diff --git a/Modify-UEFI-anti-bricking-code.patch b/Modify-UEFI-anti-bricking-code.patch index 862574556..269359f40 100644 --- a/Modify-UEFI-anti-bricking-code.patch +++ b/Modify-UEFI-anti-bricking-code.patch @@ -1,7 +1,14 @@ -From 2380baac8b96f6e93ef72135d1b60d686d7f82e6 Mon Sep 17 00:00:00 2001 From: Matthew Garrett -Date: Sat, 1 Jun 2013 16:06:20 -0400 +To: rja@sgi.com +Cc: mingo@kernel.org, torvalds@linux-foundation.org, bp@alien8.de, + jkosina@suse.cz, jlee@suse.com, matt.fleming@intel.com, + linux-efi@vger.kernel.org, x86@kernel.org, + linux-kernel@vger.kernel.org, tglx@linutronix.de, hpa@linux.intel.com, + akpm@linux-foundation.org, + Matthew Garrett Subject: [PATCH] Modify UEFI anti-bricking code +Date: Sat, 1 Jun 2013 16:06:20 -0400 +Message-Id: <1370117180-1712-1-git-send-email-matthew.garrett@nebula.com> This patch reworks the UEFI anti-bricking code, including an effective reversion of cc5a080c and 31ff2f20. It turns out that calling @@ -33,8 +40,8 @@ Signed-off-by: Matthew Garrett arch/x86/boot/compressed/eboot.c | 47 ---------- arch/x86/include/asm/efi.h | 7 -- arch/x86/include/uapi/asm/bootparam.h | 1 - - arch/x86/platform/efi/efi.c | 167 +++++++++------------------------- - 4 files changed, 44 insertions(+), 178 deletions(-) + arch/x86/platform/efi/efi.c | 169 +++++++++------------------------- + 4 files changed, 45 insertions(+), 179 deletions(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index 35ee62f..c205035 100644 @@ -132,10 +139,10 @@ index 0874424..c15ddaf 100644 /* ram_size flags */ #define RAMDISK_IMAGE_START_MASK 0x07FF diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c -index e4a86a6..beb5d5f 100644 +index 82089d8..63e167a 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c -@@ -41,7 +41,6 @@ +@@ -42,7 +42,6 @@ #include #include #include @@ -143,7 +150,7 @@ index e4a86a6..beb5d5f 100644 #include #include -@@ -52,13 +51,6 @@ +@@ -54,13 +53,6 @@ #define EFI_DEBUG 1 @@ -157,7 +164,7 @@ index e4a86a6..beb5d5f 100644 struct efi __read_mostly efi = { .mps = EFI_INVALID_TABLE_ADDR, .acpi = EFI_INVALID_TABLE_ADDR, -@@ -77,13 +69,6 @@ struct efi_memory_map memmap; +@@ -79,13 +71,6 @@ struct efi_memory_map memmap; static struct efi efi_phys __initdata; static efi_system_table_t efi_systab __initdata; @@ -171,7 +178,7 @@ index e4a86a6..beb5d5f 100644 unsigned long x86_efi_facility; /* -@@ -186,53 +171,8 @@ static efi_status_t virt_efi_get_next_variable(unsigned long *name_size, +@@ -188,53 +173,8 @@ static efi_status_t virt_efi_get_next_variable(unsigned long *name_size, efi_char16_t *name, efi_guid_t *vendor) { @@ -180,8 +187,7 @@ index e4a86a6..beb5d5f 100644 - static u64 var_size; - - status = efi_call_virt3(get_next_variable, -+ return efi_call_virt3(get_next_variable, - name_size, name, vendor); +- name_size, name, vendor); - - if (status == EFI_NOT_FOUND) { - finished = true; @@ -194,7 +200,7 @@ index e4a86a6..beb5d5f 100644 - } - - if (boot_used_size && !finished) { -- unsigned long size; +- unsigned long size = 0; - u32 attr; - efi_status_t s; - void *tmp; @@ -223,10 +229,12 @@ index e4a86a6..beb5d5f 