Merge 8815da98e0 ("Merge tag 'docs-6.10' of git://git.lwn.net/linux") into android-mainline

Steps on the way to 6.10-rc1

Change-Id: I6b3d58454b958b6d0ea518c821cba45ad8abd26f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
2024-06-14 09:00:22 +00:00
1011 changed files with 37318 additions and 12023 deletions
+3 -1
View File
@@ -133,6 +133,7 @@ Bryan Tan <bryan-bt.tan@broadcom.com> <bryantan@vmware.com>
Cai Huoqing <cai.huoqing@linux.dev> <caihuoqing@baidu.com>
Can Guo <quic_cang@quicinc.com> <cang@codeaurora.org>
Carl Huang <quic_cjhuang@quicinc.com> <cjhuang@codeaurora.org>
Carlos Bilbao <carlos.bilbao.osdev@gmail.com> <carlos.bilbao@amd.com>
Changbin Du <changbin.du@intel.com> <changbin.du@gmail.com>
Changbin Du <changbin.du@intel.com> <changbin.du@intel.com>
Chao Yu <chao@kernel.org> <chao2.yu@samsung.com>
@@ -467,7 +468,8 @@ Nadia Yvette Chambers <nyc@holomorphy.com> William Lee Irwin III <wli@holomorphy
Naoya Horiguchi <nao.horiguchi@gmail.com> <n-horiguchi@ah.jp.nec.com>
Naoya Horiguchi <nao.horiguchi@gmail.com> <naoya.horiguchi@nec.com>
Nathan Chancellor <nathan@kernel.org> <natechancellor@gmail.com>
Neeraj Upadhyay <quic_neeraju@quicinc.com> <neeraju@codeaurora.org>
Neeraj Upadhyay <neeraj.upadhyay@kernel.org> <quic_neeraju@quicinc.com>
Neeraj Upadhyay <neeraj.upadhyay@kernel.org> <neeraju@codeaurora.org>
Neil Armstrong <neil.armstrong@linaro.org> <narmstrong@baylibre.com>
Nguyen Anh Quynh <aquynh@gmail.com>
Nicholas Piggin <npiggin@gmail.com> <npiggen@suse.de>
+6 -1
View File
@@ -28,6 +28,10 @@ BUILDDIR = $(obj)/output
PDFLATEX = xelatex
LATEXOPTS = -interaction=batchmode -no-shell-escape
# For denylisting "variable font" files
# Can be overridden by setting as an env variable
FONTS_CONF_DENY_VF ?= $(HOME)/deny-vf
ifeq ($(findstring 1, $(KBUILD_VERBOSE)),)
SPHINXOPTS += "-q"
endif
@@ -151,10 +155,11 @@ pdfdocs:
else # HAVE_PDFLATEX
pdfdocs: DENY_VF = XDG_CONFIG_HOME=$(FONTS_CONF_DENY_VF)
pdfdocs: latexdocs
@$(srctree)/scripts/sphinx-pre-install --version-check
$(foreach var,$(SPHINXDIRS), \
$(MAKE) PDFLATEX="$(PDFLATEX)" LATEXOPTS="$(LATEXOPTS)" -C $(BUILDDIR)/$(var)/latex || exit; \
$(MAKE) PDFLATEX="$(PDFLATEX)" LATEXOPTS="$(LATEXOPTS)" $(DENY_VF) -C $(BUILDDIR)/$(var)/latex || sh $(srctree)/scripts/check-variable-fonts.sh || exit; \
mkdir -p $(BUILDDIR)/$(var)/pdf; \
mv $(subst .tex,.pdf,$(wildcard $(BUILDDIR)/$(var)/latex/*.tex)) $(BUILDDIR)/$(var)/pdf/; \
)
+3 -3
View File
@@ -427,7 +427,7 @@ their assorted primitives.
This section shows a simple use of the core RCU API to protect a
global pointer to a dynamically allocated structure. More-typical
uses of RCU may be found in listRCU.rst, arrayRCU.rst, and NMI-RCU.rst.
uses of RCU may be found in listRCU.rst and NMI-RCU.rst.
::
struct foo {
@@ -510,8 +510,8 @@ So, to sum up:
data item.
See checklist.rst for additional rules to follow when using RCU.
And again, more-typical uses of RCU may be found in listRCU.rst,
arrayRCU.rst, and NMI-RCU.rst.
And again, more-typical uses of RCU may be found in listRCU.rst
and NMI-RCU.rst.
.. _4_whatisRCU:
+9
View File
@@ -1572,6 +1572,15 @@ PAGE_SIZE multiple when read back.
pglazyfreed (npn)
Amount of reclaimed lazyfree pages
zswpin
Number of pages moved in to memory from zswap.
zswpout
Number of pages moved out of memory to zswap.
zswpwb
Number of pages written from zswap to swap.
thp_fault_alloc (npn)
Number of transparent hugepages which were allocated to satisfy
a page fault. This counter is not present when CONFIG_TRANSPARENT_HUGEPAGE
@@ -67,8 +67,8 @@ arg4:
will be performed for all tasks in the task group of ``pid``.
arg5:
userspace pointer to an unsigned long for storing the cookie returned by
``PR_SCHED_CORE_GET`` command. Should be 0 for all other commands.
userspace pointer to an unsigned long long for storing the cookie returned
by ``PR_SCHED_CORE_GET`` command. Should be 0 for all other commands.
In order for a process to push a cookie to, or pull a cookie from a process, it
is required to have the ptrace access mode: `PTRACE_MODE_READ_REALCREDS` to the
+1 -1
View File
@@ -135,7 +135,7 @@ and does not want to suffer the performance impact, one can always
disable the mitigation with spec_rstack_overflow=off.
Similarly, 'Mitigation: IBPB' is another full mitigation type employing
an indrect branch prediction barrier after having applied the required
an indirect branch prediction barrier after having applied the required
microcode patch for one's system. This mitigation comes also at
a performance cost.
@@ -4177,13 +4177,11 @@
page_alloc.shuffle=
[KNL] Boolean flag to control whether the page allocator
should randomize its free lists. The randomization may
be automatically enabled if the kernel detects it is
running on a platform with a direct-mapped memory-side
cache, and this parameter can be used to
override/disable that behavior. The state of the flag
can be read from sysfs at:
should randomize its free lists. This parameter can be
used to enable/disable page randomization. The state of
the flag can be read from sysfs at:
/sys/module/page_alloc/parameters/shuffle.
This parameter is only available if CONFIG_SHUFFLE_PAGE_ALLOCATOR=y.
page_owner= [KNL,EARLY] Boot-time page_owner enabling option.
Storage of the information about who allocated
@@ -4789,7 +4787,9 @@
prot_virt= [S390] enable hosting protected virtual machines
isolated from the hypervisor (if hardware supports
that).
that). If enabled, the default kernel base address
might be overridden even when Kernel Address Space
Layout Randomization is disabled.
Format: <bool>
psi= [KNL] Enable or disable pressure stall information
@@ -5100,6 +5100,20 @@
delay, memory pressure or callback list growing too
big.
rcutree.rcu_normal_wake_from_gp= [KNL]
Reduces a latency of synchronize_rcu() call. This approach
maintains its own track of synchronize_rcu() callers, so it
does not interact with regular callbacks because it does not
use a call_rcu[_hurry]() path. Please note, this is for a
normal grace period.
How to enable it:
echo 1 > /sys/module/rcutree/parameters/rcu_normal_wake_from_gp
or pass a boot parameter "rcutree.rcu_normal_wake_from_gp=1"
Default is 0.
rcuscale.gp_async= [KNL]
Measure performance of asynchronous
grace-period primitives such as call_rcu().
@@ -6768,6 +6782,7 @@
- "tpm"
- "tee"
- "caam"
- "dcp"
If not specified then it defaults to iterating through
the trust source list starting with TPM and assigns the
first trust source as a backend which is initialized
@@ -6783,6 +6798,18 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
trusted.dcp_use_otp_key
This is intended to be used in combination with
trusted.source=dcp and will select the DCP OTP key
instead of the DCP UNIQUE key blob encryption.
trusted.dcp_skip_zk_test
This is intended to be used in combination with
trusted.source=dcp and will disable the check if the
blob key is all zeros. This is helpful for situations where
having this key zero'ed is acceptable. E.g. in testing
scenarios.
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
@@ -7343,7 +7370,7 @@
This can be changed after boot by writing to the
matching /sys/module/workqueue/parameters file. All
workqueues with the "default" affinity scope will be
updated accordignly.
updated accordingly.
workqueue.debug_force_rr_cpu
Workqueue used to implicitly guarantee that work
+1 -1
View File
@@ -308,7 +308,7 @@ limited by the ``advisor_max_cpu`` parameter. In addition there is also the
``advisor_target_scan_time`` parameter. This parameter sets the target time to
scan all the KSM candidate pages. The parameter ``advisor_target_scan_time``
decides how aggressive the scan time advisor scans candidate pages. Lower
values make the scan time advisor to scan more aggresively. This is the most
values make the scan time advisor to scan more aggressively. This is the most
important parameter for the configuration of the scan time advisor.
The initial value and the maximum value can be changed with
@@ -42,12 +42,12 @@ The important basics
--------------------
What is a "regression" and what is the "no regressions rule"?
What is a "regression" and what is the "no regressions" rule?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It's a regression if some application or practical use case running fine with
one Linux kernel works worse or not at all with a newer version compiled using a
similar configuration. The "no regressions rule" forbids this to take place; if
similar configuration. The "no regressions" rule forbids this to take place; if
it happens by accident, developers that caused it are expected to quickly fix
the issue.
@@ -173,7 +173,7 @@ Additional details about regressions
------------------------------------
What is the goal of the "no regressions rule"?
What is the goal of the "no regressions" rule?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Users should feel safe when updating kernel versions and not have to worry
@@ -199,8 +199,8 @@ Exceptions to this rule are extremely rare; in the past developers almost always
turned out to be wrong when they assumed a particular situation was warranting
an exception.
Who ensures the "no regressions" is actually followed?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Who ensures the "no regressions" rule is actually followed?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The subsystem maintainers should take care of that, which are watched and
supported by the tree maintainers -- e.g. Linus Torvalds for mainline and
+1 -1
View File
@@ -173,7 +173,7 @@ When accessing IDE registers with A6=1 (for example $84x),
the timing will always be mode 0 8-bit compatible, no matter
what you have selected in the speed register:
781ns select, IOR/IOW after 4 clock cycles (=314ns) aktive.
781ns select, IOR/IOW after 4 clock cycles (=314ns) active.
All the timings with a very short select-signal (the 355ns
fast accesses) depend on the accelerator card used in the
+1
View File
@@ -8,6 +8,7 @@ s390 Architecture
cds
3270
driver-model
mm
monreader
qeth
s390dbf
+111
View File
@@ -0,0 +1,111 @@
.. SPDX-License-Identifier: GPL-2.0
=================
Memory Management
=================
Virtual memory layout
=====================
.. note::
- Some aspects of the virtual memory layout setup are not
clarified (number of page levels, alignment, DMA memory).
- Unused gaps in the virtual memory layout could be present
or not - depending on how partucular system is configured.
No page tables are created for the unused gaps.
- The virtual memory regions are tracked or untracked by KASAN
instrumentation, as well as the KASAN shadow memory itself is
created only when CONFIG_KASAN configuration option is enabled.
