4c30d46517
* refs/heads/tmp-5da1114:
Revert crypto changes from android-4.19.79-95
Revert "UPSTREAM: PM / wakeup updates"
Revert "ANDROID: of: property: Enable of_devlink by default"
Revert "UPSTREAM: dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu"
UPSTREAM: net: usbnet: Fix -Wcast-function-type
UPSTREAM: USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein
UPSTREAM: USB: dummy-hcd: increase max number of devices to 32
ANDROID: tty: serdev: Fix broken serial console input
ANDROID: update kernel ABI (perf_event changes)
BACKPORT: perf_event: Add support for LSM and SELinux checks
UPSTREAM: iommu: Allow io-pgtable to be used outside of drivers/iommu/
ANDROID: update abi for 4.19.94 release
ANDROID: update abi due to revert
Revert "BACKPORT: perf_event: Add support for LSM and SELinux checks"
UPSTREAM: selinux: sidtab reverse lookup hash table
UPSTREAM: selinux: avoid atomic_t usage in sidtab
UPSTREAM: selinux: check sidtab limit before adding a new entry
UPSTREAM: selinux: fix context string corruption in convert_context()
UPSTREAM: selinux: overhaul sidtab to fix bug and improve performance
UPSTREAM: selinux: refactor mls_context_to_sid() and make it stricter
UPSTREAM: selinux: use separate table for initial SID lookup
UPSTREAM: selinux: make "selinux_policycap_names[]" const char *
UPSTREAM: selinux: refactor sidtab conversion
ANDROID: Update ABI representation
ANDROID: GKI: clk: Don't disable unused clocks with sync state support
ANDROID: GKI: clk: Add support for clock providers with sync state
ANDROID: GKI: driver core: Add dev_has_sync_state()
ANDROID: update kernel ABI representation
BACKPORT: perf_event: Add support for LSM and SELinux checks
ANDROID: update ABI representation
UPSTREAM: exit: panic before exit_mm() on global init exit
ANDROID: serdev: Fix platform device support
ANDROID: Kconfig.gki: Add Hidden SPRD DRM configs
ANDROID: gki_defconfig: Disable TRANSPARENT_HUGEPAGE
ANDROID: gki_defconfig: Enable CONFIG_GNSS_CMDLINE_SERIAL
ANDROID: gnss: Add command line test driver
ANDROID: serdev: add platform device support
ANDROID: gki_defconfig: enable ARM64_SW_TTBR0_PAN
ANDROID: gki_defconfig: Set BINFMT_MISC as =m
UPSTREAM: binder: fix incorrect calculation for num_valid
ABI: Update ABI after f2fs merge
ANDROID: add initial ABI whitelist for android-4.19
ANDROID: staging: android: ion: Fix build when CONFIG_ION_SYSTEM_HEAP=n
ANDROID: staging: android: ion: Expose total heap and pool sizes via sysfs
ANDROID: Update ABI representation due to vmstat counter changes
UPSTREAM: include/linux/slab.h: fix sparse warning in kmalloc_type()
UPSTREAM: mm, slab: shorten kmalloc cache names for large sizes
UPSTREAM: mm, proc: add KReclaimable to /proc/meminfo
UPSTREAM: mm: rename and change semantics of nr_indirectly_reclaimable_bytes
UPSTREAM: dcache: allocate external names from reclaimable kmalloc caches
UPSTREAM: mm, slab/slub: introduce kmalloc-reclaimable caches
UPSTREAM: mm, slab: combine kmalloc_caches and kmalloc_dma_caches
ANDROID: abi update for 4.19.89
ANDROID: update abi_gki_aarch64.xml for LTO, CFI, and SCS
ANDROID: gki_defconfig: enable LTO, CFI, and SCS
ANDROID: update abi_gki_aarch64.xml for CONFIG_GNSS
ANDROID: cuttlefish_defconfig: Enable CONFIG_GNSS
UPSTREAM: arm64: Validate tagged addresses in access_ok() called from kernel threads
ANDROID: mm: Throttle rss_stat tracepoint
UPSTREAM: mm: slub: really fix slab walking for init_on_free
ANDROID: update abi_gki_aarch64.xml for nf change
ANDROID: kbuild: limit LTO inlining
ANDROID: kbuild: merge module sections with LTO
ANDROID: netfilter: nf_nat: remove static from nf_nat_ipv4_fn
UPSTREAM: drm/client: remove the exporting of drm_client_close
ANDROID: f2fs: fix possible merge of unencrypted with encrypted I/O
UPSTREAM: binder: Add binder_proc logging to binderfs
UPSTREAM: binder: Make transaction_log available in binderfs
UPSTREAM: binder: Add stats, state and transactions files
UPSTREAM: binder: add a mount option to show global stats
UPSTREAM: binder: Validate the default binderfs device names.
UPSTREAM: binder: Add default binder devices through binderfs when configured
UPSTREAM: binder: fix CONFIG_ANDROID_BINDER_DEVICES
UPSTREAM: android: binder: use kstrdup instead of open-coding it
UPSTREAM: binderfs: remove separate device_initcall()
UPSTREAM: binderfs: respect limit on binder control creation
UPSTREAM: binderfs: switch from d_add() to d_instantiate()
UPSTREAM: binderfs: drop lock in binderfs_binder_ctl_create
UPSTREAM: binderfs: kill_litter_super() before cleanup
UPSTREAM: binderfs: rework binderfs_binder_device_create()
UPSTREAM: binderfs: rework binderfs_fill_super()
UPSTREAM: binderfs: prevent renaming the control dentry
UPSTREAM: binderfs: remove outdated comment
UPSTREAM: binderfs: fix error return code in binderfs_fill_super()
UPSTREAM: binderfs: handle !CONFIG_IPC_NS builds
UPSTREAM: binderfs: reserve devices for initial mount
UPSTREAM: binderfs: rename header to binderfs.h
UPSTREAM: binderfs: implement "max" mount option
UPSTREAM: binderfs: make each binderfs mount a new instance
UPSTREAM: binderfs: remove wrong kern_mount() call
UPSTREAM: binder: implement binderfs
UPSTREAM: binder: remove BINDER_DEBUG_ENTRY()
ANDROID: Don't base allmodconfig on gki_defconfig
ANDROID: Disable UNWINDER_ORC for allmodconfig
ANDROID: update abi_gki_aarch64.xml for 4.19.87
BACKPORT: ARM: 8905/1: Emit __gnu_mcount_nc when using Clang 10.0.0 or newer
ANDROID: update abi_gki_aarch64.xml
ANDROID: gki_defconfig: =m's applied for virtio configs in arm64
UPSTREAM: of: property: Add device link support for interrupt-parent, dmas and -gpio(s)
UPSTREAM: of: property: Add device link support for "iommu-map"
UPSTREAM: of: property: Fix the semantics of of_is_ancestor_of()
UPSTREAM: i2c: of: Populate fwnode in of_i2c_get_board_info()
UPSTREAM: driver core: Clarify documentation for fwnode_operations.add_links()
UPSTREAM: dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu
BACKPORT: coresight: etm4x: Save/restore state across CPU low power states
ANDROID: Update ABI representation
ANDROID: gki_defconfig: IIO=y
f2fs: stop GC when the victim becomes fully valid
f2fs: expose main_blkaddr in sysfs
f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project()
f2fs: Fix deadlock in f2fs_gc() context during atomic files handling
f2fs: show f2fs instance in printk_ratelimited
f2fs: fix potential overflow
f2fs: fix to update dir's i_pino during cross_rename
f2fs: support aligned pinned file
f2fs: avoid kernel panic on corruption test
f2fs: fix wrong description in document
f2fs: cache global IPU bio
f2fs: fix to avoid memory leakage in f2fs_listxattr
f2fs: check total_segments from devices in raw_super
f2fs: update multi-dev metadata in resize_fs
f2fs: mark recovery flag correctly in read_raw_super_block()
f2fs: fix to update time in lazytime mode
vfs: don't allow writes to swap files
mm: set S_SWAPFILE on blockdev swap devices
BACKPORT: ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang
ANDROID: update abi_gki_aarch64.xml for 4.19.87
ANDROID: gki_defconfig: FW_CACHE to no
FROMGIT: firmware_class: make firmware caching configurable
FROMLIST: arm64: implement Shadow Call Stack
FROMLIST: arm64: disable SCS for hypervisor code
BACKPORT: FROMLIST: arm64: vdso: disable Shadow Call Stack
FROMLIST: arm64: efi: restore x18 if it was corrupted
FROMLIST: arm64: preserve x18 when CPU is suspended
FROMLIST: arm64: reserve x18 from general allocation with SCS
FROMLIST: arm64: disable function graph tracing with SCS
FROMLIST: scs: add support for stack usage debugging
FROMLIST: scs: add accounting
FROMLIST: add support for Clang's Shadow Call Stack (SCS)
FROMLIST: arm64: kernel: avoid x18 in __cpu_soft_restart
FROMLIST: arm64: kvm: stop treating register x18 as caller save
FROMLIST: arm64/lib: copy_page: avoid x18 register in assembler code
FROMLIST: arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings
ANDROID: use non-canonical CFI jump tables
ANDROID: arm64: add __nocfi to __apply_alternatives
ANDROID: arm64: add __pa_function
ANDROID: arm64: allow ThinLTO to be selected
ANDROID: soc/tegra: disable ARCH_TEGRA_210_SOC with LTO
FROMLIST: arm64: fix alternatives with LLVM's integrated assembler
ANDROID: irqchip/gic-v3: rename gic_of_init to work around a ThinLTO+CFI bug
ANDROID: init: ensure initcall ordering with LTO
Revert "ANDROID: init: ensure initcall ordering with LTO"
ANDROID: add support for ThinLTO
ANDROID: clang: update to 10.0.1
ANDROID: gki_defconfig: enable CONFIG_REGULATOR_FIXED_VOLTAGE
ANDROID: gki_defconfig: removed CONFIG_PM_WAKELOCKS
ANDROID: gki_defconfig: enable CONFIG_IKHEADERS as m
FROMGIT: pinctrl: devicetree: Avoid taking direct reference to device name string
ANDROID: update abi_gki_aarch64.xml for 4.19.86 update
ANDROID: Update ABI representation
ANDROID: gki_defconfig: disable FUNCTION_TRACER
