Loading Documentation/ABI/testing/sysfs-fs-f2fs +6 −0 Original line number Diff line number Diff line Loading @@ -186,3 +186,9 @@ Date: August 2017 Contact: "Jaegeuk Kim" <jaegeuk@kernel.org> Description: Controls sleep time of GC urgent mode What: /sys/fs/f2fs/<disk>/readdir_ra Date: November 2017 Contact: "Sheng Yong" <shengyong1@huawei.com> Description: Controls readahead inode block in readdir. Documentation/kernel-parameters.txt +0 −2 Original line number Diff line number Diff line Loading @@ -2635,8 +2635,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. norandmaps Don't use address space randomization. Equivalent to echo 0 > /proc/sys/kernel/randomize_va_space noreplace-paravirt [X86,IA-64,PV_OPS] Don't patch paravirt_ops noreplace-smp [X86-32,SMP] Don't replace SMP instructions with UP alternatives Loading Documentation/speculation.txt 0 → 100644 +90 −0 Original line number Diff line number Diff line This document explains potential effects of speculation, and how undesirable effects can be mitigated portably using common APIs. =========== Speculation =========== To improve performance and minimize average latencies, many contemporary CPUs employ speculative execution techniques such as branch prediction, performing work which may be discarded at a later stage. Typically speculative execution cannot be observed from architectural state, such as the contents of registers. However, in some cases it is possible to observe its impact on microarchitectural state, such as the presence or absence of data in caches. Such state may form side-channels which can be observed to extract secret information. For example, in the presence of branch prediction, it is possible for bounds checks to be ignored by code which is speculatively executed. Consider the following code: int load_array(int *array, unsigned int index) { if (index >= MAX_ARRAY_ELEMS) return 0; else return array[index]; } Which, on arm64, may be compiled to an assembly sequence such as: CMP <index>, #MAX_ARRAY_ELEMS B.LT less MOV <returnval>, #0 RET less: LDR <returnval>, [<array>, <index>] RET It is possible that a CPU mis-predicts the conditional branch, and speculatively loads array[index], even if index >= MAX_ARRAY_ELEMS. This value will subsequently be discarded, but the speculated load may affect microarchitectural state which can be subsequently measured. More complex sequences involving multiple dependent memory accesses may result in sensitive information being leaked. Consider the following code, building on the prior example: int load_dependent_arrays(int *arr1, int *arr2, int index) { int val1, val2, val1 = load_array(arr1, index); val2 = load_array(arr2, val1); return val2; } Under speculation, the first call to load_array() may return the value of an out-of-bounds address, while the second call will influence microarchitectural state dependent on this value. This may provide an arbitrary read primitive. ==================================== Mitigating speculation side-channels ==================================== The kernel provides a generic API to ensure that bounds checks are respected even under speculation. Architectures which are affected by speculation-based side-channels are expected to implement these primitives. The array_index_nospec() helper in <linux/nospec.h> can be used to prevent information from being leaked via side-channels. A call to array_index_nospec(index, size) returns a sanitized index value that is bounded to [0, size) even under cpu speculation conditions. This can be used to protect the earlier load_array() example: int load_array(int *array, unsigned int index) { if (index >= MAX_ARRAY_ELEMS) return 0; else { index = array_index_nospec(index, MAX_ARRAY_ELEMS); return array[index]; } } Makefile +5 −3 Original line number Diff line number Diff line VERSION = 4 PATCHLEVEL = 4 SUBLEVEL = 117 SUBLEVEL = 118 EXTRAVERSION = NAME = Blurry Fish Butt Loading Loading @@ -87,10 +87,12 @@ endif ifneq ($(filter 4.%,$(MAKE_VERSION)),) # make-4 ifneq ($(filter %s ,$(firstword x$(MAKEFLAGS))),) quiet=silent_ tools_silent=s endif else # make-3.8x ifneq ($(filter s% -s%,$(MAKEFLAGS)),) quiet=silent_ tools_silent=-s endif endif Loading Loading @@ -1553,11 +1555,11 @@ image_name: # Clear a bunch of variables before executing the submake tools/: FORCE $(Q)mkdir -p $(objtree)/tools $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ tools/%: FORCE $(Q)mkdir -p $(objtree)/tools $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ $* $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ $* # Single targets # --------------------------------------------------------------------------- Loading arch/arm/boot/dts/am4372.dtsi +4 −2 Original line number Diff line number Diff line Loading @@ -807,7 +807,8 @@ reg = <0x48038000 0x2000>, <0x46000000 0x400000>; reg-names = "mpu", "dat"; interrupts = <80>, <81>; interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 81 IRQ_TYPE_LEVEL_HIGH>; interrupt-names = "tx", "rx"; status = "disabled"; dmas = <&edma 8>, Loading @@ -821,7 +822,8 @@ reg = <0x4803C000 0x2000>, <0x46400000 0x400000>; reg-names = "mpu", "dat"; interrupts = <82>, <83>; interrupts = <GIC_SPI 82 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 83 IRQ_TYPE_LEVEL_HIGH>; interrupt-names = "tx", "rx"; status = "disabled"; dmas = <&edma 10>, Loading Loading
Documentation/ABI/testing/sysfs-fs-f2fs +6 −0 Original line number Diff line number Diff line Loading @@ -186,3 +186,9 @@ Date: August 2017 Contact: "Jaegeuk Kim" <jaegeuk@kernel.org> Description: Controls sleep time of GC urgent mode What: /sys/fs/f2fs/<disk>/readdir_ra Date: November 2017 Contact: "Sheng Yong" <shengyong1@huawei.com> Description: Controls readahead inode block in readdir.
