DLPX-91780 Merge conflict in linux-kernel-aws after DLPX-91748 #51
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BugLink: https://bugs.launchpad.net/bugs/2038169 Properties: no-test-build Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ignore: yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2038014 Properties: no-test-build Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ignore: yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2041907 Properties: no-test-build Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ignore: yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2041561 Properties: no-test-build Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ignore: yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2048572 Properties: no-test-build Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ignore: yes Signed-off-by: Kevin Becker <kevin.becker@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2048287 Properties: no-test-build Signed-off-by: Kevin Becker <kevin.becker@canonical.com>
Sync with master. Ignore: yes Signed-off-by: Kevin Becker <kevin.becker@canonical.com>
Sync with master. Ignore: yes Signed-off-by: Kevin Becker <kevin.becker@canonical.com>
Signed-off-by: Kevin Becker <kevin.becker@canonical.com>
Ignore: yes Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2054589 Properties: no-test-build Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2043811 Currently, when CONFIG_ARM64_PTR_AUTH_KERNEL=y (and CONFIG_UNWIND_PATCH_PAC_INTO_SCS=n), we enable pointer authentication for all functions, including leaf functions. This isn't necessary, and is unfortunate for a few reasons: * Any PACIASP instruction is implicitly a `BTI C` landing pad, and forcing the addition of a PACIASP in every function introduces a larger set of BTI gadgets than is necessary. * The PACIASP and AUTIASP instructions make leaf functions larger than necessary, bloating the kernel Image. For a defconfig v6.2-rc3 kernel, this appears to add ~64KiB relative to not signing leaf functions, which is unfortunate but not entirely onerous. * The PACIASP and AUTIASP instructions potentially make leaf functions more expensive in terms of performance and/or power. For many trivial leaf functions, this is clearly unnecessary, e.g. | <arch_local_save_flags>: | d503233f paciasp | d53b4220 mrs x0, daif | d50323bf autiasp | d65f03c0 ret | <calibration_delay_done>: | d503233f paciasp | d50323bf autiasp | d65f03c0 ret | d503201f nop * When CONFIG_UNWIND_PATCH_PAC_INTO_SCS=y we disable pointer authentication for leaf functions, so clearly this is not functionally necessary, indicates we have an inconsistent threat model, and convolutes the Makefile logic. We've used pointer authentication in leaf functions since the introduction of in-kernel pointer authentication in commit: 74afda4 ("arm64: compile the kernel with ptrauth return address signing") ... but at the time we had no rationale for signing leaf functions. Subsequently, we considered avoiding signing leaf functions: https://lore.kernel.org/linux-arm-kernel/1586856741-26839-1-git-send-email-amit.kachhap@arm.com/ https://lore.kernel.org/linux-arm-kernel/1588149371-20310-1-git-send-email-amit.kachhap@arm.com/ ... however at the time we didn't have an abundance of reasons to avoid signing leaf functions as above (e.g. the BTI case), we had no hardware to make performance measurements, and it was reasoned that this gave some level of protection against a limited set of code-reuse gadgets which would fall through to a RET. We documented this in commit: 717b938 ("arm64: Document why we enable PAC support for leaf functions") Notably, this was before we supported any forward-edge CFI scheme (e.g. Arm BTI, or Clang CFI/kCFI), which would prevent jumping into the middle of a function. In addition, even with signing forced for leaf functions, AUTIASP may be placed before a number of instructions which might constitute such a gadget, e.g. | <user_regs_reset_single_step>: | f9400022 ldr x2, [x1] | d503233f paciasp | d50323bf autiasp | f9408401 ldr x1, [x0, #264] | 720b005f tst w2, #0x200000 | b26b0022 orr x2, x1, #0x200000 | 926af821 and x1, x1, #0xffffffffffdfffff | 9a820021 csel x1, x1, x2, eq // eq = none | f9008401 str x1, [x0, #264] | d65f03c0 ret | <fpsimd_cpu_dead>: | 2a0003e3 mov w3, w0 | 9000ff42 adrp x2, ffff800009ffd000 <xen_dynamic_chip+0x48> | 9120e042 add x2, x2, #0x838 | 52800000 mov w0, #0x0 // #0 | d503233f paciasp | f000d041 adrp x1, ffff800009a20000 <this_cpu_vector> | d50323bf autiasp | 9102c021 add x1, x1, #0xb0 | f8635842 ldr x2, [x2, w3, uxtw #3] | f821685f str xzr, [x2, x1] | d65f03c0 ret | d503201f nop So generally, trying to use AUTIASP to detect such gadgetization is not robust, and this is dealt with far better by forward-edge CFI (which is designed to prevent such cases). We should bite the bullet and stop pretending that AUTIASP is a mitigation for such forward-edge gadgetization. For the above reasons, this patch has the kernel consistently sign non-leaf functions and avoid signing leaf functions. Considering a defconfig v6.2-rc3 kernel built with LLVM 15.0.6: * The vmlinux is ~43KiB smaller: | [mark@lakrids:~/src/linux]% ls -al vmlinux-* | -rwxr-xr-x 1 