ANDROID: Update the ABI representation
ANDROID: update ABI representation
ANDROID: add unstripped modules to the distribution
FROMLIST: vsprintf: Inline call to ptr_to_hashval
UPSTREAM: rss_stat: Add support to detect RSS updates of external mm
UPSTREAM: mm: emit tracepoint when RSS changes
FROMGIT: driver core: Allow device link operations inside sync_state()
ANDROID: uid_sys_stats: avoid double accounting of dying threads
ANDROID: scsi: ufs-qcom: Enable BROKEN_CRYPTO quirk flag
ANDROID: scsi: ufs-hisi: Enable BROKEN_CRYPTO quirk flag
ANDROID: scsi: ufs: Add quirk bit for controllers that don't play well with inline crypto
ANDROID: scsi: ufs: UFS init should not require inline crypto
ANDROID: scsi: ufs: UFS crypto variant operations API
ANDROID: gki_defconfig: enable inline encryption
BACKPORT: FROMLIST: ext4: add inline encryption support
BACKPORT: FROMLIST: f2fs: add inline encryption support
BACKPORT: FROMLIST: fscrypt: add inline encryption support
BACKPORT: FROMLIST: scsi: ufs: Add inline encryption support to UFS
BACKPORT: FROMLIST: scsi: ufs: UFS crypto API
BACKPORT: FROMLIST: scsi: ufs: UFS driver v2.1 spec crypto additions
BACKPORT: FROMLIST: block: blk-crypto for Inline Encryption
ANDROID: block: Fix bio_crypt_should_process WARN_ON
BACKPORT: FROMLIST: block: Add encryption context to struct bio
BACKPORT: FROMLIST: block: Keyslot Manager for Inline Encryption
FROMLIST: f2fs: add support for IV_INO_LBLK_64 encryption policies
FROMLIST: ext4: add support for IV_INO_LBLK_64 encryption policies
BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies
FROMLIST: fscrypt: zeroize fscrypt_info before freeing
FROMLIST: fscrypt: remove struct fscrypt_ctx
BACKPORT: FROMLIST: fscrypt: invoke crypto API for ESSIV handling
ANDROID: build kernels with llvm-nm and llvm-objcopy
ANDROID: Fix allmodconfig build with CC=clang
UPSTREAM: mm/page_poison: expose page_poisoning_enabled to kernel modules
FROMGIT: of: property: Add device link support for iommus, mboxes and io-channels
FROMGIT: of: property: Make it easy to add device links from DT properties
FROMGIT: of: property: Minor style clean up of of_link_to_phandle()
Revert "ANDROID: of/property: Add device link support for iommus"
ANDROID: Add allmodconfig build.configs for x86_64 and aarch64
ANDROID: fix allmodconfig build
ANDROID: nf: IDLETIMER: Fix possible use before initialization in idletimer_resume
BACKPORT: coresight: funnel: Support static funnel
BACKPORT:FROMGIT: coresight: replicator: Fix missing spin_lock_init()
BACKPORT:FROMGIT: coresight: funnel: Fix missing spin_lock_init()
BACKPORT:FROMGIT: coresight: Serialize enabling/disabling a link device.
UPSTREAM: coresight: tmc-etr: Add barrier packets when moving offset forward
UPSTREAM: coresight: tmc-etr: Decouple buffer sync and barrier packet insertion
UPSTREAM: coresight: tmc: Make memory width mask computation into a function
UPSTREAM: coresight: tmc-etr: Fix perf_data check
UPSTREAM: coresight: tmc-etr: Fix updating buffer in not-snapshot mode.
UPSTREAM: coresight: tmc-etr: Check if non-secure access is enabled
UPSTREAM: coresight: tmc-etr: Handle memory errors
BACKPORT: coresight: etr_buf: Consolidate refcount initialization
UPSTREAM: coresight: Fix DEBUG_LOCKS_WARN_ON for uninitialized attribute
UPSTREAM: coresight: Use coresight device names for sinks in PMU attribute
UPSTREAM: coresight: tmc-etr: alloc_perf_buf: Do not call smp_processor_id from preemptible
UPSTREAM: coresight: tmc-etr: Do not call smp_processor_id() from preemptible
UPSTREAM: coresight: perf: Don't set the truncated flag in snapshot mode
UPSTREAM: coresight: tmc-etf: Fix snapshot mode update function
UPSTREAM: coresight: tmc-etr: Properly set AUX buffer head in snapshot mode
UPSTREAM: coresight: tmc-etr: Add support for CPU-wide trace scenarios
UPSTREAM: coresight: tmc-etr: Allocate and free ETR memory buffers for CPU-wide scenarios
UPSTREAM: coresight: tmc-etr: Introduce the notion of IDR to ETR devices
UPSTREAM: coresight: tmc-etr: Introduce the notion of reference counting to ETR devices
UPSTREAM: coresight: tmc-etr: Introduce the notion of process ID to ETR devices
UPSTREAM: coresight: tmc-etr: Create per-thread buffer allocation function
UPSTREAM: coresight: tmc-etr: Refactor function tmc_etr_setup_perf_buf()
UPSTREAM: coresight: Communicate perf event to sink buffer allocation functions
UPSTREAM: coresight: perf: Refactor function free_event_data()
UPSTREAM: coresight: perf: Clean up function etm_setup_aux()
UPSTREAM: coresight: Properly address concurrency in sink::update() functions
UPSTREAM: coresight: Properly address errors in sink::disable() functions
UPSTREAM: coresight: Move reference counting inside sink drivers
UPSTREAM: coresight: Adding return code to sink::disable() operation
UPSTREAM: coresight: etm4x: Configure tracers to emit timestamps
UPSTREAM: coresight: etm4x: Skip selector pair 0
UPSTREAM: coresight: etm4x: Add kernel configuration for CONTEXTID
UPSTREAM: coresight: pmu: Adding ITRACE property to cs_etm PMU
UPSTREAM: coresight: tmc: Cleanup power management
UPSTREAM: coresight: Fix freeing up the coresight connections
UPSTREAM: coresight: tmc: Report DMA setup failures
UPSTREAM: coresight: catu: fix clang build warning
UPSTREAM: perf/core: Fix the address filtering fix
UPSTREAM: perf, pt, coresight: Fix address filters for vmas with non-zero offset
UPSTREAM: perf: Copy parent's address filter offsets on clone
UPSTREAM: coresight: Use event attributes for sink selection
UPSTREAM: coresight: perf: Add "sinks" group to PMU directory
UPSTREAM: coresight: etb10: Add support for CLAIM tag
UPSTREAM: coreisght: tmc: Claim device before use
UPSTREAM: coresight: dynamic-replicator: Claim device for use
UPSTREAM: coresight: funnel: Claim devices before use
UPSTREAM: coresight: etmx: Claim devices before use
UPSTREAM: coresight: Add support for CLAIM tag protocol
UPSTREAM: coresight: dynamic-replicator: Handle multiple connections
UPSTREAM: coresight: etb10: Handle errors enabling the device
UPSTREAM: coresight: etm3: Add support for handling errors
UPSTREAM: coresight: etm4x: Add support for handling errors
UPSTREAM: coresight: tmc-etb/etf: Prepare to handle errors enabling
UPSTREAM: coresight: tmc-etr: Handle errors enabling CATU
UPSTREAM: coresight: tmc-etr: Refactor for handling errors
UPSTREAM: coresight: Handle failures in enabling a trace path
UPSTREAM: coresight: tmc: Fix byte-address alignment for RRP
UPSTREAM: coresight: etm4x: Configure EL2 exception level when kernel is running in HYP
UPSTREAM: coresight: etb10: Splitting function etb_enable()
UPSTREAM: coresight: etb10: Refactor etb_drvdata::mode handling
UPSTREAM: coresight: etm-perf: Add support for ETR backend
UPSTREAM: coresight: perf: Remove set_buffer call back
UPSTREAM: coresight: perf: Add helper to retrieve sink configuration
UPSTREAM: coresight: perf: Remove reset_buffer call back for sinks
UPSTREAM: coresight: Convert driver messages to dev_dbg
UPSTREAM: coresight: tmc-etr: Relax collection of trace from sysfs mode
UPSTREAM: coresight: tmc-etr: Handle driver mode specific ETR buffers
UPSTREAM: coresight: perf: Disable trace path upon source error
UPSTREAM: coresight: perf: Allow tracing on hotplugged CPUs
UPSTREAM: coresight: perf: Avoid unncessary CPU hotplug read lock
UPSTREAM: coresight: perf: Fix per cpu path management
UPSTREAM: coresight: Fix handling of sinks
UPSTREAM: coresight: Use ERR_CAST instead of ERR_PTR
UPSTREAM: coresight: Fix remote endpoint parsing
UPSTREAM: coresight: platform: Fix leaking device reference
UPSTREAM: coresight: platform: Fix refcounting for graph nodes
UPSTREAM: coresight: platform: Refactor graph endpoint parsing
UPSTREAM: coresight: Document error handling in coresight_register
ANDROID: regression introduced override_creds=off
ANDROID: overlayfs: internal getxattr operations without sepolicy checking
ANDROID: overlayfs: add __get xattr method
ANDROID: Add optional __get xattr method paired to __vfs_getxattr
UPSTREAM: scsi: ufs: override auto suspend tunables for ufs
UPSTREAM: scsi: core: allow auto suspend override by low-level driver
FROMGIT: of: property: Skip adding device links to suppliers that aren't devices
ANDROID: gki_defconfig: enable CONFIG_KEYBOARD_GPIO
UPSTREAM: dm bufio: introduce a global cache replacement
UPSTREAM: dm bufio: remove old-style buffer cleanup
UPSTREAM: dm bufio: introduce a global queue
UPSTREAM: dm bufio: refactor adjust_total_allocated
UPSTREAM: dm bufio: call adjust_total_allocated from __link_buffer and __unlink_buffer
ANDROID: dummy_cpufreq: Implement get()
ANDROID: gki_defconfig: enable CONFIG_CPUSETS
ANDROID: virtio: virtio_input: Set the amount of multitouch slots in virtio input
rtlwifi: Fix potential overflow on P2P code
ANDROID: cpufreq: create dummy cpufreq driver
ANDROID: Allow DRM_IOCTL_MODE_*_DUMB for render clients.