::
=============================================================================
| Physical | Virtual | VM area description
=============================================================================
+- 0 --------------+- 0 --------------+
| | S390_lowcore | Low-address memory
| +- 8 KB -----------+
| | |
| | |
| | ... unused gap | KASAN untracked
| | |
+- AMODE31_START --+- AMODE31_START --+ .amode31 rand. phys/virt start
|.amode31 text/data|.amode31 text/data| KASAN untracked
+- AMODE31_END ----+- AMODE31_END ----+ .amode31 rand. phys/virt end (<2GB)
| | |
| | |
+- __kaslr_offset_phys | kernel rand. phys start
| | |
| kernel text/data | |
| | |
+------------------+ | kernel phys end
| | |
| | |
| | |
| | |
+- ident_map_size -+ |
| |
| ... unused gap | KASAN untracked
| |
+- __identity_base + identity mapping start (>= 2GB)
| |
| identity | phys == virt - __identity_base
| mapping | virt == phys + __identity_base
| |
| | KASAN tracked
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
+---- vmemmap -----+ 'struct page' array start
| |
| virtually mapped |
| memory map | KASAN untracked
| |
+- __abs_lowcore --+
| |
| Absolute Lowcore | KASAN untracked
| |
+- __memcpy_real_area
| |
| Real Memory Copy| KASAN untracked
| |
+- VMALLOC_START --+ vmalloc area start
| | KASAN untracked or
| vmalloc area | KASAN shallowly populated in case
| | CONFIG_KASAN_VMALLOC=y
+- MODULES_VADDR --+ modules area start
| | KASAN allocated per module or
| modules area | KASAN shallowly populated in case
| | CONFIG_KASAN_VMALLOC=y
+- __kaslr_offset -+ kernel rand. virt start
| | KASAN tracked
| kernel text/data | phys == (kvirt - __kaslr_offset) +
| | __kaslr_offset_phys
+- kernel .bss end + kernel rand. virt end
| |
| ... unused gap | KASAN untracked
| |
+------------------+ UltraVisor Secure Storage limit
| |
| ... unused gap | KASAN untracked
| |
+KASAN_SHADOW_START+ KASAN shadow memory start
| |
| KASAN shadow | KASAN untracked
| |
+------------------+ ASCE limit
+31 -1
View File
@@ -380,6 +380,36 @@ matrix device.
control_domains:
A read-only file for displaying the control domain numbers assigned to the
vfio_ap mediated device.
ap_config:
A read/write file that, when written to, allows all three of the
vfio_ap mediated device's ap matrix masks to be replaced in one shot.
Three masks are given, one for adapters, one for domains, and one for
control domains. If the given state cannot be set then no changes are
made to the vfio-ap mediated device.
The format of the data written to ap_config is as follows:
{amask},{dmask},{cmask}\n
\n is a newline character.
amask, dmask, and cmask are masks identifying which adapters, domains,
and control domains should be assigned to the mediated device.
The format of a mask is as follows:
0xNN..NN
Where NN..NN is 64 hexadecimal characters representing a 256-bit value.
The leftmost (highest order) bit represents adapter/domain 0.
For an example set of masks that represent your mdev's current
configuration, simply cat ap_config.
Setting an adapter or domain number greater than the maximum allowed for
the system will result in an error.
This attribute is intended to be used by automation. End users would be
better served using the respective assign/unassign attributes for
adapters, domains, and control domains.
* functions:
@@ -550,7 +580,7 @@ These are the steps:
following Kconfig elements selected:
* IOMMU_SUPPORT
* S390
* ZCRYPT
* AP
* VFIO
* KVM
@@ -41,7 +41,7 @@ Chapter 36. Coprocessor services
submissions until they succeed; waiting for an outstanding CCB to complete is not necessary, and would
not be a guarantee that a future submission would succeed.
The availablility of DAX coprocessor command service is indicated by the presence of the DAX virtual
The availability of DAX coprocessor command service is indicated by the presence of the DAX virtual
device node in the guest MD (Section 8.24.17, “Database Analytics Accelerators (DAX) virtual-device
node”).
+1 -1
View File
@@ -138,7 +138,7 @@ Note this example does not include the sigaltstack preparation.
Dynamic features in signal frames
---------------------------------
Dynamcally enabled features are not written to the signal frame upon signal
Dynamically enabled features are not written to the signal frame upon signal
entry if the feature is in its initial configuration. This differs from
non-dynamic features which are always written regardless of their
configuration. Signal handlers can examine the XSAVE buffer's XSTATE_BV
+2 -2
View File
@@ -171,14 +171,14 @@ The rule of thumb:
- RMW operations that are conditional are unordered on FAILURE,
otherwise the above rules apply.
Except of course when an operation has an explicit ordering like:
Except of course when a successful operation has an explicit ordering like:
{}_relaxed: unordered
{}_acquire: the R of the RMW (or atomic_read) is an ACQUIRE
{}_release: the W of the RMW (or atomic_set) is a RELEASE
Where 'unordered' is against other memory locations. Address dependencies are
not defeated.
not defeated. Conditional operations are still unordered on FAILURE.
Fully ordered primitives are ordered against everything prior and everything
subsequent. Therefore a fully ordered primitive is like having an smp_mb()
+22 -2
View File
@@ -203,13 +203,33 @@ setting the DMA mask fails. In this manner, if a user of your driver reports
that performance is bad or that the device is not even detected, you can ask
them for the kernel messages to find out exactly why.
The standard 64-bit addressing device would do something like this::
The 24-bit addressing device would do something like this::
if (dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64))) {
if (dma_set_mask_and_coherent(dev, DMA_BIT_MASK(24))) {
dev_warn(dev, "mydev: No suitable DMA available\n");
goto ignore_this_device;
}
The standard 64-bit addressing device would do something like this::
dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64))
dma_set_mask_and_coherent() never return fail when DMA_BIT_MASK(64). Typical
error code like::
/* Wrong code */
if (dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64)))
dma_set_mask_and_coherent(dev, DMA_BIT_MASK(32))
dma_set_mask_and_coherent() will never return failure when bigger than 32.
So typical code like::
/* Recommended code */
if (support_64bit)
dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64));
else
dma_set_mask_and_coherent(dev, DMA_BIT_MASK(32));
If the device only supports 32-bit addressing for descriptors in the
coherent allocations, but supports full 64-bits for streaming mappings
it would look like this::
+1 -1
View File
@@ -18,7 +18,7 @@ exceptions`_, `NMI and NMI-like exceptions`_.
Non-instrumentable code - noinstr
---------------------------------
Most instrumentation facilities depend on RCU, so intrumentation is prohibited
Most instrumentation facilities depend on RCU, so instrumentation is prohibited
for entry code before RCU starts watching and exit code after RCU stops
watching. In addition, many architectures must save and restore register state,
which means that (for example) a breakpoint in the breakpoint entry code would
+2 -2
View File
@@ -4,7 +4,7 @@
Printk Index
============
There are many ways how to monitor the state of the system. One important
There are many ways to monitor the state of the system. One important
source of information is the system log. It provides a lot of information,
including more or less important warnings and error messages.
@@ -101,7 +101,7 @@ their own wrappers adding __printk_index_emit().
Only few subsystem specific wrappers have been updated so far,
for example, dev_printk(). As a result, the printk formats from
some subsystes can be missing in the printk index.
some subsystems can be missing in the printk index.
Subsystem specific prefix
+10
View File
@@ -91,6 +91,16 @@ the below options are available:
behaviour when encountering a data race is deemed safe. Please see
`"Marking Shared-Memory Accesses" in the LKMM`_ for more information.
* Similar to ``data_race(...)``, the type qualifier ``__data_racy`` can be used
to document that all data races due to accesses to a variable are intended
and should be ignored by KCSAN::
struct foo {
...
int __data_racy stats_counter;
...
};
* Disabling data race detection for entire functions can be accomplished by
using the function attribute ``__no_kcsan``::
@@ -0,0 +1,84 @@
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/access-controllers/access-controllers.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#
title: Generic Domain Access Controllers
maintainers:
- Oleksii Moisieiev <oleksii_moisieiev@epam.com>
description: |+
Common access controllers properties
Access controllers are in charge of stating which of the hardware blocks under
their responsibility (their domain) can be accesssed by which compartment. A
compartment can be a cluster of CPUs (or coprocessors), a range of addresses
or a group of hardware blocks. An access controller's domain is the set of
resources covered by the access controller.
This device tree binding can be used to bind devices to their access
controller provided by access-controllers property. In this case, the device
is a consumer and the access controller is the provider.
An access controller can be represented by any node in the device tree and
can provide one or more configuration parameters, needed to control parameters
of the consumer device. A consumer node can refer to the provider by phandle
and a set of phandle arguments, specified by '#access-controller-cells'
property in the access controller node.
Access controllers are typically used to set/read the permissions of a
hardware block and grant access to it. Any of which depends on the access
controller. The capabilities of each access controller are defined by the
binding of the access controller device.
Each node can be a consumer for the several access controllers.
# always select the core schema
select: true
properties:
"#access-controller-cells":
description:
Number of cells in an access-controllers specifier;
Can be any value as specified by device tree binding documentation
of a particular provider. The node is an access controller.
access-controller-names:
$ref: /schemas/types.yaml#/definitions/string-array
description:
A list of access-controllers names, sorted in the same order as
access-controllers entries. Consumer drivers will use
access-controller-names to match with existing access-controllers entries.
access-controllers:
$ref: /schemas/types.yaml#/definitions/phandle-array
description:
A list of access controller specifiers, as defined by the
bindings of the access-controllers provider.
additionalProperties: true
examples:
- |
clock_controller: access-controllers@50000 {
reg = <0x50000 0x400>;
#access-controller-cells = <2>;
};
bus_controller: bus@60000 {
reg = <0x60000 0x10000>;
#address-cells = <1>;
#size-cells = <1>;
ranges;
#access-controller-cells = <3>;
uart4: serial@60100 {
reg = <0x60100 0x400>;
clocks = <&clk_serial>;
access-controllers = <&clock_controller 1 2>,
<&bus_controller 1 3 5>;
access-controller-names = "clock", "bus";
};
};
@@ -53,6 +53,7 @@ properties:
- description: BCM4709 based boards
items:
- enum:
- asus,rt-ac3200
- asus,rt-ac87u
- buffalo,wxr-1900dhp
- linksys,ea9200
@@ -67,6 +68,7 @@ properties:
items:
- enum:
- asus,rt-ac3100
- asus,rt-ac5300
- asus,rt-ac88u
- dlink,dir-885l
- dlink,dir-890l
@@ -46,6 +46,30 @@ properties:
- compatible
- "#clock-cells"
gpio:
type: object
additionalProperties: false
properties:
compatible:
const: raspberrypi,firmware-gpio
gpio-controller: true
"#gpio-cells":
const: 2
description:
The first cell is the pin number, and the second cell is used to
specify the gpio polarity (GPIO_ACTIVE_HIGH or GPIO_ACTIVE_LOW).
