rpms/kernel
9
2
Fork 4
Code Issues Pull Requests Releases Activity

Linux v5.4-rc6

Browse Source
This commit is contained in:
Jeremy Cline 2019-11-04 11:12:42 -05:00
parent 32fe916e9b
commit 5fe065b6c0
4 changed files with 7 additions and 315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
efi-efi_test-lock-down-dev-efi_test-and-require-CAP_.patch
View File

@ -1,87 +0,0 @@
From: Javier Martinez Canillas <javierm@redhat.com>
Subject: [PATCH v2] efi/efi_test: lock down /dev/efi_test and require
CAP_SYS_ADMIN
Date: Tue, 8 Oct 2019 12:55:10 +0200
The driver exposes EFI runtime services to user-space through an IOCTL
interface, calling the EFI services function pointers directly without
using the efivar API.
Disallow access to the /dev/efi_test character device when the kernel is
locked down to prevent arbitrary user-space to call EFI runtime services.
Also require CAP_SYS_ADMIN to open the chardev to prevent unprivileged
users to call the EFI runtime services, instead of just relying on the
chardev file mode bits for this.
The main user of this driver is the fwts [0] tool that already checks if
the effective user ID is 0 and fails otherwise. So this change shouldn't
cause any regression to this tool.
[0]: https://wiki.ubuntu.com/FirmwareTestSuite/Reference/uefivarinfo
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Matthew Garrett <mjg59@google.com>
---
Changes in v2:
- Also disable /dev/efi_test access when the kernel is locked down as
suggested by Matthew Garrett.
- Add Acked-by tag from Laszlo Ersek.
drivers/firmware/efi/test/efi_test.c | 8 ++++++++
include/linux/security.h | 1 +
security/lockdown/lockdown.c | 1 +
3 files changed, 10 insertions(+)
diff --git a/drivers/firmware/efi/test/efi_test.c b/drivers/firmware/efi/test/efi_test.c
index 877745c3aaf..7baf48c01e7 100644
--- a/drivers/firmware/efi/test/efi_test.c
+++ b/drivers/firmware/efi/test/efi_test.c
@@ -14,6 +14,7 @@
#include <linux/init.h>
#include <linux/proc_fs.h>
#include <linux/efi.h>
+#include <linux/security.h>
#include <linux/slab.h>
#include <linux/uaccess.h>
@@ -717,6 +718,13 @@ static long efi_test_ioctl(struct file *file, unsigned int cmd,
static int efi_test_open(struct inode *inode, struct file *file)
{
+ int ret = security_locked_down(LOCKDOWN_EFI_TEST);
+
+ if (ret)
+ return ret;
+
+ if (!capable(CAP_SYS_ADMIN))
+ return -EACCES;
/*
* nothing special to do here
* We do accept multiple open files at the same time as we
diff --git a/include/linux/security.h b/include/linux/security.h
index a8d59d612d2..9df7547afc0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -105,6 +105,7 @@ enum lockdown_reason {
LOCKDOWN_NONE,
LOCKDOWN_MODULE_SIGNATURE,
LOCKDOWN_DEV_MEM,
+ LOCKDOWN_EFI_TEST,
LOCKDOWN_KEXEC,
LOCKDOWN_HIBERNATION,
LOCKDOWN_PCI_ACCESS,
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 8a10b43daf7..40b790536de 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -20,6 +20,7 @@ static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
[LOCKDOWN_NONE] = "none",
[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
+ [LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
[LOCKDOWN_KEXEC] = "kexec of unsigned images",
[LOCKDOWN_HIBERNATION] = "hibernation",
[LOCKDOWN_PCI_ACCESS] = "direct PCI access",

216
efi-libstub-arm-account-for-firmware-reserved-memory-at-the-base-of-RAM.patch
View File