Cuttlefish Wifi: Add data ops in virt_wifi driver for scan data simulation
ANDROID: of: property: Enable of_devlink by default
ANDROID: of: property: Make sure child dependencies don't block probing of parent
ANDROID: driver core: Allow fwnode_operations.add_links to differentiate errors
ANDROID: driver core: Allow a device to wait on optional suppliers
ANDROID: driver core: Add device link support for SYNC_STATE_ONLY flag
FROMGIT: docs: driver-model: Add documentation for sync_state
FROMGIT: driver: core: Improve documentation for fwnode_operations.add_links()
FROMGIT: of: property: Minor code formatting/style clean ups
ANDROID: of/property: Add device link support for iommus
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
BACKPORT: arm64: tags: Preserve tags for addresses translated via TTBR1
UPSTREAM: arm64: memory: Implement __tag_set() as common function
UPSTREAM: arm64/mm: fix variable 'tag' set but not used
UPSTREAM: arm64: avoid clang warning about self-assignment
ANDROID: sdcardfs: evict dentries on fscrypt key removal
ANDROID: fscrypt: add key removal notifier chain
ANDROID: refactor build.config files to remove duplication
ANDROID: Move from clang r353983c to r365631c
ANDROID: gki_defconfig: remove PWRSEQ_EMMC and PWRSEQ_SIMPLE
ANDROID: unconditionally compile sig_ok in struct module
ANDROID: gki_defconfig: enable fs-verity
UPSTREAM: mm: vmalloc: show number of vmalloc pages in /proc/meminfo
BACKPORT: PM/sleep: Expose suspend stats in sysfs
UPSTREAM: power: supply: Init device wakeup after device_add()
UPSTREAM: PM / wakeup: Unexport wakeup_source_sysfs_{add,remove}()
UPSTREAM: PM / wakeup: Register wakeup class kobj after device is added
UPSTREAM: PM / wakeup: Fix sysfs registration error path
UPSTREAM: PM / wakeup: Show wakeup sources stats in sysfs
UPSTREAM: PM / wakeup: Use wakeup_source_register() in wakelock.c
UPSTREAM: PM / wakeup: Drop wakeup_source_init(), wakeup_source_prepare()
UPSTREAM: PM / wakeup: Drop wakeup_source_drop()
UPSTREAM: PM / core: Add support to skip power management in device/driver model
gki_defconfig: Enable CONFIG_DM_SNAPSHOT
ANDROID: gki_defconfig: enable accelerated AES and SHA-256
ANDROID: fix overflow in /proc/uid_cputime/remove_uid_range
ANDROID: kasan: fix has_attribute check on older GCC versions
ANDROID: gki_defconfig: enable CONFIG_PARAVIRT and CONFIG_HYPERVISOR_GUEST
ANDROID: gki_defconfig: enable CONFIG_NLS_*
ANDROID: gki_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
FROMGIT: of: property: Create device links for all child-supplier depencencies
FROMGIT: of/platform: Pause/resume sync state during init and of_platform_populate()
BACKPORT: FROMGIT: driver core: Add sync_state driver/bus callback
BACKPORT: FROMGIT: of: property: Add functional dependency link from DT bindings
FROMGIT: driver core: Add support for linking devices during device addition
FROMGIT: driver core: Add fwnode_to_dev() to look up device from fwnode
UPSTREAM: mm: untag user pointers in mmap/munmap/mremap/brk
UPSTREAM: vfio/type1: untag user pointers in vaddr_get_pfn
UPSTREAM: tee/shm: untag user pointers in tee_shm_register
UPSTREAM: media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get
UPSTREAM: drm/radeon: untag user pointers in radeon_gem_userptr_ioctl
BACKPORT: drm/amdgpu: untag user pointers
UPSTREAM: userfaultfd: untag user pointers
UPSTREAM: fs/namespace: untag user pointers in copy_mount_options
UPSTREAM: mm: untag user pointers in get_vaddr_frames
UPSTREAM: mm: untag user pointers in mm/gup.c
UPSTREAM: mm: untag user pointers passed to memory syscalls
BACKPORT: lib: untag user pointers in strn*_user
UPSTREAM: arm64: Fix reference to docs for ARM64_TAGGED_ADDR_ABI
UPSTREAM: selftests, arm64: add kernel headers path for tags_test
BACKPORT: arm64: Relax Documentation/arm64/tagged-pointers.rst
UPSTREAM: arm64: Define Documentation/arm64/tagged-address-abi.rst
UPSTREAM: arm64: Change the tagged_addr sysctl control semantics to only prevent the opt-in
UPSTREAM: arm64: Tighten the PR_{SET, GET}_TAGGED_ADDR_CTRL prctl() unused arguments
UPSTREAM: selftests, arm64: fix uninitialized symbol in tags_test.c
UPSTREAM: arm64: mm: Really fix sparse warning in untagged_addr()
UPSTREAM: selftests, arm64: add a selftest for passing tagged pointers to kernel
BACKPORT: arm64: Introduce prctl() options to control the tagged user addresses ABI
UPSTREAM: arm64: untag user pointers in access_ok and __uaccess_mask_ptr
UPSTREAM: uaccess: add noop untagged_addr definition
BACKPORT: block: annotate refault stalls from IO submission
f2fs: add a condition to detect overflow in f2fs_ioc_gc_range()
f2fs: fix to add missing F2FS_IO_ALIGNED() condition
f2fs: fix to fallback to buffered IO in IO aligned mode
f2fs: fix to handle error path correctly in f2fs_map_blocks
f2fs: fix extent corrupotion during directIO in LFS mode
f2fs: check all the data segments against all node ones
f2fs: Add a small clarification to CONFIG_FS_F2FS_FS_SECURITY
f2fs: fix inode rwsem regression
f2fs: fix to avoid accessing uninitialized field of inode page in is_alive()
f2fs: avoid infinite GC loop due to stale atomic files
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: convert inline_data in prior to i_size_write
f2fs: fix error path of f2fs_convert_inline_page()
f2fs: add missing documents of reserve_root/resuid/resgid
f2fs: fix flushing node pages when checkpoint is disabled
f2fs: enhance f2fs_is_checkpoint_ready()'s readability
f2fs: clean up __bio_alloc()'s parameter
f2fs: fix wrong error injection path in inc_valid_block_count()
f2fs: fix to writeout dirty inode during node flush
f2fs: optimize case-insensitive lookups
f2fs: introduce f2fs_match_name() for cleanup
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: allocate memory in batch in build_sit_info()
f2fs: support FS_IOC_{GET,SET}FSLABEL
f2fs: fix to avoid data corruption by forbidding SSR overwrite
f2fs: Fix build error while CONFIG_NLS=m
Revert "f2fs: avoid out-of-range memory access"
f2fs: cleanup the code in build_sit_entries.