gpio-line-names:
minItems: 8
required:
- compatible
- gpio-controller
- "#gpio-cells"
reset:
type: object
additionalProperties: false
@@ -96,6 +120,12 @@ examples:
#clock-cells = <1>;
};
expgpio: gpio {
compatible = "raspberrypi,firmware-gpio";
gpio-controller;
#gpio-cells = <2>;
};
reset: reset {
compatible = "raspberrypi,firmware-reset";
#reset-cells = <1>;
+19 -3
View File
@@ -813,6 +813,14 @@ properties:
- const: tq,imx6ull-tqma6ull2l # MCIMX6Y2, LGA SoM variant
- const: fsl,imx6ull
- description: Seeed Stuido i.MX6ULL SoM on dev boards
items:
- enum:
- seeed,imx6ull-seeed-npi-emmc
- seeed,imx6ull-seeed-npi-nand
- const: seeed,imx6ull-seeed-npi
- const: fsl,imx6ull
- description: i.MX6ULZ based Boards
items:
- enum:
@@ -1050,6 +1058,7 @@ properties:
- enum:
- beacon,imx8mp-beacon-kit # i.MX8MP Beacon Development Kit
- dmo,imx8mp-data-modul-edm-sbc # i.MX8MP eDM SBC
- emcraft,imx8mp-navqp # i.MX8MP Emcraft Systems NavQ+ Kit
- fsl,imx8mp-evk # i.MX8MP EVK Board
- gateworks,imx8mp-gw71xx-2x # i.MX8MP Gateworks Board
- gateworks,imx8mp-gw72xx-2x # i.MX8MP Gateworks Board
@@ -1218,7 +1227,6 @@ properties:
- enum:
- einfochips,imx8qxp-ai_ml # i.MX8QXP AI_ML Board
- fsl,imx8qxp-mek # i.MX8QXP MEK Board
- toradex,colibri-imx8x # Colibri iMX8X Modules
- const: fsl,imx8qxp
- description: i.MX8DXL based Boards
@@ -1227,7 +1235,7 @@ properties:
- fsl,imx8dxl-evk # i.MX8DXL EVK Board
- const: fsl,imx8dxl
- description: i.MX8QXP Boards with Toradex Colibri iMX8X Modules
- description: i.MX8QXP/i.MX8DX Boards with Toradex Colibri iMX8X Modules
items:
- enum:
- toradex,colibri-imx8x-aster # Colibri iMX8X Module on Aster Board
@@ -1235,7 +1243,9 @@ properties:
- toradex,colibri-imx8x-iris # Colibri iMX8X Module on Iris Board
- toradex,colibri-imx8x-iris-v2 # Colibri iMX8X Module on Iris Board V2
- const: toradex,colibri-imx8x
- const: fsl,imx8qxp
- enum:
- fsl,imx8qxp
- fsl,imx8dx
- description:
TQMa8Xx is a series of SOM featuring NXP i.MX8X system-on-chip
@@ -1536,6 +1546,12 @@ properties:
- nxp,s32g274a-rdb2
- const: nxp,s32g2
- description: S32G3 based Boards
items:
- enum:
- nxp,s32g399a-rdb3
- const: nxp,s32g3
- description: S32V234 based Boards
items:
- enum:
@@ -61,10 +61,6 @@ properties:
mboxes:
minItems: 2
ti,system-reboot-controller:
description: Determines If system reboot can be triggered by SoC reboot
type: boolean
ti,host-id:
$ref: /schemas/types.yaml#/definitions/uint32
description: |
@@ -94,7 +90,6 @@ examples:
- |
pmmc: system-controller@2921800 {
compatible = "ti,k2g-sci";
ti,system-reboot-controller;
mbox-names = "rx", "tx";
mboxes = <&msgmgr 5 2>,
<&msgmgr 0 0>;
@@ -137,6 +137,7 @@ properties:
- microsoft,dempsey
- microsoft,makepeace
- microsoft,moneypenny
- motorola,falcon
- samsung,s3ve3g
- const: qcom,msm8226
@@ -184,13 +185,16 @@ properties:
- oneplus,bacon
- samsung,klte
- sony,xperia-castor
- sony,xperia-leo
- const: qcom,msm8974pro
- const: qcom,msm8974
- items:
- const: qcom,msm8916-mtp
- const: qcom,msm8916-mtp/1
- const: qcom,msm8916
- enum:
- samsung,kltechn
- const: samsung,klte
- const: qcom,msm8974pro
- const: qcom,msm8974
- items:
- enum:
@@ -200,6 +204,8 @@ properties:
- gplus,fl8005a
- huawei,g7
- longcheer,l8910
- longcheer,l8150
- qcom,msm8916-mtp
- samsung,a3u-eur
- samsung,a5u-eur
- samsung,e5
@@ -220,11 +226,6 @@ properties:
- yiming,uz801-v3
- const: qcom,msm8916
- items:
- const: longcheer,l8150
- const: qcom,msm8916-v1-qrd/9-v1
- const: qcom,msm8916
- items:
- enum:
- motorola,potter
@@ -1003,6 +1004,7 @@ properties:
- qcom,sm8550-hdk
- qcom,sm8550-mtp
- qcom,sm8550-qrd
- sony,pdx234
- const: qcom,sm8550
- items:
@@ -49,6 +49,11 @@ properties:
- anbernic,rg-arc-s
- const: rockchip,rk3566
- description: ArmSoM Sige7 board
items:
- const: armsom,sige7
- const: rockchip,rk3588
- description: Asus Tinker board
items:
- const: asus,rk3288-tinker
@@ -198,6 +203,13 @@ properties:
- const: firefly,rk3568-roc-pc
- const: rockchip,rk3568
- description: Forlinx FET3588-C SoM
items:
- enum:
- forlinx,ok3588-c
- const: forlinx,fet3588-c
- const: rockchip,rk3588
- description: FriendlyElec NanoPi R2 series boards
items:
- enum:
@@ -236,6 +248,11 @@ properties:
- const: friendlyarm,nanopc-t6
- const: rockchip,rk3588
- description: GameForce Chi
items:
- const: gameforce,chi
- const: rockchip,rk3326
- description: GeekBuying GeekBox
items:
- const: geekbuying,geekbox
@@ -631,7 +648,7 @@ properties:
- const: phytec,rk3288-phycore-som
- const: rockchip,rk3288
- description: Pine64 PinebookPro
- description: Pine64 Pinebook Pro
items:
- const: pine64,pinebook-pro
- const: rockchip,rk3399
@@ -644,7 +661,7 @@ properties:
- const: pine64,pinenote
- const: rockchip,rk3566
- description: Pine64 PinePhonePro
- description: Pine64 PinePhone Pro
items:
- const: pine64,pinephone-pro
- const: rockchip,rk3399
@@ -682,7 +699,7 @@ properties:
- const: pine64,quartzpro64
- const: rockchip,rk3588
- description: Pine64 SoQuartz SoM
- description: Pine64 SOQuartz
items:
- enum:
- pine64,soquartz-blade
@@ -700,12 +717,17 @@ properties:
- powkiddy,x55
- const: rockchip,rk3566
- description: Protonic MECSBC board
items:
- const: prt,mecsbc
- const: rockchip,rk3568
- description: QNAP TS-433-4G 4-Bay NAS
items:
- const: qnap,ts433
- const: rockchip,rk3568
- description: Radxa Compute Module 3(CM3)
- description: Radxa Compute Module 3 (CM3)
items:
- enum:
- radxa,cm3-io
@@ -767,22 +789,27 @@ properties:
- const: radxa,rockpis
- const: rockchip,rk3308
- description: Radxa Rock2 Square
- description: Radxa Rock 2 Square
items:
- const: radxa,rock2-square
- const: rockchip,rk3288
- description: Radxa ROCK3 Model A
- description: Radxa ROCK 3A
items:
- const: radxa,rock3a
- const: rockchip,rk3568
- description: Radxa ROCK 5 Model A
- description: Radxa ROCK 3C
items:
- const: radxa,rock-3c
- const: rockchip,rk3566
- description: Radxa ROCK 5A
items:
- const: radxa,rock-5a
- const: rockchip,rk3588s
- description: Radxa ROCK 5 Model B
- description: Radxa ROCK 5B
items:
- const: radxa,rock-5b
- const: rockchip,rk3588
@@ -927,6 +954,11 @@ properties:
- const: turing,rk1
- const: rockchip,rk3588
- description: WolfVision PF5 mainboard
items:
- const: wolfvision,rk3568-pf5
- const: rockchip,rk3568
- description: Xunlong Orange Pi 5 Plus
items:
- const: xunlong,orangepi-5-plus
@@ -56,6 +56,21 @@ properties:
- const: anbernic,rg-nano
- const: allwinner,sun8i-v3s
- description: Anbernic RG35XX (2024)
- items:
- const: anbernic,rg35xx-2024
- const: allwinner,sun50i-h700
- description: Anbernic RG35XX Plus
- items:
- const: anbernic,rg35xx-plus
- const: allwinner,sun50i-h700
- description: Anbernic RG35XX H
- items:
- const: anbernic,rg35xx-h
- const: allwinner,sun50i-h700
- description: Amarula A64 Relic
items:
- const: amarula,a64-relic
@@ -774,6 +789,11 @@ properties:
- const: pocketbook,touch-lux-3
- const: allwinner,sun5i-a13
- description: PocketBook 614 Plus
items:
- const: pocketbook,614-plus
- const: allwinner,sun5i-a13
- description: Point of View Protab2-IPS9
items:
- const: pov,protab2-ips9
@@ -860,6 +880,11 @@ properties:
- const: allwinner,sl631
- const: allwinner,sun8i-v3
- description: Tanix TX1
items:
- const: oranth,tanix-tx1
- const: allwinner,sun50i-h616
- description: Tanix TX6
items:
- const: oranth,tanix-tx6
@@ -0,0 +1,96 @@
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/bus/st,stm32-etzpc.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#
title: STM32 Extended TrustZone protection controller
description: |
The ETZPC configures TrustZone security in a SoC having bus masters and
devices with programmable-security attributes (securable resources).
maintainers:
- Gatien Chevallier <gatien.chevallier@foss.st.com>
select:
properties:
compatible:
contains:
const: st,stm32-etzpc
required:
- compatible
properties:
compatible:
items:
- const: st,stm32-etzpc
- const: simple-bus
reg:
maxItems: 1
"#address-cells":
const: 1
"#size-cells":
const: 1
ranges: true
"#access-controller-cells":
const: 1
description:
Contains the firewall ID associated to the peripheral.
patternProperties:
"^.*@[0-9a-f]+$":
description: Peripherals
type: object
additionalProperties: true
required:
- access-controllers
required:
- compatible
- reg
- "#address-cells"
- "#size-cells"
- "#access-controller-cells"
- ranges
additionalProperties: false
examples:
- |
// In this example, the usart2 device refers to rifsc as its access
// controller.
// Access rights are verified before creating devices.
#include <dt-bindings/interrupt-controller/arm-gic.h>
#include <dt-bindings/clock/stm32mp13-clks.h>
#include <dt-bindings/reset/stm32mp13-resets.h>
etzpc: bus@5c007000 {
compatible = "st,stm32-etzpc", "simple-bus";
reg = <0x5c007000 0x400>;
#address-cells = <1>;
#size-cells = <1>;
#access-controller-cells = <1>;
ranges;
usart2: serial@4c001000 {
compatible = "st,stm32h7-uart";
reg = <0x4c001000 0x400>;
interrupts-extended = <&exti 27 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&rcc USART2_K>;
resets = <&rcc USART2_R>;
wakeup-source;
dmas = <&dmamux1 43 0x400 0x5>,
<&dmamux1 44 0x400 0x1>;
dma-names = "rx", "tx";
access-controllers = <&etzpc 17>;
};
};
@@ -0,0 +1,105 @@
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/bus/st,stm32mp25-rifsc.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#
title: STM32 Resource isolation framework security controller
maintainers:
- Gatien Chevallier <gatien.chevallier@foss.st.com>
description: |
Resource isolation framework (RIF) is a comprehensive set of hardware blocks
designed to enforce and manage isolation of STM32 hardware resources like
memory and peripherals.
