From 2669169db8888b83b1220e6700e86e6b28a0b155 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 26 Sep 2022 17:53:17 +0200 Subject: [PATCH] drop efi-libstub-disable-struct-randomization.patch from 4.14 4.19 and 5.4 --- ...libstub-disable-struct-randomization.patch | 56 ------------------- queue-4.14/series | 1 - ...libstub-disable-struct-randomization.patch | 56 ------------------- queue-4.19/series | 1 - ...libstub-disable-struct-randomization.patch | 56 ------------------- queue-5.4/series | 1 - 6 files changed, 171 deletions(-) delete mode 100644 queue-4.14/efi-libstub-disable-struct-randomization.patch delete mode 100644 queue-4.19/efi-libstub-disable-struct-randomization.patch delete mode 100644 queue-5.4/efi-libstub-disable-struct-randomization.patch diff --git a/queue-4.14/efi-libstub-disable-struct-randomization.patch b/queue-4.14/efi-libstub-disable-struct-randomization.patch deleted file mode 100644 index cde40a74dbd..00000000000 --- a/queue-4.14/efi-libstub-disable-struct-randomization.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 2d977350ae0a9d976238451123e8d48e6ec55fcf Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 22 Aug 2022 19:20:33 +0200 -Subject: efi: libstub: Disable struct randomization - -From: Ard Biesheuvel - -[ Upstream commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e ] - -The EFI stub is a wrapper around the core kernel that makes it look like -a EFI compatible PE/COFF application to the EFI firmware. EFI -applications run on top of the EFI runtime, which is heavily based on -so-called protocols, which are struct types consisting [mostly] of -function pointer members that are instantiated and recorded in a -protocol database. - -These structs look like the ideal randomization candidates to the -randstruct plugin (as they only carry function pointers), but of course, -these protocols are contracts between the firmware that exposes them, -and the EFI applications (including our stubbed kernel) that invoke -them. This means that struct randomization for EFI protocols is not a -great idea, and given that the stub shares very little data with the -core kernel that is represented as a randomizable struct, we're better -off just disabling it completely here. - -Cc: # v4.14+ -Reported-by: Daniel Marth -Tested-by: Daniel Marth -Signed-off-by: Ard Biesheuvel -Acked-by: Kees Cook -Signed-off-by: Sasha Levin ---- - drivers/firmware/efi/libstub/Makefile | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile -index 54dbcec7e06f..7dc2d093962e 100644 ---- a/drivers/firmware/efi/libstub/Makefile -+++ b/drivers/firmware/efi/libstub/Makefile -@@ -23,6 +23,13 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ - $(call cc-option,-ffreestanding) \ - $(call cc-option,-fno-stack-protector) - -+# -+# struct randomization only makes sense for Linux internal types, which the EFI -+# stub code never touches, so let's turn off struct randomization for the stub -+# altogether -+# -+KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS)) -+ - # remove SCS flags from all objects in this directory - KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) - --- -2.35.1 - diff --git a/queue-4.14/series b/queue-4.14/series index 0bf818946d6..1ea88a28022 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -3,7 +3,6 @@ gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch drm-meson-correct-osd1-global-alpha-value.patch parisc-ccio-dma-add-missing-iounmap-in-error-path-in.patch efi-libstub-disable-shadow-call-stack.patch -efi-libstub-disable-struct-randomization.patch cifs-don-t-send-down-the-destination-address-to-sendmsg-for-a-sock_stream.patch asoc-nau8824-fix-semaphore-unbalance-at-error-paths.patch regulator-pfuze100-fix-the-global-out-of-bounds-acce.patch diff --git a/queue-4.19/efi-libstub-disable-struct-randomization.patch b/queue-4.19/efi-libstub-disable-struct-randomization.patch deleted file mode 100644 index 1b618a27378..00000000000 --- a/queue-4.19/efi-libstub-disable-struct-randomization.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 647b9e3ae48fd6671991e42990051a828b138273 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 22 Aug 2022 19:20:33 +0200 -Subject: efi: libstub: Disable struct randomization - -From: Ard Biesheuvel - -[ Upstream commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e ] - -The EFI stub is a wrapper around the core kernel that makes it look like -a EFI compatible PE/COFF application to the EFI firmware. EFI -applications run on top of the EFI runtime, which is heavily based on -so-called protocols, which are struct types consisting [mostly] of -function pointer members that are instantiated and recorded in a -protocol database. - -These structs look like the ideal randomization candidates to the -randstruct plugin (as they only carry