f2fs: fix wrong available node count calculation
f2fs: remove duplicate code in f2fs_file_write_iter
f2fs: fix to migrate blocks correctly during defragment
f2fs: use wrapped f2fs_cp_error()
f2fs: fix to use more generic EOPNOTSUPP
f2fs: use wrapped IS_SWAPFILE()
f2fs: Support case-insensitive file name lookups
f2fs: include charset encoding information in the superblock
fs: Reserve flag for casefolding
f2fs: fix to avoid call kvfree under spinlock
fs: f2fs: Remove unnecessary checks of SM_I(sbi) in update_general_status()
f2fs: disallow direct IO in atomic write
f2fs: fix to handle quota_{on,off} correctly
f2fs: fix to detect cp error in f2fs_setxattr()
f2fs: fix to spread f2fs_is_checkpoint_ready()
f2fs: support fiemap() for directory inode
f2fs: fix to avoid discard command leak
f2fs: fix to avoid tagging SBI_QUOTA_NEED_REPAIR incorrectly
f2fs: fix to drop meta/node pages during umount
f2fs: disallow switching io_bits option during remount
f2fs: fix panic of IO alignment feature
f2fs: introduce {page,io}_is_mergeable() for readability
f2fs: fix livelock in swapfile writes
f2fs: add fs-verity support
ext4: update on-disk format documentation for fs-verity
ext4: add fs-verity read support
ext4: add basic fs-verity support
fs-verity: support builtin file signatures
fs-verity: add SHA-512 support
fs-verity: implement FS_IOC_MEASURE_VERITY ioctl
fs-verity: implement FS_IOC_ENABLE_VERITY ioctl
fs-verity: add data verification hooks for ->readpages()
fs-verity: add the hook for file ->setattr()
fs-verity: add the hook for file ->open()
fs-verity: add inode and superblock fields
fs-verity: add Kconfig and the helper functions for hashing
fs: uapi: define verity bit for FS_IOC_GETFLAGS
fs-verity: add UAPI header
fs-verity: add MAINTAINERS file entry
fs-verity: add a documentation file
ext4: fix kernel oops caused by spurious casefold flag
ext4: fix coverity warning on error path of filename setup
ext4: optimize case-insensitive lookups
ext4: fix dcache lookup of !casefolded directories
unicode: update to Unicode 12.1.0 final
unicode: add missing check for an error return from utf8lookup()
ext4: export /sys/fs/ext4/feature/casefold if Unicode support is present
unicode: refactor the rule for regenerating utf8data.h
ext4: Support case-insensitive file name lookups
ext4: include charset encoding information in the superblock
unicode: update unicode database unicode version 12.1.0
unicode: introduce test module for normalized utf8 implementation
unicode: implement higher level API for string handling
unicode: reduce the size of utf8data[]
unicode: introduce code for UTF-8 normalization
unicode: introduce UTF-8 character database
ext4 crypto: fix to check feature status before get policy
fscrypt: document the new ioctls and policy version
ubifs: wire up new fscrypt ioctls
f2fs: wire up new fscrypt ioctls
ext4: wire up new fscrypt ioctls
fscrypt: require that key be added when setting a v2 encryption policy
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
fscrypt: allow unprivileged users to add/remove keys for v2 policies
fscrypt: v2 encryption policy support
fscrypt: add an HKDF-SHA512 implementation
fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
fscrypt: rename keyinfo.c to keysetup.c
fscrypt: move v1 policy key setup to keysetup_v1.c
fscrypt: refactor key setup code in preparation for v2 policies
fscrypt: rename fscrypt_master_key to fscrypt_direct_key
fscrypt: add ->ci_inode to fscrypt_info
fscrypt: use FSCRYPT_* definitions, not FS_*
fscrypt: use FSCRYPT_ prefix for uapi constants
fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h>
fscrypt: use ENOPKG when crypto API support missing
fscrypt: improve warnings for missing crypto API support
fscrypt: improve warning messages for unsupported encryption contexts
fscrypt: make fscrypt_msg() take inode instead of super_block
fscrypt: clean up base64 encoding/decoding
fscrypt: remove loadable module related code
Updated following files to fix build errors:
drivers/gpu/msm/kgsl_pool.c
drivers/hwtracing/coresight/coresight-dummy.c
drivers/iommu/dma-mapping-fast.c
drivers/iommu/io-pgtable-fast.c
drivers/iommu/io-pgtable-msm-secure.c
kernel/taskstats.c
mm/vmalloc.c
security/selinux/ss/sidtab.h
Conflicts:
arch/arm/Makefile
arch/arm64/Kconfig
arch/x86/include/asm/syscall_wrapper.h
build.config.common
drivers/clk/clk.c
drivers/hwtracing/coresight/coresight-etm-perf.c
drivers/hwtracing/coresight/coresight-funnel.c
drivers/hwtracing/coresight/coresight-tmc-etf.c
drivers/hwtracing/coresight/coresight-tmc-etr.c
drivers/hwtracing/coresight/coresight-tmc.c
drivers/hwtracing/coresight/coresight-tmc.h
drivers/hwtracing/coresight/coresight.c
drivers/hwtracing/coresight/of_coresight.c
drivers/iommu/arm-smmu.c
drivers/iommu/io-pgtable-arm.c
drivers/iommu/io-pgtable.c
drivers/scsi/scsi_sysfs.c
drivers/scsi/sd.c
drivers/scsi/ufs/ufshcd.c
drivers/scsi/ufs/ufshcd.h
drivers/staging/android/ion/ion.c
drivers/staging/android/ion/ion.h
drivers/staging/android/ion/ion_page_pool.c
fs/ext4/readpage.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/segment.c
fs/f2fs/super.c
include/linux/clk-provider.h
include/linux/compiler_types.h
include/linux/coresight.h
include/linux/mmzone.h
include/scsi/scsi_device.h
include/trace/events/kmem.h
kernel/events/core.c
kernel/sched/core.c
mm/vmstat.c
Change-Id: I2eca52b08b484f2b5c30437671cab8cb0195b8d6
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
1005 lines
30 KiB
Text
1005 lines
30 KiB
Text
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# General architecture dependent options
|
|
#
|
|
|
|
#
|
|
# Note: arch/$(SRCARCH)/Kconfig needs to be included first so that it can
|
|
# override the default values in this file.
|
|
#
|
|
source "arch/$(SRCARCH)/Kconfig"
|
|
|
|
menu "General architecture-dependent options"
|
|
|
|
config CRASH_CORE
|
|
bool
|
|
|
|
config KEXEC_CORE
|
|
select CRASH_CORE
|
|
bool
|
|
|
|
config HAVE_IMA_KEXEC
|
|
bool
|
|
|
|
config HOTPLUG_SMT
|
|
bool
|
|
|
|
config OPROFILE
|
|
tristate "OProfile system profiling"
|
|
depends on PROFILING
|
|
depends on HAVE_OPROFILE
|
|
select RING_BUFFER
|
|
select RING_BUFFER_ALLOW_SWAP
|
|
help
|
|
OProfile is a profiling system capable of profiling the
|
|
whole system, include the kernel, kernel modules, libraries,
|
|
and applications.
|
|
|
|
If unsure, say N.
|
|
|
|
config OPROFILE_EVENT_MULTIPLEX
|
|
bool "OProfile multiplexing support (EXPERIMENTAL)"
|
|
default n
|
|
depends on OPROFILE && X86
|
|
help
|
|
The number of hardware counters is limited. The multiplexing
|
|
feature enables OProfile to gather more events than counters
|
|
are provided by the hardware. This is realized by switching
|
|
between events at a user specified time interval.
|
|
|
|
If unsure, say N.
|
|
|
|
config HAVE_OPROFILE
|
|
bool
|
|
|
|
config OPROFILE_NMI_TIMER
|
|
def_bool y
|
|
depends on PERF_EVENTS && HAVE_PERF_EVENTS_NMI && !PPC64
|
|
|
|
config KPROBES
|
|
bool "Kprobes"
|
|
depends on MODULES
|
|
depends on HAVE_KPROBES
|
|
select KALLSYMS
|
|
help
|
|
Kprobes allows you to trap at almost any kernel address and
|
|
execute a callback function. register_kprobe() establishes
|
|
a probepoint and specifies the callback. Kprobes is useful
|
|
for kernel debugging, non-intrusive instrumentation and testing.
|
|
If in doubt, say "N".
|
|
|
|
config JUMP_LABEL
|
|
bool "Optimize very unlikely/likely branches"
|
|
depends on HAVE_ARCH_JUMP_LABEL
|
|
depends on CC_HAS_ASM_GOTO
|
|
help
|
|
This option enables a transparent branch optimization that
|
|
makes certain almost-always-true or almost-always-false branch
|
|
conditions even cheaper to execute within the kernel.