The RIFSC (RIF security controller) is composed of three sets of registers,
each managing a specific set of hardware resources:
- RISC registers associated with RISUP logic (resource isolation device unit
for peripherals), assign all non-RIF aware peripherals to zero, one or
any security domains (secure, privilege, compartment).
- RIMC registers: associated with RIMU logic (resource isolation master
unit), assign all non RIF-aware bus master to one security domain by
setting secure, privileged and compartment information on the system bus.
Alternatively, the RISUP logic controlling the device port access to a
peripheral can assign target bus attributes to this peripheral master port
(supported attribute: CID).
- RISC registers associated with RISAL logic (resource isolation device unit
for address space - Lite version), assign address space subregions to one
security domains (secure, privilege, compartment).
select:
properties:
compatible:
contains:
const: st,stm32mp25-rifsc
required:
- compatible
properties:
compatible:
items:
- const: st,stm32mp25-rifsc
- const: simple-bus
reg:
maxItems: 1
"#address-cells":
const: 1
"#size-cells":
const: 1
ranges: true
"#access-controller-cells":
const: 1
description:
Contains the firewall ID associated to the peripheral.
patternProperties:
"^.*@[0-9a-f]+$":
description: Peripherals
type: object
additionalProperties: true
required:
- access-controllers
required:
- compatible
- reg
- "#address-cells"
- "#size-cells"
- "#access-controller-cells"
- ranges
additionalProperties: false
examples:
- |
// In this example, the usart2 device refers to rifsc as its domain
// controller.
// Access rights are verified before creating devices.
#include <dt-bindings/interrupt-controller/arm-gic.h>
rifsc: bus@42080000 {
compatible = "st,stm32mp25-rifsc", "simple-bus";
reg = <0x42080000 0x1000>;
#address-cells = <1>;
#size-cells = <1>;
#access-controller-cells = <1>;
ranges;
usart2: serial@400e0000 {
compatible = "st,stm32h7-uart";
reg = <0x400e0000 0x400>;
interrupts = <GIC_SPI 115 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&ck_flexgen_08>;
access-controllers = <&rifsc 32>;
};
};
@@ -30,16 +30,18 @@ properties:
- google,gs101-cmu-top
- google,gs101-cmu-apm
- google,gs101-cmu-misc
- google,gs101-cmu-hsi0
- google,gs101-cmu-hsi2
- google,gs101-cmu-peric0
- google,gs101-cmu-peric1
clocks:
minItems: 1
maxItems: 3
maxItems: 5
clock-names:
minItems: 1
maxItems: 3
maxItems: 5
"#clock-cells":
const: 1
@@ -72,6 +74,55 @@ allOf:
items:
- const: oscclk
- if:
properties:
compatible:
contains:
const: google,gs101-cmu-hsi0
then:
properties:
clocks:
items:
- description: External reference clock (24.576 MHz)
- description: HSI0 bus clock (from CMU_TOP)
- description: DPGTC (from CMU_TOP)
- description: USB DRD controller clock (from CMU_TOP)
- description: USB Display Port debug clock (from CMU_TOP)
clock-names:
items:
- const: oscclk
- const: bus
- const: dpgtc
- const: usb31drd
- const: usbdpdbg
- if:
properties:
compatible:
contains:
enum:
- google,gs101-cmu-hsi2
then:
properties:
clocks:
items:
- description: External reference clock (24.576 MHz)
- description: High Speed Interface bus clock (from CMU_TOP)
- description: High Speed Interface pcie clock (from CMU_TOP)
- description: High Speed Interface ufs clock (from CMU_TOP)
- description: High Speed Interface mmc clock (from CMU_TOP)
clock-names:
items:
- const: oscclk
- const: bus
- const: pcie
- const: ufs
- const: mmc
- if:
properties:
compatible:
@@ -46,6 +46,10 @@ properties:
power-domains:
maxItems: 1
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -51,6 +51,10 @@ properties:
power-domains:
maxItems: 1
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -348,15 +348,6 @@ properties:
# Yes Optoelectronics YTC700TLAG-05-201C 7" TFT LCD panel
- yes-optoelectronics,ytc700tlag-05-201c
backlight: true
ddc-i2c-bus: true
enable-gpios: true
port: true
power-supply: true
no-hpd: true
hpd-gpios: true
data-mapping: true
if:
not:
properties:
@@ -367,7 +358,7 @@ then:
properties:
data-mapping: false
additionalProperties: false
unevaluatedProperties: false
required:
- compatible
@@ -177,6 +177,15 @@ allOf:
required:
- reg-names
- if:
properties:
compatible:
contains:
enum:
- nvidia,tegra194-host1x
then:
properties:
dma-coherent: true
- if:
properties:
compatible:
@@ -226,6 +235,8 @@ allOf:
use. Should be a mapping of IDs 0..n to IOMMU entries corresponding to
usable stream IDs.
dma-coherent: true
required:
- reg-names
@@ -82,6 +82,10 @@ properties:
description: if defined, it indicates that the controller
supports memory-to-memory transfer
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -28,6 +28,10 @@ properties:
resets:
maxItems: 1
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -247,6 +247,37 @@ properties:
reg:
const: 0x18
protocol@19:
type: object
allOf:
- $ref: '#/$defs/protocol-node'
- $ref: /schemas/pinctrl/pinctrl.yaml
unevaluatedProperties: false
properties:
reg:
const: 0x19
patternProperties:
'-pins$':
type: object
allOf:
- $ref: /schemas/pinctrl/pincfg-node.yaml#
- $ref: /schemas/pinctrl/pinmux-node.yaml#
unevaluatedProperties: false
description:
A pin multiplexing sub-node describes how to configure a
set of pins in some desired function.
A single sub-node may define several pin configurations.
This sub-node is using the default pinctrl bindings to configure
pin multiplexing and using SCMI protocol to apply a specified
configuration.
required:
- reg
additionalProperties: false
$defs:
@@ -355,7 +386,7 @@ examples:
scmi_dvfs: protocol@13 {
reg = <0x13>;
#clock-cells = <1>;
#power-domain-cells = <1>;
mboxes = <&mhuB 1 0>,
<&mhuB 1 1>;
@@ -401,6 +432,25 @@ examples:
scmi_powercap: protocol@18 {
reg = <0x18>;
};
scmi_pinctrl: protocol@19 {
reg = <0x19>;
i2c2-pins {
groups = "g_i2c2_a", "g_i2c2_b";
function = "f_i2c2";
};
mdio-pins {
groups = "g_avb_mdio";
drive-strength = <24>;
};
keys_pins: keys-pins {
pins = "gpio_5_17", "gpio_5_20", "gpio_5_22", "gpio_2_1";
bias-pull-up;
};
};
};
};
@@ -468,7 +518,7 @@ examples:
reg = <0x13>;
linaro,optee-channel-id = <1>;
shmem = <&cpu_optee_lpri0>;
#clock-cells = <1>;
#power-domain-cells = <1>;
};
scmi_clk0: protocol@14 {
@@ -1,30 +0,0 @@
Raspberry Pi GPIO expander
The Raspberry Pi 3 GPIO expander is controlled by the VC4 firmware. The
firmware exposes a mailbox interface that allows the ARM core to control the
GPIO lines on the expander.
The Raspberry Pi GPIO expander node must be a child node of the Raspberry Pi
firmware node.
Required properties:
- compatible : Should be "raspberrypi,firmware-gpio"
- gpio-controller : Marks the device node as a gpio controller
- #gpio-cells : Should be two. The first cell is the pin number, and
the second cell is used to specify the gpio polarity:
0 = active high
1 = active low
Example:
firmware: firmware-rpi {
compatible = "raspberrypi,bcm2835-firmware";
mboxes = <&mailbox>;
expgpio: gpio {
compatible = "raspberrypi,firmware-gpio";
gpio-controller;
#gpio-cells = <2>;
};
};
@@ -127,6 +127,10 @@ properties:
wakeup-source: true
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -93,6 +93,10 @@ properties:
'#size-cells':
const: 0
access-controllers:
minItems: 1
maxItems: 2
allOf:
- if:
properties:
@@ -59,6 +59,10 @@ properties:
If not, SPI CLKOUT frequency will not be accurate.
maximum: 20000000
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -45,6 +45,10 @@ properties:
'#size-cells':
const: 0
access-controllers:
minItems: 1
maxItems: 2
additionalProperties: false
required:
@@ -29,6 +29,10 @@ properties:
- const: cec
- const: hdmi-cec
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -36,6 +36,10 @@ properties:
resets:
maxItems: 1
access-controllers:
minItems: 1
maxItems: 2
port:
$ref: /schemas/graph.yaml#/$defs/port-base
unevaluatedProperties: false
@@ -30,6 +30,10 @@ properties:
clocks:
maxItems: 1
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -0,0 +1,33 @@
# SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause
%YAML 1.2
---
$id: http://devicetree.org/schemas/memory-controllers/samsung,s5pv210-dmc.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#
title: Samsung S5Pv210 SoC Dynamic Memory Controller
maintainers:
- Krzysztof Kozlowski <krzk@kernel.org>
description:
Dynamic Memory Controller interfaces external JEDEC DDR-type SDRAM.
properties:
compatible:
const: samsung,s5pv210-dmc
reg:
maxItems: 1
required:
- compatible
- reg
additionalProperties: false
examples:
- |
memory-controller@f0000000 {
compatible = "samsung,s5pv210-dmc";
reg = <0xf0000000 0x1000>;
};
@@ -50,6 +50,10 @@ properties:
Reflects the memory layout with four integer values per bank. Format:
<bank-number> 0 <address of the bank> <size>
access-controllers:
minItems: 1
maxItems: 2
patternProperties:
"^.*@[0-4],[a-f0-9]+$":
additionalProperties: true
@@ -44,6 +44,10 @@ properties:
wakeup-source: true
access-controllers:
minItems: 1
maxItems: 2
pwm:
type: object
additionalProperties: false
@@ -67,6 +67,10 @@ properties:
"#size-cells":
const: 0
access-controllers:
minItems: 1
maxItems: 2
pwm:
type: object
additionalProperties: false
@@ -79,6 +79,10 @@ properties:
- const: rx
- const: tx
access-controllers:
minItems: 1
maxItems: 2
power-domains: true
resets:
@@ -118,6 +118,10 @@ properties:
phys:
maxItems: 1
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -93,6 +93,10 @@ properties:
select RCC clock instead of ETH_REF_CLK.
type: boolean
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- clocks
@@ -55,6 +55,10 @@ properties:
description: number of clock cells for ck_usbo_48m consumer
const: 0
access-controllers:
minItems: 1
maxItems: 2
# Required child nodes:
patternProperties:
@@ -30,6 +30,10 @@ properties:
vdda-supply:
description: phandle to the vdda input analog voltage.
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -37,6 +37,10 @@ properties:
description: If set, the RNG configuration in RNG_CR, RNG_HTCR and
RNG_NSCR will be locked.