function pointers), but of course, -these protocols are contracts between the firmware that exposes them, -and the EFI applications (including our stubbed kernel) that invoke -them. This means that struct randomization for EFI protocols is not a -great idea, and given that the stub shares very little data with the -core kernel that is represented as a randomizable struct, we're better -off just disabling it completely here. - -Cc: # v4.14+ -Reported-by: Daniel Marth -Tested-by: Daniel Marth -Signed-off-by: Ard Biesheuvel -Acked-by: Kees Cook -Signed-off-by: Sasha Levin ---- - drivers/firmware/efi/libstub/Makefile | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile -index e0cff3b942ac..7fad5d90898b 100644 ---- a/drivers/firmware/efi/libstub/Makefile -+++ b/drivers/firmware/efi/libstub/Makefile -@@ -31,6 +31,13 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ - $(call cc-option,-fno-addrsig) \ - -D__DISABLE_EXPORTS - -+# -+# struct randomization only makes sense for Linux internal types, which the EFI -+# stub code never touches, so let's turn off struct randomization for the stub -+# altogether -+# -+KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS)) -+ - # remove SCS flags from all objects in this directory - KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) - --- -2.35.1 - diff --git a/queue-4.19/series b/queue-4.19/series index b65b05fcfeb..7046702f820 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -3,7 +3,6 @@ gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch drm-meson-correct-osd1-global-alpha-value.patch parisc-ccio-dma-add-missing-iounmap-in-error-path-in.patch efi-libstub-disable-shadow-call-stack.patch -efi-libstub-disable-struct-randomization.patch nvmet-fix-a-use-after-free.patch mvpp2-no-need-to-check-return-value-of-debugfs_creat.patch cifs-don-t-send-down-the-destination-address-to-sendmsg-for-a-sock_stream.patch diff --git a/queue-5.4/efi-libstub-disable-struct-randomization.patch b/queue-5.4/efi-libstub-disable-struct-randomization.patch deleted file mode 100644 index 6242b944088..00000000000 --- a/queue-5.4/efi-libstub-disable-struct-randomization.patch +++ /dev/null @@ -1,56 +0,0 @@ -From e519094ca4cd30a02d34ad5d4c3f518c6fb18092 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 22 Aug 2022 19:20:33 +0200 -Subject: efi: libstub: Disable struct randomization - -From: Ard Biesheuvel - -[ Upstream commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e ] - -The EFI stub is a wrapper around the core kernel that makes it look like -a EFI compatible PE/COFF application to the EFI firmware. EFI -applications run on top of the EFI runtime, which is heavily based on -so-called protocols, which are struct types consisting [mostly] of -function pointer members that are instantiated and recorded in a -protocol database. - -These structs look like the ideal randomization candidates to the -randstruct plugin (as they only carry function pointers), but of course, -these protocols are contracts between the firmware that exposes them, -and the EFI applications (including our stubbed kernel) that invoke -them. This means that struct randomization for EFI protocols is not a -great idea, and given that the stub shares very little data with the -core kernel that is represented as a randomizable struct, we're better -off just disabling it completely here. - -Cc: # v4.14+ -Reported-by: Daniel Marth -Tested-by: Daniel Marth -Signed-off-by: Ard Biesheuvel -Acked-by: Kees Cook -Signed-off-by: Sasha Levin ---- - drivers/firmware/efi/libstub/Makefile | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile -index f3540d5dd276..34e4b31010bd 100644 ---- a/drivers/firmware/efi/libstub/Makefile -+++ b/drivers/firmware/efi/libstub/Makefile -@@ -31,6 +31,13 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ - $(call cc-option,-fno-addrsig) \ - -D__DISABLE_EXPORTS - -+# -+# struct randomization only makes sense for Linux internal types, which the EFI -+# stub code never touches, so let's turn off struct randomization for the stub -+# altogether -+# -+KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS)) -+ - # remove SCS flags from all objects in this directory - KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) - --- -2.35.1 - diff --git a/queue-5.4/series b/queue-5.4/series index 3c12d93e941..35ca7f31afe 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -5,7 +5,6 @@ drm-meson-correct-osd1-global-alpha-value.patch drm-meson-fix-osd1-rgb-to-ycbcr-coefficient.patch parisc-ccio-dma-add-missing-iounmap-in-error-path-in.patch efi-libstub-disable-shadow-call-stack.patch -efi-libstub-disable-struct-randomization.patch alsa-pcm-oss-fix-race-at-sndctl_dsp_sync.patch task_stack-x86-cea-force-inline-stack-helpers.patch tracing-hold-caller_addr-to-hardirq_-enable-disable-.patch -- 2.47.3