@ -1,216 +0,0 @@
From patchwork Mon Oct 14 16:33:09 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 11189097
Return-Path:
<SRS0=bNJh=YH=lists.infradead.org=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E1AD11390
for <patchwork-linux-arm@patchwork.kernel.org>;
Mon, 14 Oct 2019 16:33:28 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org
[198.137.202.133])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail.kernel.org (Postfix) with ESMTPS id BF9BE217D9
for <patchwork-linux-arm@patchwork.kernel.org>;
Mon, 14 Oct 2019 16:33:28 +0000 (UTC)
Authentication-Results: mail.kernel.org;
dkim=pass (2048-bit key) header.d=lists.infradead.org
header.i=@lists.infradead.org header.b="AWaZtE0p";
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=linaro.org header.i=@linaro.org header.b="THTDXG/3"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BF9BE217D9
Authentication-Results: mail.kernel.org;
dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: mail.kernel.org;
spf=none
smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20170209; h=Sender:
Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To
:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Owner; bh=bFVBLmSAI67EKVRVJ976rFVJhb17XzlF5Frmxpt4Q24=; b=AWaZtE0prtFAKn
TzXV3jyYung5GM46YpbdIYSXq5utN5mbiOzHoadisQSsfKUn1h5/wpF7esUHXwHaDS5FWUUp5g6F+
P0rKmQjVgWN+jVD7Kk7RvmJewoFKWvlUzoG5+Lfin8NLSHMwNg+v2Z+sUayE+SylST1LP8jkK8B7e
QiOi647qxPv6IW25Zucu4D+N8DXmh+t6DjJXZ2W1LznbCD0PIPjTpcen0dntkHUYL0FHya3ghdrC3
ejo+MjvSDlrs4LgP5ER56hiSeucu58WMLefoUS3oSEYirB+9zt3Qk2Ppxv6k2GY/NBkLjw9jT76kg
OIZj83Gck17z+l7+NVmQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
id 1iK3Hk-0001ZP-CS; Mon, 14 Oct 2019 16:33:28 +0000
Received: from mail-wm1-x341.google.com ([2a00:1450:4864:20::341])
by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
id 1iK3Hf-0001Tp-Mo
for linux-arm-kernel@lists.infradead.org; Mon, 14 Oct 2019 16:33:26 +0000
Received: by mail-wm1-x341.google.com with SMTP id y135so386665wmc.1
for <linux-arm-kernel@lists.infradead.org>;
Mon, 14 Oct 2019 09:33:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
h=from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=yuEdphuMWOUGDahWSE97oqgmOlObKgpyvQgzFU8TRQU=;
b=THTDXG/3mOeZtb6dOK6qrH1eQvV7z52+jijnE+ULOhMbPReKZiIPTLCR3+W7HnWIkL
RFmtL80kGqOr/FynSqFtzLiwv4TaClqwXnVtULNnpITi/cHhy+AnvWVfQCDZ1THjSHSh
pduFTV40hbsfQR4K3wm6K4LGLOnaAkS193JT28eOdR7oOcCjbZSKoQKTYCquWrAWTeIo
oQAUnFNuy4gdBy+94VmzR0AdgNrDXTc5KPDYLaOTSBxZUJQ8+7pDFhxOxm06B6gNgPEp
fzYcPcRV2R9hc6PtL8jxMKRNQ3PcJnas8KU2DsmaK/FJZxgtzXs97TaHydGKq33TYgst
Mpow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=yuEdphuMWOUGDahWSE97oqgmOlObKgpyvQgzFU8TRQU=;
b=PJHaADcio6H7WwVXfMpYGT2fr/FMtU5GUUbNeD+td9rfpid6nfbHrh2TCAQtpxAMaS
B63nd+HNchQoPhWWHWMMx8gbY9KwOKzc5/FO5wqeDo5gbpI/eWidH+ieGLaxozX/Aqku
BLTdsnGMIB+FxmFCmtaY1y9wuqdVmS/4RiobjBycBZmXBYOYxZc3I81zM1u+nBjRKsNZ
h2D/gN8sjkRbT4f5kU/xpHbh+8CbpVp4ze5cpKOf35Iwf+ASNw/l53NHft0Y41ehG2NA
YFsdBpquso+CNhTGqN5VOBlpGdMFRJ4SIseygRQbXVT4KEeZBP60so7Ed8MwxoXmG6sw
gM5w==
X-Gm-Message-State: APjAAAUc9u8vjoe8La6L5Z/DMvnvVKz828SBRtfClkhDufJCaEZaQ1S9
nO3+g66C+iOliANLi0dTY/L7SkabogZiQQ==
X-Google-Smtp-Source:
APXvYqz0XzN3uY3m31zQi76ZEDZQMtYggJ6COqe0WCePJ5GuE+rYLNtFHVBakYmvlBvQjlPYRU+lrg==
X-Received: by 2002:a1c:a516:: with SMTP id
o22mr16781400wme.116.1571070801893;
Mon, 14 Oct 2019 09:33:21 -0700 (PDT)
Received: from localhost.localdomain
(laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120])
by smtp.gmail.com with ESMTPSA id o70sm25785240wme.29.2019.10.14.09.33.20
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 14 Oct 2019 09:33:21 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] efi: libstub/arm: account for firmware reserved memory at the
base of RAM
Date: Mon, 14 Oct 2019 18:33:09 +0200
Message-Id: <20191014163309.2860-1-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20191014_093323_781941_B57BEE97
