Hi,
The top of the master branch has been tagged [1] as part of the integration drop 1.6.1.
Below is the changelog for kernel users, since the previous integration drop (1.6).
PCuABI-related changes ----------------------
An important milestone has been reached regarding the support for the pure-capability kernel-user ABI (PCuABI). So far, our efforts have been focused on functional support for the ABI, and we have reached a satisfactory level of compliance. We are now progressively shifting towards the security aspects of the ABI, in other words checking capabilities provided by userspace and narrowing the bounds and permissions of those provided to userspace, as per the PCuABI specification [2]. A few aspects have now been implemented, see the last two items below.
* The io_uring and AIO subsystems have been modified to operate on full capabilities in PCuABI. See the PCuABI specification [3] for further details concerning io_uring (update for AIO coming soon). * The futex_waitv syscall has been modified to read full capabilities in PCuABI. Updated struct definitions are available in the PCuABI specification [4] (in addition to the relevant uapi headers). * The bounds of all user capabilities have been narrowed to the user address space (48-bit by default), in both PCuABI and the standard AArch64 ABI. * Capabilities passed to the futex syscall are now checked for validity by directly using them to access memory.
Other changes -------------
* All CHERI/Morelo-related documentation can now be found under Documentation/cheri [5] (or linked from there). * Support for kernel modules has been enabled. * The following drivers have been enabled in morello_transitional_pcuabi_defconfig: NFS (including NFS rootfs), TUN, TAP, CoreSight. * The Morello kselftests can now be built with GCC. * The branch has been rebased on the 6.4 upstream release. No Morello-related user-visible change is expected, see this email [6] for details.
Bug fixes ---------
* The fcntl syscall used to treat its optional third argument as a 64-bit integer, where the command expects an integer, instead of the documented 32-bit. In certain cases, it also assumed that the upper 32 bits are zeroes. This cannot be guaranteed in general, especially not in the Morello purecap variadic PCS. fnctl now always treats an integer argument as 32-bit. This issue has also been fixed upstream [7]. * In a standard AArch64 process (compat64), a stale SP value could be set when delivering two signal consecutively. Additionally, if the interrupted context was running in Restricted, the signal was incorrectly delivered on the Restricted stack (instead of Executive). Both of these issues have been fixed.
Contributions -------------
Kudos to everyone who has contributed to Morello Linux! Here are the contributors and number of patches since the previous integration drop:
28 Kevin Brodsky kevin.brodsky@arm.com 20 Tudor Cretu tudor.cretu@arm.com 13 Amit Daniel Kachhap amit.kachhap@arm.com 11 Luca Vizzarro Luca.Vizzarro@arm.com 3 Pawel Zalewski pzalewski@thegoodpenguin.co.uk 2 Harrison Marcks hmarcks@thegoodpenguin.co.uk 2 Kristina Martsenko kristina.martsenko@arm.com 2 Vincenzo Frascino vincenzo.frascino@arm.com 1 Harry Ramsey harry.ramsey@arm.com
Special thanks are also extended to everyone who has assisted in reviewing these patches.
Cheers, Kevin
[1] https://git.morello-project.org/morello/kernel/linux/-/commits/morello-relea... [2] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-ca... [3] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-ca... [4] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-ca... [5] https://git.morello-project.org/morello/kernel/linux/-/tree/morello-release-... [6] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/... [7] https://lore.kernel.org/linux-fsdevel/20230414152459.816046-1-Luca.Vizzarro@...
linux-morello@op-lists.linaro.org
-
Kevin Brodsky