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -73,6 +73,10 @@ properties:
enum: [1, 2, 4, 8, 12, 14, 16]
default: 8
access-controllers:
minItems: 1
maxItems: 2
allOf:
- $ref: rs485.yaml#
- $ref: serial.yaml#
@@ -58,20 +58,6 @@ patternProperties:
required:
- compatible
allOf:
- if:
not:
properties:
compatible:
contains:
enum:
- qcom,sm8450-pmic-glink
- qcom,sm8550-pmic-glink
- qcom,x1e80100-pmic-glink
then:
properties:
orientation-gpios: false
additionalProperties: false
examples:
@@ -116,8 +116,8 @@ examples:
bluetooth {
compatible = "qcom,wcnss-bt";
/* BD address 00:11:22:33:44:55 */
local-bd-address = [ 55 44 33 22 11 00 ];
/* Updated by boot firmware (little-endian order) */
local-bd-address = [ 00 00 00 00 00 00 ];
};
wifi {
@@ -0,0 +1,51 @@
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/soc/renesas/renesas,r9a09g057-sys.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#
title: Renesas RZ/V2H(P) System Controller (SYS)
maintainers:
- Geert Uytterhoeven <geert+renesas@glider.be>
description: |
The RZ/V2H(P) SYS (System Controller) controls the overall
configuration of the LSI and supports the following functions,
- Trust zone control
- Extend access by specific masters to address beyond 4GB space
- GBETH configuration
- Control of settings and states of SRAM/PCIe/CM33/CA55/CR8/xSPI/ADC/TSU
- LSI version
- WDT stop control
- General registers
properties:
compatible:
const: renesas,r9a09g057-sys
reg:
maxItems: 1
clocks:
maxItems: 1
resets:
maxItems: 1
required:
- compatible
- reg
- clocks
- resets
additionalProperties: false
examples:
- |
sys: system-controller@10430000 {
compatible = "renesas,r9a09g057-sys";
reg = <0x10430000 0x10000>;
clocks = <&cpg 1>;
resets = <&cpg 1>;
};
@@ -513,6 +513,14 @@ properties:
- renesas,rzv2mevk2 # RZ/V2M Eval Board v2.0
- const: renesas,r9a09g011
- description: RZ/V2H(P) (R9A09G057)
items:
- enum:
- renesas,r9a09g057h41 # RZ/V2H
- renesas,r9a09g057h42 # RZ/V2H with Mali-G31 support
- renesas,r9a09g057h44 # RZ/V2HP with Mali-G31 + Mali-C55 support
- const: renesas,r9a09g057
additionalProperties: true
...
@@ -15,6 +15,7 @@ properties:
- items:
- enum:
- google,gs101-apm-sysreg
- google,gs101-hsi2-sysreg
- google,gs101-peric0-sysreg
- google,gs101-peric1-sysreg
- samsung,exynos3-sysreg
@@ -72,6 +73,7 @@ allOf:
compatible:
contains:
enum:
- google,gs101-hsi2-sysreg
- google,gs101-peric0-sysreg
- google,gs101-peric1-sysreg
- samsung,exynos850-cmgp-sysreg
@@ -65,6 +65,10 @@ properties:
$ref: audio-graph-port.yaml#
unevaluatedProperties: false
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- "#sound-dai-cells"
@@ -48,6 +48,10 @@ properties:
clock-names:
maxItems: 3
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -50,6 +50,10 @@ properties:
resets:
maxItems: 1
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- "#sound-dai-cells"
@@ -46,6 +46,10 @@ properties:
- const: tx
- const: rx
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -52,6 +52,10 @@ properties:
- const: rx
- const: tx
access-controllers:
minItems: 1
maxItems: 2
required:
- compatible
- reg
@@ -32,6 +32,7 @@ properties:
- enum:
- infineon,slb9673
- nuvoton,npct75x
- st,st33ktpm2xi2c
- const: tcg,tpm-tis-i2c
- description: TPM 1.2 and 2.0 chips with vendor-specific I²C interface
@@ -172,6 +172,10 @@ properties:
tpl-support: true
access-controllers:
minItems: 1
maxItems: 2
dependencies:
port: [ usb-role-switch ]
role-switch-default-mode: [ usb-role-switch ]
@@ -33,6 +33,7 @@ properties:
- fsl,imx7ulp-usbmisc
- fsl,imx8mm-usbmisc
- fsl,imx8mn-usbmisc
- fsl,imx8ulp-usbmisc
- const: fsl,imx7d-usbmisc
- const: fsl,imx6q-usbmisc
- items:
@@ -151,6 +151,8 @@ patternProperties:
description: ARM Ltd.
"^armadeus,.*":
description: ARMadeus Systems SARL
"^armsom,.*":
description: ArmSoM Technology Co., Ltd.
"^arrow,.*":
description: Arrow Electronics
"^artesyn,.*":
@@ -438,6 +440,8 @@ patternProperties:
description: Dongguan EmbedFire Electronic Technology Co., Ltd.
"^embest,.*":
description: Shenzhen Embest Technology Co., Ltd.
"^emcraft,.*":
description: Emcraft Systems
"^emlid,.*":
description: Emlid, Ltd.
"^emmicro,.*":
@@ -1627,6 +1631,8 @@ patternProperties:
description: Wondermedia Technologies, Inc.
"^wobo,.*":
description: Wobo
"^wolfvision,.*":
description: WolfVision GmbH
"^x-powers,.*":
description: X-Powers
"^xen,.*":
+1 -1
View File
@@ -61,7 +61,7 @@ DESCRIPTION
***********
Convert a C header or source file (C_FILE), into a ReStructured Text
Convert a C header or source file (C_FILE), into a reStructuredText
included via ..parsed-literal block with cross-references for the
documentation files that describe the API. It accepts an optional
EXCEPTIONS_FILE with describes what elements will be either ignored or
+2 -2
View File
@@ -196,8 +196,8 @@ eisa_bus.disable_dev
virtual_root.force_probe
Force the probing code to probe EISA slots even when it cannot find an
EISA compliant mainboard (nothing appears on slot 0). Defaults to 0
(don't force), and set to 1 (force probing) when either
CONFIG_ALPHA_JENSEN or CONFIG_EISA_VLB_PRIMING are set.
(don't force), and set to 1 (force probing) when
CONFIG_EISA_VLB_PRIMING is set.
Random notes
============
+1 -1
View File
@@ -462,7 +462,7 @@ statements is reduced. This is also reflected in the assembly code.
Analysis 3
==========
Very weird. Guess it has to do with caching or instruction parallellism
Very weird. Guess it has to do with caching or instruction parallelism
or so. I also tried on an eeePC (Celeron, clocked at 900 Mhz). Interesting
observation was that this one is only 30% slower (according to time)
executing the code as my 3Ghz D920 processor.
+1 -1
View File
@@ -259,7 +259,7 @@ attributes for Serial Attached SCSI, a variant of SATA aimed at large
high-end systems.
The SAS transport class contains common code to deal with SAS HBAs, an
aproximated representation of SAS topologies in the driver model, and
approximated representation of SAS topologies in the driver model, and
various sysfs attributes to expose these topologies and management
interfaces to userspace.
+1 -1
View File
@@ -422,7 +422,7 @@ USBDEVFS_CONNECTINFO
USBDEVFS_GET_SPEED
Returns the speed of the device. The speed is returned as a
nummerical value in accordance with enum usb_device_speed
numerical value in accordance with enum usb_device_speed
File modification time is not updated by this request.
+1 -1
View File
@@ -68,7 +68,7 @@ The expected flow for the consumers:
can be enabled for the device.
2. Call `amd_wbrf_register_notifier` to register for notification
of frequency band change(add or remove) from other producers.
3. Call the `amd_wbrf_retrieve_freq_band` initally to retrieve
3. Call the `amd_wbrf_retrieve_freq_band` initially to retrieve
current active frequency bands considering some producers may broadcast
such information before the consumer is up.
4. On receiving a notification for frequency band change, run
@@ -44,7 +44,7 @@ For our purposes all operations fall in 6 classes:
* decide which of the source and target need to be locked.
The source needs to be locked if it's a non-directory, target - if it's
a non-directory or about to be removed.
* take the locks that need to be taken (exlusive), in inode pointer order
* take the locks that need to be taken (exclusive), in inode pointer order
if need to take both (that can happen only when both source and target
are non-directories - the source because it wouldn't need to be locked
otherwise and the target because mixing directory and non-directory is
@@ -234,7 +234,7 @@ among the children, in some order. But that is also impossible, since
neither of the children is a descendent of another.
That concludes the proof, since the set of operations with the
properties requiered for a minimal deadlock can not exist.
properties required for a minimal deadlock can not exist.
Note that the check for having a common ancestor in cross-directory
rename is crucial - without it a deadlock would be possible. Indeed,
+2 -2
View File
@@ -858,7 +858,7 @@ be misspelled d_alloc_anon().
**mandatory**
[should've been added in 2016] stale comment in finish_open() nonwithstanding,
[should've been added in 2016] stale comment in finish_open() notwithstanding,
failure exits in ->atomic_open() instances should *NOT* fput() the file,
no matter what. Everything is handled by the caller.
@@ -989,7 +989,7 @@ This mechanism would only work for a single device so the block layer couldn't
find the owning superblock of any additional devices.
In the old mechanism reusing or creating a superblock for a racing mount(2) and
umount(2) relied on the file_system_type as the holder. This was severly
umount(2) relied on the file_system_type as the holder. This was severely
underdocumented however:
(1) Any concurrent mounter that managed to grab an active reference on an
+1 -1
View File
@@ -107,7 +107,7 @@ Other documentation
There are several unsorted documents that don't seem to fit on other parts
of the documentation body, or may require some adjustments and/or conversion
to ReStructured Text format, or are simply too old.
to reStructuredText format, or are simply too old.
.. toctree::
:maxdepth: 1
+45
View File
@@ -21,6 +21,51 @@ Atomic-RMW-ops-are-atomic-WRT-atomic_set.litmus
Test that atomic_set() cannot break the atomicity of atomic RMWs.
NOTE: Require herd7 7.56 or later which supports "(void)expr".
cmpxchg-fail-ordered-1.litmus
Demonstrate that a failing cmpxchg() operation acts as a full barrier
when followed by smp_mb__after_atomic().
cmpxchg-fail-ordered-2.litmus
Demonstrate that a failing cmpxchg() operation acts as an acquire
operation when followed by smp_mb__after_atomic().
cmpxchg-fail-unordered-1.litmus
Demonstrate that a failing cmpxchg() operation does not act as a
full barrier.
cmpxchg-fail-unordered-2.litmus
Demonstrate that a failing cmpxchg() operation does not act as an
acquire operation.
locking (/locking directory)
----------------------------
DCL-broken.litmus
Demonstrates that double-checked locking needs more than just
the obvious lock acquisitions and releases.
DCL-fixed.litmus
Demonstrates corrected double-checked locking that uses
smp_store_release() and smp_load_acquire() in addition to the
obvious lock acquisitions and releases.
RM-broken.litmus
Demonstrates problems with "roach motel" locking, where code is
freely moved into lock-based critical sections. This example also
shows how to use the "filter" clause to discard executions that
would be excluded by other code not modeled in the litmus test.
Note also that this "roach motel" optimization is emulated by
physically moving P1()'s two reads from x under the lock.
What is a roach motel? This is from an old advertisement for
a cockroach trap, much later featured in one of the "Men in
Black" movies. "The roaches check in. They don't check out."