X-CRM114-Status: GOOD ( 13.99 )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
Content analysis details: (-0.2 points)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2a00:1450:4864:20:0:0:0:341 listed in]
[list.dnswl.org]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe:
<http://lists.infradead.org/mailman/options/linux-arm-kernel>,
<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe:
<http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Chester Lin <clin@suse.com>, Guillaume Gardet <Guillaume.Gardet@arm.com>,
linux-efi@vger.kernel.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To:
linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
The EFI stubloader for ARM starts out by allocating a 32 MB window
at the base of RAM, in order to ensure that the decompressor (which
blindly copies the uncompressed kernel into that window) does not
overwrite other allocations that are made while running in the context
of the EFI firmware.
In some cases, (e.g., U-Boot running on the Raspberry Pi 2), this is
causing boot failures because this initial allocation conflicts with
a page of reserved memory at the base of RAM that contains the SMP spin
tables and other pieces of firmware data and which was put there by
the bootloader under the assumption that the TEXT_OFFSET window right
below the kernel is only used partially during early boot, and will be
left alone once the memory reservations are processed and taken into
account.
So let's permit reserved memory regions to exist in the region starting
at the base of RAM, and ending at TEXT_OFFSET - 5 * PAGE_SIZE, which is
the window below the kernel that is not touched by the early boot code.
Cc: Guillaume Gardet <Guillaume.Gardet@arm.com>
Cc: Chester Lin <clin@suse.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
drivers/firmware/efi/libstub/Makefile | 1 +
drivers/firmware/efi/libstub/arm32-stub.c | 16 +++++++++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 0460c7581220..ee0661ddb25b 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -52,6 +52,7 @@ lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o random.o \
lib-$(CONFIG_ARM) += arm32-stub.o
lib-$(CONFIG_ARM64) += arm64-stub.o
+CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
#
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm32-stub.c
index e8f7aefb6813..47aafeff3e01 100644
--- a/drivers/firmware/efi/libstub/arm32-stub.c
+++ b/drivers/firmware/efi/libstub/arm32-stub.c
@@ -195,6 +195,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
unsigned long dram_base,
efi_loaded_image_t *image)
{
+ unsigned long kernel_base;
efi_status_t status;
/*
@@ -204,9 +205,18 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
* loaded. These assumptions are made by the decompressor,
* before any memory map is available.
*/
- dram_base = round_up(dram_base, SZ_128M);
+ kernel_base = round_up(dram_base, SZ_128M);
- status = reserve_kernel_base(sys_table, dram_base, reserve_addr,
+ /*
+ * Note that some platforms (notably, the Raspberry Pi 2) put
+ * spin-tables and other pieces of firmware at the base of RAM,
+ * abusing the fact that the window of TEXT_OFFSET bytes at the
+ * base of the kernel image is only partially used at the moment.
+ * (Up to 5 pages are used for the swapper page table)
+ */
+ kernel_base += TEXT_OFFSET - 5 * PAGE_SIZE;
+
+ status = reserve_kernel_base(sys_table, kernel_base, reserve_addr,
reserve_size);
if (status != EFI_SUCCESS) {
pr_efi_err(sys_table, "Unable to allocate memory for uncompressed kernel.\n");
@@ -220,7 +230,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
*image_size = image->image_size;
status = efi_relocate_kernel(sys_table, image_addr, *image_size,
*image_size,
- dram_base + MAX_UNCOMP_KERNEL_SIZE, 0);
+ kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0);
if (status != EFI_SUCCESS) {
pr_efi_err(sys_table, "Failed to relocate kernel.\n");
efi_free(sys_table, *reserve_size, *reserve_addr);

