diff options
Diffstat (limited to 'patch-5.19-redhat.patch')
| -rw-r--r-- | patch-5.19-redhat.patch | 125 |
1 files changed, 61 insertions, 64 deletions
diff --git a/patch-5.19-redhat.patch b/patch-5.19-redhat.patch index f104260a0..c51151298 100644 --- a/patch-5.19-redhat.patch +++ b/patch-5.19-redhat.patch @@ -17,7 +17,7 @@ drivers/ata/libahci.c | 18 + drivers/char/ipmi/ipmi_dmi.c | 15 + drivers/char/ipmi/ipmi_msghandler.c | 16 +- - drivers/char/random.c | 117 +++++ + drivers/char/random.c | 113 +++++ drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/efi.c | 124 +++-- drivers/firmware/efi/secureboot.c | 38 ++ @@ -50,7 +50,7 @@ include/linux/module.h | 1 + include/linux/panic.h | 19 +- include/linux/pci.h | 16 + - include/linux/random.h | 7 + + include/linux/random.h | 8 + include/linux/rh_kabi.h | 515 +++++++++++++++++++++ include/linux/rmi.h | 1 + include/linux/security.h | 5 + @@ -68,13 +68,13 @@ security/lockdown/Kconfig | 13 + security/lockdown/lockdown.c | 1 + security/security.c | 6 + - 70 files changed, 1740 insertions(+), 188 deletions(-) + 70 files changed, 1737 insertions(+), 188 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 9336d98fc670..1d5b55831eab 100644 +index 2d67cdfbf9c9..58db5556bebf 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -6206,6 +6206,15 @@ +@@ -6218,6 +6218,15 @@ unknown_nmi_panic [X86] Cause panic on unknown NMI. @@ -124,7 +124,7 @@ index 000000000000..effb81d04bfd + +endmenu diff --git a/Makefile b/Makefile -index 7d5b0bfe7960..f177a46bcf21 100644 +index bbcd3abf2f4d..a81e9800d70d 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -138,7 +138,7 @@ index 7d5b0bfe7960..f177a46bcf21 100644 # We are using a recursive build, so we need to do a little thinking # to get the ordering right. # -@@ -1238,7 +1242,13 @@ define filechk_version.h +@@ -1239,7 +1243,13 @@ define filechk_version.h ((c) > 255 ? 255 : (c)))'; \ echo \#define LINUX_VERSION_MAJOR $(VERSION); \ echo \#define LINUX_VERSION_PATCHLEVEL $(PATCHLEVEL); \ @@ -614,7 +614,7 @@ index bbf7029e224b..cf7faa970dd6 100644 dmi_decode_ipmi((const struct dmi_header *) dev->device_data); diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index f1827257ef0e..5a45c2cd3dc2 100644 +index 703433493c85..6b1b102b9b7d 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -35,6 +35,7 @@ @@ -625,7 +625,7 @@ index f1827257ef0e..5a45c2cd3dc2 100644 #include <linux/delay.h> #define IPMI_DRIVER_VERSION "39.2" -@@ -5427,8 +5428,21 @@ static int __init ipmi_init_msghandler_mod(void) +@@ -5516,8 +5517,21 @@ static int __init ipmi_init_msghandler_mod(void) { int rv; @@ -649,19 +649,19 @@ index f1827257ef0e..5a45c2cd3dc2 100644 rv = ipmi_register_driver(); mutex_unlock(&ipmi_interfaces_mutex); diff --git a/drivers/char/random.c b/drivers/char/random.c -index 4c9adb4f3d5d..7d1ac2256012 100644 +index b691b9d59503..5d7a1fdf1edd 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -53,6 +53,7 @@ - #include <linux/completion.h> - #include <linux/uuid.h> #include <linux/uaccess.h> + #include <linux/suspend.h> + #include <linux/siphash.h> +#include <linux/rcupdate.h> #include <crypto/chacha.h> #include <crypto/blake2s.h> #include <asm/processor.h> -@@ -366,6 +367,11 @@ static bool crng_has_old_seed(void) - return time_after(jiffies, READ_ONCE(base_crng.birth) + interval); +@@ -281,6 +282,11 @@ static bool crng_has_old_seed(void) + return time_is_before_jiffies(READ_ONCE(base_crng.birth) + interval); } +/* @@ -672,8 +672,8 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 /* * This function returns a ChaCha state that you may use for generating * random data. It also returns up to 32 bytes on its own of random data -@@ -756,6 +762,9 @@ size_t __must_check get_random_bytes_arch(void *buf, size_t nbytes) - EXPORT_SYMBOL(get_random_bytes_arch); +@@ -669,6 +675,9 @@ static void __cold _credit_init_bits(size_t bits) + } +static