+++ /dev/null
-From 71330842ff93ae67a066c1fa68d75672527312fa Mon Sep 17 00:00:00 2001
-From: Daniel Borkmann <daniel@iogearbox.net>
-Date: Mon, 9 Aug 2021 21:45:32 +0200
-Subject: bpf: Add _kernel suffix to internal lockdown_bpf_read
-
-From: Daniel Borkmann <daniel@iogearbox.net>
-
-commit 71330842ff93ae67a066c1fa68d75672527312fa upstream.
-
-Rename LOCKDOWN_BPF_READ into LOCKDOWN_BPF_READ_KERNEL so we have naming
-more consistent with a LOCKDOWN_BPF_WRITE_USER option that we are adding.
-
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Acked-by: Andrii Nakryiko <andrii@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- include/linux/security.h | 2 +-
- kernel/bpf/helpers.c | 4 ++--
- kernel/trace/bpf_trace.c | 8 ++++----
- security/security.c | 2 +-
- 4 files changed, 8 insertions(+), 8 deletions(-)
-
---- a/include/linux/security.h
-+++ b/include/linux/security.h
-@@ -123,7 +123,7 @@ enum lockdown_reason {
- LOCKDOWN_INTEGRITY_MAX,
- LOCKDOWN_KCORE,
- LOCKDOWN_KPROBES,
-- LOCKDOWN_BPF_READ,
-+ LOCKDOWN_BPF_READ_KERNEL,
- LOCKDOWN_PERF,
- LOCKDOWN_TRACEFS,
- LOCKDOWN_XMON_RW,
---- a/kernel/bpf/helpers.c
-+++ b/kernel/bpf/helpers.c
-@@ -729,12 +729,12 @@ bpf_base_func_proto(enum bpf_func_id fun
- case BPF_FUNC_probe_read_user:
- return &bpf_probe_read_user_proto;
- case BPF_FUNC_probe_read_kernel:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_proto;
- case BPF_FUNC_probe_read_user_str:
- return &bpf_probe_read_user_str_proto;
- case BPF_FUNC_probe_read_kernel_str:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_str_proto;
- case BPF_FUNC_snprintf_btf:
- return &bpf_snprintf_btf_proto;
---- a/kernel/trace/bpf_trace.c
-+++ b/kernel/trace/bpf_trace.c
-@@ -1281,19 +1281,19 @@ bpf_tracing_func_proto(enum bpf_func_id
- case BPF_FUNC_probe_read_user:
- return &bpf_probe_read_user_proto;
- case BPF_FUNC_probe_read_kernel:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_proto;
- case BPF_FUNC_probe_read_user_str:
- return &bpf_probe_read_user_str_proto;
- case BPF_FUNC_probe_read_kernel_str:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_str_proto;
- #ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
- case BPF_FUNC_probe_read:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_compat_proto;
- case BPF_FUNC_probe_read_str:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_compat_str_proto;
- #endif
- #ifdef CONFIG_CGROUPS
---- a/security/security.c
-+++ b/security/security.c
-@@ -61,7 +61,7 @@ const char *const lockdown_reasons[LOCKD
- [LOCKDOWN_INTEGRITY_MAX] = "integrity",
- [LOCKDOWN_KCORE] = "/proc/kcore access",
- [LOCKDOWN_KPROBES] = "use of kprobes",
-- [LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM",
-+ [LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM",
- [LOCKDOWN_PERF] = "unsafe use of perf",
- [LOCKDOWN_TRACEFS] = "use of tracefs",
- [LOCKDOWN_XMON_RW] = "xmon read and write access",
kvm-svm-fix-off-by-one-indexing-when-nullifying-last.patch
tee-correct-inappropriate-usage-of-tee_shm_dma_buf-f.patch
firmware-tee_bnxt-release-tee-shm-session-and-contex.patch
-bpf-add-_kernel-suffix-to-internal-lockdown_bpf_read.patch
bpf-add-lockdown-check-for-probe_write_user-helper.patch
revert-selftests-resctrl-use-resctrl-info-for-feature-detection.patch
mm-make-zone_to_nid-and-zone_set_nid-available-for-discontigmem.patch
+++ /dev/null
-From 71330842ff93ae67a066c1fa68d75672527312fa Mon Sep 17 00:00:00 2001
-From: Daniel Borkmann <daniel@iogearbox.net>
-Date: Mon, 9 Aug 2021 21:45:32 +0200
-Subject: bpf: Add _kernel suffix to internal lockdown_bpf_read
-
-From: Daniel Borkmann <daniel@iogearbox.net>
-
-commit 71330842ff93ae67a066c1fa68d75672527312fa upstream.
