Add initial devicetree support for Samsung Galaxy J6 (codename: j6lte),
an Exynos7870 device.
Signed-off-by: Kaustabh Chakraborty
---
arch/arm64/boot/dts/exynos/Makefile | 1 +
arch/arm64/boot/dts/exynos/exynos7870-j6lte.dts | 606
2 files changed, 607 inse
On Tue, Feb 04, 2025 at 01:27:41PM +1030, Gustavo A. R. Silva wrote:
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> So, in order to avoid ending up with a flexible-array member in the
> middle of other structs, we use the `struct_g
Exynos7870 is an arm64 SoC manufactured by Samsung and announced in
2016. It is present in multiple mid-range Samsung phones and tablets.
Add basic devicetree support for the SoC, which includes CMUs, pin
controllers, I2C, UART, DW-MMC, and USB-DRD.
Co-developed-by: Sergey Lisov
Signed-off-by: S
Add initial devicetree support for Samsung Galaxy A2 Core
(codename: a2corelte), an Exynos7870 device.
Signed-off-by: Kaustabh Chakraborty
---
arch/arm64/boot/dts/exynos/Makefile| 1 +
.../arm64/boot/dts/exynos/exynos7870-a2corelte.dts | 619 +
2 files chang
commit descriptions.
- Split patchsets into multiple sub-series, subsystem-wise.
- Link to v1:
https://lore.kernel.org/r/20250203-exynos7870-v1-0-2b6df476a...@disroot.org
---
Kaustabh Chakraborty (5):
dt-bindings: arm: samsung: add compatibles for exynos7870 devices
arm64: dts: exynos: add
Document the compatible string for Exynos7870 - "samsung,exynos7870".
The following devices are also added:
- Galaxy A2 Core ("samsung,a2corelte")
- Galaxy J6("samsung,j6lte")
- Galaxy J7 Prime ("samsung,on7xelte")
Signed-off-by: Kaustabh Chakraborty
---
Documentation/
On 03/02/25 22:47, Andy Shevchenko wrote:
Add the __counted_by() compiler attribute to the flexible array member
volumes to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
Use struct_size() instead of manually calculating the number of bytes to
allocate the p
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
So, in order to avoid ending up with a flexible-array member in the
middle of other structs, we use the `struct_group_tagged()` helper
to create a new tagged `struct posix_acl_hdr`. This struc
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
Move the conflicting declaration to the end of the structure. Notice
that `struct ethtool_dump` is a flexible structure --a structure that
contains a flexible-array member.
Fix the following
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
So, in order to avoid ending up with a flexible-array member in the
middle of other structs, we use the `struct_group_tagged()` helper
to create a new tagged `struct bplus_header_fixed`. This
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
Remove unused flexible-array member `buf` and, with this, fix the following
warnings:
drivers/net/ethernet/aquantia/atlantic/aq_hw.h:197:36: warning: structure
containing a flexible array mem
Add initial devicetree support for Samsung Galaxy J7 Prime
(codename: on7xelte), an Exynos7870 device.
Signed-off-by: Kaustabh Chakraborty
---
arch/arm64/boot/dts/exynos/Makefile| 1 +
arch/arm64/boot/dts/exynos/exynos7870-on7xelte.dts | 654 +
2 files chang
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
So, in order to avoid ending up with a flexible-array member in the
middle of other structs, we use the `struct_group_tagged()` helper
to create a new tagged `struct mlx5e_umr_wqe_hdr`. This s
This is a proposal to leverage protection keys (pkeys) to harden
critical kernel data, by making it mostly read-only. The series includes
a simple framework called "kpkeys" to manipulate pkeys for in-kernel use,
as well as a page table hardening feature based on that framework
(kpkeys_hardened_pgta
Introduce a new function, set_memory_pkey(), which sets the
protection key (pkey) of pages in the specified linear mapping
range. Architectures implementing kernel pkeys (kpkeys) must
provide a suitable implementation; an empty stub is added as
fallback.
Signed-off-by: Kevin Brodsky
---
include/
kpkeys is a simple framework to enable the use of protection keys
(pkeys) to harden the kernel itself. This patch introduces the basic
API in : a couple of functions to set and restore
the pkey register and macros to define guard objects.
kpkeys introduces a new concept on top of pkeys: the kpkeys
Implement the kpkeys interface if CONFIG_ARM64_POE is enabled.
The permissions for KPKEYS_PKEY_DEFAULT (pkey 0) are set to RWX as
this pkey is also used for code mappings.
Signed-off-by: Kevin Brodsky
---
arch/arm64/include/asm/kpkeys.h | 43 +
1 file changed, 43
Introduce a helper that sets the permissions of a given pkey
(POIndex) in the POR_ELx format, and make use of it in
arch_set_user_pkey_access().