100644 - } - - return status; ++ return efi_call_virt3(get_next_variable, ++ name_size, name, vendor); } static efi_status_t virt_efi_set_variable(efi_char16_t *name, -@@ -241,34 +181,9 @@ static efi_status_t virt_efi_set_variable(efi_char16_t *name, +@@ -243,34 +183,9 @@ static efi_status_t virt_efi_set_variable(efi_char16_t *name, unsigned long data_size, void *data) { @@ -264,7 +272,7 @@ index e4a86a6..beb5d5f 100644 } static efi_status_t virt_efi_query_variable_info(u32 attr, -@@ -776,9 +691,6 @@ void __init efi_init(void) +@@ -786,9 +701,6 @@ void __init efi_init(void) char vendor[100] = "unknown"; int i = 0; void *tmp; @@ -274,7 +282,7 @@ index e4a86a6..beb5d5f 100644 #ifdef CONFIG_X86_32 if (boot_params.efi_info.efi_systab_hi || -@@ -796,22 +708,6 @@ void __init efi_init(void) +@@ -806,22 +718,6 @@ void __init efi_init(void) if (efi_systab_init(efi_phys.systab)) return; @@ -297,7 +305,7 @@ index e4a86a6..beb5d5f 100644 set_bit(EFI_SYSTEM_TABLES, &x86_efi_facility); /* -@@ -1131,28 +1027,53 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) +@@ -1141,28 +1037,53 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) if (status != EFI_SUCCESS) return status; @@ -369,3 +377,8 @@ index e4a86a6..beb5d5f 100644 -- 1.8.1.4 +-- +To unsubscribe from this list: send the line "unsubscribe linux-efi" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html + diff --git a/iscsi-target-fix-heap-buffer-overflow-on-error.patch b/iscsi-target-fix-heap-buffer-overflow-on-error.patch deleted file mode 100644 index 7b368122d..000000000 --- a/iscsi-target-fix-heap-buffer-overflow-on-error.patch +++ /dev/null @@ -1,63 +0,0 @@ -From cea4dcfdad926a27a18e188720efe0f2c9403456 Mon Sep 17 00:00:00 2001 -From: Kees Cook -Date: Thu, 23 May 2013 17:32:17 +0000 -Subject: iscsi-target: fix heap buffer overflow on error - -If a key was larger than 64 bytes, as checked by iscsi_check_key(), the -error response packet, generated by iscsi_add_notunderstood_response(), -would still attempt to copy the entire key into the packet, overflowing -the structure on the heap. - -Remote preauthentication kernel memory corruption was possible if a -target was configured and listening on the network. - -CVE-2013-2850 - -Signed-off-by: Kees Cook -Cc: stable@vger.kernel.org -Signed-off-by: Nicholas Bellinger ---- -diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c -index c2185fc..e382221 100644 ---- a/drivers/target/iscsi/iscsi_target_parameters.c -+++ b/drivers/target/iscsi/iscsi_target_parameters.c -@@ -758,9 +758,9 @@ static int iscsi_add_notunderstood_response( - } - INIT_LIST_HEAD(&extra_response->er_list); - -- strncpy(extra_response->key, key, strlen(key) + 1); -- strncpy(extra_response->value, NOTUNDERSTOOD, -- strlen(NOTUNDERSTOOD) + 1); -+ strlcpy(extra_response->key, key, sizeof(extra_response->key)); -+ strlcpy(extra_response->value, NOTUNDERSTOOD, -+ sizeof(extra_response->value)); - - list_add_tail(&extra_response->er_list, - ¶m_list->extra_response_list); -@@ -1629,8 +1629,6 @@ int iscsi_decode_text_input( - - if (phase & PHASE_SECURITY) { - if (iscsi_check_for_auth_key(key) > 