|
|
|
|
Certain performance-sensitive kernel code, such as trace points,
|
|
scheduler functionality, networking code and KVM have such
|
|
branches and include support for this optimization technique.
|
|
|
|
If it is detected that the compiler has support for "asm goto",
|
|
the kernel will compile such branches with just a nop
|
|
instruction. When the condition flag is toggled to true, the
|
|
nop will be converted to a jump instruction to execute the
|
|
conditional block of instructions.
|
|
|
|
This technique lowers overhead and stress on the branch prediction
|
|
of the processor and generally makes the kernel faster. The update
|
|
of the condition is slower, but those are always very rare.
|
|
|
|
( On 32-bit x86, the necessary options added to the compiler
|
|
flags may increase the size of the kernel slightly. )
|
|
|
|
config STATIC_KEYS_SELFTEST
|
|
bool "Static key selftest"
|
|
depends on JUMP_LABEL
|
|
help
|
|
Boot time self-test of the branch patching code.
|
|
|
|
config OPTPROBES
|
|
def_bool y
|
|
depends on KPROBES && HAVE_OPTPROBES
|
|
select TASKS_RCU if PREEMPT
|
|
|
|
config KPROBES_ON_FTRACE
|
|
def_bool y
|
|
depends on KPROBES && HAVE_KPROBES_ON_FTRACE
|
|
depends on DYNAMIC_FTRACE_WITH_REGS
|
|
help
|
|
If function tracer is enabled and the arch supports full
|
|
passing of pt_regs to function tracing, then kprobes can
|
|
optimize on top of function tracing.
|
|
|
|
config UPROBES
|
|
def_bool n
|
|
depends on ARCH_SUPPORTS_UPROBES
|
|
help
|
|
Uprobes is the user-space counterpart to kprobes: they
|
|
enable instrumentation applications (such as 'perf probe')
|
|
to establish unintrusive probes in user-space binaries and
|
|
libraries, by executing handler functions when the probes
|
|
are hit by user-space applications.
|
|
|
|
( These probes come in the form of single-byte breakpoints,
|
|
managed by the kernel and kept transparent to the probed
|
|
application. )
|
|
|
|
config HAVE_64BIT_ALIGNED_ACCESS
|
|
def_bool 64BIT && !HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
help
|
|
Some architectures require 64 bit accesses to be 64 bit
|
|
aligned, which also requires structs containing 64 bit values
|
|
to be 64 bit aligned too. This includes some 32 bit
|
|
architectures which can do 64 bit accesses, as well as 64 bit
|
|
architectures without unaligned access.
|
|
|
|
This symbol should be selected by an architecture if 64 bit
|
|
accesses are required to be 64 bit aligned in this way even
|
|
though it is not a 64 bit architecture.
|
|
|
|
See Documentation/unaligned-memory-access.txt for more
|
|
information on the topic of unaligned memory accesses.
|
|
|
|
config HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
bool
|
|
help
|
|
Some architectures are unable to perform unaligned accesses
|
|
without the use of get_unaligned/put_unaligned. Others are
|
|
unable to perform such accesses efficiently (e.g. trap on
|
|
unaligned access and require fixing it up in the exception
|
|
handler.)
|
|
|
|
This symbol should be selected by an architecture if it can
|
|
perform unaligned accesses efficiently to allow different
|
|
code paths to be selected for these cases. Some network
|
|
drivers, for example, could opt to not fix up alignment
|
|
problems with received packets if doing so would not help
|
|
much.
|
|
|
|
See Documentation/unaligned-memory-access.txt for more
|
|
information on the topic of unaligned memory accesses.
|
|
|
|
config ARCH_USE_BUILTIN_BSWAP
|
|
bool
|
|
help
|
|
Modern versions of GCC (since 4.4) have builtin functions
|
|
for handling byte-swapping. Using these, instead of the old
|
|
inline assembler that the architecture code provides in the
|
|
__arch_bswapXX() macros, allows the compiler to see what's
|
|
happening and offers more opportunity for optimisation. In
|
|
particular, the compiler will be able to combine the byteswap
|
|
with a nearby load or store and use load-and-swap or
|
|
store-and-swap instructions if the architecture has them. It
|
|
should almost *never* result in code which is worse than the
|
|
hand-coded assembler in <asm/swab.h>. But just in case it
|
|
does, the use of the builtins is optional.
|
|
|
|
Any architecture with load-and-swap or store-and-swap
|
|
instructions should set this. And it shouldn't hurt to set it
|
|
on architectures that don't have such instructions.
|
|
|
|
config KRETPROBES
|
|
def_bool y
|
|
depends on KPROBES && HAVE_KRETPROBES
|
|
|
|
config USER_RETURN_NOTIFIER
|
|
bool
|
|
depends on HAVE_USER_RETURN_NOTIFIER
|
|
help
|
|
Provide a kernel-internal notification when a cpu is about to
|
|
switch to user mode.
|
|
|
|
config HAVE_IOREMAP_PROT
|
|
bool
|
|
|
|
config HAVE_KPROBES
|
|
bool
|
|
|
|
config HAVE_KRETPROBES
|
|
bool
|
|
|
|
config HAVE_OPTPROBES
|
|
bool
|
|
|
|
config HAVE_KPROBES_ON_FTRACE
|
|
bool
|
|
|
|
config HAVE_FUNCTION_ERROR_INJECTION
|
|
bool
|
|
|
|
config HAVE_NMI
|
|
bool
|
|
|
|
#
|
|
# An arch should select this if it provides all these things:
|
|
#
|
|
# task_pt_regs() in asm/processor.h or asm/ptrace.h
|
|
# arch_has_single_step() if there is hardware single-step support
|
|
# arch_has_block_step() if there is hardware block-step support
|
|
# asm/syscall.h supplying asm-generic/syscall.h interface
|
|
# linux/regset.h user_regset interfaces
|
|
# CORE_DUMP_USE_REGSET #define'd in linux/elf.h
|
|
# TIF_SYSCALL_TRACE calls tracehook_report_syscall_{entry,exit}
|
|
# TIF_NOTIFY_RESUME calls tracehook_notify_resume()
|
|
# signal delivery calls tracehook_signal_handler()
|
|
#
|
|
config HAVE_ARCH_TRACEHOOK
|
|
bool
|
|
|
|
config HAVE_DMA_CONTIGUOUS
|
|
bool
|
|
|
|
config GENERIC_SMP_IDLE_THREAD
|
|
bool
|
|
|
|
config GENERIC_IDLE_POLL_SETUP
|
|
bool
|
|
|
|
config ARCH_HAS_FORTIFY_SOURCE
|
|
bool
|
|
help
|
|
An architecture should select this when it can successfully
|
|
build and run with CONFIG_FORTIFY_SOURCE.
|
|
|
|
# Select if arch has all set_memory_ro/rw/x/nx() functions in asm/cacheflush.h
|
|
config ARCH_HAS_SET_MEMORY
|
|
bool
|
|
|
|
# Select if arch init_task must go in the __init_task_data section
|
|
config ARCH_TASK_STRUCT_ON_STACK
|
|
bool
|
|
|
|
# Select if arch has its private alloc_task_struct() function
|
|
config ARCH_TASK_STRUCT_ALLOCATOR
|
|
bool
|
|
|
|
config HAVE_ARCH_THREAD_STRUCT_WHITELIST
|
|
bool
|
|
depends on !ARCH_TASK_STRUCT_ALLOCATOR
|
|
help
|
|
An architecture should select this to provide hardened usercopy
|
|
knowledge about what region of the thread_struct should be
|
|
whitelisted for copying to userspace. Normally this is only the
|
|
FPU registers. Specifically, arch_thread_struct_whitelist()
|
|
should be implemented. Without this, the entire thread_struct
|
|
field in task_struct will be left whitelisted.
|
|
|
|
# Select if arch has its private alloc_thread_stack() function
|
|
config ARCH_THREAD_STACK_ALLOCATOR
|
|
bool
|
|
|
|
# Select if arch wants to size task_struct dynamically via arch_task_struct_size:
|
|
config ARCH_WANTS_DYNAMIC_TASK_STRUCT
|
|
bool
|
|
|
|
config HAVE_REGS_AND_STACK_ACCESS_API
|
|
bool
|
|
help
|
|
This symbol should be selected by an architecure if it supports
|
|
the API needed to access registers and stack entries from pt_regs,
|
|
declared in asm/ptrace.h
|
|
For example the kprobes-based event tracer needs this API.
|
|
|
|
config HAVE_RSEQ
|
|
bool
|
|
depends on HAVE_REGS_AND_STACK_ACCESS_API
|
|
help
|
|
This symbol should be selected by an architecture if it
|
|
supports an implementation of restartable sequences.
|
|
|
|
config HAVE_CLK
|
|
bool
|
|
help
|
|
The <linux/clk.h> calls support software clock gating and
|
|
thus are a key power management tool on many systems.