RM-fixed.litmus
The counterpart to RM-broken.litmus, showing P0()'s two loads from
x safely outside of the critical section.
RCU (/rcu directory)
--------------------
@@ -0,0 +1,35 @@
C cmpxchg-fail-ordered-1
(*
* Result: Never
*
* Demonstrate that a failing cmpxchg() operation will act as a full
* barrier when followed by smp_mb__after_atomic().
*)
{}
P0(int *x, int *y, int *z)
{
int r0;
int r1;
WRITE_ONCE(*x, 1);
r1 = cmpxchg(z, 1, 0);
smp_mb__after_atomic();
r0 = READ_ONCE(*y);
}
P1(int *x, int *y, int *z)
{
int r0;
int r1;
WRITE_ONCE(*y, 1);
r1 = cmpxchg(z, 1, 0);
smp_mb__after_atomic();
r0 = READ_ONCE(*x);
}
locations[0:r1;1:r1]
exists (0:r0=0 /\ 1:r0=0)
@@ -0,0 +1,30 @@
C cmpxchg-fail-ordered-2
(*
* Result: Never
*
* Demonstrate use of smp_mb__after_atomic() to make a failing cmpxchg
* operation have acquire ordering.
*)
{}
P0(int *x, int *y)
{
int r1;
WRITE_ONCE(*x, 1);
r1 = cmpxchg(y, 0, 1);
}
P1(int *x, int *y)
{
int r1;
int r2;
r1 = cmpxchg(y, 0, 1);
smp_mb__after_atomic();
r2 = READ_ONCE(*x);
}
exists (0:r1=0 /\ 1:r1=1 /\ 1:r2=0)
@@ -0,0 +1,34 @@
C cmpxchg-fail-unordered-1
(*
* Result: Sometimes
*
* Demonstrate that a failing cmpxchg() operation does not act as a
* full barrier. (In contrast, a successful cmpxchg() does act as a
* full barrier.)
*)
{}
P0(int *x, int *y, int *z)
{
int r0;
int r1;
WRITE_ONCE(*x, 1);
r1 = cmpxchg(z, 1, 0);
r0 = READ_ONCE(*y);
}
P1(int *x, int *y, int *z)
{
int r0;
int r1;
WRITE_ONCE(*y, 1);
r1 = cmpxchg(z, 1, 0);
r0 = READ_ONCE(*x);
}
locations[0:r1;1:r1]
exists (0:r0=0 /\ 1:r0=0)
@@ -0,0 +1,30 @@
C cmpxchg-fail-unordered-2
(*
* Result: Sometimes
*
* Demonstrate that a failing cmpxchg() operation does not act as either
* an acquire release operation. (In contrast, a successful cmpxchg()
* does act as both an acquire and a release operation.)
*)
{}
P0(int *x, int *y)
{
int r1;
WRITE_ONCE(*x, 1);
r1 = cmpxchg(y, 0, 1);
}
P1(int *x, int *y)
{
int r1;
int r2;
r1 = cmpxchg(y, 0, 1);
r2 = READ_ONCE(*x);
}
exists (0:r1=0 /\ 1:r1=1 /\ 1:r2=0)
+1 -1
View File
@@ -80,7 +80,7 @@ to the dentry cache with::
Debugging options may require the minimum possible slab order to increase as
a result of storing the metadata (for example, caches with PAGE_SIZE object
sizes). This has a higher liklihood of resulting in slab allocation errors
sizes). This has a higher likelihood of resulting in slab allocation errors
in low memory situations or if there's high fragmentation of memory. To
switch off debugging for such caches by default, use::
@@ -284,7 +284,7 @@ What else is there to known about regressions?
Check out Documentation/admin-guide/reporting-regressions.rst, it covers a lot
of other aspects you want might want to be aware of:
* the purpose of the "no regressions rule"
* the purpose of the "no regressions" rule
* what issues actually qualify as regression
+110 -124
View File
@@ -6,29 +6,29 @@ Everything you ever wanted to know about Linux -stable releases
Rules on what kind of patches are accepted, and which ones are not, into the
"-stable" tree:
- It or an equivalent fix must already exist in Linus' tree (upstream).
- It must be obviously correct and tested.
- It cannot be bigger than 100 lines, with context.
- It must follow the
:ref:`Documentation/process/submitting-patches.rst <submittingpatches>`
rules.
- It must either fix a real bug that bothers people or just add a device ID.
To elaborate on the former:
- It or an equivalent fix must already exist in Linux mainline (upstream).
- It must be obviously correct and tested.
- It cannot be bigger than 100 lines, with context.
- It must follow the
:ref:`Documentation/process/submitting-patches.rst <submittingpatches>`
rules.
- It must either fix a real bug that bothers people or just add a device ID.
To elaborate on the former:
- It fixes a problem like an oops, a hang, data corruption, a real security
issue, a hardware quirk, a build error (but not for things marked
CONFIG_BROKEN), or some "oh, that's not good" issue.
- Serious issues as reported by a user of a distribution kernel may also
be considered if they fix a notable performance or interactivity issue.
As these fixes are not as obvious and have a higher risk of a subtle
regression they should only be submitted by a distribution kernel
maintainer and include an addendum linking to a bugzilla entry if it
exists and additional information on the user-visible impact.
- No "This could be a problem..." type of things like a "theoretical race
condition", unless an explanation of how the bug can be exploited is also
provided.
- No "trivial" fixes without benefit for users (spelling changes, whitespace
cleanups, etc).
- It fixes a problem like an oops, a hang, data corruption, a real security
issue, a hardware quirk, a build error (but not for things marked
CONFIG_BROKEN), or some "oh, that's not good" issue.
- Serious issues as reported by a user of a distribution kernel may also
be considered if they fix a notable performance or interactivity issue.
As these fixes are not as obvious and have a higher risk of a subtle
regression they should only be submitted by a distribution kernel
maintainer and include an addendum linking to a bugzilla entry if it
exists and additional information on the user-visible impact.
- No "This could be a problem..." type of things like a "theoretical race
condition", unless an explanation of how the bug can be exploited is also
provided.
- No "trivial" fixes without benefit for users (spelling changes, whitespace
cleanups, etc).
Procedure for submitting patches to the -stable tree
@@ -42,11 +42,11 @@ Procedure for submitting patches to the -stable tree
There are three options to submit a change to -stable trees:
1. Add a 'stable tag' to the description of a patch you then submit for
mainline inclusion.
2. Ask the stable team to pick up a patch already mainlined.
3. Submit a patch to the stable team that is equivalent to a change already
mainlined.
1. Add a 'stable tag' to the description of a patch you then submit for
mainline inclusion.
2. Ask the stable team to pick up a patch already mainlined.
3. Submit a patch to the stable team that is equivalent to a change already
mainlined.
The sections below describe each of the options in more detail.
@@ -68,82 +68,72 @@ Option 1
********
To have a patch you submit for mainline inclusion later automatically picked up
for stable trees, add the tag
for stable trees, add this tag in the sign-off area::
.. code-block:: none
Cc: stable@vger.kernel.org
Cc: stable@vger.kernel.org
Use ``Cc: stable@kernel.org`` instead when fixing unpublished vulnerabilities:
it reduces the chance of accidentally exposing the fix to the public by way of
'git send-email', as mails sent to that address are not delivered anywhere.
in the sign-off area. Once the patch is mainlined it will be applied to the
stable tree without anything else needing to be done by the author or
subsystem maintainer.
Once the patch is mainlined it will be applied to the stable tree without
anything else needing to be done by the author or subsystem maintainer.
To sent additional instructions to the stable team, use a shell-style inline
comment:
To send additional instructions to the stable team, use a shell-style inline
comment to pass arbitrary or predefined notes:
* To specify any additional patch prerequisites for cherry picking use the
following format in the sign-off area:
* Specify any additional patch prerequisites for cherry picking::
.. code-block:: none
Cc: <stable@vger.kernel.org> # 3.3.x: a1f84a3: sched: Check for idle
Cc: <stable@vger.kernel.org> # 3.3.x: 1b9508f: sched: Rate-limit newidle
Cc: <stable@vger.kernel.org> # 3.3.x: fd21073: sched: Fix affinity logic
Cc: <stable@vger.kernel.org> # 3.3.x
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: <stable@vger.kernel.org> # 3.3.x: a1f84a3: sched: Check for idle
Cc: <stable@vger.kernel.org> # 3.3.x: 1b9508f: sched: Rate-limit newidle
Cc: <stable@vger.kernel.org> # 3.3.x: fd21073: sched: Fix affinity logic
Cc: <stable@vger.kernel.org> # 3.3.x
Signed-off-by: Ingo Molnar <mingo@elte.hu>
The tag sequence has the meaning of::
The tag sequence has the meaning of:
git cherry-pick a1f84a3
git cherry-pick 1b9508f
git cherry-pick fd21073
git cherry-pick <this commit>
.. code-block:: none
Note that for a patch series, you do not have to list as prerequisites the
patches present in the series itself. For example, if you have the following
patch series::
git cherry-pick a1f84a3
git cherry-pick 1b9508f
git cherry-pick fd21073
git cherry-pick <this commit>
patch1
patch2
Note that for a patch series, you do not have to list as prerequisites the
patches present in the series itself. For example, if you have the following
patch series:
where patch2 depends on patch1, you do not have to list patch1 as
prerequisite of patch2 if you have already marked patch1 for stable
inclusion.
.. code-block:: none
* Point out kernel version prerequisites::
patch1
patch2
Cc: <stable@vger.kernel.org> # 3.3.x
where patch2 depends on patch1, you do not have to list patch1 as
prerequisite of patch2 if you have already marked patch1 for stable
inclusion.
The tag has the meaning of::
* For patches that may have kernel version prerequisites specify them using
the following format in the sign-off area:
git cherry-pick <this commit>
.. code-block:: none
For each "-stable" tree starting with the specified version.
Cc: <stable@vger.kernel.org> # 3.3.x
Note, such tagging is unnecessary if the stable team can derive the
appropriate versions from Fixes: tags.
The tag has the meaning of:
* Delay pick up of patches::
.. code-block:: none
Cc: <stable@vger.kernel.org> # after -rc3
git cherry-pick <this commit>
* Point out known problems::
For each "-stable" tree starting with the specified version.
Cc: <stable@vger.kernel.org> # see patch description, needs adjustments for <= 6.3
Note, such tagging is unnecessary if the stable team can derive the
appropriate versions from Fixes: tags.
There furthermore is a variant of the stable tag you can use to make the stable
team's backporting tools (e.g AUTOSEL or scripts that look for commits
containing a 'Fixes:' tag) ignore a change::
* To delay pick up of patches, use the following format:
.. code-block:: none
Cc: <stable@vger.kernel.org> # after 4 weeks in mainline
* For any other requests, just add a note to the stable tag. This for example
can be used to point out known problems:
.. code-block:: none
Cc: <stable@vger.kernel.org> # see patch description, needs adjustments for <= 6.3
Cc: <stable+noautosel@kernel.org> # reason goes here, and must be present
.. _option_2:
@@ -163,17 +153,13 @@ Option 3
Send the patch, after verifying that it follows the above rules, to
stable@vger.kernel.org and mention the kernel versions you wish it to be applied
to. When doing so, you must note the upstream commit ID in the changelog of your
submission with a separate line above the commit text, like this:
submission with a separate line above the commit text, like this::
.. code-block:: none
commit <sha1> upstream.
commit <sha1> upstream.