mark mark 338547808 Jan 25 17:17 vmlinux-after | -rwxr-xr-x 1 mark mark 338591472 Jan 25 17:22 vmlinux-before * The resulting Image is 64KiB smaller: | [mark@lakrids:~/src/linux]% ls -al Image-* | -rwxr-xr-x 1 mark mark 32702976 Jan 25 17:17 Image-after | -rwxr-xr-x 1 mark mark 32768512 Jan 25 17:22 Image-before * There are ~400 fewer BTI gadgets: | [mark@lakrids:~/src/linux]% usekorg 12.1.0 aarch64-linux-objdump -d vmlinux-before 2> /dev/null | grep -ow 'paciasp\|bti\sc\?' | sort | uniq -c | 1219 bti c | 61982 paciasp | [mark@lakrids:~/src/linux]% usekorg 12.1.0 aarch64-linux-objdump -d vmlinux-after 2> /dev/null | grep -ow 'paciasp\|bti\sc\?' | sort | uniq -c | 10099 bti c | 52699 paciasp Which is +8880 BTIs, and -9283 PACIASPs, for -403 unnecessary BTI gadgets. While this is small relative to the total, distinguishing the two cases will make it easier to analyse and reduce this set further in future. Signed-off-by: Mark Rutland <mark.rutland@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Mark Brown <broonie@kernel.org> Cc: Amit Daniel Kachhap <amit.kachhap@arm.com> Cc: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20230131105809.991288-3-mark.rutland@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> (backported from mainline commit c68cf52) [kevinbecker: context conflict - some lines were added after relevant code so patch didn't match exactly. Added exact changes from mainline commit to current Makefile.] BugLink: https://bugs.launchpad.net/ubuntu/lunar/+source/linux-aws/+bug/2043811 Signed-off-by: Kevin Becker <kevin.becker@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Manuel Diewald <manuel.diewald@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ignore: yes Signed-off-by: John Cabaj <john.cabaj@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2055982 Properties: no-test-build Signed-off-by: John Cabaj <john.cabaj@canonical.com>
Signed-off-by: John Cabaj <john.cabaj@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2056475 Dynamic Interrupt Moderation (DIM) is a technique designed to balance the need for timely data processing with the desire to minimize CPU overhead. Instead of generating an interrupt for every received packet, the system can dynamically adjust the rate at which interrupts are generated based on the incoming traffic patterns. Enabling DIM by default to improve the user experience. DIM can be turned on/off through ethtool: `ethtool -C <interface> adaptive-rx <on/off>` Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com> Signed-off-by: Osama Abboud <osamaabb@amazon.com> Signed-off-by: David Arinzon <darinzon@amazon.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com> (cherry picked from commit 50d7a2660579889fba28b7e4543d4ce85aa2311b net-next) Signed-off-by: Philip Cox <philip.cox@canonical.com> Acked-by: John Cabaj <john.cabaj at canonical.com> Acked-by: Tim Gardner <tim.gardner at canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Philip Cox <philip.cox@canonical.com>
Ignore: yes Signed-off-by: Philip Cox <philip.cox@canonical.com>
…odules-extra BugLink: https://bugs.launchpad.net/bugs/2054809 erofs is starting to see more use as a modern alternative to squashfs. Since squashfs is already included in linux-modules, let's include erofs in linux-modules as well so that it can be used as a filesystem in virtual machines with just linux-virtual installed. Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> (copied from master) Signed-off-by: Philip Cox <philip.cox@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2068190 Properties: no-test-build Signed-off-by: Philip Cox <philip.cox@canonical.com>
Signed-off-by: Philip Cox <philip.cox@canonical.com>
Ignore: yes Signed-off-by: Philip Cox <philip.cox@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2068344 Properties: no-test-build Signed-off-by: Philip Cox <philip.cox@canonical.com>
…el-versions (main/2024.06.10) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Philip Cox <philip.cox@canonical.com>
Signed-off-by: Philip Cox <philip.cox@canonical.com>
Ignore: yes Signed-off-by: Philip Cox <philip.cox@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2072008 Properties: no-test-build Signed-off-by: Philip Cox <philip.cox@canonical.com>
Signed-off-by: Philip Cox <philip.cox@canonical.com>
Ignore:yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a placeholder commit to separate the Ubuntu kernel source and our patches. Used by kernel_merge_with_upstream() in the linux-pkg repo.
…rs absent in kernel (#37) PR URL: https://www.github.com/delphix/linux-kernel-aws/pull/37
manoj-joseph
requested review from
pcd1193182
and removed request for
pcd1193182
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
Seb: I think we have a problem with the kernel repos this morning (all except the gcp repo, which wasn't touched). It looks like upstream was merged into develop instead of having had our patch sets rebased on top of upstream (starting with the @@DELPHIX_PATCHSET_START@@ commit).
Solution
Here is what I did:
Ubuntu-aws-5.15-5.15.0-1065.71_20.04.1from upstreams.origin/developto get the changes @jwk404 made in PR 50 and added that as a new commit.After rebasing on
upstreams/develop, here are the commits.