom,pmic-glink.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/devicetree/bindings/soc/qcom/qcom,pmic-glink.yaml b/Documentation/devicetree/bindings/soc/qcom/qcom,pmic-glink.yaml index 4512390f90f0..02c37c3137d2 100644 --- a/Documentation/devicetree/bindings/soc/qcom/qcom,pmic-glink.yaml +++ b/Documentation/devicetree/bindings/soc/qcom/qcom,pmic-glink.yaml @@ -26,6 +26,7 @@ properties: - qcom,qcm6490-pmic-glink - qcom,sc8180x-pmic-glink - qcom,sc8280xp-pmic-glink + - qcom,sm7325-pmic-glink - qcom,sm8350-pmic-glink - qcom,sm8450-pmic-glink - qcom,sm8550-pmic-glink -- 2.45.2
[PATCH 07/11] dt-bindings: arm: cpus: Add qcom kryo670 compatible
The Qualcomm Snapdragon 778G/778G+/780G/782G uses CPUs named Kryo 670. Add the compatible string in the documentation. Signed-off-by: Danila Tikhonov --- Documentation/devicetree/bindings/arm/cpus.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/devicetree/bindings/arm/cpus.yaml b/Documentation/devicetree/bindings/arm/cpus.yaml index f308ff6c3532..2bf9501b3b0d 100644 --- a/Documentation/devicetree/bindings/arm/cpus.yaml +++ b/Documentation/devicetree/bindings/arm/cpus.yaml @@ -202,6 +202,7 @@ properties: - qcom,kryo560 - qcom,kryo570 - qcom,kryo660 + - qcom,kryo670 - qcom,kryo685 - qcom,kryo780 - qcom,oryon -- 2.45.2
[PATCH 09/11] dt-bindings: vendor-prefixes: Add Nothing Technology Limited
Add entry for Nothing Technology Limited (https://nl.nothing.tech/) Signed-off-by: Danila Tikhonov --- Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Documentation/devicetree/bindings/vendor-prefixes.yaml b/Documentation/devicetree/bindings/vendor-prefixes.yaml index a70ce43b3dc0..b50c6080424b 100644 --- a/Documentation/devicetree/bindings/vendor-prefixes.yaml +++ b/Documentation/devicetree/bindings/vendor-prefixes.yaml @@ -1041,6 +1041,8 @@ patternProperties: description: Nokia "^nordic,.*": description: Nordic Semiconductor + "^nothing,.*": +description: Nothing Technology Limited "^novatek,.*": description: Novatek "^novtech,.*": -- 2.45.2
[PATCH 08/11] arm64: dts: qcom: Add SM7325 device tree
From: Eugene Lepshy
The Snapdragon 778G (SM7325) / 778G+ (SM7325-AE) / 782G (SM7325-AF)
is software-wise very similar to the Snapdragon 7c+ Gen 3 (SC7280).
It uses the Kryo670.
Signed-off-by: Eugene Lepshy
Co-developed-by: Danila Tikhonov
Signed-off-by: Danila Tikhonov
---
arch/arm64/boot/dts/qcom/sm7325.dtsi | 17 +
1 file changed, 17 insertions(+)
create mode 100644 arch/arm64/boot/dts/qcom/sm7325.dtsi
diff --git a/arch/arm64/boot/dts/qcom/sm7325.dtsi
b/arch/arm64/boot/dts/qcom/sm7325.dtsi
new file mode 100644
index ..5b4574484412
