diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-06-14 08:42:30 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-06-14 08:42:30 +0200 |
commit | 7199291fad50560ffac12bf2bc8021dc2174b5b5 (patch) | |
tree | 685745f2f44e31ce065cfe1f54e3f7723d1a6eea | |
parent | 2d2c20eaab13c0c024fc339d042b1f043d6230af (diff) | |
parent | 5f1fb0c45acc2e69b8b69ad0024294768709e4c4 (diff) | |
download | kernel-7199291fad50560ffac12bf2bc8021dc2174b5b5.tar.gz kernel-7199291fad50560ffac12bf2bc8021dc2174b5b5.tar.xz kernel-7199291fad50560ffac12bf2bc8021dc2174b5b5.zip |
Merge remote-tracking branch 'origin/master' into rawhide-user-thl-vanilla-fedorakernel-4.18.0-0.rc0.git8.1.vanilla.knurd.1.fc29kernel-4.18.0-0.rc0.git8.1.vanilla.knurd.1.fc28kernel-4.18.0-0.rc0.git8.1.vanilla.knurd.1.fc27
-rw-r--r-- | 0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch | 33 | ||||
-rw-r--r-- | configs/fedora/generic/CONFIG_DM_WRITECACHE | 1 | ||||
-rw-r--r-- | efi-lockdown.patch | 6 | ||||
-rw-r--r-- | gitrev | 2 | ||||
-rw-r--r-- | kernel-aarch64-debug.config | 1 | ||||
-rw-r--r-- | kernel-aarch64.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl-debug.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl-lpae-debug.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl-lpae.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl.config | 1 | ||||
-rw-r--r-- | kernel-i686-PAE.config | 1 | ||||
-rw-r--r-- | kernel-i686-PAEdebug.config | 1 | ||||
-rw-r--r-- | kernel-i686-debug.config | 1 | ||||
-rw-r--r-- | kernel-i686.config | 1 | ||||
-rw-r--r-- | kernel-ppc64-debug.config | 1 | ||||
-rw-r--r-- | kernel-ppc64.config | 1 | ||||
-rw-r--r-- | kernel-ppc64le-debug.config | 1 | ||||
-rw-r--r-- | kernel-ppc64le.config | 1 | ||||
-rw-r--r-- | kernel-s390x-debug.config | 1 | ||||
-rw-r--r-- | kernel-s390x.config | 1 | ||||
-rw-r--r-- | kernel-x86_64-debug.config | 1 | ||||
-rw-r--r-- | kernel-x86_64.config | 1 | ||||
-rw-r--r-- | kernel.spec | 12 | ||||
-rw-r--r-- | kexec-bzimage-verify-pe-signature-fix.patch | 34 | ||||
-rw-r--r-- | sources | 2 |
25 files changed, 67 insertions, 41 deletions
diff --git a/0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch b/0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch deleted file mode 100644 index 7297c8bff..000000000 --- a/0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 9c625d3a4eb215369b10b075b2006f9c3035c93f Mon Sep 17 00:00:00 2001 -From: Laura Abbott <labbott@redhat.com> -Date: Tue, 12 Jun 2018 08:48:18 -0700 -Subject: [PATCH] Revert "debugfs: inode: debugfs_create_dir uses mode - permission from parent" - -This reverts commit 95cde3c59966f6371b6bcd9e4e2da2ba64ee9775. - -A custom revert due to secure boot lockdown conflicts. - -Signed-off-by: Laura Abbott <labbott@redhat.com> ---- - fs/debugfs/inode.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index e392ca19bdd4..4daec17b8215 100644 ---- a/fs/debugfs/inode.c -+++ b/fs/debugfs/inode.c -@@ -538,9 +538,7 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) - if (unlikely(!inode)) - return failed_creating(dentry); - -- if (!parent) -- parent = debugfs_mount->mnt_root; -- inode->i_mode = S_IFDIR | ((d_inode(parent)->i_mode & 0770)); -+ inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; - inode->i_op = &debugfs_dir_inode_operations; - inode->i_fop = &simple_dir_operations; - --- -2.17.0 - diff --git a/configs/fedora/generic/CONFIG_DM_WRITECACHE b/configs/fedora/generic/CONFIG_DM_WRITECACHE new file mode 100644 index 000000000..fddeed5b0 --- /dev/null +++ b/configs/fedora/generic/CONFIG_DM_WRITECACHE @@ -0,0 +1 @@ +# CONFIG_DM_WRITECACHE is not set diff --git a/efi-lockdown.patch b/efi-lockdown.patch index cee6ec7f5..a12721802 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1737,9 +1737,9 @@ index 13b01351dd1c..4daec17b8215 100644 dentry->d_fsdata = (void *)((unsigned long)real_fops | DEBUGFS_FSDATA_IS_REAL_FOPS_BIT); @@ -515,7 +541,7 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) - if (!parent) - parent = debugfs_mount->mnt_root; - inode->i_mode = S_IFDIR | ((d_inode(parent)->i_mode & 0770)); + return failed_creating(dentry); + + inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; - inode->i_op = &simple_dir_inode_operations; + inode->i_op = &debugfs_dir_inode_operations; inode->i_fop = &simple_dir_operations; @@ -1 +1 @@ -8efcf34a263965e471e3999904f94d1f6799d42a +be779f03d563981c65cc7417cc5e0dbbc5b89d30 diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index ffbd66421..adace21bd 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -1356,6 +1356,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-aarch64.config b/kernel-aarch64.config index 25c8d1649..abe46bac5 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -1346,6 +1346,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index f34e9c1e5..a5c52f219 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -1413,6 +1413,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index c81fc9623..c91840295 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -1357,6 +1357,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 