|
|
|
|
config HAVE_HW_BREAKPOINT
|
|
bool
|
|
depends on PERF_EVENTS
|
|
|
|
config HAVE_MIXED_BREAKPOINTS_REGS
|
|
bool
|
|
depends on HAVE_HW_BREAKPOINT
|
|
help
|
|
Depending on the arch implementation of hardware breakpoints,
|
|
some of them have separate registers for data and instruction
|
|
breakpoints addresses, others have mixed registers to store
|
|
them but define the access type in a control register.
|
|
Select this option if your arch implements breakpoints under the
|
|
latter fashion.
|
|
|
|
config HAVE_USER_RETURN_NOTIFIER
|
|
bool
|
|
|
|
config HAVE_PERF_EVENTS_NMI
|
|
bool
|
|
help
|
|
System hardware can generate an NMI using the perf event
|
|
subsystem. Also has support for calculating CPU cycle events
|
|
to determine how many clock cycles in a given period.
|
|
|
|
config HAVE_HARDLOCKUP_DETECTOR_PERF
|
|
bool
|
|
depends on HAVE_PERF_EVENTS_NMI
|
|
help
|
|
The arch chooses to use the generic perf-NMI-based hardlockup
|
|
detector. Must define HAVE_PERF_EVENTS_NMI.
|
|
|
|
config HAVE_NMI_WATCHDOG
|
|
depends on HAVE_NMI
|
|
bool
|
|
help
|
|
The arch provides a low level NMI watchdog. It provides
|
|
asm/nmi.h, and defines its own arch_touch_nmi_watchdog().
|
|
|
|
config HAVE_HARDLOCKUP_DETECTOR_ARCH
|
|
bool
|
|
select HAVE_NMI_WATCHDOG
|
|
help
|
|
The arch chooses to provide its own hardlockup detector, which is
|
|
a superset of the HAVE_NMI_WATCHDOG. It also conforms to config
|
|
interfaces and parameters provided by hardlockup detector subsystem.
|
|
|
|
config HAVE_PERF_REGS
|
|
bool
|
|
help
|
|
Support selective register dumps for perf events. This includes
|
|
bit-mapping of each registers and a unique architecture id.
|
|
|
|
config HAVE_PERF_USER_STACK_DUMP
|
|
bool
|
|
help
|
|
Support user stack dumps for perf event samples. This needs
|
|
access to the user stack pointer which is not unified across
|
|
architectures.
|
|
|
|
config HAVE_ARCH_JUMP_LABEL
|
|
bool
|
|
|
|
config HAVE_RCU_TABLE_FREE
|
|
bool
|
|
|
|
config HAVE_RCU_TABLE_INVALIDATE
|
|
bool
|
|
|
|
config ARCH_HAVE_NMI_SAFE_CMPXCHG
|
|
bool
|
|
|
|
config HAVE_ALIGNED_STRUCT_PAGE
|
|
bool
|
|
help
|
|
This makes sure that struct pages are double word aligned and that
|
|
e.g. the SLUB allocator can perform double word atomic operations
|
|
on a struct page for better performance. However selecting this
|
|
might increase the size of a struct page by a word.
|
|
|
|
config HAVE_CMPXCHG_LOCAL
|
|
bool
|
|
|
|
config HAVE_CMPXCHG_DOUBLE
|
|
bool
|
|
|
|
config ARCH_WEAK_RELEASE_ACQUIRE
|
|
bool
|
|
|
|
config ARCH_WANT_IPC_PARSE_VERSION
|
|
bool
|
|
|
|
config ARCH_WANT_COMPAT_IPC_PARSE_VERSION
|
|
bool
|
|
|
|
config ARCH_WANT_OLD_COMPAT_IPC
|
|
select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
|
|
bool
|
|
|
|
config HAVE_ARCH_SECCOMP_FILTER
|
|
bool
|
|
help
|
|
An arch should select this symbol if it provides all of these things:
|
|
- syscall_get_arch()
|
|
- syscall_get_arguments()
|
|
- syscall_rollback()
|
|
- syscall_set_return_value()
|
|
- SIGSYS siginfo_t support
|
|
- secure_computing is called from a ptrace_event()-safe context
|
|
- secure_computing return value is checked and a return value of -1
|
|
results in the system call being skipped immediately.
|
|
- seccomp syscall wired up
|
|
|
|
config SECCOMP_FILTER
|
|
def_bool y
|
|
depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
|
|
help
|
|
Enable tasks to build secure computing environments defined
|
|
in terms of Berkeley Packet Filter programs which implement
|
|
task-defined system call filtering polices.
|
|
|
|
See Documentation/userspace-api/seccomp_filter.rst for details.
|
|
|
|
config HAVE_STACKPROTECTOR
|
|
bool
|
|
help
|
|
An arch should select this symbol if:
|
|
- it has implemented a stack canary (e.g. __stack_chk_guard)
|
|
|
|
config CC_HAS_STACKPROTECTOR_NONE
|
|
def_bool $(cc-option,-fno-stack-protector)
|
|
|
|
config STACKPROTECTOR
|
|
bool "Stack Protector buffer overflow detection"
|
|
depends on HAVE_STACKPROTECTOR
|
|
depends on $(cc-option,-fstack-protector)
|
|
default y
|
|
help
|
|
This option turns on the "stack-protector" GCC feature. This
|
|
feature puts, at the beginning of functions, a canary value on
|
|
the stack just before the return address, and validates
|
|
the value just before actually returning. Stack based buffer
|
|
overflows (that need to overwrite this return address) now also
|
|
overwrite the canary, which gets detected and the attack is then
|
|
neutralized via a kernel panic.
|
|
|
|
Functions will have the stack-protector canary logic added if they
|
|
have an 8-byte or larger character array on the stack.
|
|
|
|
This feature requires gcc version 4.2 or above, or a distribution
|
|
gcc with the feature backported ("-fstack-protector").
|
|
|
|
On an x86 "defconfig" build, this feature adds canary checks to
|
|
about 3% of all kernel functions, which increases kernel code size
|
|
by about 0.3%.
|
|
|
|
config STACKPROTECTOR_STRONG
|
|
bool "Strong Stack Protector"
|
|
depends on STACKPROTECTOR
|
|
depends on $(cc-option,-fstack-protector-strong)
|
|
default y
|
|
help
|
|
Functions will have the stack-protector canary logic added in any
|
|
of the following conditions:
|
|
|
|
- local variable's address used as part of the right hand side of an
|
|
assignment or function argument
|
|
- local variable is an array (or union containing an array),
|
|
regardless of array type or length
|
|
- uses register local variables
|
|
|
|
This feature requires gcc version 4.9 or above, or a distribution
|
|
gcc with the feature backported ("-fstack-protector-strong").
|
|
|
|
On an x86 "defconfig" build, this feature adds canary checks to
|
|
about 20% of all kernel functions, which increases the kernel code
|
|
size by about 2%.
|
|
|
|
config LTO
|
|
def_bool n
|
|
|
|
config ARCH_SUPPORTS_LTO_CLANG
|
|
bool
|
|
help
|
|
An architecture should select this option if it supports:
|
|
- compiling with clang,
|
|
- compiling inline assembly with clang's integrated assembler,
|
|
- and linking with LLD.
|
|
|
|
config ARCH_SUPPORTS_THINLTO
|
|
bool
|
|
help
|
|
An architecture should select this if it supports clang's ThinLTO.
|
|
|
|
config THINLTO
|
|
bool "Use clang ThinLTO (EXPERIMENTAL)"
|
|
depends on LTO_CLANG && ARCH_SUPPORTS_THINLTO
|
|
default y
|
|
help
|
|
Use ThinLTO to speed up Link Time Optimization.
|
|
|
|
choice
|
|
prompt "Link-Time Optimization (LTO) (EXPERIMENTAL)"
|
|
default LTO_NONE
|
|
help
|
|
This option turns on Link-Time Optimization (LTO).
|
|
|
|
config LTO_NONE
|
|
bool "None"
|
|
|
|
config LTO_CLANG
|
|
bool "Use clang Link Time Optimization (LTO) (EXPERIMENTAL)"
|
|
depends on ARCH_SUPPORTS_LTO_CLANG
|
|
depends on !FTRACE_MCOUNT_RECORD || HAVE_C_RECORDMCOUNT
|
|
depends on !KASAN
|
|
depends on CC_IS_CLANG && LD_IS_LLD
|
|
select LTO
|
|
help
|
|
This option enables clang's Link Time Optimization (LTO), which allows
|
|
the compiler to optimize the kernel globally at link time. If you
|
|
enable this option, the compiler generates LLVM IR instead of object
|
|
files, and the actual compilation from IR occurs at the LTO link step,
|
|
which may take several minutes.
|
|
|
|
If you select this option, you must compile the kernel with clang and
|
|
LLD.
|
|
|
|
endchoice
|
|
|
|
config CFI
|
|
bool
|
|
|
|
config CFI_PERMISSIVE
|
|
bool "Use CFI in permissive mode"
|
|
depends on CFI
|
|
help
|
|
When selected, Control Flow Integrity (CFI) violations result in a
|
|
warning instead of a kernel panic. This option is useful for finding
|
|
CFI violations in drivers during development.