--- /dev/null
+++ b/arch/arm64/boot/dts/qcom/sm7325.dtsi
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: BSD-3-Clause
+/*
+ * Copyright (c) 2024, Eugene Lepshy
+ * Copyright (c) 2024, Danila Tikhonov
+ */
+
+#include "sc7280.dtsi"
+
+/* SM7325 uses Kryo 670 */
+&CPU0 { compatible = "qcom,kryo670"; };
+&CPU1 { compatible = "qcom,kryo670"; };
+&CPU2 { compatible = "qcom,kryo670"; };
+&CPU3 { compatible = "qcom,kryo670"; };
+&CPU4 { compatible = "qcom,kryo670"; };
+&CPU5 { compatible = "qcom,kryo670"; };
+&CPU6 { compatible = "qcom,kryo670"; };
+&CPU7 { compatible = "qcom,kryo670"; };
--
2.45.2
[PATCH 10/11] dt-bindings: arm: qcom: Add SM7325 Nothing Phone 1
Nothing Phone 1 (nothing,spacewar) is a smartphone based on the SM7325 SoC. Signed-off-by: Danila Tikhonov --- Documentation/devicetree/bindings/arm/qcom.yaml | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/devicetree/bindings/arm/qcom.yaml b/Documentation/devicetree/bindings/arm/qcom.yaml index f08e13b61172..d4158c2a5f62 100644 --- a/Documentation/devicetree/bindings/arm/qcom.yaml +++ b/Documentation/devicetree/bindings/arm/qcom.yaml @@ -76,6 +76,7 @@ description: | sm6375 sm7125 sm7225 +sm7325 sm8150 sm8250 sm8350 @@ -978,6 +979,11 @@ properties: - fairphone,fp4 - const: qcom,sm7225 + - items: + - enum: + - nothing,spacewar + - const: qcom,sm7325 + - items: - enum: - microsoft,surface-duo -- 2.45.2
[PATCH 11/11] arm64: dts: qcom: sm7325: Add device-tree for Nothing Phone 1
From: Eugene Lepshy
Add device tree for the Nothing Phone 1 (nothing,spacewar) smartphone
which is based on the SM7325 SoC.
Supported features are, as of now:
* USB & UFS
* Debug UART
* Display via SimpleFB
* Power & volume buttons
* PMIC GLink
* Remoteprocs (ADSP, CDSP, MPSS, WPSS)
* WiFi & Bluetooth
* IPA
* VPU Iris (Venus)
* NFC
* Flash/torch LED
* RTC
* Device-specific thermals
* Various plumbing like regulators, i2c, spi, cci, etc
Signed-off-by: Eugene Lepshy
Co-developed-by: Danila Tikhonov
Signed-off-by: Danila Tikhonov
---
arch/arm64/boot/dts/qcom/Makefile |1 +
.../boot/dts/qcom/sm7325-nothing-spacewar.dts | 1261 +
2 files changed, 1262 insertions(+)
create mode 100644 arch/arm64/boot/dts/qcom/sm7325-nothing-spacewar.dts
diff --git a/arch/arm64/boot/dts/qcom/Makefile
b/arch/arm64/boot/dts/qcom/Makefile
index 0e5c810304fb..0226dde205ba 100644
--- a/arch/arm64/boot/dts/qcom/Makefile
+++ b/arch/arm64/boot/dts/qcom/Makefile
@@ -228,6 +228,7 @@ dtb-$(CONFIG_ARCH_QCOM) +=
sm6375-sony-xperia-murray-pdx225.dtb
dtb-$(CONFIG_ARCH_QCOM)+= sm7125-xiaomi-curtana.dtb
dtb-$(CONFIG_ARCH_QCOM)+= sm7125-xiaomi-joyeuse.dtb