135d6d35b..75f9f67f5 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -1347,6 +1347,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 0bfdb8c8b..63d361ba6 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -1403,6 +1403,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index d669d910c..b52536412 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -1181,6 +1181,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index d6ff03e68..81d602b42 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -1194,6 +1194,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index f98911f1d..9bdef8840 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -1194,6 +1194,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-i686.config b/kernel-i686.config index d7f3bd510..f58803618 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -1181,6 +1181,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index e4108e807..4c74f4063 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -1161,6 +1161,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-ppc64.config b/kernel-ppc64.config index 380293563..7c49fe715 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -1148,6 +1148,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index bc918aa5c..3734c0915 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1116,6 +1116,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index fc2b38444..e260709c8 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1103,6 +1103,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index 69b449fa5..c01f7229f 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1116,6 +1116,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m # CONFIG_DNET is not set diff --git a/kernel-s390x.config b/kernel-s390x.config index d4474b15d..e608451bf 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1103,6 +1103,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m # CONFIG_DNET is not set diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 4e9040041..cc27a1df6 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -1241,6 +1241,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index b72351703..54372cd10 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -1228,6 +1228,7 @@ CONFIG_DM_UEVENT=y CONFIG_DM_UNSTRIPED=m CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY=m +# CONFIG_DM_WRITECACHE is not set CONFIG_DM_ZERO=y CONFIG_DM_ZONED=m CONFIG_DNET=m diff --git a/kernel.spec b/kernel.spec index d56797d16..366cf0e15 100644 --- a/kernel.spec +++ b/kernel.spec @@ -77,7 +77,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 0 # The git snapshot level -%define gitrev 7 +%define gitrev 8 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -618,8 +618,8 @@ Patch501: Fix-for-module-sig-verification.patch # rhbz 1431375 Patch502: input-rmi4-remove-the-need-for-artifical-IRQ.patch -# rhbz 1589855 -Patch503: 0001-Revert-debugfs-inode-debugfs_create_dir-uses-mode-pe.patch +# rhbz 1470995 +Patch504: kexec-bzimage-verify-pe-signature-fix.patch # END OF PATCH DEFINITIONS @@ -1859,6 +1859,12 @@ fi # # %changelog +* Wed Jun 13 2018 Laura Abbott <labbott@redhat.com> - 4.18.0-0.rc0.git8.1 +- Linux v4.17-11782-gbe779f03d563 + +* Wed Jun 13 2018 Jeremy Cline <jeremy@jcline.org> +- Fix kexec_file_load pefile signature verification (rhbz 1470995) + * Tue Jun 12 2018 Laura Abbott <labbott@redhat.com> - 4.18.0-0.rc0.git7.1 - Linux v4.17-11346-g8efcf34a2639 diff --git a/kexec-bzimage-verify-pe-signature-fix.patch b/kexec-bzimage-verify-pe-signature-fix.patch new file mode 100644 index 000000000..6c8a51b95 --- /dev/null +++ b/kexec-bzimage-verify-pe-signature-fix.patch @@ -0,0 +1,34 @@ +From: Dave Young <dyoung@redhat.com> + +Fix kexec_file_load pefile signature verification + +Similar with Fix-for-module-sig-verification.patch, kexec_file syscall also +need pass 1UL to verify_pefile_signature so that secondary keys can be used. + +Fedora bug +https://bugzilla.redhat.com/show_bug.cgi?id=1470995 + +Latest upstream effort is below: +https://www.spinics.net/lists/kernel/msg2825184.html + +Ideally this need an upstream fix, but since nobody response we can workaround +it like the module code did. + +Signed-off-by: Dave Young <dyoung@redhat.com> +--- + arch/x86/kernel/kexec-bzimage64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-x86.orig/arch/x86/kernel/kexec-bzimage64.c ++++ linux-x86/arch/x86/kernel/kexec-bzimage64.c +@@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loade + static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) + { + return verify_pefile_signature(kernel, kernel_len, +- NULL, ++ (void *)1UL, + VERIFYING_KEXEC_PE_SIGNATURE); + } + #endif +-- +2.17.0 @@ -1,2 +1,2 @@ SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db -SHA512 (patch-4.17-git7.xz) = 5f191dfe18e0de3433aec757a994d768ce67e2661c15feb06ddf64bbe0074436ddf6c21354b95c7eebd725dc8b5bfe82555212a431a937909d55d2afd122757e +SHA512 (patch-4.17-git8.xz) = 6e8f3ee0536d5c4250b7709a7c67f918721da75f7afbbf205c5af5a33bd350f0ad95e0a30d5a06f852e381dd13a89101344364463ee6c1004c308acdb6cf0329 |