0) { -- char *tmpptr = key + strlen(key); -- *tmpptr = '='; - kfree(tmpbuf); - return 1; - } -diff --git a/drivers/target/iscsi/iscsi_target_parameters.h b/drivers/target/iscsi/iscsi_target_parameters.h -index 915b067..a47046a 100644 ---- a/drivers/target/iscsi/iscsi_target_parameters.h -+++ b/drivers/target/iscsi/iscsi_target_parameters.h -@@ -1,8 +1,10 @@ - #ifndef ISCSI_PARAMETERS_H - #define ISCSI_PARAMETERS_H - -+#include -+ - struct iscsi_extra_response { -- char key[64]; -+ char key[KEY_MAXLEN]; - char value[32]; - struct list_head er_list; - } ____cacheline_aligned; --- -cgit v0.9.2 diff --git a/kernel.spec b/kernel.spec index c6b8280a1..d05ea81ec 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 2 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -93,7 +93,7 @@ Summary: The Linux kernel # The next upstream release sublevel (base_sublevel+1) %define upstream_sublevel %(echo $((%{base_sublevel} + 1))) # The rc snapshot level -%define rcrev 3 +%define rcrev 4 # The git snapshot level %define gitrev 0 # Set rpm version accordingly @@ -733,18 +733,12 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch #rhbz 927469 Patch23006: fix-child-thread-introspection.patch -#rhbz 961527 -Patch25021: radeon-use-max_bus-speed-to-activate-gen2-speeds.patch - #rhbz 964367 Patch25023: hp-wmi-fix-incorrect-rfkill-set-hw-state.patch #rhbz 948262 Patch25024: intel_iommu-Downgrade-the-warning-if-enabling-irq-remapping-fails.patch -#CVE-2013-2850 rhbz 968036 969272 -Patch25025: iscsi-target-fix-heap-buffer-overflow-on-error.patch - #rhbz 964335 Patch25026: Modify-UEFI-anti-bricking-code.patch @@ -1424,18 +1418,12 @@ ApplyPatch 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch #rhbz 927469 ApplyPatch fix-child-thread-introspection.patch -#rhbz 961527 -ApplyPatch radeon-use-max_bus-speed-to-activate-gen2-speeds.patch - #rhbz 964367 ApplyPatch hp-wmi-fix-incorrect-rfkill-set-hw-state.patch #rhbz 948262 ApplyPatch intel_iommu-Downgrade-the-warning-if-enabling-irq-remapping-fails.patch -#CVE-2013-2850 rhbz 968036 969272 -ApplyPatch iscsi-target-fix-heap-buffer-overflow-on-error.patch - #rhbz 964335 ApplyPatch Modify-UEFI-anti-bricking-code.patch @@ -2244,6 +2232,11 @@ fi # ||----w | # || || %changelog +* Tue Jun 04 2013 Dave Jones - 3.10.0-0.rc4.git0.1 +- 3.10-rc4 + merged: radeon-use-max_bus-speed-to-activate-gen2-speeds.patch + merged: iscsi-target-fix-heap-buffer-overflow-on-error.patch + * Mon Jun 03 2013 Josh Boyer - Fix UEFI anti-bricking code (rhbz 964335) diff --git a/radeon-use-max_bus-speed-to-activate-gen2-speeds.patch b/radeon-use-max_bus-speed-to-activate-gen2-speeds.patch deleted file mode 100644 index f9a11993f..000000000 --- a/radeon-use-max_bus-speed-to-activate-gen2-speeds.patch +++ /dev/null @@ -1,99 +0,0 @@ -radeon: use max_bus_speed to activate gen2 speeds - -radeon currently uses a drm function to get the speed capabilities for -the bus, drm_pcie_get_speed_cap_mask. However, this is a non-standard -method of performing this detection and this patch changes it to use -the max_bus_speed attribute. - -From: Lucas