dtb-$(CONFIG_ARCH_QCOM)+= sm7225-fairphone-fp4.dtb
+dtb-$(CONFIG_ARCH_QCOM)+= sm7325-nothing-spacewar.dtb
dtb-$(CONFIG_ARCH_QCOM)+= sm8150-hdk.dtb
dtb-$(CONFIG_ARCH_QCOM)+= sm8150-microsoft-surface-duo.dtb
dtb-$(CONFIG_ARCH_QCOM)+= sm8150-mtp.dtb
diff --git a/arch/arm64/boot/dts/qcom/sm7325-nothing-spacewar.dts
b/arch/arm64/boot/dts/qcom/sm7325-nothing-spacewar.dts
new file mode 100644
index ..94b10ca1c299
--- /dev/null
+++ b/arch/arm64/boot/dts/qcom/sm7325-nothing-spacewar.dts
@@ -0,0 +1,1261 @@
+// SPDX-License-Identifier: BSD-3-Clause
+/*
+ * Copyright (c) 2024, Eugene Lepshy
+ * Copyright (c) 2024, Danila Tikhonov
+ */
+
+/dts-v1/;
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "sm7325.dtsi"
+#include "pm7325.dtsi"
+#include "pm8350b.dtsi" /* PM7325B */
+#include "pm8350c.dtsi" /* PM7350C */
+#include "pmk8350.dtsi" /* PMK7325 */
+
+/delete-node/ &rmtfs_mem;
+
+/ {
+ model = "Nothing Phone (1)";
+ compatible = "nothing,spacewar", "qcom,sm7325";
+ chassis-type = "handset";
+
+ qcom,msm-id = ;
+ qcom,board-id = ;
+
+ aliases {
+ bluetooth0 = &bluetooth;
+ serial0 = &uart5;
+ serial1 = &uart7;
+ wifi0 = &wifi;
+ };
+
+ chosen {
+ #address-cells = <2>;
+ #size-cells = <2>;
+ ranges;
+
+ stdout-path = "serial0:115200n8";
+
+ framebuffer0: framebuffer@e100 {
+ compatible = "simple-framebuffer";
+ reg = <0x0 0xe100 0x0 (1080 * 2400 * 4)>;
+ width = <1080>;
+ height = <2400>;
+ stride = <(1080 * 4)>;
+ format = "a8r8g8b8";
+
+ clocks = <&gcc GCC_DISP_HF_AXI_CLK>,
+<&dispcc DISP_CC_MDSS_MDP_CLK>,
+<&dispcc DISP_CC_MDSS_BYTE0_CLK>,
+<&dispcc DISP_CC_MDSS_BYTE0_INTF_CLK>,
+<&dispcc DISP_CC_MDSS_PCLK0_CLK>,
+<&dispcc DISP_CC_MDSS_VSYNC_CLK>;
+ power-domains = <&dispcc DISP_CC_MDSS_CORE_GDSC>;
+ };
+ };
+
+ gpio-keys {
+ compatible = "gpio-keys";
+
+ pinctrl-0 = <&kypd_volp_n>;
+ pinctrl-names = "default";
+
+ key-volume-up {
+ label = "Volume up";
+ gpios = <&pm7325_gpios 6 GPIO_ACTIVE_LOW>;
+ linux,code = ;
+ };
+ };
+
+ pmic-glink {
+ compatible = "qcom,sm7325-pmic-glink",
+"qcom,pmic-glink";
+
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ orientation-gpios = <&tlmm 140 GPIO_ACTIVE_HIGH>;
+
+ connector@0 {
+ compatible = "usb-c-connector";
+ reg = <0>;
+ power-role = "dual";
+ data-role = "dual";
+
+ ports {
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ port@0 {
+ reg = <0>;
+
+ pmic_glink_hs_in: endpoint {
+ remote-endpoint =
<&usb_1_dwc3_hs>;
+ };
+ };
+
+ port@1 {
+ reg
[PATCH 06/11] usb: typec: ucsi: Add qcom,sm7325-pmic-glink as needing PDOS quirk
The SM7325 Linux Android firmware needs this workaround as well. Add it
to the list.
