diff options
author | Jeremy Cline <jcline@redhat.com> | 2019-11-04 11:12:42 -0500 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2019-11-04 11:18:33 -0500 |
commit | 5fe065b6c0e7dce82e4a85fedf5513d2d9970a41 (patch) | |
tree | ed3642d59a508a7d5f13c7c7372f5bc6ef5902c3 | |
parent | 32fe916e9be64984d89982b8cd9bb19c0c51f8aa (diff) | |
download | kernel-5fe065b6c0e7dce82e4a85fedf5513d2d9970a41.tar.gz kernel-5fe065b6c0e7dce82e4a85fedf5513d2d9970a41.tar.xz kernel-5fe065b6c0e7dce82e4a85fedf5513d2d9970a41.zip |
Linux v5.4-rc6
-rw-r--r-- | efi-efi_test-lock-down-dev-efi_test-and-require-CAP_.patch | 87 | ||||
-rw-r--r-- | efi-libstub-arm-account-for-firmware-reserved-memory-at-the-base-of-RAM.patch | 216 | ||||
-rw-r--r-- | kernel.spec | 16 | ||||
-rw-r--r-- | sources | 3 |
4 files changed, 7 insertions, 315 deletions
diff --git a/efi-efi_test-lock-down-dev-efi_test-and-require-CAP_.patch b/efi-efi_test-lock-down-dev-efi_test-and-require-CAP_.patch deleted file mode 100644 index 61a52c6fd..000000000 --- a/efi-efi_test-lock-down-dev-efi_test-and-require-CAP_.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Javier Martinez Canillas <javierm@redhat.com> -Subject: [PATCH v2] efi/efi_test: lock down /dev/efi_test and require - CAP_SYS_ADMIN -Date: Tue, 8 Oct 2019 12:55:10 +0200 - -The driver exposes EFI runtime services to user-space through an IOCTL -interface, calling the EFI services function pointers directly without -using the efivar API. - -Disallow access to the /dev/efi_test character device when the kernel is -locked down to prevent arbitrary user-space to call EFI runtime services. - -Also require CAP_SYS_ADMIN to open the chardev to prevent unprivileged -users to call the EFI runtime services, instead of just relying on the -chardev file mode bits for this. - -The main user of this driver is the fwts [0] tool that already checks if -the effective user ID is 0 and fails otherwise. So this change shouldn't -cause any regression to this tool. - -[0]: https://wiki.ubuntu.com/FirmwareTestSuite/Reference/uefivarinfo - -Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> -Acked-by: Laszlo Ersek <lersek@redhat.com> -Acked-by: Matthew Garrett <mjg59@google.com> ---- - -Changes in v2: -- Also disable /dev/efi_test access when the kernel is locked down as - suggested by Matthew Garrett. -- Add Acked-by tag from Laszlo Ersek. - - drivers/firmware/efi/test/efi_test.c | 8 ++++++++ - include/linux/security.h | 1 + - security/lockdown/lockdown.c | 1 + - 3 files changed, 10 insertions(+) - -diff --git a/drivers/firmware/efi/test/efi_test.c b/drivers/firmware/efi/test/efi_test.c -index 877745c3aaf..7baf48c01e7 100644 ---- a/drivers/firmware/efi/test/efi_test.c -+++ b/drivers/firmware/efi/test/efi_test.c -@@ -14,6 +14,7 @@ - #include <linux/init.h> - #include <linux/proc_fs.h> - #include <linux/efi.h> -+#include <linux/security.h> - #include <linux/slab.h> - #include <linux/uaccess.h> - -@@ -717,6 +718,13 @@ static long efi_test_ioctl(struct file *file, unsigned int cmd, - - static int efi_test_open(struct inode *inode, struct file *file) - { -+ int ret = security_locked_down(LOCKDOWN_EFI_TEST); -+ -+ if (ret) -+ return ret; -+ -+ if (!capable(CAP_SYS_ADMIN)) -+ return -EACCES; - /* - * nothing special to do here - * We do accept multiple open files at the same time as we -diff --git a/include/linux/security.h b/include/linux/security.h -index