+++ /dev/null
-From 2d977350ae0a9d976238451123e8d48e6ec55fcf Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Mon, 22 Aug 2022 19:20:33 +0200
-Subject: efi: libstub: Disable struct randomization
-
-From: Ard Biesheuvel <ardb@kernel.org>
-
-[ Upstream commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e ]
-
-The EFI stub is a wrapper around the core kernel that makes it look like
-a EFI compatible PE/COFF application to the EFI firmware. EFI
-applications run on top of the EFI runtime, which is heavily based on
-so-called protocols, which are struct types consisting [mostly] of
-function pointer members that are instantiated and recorded in a
-protocol database.
-
-These structs look like the ideal randomization candidates to the
-randstruct plugin (as they only carry function pointers), but of course,
-these protocols are contracts between the firmware that exposes them,
-and the EFI applications (including our stubbed kernel) that invoke
-them. This means that struct randomization for EFI protocols is not a
-great idea, and given that the stub shares very little data with the
-core kernel that is represented as a randomizable struct, we're better
-off just disabling it completely here.
-
-Cc: <stable@vger.kernel.org> # v4.14+
-Reported-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
-Tested-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Acked-by: Kees Cook <keescook@chromium.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- drivers/firmware/efi/libstub/Makefile | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
-index 54dbcec7e06f..7dc2d093962e 100644
---- a/drivers/firmware/efi/libstub/Makefile
-+++ b/drivers/firmware/efi/libstub/Makefile
-@@ -23,6 +23,13 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \
- $(call cc-option,-ffreestanding) \
- $(call cc-option,-fno-stack-protector)
-
-+#
-+# struct randomization only makes sense for Linux internal types, which the EFI
-+# stub code never touches, so let's turn off struct randomization for the stub
-+# altogether
-+#
-+KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS))
-+
- # remove SCS flags from all objects in this directory
- KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
-
---
-2.35.1
-
drm-meson-correct-osd1-global-alpha-value.patch
parisc-ccio-dma-add-missing-iounmap-in-error-path-in.patch
efi-libstub-disable-shadow-call-stack.patch
-efi-libstub-disable-struct-randomization.patch
cifs-don-t-send-down-the-destination-address-to-sendmsg-for-a-sock_stream.patch
asoc-nau8824-fix-semaphore-unbalance-at-error-paths.patch
regulator-pfuze100-fix-the-global-out-of-bounds-acce.patch
+++ /dev/null
-From 647b9e3ae48fd6671991e42990051a828b138273 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Mon, 22 Aug 2022 19:20:33 +0200
-Subject: efi: libstub: Disable struct randomization
-
-From: Ard Biesheuvel <ardb@kernel.org>
-
-[ Upstream commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e ]
-
-The EFI stub is a wrapper around the core kernel that makes it look like
-a EFI compatible PE/COFF application to the EFI firmware. EFI
-applications run on top of the EFI runtime, which is heavily based on
-so-called protocols, which are struct types consisting [mostly] of
-function pointer members that are instantiated and recorded in a
-protocol database.
-
-These structs look like the ideal randomization candidates to the
-randstruct plugin (as they only carry function pointers), but of course,
-these protocols are contracts between the firmware that exposes them,
-and the EFI applications (including our stubbed kernel) that invoke
-them. This means that struct randomization for EFI protocols is not a
-great idea, and given that the stub shares very little data with the
-core kernel that is represented as a randomizable struct, we're better
-off just disabling it completely here.
-
-Cc: <stable@vger.kernel.org> # v4.14+
-Reported-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
-Tested-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Acked-by: Kees Cook <keescook@chromium.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- drivers/firmware/efi/libstub/Makefile | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
-index e0cff3b942ac..7fad5d90898b 100644
---- a/drivers/firmware/efi/libstub/Makefile
-+++ b/drivers/firmware/efi/libstub/Makefile
-@@ -31,6 +31,13 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \
- $(call cc-option,-fno-addrsig) \
- -D__DISABLE_EXPORTS
-
-+#
-+# struct randomization only makes sense for Linux internal types, which the EFI
-+# stub code never touches, so let's turn off struct randomization for the stub
-+# altogether
-+#
-+KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS))
-+
- # remove SCS flags from all objects in this directory
- KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
-
---
-2.35.1
-
drm-meson-correct-osd1-global-alpha-value.patch
parisc-ccio-dma-add-missing-iounmap-in-error-path-in.patch
efi-libstub-disable-shadow-call-stack.patch
-efi-libstub-disable-struct-randomization.patch
nvmet-fix-a-use-after-free.patch
mvpp2-no-need-to-check-return-value-of-debugfs_creat.patch
cifs-don-t-send-down-the-destination-address-to-sendmsg-for-a-sock_stream.patch
+++ /dev/null
-From e519094ca4cd30a02d34ad5d4c3f518c6fb18092 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Mon, 22 Aug 2022 19:20:33 +0200
-Subject: efi: libstub: Disable struct randomization
-
-From: Ard Biesheuvel <ardb@kernel.org>
-
-[ Upstream commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e ]
-
-The EFI stub is a wrapper around the core kernel that makes it look like
-a EFI compatible PE/COFF application to the EFI firmware. EFI
-applications run on top of the EFI runtime, which is heavily based on
-so-called protocols, which are struct types consisting [mostly] of
-function pointer members that are instantiated and recorded in a
-protocol database.
-
-These structs look like the ideal randomization candidates to the
-randstruct plugin (as they only carry function pointers), but of course,
-these protocols are contracts between the firmware that exposes them,
-and the EFI applications (including our stubbed kernel) that invoke
-them. This means that struct randomization for EFI protocols is not a
-great idea, and given that the stub shares very little data with the
-core kernel that is represented as a randomizable struct, we're better
-off just disabling it completely here.
-
-Cc: <stable@vger.kernel.org> # v4.14+
-Reported-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
-Tested-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Acked-by: Kees Cook <keescook@chromium.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- drivers/firmware/efi/libstub/Makefile | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
-index f3540d5dd276..34e4b31010bd 100644
---- a/drivers/firmware/efi/libstub/Makefile
-+++ b/drivers/firmware/efi/libstub/Makefile
-@@ -31,6 +31,13 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \
- $(call cc-option,-fno-addrsig) \
- -D__DISABLE_EXPORTS
-
-+#
-+# struct randomization only makes sense for Linux internal types, which the EFI
-+# stub code never touches, so let's turn off struct randomization for the stub
-+# altogether
-+#
-+KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS))
-+
- # remove SCS flags from all objects in this directory
- KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
-
---
-2.35.1
-
drm-meson-fix-osd1-rgb-to-ycbcr-coefficient.patch
parisc-ccio-dma-add-missing-iounmap-in-error-path-in.patch
efi-libstub-disable-shadow-call-stack.patch
-efi-libstub-disable-struct-randomization.patch
alsa-pcm-oss-fix-race-at-sndctl_dsp_sync.patch
task_stack-x86-cea-force-inline-stack-helpers.patch
tracing-hold-caller_addr-to-hardirq_-enable-disable-.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
