diff --git a/Makefile b/Makefile index 7ce9bba..70e1767 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -KERNEL_VERSION = linux-6.6.63 +KERNEL_VERSION = linux-6.12.3 KERNEL_REMOTE = https://cdn.kernel.org/pub/linux/kernel/v6.x/$(KERNEL_VERSION).tar.xz KERNEL_TARBALL = tarballs/$(KERNEL_VERSION).tar.xz KERNEL_SOURCES = $(KERNEL_VERSION) @@ -6,8 +6,8 @@ KERNEL_PATCHES = $(shell find patches/ -name "0*.patch" | sort) KERNEL_C_BUNDLE = kernel.c ABI_VERSION = 4 -FULL_VERSION = 4.6.0 -TIMESTAMP = "Mon Dec 2 11:39:28 CET 2024" +FULL_VERSION = 4.7.0 +TIMESTAMP = "Wed Dec 11 20:34:13 CET 2024" KERNEL_FLAGS = KBUILD_BUILD_TIMESTAMP=$(TIMESTAMP) KERNEL_FLAGS += KBUILD_BUILD_USER=root diff --git a/patches-sev/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch b/patches-sev/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch index d1d3928..7831205 100644 --- a/patches-sev/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch +++ b/patches-sev/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch @@ -1,4 +1,4 @@ -From 937e56d777cf3809a5ac0a5d8d42dfcbcc93c330 Mon Sep 17 00:00:00 2001 +From 08321e01f374236bbd4358824a7d0bed75db56ca Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Fri, 10 Sep 2021 13:05:01 +0200 Subject: [PATCH 1/4] virtio: enable DMA API if memory is restricted @@ -15,10 +15,10 @@ Signed-off-by: Sergio Lopez 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c -index 71dee622b771..f92475dbca43 100644 +index b9095751e43b..9e6420d5bc66 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c -@@ -180,12 +180,6 @@ static int virtio_features_ok(struct virtio_device *dev) +@@ -213,12 +213,6 @@ static int virtio_features_ok(struct virtio_device *dev) "device must provide VIRTIO_F_VERSION_1\n"); return -ENODEV; } @@ -32,7 +32,7 @@ index 71dee622b771..f92475dbca43 100644 if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c -index 80669e05bf0e..438b4f6c5cdb 100644 +index 98374ed7c577..8daebc83208c 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -6,6 +6,7 @@ diff --git a/patches-sev/0002-x86-sev-write-AP-reset-vector.patch b/patches-sev/0002-x86-sev-write-AP-reset-vector.patch index 01e6d73..07bc7b7 100644 --- a/patches-sev/0002-x86-sev-write-AP-reset-vector.patch +++ b/patches-sev/0002-x86-sev-write-AP-reset-vector.patch @@ -1,4 +1,4 @@ -From 15cc4533c0e0bfa1b8a762ecffb5486ed258d87a Mon Sep 17 00:00:00 2001 +From 9da8c48cd0849c0c58b848c01f8cca7adf79ee70 Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Thu, 20 Oct 2022 10:23:16 +0200 Subject: [PATCH 2/4] x86/sev: write AP reset vector @@ -8,14 +8,14 @@ into the AP reset vector used by libkrun's qboot. Signed-off-by: Sergio Lopez --- - arch/x86/kernel/sev.c | 25 ++++++++++++++++++++++++- + arch/x86/coco/sev/core.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) -diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c -index 9905dc0e0b09..38df85fd1324 100644 ---- a/arch/x86/kernel/sev.c -+++ b/arch/x86/kernel/sev.c -@@ -1116,6 +1116,29 @@ void __init snp_set_wakeup_secondary_cpu(void) +diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c +index de1df0cb45da..7ed486a790fb 100644 +--- a/arch/x86/coco/sev/core.c ++++ b/arch/x86/coco/sev/core.c +@@ -1266,6 +1266,29 @@ void __init snp_set_wakeup_secondary_cpu(void) apic_update_callback(wakeup_secondary_cpu, wakeup_cpu_via_vmgexit); } @@ -45,7 +45,7 @@ index 9905dc0e0b09..38df85fd1324 100644 int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { u16 startup_cs, startup_ip; -@@ -1127,7 +1150,7 @@ int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh) +@@ -1277,7 +1300,7 @@ int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh) /* On UP guests there is no jump table so this is not a failure */ if (!jump_table_addr) diff --git a/patches-sev/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch b/patches-sev/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch index 2582f4a..1726c49 100644 --- a/patches-sev/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch +++ b/patches-sev/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch @@ -1,4 +1,4 @@ -From 4db2da9b067d0c7b10d7f7543c45dcb0d608e307 Mon Sep 17 00:00:00 2001 +From ff94a2d240ee168296ce4e2bb3370ee10272bbef Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Wed, 3 Aug 2022 12:35:12 +0200 Subject: [PATCH 3/4] Implement driver to retrieve secrets from cmdline @@ -14,24 +14,24 @@ efi_secret.c Signed-off-by: Sergio Lopez --- - arch/x86/kernel/setup.c | 7 + - drivers/virt/Kconfig | 2 + - drivers/virt/Makefile | 1 + + arch/x86/kernel/setup.c | 6 + + drivers/virt/coco/Kconfig | 2 + + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/cmdline_secret/Kconfig | 13 ++ drivers/virt/coco/cmdline_secret/Makefile | 2 + .../virt/coco/cmdline_secret/cmdline_secret.c | 135 ++++++++++++++++++ include/linux/init.h | 4 + init/main.c | 13 ++ - 8 files changed, 177 insertions(+) + 8 files changed, 176 insertions(+) create mode 100644 drivers/virt/coco/cmdline_secret/Kconfig create mode 100644 drivers/virt/coco/cmdline_secret/Makefile create mode 100644 drivers/virt/coco/cmdline_secret/cmdline_secret.c diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index eb129277dcdd..3906896a62af 100644 +index f1fea506e20f..3778d544e93b 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -876,7 +876,9 @@ void __init setup_arch(char **cmdline_p) +@@ -751,12 +751,18 @@ void __init setup_arch(char **cmdline_p) */ __flush_tlb_all(); #else @@ -41,42 +41,40 @@ index eb129277dcdd..3906896a62af 100644 boot_cpu_data.x86_phys_bits = MAX_PHYSMEM_BITS; #endif -@@ -961,6 +963,11 @@ void __init setup_arch(char **cmdline_p) - #ifdef CONFIG_CMDLINE_BOOL #ifdef CONFIG_CMDLINE_OVERRIDE +#ifdef CONFIG_CMDLINE_SECRET + strscpy(early_secret_cmdline, boot_command_line, COMMAND_LINE_SIZE); + memzero_explicit(boot_command_line, COMMAND_LINE_SIZE); -+ clflush_cache_range(boot_command_line, COMMAND_LINE_SIZE); +#endif strscpy(boot_command_line, builtin_cmdline, COMMAND_LINE_SIZE); #else if (builtin_cmdline[0]) { -diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig -index f79ab13a5c28..4a62feec1a0e 100644 ---- a/drivers/virt/Kconfig -+++ b/drivers/virt/Kconfig -@@ -50,6 +50,8 @@ source "drivers/virt/acrn/Kconfig" - - source "drivers/virt/coco/efi_secret/Kconfig" +diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig +index d9ff676bf48d..fd37c502b42d 100644 +--- a/drivers/virt/coco/Kconfig ++++ b/drivers/virt/coco/Kconfig +@@ -7,6 +7,8 @@ config TSM_REPORTS + select CONFIGFS_FS + tristate +source "drivers/virt/coco/cmdline_secret/Kconfig" + - source "drivers/virt/coco/sev-guest/Kconfig" + source "drivers/virt/coco/efi_secret/Kconfig" - source "drivers/virt/coco/tdx-guest/Kconfig" -diff --git a/drivers/virt/Makefile b/drivers/virt/Makefile -index e9aa6fc96fab..9174d4f9286e 100644 ---- a/drivers/virt/Makefile -+++ b/drivers/virt/Makefile -@@ -10,5 +10,6 @@ obj-y += vboxguest/ - obj-$(CONFIG_NITRO_ENCLAVES) += nitro_enclaves/ - obj-$(CONFIG_ACRN_HSM) += acrn/ - obj-$(CONFIG_EFI_SECRET) += coco/efi_secret/ -+obj-$(CONFIG_CMDLINE_SECRET) += coco/cmdline_secret/ - obj-$(CONFIG_SEV_GUEST) += coco/sev-guest/ - obj-$(CONFIG_INTEL_TDX_GUEST) += coco/tdx-guest/ + source "drivers/virt/coco/pkvm-guest/Kconfig" +diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile +index b69c30c1c720..da3d9254900c 100644 +--- a/drivers/virt/coco/Makefile ++++ b/drivers/virt/coco/Makefile +@@ -3,6 +3,7 @@ + # Confidential computing related collateral + # + obj-$(CONFIG_TSM_REPORTS) += tsm.o ++obj-$(CONFIG_CMDLINE_SECRET) += cmdline_secret/ + obj-$(CONFIG_EFI_SECRET) += efi_secret/ + obj-$(CONFIG_ARM_PKVM_GUEST) += pkvm-guest/ + obj-$(CONFIG_SEV_GUEST) += sev-guest/ diff --git a/drivers/virt/coco/cmdline_secret/Kconfig b/drivers/virt/coco/cmdline_secret/Kconfig new file mode 100644 index 000000000000..bb601280d50d @@ -246,7 +244,7 @@ index 000000000000..e53edce18768 +module_init(cmdline_secret_init); +module_exit(cmdline_secret_exit); diff --git a/include/linux/init.h b/include/linux/init.h -index 01b52c9c7526..889a0cf32832 100644 +index ee1309473bc6..96c0f3c72395 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -143,6 +143,10 @@ extern int do_one_initcall(initcall_t fn); @@ -261,10 +259,10 @@ index 01b52c9c7526..889a0cf32832 100644 /* used by init/main.c */ diff --git a/init/main.c b/init/main.c -index c787e94cc898..2fb8a8af9af6 100644 +index c4778edae797..a475bd3bcb34 100644 --- a/init/main.c +++ b/init/main.c -@@ -147,6 +147,11 @@ static char *extra_command_line; +@@ -149,6 +149,11 @@ static char *extra_command_line; /* Extra init arguments */ static char *extra_init_args; @@ -276,7 +274,7 @@ index c787e94cc898..2fb8a8af9af6 100644 #ifdef CONFIG_BOOT_CONFIG /* Is bootconfig on command line? */ static bool bootconfig_found; -@@ -670,6 +675,14 @@ static void __init setup_command_line(char *command_line) +@@ -685,6 +690,14 @@ static void __init setup_command_line(char *command_line) } saved_command_line_len = strlen(saved_command_line); diff --git a/patches-sev/0004-x86-sev-Avoid-using-native_cpuid.patch b/patches-sev/0004-x86-sev-Avoid-using-native_cpuid.patch index 0e00f97..dffad50 100644 --- a/patches-sev/0004-x86-sev-Avoid-using-native_cpuid.patch +++ b/patches-sev/0004-x86-sev-Avoid-using-native_cpuid.patch @@ -1,4 +1,4 @@ -From d53bef286ab6731ad5c721537ef8ad3ec39c0200 Mon Sep 17 00:00:00 2001 +From 459990b97e11b3be4272d06b4647bdab6bdf099e Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Wed, 5 Jun 2024 16:20:08 +0200 Subject: [PATCH 4/4] x86/sev: Avoid using native_cpuid @@ -16,7 +16,7 @@ Signed-off-by: Sergio Lopez 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c -index cc47a818a640..a2b5b08eee23 100644 +index ac33b2263a43..d894fdb89007 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -495,37 +495,17 @@ void __head sme_enable(struct boot_params *bp) diff --git a/patches/0001-krunfw-Don-t-panic-when-init-dies.patch b/patches/0001-krunfw-Don-t-panic-when-init-dies.patch index 0ef802d..70464a1 100644 --- a/patches/0001-krunfw-Don-t-panic-when-init-dies.patch +++ b/patches/0001-krunfw-Don-t-panic-when-init-dies.patch @@ -1,7 +1,7 @@ -From a6442523102c4d482bf24f0f21a38ae29b3f0c8c Mon Sep 17 00:00:00 2001 +From 784c1bce5f1ca4c39d6c94dd1db220291cb26f9a Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Thu, 2 Mar 2023 07:34:49 +0100 -Subject: [PATCH 01/20] krunfw: Don't panic when init dies +Subject: [PATCH 01/19] krunfw: Don't panic when init dies In libkrun, the isolated process runs as PID 1. When it exits, trigger an orderly reboot instead of panic'ing. @@ -11,23 +11,24 @@ play with the printk levels instead. Signed-off-by: Sergio Lopez --- - kernel/exit.c | 5 +++++ + kernel/exit.c | 6 ++++++ kernel/reboot.c | 2 ++ - 2 files changed, 7 insertions(+) + 2 files changed, 8 insertions(+) diff --git a/kernel/exit.c b/kernel/exit.c -index 3540b2c9b1b6..8348e9825945 100644 +index 619f0014c33b..987bec96ebee 100644 --- a/kernel/exit.c +++ b/kernel/exit.c -@@ -69,6 +69,7 @@ +@@ -69,6 +69,8 @@ #include #include #include +#include - ++ #include - #include -@@ -840,8 +841,12 @@ void __noreturn do_exit(long code) + + #include +@@ -905,8 +907,12 @@ void __noreturn do_exit(long code) * immediately to get a useable coredump. */ if (unlikely(is_global_init(tsk))) @@ -41,10 +42,10 @@ index 3540b2c9b1b6..8348e9825945 100644 #ifdef CONFIG_POSIX_TIMERS hrtimer_cancel(&tsk->signal->real_timer); diff --git a/kernel/reboot.c b/kernel/reboot.c -index 6ebef11c8876..4323caa5b871 100644 +index f05dbde2c93f..f047bde90c03 100644 --- a/kernel/reboot.c +++ b/kernel/reboot.c -@@ -269,10 +269,12 @@ void kernel_restart(char *cmd) +@@ -278,10 +278,12 @@ void kernel_restart(char *cmd) do_kernel_restart_prepare(); migrate_to_reboot_cpu(); syscore_shutdown(); diff --git a/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch b/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch index 0fe7a85..be425b3 100644 --- a/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch +++ b/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch @@ -1,7 +1,7 @@ -From 46b2f712bf3d3de11cbc0358ec6f833be99f2f49 Mon Sep 17 00:00:00 2001 +From c843c27bf58ade43ae935391ade4908d980ba1a2 Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Mon, 16 May 2022 16:04:27 +0200 -Subject: [PATCH 02/20] krunfw: Ignore run_cmd on orderly reboot +Subject: [PATCH 02/19] krunfw: Ignore run_cmd on orderly reboot We don't really support restarting the conventional way, so ignore "run_cmd" so we can fall back to an emergency sync and reboot. @@ -12,10 +12,10 @@ Signed-off-by: Sergio Lopez 1 file changed, 4 insertions(+) diff --git a/kernel/reboot.c b/kernel/reboot.c -index 4323caa5b871..d9d6f0dd2ebc 100644 +index f047bde90c03..aeea51201f90 100644 --- a/kernel/reboot.c +++ b/kernel/reboot.c -@@ -836,7 +836,11 @@ static int __orderly_reboot(void) +@@ -852,7 +852,11 @@ static int __orderly_reboot(void) { int ret; diff --git a/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch b/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch index bdffe7e..331b401 100644 --- a/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch +++ b/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch @@ -1,7 +1,7 @@ -From 0bef0669ef2606831f442e86254e9e1ab86809b6 Mon Sep 17 00:00:00 2001 +From 