summaryrefslogtreecommitdiffstats
path: root/patch-5.13.0-redhat.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patch-5.13.0-redhat.patch')
-rw-r--r--patch-5.13.0-redhat.patch43
1 files changed, 29 insertions, 14 deletions
diff --git a/patch-5.13.0-redhat.patch b/patch-5.13.0-redhat.patch
index 3d3d7908c..24f398a19 100644
--- a/patch-5.13.0-redhat.patch
+++ b/patch-5.13.0-redhat.patch
@@ -1,5 +1,5 @@
Documentation/admin-guide/kdump/kdump.rst | 11 +
- Documentation/admin-guide/kernel-parameters.txt | 8 +
+ Documentation/admin-guide/kernel-parameters.txt | 9 +
Kconfig | 2 +
Kconfig.redhat | 17 ++
Makefile | 13 +-
@@ -55,12 +55,13 @@
include/linux/rmi.h | 1 +
include/linux/security.h | 5 +
kernel/Makefile | 1 +
- kernel/bpf/syscall.c | 27 ++
+ kernel/bpf/syscall.c | 24 ++
kernel/crash_core.c | 28 +-
kernel/module.c | 2 +
kernel/module_signing.c | 9 +-
kernel/panic.c | 14 +
kernel/rh_taint.c | 93 +++++++
+ kernel/sysctl.c | 5 +
mm/cma.c | 10 +
scripts/mod/modpost.c | 8 +
scripts/tags.sh | 2 +
@@ -68,7 +69,7 @@
security/lockdown/Kconfig | 13 +
security/lockdown/lockdown.c | 1 +
security/security.c | 6 +
- 70 files changed, 1211 insertions(+), 188 deletions(-)
+ 71 files changed, 1214 insertions(+), 188 deletions(-)
diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst
index 75a9dd98e76e..3ff3291551f9 100644
@@ -93,20 +94,21 @@ index 75a9dd98e76e..3ff3291551f9 100644
Boot into System Kernel
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index cb89dbdedc46..3d033c0b69f9 100644
+index cb89dbdedc46..e4c7b7002d58 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -5764,6 +5764,14 @@
+@@ -5764,6 +5764,15 @@
unknown_nmi_panic
[X86] Cause panic on unknown NMI.
+ unprivileged_bpf_disabled=
-+ Format: { "0" | "1" }
++ Format: { "0" | "1" | "2" }
+ Sets the initial value of
+ kernel.unprivileged_bpf_disabled sysctl knob.
+ 0 - unprivileged bpf() syscall access is enabled.
-+ 1 - unprivileged bpf() syscall access is disabled.
-+ Default value is 1.
++ 1 - unprivileged bpf() syscall access is disabled permanently.
++ 2 - unprivileged bpf() syscall access is disabled.
++ Default value is 2.
+
usbcore.authorized_default=
[USB] Default USB device authorization:
@@ -2349,7 +2351,7 @@ index 4df609be42d0..4ef0c0f6a8f4 100644
obj-$(CONFIG_MODULES) += kmod.o
obj-$(CONFIG_MULTIUSER) += groups.o
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
-index ea04b0deb5ce..88925c1887b7 100644
+index ea04b0deb5ce..cb37c3f119cf 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -24,6 +24,7 @@
@@ -2360,13 +2362,10 @@ index ea04b0deb5ce..88925c1887b7 100644
#include <uapi/linux/btf.h>
#include <linux/pgtable.h>
#include <linux/bpf_lsm.h>
-@@ -50,6 +51,26 @@ static DEFINE_SPINLOCK(map_idr_lock);
+@@ -50,6 +51,23 @@ static DEFINE_SPINLOCK(map_idr_lock);
static DEFINE_IDR(link_idr);
static DEFINE_SPINLOCK(link_idr_lock);
-+/* RHEL-only: default to 1 */
-+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;
-+
+static int __init unprivileged_bpf_setup(char *str)
+{
+ unsigned long disabled;
@@ -2387,7 +2386,7 @@ index ea04b0deb5ce..88925c1887b7 100644
int sysctl_unprivileged_bpf_disabled __read_mostly =
IS_BUILTIN(CONFIG_BPF_UNPRIV_DEFAULT_OFF) ? 2 : 0;
-@@ -4369,11 +4390,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr)
+@@ -4369,11 +4387,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr)
SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size)
{
union bpf_attr attr;
@@ -2635,6 +2634,22 @@ index 000000000000..4050b6dead75
+ name ? name : "kernel");
+}
+EXPORT_SYMBOL(mark_driver_unsupported);
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index d4a78e08f6d8..cfb0ff48394d 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -241,6 +241,11 @@ static int bpf_unpriv_handler(struct ctl_table *table, int write,
+ if (write && !ret) {
+ if (locked_state && unpriv_enable != 1)
+ return -EPERM;
++ if (!unpriv_enable) {
++ pr_warn("Unprivileged BPF has been enabled, "
++ "tainting the kernel");
++ add_taint(TAINT_UNPRIVILEGED_BPF, LOCKDEP_STILL_OK);
++ }
+ *(int *)table->data = unpriv_enable;
+ }
+ return ret;
diff --git a/mm/cma.c b/mm/cma.c
index 995e15480937..588f7e7885cf 100644
--- a/mm/cma.c