Or alternatively::
or alternatively:
.. code-block:: none
[ Upstream commit <sha1> ]
[ Upstream commit <sha1> ]
If the submitted patch deviates from the original upstream patch (for example
because it had to be adjusted for the older API), this must be very clearly
@@ -194,55 +180,55 @@ developers and by the relevant subsystem maintainer.
Review cycle
------------
- When the -stable maintainers decide for a review cycle, the patches will be
sent to the review committee, and the maintainer of the affected area of
the patch (unless the submitter is the maintainer of the area) and CC: to
the linux-kernel mailing list.
- The review committee has 48 hours in which to ACK or NAK the patch.
- If the patch is rejected by a member of the committee, or linux-kernel
members object to the patch, bringing up issues that the maintainers and
members did not realize, the patch will be dropped from the queue.
- The ACKed patches will be posted again as part of release candidate (-rc)
to be tested by developers and testers.
- Usually only one -rc release is made, however if there are any outstanding
issues, some patches may be modified or dropped or additional patches may
be queued. Additional -rc releases are then released and tested until no
issues are found.
- Responding to the -rc releases can be done on the mailing list by sending
a "Tested-by:" email with any testing information desired. The "Tested-by:"
tags will be collected and added to the release commit.
- At the end of the review cycle, the new -stable release will be released
containing all the queued and tested patches.
- Security patches will be accepted into the -stable tree directly from the
security kernel team, and not go through the normal review cycle.
Contact the kernel security team for more details on this procedure.
- When the -stable maintainers decide for a review cycle, the patches will be
sent to the review committee, and the maintainer of the affected area of
the patch (unless the submitter is the maintainer of the area) and CC: to
the linux-kernel mailing list.
- The review committee has 48 hours in which to ACK or NAK the patch.
- If the patch is rejected by a member of the committee, or linux-kernel
members object to the patch, bringing up issues that the maintainers and
members did not realize, the patch will be dropped from the queue.
- The ACKed patches will be posted again as part of release candidate (-rc)
to be tested by developers and testers.
- Usually only one -rc release is made, however if there are any outstanding
issues, some patches may be modified or dropped or additional patches may
be queued. Additional -rc releases are then released and tested until no
issues are found.
- Responding to the -rc releases can be done on the mailing list by sending
a "Tested-by:" email with any testing information desired. The "Tested-by:"
tags will be collected and added to the release commit.
- At the end of the review cycle, the new -stable release will be released
containing all the queued and tested patches.
- Security patches will be accepted into the -stable tree directly from the
security kernel team, and not go through the normal review cycle.
Contact the kernel security team for more details on this procedure.
Trees
-----
- The queues of patches, for both completed versions and in progress
versions can be found at:
- The queues of patches, for both completed versions and in progress
versions can be found at:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git
- The finalized and tagged releases of all stable kernels can be found
in separate branches per version at:
- The finalized and tagged releases of all stable kernels can be found
in separate branches per version at:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- The release candidate of all stable kernel versions can be found at:
- The release candidate of all stable kernel versions can be found at:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/
.. warning::
The -stable-rc tree is a snapshot in time of the stable-queue tree and
will change frequently, hence will be rebased often. It should only be
used for testing purposes (e.g. to be consumed by CI systems).
.. warning::
The -stable-rc tree is a snapshot in time of the stable-queue tree and
will change frequently, hence will be rebased often. It should only be
used for testing purposes (e.g. to be consumed by CI systems).
Review committee
----------------
- This is made up of a number of kernel developers who have volunteered for
this task, and a few that haven't.
- This is made up of a number of kernel developers who have volunteered for
this task, and a few that haven't.
+1 -1
View File
@@ -81,7 +81,7 @@ A summary of the ``@optname`` entries is as follows::
destination addresses.
SCTP_SENDMSG_CONNECT - Initiate a connection that is generated by a
sendmsg(2) or sctp_sendmsg(3) on a new asociation.
sendmsg(2) or sctp_sendmsg(3) on a new association.
SCTP_PRIMARY_ADDR - Set local primary address.
@@ -42,6 +42,14 @@ safe.
randomly generated and fused into each SoC at manufacturing time.
Otherwise, a common fixed test key is used instead.
(4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
Rooted to a one-time programmable key (OTP) that is generally burnt
in the on-chip fuses and is accessible to the DCP encryption engine only.
DCP provides two keys that can be used as root of trust: the OTP key
and the UNIQUE key. Default is to use the UNIQUE key, but selecting
the OTP key can be done via a module parameter (dcp_use_otp_key).
* Execution isolation
(1) TPM
@@ -57,6 +65,12 @@ safe.
Fixed set of operations running in isolated execution environment.
(4) DCP
Fixed set of cryptographic operations running in isolated execution
environment. Only basic blob key encryption is executed there.
The actual key sealing/unsealing is done on main processor/kernel space.
* Optional binding to platform integrity state
(1) TPM
@@ -79,6 +93,11 @@ safe.
Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
for platform integrity.
(4) DCP
Relies on Secure/Trusted boot process (called HAB by vendor) for
platform integrity.
* Interfaces and APIs
(1) TPM
@@ -94,6 +113,11 @@ safe.
Interface is specific to silicon vendor.
(4) DCP
Vendor-specific API that is implemented as part of the DCP crypto driver in
``drivers/crypto/mxs-dcp.c``.
* Threat model
The strength and appropriateness of a particular trust source for a given
@@ -129,6 +153,13 @@ selected trust source:
CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device
is probed.
* DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
The DCP hardware device itself does not provide a dedicated RNG interface,
so the kernel default RNG is used. SoCs with DCP like the i.MX6ULL do have
a dedicated hardware RNG that is independent from DCP which can be enabled
to back the kernel RNG.
Users may override this by specifying ``trusted.rng=kernel`` on the kernel
command-line to override the used RNG with the kernel's random number pool.
@@ -231,6 +262,19 @@ Usage::
CAAM-specific format. The key length for new keys is always in bytes.
Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
Trusted Keys usage: DCP
-----------------------
Usage::
keyctl add trusted name "new keylen" ring
keyctl add trusted name "load hex_blob" ring
keyctl print keyid
"keyctl print" returns an ASCII hex copy of the sealed key, which is in format
specific to this DCP key-blob implementation. The key length for new keys is
always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
Encrypted Keys usage
--------------------
@@ -426,3 +470,12 @@ string length.
privkey is the binary representation of TPM2B_PUBLIC excluding the
initial TPM2B header which can be reconstructed from the ASN.1 octed
string length.
DCP Blob Format
---------------
.. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c
:doc: dcp blob format
.. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c
:identifiers: struct dcp_blob_fmt
@@ -4,7 +4,7 @@ Confidential Computing in Linux for x86 virtualization
.. contents:: :local:
By: Elena Reshetova <elena.reshetova@intel.com> and Carlos Bilbao <carlos.bilbao@amd.com>
By: Elena Reshetova <elena.reshetova@intel.com> and Carlos Bilbao <carlos.bilbao.osdev@gmail.com>
Motivation
==========
+2
View File
@@ -5,6 +5,8 @@ Trusted Platform Module documentation
.. toctree::
tpm_event_log
tpm-security
tpm_tis
tpm_vtpm_proxy
xen-tpmfront
tpm_ftpm_tee
+216
View File
@@ -0,0 +1,216 @@
.. SPDX-License-Identifier: GPL-2.0-only
TPM Security
============
The object of this document is to describe how we make the kernel's
use of the TPM reasonably robust in the face of external snooping and
packet alteration attacks (called passive and active interposer attack
in the literature). The current security document is for TPM 2.0.
Introduction
------------
The TPM is usually a discrete chip attached to a PC via some type of
low bandwidth bus. There are exceptions to this such as the Intel
PTT, which is a software TPM running inside a software environment
close to the CPU, which are subject to different attacks, but right at
the moment, most hardened security environments require a discrete
hardware TPM, which is the use case discussed here.
Snooping and Alteration Attacks against the bus
-----------------------------------------------
The current state of the art for snooping the `TPM Genie`_ hardware
interposer which is a simple external device that can be installed in
a couple of seconds on any system or laptop. Recently attacks were
successfully demonstrated against the `Windows Bitlocker TPM`_ system.
Most recently the same `attack against TPM based Linux disk
encryption`_ schemes. The next phase of research seems to be hacking
existing devices on the bus to act as interposers, so the fact that
the attacker requires physical access for a few seconds might
evaporate. However, the goal of this document is to protect TPM
secrets and integrity as far as we are able in this environment and to
try to insure that if we can't prevent the attack then at least we can
detect it.
Unfortunately, most of the TPM functionality, including the hardware
reset capability can be controlled by an attacker who has access to
the bus, so we'll discuss some of the disruption possibilities below.
Measurement (PCR) Integrity
---------------------------
Since the attacker can send their own commands to the TPM, they can
send arbitrary PCR extends and thus disrupt the measurement system,
which would be an annoying denial of service attack. However, there
are two, more serious, classes of attack aimed at entities sealed to
trust measurements.
1. The attacker could intercept all PCR extends coming from the system
and completely substitute their own values, producing a replay of
an untampered state that would cause PCR measurements to attest to
a trusted state and release secrets
2. At some point in time the attacker could reset the TPM, clearing
the PCRs and then send down their own measurements which would
effectively overwrite the boot time measurements the TPM has
already done.
The first can be thwarted by always doing HMAC protection of the PCR
extend and read command meaning measurement values cannot be
substituted without producing a detectable HMAC failure in the
response. However, the second can only really be detected by relying
on some sort of mechanism for protection which would change over TPM
reset.
Secrets Guarding
----------------
Certain information passing in and out of the TPM, such as key sealing
and private key import and random number generation, is vulnerable to
interception which HMAC protection alone cannot protect against, so
for these types of command we must also employ request and response
encryption to prevent the loss of secret information.
Establishing Initial Trust with the TPM
---------------------------------------
In order to provide security from the beginning, an initial shared or
asymmetric secret must be established which must also be unknown to
the attacker. The most obvious avenues for this are the endorsement
and storage seeds, which can be used to derive asymmetric keys.
However, using these keys is difficult because the only way to pass
them into the kernel would be on the command line, which requires
extensive support in the boot system, and there's no guarantee that
either hierarchy would not have some type of authorization.
The mechanism chosen for the Linux Kernel is to derive the primary
elliptic curve key from the null seed using the standard storage seed
parameters. The null seed has two advantages: firstly the hierarchy
physically cannot have an authorization, so we are always able to use
it and secondly, the null seed changes across TPM resets, meaning if
we establish trust on the null seed at start of day, all sessions
salted with the derived key will fail if the TPM is reset and the seed
changes.
Obviously using the null seed without any other prior shared secrets,
we have to create and read the initial public key which could, of
course, be intercepted and substituted by the bus interposer.
However, the TPM has a key certification mechanism (using the EK
endorsement certificate, creating an attestation identity key and
certifying the null seed primary with that key) which is too complex
to run within the kernel, so we keep a copy of the null primary key
name, which is what is exported via sysfs so user-space can run the
full certification when it boots. The definitive guarantee here is
that if the null primary key certifies correctly, you know all your
TPM transactions since start of day were secure and if it doesn't, you
know there's an interposer on your system (and that any secret used
during boot may have been leaked).
