rpms/kernel
9
2
Fork 4
Code Issues Pull Requests Releases Activity

Linux v5.6-rc3

Browse Source
This commit is contained in:
Jeremy Cline 2020-02-24 10:40:08 -05:00
parent beeed1edcc
commit a4c780cf4a
8 changed files with 56 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
View File

@ -1,104 +0,0 @@
From 3ce5852ec6add45a28fe1706e9163351940e905c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 2 Oct 2017 18:25:29 -0400
Subject: [PATCH 1/3] Make get_cert_list() not complain about cert lists that
aren't present.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
security/integrity/platform_certs/load_uefi.c | 37 ++++++++++++++++++++++---------------
1 file changed, 22 insertions(+), 15 deletions(-)
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index 81b19c52832b..e188f3ecbce3 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -38,8 +38,8 @@ static __init bool uefi_check_ignore_db(void)
/*
* Get a certificate list blob from the named EFI variable.
*/
-static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
- unsigned long *size)
+static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ unsigned long *size , void **cert_list)
{
efi_status_t status;
unsigned long lsize = 4;
@@ -47,24 +47,31 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
void *db;
status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status == EFI_NOT_FOUND) {
+ *size = 0;
+ *cert_list = NULL;
+ return 0;
+ }
+
if (status != EFI_BUFFER_TOO_SMALL) {
pr_err("Couldn't get size: 0x%lx\n", status);
- return NULL;
+ return efi_status_to_err(status);
}
db = kmalloc(lsize, GFP_KERNEL);
if (!db)
- return NULL;
+ return -ENOMEM;
status = efi.get_variable(name, guid, NULL, &lsize, db);
if (status != EFI_SUCCESS) {
kfree(db);
pr_err("Error reading db var: 0x%lx\n", status);
- return NULL;
+ return efi_status_to_err(status);
}
*size = lsize;
- return db;
+ *cert_list = db;
+ return 0;
}
/*
@@ -153,10 +160,10 @@ static int __init load_uefi_certs(void)
* an error if we can't get them.
*/
if (!uefi_check_ignore_db()) {
- db = get_cert_list(L"db", &secure_var, &dbsize);
- if (!db) {
+ rc = get_cert_list(L"db", &secure_var, &dbsize, &db);
+ if (rc < 0) {
pr_err("MODSIGN: Couldn't get UEFI db list\n");
- } else {
+ } else if (dbsize != 0) {
rc = parse_efi_signature_list("UEFI:db",
db, dbsize, get_handler_for_db);
if (rc)
@@ -166,10 +173,10 @@ static int __init load_uefi_certs(void)
}
}
- mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
- if (!mok) {
+ rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok);
+ if (rc < 0) {
pr_info("Couldn't get UEFI MokListRT\n");
- } else {
+ } else if (moksize != 0) {
rc = parse_efi_signature_list("UEFI:MokListRT",
mok, moksize, get_handler_for_db);
if (rc)
@@ -177,10 +184,10 @@ static int __init load_uefi_certs(void)
kfree(mok);
}
- dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
- if (!dbx) {
+ rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx);
+ if (rc < 0) {
pr_info("Couldn't get UEFI dbx list\n");
- } else {
+ } else if (dbxsize != 0) {
rc = parse_efi_signature_list("UEFI:dbx",
dbx, dbxsize,
get_handler_for_dbx);

38
0001-Replace-.ioctl-with-.compat_ioctl-in-three-appropria.patch → 0001-compat_ioctl-cdrom-Replace-.ioctl-with-.compat_ioctl.patch
View File

