2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-04 03:33:58 +08:00
linux-next/Documentation
Linus Torvalds eea2647e74 Entry code update:
Provide support for randomized stack offsets per syscall to make
  stack-based attacks harder which rely on the deterministic stack layout.
 
  The feature is based on the original idea of PaX's RANDSTACK feature, but
  uses a significantly different implementation.
 
  The offset does not affect the pt_regs location on the task stack as this
  was agreed on to be of dubious value. The offset is applied before the
  actual syscall is invoked.
 
  The offset is stored per cpu and the randomization happens at the end of
  the syscall which is less predictable than on syscall entry.
 
  The mechanism to apply the offset is via alloca(), i.e. abusing the
  dispised VLAs. This comes with the drawback that stack-clash-protection
  has to be disabled for the affected compilation units and there is also
  a negative interaction with stack-protector.
 
  Those downsides are traded with the advantage that this approach does not
  require any intrusive changes to the low level assembly entry code, does
  not affect the unwinder and the correct stack alignment is handled
  automatically by the compiler.
 
  The feature is guarded with a static branch which avoids the overhead when
  disabled.
 
  Currently this is supported for X86 and ARM64.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmCGjz8THHRnbHhAbGlu
 dXRyb25peC5kZQAKCRCmGPVMDXSYoWsvD/4tGnPAurd6lbzxWzRjW7jOOVyzkODM
 UXtIxxICaj7o6MNcloaGe1QtJ8+QOCw3yPQfLG/SoWHse5+oUKQRL9dmWVeJyRSt
 JZ1pirkKqWrB+OmPbJKUiO3/TsZ2Z/vO41JVgVTL5/HWhOECSDzZsJkuvF/H+qYD
 ReDzd7FUNd76pwVOsXq/cxXclRa81/wMNZRVwmyAwFYE2XoPtQyTERTLrfj6aQKF
 P0txr9fEjYlPPwYOk1kjBAoJfDltNm48BBL7CGZtRlsqpNpdsJ1MkeGffhodb6F0
 pJYQMlQJHXABZb5GF+v93+iASDpRFn0EvPmLkCxQUfZYLOkRsnuEF2S/fsYX/WPo
 uin/wQKwLVdeQq9d9BwlZUKEgsQuV7Q0GVN+JnEQerwD6cWTxv4a1RIUH+K/4Wo5
 nTeJVRKcs6m7UkGQRm8JbqnUP0vCV+PSiWWB8J9CmjYeCPbkGjt6mBIsmPaDZ9VL
 4i+UX5DJayoREF/rspOBcJftUmExize49p9860UI9N6fd7DsDt7Dq9Ai+ADtZa4C
 9BPbF4NWzJq8IWLqBi+PpKBAT3JMX9qQi7s9sbrRxpxtew9Keu5qggKZJYumX71V
 qgUMk+xB86HZOrtF6F3oY0zxYv3haPvDydsDgqojtqNGk4PdAdgDYJQwMlb8QSly
 SwIWPHIfvP4R9w==
 =GMlJ
 -----END PGP SIGNATURE-----

Merge tag 'x86-entry-2021-04-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull entry code update from Thomas Gleixner:
 "Provide support for randomized stack offsets per syscall to make
  stack-based attacks harder which rely on the deterministic stack
  layout.

  The feature is based on the original idea of PaX's RANDSTACK feature,
  but uses a significantly different implementation.

  The offset does not affect the pt_regs location on the task stack as
  this was agreed on to be of dubious value. The offset is applied
  before the actual syscall is invoked.

  The offset is stored per cpu and the randomization happens at the end
  of the syscall which is less predictable than on syscall entry.

  The mechanism to apply the offset is via alloca(), i.e. abusing the
  dispised VLAs. This comes with the drawback that
  stack-clash-protection has to be disabled for the affected compilation
  units and there is also a negative interaction with stack-protector.

  Those downsides are traded with the advantage that this approach does
  not require any intrusive changes to the low level assembly entry
  code, does not affect the unwinder and the correct stack alignment is
  handled automatically by the compiler.

  The feature is guarded with a static branch which avoids the overhead
  when disabled.