const struct file_operations extrng_random_fops; @@ -681,8 +681,8 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + /********************************************************************** * - * Entropy accumulation and extraction routines. -@@ -1184,6 +1193,19 @@ void add_bootloader_randomness(const void *buf, size_t size) + * Entropy collection routines. +@@ -873,6 +882,19 @@ void __cold add_bootloader_randomness(const void *buf, size_t len) } EXPORT_SYMBOL_GPL(add_bootloader_randomness); @@ -702,18 +702,17 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 #if IS_ENABLED(CONFIG_VMGENID) static BLOCKING_NOTIFIER_HEAD(vmfork_chain); -@@ -1466,6 +1488,8 @@ static void try_to_generate_entropy(void) - SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int, - flags) - { +@@ -1243,6 +1265,7 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags + struct iov_iter iter; + struct iovec iov; + int ret; + const struct random_extrng *rng; -+ + if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE)) return -EINVAL; - -@@ -1479,6 +1503,21 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int, - if (count > INT_MAX) - count = INT_MAX; +@@ -1254,6 +1277,18 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags + if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM)) + return -EINVAL; + rcu_read_lock(); + rng = rcu_dereference(extrng); @@ -722,19 +721,16 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + rcu_read_unlock(); + + if (rng) { -+ int ret; -+ + ret = rng->extrng_read(buf, count); + module_put(rng->owner); + return ret; + } + -+ - if (!(flags & GRND_INSECURE) && !crng_ready()) { - int ret; - -@@ -1505,6 +1544,12 @@ static __poll_t random_poll(struct file *file, poll_table *wait) - return mask; + if (!crng_ready() && !(flags & GRND_INSECURE)) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; +@@ -1274,6 +1309,12 @@ static __poll_t random_poll(struct file *file, poll_table *wait) + return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; } +static __poll_t extrng_poll(struct file *file, poll_table * wait) @@ -743,10 +739,10 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + return EPOLLIN | EPOLLRDNORM; +} + - static int write_pool(const char __user *ubuf, size_t count) + static ssize_t write_pool_user(struct iov_iter *iter) { - size_t len; -@@ -1638,7 +1683,58 @@ static int random_fasync(int fd, struct file *filp, int on) + u8 block[BLAKE2S_BLOCK_SIZE]; +@@ -1410,7 +1451,58 @@ static int random_fasync(int fd, struct file *filp, int on) return fasync_helper(fd, filp, on, &fasync); } @@ -802,19 +798,19 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + const struct file_operations random_fops = { + .open = random_open, - .read = random_read, - .write = random_write, + .read_iter = random_read_iter, + .write_iter = random_write_iter, .poll = random_poll, -@@ -1649,6 +1745,7 @@ const struct file_operations random_fops = { +@@ -1423,6 +1515,7 @@ const struct file_operations random_fops = { }; const struct file_operations urandom_fops = { + .open = urandom_open, - .read = urandom_read, - .write = random_write, + .read_iter = urandom_read_iter, + .write_iter = random_write_iter, .unlocked_ioctl = random_ioctl, -@@ -1657,6 +1754,26 @@ const struct file_operations urandom_fops = { - .llseek = noop_llseek, +@@ -1433,6 +1526,26 @@ const struct file_operations urandom_fops = { + .splice_write = iter_file_splice_write, }; +static const struct file_operations extrng_random_fops = { @@ -2176,7 +2172,7 @@ index fe6efb24d151..85b185391da7 100644 + #endif diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h -index db924fe379c9..1169d78af2de 100644 +index eafa1d2489fd..8a7165ea78d5 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -394,6 +394,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) @@ -2189,10 +2185,10 @@ index db924fe379c9..1169d78af2de 100644 #ifdef