Documentation/kernel-parameters.txt +0 −2 Original line number Diff line number Diff line Loading @@ -2635,8 +2635,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. norandmaps Don't use address space randomization. Equivalent to echo 0 > /proc/sys/kernel/randomize_va_space noreplace-paravirt [X86,IA-64,PV_OPS] Don't patch paravirt_ops noreplace-smp [X86-32,SMP] Don't replace SMP instructions with UP alternatives Loading
Documentation/speculation.txt 0 → 100644 +90 −0 Original line number Diff line number Diff line This document explains potential effects of speculation, and how undesirable effects can be mitigated portably using common APIs. =========== Speculation =========== To improve performance and minimize average latencies, many contemporary CPUs employ speculative execution techniques such as branch prediction, performing work which may be discarded at a later stage. Typically speculative execution cannot be observed from architectural state, such as the contents of registers. However, in some cases it is possible to observe its impact on microarchitectural state, such as the presence or absence of data in caches. Such state may form side-channels which can be observed to extract secret information. For example, in the presence of branch prediction, it is possible for bounds checks to be ignored by code which is speculatively executed. Consider the following code: int load_array(int *array, unsigned int index) { if (index >= MAX_ARRAY_ELEMS) return 0; else return array[index]; } Which, on arm64, may be compiled to an assembly sequence such as: CMP <index>, #MAX_ARRAY_ELEMS B.LT less MOV <returnval>, #0 RET less: LDR <returnval>, [<array>, <index>] RET It is possible that a CPU mis-predicts the conditional branch, and speculatively loads array[index], even if index >= MAX_ARRAY_ELEMS. This value will subsequently be discarded, but the speculated load may affect microarchitectural state which can be subsequently measured. More complex sequences involving multiple dependent memory accesses may result in sensitive information being leaked. Consider the following code, building on the prior example: int load_dependent_arrays(int *arr1, int *arr2, int index) { int val1, val2, val1 = load_array(arr1, index); val2 = load_array(arr2, val1); return val2; } Under speculation, the first call to load_array() may return the value of an out-of-bounds address, while the second call will influence microarchitectural state dependent on this value. This may provide an arbitrary read primitive. ==================================== Mitigating speculation side-channels ==================================== The kernel provides a generic API to ensure that bounds checks are respected even under speculation. Architectures which are affected by speculation-based side-channels are expected to implement these primitives. The array_index_nospec() helper in <linux/nospec.h> can be used to prevent information from being leaked via side-channels. A call to array_index_nospec(index, size) returns a sanitized index value that is bounded to [0, size) even under cpu speculation conditions. This can be used to protect the earlier load_array() example: int load_array(int *array, unsigned int index) { if (index >= MAX_ARRAY_ELEMS) return 0; else { index = array_index_nospec(index, MAX_ARRAY_ELEMS); return array[index]; } }
Makefile +5 −3 Original line number Diff line number Diff line VERSION = 4 PATCHLEVEL = 4 SUBLEVEL = 117 SUBLEVEL = 118 EXTRAVERSION = NAME = Blurry Fish Butt Loading Loading @@ -87,10 +87,12 @@ endif ifneq ($(filter 4.%,$(MAKE_VERSION)),) # make-4 ifneq ($(filter %s ,$(firstword x$(MAKEFLAGS))),) quiet=silent_ tools_silent=s endif else # make-3.8x ifneq ($(filter s% -s%,$(MAKEFLAGS)),) quiet=silent_ tools_silent=-s endif endif Loading Loading @@ -1553,11 +1555,11 @@ image_name: # Clear a bunch of variables before executing the submake tools/: FORCE $(Q)mkdir -p $(objtree)/tools $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ tools/%: FORCE $(Q)mkdir -p $(objtree)/tools $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ $* $(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(shell cd $(objtree) && /bin/pwd) subdir=tools -C $(src)/tools/ $* # Single targets # --------------------------------------------------------------------------- Loading
arch/arm/boot/dts/am4372.dtsi +4 −2 Original line number Diff line number Diff line Loading @@ -807,7 +807,8 @@ reg = <0x48038000 0x2000>, <0x46000000 0x400000>; reg-names = "mpu", "dat"; interrupts = <80>, <81>; interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 81 IRQ_TYPE_LEVEL_HIGH>; interrupt-names = "tx", "rx"; status = "disabled"; dmas = <&edma 8>, Loading @@ -821,7 +822,8 @@ reg = <0x4803C000 0x2000>, <0x46400000 0x400000>; reg-names = "mpu", "dat"; interrupts = <82>, <83>; interrupts = <GIC_SPI 82 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 83 IRQ_TYPE_LEVEL_HIGH>; interrupt-names = "tx", "rx"; status = "disabled"; dmas = <&edma 10>, Loading