@ -1,19 +1,30 @@
From 31218a134206dc0d1d74551852b5f7fc42c3c966 Mon Sep 17 00:00:00 2001
From cef57541cdc079165e9af419ccacd36dce863d3a Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 12 Feb 2020 08:10:19 -0800
Subject: [PATCH] Replace .ioctl with .compat_ioctl in three appropriate places
Date: Wed, 19 Feb 2020 17:50:07 +0100
Subject: [PATCH] compat_ioctl, cdrom: Replace .ioctl with .compat_ioctl in
four appropriate places
Arnd Bergmann inadvertently typoed these in d320a9551e394 and
64cbfa96551a; they seem to be the cause of
https://bugzilla.redhat.com/show_bug.cgi?id=1801353 , invalid
SCSI commands when udev tries to query a DVD drive.
[arnd] Found another instance of the same bug, also introduced
in my compat_ioctl series.
Fixes: d320a9551e39 ("compat_ioctl: scsi: move ioctl handling into drivers")
Fixes: 64cbfa96551a ("compat_ioctl: move cdrom commands into cdrom.c")
Fixes: c103d6ee69f9 ("compat_ioctl: ide: floppy: add handler")
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1801353
Bisected-by: Chris Murphy <bugzilla@colorremedies.com>
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
drivers/block/paride/pcd.c | 2 +-
drivers/cdrom/gdrom.c | 2 +-
drivers/ide/ide-gd.c | 2 +-
drivers/scsi/sr.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/block/paride/pcd.c b/drivers/block/paride/pcd.c
index 117cfc8cd05a..cda5cf917e9a 100644
@ -29,7 +40,7 @@ index 117cfc8cd05a..cda5cf917e9a 100644
.check_events = pcd_block_check_events,
};
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index 886b2638c730..0f3f9558716a 100644
index 886b2638c730..c51292c2a131 100644
--- a/drivers/cdrom/gdrom.c
+++ b/drivers/cdrom/gdrom.c
@@ -519,7 +519,7 @@ static const struct block_device_operations gdrom_bdops = {
@ -37,10 +48,23 @@ index 886b2638c730..0f3f9558716a 100644
.ioctl = gdrom_bdops_ioctl,
#ifdef CONFIG_COMPAT
- .ioctl = blkdev_compat_ptr_ioctl,
+ .compat_ioctl = blkdev_compat_ptr_ioctl,
+ .compat_ioctl = blkdev_compat_ptr_ioctl,
#endif
};
diff --git a/drivers/ide/ide-gd.c b/drivers/ide/ide-gd.c
index 1bb99b556393..05c26986637b 100644
--- a/drivers/ide/ide-gd.c
+++ b/drivers/ide/ide-gd.c
@@ -361,7 +361,7 @@ static const struct block_device_operations ide_gd_ops = {
.release = ide_gd_release,
.ioctl = ide_gd_ioctl,
#ifdef CONFIG_COMPAT
- .ioctl = ide_gd_compat_ioctl,
+ .compat_ioctl = ide_gd_compat_ioctl,
#endif
.getgeo = ide_gd_getgeo,
.check_events = ide_gd_check_events,
diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
index 0fbb8fe6e521..e4240e4ae8bb 100644
--- a/drivers/scsi/sr.c
@ -55,5 +79,5 @@ index 0fbb8fe6e521..e4240e4ae8bb 100644
.check_events = sr_block_check_events,
.revalidate_disk = sr_block_revalidate_disk,
--
2.25.0
2.24.1

47
0001-include-uapi-Fix-invalid-use-of-BITS_PER_LONG-in-__s.patch
View File

@ -1,47 +0,0 @@
From 8eab168ae074431ddd05e6478582c4dbc0847c44 Mon Sep 17 00:00:00 2001
From: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Date: Wed, 12 Feb 2020 08:51:06 +0100
Subject: [PATCH] include/uapi: Fix invalid use of BITS_PER_LONG in __swab
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This caused compile problems in user-space application using that
header. Seen with systemd:
In file included from /build/client/devel/kernel/_/usr/include/linux/byteorder/little_endian.h:13,
from /build/client/devel/kernel/_/usr/include/asm/byteorder.h: ,
from /build/client/devel/kernel/_/usr/include/linux/icmpv6.h:6,
from ../src/network/networkd-route.c:3:
/build/client/devel/kernel/_/usr/include/linux/swab.h: In function __swab:
/build/client/devel/kernel/_/usr/include/linux/swab.h:138:5: error: "BITS_PER_LONG" is not defined, evaluates to 0 [-Werror=undef]
#if BITS_PER_LONG == 64
^~~~~~~~~~~~~
cc1: some warnings being treated as errors
[181/1207] Generating sys with a custom command.
ninja: build stopped: subcommand failed.
Signed-off-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
---
include/uapi/linux/swab.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h
index fa7f97da5b76..7272f85d6d6a 100644
--- a/include/uapi/linux/swab.h
+++ b/include/uapi/linux/swab.h
@@ -135,9 +135,9 @@ static inline __attribute_const__ __u32 __fswahb32(__u32 val)
static __always_inline unsigned long __swab(const unsigned long y)
{
-#if BITS_PER_LONG == 64
+#if __BITS_PER_LONG == 64
return __swab64(y);
-#else /* BITS_PER_LONG == 32 */
+#else /* __BITS_PER_LONG == 32 */
return __swab32(y);
#endif
}
--
2.24.1