a8d59d612d2..9df7547afc0 100644 ---- a/include/linux/security.h -+++ b/include/linux/security.h -@@ -105,6 +105,7 @@ enum lockdown_reason { - LOCKDOWN_NONE, - LOCKDOWN_MODULE_SIGNATURE, - LOCKDOWN_DEV_MEM, -+ LOCKDOWN_EFI_TEST, - LOCKDOWN_KEXEC, - LOCKDOWN_HIBERNATION, - LOCKDOWN_PCI_ACCESS, -diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c -index 8a10b43daf7..40b790536de 100644 ---- a/security/lockdown/lockdown.c -+++ b/security/lockdown/lockdown.c -@@ -20,6 +20,7 @@ static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { - [LOCKDOWN_NONE] = "none", - [LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading", - [LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port", -+ [LOCKDOWN_EFI_TEST] = "/dev/efi_test access", - [LOCKDOWN_KEXEC] = "kexec of unsigned images", - [LOCKDOWN_HIBERNATION] = "hibernation", - [LOCKDOWN_PCI_ACCESS] = "direct PCI access", diff --git a/efi-libstub-arm-account-for-firmware-reserved-memory-at-the-base-of-RAM.patch b/efi-libstub-arm-account-for-firmware-reserved-memory-at-the-base-of-RAM.patch deleted file mode 100644 index 47bccc262..000000000 --- a/efi-libstub-arm-account-for-firmware-reserved-memory-at-the-base-of-RAM.patch +++ /dev/null @@ -1,216 +0,0 @@ -From patchwork Mon Oct 14 16:33:09 2019 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org> -X-Patchwork-Id: 11189097 -Return-Path: - <SRS0=bNJh=YH=lists.infradead.org=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@kernel.org> -Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org - [172.30.200.123]) - by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E1AD11390 - for <patchwork-linux-arm@patchwork.kernel.org>; - Mon, 14 Oct 2019 16:33:28 +0000 (UTC) -Received: from bombadil.infradead.org (bombadil.infradead.org - [198.137.202.133]) - (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) - (No client certificate requested) - by mail.kernel.org (Postfix) with ESMTPS id BF9BE217D9 - for <patchwork-linux-arm@patchwork.kernel.org>; - Mon, 14 Oct 2019 16:33:28 +0000 (UTC) -Authentication-Results: mail.kernel.org; - dkim=pass (2048-bit key) header.d=lists.infradead.org - header.i=@lists.infradead.org header.b="AWaZtE0p"; - dkim=fail reason="signature verification failed" (2048-bit key) - header.d=linaro.org header.i=@linaro.org header.b="THTDXG/3" -DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BF9BE217D9 -Authentication-Results: mail.kernel.org; - dmarc=fail (p=none dis=none) header.from=linaro.org -Authentication-Results: mail.kernel.org; - spf=none - smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org -DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; - d=lists.infradead.org; s=bombadil.20170209; h=Sender: - Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: - List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To - :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: - Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: - List-Owner; bh=bFVBLmSAI67EKVRVJ976rFVJhb17XzlF5Frmxpt4Q24=; b=AWaZtE0prtFAKn - TzXV3jyYung5GM46YpbdIYSXq5utN5mbiOzHoadisQSsfKUn1h5/wpF7esUHXwHaDS5FWUUp5g6F+ - P0rKmQjVgWN+jVD7Kk7RvmJewoFKWvlUzoG5+Lfin8NLSHMwNg+v2Z+sUayE+SylST1LP8jkK8B7e - QiOi647qxPv6IW25Zucu4D+N8DXmh+t6DjJXZ2W1LznbCD0PIPjTpcen0dntkHUYL0FHya3ghdrC3 - ejo+MjvSDlrs4LgP5ER56hiSeucu58WMLefoUS3oSEYirB+9zt3Qk2Ppxv6k2GY/NBkLjw9jT76kg - OIZj83Gck17z+l7+NVmQ==; -Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) - by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) - id 1iK3Hk-0001ZP-CS; Mon, 14 Oct 2019 16:33:28 +0000 -Received: from mail-wm1-x341.google.com ([2a00:1450:4864:20::341]) - by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) - id 1iK3Hf-0001Tp-Mo - for linux-arm-kernel@lists.infradead.org; Mon, 14 Oct 2019 16:33:26 +0000 -Received: by mail-wm1-x341.google.com with SMTP id y135so386665wmc.1 - for <linux-arm-kernel@lists.infradead.org>; - Mon, 14 Oct 2019 09:33:23 -0700 (PDT) -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; - h=from:to:cc:subject:date:message-id:mime-version - :content-transfer-encoding; - bh=yuEdphuMWOUGDahWSE97oqgmOlObKgpyvQgzFU8TRQU=; - b=THTDXG/3mOeZtb6dOK6qrH1eQvV7z52+jijnE+ULOhMbPReKZiIPTLCR3+W7HnWIkL - RFmtL80kGqOr/FynSqFtzLiwv4TaClqwXnVtULNnpITi/cHhy+AnvWVfQCDZ1THjSHSh - pduFTV40hbsfQR4K3wm6K4LGLOnaAkS193JT28eOdR7oOcCjbZSKoQKTYCquWrAWTeIo - oQAUnFNuy4gdBy+94VmzR0AdgNrDXTc5KPDYLaOTSBxZUJQ8+7pDFhxOxm06B6gNgPEp - fzYcPcRV2R9hc6PtL8jxMKRNQ3PcJnas8KU2DsmaK/FJZxgtzXs97TaHydGKq33TYgst - Mpow== -X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; - d=1e100.net; s=20161025; - h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version - :content-transfer-encoding; - bh=yuEdphuMWOUGDahWSE97oqgmOlObKgpyvQgzFU8TRQU=; - b=PJHaADcio6H7WwVXfMpYGT2fr/FMtU5GUUbNeD+td9rfpid6nfbHrh2TCAQtpxAMaS - B63nd+HNchQoPhWWHWMMx8gbY9KwOKzc5/FO5wqeDo5gbpI/eWidH+ieGLaxozX/Aqku - BLTdsnGMIB+FxmFCmtaY1y9wuqdVmS/4RiobjBycBZmXBYOYxZc3I81zM1u+nBjRKsNZ - h2D/gN8sjkRbT4f5kU/xpHbh+8CbpVp4ze5cpKOf35Iwf+ASNw/l53NHft0Y41ehG2NA - YFsdBpquso+CNhTGqN5VOBlpGdMFRJ4SIseygRQbXVT4KEeZBP60so7Ed8MwxoXmG6sw - gM5w== -X-Gm-Message-State: APjAAAUc9u8vjoe8La6L5Z/DMvnvVKz828SBRtfClkhDufJCaEZaQ1S9 - nO3+g66C+iOliANLi0dTY/L7SkabogZiQQ== -X-Google-Smtp-Source: - APXvYqz0XzN3uY3m31zQi76ZEDZQMtYggJ6COqe0WCePJ5GuE+rYLNtFHVBakYmvlBvQjlPYRU+lrg== -X-Received: by 2002:a1c:a516:: with SMTP id - o22mr16781400wme.116.1571070801893; - Mon, 14 Oct 2019 09:33:21 -0700 (PDT) -Received: from localhost.localdomain - (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) - by smtp.gmail.com with ESMTPSA id o70sm25785240wme.29.2019.10.14.09.33.20 - (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); - Mon, 14 Oct 2019 09:33:21 -0700 (PDT) -From: Ard Biesheuvel <ard.biesheuvel@linaro.org> -To: linux-arm-kernel@lists.infradead.org -Subject: [PATCH] efi: libstub/arm: account for firmware reserved memory at the - base of RAM -Date: Mon, 14 Oct 2019 18:33:09 +0200 -Message-Id: <20191014163309.2860-1-ard.biesheuvel@linaro.org> -X-Mailer: git-send-email 2.20.1 -MIME-Version: 1.0 -X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 -X-CRM114-CacheID: sfid-20191014_093323_781941_B57BEE97 -X-CRM114-Status: GOOD ( 13.99 ) -X-Spam-Score: -0.2 (/) -X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: - Content analysis details: (-0.2 points) - pts rule name description - ---- ---------------------- - -------------------------------------------------- - -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, - no trust [2a00:1450:4864:20:0:0:0:341 listed in] - [list.dnswl.org] - 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record - -0.0 SPF_PASS SPF: sender matches SPF record - -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from - author's domain - 0.1 DKIM_SIGNED Message has a DKIM or DK signature, - not necessarily - valid - -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from - envelope-from domain - -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -X-BeenThere: linux-arm-kernel@lists.infradead.org -X-Mailman-Version: 2.1.29 -Precedence: list -List-Id: <linux-arm-kernel.lists.infradead.org> -List-Unsubscribe: - <http://lists.infradead.org/mailman/options/linux-arm-kernel>, - <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe> -List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/> -List-Post: <mailto:linux-arm-kernel@lists.infradead.org> -List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help> -List-Subscribe: - <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, - <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe> -Cc: Chester Lin <clin@suse.com>, Guillaume Gardet <Guillaume.Gardet@arm.com>, - linux-efi@vger.kernel.org, Ard Biesheuvel <ard.biesheuvel@linaro.org> -Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> -Errors-To: - linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org - -The EFI stubloader for ARM starts out by allocating a 32 MB window -at the base of RAM, in order to ensure that the decompressor (which -blindly copies the uncompressed kernel into that window) does not -overwrite other allocations that are made while running in the context -of the EFI firmware. - -In some cases, (e.g., U-Boot running on the Raspberry Pi 2), this is -causing boot failures because this initial allocation conflicts with -a page of reserved memory at the base of RAM that contains the SMP spin -tables and other pieces of firmware data and which was put there by -the bootloader under the assumption that the TEXT_OFFSET window right -below the kernel is only used partially during early boot, and will be -left alone once the memory reservations are processed and taken into -account. - -So let's permit reserved memory regions to exist in the region starting -at the base of RAM, and ending at TEXT_OFFSET - 5 * PAGE_SIZE, which is -the window below the kernel that is not touched by the early boot code. - -Cc: Guillaume Gardet <Guillaume.Gardet@arm.com> -Cc: Chester Lin <clin@suse.com> -Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> ---- - drivers/firmware/efi/libstub/Makefile | 1 + - drivers/firmware/efi/libstub/arm32-stub.c | 16 +++++++++++++--- - 2 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile -index 0460c7581220..ee0661ddb25b 100644 ---- a/drivers/firmware/efi/libstub/Makefile -+++ b/drivers/firmware/efi/libstub/Makefile -@@ -52,6 +52,7 @@ lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o random.o \ - - lib-$(CONFIG_ARM) += arm32-stub.o - lib-$(CONFIG_ARM64) += arm64-stub.o -+CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) - CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) - - # -diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm32-stub.c -index e8f7aefb6813..47aafeff3e01 100644 ---- a/drivers/firmware/efi/libstub/arm32-stub.c -+++ b/drivers/firmware/efi/libstub/arm32-stub.c -@@ -195,6 +195,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table, - unsigned long dram_base, - efi_loaded_image_t *image) - { -+ unsigned long kernel_base; - efi_status_t status; - - /* -@@ -204,9 +205,18 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table, - * loaded. These assumptions are made by the decompressor, - * before any memory map is available. - */ -- dram_base = round_up(dram_base, SZ_128M); -+ kernel_base = round_up(dram_base, SZ_128M); - -- status = reserve_kernel_base(sys_table, dram_base, reserve_addr, -+ /* -+ * Note that some platforms (notably, the Raspberry Pi 2) put -+ * spin-tables and other pieces of firmware at the base of RAM, -+ * abusing the fact that the window of TEXT_OFFSET bytes at the -+ * base of the kernel image is only partially used at the moment. -+ * (Up to 5 pages are used for the swapper page table) -+ */ -+ kernel_base += TEXT_OFFSET - 5 * PAGE_SIZE; -+ -+ status = reserve_kernel_base(sys_table, kernel_base, reserve_addr, - reserve_size); - if (status != EFI_SUCCESS) { - pr_efi_err(sys_table, "Unable to allocate memory for uncompressed kernel.\n"); -@@ -220,7 +230,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table, - *image_size = image->image_size; - status = efi_relocate_kernel(sys_table, image_addr, *image_size, - *image_size, -- dram_base + MAX_UNCOMP_KERNEL_SIZE, 0); -+ kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0); - if (status != EFI_SUCCESS) { - pr_efi_err(sys_table, "Failed to relocate kernel.\n"); - efi_free(sys_table, *reserve_size, *reserve_addr); diff --git a/kernel.spec b/kernel.spec index 397001d79..407167f8f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -73,7 +73,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 3 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -98,9 +98,9 @@ Summary: The Linux kernel # The next upstream release sublevel (base_sublevel+1) %define upstream_sublevel %(echo $((%{base_sublevel} + 1))) # The rc snapshot level -%global rcrev 5 +%global rcrev 6 # The git snapshot level -%define gitrev 1 +%define gitrev 0 # Set rpm version accordingly %define rpmversion 5.%{upstream_sublevel}.0 %endif @@ -666,10 +666,6 @@ Patch204: efi-secureboot.patch Patch205: lift-lockdown-sysrq.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1759325 -# Submitted upstream at https://lore.kernel.org/patchwork/patch/1136967/ -Patch206: efi-efi_test-lock-down-dev-efi_test-and-require-CAP_.patch - # 300 - ARM patches Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch @@ -696,9 +692,6 @@ Patch324: arm64-tegra186-enable-USB-on-Jetson-TX2.patch # https://patchwork.kernel.org/patch/11224177/ Patch325: arm64-usb-host-xhci-tegra-set-MODULE_FIRMWARE-for-tegra186.patch -# https://www.spinics.net/lists/arm-kernel/msg761152.html -Patch342: efi-libstub-arm-account-for-firmware-reserved-memory-at-the-base-of-RAM.patch - # 400 - IBM (ppc/s390x) patches # 500 - Temp fixes/CVEs etc @@ -2420,6 +2413,9 @@ fi # # %changelog +* Mon Nov 04 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-0.rc6.git0.1 +- Linux v5.4-rc6 + * Mon Nov 04 2019 Jeremy Cline <jcline@redhat.com> - Disable debugging options. @@ -1,3 +1,2 @@ SHA512 (linux-5.3.tar.xz) = 6b5edef47c319a3fa7f6c20a3e0903a5acd89ec75e32dc5f99adcb60c9fe118ea312722d9c3d27e2e3900afa2455afb86e83a8b6bb131009bc79ddbe6fb0595d -SHA512 (patch-5.4-rc5.xz) = 4cfdbd263b243490e9aec0f320a6ecf5d1706ed0e92129c3a107fa25fc32536e7e016086d7271196c21be39cd7cde3c4f57413eed4a07ffe28355856af500c14 -SHA512 (patch-5.4-rc5-git1.xz) = 56dbcc36eb07d37871a0a3ad59c88061a01b2e26f81bd0686e90c908684c66460a73bf1fcca866829c8d14b75a78de44e5d639d504a129db8ce8cac6d7c823cd +SHA512 (patch-5.4-rc6.xz) = 6322ec5b2e5de13fe05abf031dea7274230c3ce77cf93f631dc504eb779f10c6658e8df083a9e96f6eca6f0bf4974bc9b4103d1399eee32c7dedadbab0692d7b |