Also ensure that is included in asm/por.h to provide
the POE_* definitions.
Signed-off-by: Kevin Brodsky
---
arch/arm64/include/asm/por.h | 9 ++
In preparation of using POE inside the kernel, enable "Overlay
applied" for all stage 1 base permissions in PIR_EL1. This ensures
that the permissions set in POR_EL1 affect all kernel mappings.
Signed-off-by: Kevin Brodsky
---
arch/arm64/include/asm/pgtable-prot.h | 16
1 file c
Implement set_memory_pkey() using POE if supported.
Signed-off-by: Kevin Brodsky
---
arch/arm64/include/asm/set_memory.h | 4
arch/arm64/mm/pageattr.c| 25 +
2 files changed, 29 insertions(+)
diff --git a/arch/arm64/include/asm/set_memory.h
b/arch/arm6
This is the final step to enable kpkeys on arm64. We enable
POE at EL1 by setting TCR2_EL1.POE, and initialise POR_EL1 so that
it enables access to the default pkey/POIndex (default kpkeys
level). An ISB is added so that POE restrictions are enforced
immediately.
Having done this, we can now selec
If CONFIG_KPKEYS_HARDENED_PGTABLES is enabled, map allocated page
table pages using a privileged pkey (KPKEYS_PKEY_PGTABLES), so that
page tables can only be written under guard(kpkeys_hardened_pgtables).
This patch is a no-op if CONFIG_KPKEYS_HARDENED_PGTABLES is disabled
(default).
Signed-off-b
kpkeys_hardened_pgtables is a hardening feature based on kpkeys. It
aims to prevent the corruption of page tables by: 1. mapping all
page table pages, both kernel and user, with a privileged pkey
(KPKEYS_PKEY_PGTABLES), and 2. granting write access to that pkey
only when running at a higher kpkeys
kernel_pgtables_set_pkey() allows setting the pkey of all page table
pages in swapper_pg_dir, recursively. This will be needed by
kpkeys_hardened_pgtables, as it relies on all PTPs being mapped with
a non-default pkey. Those initial kernel page tables cannot
practically be assigned a non-default pk
In preparation for adding construction hooks (that may fail) to
__pagetable_ctor(), make __pagetable_ctor() return a bool,
propagate it to pagetable_*_ctor() and handle failure in
the generic {pud,p4d,pgd}_alloc.
Signed-off-by: Kevin Brodsky
---
include/asm-generic/pgalloc.h | 15 ---
kpkeys_hardened_pgtables should be enabled as early as possible (if
selected). It does however require kpkeys being available, which
means on arm64 POE being detected and enabled. POE is a boot
feature, so calling kpkeys_hardened_pgtables_enable() just after
setup_boot_cpu_features() in smp_prepare
Add basic tests for the kpkeys_hardened_pgtables feature: try to
perform a direct write to some kernel and user page table entry and
ensure it fails.
Signed-off-by: Kevin Brodsky
---
mm/Makefile| 1 +
mm/kpkeys_hardened_pgtables_test.c | 72 ++
When CONFIG_KPKEYS_HARDENED_PGTABLES is enabled, page tables (both
user and kernel) are mapped with a privileged pkey in the linear
mapping. As a result, they can only be written under the
kpkeys_hardened_pgtables guard, which sets POR_EL1 appropriately to
allow such writes.
Use this guard whereve
Enable RW access to KPKEYS_PKEY_PGTABLES (used to map page table
pages) if switching to KPKEYS_LVL_PGTABLES, otherwise only grant RO
access.
Signed-off-by: Kevin Brodsky
---
arch/arm64/include/asm/kpkeys.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm64/include/asm/kpkeys.h b/ar
This patch introduces a feature to prevent unintended modifications
of live credentials, by moving them to protected memory when they
are installed via commit_creds(). The protection mechanism is kernel
pkeys (kpkeys): protected memory is mapped with a non-default pkey
and write access is disabled
Introduce the SLAB_SET_PKEY flag to request a kmem_cache whose slabs
are mapped with a non-default pkey, if kernel pkeys (kpkeys) are
supported. The pkey to be used is specified via a new pkey field in
struct kmem_cache_args.
The setting/resetting of the pkey is done directly at the slab level
(al
We will need a separate pkey to protect struct cred. Allocate one as
well as a new kpkeys level that grants write access to that pkey,
and add a guard that switches to that level.
Signed-off-by: Kevin Brodsky
---
arch/arm64/include/asm/kpkeys.h | 4
include/asm-generic/kpkeys.h| 4
Data assigned a non-default pkey is not writable at the default
kpkeys level. If such data is managed via RCU, some mechanism is
required to temporarily grant write access to the data's struct
rcu_head, for instance when zeroing the callback pointer.