  Currently this is supported for X86 and ARM64"

* tag 'x86-entry-2021-04-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  arm64: entry: Enable random_kstack_offset support
  lkdtm: Add REPORT_STACK for checking stack offsets
  x86/entry: Enable random_kstack_offset support
  stack: Optionally randomize kernel stack offset each syscall
  init_on_alloc: Optimize static branches
  jump_label: Provide CONFIG-driven build state defaults
2021-04-26 10:02:09 -07:00
..
ABI A bunch of SGI UV improvements, fixes and cleanups. 2021-04-26 09:34:19 -07:00
accounting
admin-guide Entry code update: 2021-04-26 10:02:09 -07:00
arm Documentation: ARM: fix reference to DT format documentation 2021-01-28 15:37:43 -07:00
arm64 arm64: kernel: disable CNP on Carmel 2021-03-25 10:00:23 +00:00
block block/bfq: update comments and default value in docs for fifo_expire 2021-03-02 11:25:38 -07:00
bpf
cdrom
core-api Merge branch 'akpm' (patches from Andrew) 2021-02-24 16:20:38 -08:00
cpu-freq
crypto
dev-tools kasan: clarify that only first bug is reported in HW_TAGS 2021-02-26 09:41:03 -08:00
devicetree The time and timers updates contain: 2021-04-26 09:54:03 -07:00
doc-guide docs: Document cross-referencing using relative path 2021-02-04 16:24:12 -07:00
driver-api Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
fault-injection
fb
features Documentation: features: refresh feature list 2021-02-25 11:25:57 -07:00
filesystems Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
firmware_class
firmware-guide Merge branch 'acpi-messages' 2021-02-15 17:04:53 +01:00
fpga
gpu drm: Use USB controller's DMA mask when importing dmabufs 2021-03-11 11:11:33 +01:00
hid
hwmon hwmon: add Texas Instruments TPS23861 driver 2021-02-12 07:02:55 -08:00
i2c i2c: testunit: add support for block process calls 2021-02-12 11:11:04 +01:00
ia64
ide
iio
infiniband
input Documentation: input: define ABS_PRESSURE/ABS_MT_PRESSURE resolution as grams 2021-01-28 16:43:04 -07:00
isdn
kbuild Kbuild updates for v5.12 2021-02-25 10:17:31 -08:00
kernel-hacking docs: kernel-hacking: be more civil 2021-02-11 10:00:40 -07:00
leds
litmus-tests
livepatch
locking
m68k
maintainer
mhi
mips
misc-devices
netlabel
networking doc: move seg6_flowlabel to seg6-sysctl.rst 2021-04-14 13:13:15 -07:00
nios2
nvdimm
openrisc
parisc
PCI Documentation: PCI: Add PCI endpoint NTB function user guide 2021-02-23 14:15:45 -06:00
pcmcia
power It has been a relatively quiet cycle in docsland. 2021-02-22 10:57:46 -08:00
powerpc docs: powerpc: Fix tables in syscall64-abi.rst 2021-02-25 13:04:24 -07:00
process Merge git://git.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-03-09 17:15:56 -08:00
RCU It has been a relatively quiet cycle in docsland. 2021-02-22 10:57:46 -08:00
riscv
s390
scheduler It has been a relatively quiet cycle in docsland. 2021-02-22 10:57:46 -08:00
scsi SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
security doc: trusted-encrypted: updates with TEE as a new trust source 2021-04-14 16:30:30 +03:00
sh
sound ALSA: jack: implement software jack injection via debugfs 2021-02-02 10:37:07 +01:00
sparc
sphinx docs: Enable usage of relative paths to docs on automarkup 2021-02-04 16:23:43 -07:00
sphinx-static
spi
staging
target
timers
trace Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
translations A handful of late-arriving documentation fixes, nothing all that notable. 2021-02-26 14:21:18 -08:00
usb
userspace-api Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
virt documentation/kvm: additional explanations on KVM_SET_BOOT_CPU_ID 2021-03-19 05:31:32 -04:00
vm mm/debug_vm_pgtable/basic: add validation for dirtiness after write protect 2021-02-24 13:38:27 -08:00
w1
watchdog
x86 x86/sgx: Introduce virtual EPC for use by KVM guests 2021-04-06 09:43:17 +02:00
xtensa
.gitignore
asm-annotations.rst
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py Fix unaesthetic indentation 2021-02-22 14:35:04 -07:00
COPYING-logo
docutils.conf
dontdiff
index.rst
Kconfig
logo.gif
Makefile kbuild: remove PYTHON variable 2021-02-01 10:37:19 +09:00
memory-barriers.txt
SubmittingPatches
watch_queue.rst