71445bf49bdd1eeb6e5f199b1c8eca36586708fc Mon Sep 17 00:00:00 2001 From: Bobby Eshleman Date: Sat, 10 Jun 2023 00:58:28 +0000 -Subject: [PATCH 03/20] vsock/dgram: generalize recvmsg and drop +Subject: [PATCH 03/19] vsock/dgram: generalize recvmsg and drop transport->dgram_dequeue This commit drops the transport->dgram_dequeue callback and makes @@ -23,10 +23,10 @@ Signed-off-by: Bobby Eshleman 9 files changed, 137 insertions(+), 52 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c -index d94a06008ff6..549158375086 100644 +index 802153e23073..1b3e6963335b 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c -@@ -410,9 +410,11 @@ static struct virtio_transport vhost_transport = { +@@ -419,9 +419,11 @@ static struct virtio_transport vhost_transport = { .cancel_pkt = vhost_transport_cancel_pkt, .dgram_enqueue = virtio_transport_dgram_enqueue, @@ -40,10 +40,10 @@ index d94a06008ff6..549158375086 100644 .stream_enqueue = virtio_transport_stream_enqueue, .stream_dequeue = virtio_transport_stream_dequeue, diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h -index fbf30721bac9..1098a4c0d738 100644 +index 0387d64e2c66..954c5d66f8e4 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h -@@ -219,6 +219,9 @@ bool virtio_transport_stream_allow(u32 cid, u32 port); +@@ -235,6 +235,9 @@ bool virtio_transport_stream_allow(u32 cid, u32 port); int virtio_transport_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr); bool virtio_transport_dgram_allow(u32 cid, u32 port); @@ -54,7 +54,7 @@ index fbf30721bac9..1098a4c0d738 100644 int virtio_transport_connect(struct vsock_sock *vsk); diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h -index f8b09a82f62e..7a342d406c34 100644 +index 9e85424c8343..fe0fb5c01823 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -120,11 +120,20 @@ struct vsock_transport { @@ -81,10 +81,10 @@ index f8b09a82f62e..7a342d406c34 100644 /* STREAM. */ /* TODO: stream_bind() */ diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c -index f5eb737a677d..c3fdb22cfd39 100644 +index dfd29160fe11..014b8414a7d6 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c -@@ -1273,10 +1273,62 @@ static int vsock_dgram_connect(struct socket *sock, +@@ -1277,10 +1277,62 @@ static int vsock_dgram_connect(struct socket *sock, int __vsock_dgram_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, int flags) { @@ -186,10 +186,10 @@ index 56c232cf5b0f..cc0a6c3401d3 100644 .dgram_allow = hvs_dgram_allow, diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c -index 2925f5d27ad3..332d6d580cba 100644 +index b58c3818f284..48008d8341d7 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c -@@ -430,9 +430,11 @@ static struct virtio_transport virtio_transport = { +@@ -552,9 +552,11 @@ static struct virtio_transport virtio_transport = { .cancel_pkt = virtio_transport_cancel_pkt, .dgram_bind = virtio_transport_dgram_bind, @@ -203,10 +203,10 @@ index 2925f5d27ad3..332d6d580cba 100644 .stream_dequeue = virtio_transport_stream_dequeue, .stream_enqueue = virtio_transport_stream_enqueue, diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c -index 43495820b64f..b566fc80f8db 100644 +index 9acc13ab3f82..13ae96f0d2ec 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c -@@ -860,6 +860,24 @@ int virtio_transport_dgram_bind(struct vsock_sock *vsk, +@@ -1047,6 +1047,24 @@ int virtio_transport_dgram_bind(struct vsock_sock *vsk, } EXPORT_SYMBOL_GPL(virtio_transport_dgram_bind); @@ -331,10 +331,10 @@ index b370070194fa..bbc63826bf48 100644 .stream_enqueue = vmci_transport_stream_enqueue, .stream_has_data = vmci_transport_stream_has_data, diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c -index 0ce65d0a4a44..6b19e308a140 100644 +index 6e78927a598e..3d5e05d8950f 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c -@@ -62,9 +62,11 @@ static struct virtio_transport loopback_transport = { +@@ -66,9 +66,11 @@ static struct virtio_transport loopback_transport = { .cancel_pkt = vsock_loopback_cancel_pkt, .dgram_bind = virtio_transport_dgram_bind, diff --git a/patches/0004-vsock-refactor-transport-lookup-code.patch b/patches/0004-vsock-refactor-transport-lookup-code.patch index 6dae5b5..504bc81 100644 --- a/patches/0004-vsock-refactor-transport-lookup-code.patch +++ b/patches/0004-vsock-refactor-transport-lookup-code.patch @@ -1,7 +1,7 @@ -From 789729bfd16c0f28d6b591ffd4d2537c9f1e9873 Mon Sep 17 00:00:00 2001 +From 99a059c51f1d19be35e622e8297c4f5d9ee94b6e Mon Sep 17 00:00:00 2001 From: Bobby Eshleman Date: Sat, 10 Jun 2023 00:58:29 +0000 -Subject: [PATCH 04/20] vsock: refactor transport lookup code +Subject: [PATCH 04/19] vsock: refactor transport lookup code Introduce new reusable function vsock_connectible_lookup_transport() that performs the transport lookup logic. @@ -14,10 +14,10 @@ Signed-off-by: Bobby Eshleman 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c -index c3fdb22cfd39..5a517638deed 100644 +index 014b8414a7d6..5a45600002f5 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c -@@ -424,6 +424,22 @@ static void vsock_deassign_transport(struct vsock_sock *vsk) +@@ -425,6 +425,22 @@ static void vsock_deassign_transport(struct vsock_sock *vsk) vsk->transport = NULL; } @@ -40,7 +40,7 @@ index c3fdb22cfd39..5a517638deed 100644 /* Assign a transport to a socket and call the .init transport callback. * * Note: for connection oriented socket this must be called when vsk->remote_addr -@@ -464,13 +480,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) +@@ -465,13 +481,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) break; case SOCK_STREAM: case SOCK_SEQPACKET: diff --git a/patches/0005-vsock-support-multi-transport-datagrams.patch b/patches/0005-vsock-support-multi-transport-datagrams.patch index 8fee69c..28b9f1d 100644 --- a/patches/0005-vsock-support-multi-transport-datagrams.patch +++ b/patches/0005-vsock-support-multi-transport-datagrams.patch @@ -1,7 +1,7 @@ -From aa746f8898e3b89d6d93a1373a85eea7815bb416 Mon Sep 17 00:00:00 2001 +From 448088b2a662ed19728b42e75c9a5f500d2c5359 Mon Sep 17 00:00:00 2001 From: Bobby Eshleman Date: Sat, 10 Jun 2023 00:58:30 +0000 -Subject: [PATCH 05/20] vsock: support multi-transport datagrams +Subject: [PATCH 05/19] vsock: support multi-transport datagrams This patch adds support for multi-transport datagrams. @@ -57,10 +57,10 @@ Signed-off-by: Bobby Eshleman 7 files changed, 60 insertions(+), 36 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c -index 549158375086..ea093563b96b 100644 +index 1b3e6963335b..d58be350ddca 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c -@@ -410,7 +410,6 @@ static struct virtio_transport vhost_transport = { +@@ -419,7 +419,6 @@ static struct virtio_transport vhost_transport = { .cancel_pkt = vhost_transport_cancel_pkt, .dgram_enqueue = virtio_transport_dgram_enqueue, @@ -69,10 +69,10 @@ index 549158375086..ea093563b96b 100644 .dgram_get_cid = virtio_transport_dgram_get_cid, .dgram_get_port = virtio_transport_dgram_get_port, diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h -index 1098a4c0d738..26339021418d 100644 +index 954c5d66f8e4..741d643534f4 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h -@@ -216,8 +216,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val); +@@ -232,8 +232,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val); u64 virtio_transport_stream_rcvhiwat(struct vsock_sock *vsk); bool virtio_transport_stream_is_active(struct vsock_sock *vsk); bool virtio_transport_stream_allow(u32 cid, u32 port); @@ -82,10 +82,10 @@ index 1098a4c0d738..26339021418d 100644 int virtio_transport_dgram_get_cid(struct sk_buff *skb, unsigned int *cid); int virtio_transport_dgram_get_port(struct sk_buff *skb, unsigned int *port); diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c -index 5a517638deed..afe28d3b0b74 100644 +index 5a45600002f5..2c4fda4215f1 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c -@@ -440,6 +440,18 @@ vsock_connectible_lookup_transport(unsigned int cid, __u8 flags) +@@ -441,6 +441,18 @@ vsock_connectible_lookup_transport(unsigned int cid, __u8 flags) return transport; } @@ -104,7 +104,7 @@ index 5a517638deed..afe28d3b0b74 100644 /* Assign a transport to a socket and call the .init transport callback. * * Note: for connection oriented socket this must be called when vsk->remote_addr -@@ -476,7 +488,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) +@@ -477,7 +489,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) switch (sk->sk_type) { case SOCK_DGRAM: @@ -114,7 +114,7 @@ index 5a517638deed..afe28d3b0b74 100644 break; case SOCK_STREAM: case SOCK_SEQPACKET: -@@ -693,6 +706,9 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, +@@ -694,6 +707,9 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, static int __vsock_bind_dgram(struct vsock_sock *vsk, struct sockaddr_vm *addr) { @@ -124,7 +124,7 @@ index 5a517638deed..afe28d3b0b74 100644 return vsk->transport->dgram_bind(vsk, addr); } -@@ -1174,19 +1190,24 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg, +@@ -1178,19 +1194,24 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg, lock_sock(sk); @@ -156,7 +156,7 @@ index 5a517638deed..afe28d3b0b74 100644 /* Ensure this address is of the right type and is a valid * destination. */ -@@ -1195,11 +1216,27 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg, +@@ -1199,11 +1220,27 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg, remote_addr->svm_cid = transport->get_local_cid(); if (!vsock_addr_bound(remote_addr)) { @@ -184,7 +184,7 @@ index 5a517638deed..afe28d3b0b74 100644 if (remote_addr->svm_cid == VMADDR_CID_ANY) remote_addr->svm_cid = transport->get_local_cid(); -@@ -1207,23 +1244,23 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg, +@@ -1211,23 +1248,23 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg, /* XXX Should connect() or this function ensure remote_addr is * bound? */ @@ -217,7 +217,7 @@ index 5a517638deed..afe28d3b0b74 100644 out: release_sock(sk); return err; -@@ -1257,13 +1294,18 @@ static int vsock_dgram_connect(struct socket *sock, +@@ -1261,13 +1298,18 @@ static int vsock_dgram_connect(struct socket *sock, if (err) goto out; @@ -262,10 +262,10 @@ index cc0a6c3401d3..4c6d705cc9e6 100644 .dgram_get_port = hvs_dgram_get_port, .dgram_get_length = hvs_dgram_get_length, diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c -index 332d6d580cba..4e138ad3c113 100644 +index 48008d8341d7..f64281de9783 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c -@@ -429,7 +429,6 @@ static struct virtio_transport virtio_transport = { +@@ -551,7 +551,6 @@ static struct virtio_transport virtio_transport = { .shutdown = virtio_transport_shutdown, .cancel_pkt = virtio_transport_cancel_pkt, @@ -274,10 +274,10 @@ index 332d6d580cba..4e138ad3c113 100644 .dgram_allow = virtio_transport_dgram_allow, .dgram_get_cid = virtio_transport_dgram_get_cid, diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c -index b566fc80f8db..456dfa74c642 100644 +index 13ae96f0d2ec..2a0f720e33d8 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c -@@ -853,13 +853,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port) +@@ -1040,13 +1040,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port) } EXPORT_SYMBOL_GPL(virtio_transport_stream_allow); @@ -292,10 +292,10 @@ index b566fc80f8db..456dfa74c642 100644 { return -EOPNOTSUPP; diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c -index 6b19e308a140..21a4debde550 100644 +index 3d5e05d8950f..9e9e124f8d2b 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c -@@ -61,7 +61,6 @@ static struct virtio_transport loopback_transport = { +@@ -65,7 +65,6 @@ static struct virtio_transport loopback_transport = { .shutdown = virtio_transport_shutdown, .cancel_pkt = vsock_loopback_cancel_pkt, diff --git a/patches/0006-vsock-make-vsock-bind-reusable.patch b/patches/0006-vsock-make-vsock-bind-reusable.patch index 11ad636..44c469d 100644 --- a/patches/0006-vsock-make-vsock-bind-reusable.patch +++ b/patches/0006-vsock-make-vsock-bind-reusable.patch @@ -1,7 +1,7 @@ -From 47c855617435187d710744e4144b11390814da8a Mon Sep 17 00:00:00 2001 +From 7409ec09ad5cb801a3a22c2ab14ecfef6db7fa74 Mon Sep 17 00:00:00 2001 From: Bobby Eshleman Date: Sat, 10 Jun 2023 00:58:31 +0000 -Subject: [PATCH 06/20] vsock: make vsock bind reusable +Subject: [PATCH 06/19] vsock: make vsock bind reusable This commit makes the bind table management functions in vsock usable for different bind tables. For use by datagrams in a future patch. @@ -12,10 +12,10 @@ Signed-off-by: Bobby Eshleman 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c -index afe28d3b0b74..6a94a623dd07 100644 +index 2c4fda4215f1..fc4d894a62bd 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c -@@ -232,11 +232,12 @@ static void __vsock_remove_connected(struct vsock_sock *vsk) +@@ -233,11 +233,12 @@ static void __vsock_remove_connected(struct vsock_sock *vsk) sock_put(&vsk->sk); } @@ -30,7 +30,7 @@ index afe28d3b0b74..6a94a623dd07 100644 if (vsock_addr_equals_addr(addr, &vsk->local_addr)) return sk_vsock(vsk); -@@ -249,6 +250,11 @@ static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) +@@ -250,6 +251,11 @@ static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) return NULL; } @@ -42,7 +42,7 @@ index afe28d3b0b74..6a94a623dd07 