95
0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
View File

@ -1,95 +0,0 @@
From a34309d16f41c48ffd90e56a6f865d6a1a8c49f0 Mon Sep 17 00:00:00 2001
From: Catalin Marinas <catalin.marinas@arm.com>
Date: Wed, 19 Feb 2020 12:31:56 +0000
Subject: [PATCH] mm: Avoid creating virtual address aliases in
brk()/mmap()/mremap()
Currently the arm64 kernel ignores the top address byte passed to brk(),
mmap() and mremap(). When the user is not aware of the 56-bit address
limit or relies on the kernel to return an error, untagging such
pointers has the potential to create address aliases in user-space.
Passing a tagged address to munmap(), madvise() is permitted since the
tagged pointer is expected to be inside an existing mapping.
The current behaviour breaks the existing glibc malloc() implementation
which relies on brk() with an address beyond 56-bit to be rejected by
the kernel.
Remove untagging in the above functions by partially reverting commit
ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In
addition, update the arm64 tagged-address-abi.rst document accordingly.
Link: https://bugzilla.redhat.com/1797052
Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk")
Cc: <stable@vger.kernel.org> # 5.4.x-
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Florian Weimer <fweimer@redhat.com>
Reported-by: Victor Stinner <vstinner@redhat.com>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
---
Documentation/arm64/tagged-address-abi.rst | 11 +++++++++--
mm/mmap.c | 4 ----
mm/mremap.c | 1 -
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/Documentation/arm64/tagged-address-abi.rst b/Documentation/arm64/tagged-address-abi.rst
index d4a85d535bf9..f6289116893c 100644
--- a/Documentation/arm64/tagged-address-abi.rst
+++ b/Documentation/arm64/tagged-address-abi.rst
@@ -44,8 +44,15 @@ The AArch64 Tagged Address ABI has two stages of relaxation depending
how the user addresses are used by the kernel:
1. User addresses not accessed by the kernel but used for address space
- management (e.g. ``mmap()``, ``mprotect()``, ``madvise()``). The use
- of valid tagged pointers in this context is always allowed.
+ management (e.g. ``mprotect()``, ``madvise()``). The use of valid
+ tagged pointers in this context is allowed with the exception of
+ ``brk()``, ``mmap()`` and the ``new_address`` argument to
+ ``mremap()`` as these have the potential of aliasing with existing
+ user addresses.
+
+ NOTE: This behaviour changed in v5.6 and so some earlier kernels may
+ incorrectly accept valid tagged pointers for the ``brk()``,
+ ``mmap()`` and ``mremap()`` system calls.
2. User addresses accessed by the kernel (e.g. ``write()``). This ABI
relaxation is disabled by default and the application thread needs to
diff --git a/mm/mmap.c b/mm/mmap.c
index 4390dbea4aa5..514cc19c5916 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -195,8 +195,6 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
bool downgraded = false;
LIST_HEAD(uf);
- brk = untagged_addr(brk);
-
if (down_write_killable(&mm->mmap_sem))
return -EINTR;
@@ -1583,8 +1581,6 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len,
struct file *file = NULL;
unsigned long retval;
- addr = untagged_addr(addr);
-
if (!(flags & MAP_ANONYMOUS)) {
audit_mmap_fd(fd, flags);
file = fget(fd);
diff --git a/mm/mremap.c b/mm/mremap.c
index 1fc8a29fbe3f..1d98281f7204 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -607,7 +607,6 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
LIST_HEAD(uf_unmap);
addr = untagged_addr(addr);
- new_addr = untagged_addr(new_addr);
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
return ret;
--
2.24.1

37
0001-x86-Don-t-declare-__force_order-in-kaslr_64.c.patch
View File

@ -1,37 +0,0 @@
From c8c26194cf5a344cd53763eaaf16c3ab609736f4 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 16 Jan 2020 12:46:51 -0800
Subject: [PATCH] x86: Don't declare __force_order in kaslr_64.c
GCC 10 changed the default to -fno-common, which leads to
LD arch/x86/boot/compressed/vmlinux
ld: arch/x86/boot/compressed/pgtable_64.o:(.bss+0x0): multiple definition of `__force_order'; arch/x86/boot/compressed/kaslr_64.o:(.bss+0x0): first defined here
make[2]: *** [arch/x86/boot/compressed/Makefile:119: arch/x86/boot/compressed/vmlinux] Error 1
Since __force_order is already provided in pgtable_64.c, there is no
need to declare __force_order in kaslr_64.c.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
arch/x86/boot/compressed/kaslr_64.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr_64.c b/arch/x86/boot/compressed/kaslr_64.c
index 748456c365f4..9557c5a15b91 100644
--- a/arch/x86/boot/compressed/kaslr_64.c
+++ b/arch/x86/boot/compressed/kaslr_64.c
@@ -29,9 +29,6 @@
#define __PAGE_OFFSET __PAGE_OFFSET_BASE
#include "../../mm/ident_map.c"
-/* Used by pgtable.h asm code to force instruction serialization. */
-unsigned long __force_order;
-
/* Used to track our page table allocation area. */
struct alloc_pgt_data {
unsigned char *pgt_buf;
--
2.24.1

