Age | Commit message (Collapse) | Author | Files | Lines |
|
Add secure_computing() call to syscall_trace_enter to actually
filter system calls.
Add necessary arch Kconfig options, define TIF_SECCOMP trace
flag and provide basic seccomp filter support in asm/syscall.h
syscall_get_nr currently uses the syscall nr stored in orig_d0
because we change d0 to a default return code before starting a
syscall trace. This may be inconsistent with syscall_rollback
copying orig_d0 to d0 (which we never check upon return from
trace). We use d0 for the return code from syscall_trace_enter
in entry.S currently, and could perhaps expand that to store
a new syscall number returned by the seccomp filter before
executing the syscall. This clearly needs some discussion.
seccomp_bpf self test on ARAnyM passes 81 out of 94 tests.
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/r/20230112035529.13521-3-schmitzmic@gmail.com
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
|
|
The official arch name is LoongArch [1], we should use small letter
loongarch instead of loong in Documentation/features, just use the
features-refresh.sh to refresh all the related files.
[1] https://www.kernel.org/doc/html/latest/loongarch/index.html
Fixes: 5860800e8696 ("Documentation/features: Update the arch support status files")
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Link: https://lore.kernel.org/r/1670156327-9631-3-git-send-email-yangtiezhu@loongson.cn
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
|
The arch support status files don't match reality as of v5.19-rc1,
use the features-refresh.sh to refresh all the arch-support.txt files
in place. The main effect is to add entries for the new loong
architecture.
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
Link: https://lore.kernel.org/r/20220609025656.143460-1-zhengzengkai@huawei.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
|
asm-generic
* 'remove-h8300' of git://git.infradead.org/users/hch/misc:
remove the h8300 architecture
This is clearly the least actively maintained architecture we have at
the moment, and probably the least useful. It is now the only one that
does not support MMUs at all, and most of the boards only support 4MB
of RAM, out of which the defconfig kernel needs more than half just
for .text/.data.
Guenter Roeck did the original patch to remove the architecture in 2013
after it had already been obsolete for a while, and Yoshinori Sato brought
it back in a much more modern form in 2015. Looking at the git history
since the reinstantiation, it's clear that almost all commits in the tree
are build fixes or cross-architecture cleanups:
$ git log --no-merges --format=%an v4.5.. arch/h8300/ | sort | uniq
-c | sort -rn | head -n 12
25 Masahiro Yamada
18 Christoph Hellwig
14 Mike Rapoport
9 Arnd Bergmann
8 Mark Rutland
7 Peter Zijlstra
6 Kees Cook
6 Ingo Molnar
6 Al Viro
5 Randy Dunlap
4 Yury Norov
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
The nds32 architecture, also known as AndeStar V3, is a custom 32-bit
RISC target designed by Andes Technologies. Support was added to the
kernel in 2016 as the replacement RISC-V based V5 processors were
already announced, and maintained by (current or former) Andes
employees.
As explained by Alan Kao, new customers are now all using RISC-V,
and all known nds32 users are already on longterm stable kernels
provided by Andes, with no development work going into mainline
support any more.
While the port is still in a reasonably good shape, it only gets
worse over time without active maintainers, so it seems best
to remove it before it becomes unusable. As always, if it turns
out that there are mainline users after all, and they volunteer
to maintain the port in the future, the removal can be reverted.
Link: https://lore.kernel.org/linux-mm/YhdWNLUhk+x9RAzU@yamatobi.andestech.com/
Link: https://lore.kernel.org/lkml/20220302065213.82702-1-alankao@andestech.com/
Link: https://www.andestech.com/en/products-solutions/andestar-architecture/
Signed-off-by: Alan Kao <alankao@andestech.com>
[arnd: rewrite changelog to provide more background]
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Signed-off-by: Christoph Hellwig <hch@lst.de>
|
|
The references to arch/c6x are obsolete now that the architecture
is gone. Remove them.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210225142841.3385428-1-arnd@kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
|
The feature lists don't match reality as of v5.10-rc4, update them
accordingly (by features-refresh.sh).