Kannebley Tavares -Signed-off-by: Kleber Sacilotto de Souza ---- - drivers/gpu/drm/radeon/evergreen.c | 10 +++------- - drivers/gpu/drm/radeon/r600.c | 9 ++------- - drivers/gpu/drm/radeon/rv770.c | 9 ++------- - 3 files changed, 7 insertions(+), 21 deletions(-) - -diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c -index 105bafb..3966696 100644 ---- a/drivers/gpu/drm/radeon/evergreen.c -+++ b/drivers/gpu/drm/radeon/evergreen.c -@@ -4992,8 +4992,7 @@ void evergreen_fini(struct radeon_device *rdev) - - void evergreen_pcie_gen2_enable(struct radeon_device *rdev) - { -- u32 link_width_cntl, speed_cntl, mask; -- int ret; -+ u32 link_width_cntl, speed_cntl; - - if (radeon_pcie_gen2 == 0) - return; -@@ -5008,11 +5007,8 @@ void evergreen_pcie_gen2_enable(struct radeon_device *rdev) - if (ASIC_IS_X2(rdev)) - return; - -- ret = drm_pcie_get_speed_cap_mask(rdev->ddev, &mask); -- if (ret != 0) -- return; -- -- if (!(mask & DRM_PCIE_SPEED_50)) -+ if ((rdev->pdev->bus->max_bus_speed != PCIE_SPEED_5_0GT) && -+ (rdev->pdev->bus->max_bus_speed != PCIE_SPEED_8_0GT)) - return; - - speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL); -diff --git a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c -index 1a08008..b45e648 100644 ---- a/drivers/gpu/drm/radeon/r600.c -+++ b/drivers/gpu/drm/radeon/r600.c -@@ -4631,8 +4631,6 @@ static void r600_pcie_gen2_enable(struct radeon_device *rdev) - { - u32 link_width_cntl, lanes, speed_cntl, training_cntl, tmp; - u16 link_cntl2; -- u32 mask; -- int ret; - - if (radeon_pcie_gen2 == 0) - return; -@@ -4651,11 +4649,8 @@ static void r600_pcie_gen2_enable(struct radeon_device *rdev) - if (rdev->family <= CHIP_R600) - return; - -- ret = drm_pcie_get_speed_cap_mask(rdev->ddev, &mask); -- if (ret != 0) -- return; -- -- if (!(mask & DRM_PCIE_SPEED_50)) -+ if ((rdev->pdev->bus->max_bus_speed != PCIE_SPEED_5_0GT) && -+ (rdev->pdev->bus->max_bus_speed != PCIE_SPEED_8_0GT)) - return; - - speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL); -diff --git a/drivers/gpu/drm/radeon/rv770.c b/drivers/gpu/drm/radeon/rv770.c -index 83f612a..a6af4aa 100644 ---- a/drivers/gpu/drm/radeon/rv770.c -+++ b/drivers/gpu/drm/radeon/rv770.c -@@ -2113,8 +2113,6 @@ static void rv770_pcie_gen2_enable(struct radeon_device *rdev) - { - u32 link_width_cntl, lanes, speed_cntl, tmp; - u16 link_cntl2; -- u32 mask; -- int ret; - - if (radeon_pcie_gen2 == 0) - return; -@@ -2129,11 +2127,8 @@ static void rv770_pcie_gen2_enable(struct radeon_device *rdev) - if (ASIC_IS_X2(rdev)) - return; - -- ret = drm_pcie_get_speed_cap_mask(rdev->ddev, &mask); -- if (ret != 0) -- return; -- -- if (!(mask & DRM_PCIE_SPEED_50)) -+ if ((rdev->pdev->bus->max_bus_speed != PCIE_SPEED_5_0GT) && -+ (rdev->pdev->bus->max_bus_speed != PCIE_SPEED_8_0GT)) - return; - - DRM_INFO("enabling PCIE gen 2 link speeds, disable with radeon.pcie_gen2=0\n"); --- -1.7.1 diff --git a/sources b/sources index 206044d92..328e398de 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz -bc974df2cd7a1b1216a2c518ce4ab756 patch-3.10-rc3.xz +ae685dcb736096739eb20122a1395f6e patch-3.10-rc4.xz