35
0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
View File

@ -1,38 +1,39 @@
From 520e902d864930e2d4f329983d9ae9781a24231f Mon Sep 17 00:00:00 2001
From 46daeedffe98b489014dcdcf14c89438362de7eb Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 2 Oct 2017 18:18:30 -0400
Subject: [PATCH 3/3] Make get_cert_list() use efi_status_to_str() to print
error messages.
Subject: [PATCH] Make get_cert_list() use efi_status_to_str() to print error
messages.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
security/integrity/platform_certs/load_uefi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index 9ef34c44fd1..13a2826715d 100644
index f0c908241966..4e783f6c6cfb 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -51,7 +51,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
}
@@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
return NULL;
if (status != EFI_BUFFER_TOO_SMALL) {
- pr_err("Couldn't get size: 0x%lx\n", status);
if (*status != EFI_BUFFER_TOO_SMALL) {
- pr_err("Couldn't get size: 0x%lx\n", *status);
+ pr_err("Couldn't get size: %s (0x%lx)\n",
+ efi_status_to_str(status), status);
return efi_status_to_err(status);
+ efi_status_to_str(*status), *status);
return NULL;
}
@@ -64,7 +65,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
status = efi.get_variable(name, guid, NULL, &lsize, db);
if (status != EFI_SUCCESS) {
@@ -57,7 +58,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
*status = efi.get_variable(name, guid, NULL, &lsize, db);
if (*status != EFI_SUCCESS) {
kfree(db);
- pr_err("Error reading db var: 0x%lx\n", status);
- pr_err("Error reading db var: 0x%lx\n", *status);
+ pr_err("Error reading db var: %s (0x%lx)\n",
+ efi_status_to_str(status), status);
return efi_status_to_err(status);
+ efi_status_to_str(*status), *status);
return NULL;
}
--
2.15.0
2.24.1

17
kernel.spec
View File

@ -105,9 +105,9 @@ Summary: The Linux kernel
# The next upstream release sublevel (base_sublevel+1)
%define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
# The rc snapshot level
%global rcrev 2
%global rcrev 3
# The git snapshot level
%define gitrev 3
%define gitrev 0
# Set rpm version accordingly
%define rpmversion 5.%{upstream_sublevel}.0
%endif
@ -797,7 +797,6 @@ Source5000: patch-5.%{base_sublevel}-git%{gitrev}.xz
# 200 - x86 / secureboot
# bz 1497559 - Make kernel MODSIGN code not error on missing variables
Patch200: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
Patch201: 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
Patch202: 0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
@ -859,16 +858,9 @@ Patch504: 0001-mm-kmemleak-skip-late_init-if-not-skip-disable.patch
Patch505: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch
# GCC 10 build fix for x86_64
Patch528: 0001-x86-Don-t-declare-__force_order-in-kaslr_64.c.patch
Patch529: 0001-Include-kvm_asm.h-and-kvm_arm.h-in-kvm-arm-trace.h.patch
Patch530: 0001-Replace-.ioctl-with-.compat_ioctl-in-three-appropria.patch
Patch531: 0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1804330
Patch532: 0001-include-uapi-Fix-invalid-use-of-BITS_PER_LONG-in-__s.patch
Patch530: 0001-compat_ioctl-cdrom-Replace-.ioctl-with-.compat_ioctl.patch
# END OF PATCH DEFINITIONS
@ -2899,6 +2891,9 @@ fi
#
#
%changelog
* Mon Feb 24 2020 Jeremy Cline <jcline@redhat.com> - 5.6.0-0.rc3.git0.1
- Linux v5.6-rc3
* Mon Feb 24 2020 Jeremy Cline <jcline@redhat.com>
- Disable debugging options.

3
sources
View File

@ -1,3 +1,2 @@
SHA512 (linux-5.5.tar.xz) = fa74fdabb5e63384a39e54da05b86a9ae9ea16179524b041fbbdffc7177e80b53600ae98d76be127ba216148f9dc55fe07ab20637e22c6d6030cb4aa09eb2f86
SHA512 (patch-5.6-rc2.xz) = b49dfa43e7dcdf90bd68e582eb676f3cac53f7212d8abde6e41e18f8bd0eecc3ae2384639f8aaef8925c8e4385e75b0b49ec54e5bcfc23dec5fe2169cbce1af2
SHA512 (patch-5.6-rc2-git3.xz) = 78d5d74a3819453bc84cec371eafdf4cc0bba2e097c686b5e8f546fb5f29917daf64a4fb61fc615f60d1c56da96d54dd2f5663046d339cf5ebddafbc831188e9
SHA512 (patch-5.6-rc3.xz) = e12599c53db58b291864f2fdd0fba49b7f0bffa6c3878e8ff99367f7089e3310cb14064d155637a1cb957cbd76cb2af596ea97946ce205e0628e70642aa20a98