Stacking Trust
--------------
In the current null primary scenario, the TPM must be completely
cleared before handing it on to the next consumer. However the kernel
hands to user-space the name of the derived null seed key which can
then be verified by certification in user-space. Therefore, this chain
of name handoff can be used between the various boot components as
well (via an unspecified mechanism). For instance, grub could use the
null seed scheme for security and hand the name off to the kernel in
the boot area. The kernel could make its own derivation of the key
and the name and know definitively that if they differ from the handed
off version that tampering has occurred. Thus it becomes possible to
chain arbitrary boot components together (UEFI to grub to kernel) via
the name handoff provided each successive component knows how to
collect the name and verifies it against its derived key.
Session Properties
------------------
All TPM commands the kernel uses allow sessions. HMAC sessions may be
used to check the integrity of requests and responses and decrypt and
encrypt flags may be used to shield parameters and responses. The
HMAC and encryption keys are usually derived from the shared
authorization secret, but for a lot of kernel operations that is well
known (and usually empty). Thus, every HMAC session used by the
kernel must be created using the null primary key as the salt key
which thus provides a cryptographic input into the session key
derivation. Thus, the kernel creates the null primary key once (as a
volatile TPM handle) and keeps it around in a saved context stored in
tpm_chip for every in-kernel use of the TPM. Currently, because of a
lack of de-gapping in the in-kernel resource manager, the session must
be created and destroyed for each operation, but, in future, a single
session may also be reused for the in-kernel HMAC, encryption and
decryption sessions.
Protection Types
----------------
For every in-kernel operation we use null primary salted HMAC to
protect the integrity. Additionally, we use parameter encryption to
protect key sealing and parameter decryption to protect key unsealing
and random number generation.
Null Primary Key Certification in Userspace
===========================================
Every TPM comes shipped with a couple of X.509 certificates for the
primary endorsement key. This document assumes that the Elliptic
Curve version of the certificate exists at 01C00002, but will work
equally well with the RSA certificate (at 01C00001).
The first step in the certification is primary creation using the
template from the `TCG EK Credential Profile`_ which allows comparison
of the generated primary key against the one in the certificate (the
public key must match). Note that generation of the EK primary
requires the EK hierarchy password, but a pre-generated version of the
EC primary should exist at 81010002 and a TPM2_ReadPublic() may be
performed on this without needing the key authority. Next, the
certificate itself must be verified to chain back to the manufacturer
root (which should be published on the manufacturer website). Once
this is done, an attestation key (AK) is generated within the TPM and
it's name and the EK public key can be used to encrypt a secret using
TPM2_MakeCredential. The TPM then runs TPM2_ActivateCredential which
will only recover the secret if the binding between the TPM, the EK
and the AK is true. the generated AK may now be used to run a
certification of the null primary key whose name the kernel has
exported. Since TPM2_MakeCredential/ActivateCredential are somewhat
complicated, a more simplified process involving an externally
generated private key is described below.
This process is a simplified abbreviation of the usual privacy CA
based attestation process. The assumption here is that the
attestation is done by the TPM owner who thus has access to only the
owner hierarchy. The owner creates an external public/private key
pair (assume elliptic curve in this case) and wraps the private key
for import using an inner wrapping process and parented to the EC
derived storage primary. The TPM2_Import() is done using a parameter
decryption HMAC session salted to the EK primary (which also does not
require the EK key authority) meaning that the inner wrapping key is
the encrypted parameter and thus the TPM will not be able to perform
the import unless is possesses the certified EK so if the command
succeeds and the HMAC verifies on return we know we have a loadable
copy of the private key only for the certified TPM. This key is now
loaded into the TPM and the Storage primary flushed (to free up space
for the null key generation).
The null EC primary is now generated using the Storage profile
outlined in the `TCG TPM v2.0 Provisioning Guidance`_; the name of
this key (the hash of the public area) is computed and compared to the
null seed name presented by the kernel in
/sys/class/tpm/tpm0/null_name. If the names do not match, the TPM is
compromised. If the names match, the user performs a TPM2_Certify()
using the null primary as the object handle and the loaded private key
as the sign handle and providing randomized qualifying data. The
signature of the returned certifyInfo is verified against the public
part of the loaded private key and the qualifying data checked to
prevent replay. If all of these tests pass, the user is now assured
that TPM integrity and privacy was preserved across the entire boot
sequence of this kernel.
.. _TPM Genie: https://www.nccgroup.trust/globalassets/about-us/us/documents/tpm-genie.pdf
.. _Windows Bitlocker TPM: https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
.. _attack against TPM based Linux disk encryption: https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets
.. _TCG EK Credential Profile: https://trustedcomputinggroup.org/resource/tcg-ek-credential-profile-for-tpm-family-2-0/
.. _TCG TPM v2.0 Provisioning Guidance: https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/
+46
View File
@@ -0,0 +1,46 @@
.. SPDX-License-Identifier: GPL-2.0
=========================
TPM FIFO interface driver
=========================
TCG PTP Specification defines two interface types: FIFO and CRB. The former is
based on sequenced read and write operations, and the latter is based on a
buffer containing the full command or response.
FIFO (First-In-First-Out) interface is used by the tpm_tis_core dependent
drivers. Originally Linux had only a driver called tpm_tis, which covered
memory mapped (aka MMIO) interface but it was later on extended to cover other
physical interfaces supported by the TCG standard.
For historical reasons above the original MMIO driver is called tpm_tis and the
framework for FIFO drivers is named as tpm_tis_core. The postfix "tis" in
tpm_tis comes from the TPM Interface Specification, which is the hardware
interface specification for TPM 1.x chips.
Communication is based on a 20 KiB buffer shared by the TPM chip through a
hardware bus or memory map, depending on the physical wiring. The buffer is
further split into five equal-size 4 KiB buffers, which provide equivalent
sets of registers for communication between the CPU and TPM. These
communication endpoints are called localities in the TCG terminology.
When the kernel wants to send commands to the TPM chip, it first reserves
locality 0 by setting the requestUse bit in the TPM_ACCESS register. The bit is
cleared by the chip when the access is granted. Once it completes its
communication, the kernel writes the TPM_ACCESS.activeLocality bit. This
informs the chip that the locality has been relinquished.
Pending localities are served in order by the chip in descending order, one at
a time:
- Locality 0 has the lowest priority.
- Locality 5 has the highest priority.
Further information on the purpose and meaning of the localities can be found
in section 3.2 of the TCG PC Client Platform TPM Profile Specification.
References
==========
TCG PC Client Platform TPM Profile (PTP) Specification
https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/
-1
View File
@@ -97,7 +97,6 @@ class KernelInclude(Include):
# HINT: this is the only line I had to change / commented out:
#path = utils.relative_path(None, path)
path = nodes.reprunicode(path)
encoding = self.options.get(
'encoding', self.state.document.settings.input_encoding)
e_handler=self.state.document.settings.input_encoding_error_handler
+5 -4
View File
@@ -215,11 +215,12 @@
due to the lack of suitable font families and/or the texlive-xecjk
package.
If you want them, please install ``Noto Sans CJK'' font families
along with the texlive-xecjk package by following instructions from
If you want them, please install non-variable ``Noto Sans CJK''
font families along with the texlive-xecjk package by following
instructions from
\sphinxcode{./scripts/sphinx-pre-install}.
Having optional ``Noto Serif CJK'' font families will improve
the looks of those translations.
Having optional non-variable ``Noto Serif CJK'' font families will
improve the looks of those translations.
\end{sphinxadmonition}}
\newcommand{\kerneldocEndSC}{}
\newcommand{\kerneldocBeginTC}[1]{}
+1
View File
@@ -10,6 +10,7 @@ TEE Subsystem
tee
op-tee
amd-tee
ts-tee
.. only:: subproject and html
+71
View File
@@ -0,0 +1,71 @@
.. SPDX-License-Identifier: GPL-2.0
=================================
TS-TEE (Trusted Services project)
=================================
This driver provides access to secure services implemented by Trusted Services.
Trusted Services [1] is a TrustedFirmware.org project that provides a framework
for developing and deploying device Root of Trust services in FF-A [2] S-EL0
Secure Partitions. The project hosts the reference implementation of the Arm
Platform Security Architecture [3] for Arm A-profile devices.
The FF-A Secure Partitions (SP) are accessible through the FF-A driver [4] which
provides the low level communication for this driver. On top of that the Trusted
Services RPC protocol is used [5]. To use the driver from user space a reference
implementation is provided at [6], which is part of the Trusted Services client
library called libts [7].
All Trusted Services (TS) SPs have the same FF-A UUID; it identifies the TS RPC
protocol. A TS SP can host one or more services (e.g. PSA Crypto, PSA ITS, etc).
A service is identified by its service UUID; the same type of service cannot be
present twice in the same SP. During SP boot each service in the SP is assigned
an "interface ID". This is just a short ID to simplify message addressing.
The generic TEE design is to share memory at once with the Trusted OS, which can
then be reused to communicate with multiple applications running on the Trusted
OS. However, in case of FF-A, memory sharing works on an endpoint level, i.e.
memory is shared with a specific SP. User space has to be able to separately
share memory with each SP based on its endpoint ID; therefore a separate TEE
device is registered for each discovered TS SP. Opening the SP corresponds to
opening the TEE device and creating a TEE context. A TS SP hosts one or more
services. Opening a service corresponds to opening a session in the given
tee_context.
Overview of a system with Trusted Services components::
User space Kernel space Secure world
~~~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~~~
+--------+ +-------------+
| Client | | Trusted |
+--------+ | Services SP |
/\ +-------------+
|| /\
|| ||
|| ||
\/ \/
+-------+ +----------+--------+ +-------------+
| libts | | TEE | TS-TEE | | FF-A SPMC |
| | | subsys | driver | | + SPMD |
+-------+----------------+----+-----+--------+-----------+-------------+
| Generic TEE API | | FF-A | TS RPC protocol |
| IOCTL (TEE_IOC_*) | | driver | over FF-A |
+-----------------------------+ +--------+-------------------------+
References
==========
[1] https://www.trustedfirmware.org/projects/trusted-services/
[2] https://developer.arm.com/documentation/den0077/
[3] https://www.arm.com/architecture/security-features/platform-security
[4] drivers/firmware/arm_ffa/
[5] https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi
[6] https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c?h=v1.0.0
[7] https://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeLists.txt?h=v1.0.0
+2 -2
View File
@@ -74,7 +74,7 @@ Function arguments at exit
--------------------------
Function arguments can be accessed at exit probe using $arg<N> fetcharg. This
is useful to record the function parameter and return value at once, and
trace the difference of structure fields (for debuging a function whether it
trace the difference of structure fields (for debugging a function whether it
correctly updates the given data structure or not)
See the :ref:`sample<fprobetrace_exit_args_sample>` below for how it works.
@@ -248,4 +248,4 @@ mode. You can trace that changes with return probe.
cat-143 [007] ...1. 1945.720616: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x1 inode=0x0
cat-143 [007] ...1. 1945.728263: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0xa800d inode=0xffff888004ada8d8
You can see the `file::f_mode` and `file::f_inode` are upated in `vfs_open()`.
You can see the `file::f_mode` and `file::f_inode` are updated in `vfs_open()`.
+1 -1
View File
@@ -1968,7 +1968,7 @@ wakeup
One common case that people are interested in tracing is the
time it takes for a task that is woken to actually wake up.
Now for non Real-Time tasks, this can be arbitrary. But tracing
it none the less can be interesting.
it nonetheless can be interesting.
Without function tracing::

Some files were not shown because too many files have changed in this diff Show More