|
|
|
|
config CFI_CLANG
|
|
bool "Use clang Control Flow Integrity (CFI) (EXPERIMENTAL)"
|
|
depends on LTO_CLANG
|
|
depends on KALLSYMS
|
|
select CFI
|
|
help
|
|
This option enables clang Control Flow Integrity (CFI), which adds
|
|
runtime checking for indirect function calls.
|
|
|
|
config CFI_CLANG_SHADOW
|
|
bool "Use CFI shadow to speed up cross-module checks"
|
|
default y
|
|
depends on CFI_CLANG
|
|
help
|
|
If you select this option, the kernel builds a fast look-up table of
|
|
CFI check functions in loaded modules to reduce overhead.
|
|
|
|
config ARCH_SUPPORTS_SHADOW_CALL_STACK
|
|
bool
|
|
help
|
|
An architecture should select this if it supports Clang's Shadow
|
|
Call Stack, has asm/scs.h, and implements runtime support for shadow
|
|
stack switching.
|
|
|
|
config SHADOW_CALL_STACK
|
|
bool "Clang Shadow Call Stack"
|
|
depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
|
|
help
|
|
This option enables Clang's Shadow Call Stack, which uses a
|
|
shadow stack to protect function return addresses from being
|
|
overwritten by an attacker. More information can be found from
|
|
Clang's documentation:
|
|
|
|
https://clang.llvm.org/docs/ShadowCallStack.html
|
|
|
|
Note that security guarantees in the kernel differ from the ones
|
|
documented for user space. The kernel must store addresses of shadow
|
|
stacks used by other tasks and interrupt handlers in memory, which
|
|
means an attacker capable reading and writing arbitrary memory may
|
|
be able to locate them and hijack control flow by modifying shadow
|
|
stacks that are not currently in use.
|
|
|
|
config SHADOW_CALL_STACK_VMAP
|
|
bool "Use virtually mapped shadow call stacks"
|
|
depends on SHADOW_CALL_STACK
|
|
help
|
|
Use virtually mapped shadow call stacks. Selecting this option
|
|
provides better stack exhaustion protection, but increases per-thread
|
|
memory consumption as a full page is allocated for each shadow stack.
|
|
|
|
config HAVE_ARCH_WITHIN_STACK_FRAMES
|
|
bool
|
|
help
|
|
An architecture should select this if it can walk the kernel stack
|
|
frames to determine if an object is part of either the arguments
|
|
or local variables (i.e. that it excludes saved return addresses,
|
|
and similar) by implementing an inline arch_within_stack_frames(),
|
|
which is used by CONFIG_HARDENED_USERCOPY.
|
|
|
|
config HAVE_CONTEXT_TRACKING
|
|
bool
|
|
help
|
|
Provide kernel/user boundaries probes necessary for subsystems
|
|
that need it, such as userspace RCU extended quiescent state.
|
|
Syscalls need to be wrapped inside user_exit()-user_enter() through
|
|
the slow path using TIF_NOHZ flag. Exceptions handlers must be
|
|
wrapped as well. Irqs are already protected inside
|
|
rcu_irq_enter/rcu_irq_exit() but preemption or signal handling on
|
|
irq exit still need to be protected.
|
|
|
|
config HAVE_VIRT_CPU_ACCOUNTING
|
|
bool
|
|
|
|
config ARCH_HAS_SCALED_CPUTIME
|
|
bool
|
|
|
|
config HAVE_VIRT_CPU_ACCOUNTING_GEN
|
|
bool
|
|
default y if 64BIT
|
|
help
|
|
With VIRT_CPU_ACCOUNTING_GEN, cputime_t becomes 64-bit.
|
|
Before enabling this option, arch code must be audited
|
|
to ensure there are no races in concurrent read/write of
|
|
cputime_t. For example, reading/writing 64-bit cputime_t on
|
|
some 32-bit arches may require multiple accesses, so proper
|
|
locking is needed to protect against concurrent accesses.
|
|
|
|
|
|
config HAVE_IRQ_TIME_ACCOUNTING
|
|
bool
|
|
help
|
|
Archs need to ensure they use a high enough resolution clock to
|
|
support irq time accounting and then call enable_sched_clock_irqtime().
|
|
|
|
config HAVE_ARCH_TRANSPARENT_HUGEPAGE
|
|
bool
|
|
|
|
config HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
|
|
bool
|
|
|
|
config HAVE_ARCH_HUGE_VMAP
|
|
bool
|
|
|
|
config HAVE_ARCH_SOFT_DIRTY
|
|
bool
|
|
|
|
config HAVE_MOD_ARCH_SPECIFIC
|
|
bool
|
|
help
|
|
The arch uses struct mod_arch_specific to store data. Many arches
|
|
just need a simple module loader without arch specific data - those
|
|
should not enable this.
|
|
|
|
config MODULES_USE_ELF_RELA
|
|
bool
|
|
help
|
|
Modules only use ELF RELA relocations. Modules with ELF REL
|
|
relocations will give an error.
|
|
|
|
config MODULES_USE_ELF_REL
|
|
bool
|
|
help
|
|
Modules only use ELF REL relocations. Modules with ELF RELA
|
|
relocations will give an error.
|
|
|
|
config HAVE_IRQ_EXIT_ON_IRQ_STACK
|
|
bool
|
|
help
|
|
Architecture doesn't only execute the irq handler on the irq stack
|
|
but also irq_exit(). This way we can process softirqs on this irq
|
|
stack instead of switching to a new one when we call __do_softirq()
|
|
in the end of an hardirq.
|
|
This spares a stack switch and improves cache usage on softirq
|
|
processing.
|
|
|
|
config PGTABLE_LEVELS
|
|
int
|
|
default 2
|
|
|
|
config ARCH_HAS_ELF_RANDOMIZE
|
|
bool
|
|
help
|
|
An architecture supports choosing randomized locations for
|
|
stack, mmap, brk, and ET_DYN. Defined functions:
|
|
- arch_mmap_rnd()
|
|
- arch_randomize_brk()
|
|
|
|
config HAVE_ARCH_MMAP_RND_BITS
|
|
bool
|
|
help
|
|
An arch should select this symbol if it supports setting a variable
|
|
number of bits for use in establishing the base address for mmap
|
|
allocations, has MMU enabled and provides values for both:
|
|
- ARCH_MMAP_RND_BITS_MIN
|
|
- ARCH_MMAP_RND_BITS_MAX
|
|
|
|
config HAVE_EXIT_THREAD
|
|
bool
|
|
help
|
|
An architecture implements exit_thread.
|
|
|
|
config ARCH_MMAP_RND_BITS_MIN
|
|
int
|
|
|
|
config ARCH_MMAP_RND_BITS_MAX
|
|
int
|
|
|
|
config ARCH_MMAP_RND_BITS_DEFAULT
|
|
int
|
|
|
|
config ARCH_MMAP_RND_BITS
|
|
int "Number of bits to use for ASLR of mmap base address" if EXPERT
|
|
range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
|
|
default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
|
|
default ARCH_MMAP_RND_BITS_MIN
|
|
depends on HAVE_ARCH_MMAP_RND_BITS
|
|
help
|
|
This value can be used to select the number of bits to use to
|
|
determine the random offset to the base address of vma regions
|
|
resulting from mmap allocations. This value will be bounded
|
|
by the architecture's minimum and maximum supported values.
|
|
|
|
This value can be changed after boot using the
|
|
/proc/sys/vm/mmap_rnd_bits tunable
|
|
|
|
config HAVE_ARCH_MMAP_RND_COMPAT_BITS
|
|
bool
|
|
help
|
|
An arch should select this symbol if it supports running applications
|
|
in compatibility mode, supports setting a variable number of bits for
|
|
use in establishing the base address for mmap allocations, has MMU
|
|
enabled and provides values for both:
|
|
- ARCH_MMAP_RND_COMPAT_BITS_MIN
|
|
- ARCH_MMAP_RND_COMPAT_BITS_MAX
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS_MIN
|
|
int
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS_MAX
|
|
int
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
|
|
int
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS
|
|
int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
|
|
range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
|
|
default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
|
|
default ARCH_MMAP_RND_COMPAT_BITS_MIN
|
|
depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
|
|
help
|
|
This value can be used to select the number of bits to use to
|
|
determine the random offset to the base address of vma regions
|
|
resulting from mmap allocations for compatible applications This
|
|
value will be bounded by the architecture's minimum and maximum
|
|
supported values.
|
|
|
|
This value can be changed after boot using the
|
|
/proc/sys/vm/mmap_rnd_compat_bits tunable
|
|
|
|
config HAVE_ARCH_COMPAT_MMAP_BASES
|
|
bool
|
|
help
|
|
This allows 64bit applications to invoke 32-bit mmap() syscall
|
|
and vice-versa 32-bit applications to call 64-bit mmap().
|
|
Required for applications doing different bitness syscalls.
|
|
|
|
config HAVE_COPY_THREAD_TLS
|
|
bool
|
|
help
|
|
Architecture provides copy_thread_tls to accept tls argument via
|
|
normal C parameter passing, rather than extracting the syscall
|
|
argument from pt_regs.