Signed-off-by: Danila Tikhonov
---
drivers/usb/typec/ucsi/ucsi_glink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c
b/drivers/usb/typec/ucsi/ucsi_glink.c
index 16c328497e0b..80fb04473617 100644
--- a/drivers/usb/typec/ucsi/ucsi_glink.c
+++ b/drivers/usb/typec/ucsi/ucsi_glink.c
@@ -294,6 +294,7 @@ static const struct of_device_id
pmic_glink_ucsi_of_quirks[] = {
{ .compatible = "qcom,qcm6490-pmic-glink", .data = &quirk_sc8280xp, },
{ .compatible = "qcom,sc8180x-pmic-glink", .data = &quirk_sc8180x, },
{ .compatible = "qcom,sc8280xp-pmic-glink", .data = &quirk_sc8280xp, },
+ { .compatible = "qcom,sm7325-pmic-glink", .data = &quirk_sc8280xp, },
{ .compatible = "qcom,sm8350-pmic-glink", .data = &quirk_sc8180x, },
{ .compatible = "qcom,sm8450-pmic-glink", .data = &quirk_sm8450, },
{ .compatible = "qcom,sm8550-pmic-glink", .data = &quirk_sm8450, },
--
2.45.2
[PATCH 01/11] dt-bindings: arm: qcom,ids: Add IDs for SM7325 family
Add Qualcomm SM7325/SM7325P (yupik) SoC IDs. Signed-off-by: Danila Tikhonov --- include/dt-bindings/arm/qcom,ids.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/dt-bindings/arm/qcom,ids.h b/include/dt-bindings/arm/qcom,ids.h index d6c9e9472121..a4315872049e 100644 --- a/include/dt-bindings/arm/qcom,ids.h +++ b/include/dt-bindings/arm/qcom,ids.h @@ -234,11 +234,13 @@ #define QCOM_ID_SA8540P461 #define QCOM_ID_QCM4290469 #define QCOM_ID_QCS4290470 +#define QCOM_ID_SM7325 475 #define QCOM_ID_SM8450_2 480 #define QCOM_ID_SM8450_3 482 #define QCOM_ID_SC7280 487 #define QCOM_ID_SC7180P495 #define QCOM_ID_QCM6490497 +#define QCOM_ID_SM7325P499 #define QCOM_ID_IPQ5000503 #define QCOM_ID_IPQ0509504 #define QCOM_ID_IPQ0518505 -- 2.45.2
[PATCH RESEND v6] arm64: dts: qcom: msm8939-longcheer-l9100: Add rear flash
From: André Apitzsch
The phone has a Silergy SY7802 flash LED controller.
Reviewed-by: Konrad Dybcio
Signed-off-by: André Apitzsch
---
This series introduces a driver for the Silergy SY7802 charge pump used
in the BQ Aquaris M5 and X5 smartphones.
The implementation is based on information extracted from downstream as
the datasheet provided by a distributor of the hardware didn't include
any information about the i2c register description.
---
Changes in v6:
- Drop applied patches 1/3 and 2/3
- Move #address-/size-cells to the end
- Add R-b tag
- Link to v5:
https://lore.kernel.org/r/20240624-sy7802-v5-0-7abc9d96b...@apitzsch.eu
Changes in v5:
- Fix language in driver description comment
- Unwrap function arguments
- Remove unnecessary empty lines
- Add Acked-by tag to second patch
- Link to v4:
https://lore.kernel.org/r/20240616-sy7802-v4-0-789994180...@apitzsch.eu
Changes in v4:
- Use for_each_available_child_of_node_scoped() to simplify code
- Use dev_err_probe() to be consistent with the other code in
sy7802_probe()
- Split devm_add_action() into 2 devm_add_action_or_reset() to simplify
code and balance regulator_enable()
- Link to v3:
https://lore.kernel.org/r/20240612-sy7802-v3-0-1e9cc1c79...@apitzsch.eu
Changes in v3:
- Add R-b tag to first patch
- Extend driver commit message
- Improve readability of defines by using BIT()
- Rename some variables/parameters
* led_no -> led_id
* level -> brightness
* curr -> fled_{strobe,torch}_used_tmp
* mask -> {flash,torch}_mask
* i -> child_num
- Restructure structs ("Place th big stuff at the top")
- Declare 'child' on a separate line
- Move multi-line assignments out of declaration block
- Update warning/error messages and comments
- Use gotos to handle error path
- Use devm API to cleanup module's resources
- Init mutex before LED class device is registered to avoid race
condition
- Link to v2:
https://lore.kernel.org/r/20240401-sy7802-v2-0-1138190a7...@apitzsch.eu
Changes in v2:
- bindings: remove unneeded allOf