CONFIG_PERF_EVENTS LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h -index 419b5febc3ca..491323dfe4e0 100644 +index 91c8146649f5..42a73934404e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h -@@ -1549,6 +1549,12 @@ +@@ -1550,6 +1550,12 @@ * * @what: kernel feature being accessed * @@ -2275,7 +2271,7 @@ index 60adf42460ab..a3f0f828a346 100644 int pass); diff --git a/include/linux/random.h b/include/linux/random.h -index f673fbb838b3..78feae818cc7 100644 +index fae0c84027fd..c36b7c412de2 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -10,6 +10,11 @@ @@ -2289,16 +2285,17 @@ index f673fbb838b3..78feae818cc7 100644 + struct notifier_block; - extern void add_device_randomness(const void *, size_t); -@@ -46,6 +51,8 @@ extern bool rng_is_initialized(void); - extern int register_random_ready_notifier(struct notifier_block *nb); - extern int unregister_random_ready_notifier(struct notifier_block *nb); - extern size_t __must_check get_random_bytes_arch(void *buf, size_t nbytes); + void add_device_randomness(const void *buf, size_t len); +@@ -141,6 +146,9 @@ int random_prepare_cpu(unsigned int cpu); + int random_online_cpu(unsigned int cpu); + #endif + +void random_register_extrng(const struct random_extrng *rng); +void random_unregister_extrng(void); - ++ #ifndef MODULE extern const struct file_operations random_fops, urandom_fops; + #endif diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h new file mode 100644 index 000000000000..c7b42c1f1681 @@ -2833,10 +2830,10 @@ index ab7eea01ab42..fff7c5f737fc 100644 int rmi_register_transport_device(struct rmi_transport_dev *xport); diff --git a/include/linux/security.h b/include/linux/security.h -index 25b3ef71f495..d37a6c88c69f 100644 +index 7fc4e9f49f54..6f0b0b2dc73d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -471,6 +471,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); +@@ -473,6 +473,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); @@ -2844,7 +2841,7 @@ index 25b3ef71f495..d37a6c88c69f 100644 #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1347,6 +1348,10 @@ static inline int security_locked_down(enum lockdown_reason what) +@@ -1349,6 +1350,10 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } @@ -2958,7 +2955,7 @@ index 8723ae70ea1f..fb2d773498c2 100644 + return ret; } diff --git a/kernel/panic.c b/kernel/panic.c -index eb4dfb932c85..310c8958e081 100644 +index 8355b19676f8..b38cf9d013c8 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -404,6 +404,20 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { @@ -3260,10 +3257,10 @@ index 16d475b3e203..4e333f14b84e 100755 # Use make KBUILD_ABS_SRCTREE=1 {tags|cscope} # to force full paths for a non-O= build diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c -index 5f45c3c07dbd..86609ec63b86 100644 +index 093894a640dc..1c43a9462b4b 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c -@@ -47,7 +47,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, +@@ -73,7 +73,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, return NULL; if (*status != EFI_BUFFER_TOO_SMALL) { @@ -3273,7 +3270,7 @@ index 5f45c3c07dbd..86609ec63b86 100644 return NULL; } -@@ -58,7 +59,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, +@@ -84,7 +85,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, *status = efi.get_variable(name, guid, NULL, &lsize, db); if (*status != EFI_SUCCESS) { kfree(db); @@ -3320,10 +3317,10 @@ index 87cbdc64d272..18555cf18da7 100644 static int __init lockdown_lsm_init(void) diff --git a/security/security.c b/security/security.c -index b7cf5cbfdc67..3cde9062fcf6 100644 +index 188b8f782220..dab400de2335 100644 --- a/security/security.c +++ b/security/security.c -@@ -2623,6 +2623,12 @@ int security_locked_down(enum lockdown_reason what) +@@ -2617,6 +2617,12 @@ int security_locked_down(enum lockdown_reason what) } EXPORT_SYMBOL(security_locked_down); |