|
|
|
|
config HAVE_STACK_VALIDATION
|
|
bool
|
|
help
|
|
Architecture supports the 'objtool check' host tool command, which
|
|
performs compile-time stack metadata validation.
|
|
|
|
config HAVE_RELIABLE_STACKTRACE
|
|
bool
|
|
help
|
|
Architecture has a save_stack_trace_tsk_reliable() function which
|
|
only returns a stack trace if it can guarantee the trace is reliable.
|
|
|
|
config HAVE_ARCH_HASH
|
|
bool
|
|
default n
|
|
help
|
|
If this is set, the architecture provides an <asm/hash.h>
|
|
file which provides platform-specific implementations of some
|
|
functions in <linux/hash.h> or fs/namei.c.
|
|
|
|
config ISA_BUS_API
|
|
def_bool ISA
|
|
|
|
#
|
|
# ABI hall of shame
|
|
#
|
|
config CLONE_BACKWARDS
|
|
bool
|
|
help
|
|
Architecture has tls passed as the 4th argument of clone(2),
|
|
not the 5th one.
|
|
|
|
config CLONE_BACKWARDS2
|
|
bool
|
|
help
|
|
Architecture has the first two arguments of clone(2) swapped.
|
|
|
|
config CLONE_BACKWARDS3
|
|
bool
|
|
help
|
|
Architecture has tls passed as the 3rd argument of clone(2),
|
|
not the 5th one.
|
|
|
|
config ODD_RT_SIGACTION
|
|
bool
|
|
help
|
|
Architecture has unusual rt_sigaction(2) arguments
|
|
|
|
config OLD_SIGSUSPEND
|
|
bool
|
|
help
|
|
Architecture has old sigsuspend(2) syscall, of one-argument variety
|
|
|
|
config OLD_SIGSUSPEND3
|
|
bool
|
|
help
|
|
Even weirder antique ABI - three-argument sigsuspend(2)
|
|
|
|
config OLD_SIGACTION
|
|
bool
|
|
help
|
|
Architecture has old sigaction(2) syscall. Nope, not the same
|
|
as OLD_SIGSUSPEND | OLD_SIGSUSPEND3 - alpha has sigsuspend(2),
|
|
but fairly different variant of sigaction(2), thanks to OSF/1
|
|
compatibility...
|
|
|
|
config COMPAT_OLD_SIGACTION
|
|
bool
|
|
|
|
config 64BIT_TIME
|
|
def_bool ARCH_HAS_64BIT_TIME
|
|
help
|
|
This should be selected by all architectures that need to support
|
|
new system calls with a 64-bit time_t. This is relevant on all 32-bit
|
|
architectures, and 64-bit architectures as part of compat syscall
|
|
handling.
|
|
|
|
config COMPAT_32BIT_TIME
|
|
def_bool (!64BIT && 64BIT_TIME) || COMPAT
|
|
help
|
|
This enables 32 bit time_t support in addition to 64 bit time_t support.
|
|
This is relevant on all 32-bit architectures, and 64-bit architectures
|
|
as part of compat syscall handling.
|
|
|
|
config ARCH_NO_COHERENT_DMA_MMAP
|
|
bool
|
|
|
|
config ARCH_NO_PREEMPT
|
|
bool
|
|
|
|
config CPU_NO_EFFICIENT_FFS
|
|
def_bool n
|
|
|
|
config HAVE_ARCH_VMAP_STACK
|
|
def_bool n
|
|
help
|
|
An arch should select this symbol if it can support kernel stacks
|
|
in vmalloc space. This means:
|
|
|
|
- vmalloc space must be large enough to hold many kernel stacks.
|
|
This may rule out many 32-bit architectures.
|
|
|
|
- Stacks in vmalloc space need to work reliably. For example, if
|
|
vmap page tables are created on demand, either this mechanism
|
|
needs to work while the stack points to a virtual address with
|
|
unpopulated page tables or arch code (switch_to() and switch_mm(),
|
|
most likely) needs to ensure that the stack's page table entries
|
|
are populated before running on a possibly unpopulated stack.
|
|
|
|
- If the stack overflows into a guard page, something reasonable
|
|
should happen. The definition of "reasonable" is flexible, but
|
|
instantly rebooting without logging anything would be unfriendly.
|
|
|
|
config VMAP_STACK
|
|
default y
|
|
bool "Use a virtually-mapped stack"
|
|
depends on HAVE_ARCH_VMAP_STACK && !KASAN
|
|
---help---
|
|
Enable this if you want the use virtually-mapped kernel stacks
|
|
with guard pages. This causes kernel stack overflows to be
|
|
caught immediately rather than causing difficult-to-diagnose
|
|
corruption.
|
|
|
|
This is presently incompatible with KASAN because KASAN expects
|
|
the stack to map directly to the KASAN shadow map using a formula
|
|
that is incorrect if the stack is in vmalloc space.
|
|
|
|
config ARCH_OPTIONAL_KERNEL_RWX
|
|
def_bool n
|
|
|
|
config ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
|
|
def_bool n
|
|
|
|
config ARCH_HAS_STRICT_KERNEL_RWX
|
|
def_bool n
|
|
|
|
config STRICT_KERNEL_RWX
|
|
bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX
|
|
depends on ARCH_HAS_STRICT_KERNEL_RWX
|
|
default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
|
|
help
|
|
If this is set, kernel text and rodata memory will be made read-only,
|
|
and non-text memory will be made non-executable. This provides
|
|
protection against certain security exploits (e.g. executing the heap
|
|
or modifying text)
|
|
|
|
These features are considered standard security practice these days.
|
|
You should say Y here in almost all cases.
|
|
|
|
config ARCH_HAS_STRICT_MODULE_RWX
|
|
def_bool n
|
|
|
|
config STRICT_MODULE_RWX
|
|
bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX
|
|
depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES
|
|
default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
|
|
help
|
|
If this is set, module text and rodata memory will be made read-only,
|
|
and non-text memory will be made non-executable. This provides
|
|
protection against certain security exploits (e.g. writing to text)
|
|
|
|
# select if the architecture provides an asm/dma-direct.h header
|
|
config ARCH_HAS_PHYS_TO_DMA
|
|
bool
|
|
|
|
config ARCH_HAS_REFCOUNT
|
|
bool
|
|
help
|
|
An architecture selects this when it has implemented refcount_t
|
|
using open coded assembly primitives that provide an optimized
|
|
refcount_t implementation, possibly at the expense of some full
|
|
refcount state checks of CONFIG_REFCOUNT_FULL=y.
|
|
|
|
The refcount overflow check behavior, however, must be retained.
|
|
Catching overflows is the primary security concern for protecting
|
|
against bugs in reference counts.
|
|
|
|
config REFCOUNT_FULL
|
|
bool "Perform full reference count validation at the expense of speed"
|
|
help
|
|
Enabling this switches the refcounting infrastructure from a fast
|
|
unchecked atomic_t implementation to a fully state checked
|
|
implementation, which can be (slightly) slower but provides protections
|
|
against various use-after-free conditions that can be used in
|
|
security flaw exploits.
|
|
|
|
config HAVE_ARCH_COMPILER_H
|
|
bool
|
|
help
|
|
An architecture can select this if it provides an
|
|
asm/compiler.h header that should be included after
|
|
linux/compiler-*.h in order to override macro definitions that those
|
|
headers generally provide.
|
|
|
|
config HAVE_ARCH_PREL32_RELOCATIONS
|
|
bool
|
|
help
|
|
May be selected by an architecture if it supports place-relative
|
|
32-bit relocations, both in the toolchain and in the module loader,
|
|
in which case relative references can be used in special sections
|
|
for PCI fixup, initcalls etc which are only half the size on 64 bit
|
|
architectures, and don't require runtime relocation on relocatable
|
|
kernels.
|
|
|
|
config PANIC_ON_REFCOUNT_ERROR
|
|
bool "Kernel panic on refcount error detection"
|
|
depends on REFCOUNT_FULL
|
|
help
|
|
If enabled, the kernel will panic when the refcount library
|
|
has detected any type of error (e.g. potential use-after-free
|
|
or potential memory-leaks) with an object associated with that
|
|
reference counter.
|
|
|
|
# Select if the architecture has support for applying RELR relocations.
|
|
config ARCH_HAS_RELR
|
|
bool
|
|
|
|
config RELR
|
|
bool "Use RELR relocation packing"
|
|
depends on ARCH_HAS_RELR && TOOLS_SUPPORT_RELR
|
|
default y
|
|
help
|
|
Store the kernel's dynamic relocations in the RELR relocation packing
|
|
format. Requires a compatible linker (LLD supports this feature), as
|
|
well as compatible NM and OBJCOPY utilities (llvm-nm and llvm-objcopy
|
|
are compatible).
|
|
|
|
source "kernel/gcov/Kconfig"
|
|
|
|
source "scripts/gcc-plugins/Kconfig"
|
|
|
|
endmenu
|