-
-Rename LOCKDOWN_BPF_READ into LOCKDOWN_BPF_READ_KERNEL so we have naming
-more consistent with a LOCKDOWN_BPF_WRITE_USER option that we are adding.
-
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Acked-by: Andrii Nakryiko <andrii@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- include/linux/security.h | 2 +-
- kernel/bpf/helpers.c | 4 ++--
- kernel/trace/bpf_trace.c | 8 ++++----
- security/security.c | 2 +-
- 4 files changed, 8 insertions(+), 8 deletions(-)
-
---- a/include/linux/security.h
-+++ b/include/linux/security.h
-@@ -123,7 +123,7 @@ enum lockdown_reason {
- LOCKDOWN_INTEGRITY_MAX,
- LOCKDOWN_KCORE,
- LOCKDOWN_KPROBES,
-- LOCKDOWN_BPF_READ,
-+ LOCKDOWN_BPF_READ_KERNEL,
- LOCKDOWN_PERF,
- LOCKDOWN_TRACEFS,
- LOCKDOWN_XMON_RW,
---- a/kernel/bpf/helpers.c
-+++ b/kernel/bpf/helpers.c
-@@ -1070,12 +1070,12 @@ bpf_base_func_proto(enum bpf_func_id fun
- case BPF_FUNC_probe_read_user:
- return &bpf_probe_read_user_proto;
- case BPF_FUNC_probe_read_kernel:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_proto;
- case BPF_FUNC_probe_read_user_str:
- return &bpf_probe_read_user_str_proto;
- case BPF_FUNC_probe_read_kernel_str:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_str_proto;
- case BPF_FUNC_snprintf_btf:
- return &bpf_snprintf_btf_proto;
---- a/kernel/trace/bpf_trace.c
-+++ b/kernel/trace/bpf_trace.c
-@@ -999,19 +999,19 @@ bpf_tracing_func_proto(enum bpf_func_id
- case BPF_FUNC_probe_read_user:
- return &bpf_probe_read_user_proto;
- case BPF_FUNC_probe_read_kernel:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_proto;
- case BPF_FUNC_probe_read_user_str:
- return &bpf_probe_read_user_str_proto;
- case BPF_FUNC_probe_read_kernel_str:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_kernel_str_proto;
- #ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
- case BPF_FUNC_probe_read:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_compat_proto;
- case BPF_FUNC_probe_read_str:
-- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?
-+ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
- NULL : &bpf_probe_read_compat_str_proto;
- #endif
- #ifdef CONFIG_CGROUPS
---- a/security/security.c
-+++ b/security/security.c
-@@ -61,7 +61,7 @@ const char *const lockdown_reasons[LOCKD
- [LOCKDOWN_INTEGRITY_MAX] = "integrity",
- [LOCKDOWN_KCORE] = "/proc/kcore access",
- [LOCKDOWN_KPROBES] = "use of kprobes",
-- [LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM",
-+ [LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM",
- [LOCKDOWN_PERF] = "unsafe use of perf",
- [LOCKDOWN_TRACEFS] = "use of tracefs",
- [LOCKDOWN_XMON_RW] = "xmon read and write access",
firmware-tee_bnxt-release-tee-shm-session-and-contex.patch
-bpf-add-_kernel-suffix-to-internal-lockdown_bpf_read.patch
bpf-add-lockdown-check-for-probe_write_user-helper.patch
alsa-pcm-fix-mmap-breakage-without-explicit-buffer-setup.patch
alsa-hda-realtek-fix-mute-micmute-leds-for-hp-probook-650-g8-notebook-pc.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