There is unfortunately no straightforward way f
The kpkeys_hardened_cred feature, when enabled, automatically
protects credentials installed by commit_creds(). However, because
override_creds() does not consume its argument, it is up to its
callers to protect the credentials before calling override_creds().
This is done by calling protect_creds(
Add basic tests for the kpkeys_hardened_pgtables feature: try to
perform a direct write to current->{cred,real_cred} and ensure it
fails.
Signed-off-by: Kevin Brodsky
---
mm/Makefile| 1 +
mm/kpkeys_hardened_cred_test.c | 42 ++
security/Kconf
Highly privileged components, such as allocators, may require write
access to arbitrary data. To that end, introduce a kpkeys level that
grants write access to all kpkeys.
Signed-off-by: Kevin Brodsky
---
arch/arm64/include/asm/kpkeys.h | 4 +++-
include/linux/kpkeys.h | 3 ++-
2 files
This series aims at hardening struct cred using the kpkeys
infrastructure proposed in [1]. The idea is to enforce the immutability
of live credentials (task->{creds,read_creds}) by allocating them in
"protected" memory, which cannot be written to in the default pkey
configuration (kpkeys level). Co
Nested uses of kpkeys guards are about to be introduced, which means
that kpkeys_set_level() may not actually need to change the value of
POR_EL1. Since updating POR_EL1 requires an expensive ISB, let's
skip the write if the value is unchanged, by returning
KPKEYS_PKEY_REG_INVAL. This will cause th
In union test_small_end, the small members are three and four.
Fixes: e71a29db79da1946 ("stackinit: Add union initialization to selftests")
Closes:
https://lore.kernel.org/CAMuHMdWvcKOc6v5o3-9-SqP_4oh5-GZQjZZb=-krhY=mvre...@mail.gmail.com
Signed-off-by: Geert Uytterhoeven
---
lib/stackinit_kuni
Hi Kees,
On Mon, 27 Jan 2025 at 20:11, Kees Cook wrote:
> The stack initialization selftests were checking scalars, strings,
> and structs, but not unions. Add union tests (which are mostly identical
> setup to structs). This catches the recent union initialization behavioral
> changes seen in GC
Add the __counted_by() compiler attribute to the flexible array member
volumes to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
Use struct_size() instead of manually calculating the number of bytes to
allocate the private structure with a buffer.
Signed-off-by:
Convert the driver probe stage to use managed resources.
Signed-off-by: Andy Shevchenko
---
drivers/gpio/gpio-74x164.c | 20
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/drivers/gpio/gpio-74x164.c b/drivers/gpio/gpio-74x164.c
index 0f720d539fa7..920d3b9c108
We have a temporary variable to keep a pointer to struct device.
Utilise it where it makes sense.
Signed-off-by: Andy Shevchenko
---
drivers/gpio/gpio-74x164.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpio/gpio-74x164.c b/drivers/gpio/gpio-74x164.c
index
Make use of BIT() and GENMASK() where it makes sense.
Signed-off-by: Andy Shevchenko
---
drivers/gpio/gpio-74x164.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpio/gpio-74x164.c b/drivers/gpio/gpio-74x164.c
index 7844f8a58834..0f720d539fa7 100644
--- a/driv
Seems like I have had a cleanup series for 74x164, but forgot to send it
last year, here it is.
Andy Shevchenko (7):
gpio: 74x164: Remove unneeded dependency to OF_GPIO
gpio: 74x164: Simplify code with cleanup helpers
gpio: 74x164: Annotate buffer with __counted_by()
gpio: 74x164: Make use
Use macros defined in linux/cleanup.h to automate resource lifetime
control in the driver.
Signed-off-by: Andy Shevchenko
---
drivers/gpio/gpio-74x164.c | 16 +++-
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/gpio/gpio-74x164.c b/drivers/gpio/gpio-74x164.c
in
Switch to use dev_err_probe() to simplify the error path and
unify a message template.
Signed-off-by: Andy Shevchenko
---
drivers/gpio/gpio-74x164.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/gpio/gpio-74x164.c b/drivers/gpio/gpio-74x164.c
index 920d3b9c108
Remove unneeded dependency to OF_GPIO which driver does not use.
Fixes: 3c7469514dbe ("gpio: 74x164: Make use of device properties")
Signed-off-by: Andy Shevchenko
---
drivers/gpio/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig
index add5ad
On Tue, Feb 04, 2025 at 12:40:49PM +1030, Gustavo A. R. Silva wrote:
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> Remove unused flexible-array member `buf` and, with this, fix the following
> warnings:
> drivers/net/ethernet/aqua
49 matches
Mail list logo