100644 static struct sock *__vsock_find_connected_socket(struct sockaddr_vm *src, struct sockaddr_vm *dst) { -@@ -648,12 +654,17 @@ static void vsock_pending_work(struct work_struct *work) +@@ -649,12 +655,17 @@ static void vsock_pending_work(struct work_struct *work) /**** SOCKET OPERATIONS ****/ @@ -62,7 +62,7 @@ index afe28d3b0b74..6a94a623dd07 100644 if (!port) port = get_random_u32_above(LAST_RESERVED_PORT); -@@ -669,7 +680,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, +@@ -670,7 +681,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, new_addr.svm_port = port++; @@ -72,7 +72,7 @@ index afe28d3b0b74..6a94a623dd07 100644 found = true; break; } -@@ -686,7 +698,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, +@@ -687,7 +699,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, return -EACCES; } @@ -82,7 +82,7 @@ index afe28d3b0b74..6a94a623dd07 100644 return -EADDRINUSE; } -@@ -698,11 +711,17 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, +@@ -699,11 +712,17 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, * by AF_UNIX. */ __vsock_remove_bound(vsk); diff --git a/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch b/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch index 069587c..b227be1 100644 --- a/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch +++ b/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch @@ -1,7 +1,7 @@ -From 3ff89941eeaa749a5d26bdd2cfc31ca9201770fd Mon Sep 17 00:00:00 2001 +From c1fc9e5866174b3ec0330c94f2441d836f265008 Mon Sep 17 00:00:00 2001 From: Bobby Eshleman Date: Sat, 10 Jun 2023 00:58:32 +0000 -Subject: [PATCH 07/20] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit +Subject: [PATCH 07/19] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit This commit adds a feature bit for virtio vsock to support datagrams. diff --git a/patches/0008-virtio-vsock-support-dgrams.patch b/patches/0008-virtio-vsock-support-dgrams.patch index 85dd9e0..fd9e012 100644 --- a/patches/0008-virtio-vsock-support-dgrams.patch +++ b/patches/0008-virtio-vsock-support-dgrams.patch @@ -1,7 +1,7 @@ -From b103d01ce2eccd9b73f3db15674137b259f02ec4 Mon Sep 17 00:00:00 2001 +From e567f3d4119b15ce9cad78c5acfd8812d0d53309 Mon Sep 17 00:00:00 2001 From: Bobby Eshleman Date: Sat, 10 Jun 2023 00:58:33 +0000 -Subject: [PATCH 08/20] virtio/vsock: support dgrams +Subject: [PATCH 08/19] virtio/vsock: support dgrams This commit adds support for datagrams over virtio/vsock. @@ -29,14 +29,14 @@ Signed-off-by: Bobby Eshleman include/linux/virtio_vsock.h | 5 +- include/net/af_vsock.h | 1 + include/uapi/linux/virtio_vsock.h | 1 + - net/vmw_vsock/af_vsock.c | 58 ++++++- - net/vmw_vsock/virtio_transport.c | 23 ++- - net/vmw_vsock/virtio_transport_common.c | 207 ++++++++++++++++++------ + net/vmw_vsock/af_vsock.c | 58 ++++++-- + net/vmw_vsock/virtio_transport.c | 23 +++- + net/vmw_vsock/virtio_transport_common.c | 175 ++++++++++++++++++------ net/vmw_vsock/vsock_loopback.c | 8 +- - 8 files changed, 264 insertions(+), 66 deletions(-) + 8 files changed, 240 insertions(+), 58 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c -index ea093563b96b..a3fea3cd2603 100644 +index d58be350ddca..e5469c367a0f 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -32,7 +32,8 @@ @@ -57,15 +57,15 @@ index ea093563b96b..a3fea3cd2603 100644 bool seqpacket_allow; }; -@@ -394,6 +396,7 @@ static bool vhost_vsock_more_replies(struct vhost_vsock *vsock) - return val < vq->num; +@@ -403,6 +405,7 @@ static bool vhost_transport_msgzerocopy_allow(void) + return true; } +static bool vhost_transport_dgram_allow(u32 cid, u32 port); static bool vhost_transport_seqpacket_allow(u32 remote_cid); static struct virtio_transport vhost_transport = { -@@ -410,10 +413,11 @@ static struct virtio_transport vhost_transport = { +@@ -419,10 +422,11 @@ static struct virtio_transport vhost_transport = { .cancel_pkt = vhost_transport_cancel_pkt, .dgram_enqueue = virtio_transport_dgram_enqueue, @@ -78,7 +78,7 @@ index ea093563b96b..a3fea3cd2603 100644 .stream_enqueue = virtio_transport_stream_enqueue, .stream_dequeue = virtio_transport_stream_dequeue, -@@ -447,6 +451,22 @@ static struct virtio_transport vhost_transport = { +@@ -460,6 +464,22 @@ static struct virtio_transport vhost_transport = { .send_pkt = vhost_transport_send_pkt, }; @@ -101,7 +101,7 @@ index ea093563b96b..a3fea3cd2603 100644 static bool vhost_transport_seqpacket_allow(u32 remote_cid) { struct vhost_vsock *vsock; -@@ -803,6 +823,9 @@ static int vhost_vsock_set_features(struct vhost_vsock *vsock, u64 features) +@@ -816,6 +836,9 @@ static int vhost_vsock_set_features(struct vhost_vsock *vsock, u64 features) vsock->seqpacket_allow = features & (1ULL << VIRTIO_VSOCK_F_SEQPACKET); @@ -112,10 +112,10 @@ index ea093563b96b..a3fea3cd2603 100644 vq = &vsock->vqs[i]; mutex_lock(&vq->mutex); diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h -index 26339021418d..ca5aeb0f9c2e 100644 +index 741d643534f4..bd6864bc82a3 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h -@@ -216,7 +216,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val); +@@ -232,7 +232,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val); u64 virtio_transport_stream_rcvhiwat(struct vsock_sock *vsk); bool virtio_transport_stream_is_active(struct vsock_sock *vsk); bool virtio_transport_stream_allow(u32 cid, u32 port); @@ -123,7 +123,7 @@ index 26339021418d..ca5aeb0f9c2e 100644 int virtio_transport_dgram_get_cid(struct sk_buff *skb, unsigned int *cid); int virtio_transport_dgram_get_port(struct sk_buff *skb, unsigned int *port); int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len); -@@ -248,4 +247,8 @@ void virtio_transport_deliver_tap_pkt(struct sk_buff *skb); +@@ -264,4 +263,8 @@ void virtio_transport_deliver_tap_pkt(struct sk_buff *skb); int virtio_transport_purge_skbs(void *vsk, struct sk_buff_head *list); int virtio_transport_read_skb(struct vsock_sock *vsk, skb_read_actor_t read_actor); int virtio_transport_notify_set_rcvlowat(struct vsock_sock *vsk, int val); @@ -133,10 +133,10 @@ index 26339021418d..ca5aeb0f9c2e 100644 +int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len); #endif /* _LINUX_VIRTIO_VSOCK_H */ diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h -index 7a342d406c34..92c1b7f46789 100644 +index fe0fb5c01823..5e557b578a29 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h -@@ -224,6 +224,7 @@ void vsock_for_each_connected_socket(struct vsock_transport *transport, +@@ -230,6 +230,7 @@ void vsock_for_each_connected_socket(struct vsock_transport *transport, void (*fn)(struct sock *sk)); int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk); bool vsock_find_cid(unsigned int cid); @@ -157,10 +157,10 @@ index 9c25f267bbc0..27b4b2b8bf13 100644 enum virtio_vsock_op { diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c -index 6a94a623dd07..391ee534246a 100644 +index fc4d894a62bd..9875d6b0cd70 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c -@@ -116,6 +116,7 @@ +@@ -117,6 +117,7 @@ static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr); static void vsock_sk_destruct(struct sock *sk); static int vsock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); @@ -168,7 +168,7 @@ index 6a94a623dd07..391ee534246a 100644 /* Protocol family. */ struct proto vsock_proto = { -@@ -182,6 +183,8 @@ struct list_head vsock_connected_table[VSOCK_HASH_SIZE]; +@@ -183,6 +184,8 @@ struct list_head vsock_connected_table[VSOCK_HASH_SIZE]; EXPORT_SYMBOL_GPL(vsock_connected_table); DEFINE_SPINLOCK(vsock_table_lock); EXPORT_SYMBOL_GPL(vsock_table_lock); @@ -177,7 +177,7 @@ index 6a94a623dd07..391ee534246a 100644 /* Autobind this socket to the local address if necessary. */ static int vsock_auto_bind(struct vsock_sock *vsk) -@@ -204,6 +207,9 @@ static void vsock_init_tables(void) +@@ -205,6 +208,9 @@ static void vsock_init_tables(void) for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) INIT_LIST_HEAD(&vsock_connected_table[i]); @@ -187,7 +187,7 @@ index 6a94a623dd07..391ee534246a 100644 } static void __vsock_insert_bound(struct list_head *list, -@@ -232,8 +238,8 @@ static void __vsock_remove_connected(struct vsock_sock *vsk) +@@ -233,8 +239,8 @@ static void __vsock_remove_connected(struct vsock_sock *vsk) sock_put(&vsk->sk); } @@ -198,7 +198,7 @@ index 6a94a623dd07..391ee534246a 100644 { struct vsock_sock *vsk; -@@ -250,6 +256,23 @@ struct sock *vsock_find_bound_socket_common(struct sockaddr_vm *addr, +@@ -251,6 +257,23 @@ struct sock *vsock_find_bound_socket_common(struct sockaddr_vm *addr, return NULL; } @@ -222,7 +222,7 @@ index 6a94a623dd07..391ee534246a 100644 static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) { return vsock_find_bound_socket_common(addr, vsock_bound_sockets(addr)); -@@ -289,6 +312,14 @@ void vsock_insert_connected(struct vsock_sock *vsk) +@@ -290,6 +313,14 @@ void vsock_insert_connected(struct vsock_sock *vsk) } EXPORT_SYMBOL_GPL(vsock_insert_connected); @@ -237,7 +237,7 @@ index 6a94a623dd07..391ee534246a 100644 void vsock_remove_bound(struct vsock_sock *vsk) { spin_lock_bh(&vsock_table_lock); -@@ -340,7 +371,10 @@ EXPORT_SYMBOL_GPL(vsock_find_connected_socket); +@@ -341,7 +372,10 @@ EXPORT_SYMBOL_GPL(vsock_find_connected_socket); void vsock_remove_sock(struct vsock_sock *vsk) { @@ -249,7 +249,7 @@ index 6a94a623dd07..391ee534246a 100644 vsock_remove_connected(vsk); } EXPORT_SYMBOL_GPL(vsock_remove_sock); -@@ -722,11 +756,19 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, +@@ -723,11 +757,19 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk, return vsock_bind_common(vsk, addr, vsock_bind_table, VSOCK_HASH_SIZE + 1); } @@ -273,7 +273,7 @@ index 6a94a623dd07..391ee534246a 100644 return vsk->transport->dgram_bind(vsk, addr); } -@@ -757,7 +799,7 @@ static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr) +@@ -758,7 +800,7 @@ static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr) break; case SOCK_DGRAM: @@ -283,27 +283,27 @@ index 6a94a623dd07..391ee534246a 100644 default: diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c -index 4e138ad3c113..3dd63dc8f6b7 100644 +index f64281de9783..fd8cb26e0a67 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c -@@ -63,6 +63,7 @@ struct virtio_vsock { - - u32 guest_cid; - bool seqpacket_allow; +@@ -74,6 +74,7 @@ struct virtio_vsock { + */ + struct scatterlist *out_sgs[MAX_SKB_FRAGS + 1]; + struct scatterlist out_bufs[MAX_SKB_FRAGS + 1]; + bool dgram_allow; }; static u32 virtio_transport_get_local_cid(void) -@@ -414,6 +415,7 @@ static void virtio_vsock_rx_done(struct virtqueue *vq) - queue_work(virtio_vsock_workqueue, &vsock->rx_work); +@@ -536,6 +537,7 @@ static bool virtio_transport_msgzerocopy_allow(void) + return true; } +static bool virtio_transport_dgram_allow(u32 cid, u32 port); static bool virtio_transport_seqpacket_allow(u32 remote_cid); static struct virtio_transport virtio_transport = { -@@ -467,6 +469,21 @@ static struct virtio_transport virtio_transport = { - .send_pkt = virtio_transport_send_pkt, +@@ -594,6 +596,21 @@ static struct virtio_transport virtio_transport = { + .can_msgzerocopy = virtio_transport_can_msgzerocopy, }; +static bool virtio_transport_dgram_allow(u32 cid, u32 port) @@ -324,7 +324,7 @@ index 4e138ad3c113..3dd63dc8f6b7 100644 static bool virtio_transport_seqpacket_allow(u32 remote_cid) { struct virtio_vsock *vsock; -@@ -674,6 +691,9 @@ static int virtio_vsock_probe(struct virtio_device *vdev) +@@ -796,6 +813,9 @@ static int virtio_vsock_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_VSOCK_F_SEQPACKET)) vsock->seqpacket_allow = true; @@ -334,7 +334,7 @@ index 4e138ad3c113..3dd63dc8f6b7 100644 vdev->priv = vsock; ret = virtio_vsock_vqs_init(vsock); -@@ -768,7 +788,8 @@ static struct virtio_device_id id_table[] = { +@@ -893,7 +913,8 @@ static struct virtio_device_id id_table[] = { }; static unsigned int features[] = { @@ -345,11 +345,11 @@ index 4e138ad3c113..3dd63dc8f6b7 100644 static struct virtio_driver virtio_vsock_driver = { diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c -index 456dfa74c642..2908af557aa0 100644 +index 2a0f720e33d8..91012c46f8be 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c -@@ -37,6 +37,35 @@ virtio_transport_get_ops(struct vsock_sock *vsk) - return container_of(t, struct virtio_transport, transport); +@@ -133,6 +133,35 @@ static void virtio_transport_init_hdr(struct sk_buff *skb, + hdr->fwd_cnt = cpu_to_le32(0); } +/* Requires info->msg and info->vsk */ @@ -381,59 +381,10 @@ index 456dfa74c642..2908af557aa0 100644 + return skb; +} + - /* Returns a new packet on success, otherwise returns NULL. - * - * If NULL is returned, errp is set to a negative errno. -@@ -47,7 +76,8 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info, - u32 src_cid, - u32 src_port, - u32 dst_cid, -- u32 dst_port) -+ u32 dst_port, -+ int *errp) - { - const size_t skb_len = VIRTIO_VSOCK_SKB_HEADROOM + len; - struct virtio_vsock_hdr *hdr; -@@ -55,9 +85,21 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info, - void *payload; - int err; - -- skb = virtio_vsock_alloc_skb(skb_len, GFP_KERNEL); -- if (!skb) -+ /* dgrams do not use credits, self-throttle according to sk_sndbuf -+ * using sock_alloc_send_skb. This helps avoid triggering the OOM. -+ */ -+ if (info->vsk && info->type == VIRTIO_VSOCK_TYPE_DGRAM) { -+ skb = virtio_transport_sock_alloc_send_skb(info, skb_len, GFP_KERNEL, &err); -+ } else { -+ skb = virtio_vsock_alloc_skb(skb_len, GFP_KERNEL); -+ if (!skb) -+ err = -ENOMEM; -+ } -+ -+ if (!skb) { -+ *errp = err; - return NULL; -+ } - - hdr = virtio_vsock_hdr(skb); - hdr->type = cpu_to_le16(info->type); -@@ -98,12 +140,14 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info, - - if (info->vsk && !skb_set_owner_sk_safe(skb, sk_vsock(info->vsk))) { - WARN_ONCE(1, "failed to allocate skb on vsock socket with sk_refcnt == 0\n"); -+ err = -EFAULT; - goto out; - } - - return skb; - - out: -+ *errp = err; - kfree_skb(skb); - return NULL; - } -@@ -185,7 +229,9 @@ EXPORT_SYMBOL_GPL(virtio_transport_deliver_tap_pkt); + static void virtio_transport_copy_nonlinear_skb(const struct sk_buff *skb, + void *dst, + size_t len) +@@ -235,7 +264,9 @@ EXPORT_SYMBOL_GPL(virtio_transport_deliver_tap_pkt); static u16 virtio_transport_get_type(struct sock *sk) { @@ -444,22 +395,7 @@ index 456dfa74c642..2908af557aa0 100644 return VIRTIO_VSOCK_TYPE_STREAM; else return VIRTIO_VSOCK_TYPE_SEQPACKET; -@@ -241,11 +287,10 @@ static int virtio_transport_send_pkt_info(struct vsock_sock *vsk, - - skb = virtio_transport_alloc_skb(info, skb_len, - src_cid, src_port, -- dst_cid, dst_port); -- if (!skb) { -- ret = -ENOMEM; -+ dst_cid, dst_port, -+ &ret); -+ if (!skb) - break; -- } - - virtio_transport_inc_tx_pkt(vvs, skb); - -@@ -646,14 +691,30 @@ virtio_transport_seqpacket_enqueue(struct vsock_sock *vsk, +@@ -833,14 +864,30 @@ virtio_transport_seqpacket_enqueue(struct vsock_sock *vsk, } EXPORT_SYMBOL_GPL(virtio_transport_seqpacket_enqueue); @@ -468,19 +404,19 @@ index 456dfa74c642..2908af557aa0 100644 - struct msghdr *msg, - size_t len, int flags) +int virtio_transport_dgram_get_cid(struct sk_buff *skb, unsigned int *cid) -+{ + { +- return -EOPNOTSUPP; + *cid = le64_to_cpu(virtio_vsock_hdr(skb)->src_cid); + return 0; -+} + } +-EXPORT_SYMBOL_GPL(virtio_transport_dgram_dequeue); +EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_cid); + +int virtio_transport_dgram_get_port(struct sk_buff *skb, unsigned int *port) - { -- return -EOPNOTSUPP; ++{ + *port = le32_to_cpu(virtio_vsock_hdr(skb)->src_port); + return 0; - } --EXPORT_SYMBOL_GPL(virtio_transport_dgram_dequeue); ++} +EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_port); + +int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len) @@ -496,7 +432,7 @@ index 456dfa74c642..2908af557aa0 100644 s64 virtio_transport_stream_has_data(struct vsock_sock *vsk) { -@@ -853,30 +914,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port) +@@ -1040,30 +1087,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port) } EXPORT_SYMBOL_GPL(virtio_transport_stream_allow); @@ -527,7 +463,7 @@ index 456dfa74c642..2908af557aa0 100644 int virtio_transport_connect(struct vsock_sock *vsk) { struct virtio_vsock_pkt_info info = { -@@ -909,7 +946,34 @@ virtio_transport_dgram_enqueue(struct vsock_sock *vsk, +@@ -1096,7 +1119,33 @@ virtio_transport_dgram_enqueue(struct vsock_sock *vsk, struct msghdr *msg, size_t dgram_len) { @@ -550,20 +486,19 @@ index 456dfa74c642..2908af557aa0 100644 + src_cid = t_ops->transport.get_local_cid(); + src_port = vsk->local_addr.svm_port; + -+ skb = virtio_transport_alloc_skb(&info, dgram_len, ++ skb = virtio_transport_alloc_skb(&info, dgram_len, false, + src_cid, src_port, + remote_addr->svm_cid, -+ remote_addr->svm_port, -+ &err); ++ remote_addr->svm_port); + + if (!skb) -+ return err; ++ return -EINVAL; + + return t_ops->send_pkt(skb); } EXPORT_SYMBOL_GPL(virtio_transport_dgram_enqueue); -@@ -967,6 +1031,7 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, +@@ -1167,6 +1216,7 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, .reply = true, }; struct sk_buff *reply; @@ -571,20 +506,16 @@ index 456dfa74c642..2908af557aa0 100644 /* Send RST only if the original pkt is not a RST pkt */ if (le16_to_cpu(hdr->op) == VIRTIO_VSOCK_OP_RST) -@@ -979,9 +1044,10 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, - le64_to_cpu(hdr->dst_cid), - le32_to_cpu(hdr->dst_port), +@@ -1181,7 +1231,7 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, le64_to_cpu(hdr->src_cid), -- le32_to_cpu(hdr->src_port)); -+ le32_to_cpu(hdr->src_port), -+ &err); + le32_to_cpu(hdr->src_port)); if (!reply) - return -ENOMEM; -+ return err; ++ return -EINVAL; return t->send_pkt(reply); } -@@ -1201,6 +1267,21 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk, +@@ -1401,6 +1451,21 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk, kfree_skb(skb); } @@ -606,7 +537,7 @@ index 456dfa74c642..2908af557aa0 100644 static int virtio_transport_recv_connected(struct sock *sk, struct sk_buff *skb) -@@ -1378,7 +1459,8 @@ virtio_transport_recv_listen(struct sock *sk, struct sk_buff *skb, +@@ -1578,7 +1643,8 @@ virtio_transport_recv_listen(struct sock *sk, struct sk_buff *skb, static bool virtio_transport_valid_type(u16 type) { return (type == VIRTIO_VSOCK_TYPE_STREAM) || @@ -616,7 +547,7 @@ index 456dfa74c642..2908af557aa0 100644 } /* We are under the virtio-vsock's vsock->rx_lock or vhost-vsock's vq->mutex -@@ -1392,40 +1474,52 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, +@@ -1592,40 +1658,52 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, struct vsock_sock *vsk; struct sock *sk; bool space_available; @@ -679,7 +610,7 @@ index 456dfa74c642..2908af557aa0 100644 sock_put(sk); goto free_pkt; } -@@ -1441,12 +1535,18 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, +@@ -1641,12 +1719,18 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, /* Check if sk has been closed before lock_sock */ if (sock_flag(sk, SOCK_DONE)) { @@ -699,7 +630,7 @@ index 456dfa74c642..2908af557aa0 100644 space_available = virtio_transport_space_update(sk, skb); /* Update CID in case it has changed after a transport reset event */ -@@ -1478,6 +1578,7 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, +@@ -1678,6 +1762,7 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, break; } @@ -708,7 +639,7 @@ index 456dfa74c642..2908af557aa0 100644 /* Release refcnt obtained when we fetched this socket out of the diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c -index 21a4debde550..20f5b123bde5 100644 +index 9e9e124f8d2b..b3066c854bb9 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -46,6 +46,7 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *vsk) @@ -717,9 +648,9 @@ index 21a4debde550..20f5b123bde5 100644 +static bool vsock_loopback_dgram_allow(u32 cid, u32 port); static bool vsock_loopback_seqpacket_allow(u32 remote_cid); - - static struct virtio_transport loopback_transport = { -@@ -62,7 +63,7 @@ static struct virtio_transport loopback_transport = { + static bool vsock_loopback_msgzerocopy_allow(void) + { +@@ -66,7 +67,7 @@ static struct virtio_transport loopback_transport = { .cancel_pkt = vsock_loopback_cancel_pkt, .dgram_enqueue = virtio_transport_dgram_enqueue, @@ -728,7 +659,7 @@ index 21a4debde550..20f5b123bde5 100644 .dgram_get_cid = virtio_transport_dgram_get_cid, .dgram_get_port = virtio_transport_dgram_get_port, .dgram_get_length = virtio_transport_dgram_get_length, -@@ -99,6 +100,11 @@ static struct virtio_transport loopback_transport = { +@@ -107,6 +108,11 @@ static struct virtio_transport loopback_transport = { .send_pkt = vsock_loopback_send_pkt, }; diff --git a/patches/0010-Transparent-Socket-Impersonation-implementation.patch b/patches/0009-Transparent-Socket-Impersonation-implementation.patch similarity index 95% rename from patches/0010-Transparent-Socket-Impersonation-implementation.patch rename to patches/0009-Transparent-Socket-Impersonation-implementation.patch index 9da23e9..b6706fe 100644 --- a/patches/0010-Transparent-Socket-Impersonation-implementation.patch +++ b/patches/0009-Transparent-Socket-Impersonation-implementation.patch @@ -1,7 +1,7 @@ -From ea172def827af9efb7b81ae19b0f2bde42c33b38 Mon Sep 17 00:00:00 2001 +From 5aa4b81b960a8cebb8365596a4253d5a2591d2ec Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Thu, 19 May 2022 22:38:26 +0200 -Subject: [PATCH 10/20] Transparent Socket Impersonation implementation +Subject: [PATCH 09/19] Transparent Socket Impersonation implementation Transparent Socket Impersonation (AF_TSI) is an address family that provides sockets presenting two simultaneous personalities, AF_INET @@ -31,18 +31,18 @@ Signed-off-by: Sergio Lopez net/tsi/af_tsi.c | 1280 +++++++++++++++++++++++++++ net/tsi/af_tsi.h | 100 +++ security/selinux/hooks.c | 4 +- - security/selinux/include/classmap.h | 4 +- - 10 files changed, 1403 insertions(+), 3 deletions(-) + security/selinux/include/classmap.h | 3 +- + 10 files changed, 1402 insertions(+), 3 deletions(-) create mode 100644 net/tsi/Kconfig create mode 100644 net/tsi/Makefile create mode 100644 net/tsi/af_tsi.c create mode 100644 net/tsi/af_tsi.h diff --git a/include/linux/socket.h b/include/linux/socket.h -index cfcb7e2c3813..b5891faf7996 100644 +index d18cc47e89bd..b408fc7f2062 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h -@@ -239,8 +239,9 @@ struct ucred { +@@ -240,8 +240,9 @@ struct ucred { #define AF_MCTP 45 /* Management component * transport protocol */ @@ -53,7 +53,7 @@ index cfcb7e2c3813..b5891faf7996 100644 /* Protocol families, same as address families. */ #define PF_UNSPEC AF_UNSPEC -@@ -291,6 +292,7 @@ struct ucred { +@@ -292,6 +293,7 @@ struct ucred { #define PF_SMC AF_SMC #define PF_XDP AF_XDP #define PF_MCTP AF_MCTP @@ -62,10 +62,10 @@ index cfcb7e2c3813..b5891faf7996 100644 /* Maximum queue length specifiable by listen. */ diff --git a/net/Kconfig b/net/Kconfig -index d532ec33f1fe..cce74ff2a107 100644 +index a629f92dc86b..91dfb9152b5b 100644 --- a/net/Kconfig +++ b/net/Kconfig -@@ -267,6 +267,7 @@ source "net/switchdev/Kconfig" +@@ -274,6 +274,7 @@ source "net/switchdev/Kconfig" source "net/l3mdev/Kconfig" source "net/qrtr/Kconfig" source "net/ncsi/Kconfig" @@ -74,19 +74,19 @@ index d532ec33f1fe..cce74ff2a107 100644 config PCPU_DEV_REFCNT bool "Use percpu variables to maintain network device refcount" diff --git a/net/Makefile b/net/Makefile -index 4c4dc535453d..b07f65c0ef56 100644 +index 65bb8c72a35e..c1db937f3212 100644 --- a/net/Makefile +++ b/net/Makefile -@@ -80,3 +80,4 @@ obj-$(CONFIG_XDP_SOCKETS) += xdp/ +@@ -79,3 +79,4 @@ obj-$(CONFIG_XDP_SOCKETS) += xdp/ obj-$(CONFIG_MPTCP) += mptcp/ obj-$(CONFIG_MCTP) += mctp/ obj-$(CONFIG_NET_HANDSHAKE) += handshake/ +obj-$(CONFIG_TSI) += tsi/ diff --git a/net/socket.c b/net/socket.c -index bad58f23f307..9992976a67ff 100644 +index 042451f01c65..5ad75d15e1ad 100644 --- a/net/socket.c +++ b/net/socket.c -@@ -218,6 +218,7 @@ static const char * const pf_family_names[] = { +@@ -217,6 +217,7 @@ static const char * const pf_family_names[] = { [PF_SMC] = "PF_SMC", [PF_XDP] = "PF_XDP", [PF_MCTP] = "PF_MCTP", @@ -119,7 +119,7 @@ index 000000000000..8b3cf74116a5 +tsi-y := af_tsi.o diff --git a/net/tsi/af_tsi.c b/net/tsi/af_tsi.c new file mode 100644 -index 000000000000..eda6c4ba7961 +index 000000000000..f43a17cff3a3 --- /dev/null +++ b/net/tsi/af_tsi.c @@ -0,0 +1,1280 @@ @@ -505,7 +505,7 @@ index 000000000000..eda6c4ba7961 +} + +static int tsi_accept_inet(struct tsi_sock *tsk, struct socket **newsock, -+ int flags, bool kern) ++ struct proto_accept_arg *arg) +{ + struct socket *socket = tsk->isocket; + struct socket *nsock; @@ -518,7 +518,7 @@ index 000000000000..eda6c4ba7961 + nsock->type = socket->type; + nsock->ops = socket->ops; + -+ err = socket->ops->accept(socket, nsock, flags, kern); ++ err = socket->ops->accept(socket, nsock, arg); + + if (err < 0) { + pr_debug("%s: inet accept failed: %d\n", __func__, err); @@ -532,7 +532,7 @@ index 000000000000..eda6c4ba7961 +} + +static int tsi_accept_vsock(struct tsi_sock *tsk, struct socket **newsock, -+ int flags, bool kern) ++ struct proto_accept_arg *arg) +{ + struct socket *socket = tsk->vsocket; + struct socket *nsock; @@ -541,7 +541,7 @@ index 000000000000..eda6c4ba7961 + int err; + + ta_req.svm_port = tsk->svm_port; -+ ta_req.flags = flags; ++ ta_req.flags = arg->flags; + + pr_debug("%s: sending accept request id=%u\n", __func__, + ta_req.svm_port); @@ -577,7 +577,7 @@ index 000000000000..eda6c4ba7961 + nsock->type = socket->type; + nsock->ops = socket->ops; + -+ err = socket->ops->accept(socket, nsock, flags, kern); ++ err = socket->ops->accept(socket, nsock, arg); + + if (err < 0) { + pr_debug("%s: vsock accept failed: %d\n", __func__, err); @@ -590,8 +590,8 @@ index 000000000000..eda6c4ba7961 + return err; +} + -+static int tsi_accept(struct socket *sock, struct socket *newsock, int flags, -+ bool kern) ++static int tsi_accept(struct socket *sock, struct socket *newsock, ++ struct proto_accept_arg *arg) +{ + struct sock *listener = sock->sk; + struct sockaddr_vm vm_addr; @@ -621,14 +621,14 @@ index 000000000000..eda6c4ba7961 + newtsk = tsi_sk(newsock->sk); + + if (tsk->status == S_INET) { -+ err = tsi_accept_inet(tsk, &nsock, flags, kern); ++ err = tsi_accept_inet(tsk, &nsock, arg); + if (err < 0) { + goto error; + } + newtsk->status = S_INET; + newtsk->isocket = nsock; + } else { -+ err = tsi_accept_vsock(tsk, &nsock, flags, kern); ++ err = tsi_accept_vsock(tsk, &nsock, arg); + if (err < 0) { + goto error; + } @@ -1510,10 +1510,10 @@ index 000000000000..cf381734bebe + +#endif diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index d4a99d98ec77..82fd1f975ef6 100644 +index fc926d3cac6e..486be0734a6c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c -@@ -1295,7 +1295,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc +@@ -1302,7 +1302,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc return SECCLASS_XDP_SOCKET; case PF_MCTP: return SECCLASS_MCTP_SOCKET; @@ -1525,21 +1525,20 @@ index d4a99d98ec77..82fd1f975ef6 100644 #endif } diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h -index a3c380775d41..4640eb408c06 100644 +index 7229c9bf6c27..065d9b85693f 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h -@@ -248,6 +248,8 @@ const struct security_class_mapping secclass_map[] = { - { COMMON_SOCK_PERMS, NULL } }, - { "mctp_socket", - { COMMON_SOCK_PERMS, NULL } }, -+ { "tsi_socket", -+ { COMMON_SOCK_PERMS, NULL } }, +@@ -173,6 +173,7 @@ const struct security_class_mapping secclass_map[] = { + NULL } }, + { "xdp_socket", { COMMON_SOCK_PERMS, NULL } }, + { "mctp_socket", { COMMON_SOCK_PERMS, NULL } }, ++ { "tsi_socket", { COMMON_SOCK_PERMS, NULL } }, { "perf_event", { "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } }, - { "anon_inode", -@@ -259,6 +261,6 @@ const struct security_class_mapping secclass_map[] = { + { "anon_inode", { COMMON_FILE_PERMS, NULL } }, +@@ -181,6 +182,6 @@ const struct security_class_mapping secclass_map[] = { { NULL } - }; + }; -#if PF_MAX > 46 +#if PF_MAX > 47 diff --git a/patches/0009-tests-add-vsock-dgram-tests.patch b/patches/0009-tests-add-vsock-dgram-tests.patch deleted file mode 100644 index bd5ddf0..0000000 --- a/patches/0009-tests-add-vsock-dgram-tests.patch +++ /dev/null @@ -1,671 +0,0 @@ -From a05b3dd945767cdeda0d9dc9f1979a8c4e67d1b5 Mon Sep 17 00:00:00 2001 -From: Jiang Wang -Date: Sat, 10 Jun 2023 00:58:35 +0000 -Subject: [PATCH 09/20] tests: add vsock dgram tests - -This patch adds tests for vsock datagram. - -Signed-off-by: Bobby Eshleman -Signed-off-by: Jiang Wang ---- - tools/testing/vsock/util.c | 141 +++++++++- - tools/testing/vsock/util.h | 6 + - tools/testing/vsock/vsock_test.c | 431 +++++++++++++++++++++++++++++++ - 3 files changed, 577 insertions(+), 1 deletion(-) - -diff --git a/tools/testing/vsock/util.c b/tools/testing/vsock/util.c -index 01b636d3039a..811e70d7cf1e 100644 ---- a/tools/testing/vsock/util.c -+++ b/tools/testing/vsock/util.c -@@ -99,7 +99,8 @@ static int vsock_connect(unsigned int cid, unsigned int port, int type) - int ret; - int fd; - -- control_expectln("LISTENING"); -+ if (type != SOCK_DGRAM) -+ control_expectln("LISTENING"); - - fd = socket(AF_VSOCK, type, 0); - -@@ -130,6 +131,11 @@ int vsock_seqpacket_connect(unsigned int cid, unsigned int port) - return vsock_connect(cid, port, SOCK_SEQPACKET); - } - -+int vsock_dgram_connect(unsigned int cid, unsigned int port) -+{ -+ return vsock_connect(cid, port, SOCK_DGRAM); -+} -+ - /* Listen on and return the first incoming connection. The remote - * address is stored to clientaddrp. clientaddrp may be NULL. - */ -@@ -211,6 +217,34 @@ int vsock_seqpacket_accept(unsigned int cid, unsigned int port, - return vsock_accept(cid, port, clientaddrp, SOCK_SEQPACKET); - } - -+int vsock_dgram_bind(unsigned int cid, unsigned int port) -+{ -+ union { -+ struct sockaddr sa; -+ struct sockaddr_vm svm; -+ } addr = { -+ .svm = { -+ .svm_family = AF_VSOCK, -+ .svm_port = port, -+ .svm_cid = cid, -+ }, -+ }; -+ int fd; -+ -+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0); -+ if (fd < 0) { -+ perror("socket"); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) { -+ perror("bind"); -+ exit(EXIT_FAILURE); -+ } -+ -+ return fd; -+} -+ - /* Transmit one byte and check the return value. - * - * expected_ret: -@@ -260,6 +294,57 @@ void send_byte(int fd, int expected_ret, int flags) - } - } - -+/* Transmit one byte and check the return value. -+ * -+ * expected_ret: -+ * <0 Negative errno (for testing errors) -+ * 0 End-of-file -+ * 1 Success -+ */ -+void sendto_byte(int fd, const struct sockaddr *dest_addr, int len, int expected_ret, -+ int flags) -+{ -+ const uint8_t byte = 'A'; -+ ssize_t nwritten; -+ -+ timeout_begin(TIMEOUT); -+ do { -+ nwritten = sendto(fd, &byte, sizeof(byte), flags, dest_addr, -+ len); -+ timeout_check("write"); -+ } while (nwritten < 0 && errno == EINTR); -+ timeout_end(); -+ -+ if (expected_ret < 0) { -+ if (nwritten != -1) { -+ fprintf(stderr, "bogus sendto(2) return value %zd\n", -+ nwritten); -+ exit(EXIT_FAILURE); -+ } -+ if (errno != -expected_ret) { -+ perror("write"); -+ exit(EXIT_FAILURE); -+ } -+ return; -+ } -+ -+ if (nwritten < 0) { -+ perror("write"); -+ exit(EXIT_FAILURE); -+ } -+ if (nwritten == 0) { -+ if (expected_ret == 0) -+ return; -+ -+ fprintf(stderr, "unexpected EOF while sending byte\n"); -+ exit(EXIT_FAILURE); -+ } -+ if (nwritten != sizeof(byte)) { -+ fprintf(stderr, "bogus sendto(2) return value %zd\n", nwritten); -+ exit(EXIT_FAILURE); -+ } -+} -+ - /* Receive one byte and check the return value. - * - * expected_ret: -@@ -313,6 +398,60 @@ void recv_byte(int fd, int expected_ret, int flags) - } - } - -+/* Receive one byte and check the return value. -+ * -+ * expected_ret: -+ * <0 Negative errno (for testing errors) -+ * 0 End-of-file -+ * 1 Success -+ */ -+void recvfrom_byte(int fd, struct sockaddr *src_addr, socklen_t *addrlen, -+ int expected_ret, int flags) -+{ -+ uint8_t byte; -+ ssize_t nread; -+ -+ timeout_begin(TIMEOUT); -+ do { -+ nread = recvfrom(fd, &byte, sizeof(byte), flags, src_addr, addrlen); -+ timeout_check("read"); -+ } while (nread < 0 && errno == EINTR); -+ timeout_end(); -+ -+ if (expected_ret < 0) { -+ if (nread != -1) { -+ fprintf(stderr, "bogus recvfrom(2) return value %zd\n", -+ nread); -+ exit(EXIT_FAILURE); -+ } -+ if (errno != -expected_ret) { -+ perror("read"); -+ exit(EXIT_FAILURE); -+ } -+ return; -+ } -+ -+ if (nread < 0) { -+ perror("read"); -+ exit(EXIT_FAILURE); -+ } -+ if (nread == 0) { -+ if (expected_ret == 0) -+ return; -+ -+ fprintf(stderr, "unexpected EOF while receiving byte\n"); -+ exit(EXIT_FAILURE); -+ } -+ if (nread != sizeof(byte)) { -+ fprintf(stderr, "bogus recvfrom(2) return value %zd\n", nread); -+ exit(EXIT_FAILURE); -+ } -+ if (byte != 'A') { -+ fprintf(stderr, "unexpected byte read %c\n", byte); -+ exit(EXIT_FAILURE); -+ } -+} -+ - /* Run test cases. The program terminates if a failure occurs. */ - void run_tests(const struct test_case *test_cases, - const struct test_opts *opts) -diff --git a/tools/testing/vsock/util.h b/tools/testing/vsock/util.h -index fb99208a95ea..a69e128d120c 100644 ---- a/tools/testing/vsock/util.h -+++ b/tools/testing/vsock/util.h -@@ -37,13 +37,19 @@ void init_signals(void); - unsigned int parse_cid(const char *str); - int vsock_stream_connect(unsigned int cid, unsigned int port); - int vsock_seqpacket_connect(unsigned int cid, unsigned int port); -+int vsock_dgram_connect(unsigned int cid, unsigned int port); - int vsock_stream_accept(unsigned int cid, unsigned int port, - struct sockaddr_vm *clientaddrp); - int vsock_seqpacket_accept(unsigned int cid, unsigned int port, - struct sockaddr_vm *clientaddrp); -+int vsock_dgram_bind(unsigned int cid, unsigned int port); - void vsock_wait_remote_close(int fd); - void send_byte(int fd, int expected_ret, int flags); -+void sendto_byte(int fd, const struct sockaddr *dest_addr, int len, int expected_ret, -+ int flags); - void recv_byte(int fd, int expected_ret, int flags); -+void recvfrom_byte(int fd, struct sockaddr *src_addr, socklen_t *addrlen, -+ int expected_ret, int flags); - void run_tests(const struct test_case *test_cases, - const struct test_opts *opts); - void list_tests(const struct test_case *test_cases); -diff --git a/tools/testing/vsock/vsock_test.c b/tools/testing/vsock/vsock_test.c -index 5dc7767039f6..7c66e934341a 100644 ---- a/tools/testing/vsock/vsock_test.c -+++ b/tools/testing/vsock/vsock_test.c -@@ -1177,6 +1177,413 @@ static void test_seqpacket_msg_peek_server(const struct test_opts *opts) - return test_msg_peek_server(opts, true); - } - -+static void test_dgram_sendto_client(const struct test_opts *opts) -+{ -+ union { -+ struct sockaddr sa; -+ struct sockaddr_vm svm; -+ } addr = { -+ .svm = { -+ .svm_family = AF_VSOCK, -+ .svm_port = 1234, -+ .svm_cid = opts->peer_cid, -+ }, -+ }; -+ int fd; -+ -+ /* Wait for the server to be ready */ -+ control_expectln("BIND"); -+ -+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0); -+ if (fd < 0) { -+ perror("socket"); -+ exit(EXIT_FAILURE); -+ } -+ -+ sendto_byte(fd, &addr.sa, sizeof(addr.svm), 1, 0); -+ -+ /* Notify the server that the client has finished */ -+ control_writeln("DONE"); -+ -+ close(fd); -+} -+ -+static void test_dgram_sendto_server(const struct test_opts *opts) -+{ -+ union { -+ struct sockaddr sa; -+ struct sockaddr_vm svm; -+ } addr = { -+ .svm = { -+ .svm_family = AF_VSOCK, -+ .svm_port = 1234, -+ .svm_cid = VMADDR_CID_ANY, -+ }, -+ }; -+ int len = sizeof(addr.sa); -+ int fd; -+ -+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0); -+ if (fd < 0) { -+ perror("socket"); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) { -+ perror("bind"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Notify the client that the server is ready */ -+ control_writeln("BIND"); -+ -+ recvfrom_byte(fd, &addr.sa, &len, 1, 0); -+ -+ /* Wait for the client to finish */ -+ control_expectln("DONE"); -+ -+ close(fd); -+} -+ -+static void test_dgram_connect_client(const struct test_opts *opts) -+{ -+ union { -+ struct sockaddr sa; -+ struct sockaddr_vm svm; -+ } addr = { -+ .svm = { -+ .svm_family = AF_VSOCK, -+ .svm_port = 1234, -+ .svm_cid = opts->peer_cid, -+ }, -+ }; -+ int ret; -+ int fd; -+ -+ /* Wait for the server to be ready */ -+ control_expectln("BIND"); -+ -+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0); -+ if (fd < 0) { -+ perror("bind"); -+ exit(EXIT_FAILURE); -+ } -+ -+ ret = connect(fd, &addr.sa, sizeof(addr.svm)); -+ if (ret < 0) { -+ perror("connect"); -+ exit(EXIT_FAILURE); -+ } -+ -+ send_byte(fd, 1, 0); -+ -+ /* Notify the server that the client has finished */ -+ control_writeln("DONE"); -+ -+ close(fd); -+} -+ -+static void test_dgram_connect_server(const struct test_opts *opts) -+{ -+ test_dgram_sendto_server(opts); -+} -+ -+static void test_dgram_multiconn_sendto_client(const struct test_opts *opts) -+{ -+ union { -+ struct sockaddr sa; -+ struct sockaddr_vm svm; -+ } addr = { -+ .svm = { -+ .svm_family = AF_VSOCK, -+ .svm_port = 1234, -+ .svm_cid = opts->peer_cid, -+ }, -+ }; -+ int fds[MULTICONN_NFDS]; -+ int i; -+ -+ /* Wait for the server to be ready */ -+ control_expectln("BIND"); -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) { -+ fds[i] = socket(AF_VSOCK, SOCK_DGRAM, 0); -+ if (fds[i] < 0) { -+ perror("socket"); -+ exit(EXIT_FAILURE); -+ } -+ } -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) -+ sendto_byte(fds[i], &addr.sa, sizeof(addr.svm), 1, 0); -+ -+ /* Notify the server that the client has finished */ -+ control_writeln("DONE"); -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) -+ close(fds[i]); -+} -+ -+static void test_dgram_multiconn_sendto_server(const struct test_opts *opts) -+{ -+ union { -+ struct sockaddr sa; -+ struct sockaddr_vm svm; -+ } addr = { -+ .svm = { -+ .svm_family = AF_VSOCK, -+ .svm_port = 1234, -+ .svm_cid = VMADDR_CID_ANY, -+ }, -+ }; -+ int len = sizeof(addr.sa); -+ int fd; -+ int i; -+ -+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0); -+ if (fd < 0) { -+ perror("socket"); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) { -+ perror("bind"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Notify the client that the server is ready */ -+ control_writeln("BIND"); -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) -+ recvfrom_byte(fd, &addr.sa, &len, 1, 0); -+ -+ /* Wait for the client to finish */ -+ control_expectln("DONE"); -+ -+ close(fd); -+} -+ -+static void test_dgram_multiconn_send_client(const struct test_opts *opts) -+{ -+ int fds[MULTICONN_NFDS]; -+ int i; -+ -+ /* Wait for the server to be ready */ -+ control_expectln("BIND"); -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) { -+ fds[i] = vsock_dgram_connect(opts->peer_cid, 1234); -+ if (fds[i] < 0) { -+ perror("socket"); -+ exit(EXIT_FAILURE); -+ } -+ } -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) -+ send_byte(fds[i], 1, 0); -+ -+ /* Notify the server that the client has finished */ -+ control_writeln("DONE"); -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) -+ close(fds[i]); -+} -+ -+static void test_dgram_multiconn_send_server(const struct test_opts *opts) -+{ -+ union { -+ struct sockaddr sa; -+ struct sockaddr_vm svm; -+ } addr = { -+ .svm = { -+ .svm_family = AF_VSOCK, -+ .svm_port = 1234, -+ .svm_cid = VMADDR_CID_ANY, -+ }, -+ }; -+ int fd; -+ int i; -+ -+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0); -+ if (fd < 0) { -+ perror("socket"); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) { -+ perror("bind"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Notify the client that the server is ready */ -+ control_writeln("BIND"); -+ -+ for (i = 0; i < MULTICONN_NFDS; i++) -+ recv_byte(fd, 1, 0); -+ -+ /* Wait for the client to finish */ -+ control_expectln("DONE"); -+ -+ close(fd); -+} -+ -+static void test_dgram_msg_bounds_client(const struct test_opts *opts) -+{ -+ unsigned long recv_buf_size; -+ int page_size; -+ int msg_cnt; -+ int fd; -+ -+ fd = vsock_dgram_connect(opts->peer_cid, 1234); -+ if (fd < 0) { -+ perror("connect"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Let the server know the client is ready */ -+ control_writeln("CLNTREADY"); -+ -+ msg_cnt = control_readulong(); -+ recv_buf_size = control_readulong(); -+ -+ /* Wait, until receiver sets buffer size. */ -+ control_expectln("SRVREADY"); -+ -+ page_size = getpagesize(); -+ -+ for (int i = 0; i < msg_cnt; i++) { -+ unsigned long curr_hash; -+ ssize_t send_size; -+ size_t buf_size; -+ void *buf; -+ -+ /* Use "small" buffers and "big" buffers. */ -+ if (i & 1) -+ buf_size = page_size + -+ (rand() % (MAX_MSG_SIZE - page_size)); -+ else -+ buf_size = 1 + (rand() % page_size); -+ -+ buf_size = min(buf_size, recv_buf_size); -+ -+ buf = malloc(buf_size); -+ -+ if (!buf) { -+ perror("malloc"); -+ exit(EXIT_FAILURE); -+ } -+ -+ memset(buf, rand() & 0xff, buf_size); -+ /* Set at least one MSG_EOR + some random. */ -+ -+ send_size = send(fd, buf, buf_size, 0); -+ -+ if (send_size < 0) { -+ perror("send"); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (send_size != buf_size) { -+ fprintf(stderr, "Invalid send size\n"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* In theory the implementation isn't required to transmit -+ * these packets in order, so we use this SYNC control message -+ * so that server and client coordinate sending and receiving -+ * one packet at a time. The client sends a packet and waits -+ * until it has been received before sending another. -+ */ -+ control_writeln("PKTSENT"); -+ control_expectln("PKTRECV"); -+ -+ /* Send the server a hash of the packet */ -+ curr_hash = hash_djb2(buf, buf_size); -+ control_writeulong(curr_hash); -+ free(buf); -+ } -+ -+ control_writeln("SENDDONE"); -+ close(fd); -+} -+ -+static void test_dgram_msg_bounds_server(const struct test_opts *opts) -+{ -+ const unsigned long msg_cnt = 16; -+ unsigned long sock_buf_size; -+ struct msghdr msg = {0}; -+ struct iovec iov = {0}; -+ char buf[MAX_MSG_SIZE]; -+ socklen_t len; -+ int fd; -+ int i; -+ -+ fd = vsock_dgram_bind(VMADDR_CID_ANY, 1234); -+ -+ if (fd < 0) { -+ perror("bind"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Set receive buffer to maximum */ -+ sock_buf_size = -1; -+ if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, -+ &sock_buf_size, sizeof(sock_buf_size))) { -+ perror("setsockopt(SO_RECVBUF)"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Retrieve the receive buffer size */ -+ len = sizeof(sock_buf_size); -+ if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, -+ &sock_buf_size, &len)) { -+ perror("getsockopt(SO_RECVBUF)"); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Client ready to receive parameters */ -+ control_expectln("CLNTREADY"); -+ -+ control_writeulong(msg_cnt); -+ control_writeulong(sock_buf_size); -+ -+ /* Ready to receive data. */ -+ control_writeln("SRVREADY"); -+ -+ iov.iov_base = buf; -+ iov.iov_len = sizeof(buf); -+ msg.msg_iov = &iov; -+ msg.msg_iovlen = 1; -+ -+ for (i = 0; i < msg_cnt; i++) { -+ unsigned long remote_hash; -+ unsigned long curr_hash; -+ ssize_t recv_size; -+ -+ control_expectln("PKTSENT"); -+ recv_size = recvmsg(fd, &msg, 0); -+ control_writeln("PKTRECV"); -+ -+ if (!recv_size) -+ break; -+ -+ if (recv_size < 0) { -+ perror("recvmsg"); -+ exit(EXIT_FAILURE); -+ } -+ -+ curr_hash = hash_djb2(msg.msg_iov[0].iov_base, recv_size); -+ remote_hash = control_readulong(); -+ -+ if (curr_hash != remote_hash) { -+ fprintf(stderr, "Message bounds broken\n"); -+ exit(EXIT_FAILURE); -+ } -+ } -+ -+ close(fd); -+} -+ - static struct test_case test_cases[] = { - { - .name = "SOCK_STREAM connection reset", -@@ -1256,6 +1663,30 @@ static struct test_case test_cases[] = { - .name = "SOCK_SEQPACKET MSG_PEEK", - .run_client = test_seqpacket_msg_peek_client, - .run_server = test_seqpacket_msg_peek_server, -+ }, -+ .name = "SOCK_DGRAM client sendto", -+ .run_client = test_dgram_sendto_client, -+ .run_server = test_dgram_sendto_server, -+ }, -+ { -+ .name = "SOCK_DGRAM client connect", -+ .run_client = test_dgram_connect_client, -+ .run_server = test_dgram_connect_server, -+ }, -+ { -+ .name = "SOCK_DGRAM multiple connections using sendto", -+ .run_client = test_dgram_multiconn_sendto_client, -+ .run_server = test_dgram_multiconn_sendto_server, -+ }, -+ { -+ .name = "SOCK_DGRAM multiple connections using send", -+ .run_client = test_dgram_multiconn_send_client, -+ .run_server = test_dgram_multiconn_send_server, -+ }, -+ { -+ .name = "SOCK_DGRAM msg bounds", -+ .run_client = test_dgram_msg_bounds_client, -+ .run_server = test_dgram_msg_bounds_server, - }, - {}, - }; --- -2.45.2 - diff --git a/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch b/patches/0010-tsi-allow-hijacking-sockets-tsi_hijack.patch similarity index 83% rename from patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch rename to patches/0010-tsi-allow-hijacking-sockets-tsi_hijack.patch index bd4eb0e..0c503f6 100644 --- a/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch +++ b/patches/0010-tsi-allow-hijacking-sockets-tsi_hijack.patch @@ -1,7 +1,7 @@ -From 6fcf7ffdb2ef4f9808ba93d71e29488738c87189 Mon Sep 17 00:00:00 2001 +From 9c52a8990c5df53a2cfe3ba1d7b220ed26607623 Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Thu, 19 May 2022 22:42:01 +0200 -Subject: [PATCH 11/20] tsi: allow hijacking sockets (tsi_hijack) +Subject: [PATCH 10/19] tsi: allow hijacking sockets (tsi_hijack) Add a kernel command line option (tsi_hijack) enabling users to request the kernel to hijack AF_INET(SOCK_STREAM || SOCK_DGRAM) @@ -14,7 +14,7 @@ Signed-off-by: Sergio Lopez 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/net/socket.c b/net/socket.c -index 9992976a67ff..2a928d25f282 100644 +index 5ad75d15e1ad..bf8818423454 100644 --- a/net/socket.c +++ b/net/socket.c @@ -115,6 +115,10 @@ unsigned int sysctl_net_busy_read __read_mostly; @@ -28,7 +28,7 @@ index 9992976a67ff..2a928d25f282 100644 static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to); static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from); static int sock_mmap(struct file *file, struct vm_area_struct *vma); -@@ -1483,6 +1487,10 @@ int sock_wake_async(struct socket_wq *wq, int how, int band) +@@ -1488,6 +1492,10 @@ int sock_wake_async(struct socket_wq *wq, int how, int band) } EXPORT_SYMBOL(sock_wake_async); @@ -39,7 +39,7 @@ index 9992976a67ff..2a928d25f282 100644 /** * __sock_create - creates a socket * @net: net namespace -@@ -1553,6 +1561,15 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1558,6 +1566,15 @@ int __sock_create(struct net *net, int family, int type, int protocol, request_module("net-pf-%d", family); #endif @@ -56,10 +56,10 @@ index 9992976a67ff..2a928d25f282 100644 pf = rcu_dereference(net_families[family]); err = -EAFNOSUPPORT; diff --git a/net/tsi/af_tsi.c b/net/tsi/af_tsi.c -index eda6c4ba7961..6cf01d7ce8f5 100644 +index f43a17cff3a3..ef1552862253 100644 --- a/net/tsi/af_tsi.c +++ b/net/tsi/af_tsi.c -@@ -474,7 +474,7 @@ static int tsi_accept(struct socket *sock, struct socket *newsock, int flags, +@@ -474,7 +474,7 @@ static int tsi_accept(struct socket *sock, struct socket *newsock, struct socket *csocket; struct tsi_sock *tsk; struct tsi_sock *newtsk; diff --git a/patches/0012-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch b/patches/0011-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch similarity index 90% rename from patches/0012-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch rename to patches/0011-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch index 6b82362..f8cb03e 100644 --- a/patches/0012-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch +++ b/patches/0011-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch @@ -1,7 +1,7 @@ -From 4799b17d694746a858a8d4b05807f1e2efe252a6 Mon Sep 17 00:00:00 2001 +From 74b584bdff56c762b881cd499f1cc14de83c2d5c Mon Sep 17 00:00:00 2001 From: Asahi Lina Date: Wed, 25 Sep 2024 16:35:34 +0200 -Subject: [PATCH 12/20] arm64: cpufeature: Unify SCOPE_LOCAL_CPU early & late +Subject: [PATCH 11/19] arm64: cpufeature: Unify SCOPE_LOCAL_CPU early & late behavior SCOPE_LOCAL_CPU is mostly used for CPU errata. The early feature logic @@ -35,10 +35,10 @@ Signed-off-by: Asahi Lina 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index 7e9660455900..6802a8eeb6a6 100644 +index db994d1fd97e..a9377c83afcb 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c -@@ -2986,10 +2986,38 @@ static void update_cpu_capabilities(u16 scope_mask) +@@ -3168,10 +3168,38 @@ static void update_cpu_capabilities(u16 scope_mask) scope_mask &= ARM64_CPUCAP_SCOPE_MASK; for (i = 0; i < ARM64_NCAPS; i++) { @@ -79,7 +79,7 @@ index 7e9660455900..6802a8eeb6a6 100644 + */ continue; - if (caps->desc) + if (caps->desc && !caps->cpus) -- 2.45.2 diff --git a/patches/0013-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch b/patches/0012-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch similarity index 86% rename from patches/0013-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch rename to patches/0012-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch index a787fea..38182f7 100644 --- a/patches/0013-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch +++ b/patches/0012-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch @@ -1,7 +1,7 @@ -From 910c13dfdcf052ba9c4a525f73e86dfd6961314e Mon Sep 17 00:00:00 2001 +From c9afe590f6028ce4ed674b9c648053d0a080c2d2 Mon Sep 17 00:00:00 2001 From: Hector Martin Date: Thu, 11 Apr 2024 09:51:20 +0900 -Subject: [PATCH 13/20] prctl: Introduce PR_{SET,GET}_MEM_MODEL +Subject: [PATCH 12/19] prctl: Introduce PR_{SET,GET}_MEM_MODEL On some architectures, it is possible to query and/or change the CPU memory model. This allows userspace to switch to a stricter memory model @@ -59,12 +59,12 @@ index 000000000000..267a12ca6630 + +#endif diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h -index 370ed14b1ae0..961216093f11 100644 +index 35791791a879..36c278683cd6 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h -@@ -306,4 +306,9 @@ struct prctl_mm_map { - # define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc - # define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f +@@ -328,4 +328,9 @@ struct prctl_mm_map { + # define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10 /* Clear the aspect on exec */ + # define PR_PPC_DEXCR_CTRL_MASK 0x1f +#define PR_GET_MEM_MODEL 0x6d4d444c +#define PR_SET_MEM_MODEL 0x4d4d444c @@ -73,7 +73,7 @@ index 370ed14b1ae0..961216093f11 100644 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c -index 44b575990333..2db751ce25a2 100644 +index 4da31f28fda8..83da58930513 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -45,6 +45,7 @@ @@ -84,7 +84,7 @@ index 44b575990333..2db751ce25a2 100644 #include #include -@@ -2432,6 +2433,16 @@ static int prctl_get_auxv(void __user *addr, unsigned long len) +@@ -2454,6 +2455,16 @@ static int prctl_get_auxv(void __user *addr, unsigned long len) return sizeof(mm->saved_auxv); } @@ -101,9 +101,9 @@ index 44b575990333..2db751ce25a2 100644 SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, unsigned long, arg4, unsigned long, arg5) { -@@ -2747,6 +2758,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, - case PR_RISCV_V_GET_CONTROL: - error = RISCV_V_GET_CONTROL(); +@@ -2784,6 +2795,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, + case PR_RISCV_SET_ICACHE_FLUSH_CTX: + error = RISCV_SET_ICACHE_FLUSH_CTX(arg2, arg3); break; + case PR_GET_MEM_MODEL: + if (arg2 || arg3 || arg4 || arg5) diff --git a/patches/0014-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch b/patches/0013-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch similarity index 79% rename from patches/0014-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch rename to patches/0013-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch index 3febc33..2681893 100644 --- a/patches/0014-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch +++ b/patches/0013-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch @@ -1,7 +1,7 @@ -From c6af9a365bcef9ffb50b58f0fc5e3bb80bee0ae2 Mon Sep 17 00:00:00 2001 +From 7e959884e3965e17af8f3ccd1b1b5a1cb4e97bc3 Mon Sep 17 00:00:00 2001 From: Hector Martin -Date: Mon, 6 May 2024 16:47:51 +0200 -Subject: [PATCH 14/20] arm64: Implement PR_{GET,SET}_MEM_MODEL for always-TSO +Date: Thu, 11 Apr 2024 09:51:21 +0900 +Subject: [PATCH 13/19] arm64: Implement PR_{GET,SET}_MEM_MODEL for always-TSO CPUs Some ARM64 implementations are known to always use the TSO memory model. @@ -18,19 +18,19 @@ Reviewed-by: Neal Gompa --- arch/arm64/Kconfig | 9 +++++++ arch/arm64/include/asm/cpufeature.h | 4 +++ - arch/arm64/kernel/Makefile | 2 +- + arch/arm64/kernel/Makefile | 3 ++- arch/arm64/kernel/cpufeature.c | 11 ++++---- arch/arm64/kernel/cpufeature_impdef.c | 38 +++++++++++++++++++++++++++ arch/arm64/kernel/process.c | 24 +++++++++++++++++ arch/arm64/tools/cpucaps | 1 + - 7 files changed, 83 insertions(+), 6 deletions(-) + 7 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 arch/arm64/kernel/cpufeature_impdef.c diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index 658c6a61ab6f..ffc0a44a8dee 100644 +index 22f8a7bca6d2..07447cca16f9 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig -@@ -2200,6 +2200,15 @@ config ARM64_DEBUG_PRIORITY_MASKING +@@ -2250,6 +2250,15 @@ config ARM64_DEBUG_PRIORITY_MASKING If unsure, say N endif # ARM64_PSEUDO_NMI @@ -47,12 +47,12 @@ index 658c6a61ab6f..ffc0a44a8dee 100644 bool "Build a relocatable kernel image" if EXPERT select ARCH_HAS_RELR diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h -index 5bba39376055..f83f951bec94 100644 +index 3d261cc123c1..c4379bde9a26 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h -@@ -924,6 +924,10 @@ extern struct arm64_ftr_override arm64_sw_feature_override; - u32 get_kvm_ipa_limit(void); - void dump_cpu_features(void); +@@ -1038,6 +1038,10 @@ static inline bool cpu_has_lpa2(void) + #endif + } +void __init init_cpucap_indirect_list_impdef(void); +void __init init_cpucap_indirect_list_from_array(const struct arm64_cpu_capabilities *caps); @@ -62,23 +62,24 @@ index 5bba39376055..f83f951bec94 100644 #endif diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile -index d95b3d6b471a..2a86fc69ccea 100644 +index 2b112f3b7510..2a11cdefbe04 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile -@@ -34,7 +34,7 @@ obj-y := debug-monitors.o entry.o irq.o fpsimd.o \ +@@ -33,7 +33,8 @@ obj-y := debug-monitors.o entry.o irq.o fpsimd.o \ + return_address.o cpuinfo.o cpu_errata.o \ cpufeature.o alternative.o cacheinfo.o \ smp.o smp_spin_table.o topology.o smccc-call.o \ - syscall.o proton-pack.o idreg-override.o idle.o \ -- patching.o -+ patching.o cpufeature_impdef.o +- syscall.o proton-pack.o idle.o patching.o pi/ ++ syscall.o proton-pack.o idle.o patching.o \ ++ cpufeature_impdef.o pi/ obj-$(CONFIG_COMPAT) += sys32.o signal32.o \ sys_compat.o diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index 6802a8eeb6a6..ceebd3ccbe4a 100644 +index a9377c83afcb..44e18523dfdd 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c -@@ -965,7 +965,7 @@ static void init_cpu_ftr_reg(u32 sys_reg, u64 new) +@@ -1032,7 +1032,7 @@ static void init_cpu_ftr_reg(u32 sys_reg, u64 new) extern const struct arm64_cpu_capabilities arm64_errata[]; static const struct arm64_cpu_capabilities arm64_features[]; @@ -87,15 +88,7 @@ index 6802a8eeb6a6..ceebd3ccbe4a 100644 init_cpucap_indirect_list_from_array(const struct arm64_cpu_capabilities *caps) { for (; caps->matches; caps++) { -@@ -1066,6 +1066,7 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info) - * handle the boot CPU below. - */ - init_cpucap_indirect_list(); -+ init_cpucap_indirect_list_impdef(); - - /* - * Detect and enable early CPU capabilities based on the boot CPU, -@@ -1437,8 +1438,8 @@ has_always(const struct arm64_cpu_capabilities *entry, int scope) +@@ -1544,8 +1544,8 @@ has_always(const struct arm64_cpu_capabilities *entry, int scope) return true; } @@ -104,9 +97,9 @@ index 6802a8eeb6a6..ceebd3ccbe4a 100644 +bool +cpufeature_matches(u64 reg, const struct arm64_cpu_capabilities *entry) { - int val = cpuid_feature_extract_field_width(reg, entry->field_pos, - entry->field_width, -@@ -1474,14 +1475,14 @@ has_user_cpuid_feature(const struct arm64_cpu_capabilities *entry, int scope) + int val, min, max; + u64 tmp; +@@ -1598,14 +1598,14 @@ has_user_cpuid_feature(const struct arm64_cpu_capabilities *entry, int scope) if (!mask) return false; @@ -123,6 +116,14 @@ index 6802a8eeb6a6..ceebd3ccbe4a 100644 } const struct cpumask *system_32bit_el0_cpumask(void) +@@ -3547,6 +3547,7 @@ void __init setup_boot_cpu_features(void) + * handle the boot CPU. + */ + init_cpucap_indirect_list(); ++ init_cpucap_indirect_list_impdef(); + + /* + * Detect broken pseudo-NMI. Must be called _before_ the call to diff --git a/arch/arm64/kernel/cpufeature_impdef.c b/arch/arm64/kernel/cpufeature_impdef.c new file mode 100644 index 000000000000..de784a1fb49b @@ -168,7 +169,7 @@ index 000000000000..de784a1fb49b + init_cpucap_indirect_list_from_array(arm64_impdef_features); +} diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index 0fcc4eb1a7ab..2f37a56a4a4b 100644 +index 2bbcbb11d844..20434392a222 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -41,6 +41,7 @@ @@ -178,8 +179,8 @@ index 0fcc4eb1a7ab..2f37a56a4a4b 100644 +#include #include - #include -@@ -516,6 +517,25 @@ void update_sctlr_el1(u64 sctlr) + #include +@@ -565,6 +566,25 @@ void update_sctlr_el1(u64 sctlr) isb(); } @@ -205,7 +206,7 @@ index 0fcc4eb1a7ab..2f37a56a4a4b 100644 /* * Thread switching. */ -@@ -654,6 +674,10 @@ void arch_setup_new_exec(void) +@@ -704,6 +724,10 @@ void arch_setup_new_exec(void) arch_prctl_spec_ctrl_set(current, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE); } @@ -217,17 +218,17 @@ index 0fcc4eb1a7ab..2f37a56a4a4b 100644 #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps -index c251ef3caae5..cedae062dbdd 100644 +index eedb5acc21ed..bca63481e0cf 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps -@@ -50,6 +50,7 @@ HAS_STAGE2_FWB +@@ -53,6 +53,7 @@ HAS_STAGE2_FWB HAS_TCR2 HAS_TIDCP1 HAS_TLB_RANGE +HAS_TSO_FIXED + HAS_VA52 HAS_VIRT_HOST_EXTN HAS_WFXT - HW_DBM -- 2.45.2 diff --git a/patches/0015-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch b/patches/0014-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch similarity index 80% rename from patches/0015-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch rename to patches/0014-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch index 41f6ce1..ff38635 100644 --- a/patches/0015-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch +++ b/patches/0014-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch @@ -1,7 +1,7 @@ -From f391c3e1b4072567adbebe792a0268433e68d2bc Mon Sep 17 00:00:00 2001 +From 84db5973c1484ef3dcf9f959597c97a9ea3fe816 Mon Sep 17 00:00:00 2001 From: Hector Martin Date: Thu, 11 Apr 2024 09:51:22 +0900 -Subject: [PATCH 15/20] arm64: Introduce scaffolding to add ACTLR_EL1 to thread +Subject: [PATCH 14/19] arm64: Introduce scaffolding to add ACTLR_EL1 to thread state Some CPUs expose IMPDEF features in ACTLR_EL1 that can be meaningfully @@ -24,10 +24,10 @@ Reviewed-by: Neal Gompa 5 files changed, 44 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index ffc0a44a8dee..5f774ff0945a 100644 +index 07447cca16f9..343a2abab42f 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig -@@ -408,6 +408,9 @@ config KASAN_SHADOW_OFFSET +@@ -428,6 +428,9 @@ config KASAN_SHADOW_OFFSET config UNWIND_TABLES bool @@ -38,10 +38,10 @@ index ffc0a44a8dee..5f774ff0945a 100644 menu "Kernel Features" diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h -index f83f951bec94..8c5d5a03b2af 100644 +index c4379bde9a26..1775e210f04f 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h -@@ -908,6 +908,11 @@ static inline unsigned int get_vmid_bits(u64 mmfr1) +@@ -915,6 +915,11 @@ static inline unsigned int get_vmid_bits(u64 mmfr1) return 8; } @@ -54,13 +54,13 @@ index f83f951bec94..8c5d5a03b2af 100644 struct arm64_ftr_reg *get_arm64_ftr_reg(u32 sys_id); diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h -index e5bc54522e71..e1ca89202619 100644 +index 1438424f0064..ea4e32467068 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h -@@ -179,6 +179,9 @@ struct thread_struct { - u64 sctlr_user; +@@ -185,6 +185,9 @@ struct thread_struct { u64 svcr; u64 tpidr2_el0; + u64 por_el0; +#ifdef CONFIG_ARM64_ACTLR_STATE + u64 actlr; +#endif @@ -68,12 +68,12 @@ index e5bc54522e71..e1ca89202619 100644 static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index 2f37a56a4a4b..235c965ebbc3 100644 +index 20434392a222..357e5dbf38cd 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c -@@ -375,6 +375,11 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) - if (system_supports_tpidr2()) - p->thread.tpidr2_el0 = read_sysreg_s(SYS_TPIDR2_EL0); +@@ -385,6 +385,11 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) + if (system_supports_poe()) + p->thread.por_el0 = read_sysreg_s(SYS_POR_EL0); +#ifdef CONFIG_ARM64_ACTLR_STATE + if (system_has_actlr_state()) @@ -83,7 +83,7 @@ index 2f37a56a4a4b..235c965ebbc3 100644 if (stack_start) { if (is_compat_thread(task_thread_info(p))) childregs->compat_sp = stack_start; -@@ -536,6 +541,25 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val) +@@ -585,6 +590,25 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val) } #endif @@ -109,19 +109,19 @@ index 2f37a56a4a4b..235c965ebbc3 100644 /* * Thread switching. */ -@@ -553,6 +577,7 @@ struct task_struct *__switch_to(struct task_struct *prev, - ssbs_thread_switch(next); - erratum_1418040_thread_switch(next); +@@ -603,6 +627,7 @@ struct task_struct *__switch_to(struct task_struct *prev, + cntkctl_thread_switch(prev, next); ptrauth_thread_switch_user(next); + permission_overlay_switch(next); + actlr_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c -index c583d1f335f8..86e0631df0c1 100644 +index 87f61fd6783c..8fb0c20959bf 100644 --- a/arch/arm64/kernel/setup.c +++ b/arch/arm64/kernel/setup.c -@@ -379,6 +379,14 @@ void __init __no_sanitize_address setup_arch(char **cmdline_p) +@@ -367,6 +367,14 @@ void __init __no_sanitize_address setup_arch(char **cmdline_p) */ init_task.thread_info.ttbr0 = phys_to_ttbr(__pa_symbol(reserved_pg_dir)); #endif diff --git a/patches/0016-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch b/patches/0015-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch similarity index 87% rename from patches/0016-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch rename to patches/0015-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch index 9499f37..048ce4f 100644 --- a/patches/0016-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch +++ b/patches/0015-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch @@ -1,7 +1,7 @@ -From 641b03f2e7b6bd1285de906f3aee976aef38b8ba Mon Sep 17 00:00:00 2001 +From d38c52ef771b223fa12af0e8a16015decc13566d Mon Sep 17 00:00:00 2001 From: Hector Martin Date: Thu, 11 Apr 2024 09:51:23 +0900 -Subject: [PATCH 16/20] arm64: Implement Apple IMPDEF TSO memory model control +Subject: [PATCH 15/19] arm64: Implement Apple IMPDEF TSO memory model control Apple CPUs may implement the TSO memory model as an optional configurable mode. This allows x86 emulators to simplify their @@ -20,17 +20,17 @@ Reviewed-by: Neal Gompa arch/arm64/Kconfig | 2 + arch/arm64/include/asm/apple_cpufeature.h | 15 +++++++ arch/arm64/include/asm/cpufeature.h | 3 +- - arch/arm64/kernel/cpufeature_impdef.c | 52 +++++++++++++++++++++++ + arch/arm64/kernel/cpufeature_impdef.c | 53 +++++++++++++++++++++++ arch/arm64/kernel/process.c | 22 ++++++++++ arch/arm64/tools/cpucaps | 1 + - 6 files changed, 94 insertions(+), 1 deletion(-) + 6 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/include/asm/apple_cpufeature.h diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index 5f774ff0945a..4cd140d0d693 100644 +index 343a2abab42f..c30fc0652744 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig -@@ -2205,6 +2205,8 @@ endif # ARM64_PSEUDO_NMI +@@ -2255,6 +2255,8 @@ endif # ARM64_PSEUDO_NMI config ARM64_MEMORY_MODEL_CONTROL bool "Runtime memory model control" @@ -61,10 +61,10 @@ index 000000000000..4370d91ffa3e + +#endif diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h -index 8c5d5a03b2af..fb2e732c407f 100644 +index 1775e210f04f..6343a192aba1 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h -@@ -910,7 +910,8 @@ static inline unsigned int get_vmid_bits(u64 mmfr1) +@@ -917,7 +917,8 @@ static inline unsigned int get_vmid_bits(u64 mmfr1) static __always_inline bool system_has_actlr_state(void) { @@ -75,7 +75,7 @@ index 8c5d5a03b2af..fb2e732c407f 100644 s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new, s64 cur); diff --git a/arch/arm64/kernel/cpufeature_impdef.c b/arch/arm64/kernel/cpufeature_impdef.c -index de784a1fb49b..d82ff2e80426 100644 +index de784a1fb49b..3b0807bf90cd 100644 --- a/arch/arm64/kernel/cpufeature_impdef.c +++ b/arch/arm64/kernel/cpufeature_impdef.c @@ -3,9 +3,51 @@ @@ -130,7 +130,7 @@ index de784a1fb49b..d82ff2e80426 100644 static bool has_tso_fixed(const struct arm64_cpu_capabilities *entry, int scope) { /* List of CPUs that always use the TSO memory model */ -@@ -22,6 +64,16 @@ static bool has_tso_fixed(const struct arm64_cpu_capabilities *entry, int scope) +@@ -22,6 +64,17 @@ static bool has_tso_fixed(const struct arm64_cpu_capabilities *entry, int scope) static const struct arm64_cpu_capabilities arm64_impdef_features[] = { #ifdef CONFIG_ARM64_MEMORY_MODEL_CONTROL @@ -143,12 +143,13 @@ index de784a1fb49b..d82ff2e80426 100644 + .field_width = 1, + .sign = FTR_UNSIGNED, + .min_field_value = 1, ++ .max_field_value = 1, + }, { .desc = "TSO memory model (Fixed)", .capability = ARM64_HAS_TSO_FIXED, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index 235c965ebbc3..9cb54aa3b731 100644 +index 357e5dbf38cd..9bdf9ca9051e 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -44,6 +44,7 @@ @@ -156,10 +157,10 @@ index 235c965ebbc3..9cb54aa3b731 100644 #include +#include + #include #include #include - #include -@@ -525,6 +526,10 @@ void update_sctlr_el1(u64 sctlr) +@@ -574,6 +575,10 @@ void update_sctlr_el1(u64 sctlr) #ifdef CONFIG_ARM64_MEMORY_MODEL_CONTROL int arch_prctl_mem_model_get(struct task_struct *t) { @@ -170,7 +171,7 @@ index 235c965ebbc3..9cb54aa3b731 100644 return PR_SET_MEM_MODEL_DEFAULT; } -@@ -534,6 +539,23 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val) +@@ -583,6 +588,23 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val) val == PR_SET_MEM_MODEL_TSO) return 0; @@ -195,17 +196,17 @@ index 235c965ebbc3..9cb54aa3b731 100644 return 0; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps -index cedae062dbdd..cee02bfc4633 100644 +index bca63481e0cf..8b809992a9ee 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps -@@ -50,6 +50,7 @@ HAS_STAGE2_FWB +@@ -53,6 +53,7 @@ HAS_STAGE2_FWB HAS_TCR2 HAS_TIDCP1 HAS_TLB_RANGE +HAS_TSO_APPLE HAS_TSO_FIXED + HAS_VA52 HAS_VIRT_HOST_EXTN - HAS_WFXT -- 2.45.2 diff --git a/patches/0017-drm-virtio-Support-fence-passing-feature.patch b/patches/0016-drm-virtio-Support-fence-passing-feature.patch similarity index 91% rename from patches/0017-drm-virtio-Support-fence-passing-feature.patch rename to patches/0016-drm-virtio-Support-fence-passing-feature.patch index 313bac5..b5fcc7d 100644 --- a/patches/0017-drm-virtio-Support-fence-passing-feature.patch +++ b/patches/0016-drm-virtio-Support-fence-passing-feature.patch @@ -1,7 +1,7 @@ -From 1061d684a171eeca4bc66dfe26b5d3de7873d74a Mon Sep 17 00:00:00 2001 +From 99b59fd16fe07659a9abc9e9d7a6045c1830a869 Mon Sep 17 00:00:00 2001 From: Dmitry Osipenko Date: Sat, 7 Oct 2023 22:47:47 +0300 -Subject: [PATCH 17/20] drm/virtio: Support fence-passing feature +Subject: [PATCH 16/19] drm/virtio: Support fence-passing feature Support extended version of VIRTIO_GPU_CMD_SUBMIT_3D command that allows passing in-fence IDs to host for waiting, removing need to do expensive @@ -36,7 +36,7 @@ Signed-off-by: Dmitry Osipenko 9 files changed, 152 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c -index c5716fd0aed3..450ce481b1f8 100644 +index e5a2665e50ea..33b471dfe098 100644 --- a/drivers/gpu/drm/virtio/virtgpu_drv.c +++ b/drivers/gpu/drm/virtio/virtgpu_drv.c @@ -149,6 +149,7 @@ static unsigned int features[] = { @@ -48,10 +48,10 @@ index c5716fd0aed3..450ce481b1f8 100644 static struct virtio_driver virtio_gpu_driver = { .feature_table = features, diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h b/drivers/gpu/drm/virtio/virtgpu_drv.h -index 4126c384286b..13507700e6da 100644 +index 64c236169db8..648154495609 100644 --- a/drivers/gpu/drm/virtio/virtgpu_drv.h +++ b/drivers/gpu/drm/virtio/virtgpu_drv.h -@@ -149,6 +149,7 @@ struct virtio_gpu_fence { +@@ -152,6 +152,7 @@ struct virtio_gpu_fence { struct virtio_gpu_fence_event *e; struct virtio_gpu_fence_driver *drv; struct list_head node; @@ -59,7 +59,7 @@ index 4126c384286b..13507700e6da 100644 }; struct virtio_gpu_vbuffer { -@@ -246,6 +247,7 @@ struct virtio_gpu_device { +@@ -249,6 +250,7 @@ struct virtio_gpu_device { bool has_resource_blob; bool has_host_visible; bool has_context_init; @@ -67,15 +67,15 @@ index 4126c384286b..13507700e6da 100644 struct virtio_shm_region host_visible_region; struct drm_mm host_visible_mm; -@@ -273,6 +275,7 @@ struct virtio_gpu_fpriv { +@@ -276,6 +278,7 @@ struct virtio_gpu_fpriv { uint32_t num_rings; uint64_t base_fence_ctx; uint64_t ring_idx_mask; + bool fence_passing_enabled; struct mutex context_lock; - }; - -@@ -369,7 +372,9 @@ void virtio_gpu_cmd_submit(struct virtio_gpu_device *vgdev, + char debug_name[DEBUG_NAME_MAX_LEN]; + bool explicit_debug_name; +@@ -372,7 +375,9 @@ void virtio_gpu_cmd_submit(struct virtio_gpu_device *vgdev, void *data, uint32_t data_size, uint32_t ctx_id, struct virtio_gpu_object_array *objs, @@ -145,10 +145,10 @@ index f28357dbde35..1fd3cfeca2f5 100644 void virtio_gpu_fence_event_process(struct virtio_gpu_device *vgdev, diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c -index b24b11f25197..3028786c59cd 100644 +index e4f76f315550..894f3fd14c51 100644 --- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c +++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c -@@ -514,7 +514,8 @@ static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev, +@@ -524,7 +524,8 @@ static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev, return PTR_ERR(buf); virtio_gpu_cmd_submit(vgdev, buf, rc_blob->cmd_size, @@ -158,9 +158,9 @@ index b24b11f25197..3028786c59cd 100644 } if (guest_blob) -@@ -642,6 +643,14 @@ static int virtio_gpu_context_init_ioctl(struct drm_device *dev, - - vfpriv->ring_idx_mask = value; +@@ -667,6 +668,14 @@ static int virtio_gpu_context_init_ioctl(struct drm_device *dev, + vfpriv->explicit_debug_name = true; + ret = 0; break; + case VIRTGPU_CONTEXT_PARAM_FENCE_PASSING: + if (!vgdev->has_fence_passing && value) { @@ -174,10 +174,10 @@ index b24b11f25197..3028786c59cd 100644 ret = -EINVAL; goto out_unlock; diff --git a/drivers/gpu/drm/virtio/virtgpu_kms.c b/drivers/gpu/drm/virtio/virtgpu_kms.c -index 5a3b5aaed1f3..9f4617a75edd 100644 +index 7dfb2006c561..fa4e5542fe5b 100644 --- a/drivers/gpu/drm/virtio/virtgpu_kms.c +++ b/drivers/gpu/drm/virtio/virtgpu_kms.c -@@ -197,12 +197,16 @@ int virtio_gpu_init(struct virtio_device *vdev, struct drm_device *dev) +@@ -196,12 +196,16 @@ int virtio_gpu_init(struct virtio_device *vdev, struct drm_device *dev) if (virtio_has_feature(vgdev->vdev, VIRTIO_GPU_F_CONTEXT_INIT)) { vgdev->has_context_init = true; } @@ -197,7 +197,7 @@ index 5a3b5aaed1f3..9f4617a75edd 100644 DRM_INFO("features: %ccontext_init\n", vgdev->has_context_init ? '+' : '-'); diff --git a/drivers/gpu/drm/virtio/virtgpu_submit.c b/drivers/gpu/drm/virtio/virtgpu_submit.c -index d530c058f53e..5274035425df 100644 +index 7d34cf83f5f2..136ca6238ab0 100644 --- a/drivers/gpu/drm/virtio/virtgpu_submit.c +++ b/drivers/gpu/drm/virtio/virtgpu_submit.c @@ -25,6 +25,11 @@ struct virtio_gpu_submit_post_dep { @@ -301,7 +301,7 @@ index d530c058f53e..5274035425df 100644 + if (new_data_size < submit->data_size) + return -EINVAL; + -+ buf = kvrealloc(buf, submit->data_size, new_data_size, GFP_KERNEL); ++ buf = kvrealloc(buf, new_data_size, GFP_KERNEL); + if (!buf) + return -ENOMEM; + @@ -362,9 +362,9 @@ index d530c058f53e..5274035425df 100644 + goto cleanup; /* - * Set up usr-out data after submitting the job to optimize + * Set up user-out data after submitting the job to optimize diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c -index b1a00c0c25a7..29d462b69bad 100644 +index 0d3d0d09f39b..96f0a42d313c 100644 --- a/drivers/gpu/drm/virtio/virtgpu_vq.c +++ b/drivers/gpu/drm/virtio/virtgpu_vq.c @@ -1079,7 +1079,9 @@ void virtio_gpu_cmd_submit(struct virtio_gpu_device *vgdev, @@ -389,7 +389,7 @@ index b1a00c0c25a7..29d462b69bad 100644 virtio_gpu_queue_fenced_ctrl_buffer(vgdev, vbuf, fence); } diff --git a/include/uapi/drm/virtgpu_drm.h b/include/uapi/drm/virtgpu_drm.h -index b1d0e56565bc..fd486fdf0441 100644 +index c2ce71987e9b..2bb2d3a0c7bd 100644 --- a/include/uapi/drm/virtgpu_drm.h +++ b/include/uapi/drm/virtgpu_drm.h @@ -52,10 +52,12 @@ extern "C" { @@ -405,16 +405,16 @@ index b1d0e56565bc..fd486fdf0441 100644 0) struct drm_virtgpu_map { -@@ -198,6 +200,7 @@ struct drm_virtgpu_resource_create_blob { - #define VIRTGPU_CONTEXT_PARAM_CAPSET_ID 0x0001 +@@ -200,6 +202,7 @@ struct drm_virtgpu_resource_create_blob { #define VIRTGPU_CONTEXT_PARAM_NUM_RINGS 0x0002 #define VIRTGPU_CONTEXT_PARAM_POLL_RINGS_MASK 0x0003 -+#define VIRTGPU_CONTEXT_PARAM_FENCE_PASSING 0x0004 + #define VIRTGPU_CONTEXT_PARAM_DEBUG_NAME 0x0004 ++#define VIRTGPU_CONTEXT_PARAM_FENCE_PASSING 0x0005 struct drm_virtgpu_context_set_param { __u64 param; __u64 value; diff --git a/include/uapi/linux/virtio_gpu.h b/include/uapi/linux/virtio_gpu.h -index f556fde07b76..c3182c8255cf 100644 +index bf2c9cabd207..ceb656264aa0 100644 --- a/include/uapi/linux/virtio_gpu.h +++ b/include/uapi/linux/virtio_gpu.h @@ -65,6 +65,11 @@ diff --git a/patches/0018-Enable-64-bit-processes-to-use-compat-input-syscalls.patch b/patches/0017-Enable-64-bit-processes-to-use-compat-input-syscalls.patch similarity index 90% rename from patches/0018-Enable-64-bit-processes-to-use-compat-input-syscalls.patch rename to patches/0017-Enable-64-bit-processes-to-use-compat-input-syscalls.patch index 603b4b7..af7e0c8 100644 --- a/patches/0018-Enable-64-bit-processes-to-use-compat-input-syscalls.patch +++ b/patches/0017-Enable-64-bit-processes-to-use-compat-input-syscalls.patch @@ -1,7 +1,7 @@ -From 59d0207bce9759ed9f28fa62fb70e1bc36cae7a0 Mon Sep 17 00:00:00 2001 +From bc4718794c6665a8c03b241378df16e22fba84d1 Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Tue, 8 Oct 2024 11:24:25 +0200 -Subject: [PATCH 18/20] Enable 64 bit processes to use compat input syscalls +Subject: [PATCH 17/19] Enable 64 bit processes to use compat input syscalls The compat variant of input syscalls is only enabled for 32 bit tasks, but in some cases, such as userspace emulation, it's useful to @@ -64,10 +64,10 @@ index 3b7bb12b023b..e78c0492ce0d 100644 } diff --git a/include/linux/sched.h b/include/linux/sched.h -index 3d83cc397eac..a48fce12adfb 100644 +index bb343136ddd0..838147192986 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -1537,6 +1537,11 @@ struct task_struct { +@@ -1591,6 +1591,11 @@ struct task_struct { #ifdef CONFIG_USER_EVENTS struct user_event_mm *user_event_mm; #endif @@ -80,10 +80,10 @@ index 3d83cc397eac..a48fce12adfb 100644 /* * New fields for task_struct should be added above here, so that diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h -index 961216093f11..86fca7d168cc 100644 +index 36c278683cd6..c2027aa99409 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h -@@ -311,4 +311,9 @@ struct prctl_mm_map { +@@ -333,4 +333,9 @@ struct prctl_mm_map { # define PR_SET_MEM_MODEL_DEFAULT 0 # define PR_SET_MEM_MODEL_TSO 1 @@ -94,10 +94,10 @@ index 961216093f11..86fca7d168cc 100644 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c -index 2db751ce25a2..1be74620b0b6 100644 +index 83da58930513..24dd021a1592 100644 --- a/kernel/sys.c +++ b/kernel/sys.c -@@ -2768,6 +2768,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, +@@ -2805,6 +2805,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, return -EINVAL; error = arch_prctl_mem_model_set(me, arg2); break; diff --git a/patches/0019-dax-Allow-block-size-PAGE_SIZE.patch b/patches/0018-dax-Allow-block-size-PAGE_SIZE.patch similarity index 88% rename from patches/0019-dax-Allow-block-size-PAGE_SIZE.patch rename to patches/0018-dax-Allow-block-size-PAGE_SIZE.patch index 1749899..1e2fc69 100644 --- a/patches/0019-dax-Allow-block-size-PAGE_SIZE.patch +++ b/patches/0018-dax-Allow-block-size-PAGE_SIZE.patch @@ -1,7 +1,7 @@ -From dcf61fa3f1435132d79cf7e0a97db5fe883a2696 Mon Sep 17 00:00:00 2001 +From 4002c9981f0317581fe05faa62bc9a2867fade65 Mon Sep 17 00:00:00 2001 From: Asahi Lina Date: Sun, 20 Oct 2024 01:23:41 +0900 -Subject: [PATCH 19/20] dax: Allow block size > PAGE_SIZE +Subject: [PATCH 18/19] dax: Allow block size > PAGE_SIZE For virtio-dax, the file/FS blocksize is irrelevant. FUSE always uses large DAX blocks (2MiB), which will work with all host page sizes. Since @@ -22,7 +22,7 @@ Signed-off-by: Asahi Lina 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/dax.c b/fs/dax.c -index 8c09578fa035..1f99f5556e85 100644 +index 21b47402b3dc..b0950164d8ee 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -1032,7 +1032,7 @@ int dax_writeback_mapping_range(struct address_space *mapping, diff --git a/patches/0020-mm-Fix-__wp_page_copy_user-fallback-path-for-remote-.patch b/patches/0019-mm-Fix-__wp_page_copy_user-fallback-path-for-remote-.patch similarity index 93% rename from patches/0020-mm-Fix-__wp_page_copy_user-fallback-path-for-remote-.patch rename to patches/0019-mm-Fix-__wp_page_copy_user-fallback-path-for-remote-.patch index db0d9ce..2805834 100644 --- a/patches/0020-mm-Fix-__wp_page_copy_user-fallback-path-for-remote-.patch +++ b/patches/0019-mm-Fix-__wp_page_copy_user-fallback-path-for-remote-.patch @@ -1,7 +1,7 @@ -From b334e997e14d8245ad36fc00e65445cd747a360b Mon Sep 17 00:00:00 2001 +From 63e6b500aa921fbc6feb0a2dd6512f7c371b6db5 Mon Sep 17 00:00:00 2001 From: Asahi Lina Date: Mon, 21 Oct 2024 23:21:16 +0900 -Subject: [PATCH 20/20] mm: Fix __wp_page_copy_user fallback path for remote mm +Subject: [PATCH 19/19] mm: Fix __wp_page_copy_user fallback path for remote mm If the source page is a PFN mapping, we copy back from userspace. However, if this fault is a remote access, we cannot use @@ -58,10 +58,10 @@ Signed-off-by: Asahi Lina 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mm/memory.c b/mm/memory.c -index 742c2f65c2c8..90214200dc6e 100644 +index bdf77a3ec47b..8a846c7b1e70 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -2871,13 +2871,18 @@ static inline int __wp_page_copy_user(struct page *dst, struct page *src, +@@ -3081,13 +3081,18 @@ static inline int __wp_page_copy_user(struct page *dst, struct page *src, update_mmu_cache_range(vmf, vma, addr, vmf->pte, 1); } diff --git a/qboot/bios.bin b/qboot/bios.bin index 9920da6..2e7b431 100755 Binary files a/qboot/bios.bin and b/qboot/bios.bin differ