- bindings: example: move flash-led-controller under i2c node to fix
check error
- Cc to phone-devel
- Link to v1:
https://lore.kernel.org/r/20240327-sy7802-v1-0-db74ab32f...@apitzsch.eu
---
.../boot/dts/qcom/msm8939-longcheer-l9100.dts | 27 ++
1 file changed, 27 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/msm8939-longcheer-l9100.dts
b/arch/arm64/boot/dts/qcom/msm8939-longcheer-l9100.dts
index e3404c4455cf..b845da4fa23e 100644
--- a/arch/arm64/boot/dts/qcom/msm8939-longcheer-l9100.dts
+++ b/arch/arm64/boot/dts/qcom/msm8939-longcheer-l9100.dts
@@ -159,6 +159,26 @@ led@2 {
};
};
};
+
+ flash-led-controller@53 {
+ compatible = "silergy,sy7802";
+ reg = <0x53>;
+
+ enable-gpios = <&tlmm 16 GPIO_ACTIVE_HIGH>;
+
+ pinctrl-0 = <&camera_rear_flash_default>;
+ pinctrl-names = "default";
+
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ led@0 {
+ reg = <0>;
+ function = LED_FUNCTION_FLASH;
+ color = ;
+ led-sources = <0>, <1>;
+ };
+ };
};
&blsp_i2c3 {
@@ -318,6 +338,13 @@ camera_front_flash_default:
camera-front-flash-default-state {
bias-disable;
};
+ camera_rear_flash_default: camera-rear-flash-default-state {
+ pins = "gpio9", "gpio16", "gpio51";
+ function = "gpio";
+ drive-strength = <2>;
+ bias-disable;
+ };
+
gpio_hall_sensor_default: gpio-hall-sensor-default-state {
pins = "gpio20";
function = "gpio";
---
base-commit: 0b58e108042b0ed28a71cd7edf517555b233
change-id: 20240325-sy7802-f40fc6f56525
Best regards,
--
André Apitzsch
Re: [PATCH 06/11] usb: typec: ucsi: Add qcom,sm7325-pmic-glink as needing PDOS quirk
On Mon, Jul 29, 2024 at 11:18:13PM GMT, Danila Tikhonov wrote:
> The SM7325 Linux Android firmware needs this workaround as well. Add it
> to the list.
Which one? quirk_sc8280xp enables two workardounds: one for the firmware
crash on GET_PDOS command and another one for the empty PDOs being
returned unless there is PD-enabled partner.
>
> Signed-off-by: Danila Tikhonov
> ---
> drivers/usb/typec/ucsi/ucsi_glink.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c
> b/drivers/usb/typec/ucsi/ucsi_glink.c
> index 16c328497e0b..80fb04473617 100644
> --- a/drivers/usb/typec/ucsi/ucsi_glink.c
> +++ b/drivers/usb/typec/ucsi/ucsi_glink.c
> @@ -294,6 +294,7 @@ static const struct of_device_id
> pmic_glink_ucsi_of_quirks[] = {
> { .compatible = "qcom,qcm6490-pmic-glink", .data = &quirk_sc8280xp, },
> { .compatible = "qcom,sc8180x-pmic-glink", .data = &quirk_sc8180x, },
> { .compatible = "qcom,sc8280xp-pmic-glink", .data = &quirk_sc8280xp, },
> + { .compatible = "qcom,sm7325-pmic-glink", .data = &quirk_sc8280xp, },
> { .compatible = "qcom,sm8350-pmic-glink", .data = &quirk_sc8180x, },
> { .compatible = "qcom,sm8450-pmic-glink", .data = &quirk_sm8450, },
> { .compatible = "qcom,sm8550-pmic-glink", .data = &quirk_sm8450, },
> --
> 2.45.2
>
--
With best wishes
Dmitry
Re: [PATCH 03/11] cpufreq: Add SM7325 to cpufreq-dt-platdev blocklist
On Mon, Jul 29, 2024 at 11:18:10PM GMT, Danila Tikhonov wrote: > The Qualcomm SM7325 platform uses the qcom-cpufreq-hw driver, so add > it to the cpufreq-dt-platdev driver's blocklist. > > Signed-off-by: Danila Tikhonov > --- > drivers/cpufreq/cpufreq-dt-platdev.c | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Dmitry Baryshkov -- With best wishes Dmitry
Re: [PATCH 04/11] soc: qcom: pd_mapper: Add SM7325 compatible
On Mon, Jul 29, 2024 at 11:18:11PM GMT, Danila Tikhonov wrote: > The Qualcomm SM7325 platform is identical to SC7280, so add > compatibility leading to SC7280. > > Signed-off-by: Danila Tikhonov > --- > drivers/soc/qcom/qcom_pd_mapper.c | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Dmitry Baryshkov -- With best wishes Dmitry
Re: [PATCH 08/11] arm64: dts: qcom: Add SM7325 device tree