Signed-off-by: Wei Li <liwei391@huawei.com>
Link: https://lore.kernel.org/r/20201119022709.45843-1-liwei391@huawei.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
|
Pull Xtensa updates from Max Filippov:
- add syscall audit support
- add seccomp filter support
- clean up make rules under arch/xtensa/boot
- fix state management for exclusive access opcodes
- fix build with PMU enabled
* tag 'xtensa-20200805' of git://github.com/jcmvbkbc/linux-xtensa:
xtensa: add missing exclusive access state management
xtensa: fix xtensa_pmu_setup prototype
xtensa: add boot subdirectories build artifacts to 'targets'
xtensa: add uImage and xipImage to targets
xtensa: move vmlinux.bin[.gz] to boot subdirectory
xtensa: initialize_mmu.h: fix a duplicated word
selftests/seccomp: add xtensa support
xtensa: add seccomp support
xtensa: expose syscall through user_pt_regs
xtensa: add audit support
|
|
Add SECCOMP to xtensa Kconfig, select HAVE_ARCH_SECCOMP_FILTER, add
TIF_SECCOMP and call secure_computing from do_syscall_trace_enter.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
|
|
The unicore32 port do not seem maintained for a long time now, there is no
upstream toolchain that can create unicore32 binaries and all the links to
prebuilt toolchains for unicore32 are dead. Even compilers that were
available are not supported by the kernel anymore.
Guenter Roeck says:
I have stopped building unicore32 images since v4.19 since there is no
available compiler that is still supported by the kernel. I am surprised
that support for it has not been removed from the kernel.
Remove unicore32 port.
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Guenter Roeck <linux@roeck-us.net>
|
|
I was manually editing the arch-support.txt for eBPF-JIT, when I
realized the refresh script [1] has not been run for a while. Let's
fix that, so that the entries are more up-to-date.
[1] Documentation/features/scripts/features-refresh.sh
Signed-off-by: Björn Töpel <bjorn.topel@gmail.com>
Link: https://lore.kernel.org/r/20200523191135.21889-1-bjorn.topel@gmail.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
|
core/ cBPF-JIT : TODO |
core/ eBPF-JIT : TODO |
core/ generic-idle-thread : ok |
core/ jump-labels : TODO |
core/ tracehook : ok |
debug/ KASAN : TODO |
debug/ gcov-profile-all : TODO |
debug/ kgdb : TODO |
debug/ kprobes-on-ftrace : TODO |
debug/ kprobes : TODO |
debug/ kretprobes : TODO |
debug/ optprobes : TODO |
debug/ stackprotector : TODO |
debug/ uprobes : TODO |
debug/ user-ret-profiler : TODO |
io/ dma-contiguous : ok |
locking/ cmpxchg-local : TODO |
locking/ lockdep : TODO |
locking/ queued-rwlocks : ok |
locking/ queued-spinlocks : TODO |
locking/ rwsem-optimized : TODO |
perf/ kprobes-event : TODO |
perf/ perf-regs : TODO |
perf/ perf-stackdump : TODO |
sched/ membarrier-sync-core : TODO |
sched/ numa-balancing : .. |
seccomp/ seccomp-filter : TODO |
time/ arch-tick-broadcast : TODO |
time/ clockevents : ok |
time/ context-tracking : TODO |
time/ irq-time-acct : TODO |
time/ modern-timekeeping : ok |
time/ virt-cpuacct : TODO |
vm/ ELF-ASLR : TODO |
vm/ PG_uncached : TODO |
vm/ THP : .. |
vm/ batch-unmap-tlb-flush: TODO |
vm/ huge-vmap : TODO |
vm/ ioremap_prot : TODO |
vm/ numa-memblock : .. |
vm/ pte_special : TODO |
Signed-off-by: Guo Ren <ren_guo@c-sky.com>
Cc: Arnd Bergmann <arnd@arndb.de>
|
|
Now that the script 'features-refresh.sh' is available, uses this script
to refresh all the arch-support.txt files in place.