16
kernel.spec
View File

@ -73,7 +73,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and # For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
# #
%global baserelease 3 %global baserelease 1
%global fedora_build %{baserelease} %global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching # base_sublevel is the kernel version we're starting with and patching
@ -98,9 +98,9 @@ Summary: The Linux kernel
# The next upstream release sublevel (base_sublevel+1) # The next upstream release sublevel (base_sublevel+1)
%define upstream_sublevel %(echo $((%{base_sublevel} + 1))) %define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
# The rc snapshot level # The rc snapshot level
%global rcrev 5 %global rcrev 6
# The git snapshot level # The git snapshot level
%define gitrev 1 %define gitrev 0
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 5.%{upstream_sublevel}.0 %define rpmversion 5.%{upstream_sublevel}.0
%endif %endif
@ -666,10 +666,6 @@ Patch204: efi-secureboot.patch
Patch205: lift-lockdown-sysrq.patch Patch205: lift-lockdown-sysrq.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1759325
# Submitted upstream at https://lore.kernel.org/patchwork/patch/1136967/
Patch206: efi-efi_test-lock-down-dev-efi_test-and-require-CAP_.patch
# 300 - ARM patches # 300 - ARM patches
Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch
@ -696,9 +692,6 @@ Patch324: arm64-tegra186-enable-USB-on-Jetson-TX2.patch
# https://patchwork.kernel.org/patch/11224177/ # https://patchwork.kernel.org/patch/11224177/
Patch325: arm64-usb-host-xhci-tegra-set-MODULE_FIRMWARE-for-tegra186.patch Patch325: arm64-usb-host-xhci-tegra-set-MODULE_FIRMWARE-for-tegra186.patch
# https://www.spinics.net/lists/arm-kernel/msg761152.html
Patch342: efi-libstub-arm-account-for-firmware-reserved-memory-at-the-base-of-RAM.patch
# 400 - IBM (ppc/s390x) patches # 400 - IBM (ppc/s390x) patches
# 500 - Temp fixes/CVEs etc # 500 - Temp fixes/CVEs etc
@ -2420,6 +2413,9 @@ fi
# #
# #
%changelog %changelog
* Mon Nov 04 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-0.rc6.git0.1
- Linux v5.4-rc6
* Mon Nov 04 2019 Jeremy Cline <jcline@redhat.com> * Mon Nov 04 2019 Jeremy Cline <jcline@redhat.com>
- Disable debugging options. - Disable debugging options.

3
sources
View File

@ -1,3 +1,2 @@
SHA512 (linux-5.3.tar.xz) = 6b5edef47c319a3fa7f6c20a3e0903a5acd89ec75e32dc5f99adcb60c9fe118ea312722d9c3d27e2e3900afa2455afb86e83a8b6bb131009bc79ddbe6fb0595d SHA512 (linux-5.3.tar.xz) = 6b5edef47c319a3fa7f6c20a3e0903a5acd89ec75e32dc5f99adcb60c9fe118ea312722d9c3d27e2e3900afa2455afb86e83a8b6bb131009bc79ddbe6fb0595d
SHA512 (patch-5.4-rc5.xz) = 4cfdbd263b243490e9aec0f320a6ecf5d1706ed0e92129c3a107fa25fc32536e7e016086d7271196c21be39cd7cde3c4f57413eed4a07ffe28355856af500c14 SHA512 (patch-5.4-rc6.xz) = 6322ec5b2e5de13fe05abf031dea7274230c3ce77cf93f631dc504eb779f10c6658e8df083a9e96f6eca6f0bf4974bc9b4103d1399eee32c7dedadbab0692d7b
SHA512 (patch-5.4-rc5-git1.xz) = 56dbcc36eb07d37871a0a3ad59c88061a01b2e26f81bd0686e90c908684c66460a73bf1fcca866829c8d14b75a78de44e5d639d504a129db8ce8cac6d7c823cd