On Mon, Jul 29, 2024 at 11:18:15PM GMT, Danila Tikhonov wrote: > From: Eugene Lepshy > > The Snapdragon 778G (SM7325) / 778G+ (SM7325-AE) / 782G (SM7325-AF) > is software-wise very similar to the Snapdragon 7c+ Gen 3 (SC7280). > > It uses the Kryo670. > > Signed-off-by: Eugene Lepshy > Co-developed-by: Danila Tikhonov > Signed-off-by: Danila Tikhonov > --- > arch/arm64/boot/dts/qcom/sm7325.dtsi | 17 + > 1 file changed, 17 insertions(+) > create mode 100644 arch/arm64/boot/dts/qcom/sm7325.dtsi > Reviewed-by: Dmitry Baryshkov -- With best wishes Dmitry
Re: [PATCH] x86/alternatives: Make FineIBT mode Kconfig selectable
On Mon, Jul 29, 2024 at 02:35:02PM +0200, jvoisin wrote: > > Since FineIBT performs checking at the destination, it is weaker against > > attacks that can construct arbitrary executable memory contents. As such, > > some system builders want to run with FineIBT disabled by default. Allow > > the "cfi=kcfi" boot param mode to be selectable through Kconfig via the > > newly introduced CONFIG_CFI_AUTO_DEFAULT. > > I'm confused as why you think that KCFI is stronger/better than FineIBT. Sure, can I try to explain this more. > The latter is compatible with execute-only memory, Yes, and since Linux doesn't have kernel execute-only memory (and likely won't for some time), it doesn't make sense to use FineIBT over KCFI for that reason. > makes use of hardware support, Hm? KCFI does too. IBT is still enabled with KCFI (when the hardware supports it). > doesn't need LTO, KCFI doesn't need LTO either. > is faster, What? Measured how? I feel like you're thinking about the old Clang CFI, not the modern KCFI implementation. > … moreover, I don't see why an > attacker able to "construct arbitrary executable memory contents" > wouldn't be able to bypass KCFI as well, To bypass KCFI, the attacker additionally needs a targeted memory exposure to get the correct function hash that they must include before the malicious function they construct. With FineIBT, no such exposure is needed. > since its threat model > (https://github.com/kcfi/docs/blob/master/kCFI_whitepaper.pdf) > explicitly says "We assume an OS that fully implements the W^X policy > [56,58,106] preventing direct code injection in kernel space." I mean, a whitepaper's threat model is nice and all, but this just isn't the reality. Linux certainly tries to maintain W^X, but there are bugs and things like BPF, which can be manipulated to gain attacker-controlled executable code injected into the kernel address space. (e.g. BPF will flip a writable region from RW to RX, so W^X is maintained spatially but not temporally.) So without execute-only memory, some deployments prefer to not weaken the CFI implementation to allow for hash checking bypasses. Once X-O exists, FineIBT is a slam-dunk over KCFI. :) -Kees -- Kees Cook
Re: [PATCH] ext4: Annotate struct ext4_xattr_inode_array with __counted_by()
On 2024/7/29 19:04, Thorsten Blum wrote:
Add the __counted_by compiler attribute to the flexible array member
inodes to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
Remove the now obsolete comment on the count field.
Signed-off-by: Thorsten Blum
---
fs/ext4/xattr.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h
index bd97c4aa8177..e14fb19dc912 100644
--- a/fs/ext4/xattr.h
+++ b/fs/ext4/xattr.h
@@ -130,8 +130,8 @@ struct ext4_xattr_ibody_find {
};
struct ext4_xattr_inode_array {
- unsigned int count; /* # of used items in the array */
- struct inode *inodes[];
+ unsigned int count;
As the comment says, 'count' is the number of items in the array that
have been used,
not the total number of items in the array. So I think this check was
added incorrectly.
+ struct inode *inodes[] __counted_by(count);
};
extern const struct xattr_handler ext4_xattr_user_handler;