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
|
A number of architecture ports are obsolete and getting dropped,
so we no longer want to track the respective features.
We already removed the lines for metag and mn10300, this does
the same edits for all the others.
For the remaining 21 architectures, this shows how many are known
to implement each given feature:
19 time/modern-timekeeping/arch-support.txt
19 time/clockevents/arch-support.txt
15 core/tracehook/arch-support.txt
14 core/generic-idle-thread/arch-support.txt
13 locking/lockdep/arch-support.txt
12 io/dma-api-debug/arch-support.txt
11 debug/kgdb/arch-support.txt
10 time/virt-cpuacct/arch-support.txt
9 debug/kretprobes/arch-support.txt
9 debug/kprobes/arch-support.txt
8 vm/THP/arch-support.txt
8 vm/pte_special/arch-support.txt
8 vm/numa-memblock/arch-support.txt
8 io/sg-chain/arch-support.txt
7 perf/kprobes-event/arch-support.txt
7 locking/rwsem-optimized/arch-support.txt
7 debug/gcov-profile-all/arch-support.txt
7 core/jump-labels/arch-support.txt
7 core/BPF-JIT/arch-support.txt
6 vm/ELF-ASLR/arch-support.txt
6 time/context-tracking/arch-support.txt
6 seccomp/seccomp-filter/arch-support.txt
6 debug/stackprotector/arch-support.txt
5 time/irq-time-acct/arch-support.txt
5 io/dma-contiguous/arch-support.txt
5 debug/uprobes/arch-support.txt
4 vm/ioremap_prot/arch-support.txt
4 time/arch-tick-broadcast/arch-support.txt
4 perf/perf-stackdump/arch-support.txt
4 perf/perf-regs/arch-support.txt
3 debug/KASAN/arch-support.txt
2 vm/PG_uncached/arch-support.txt
2 vm/huge-vmap/arch-support.txt
2 sched/numa-balancing/arch-support.txt
2 sched/membarrier-sync-core/arch-support.txt
2 locking/cmpxchg-local/arch-support.txt
2 debug/optprobes/arch-support.txt
2 debug/kprobes-on-ftrace/arch-support.txt
1 vm/TLB/arch-support.txt
1 locking/queued-spinlocks/arch-support.txt
1 locking/queued-rwlocks/arch-support.txt
1 debug/user-ret-profiler/arch-support.txt
0 lib/strncasecmp/arch-support.txt
Note that the list does not include riscv or nds32 yet, these still
need to be added.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Remove the MN10300 arch as the hardware is defunct.
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Masahiro Yamada <yamada.masahiro@socionext.com>
cc: linux-am33-list@redhat.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Remove any remaining references to the Meta architecture in
Documentation/, primarily from Documentation/features/.
Signed-off-by: James Hogan <jhogan@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-metag@vger.kernel.org
Cc: linux-doc@vger.kernel.org
|
|
The AVR32 architecture support has been removed from the Linux kernel,
hence remove all references to it from Documentation.
Signed-off-by: Hans-Christian Noren Egtvedt <egtvedt@samfundet.no>
Signed-off-by: Håvard Skinnemoen <hskinnemoen@gmail.com>
Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
|
|
This brings SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER support through
prctl(2) and seccomp(2) to User-mode Linux for i386 and x86_64
subarchitectures.
secure_computing() is called first in handle_syscall() so that the
syscall emulation will be aborted quickly if matching a seccomp rule.
This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Meredydd Luff <meredydd@senatehouse.org>
Cc: David Drysdale <drysdale@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Kees Cook <keescook@chromium.org>
|
|
Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
|
|
status file for 'seccomp-filter'
Cc: <linux-api@vger.kernel.org>
Cc: <linux-arch@vger.kernel.org>
Cc: <linux-kernel@vger.kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|