From 4871211bf4f105b8787fb941da38391d8524900a Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Mon, 19 Sep 2022 08:26:46 -0400
Subject: [PATCH] Fixes for 4.14

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...ebugfs-add-debugfs_lookup_and_remove.patch | 87 +++++++++++++++++++
 ...fi-libstub-disable-shadow-call-stack.patch | 39 +++++++++
 ...libstub-disable-struct-randomization.patch | 56 ++++++++++++
 queue-4.14/series                             |  3 +
 4 files changed, 185 insertions(+)
 create mode 100644 queue-4.14/debugfs-add-debugfs_lookup_and_remove.patch
 create mode 100644 queue-4.14/efi-libstub-disable-shadow-call-stack.patch
 create mode 100644 queue-4.14/efi-libstub-disable-struct-randomization.patch

diff --git a/queue-4.14/debugfs-add-debugfs_lookup_and_remove.patch b/queue-4.14/debugfs-add-debugfs_lookup_and_remove.patch
new file mode 100644
index 00000000000..367fd94ea09
--- /dev/null
+++ b/queue-4.14/debugfs-add-debugfs_lookup_and_remove.patch
@@ -0,0 +1,87 @@
+From 044233e644fd5568664b71907ba2ee48b4665e36 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 2 Sep 2022 16:59:15 +0200
+Subject: debugfs: add debugfs_lookup_and_remove()
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+[ Upstream commit dec9b2f1e0455a151a7293c367da22ab973f713e ]
+
+There is a very common pattern of using
+debugfs_remove(debufs_lookup(..)) which results in a dentry leak of the
+dentry that was looked up.  Instead of having to open-code the correct
+pattern of calling dput() on the dentry, create
+debugfs_lookup_and_remove() to handle this pattern automatically and
+properly without any memory leaks.
+
+Cc: stable <stable@kernel.org>
+Reported-by: Kuyo Chang <kuyo.chang@mediatek.com>
+Tested-by: Kuyo Chang <kuyo.chang@mediatek.com>
+Link: https://lore.kernel.org/r/YxIaQ8cSinDR881k@kroah.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/debugfs/inode.c      | 22 ++++++++++++++++++++++
+ include/linux/debugfs.h |  6 ++++++
+ 2 files changed, 28 insertions(+)
+
+diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
+index f4df6feec271..58175679eedd 100644
+--- a/fs/debugfs/inode.c
++++ b/fs/debugfs/inode.c
+@@ -745,6 +745,28 @@ void debugfs_remove_recursive(struct dentry *dentry)
+ }
+ EXPORT_SYMBOL_GPL(debugfs_remove_recursive);
+ 
++/**
++ * debugfs_lookup_and_remove - lookup a directory or file and recursively remove it
++ * @name: a pointer to a string containing the name of the item to look up.
++ * @parent: a pointer to the parent dentry of the item.
++ *
++ * This is the equlivant of doing something like
++ * debugfs_remove(debugfs_lookup(..)) but with the proper reference counting
++ * handled for the directory being looked up.
++ */
++void debugfs_lookup_and_remove(const char *name, struct dentry *parent)
++{
++	struct dentry *dentry;
++
++	dentry = debugfs_lookup(name, parent);
++	if (!dentry)
++		return;
++
++	debugfs_remove(dentry);
++	dput(dentry);
++}
++EXPORT_SYMBOL_GPL(debugfs_lookup_and_remove);
++
+ /**
+  * debugfs_rename - rename a file/directory in the debugfs filesystem
+  * @old_dir: a pointer to the parent dentry for the renamed object. This
+diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h
+index 755033acd2b0..497aac2c20d6 100644
+--- a/include/linux/debugfs.h
++++ b/include/linux/debugfs.h
+@@ -111,6 +111,8 @@ void debugfs_remove_recursive(struct dentry *dentry);
+ int debugfs_use_file_start(const struct dentry *dentry, int *srcu_idx)
+ 	__acquires(&debugfs_srcu);
+ 
++void debugfs_lookup_and_remove(const char *name, struct dentry *parent);
++
+ void debugfs_use_file_finish(int srcu_idx) __releases(&debugfs_srcu);
+ 
+ ssize_t debugfs_attr_read(struct file *file, char __user *buf,
+@@ -240,6 +242,10 @@ static inline void debugfs_remove(struct dentry *dentry)
+ static inline void debugfs_remove_recursive(struct dentry *dentry)
+ { }
+ 
++static inline void debugfs_lookup_and_remove(const char *name,
++					     struct dentry *parent)
++{ }
++
+ static inline int debugfs_use_file_start(const struct dentry *dentry,
+ 					int *srcu_idx)
+ 	__acquires(&debugfs_srcu)
+-- 
+2.35.1
+
diff --git a/queue-4.14/efi-libstub-disable-shadow-call-stack.patch b/queue-4.14/efi-libstub-disable-shadow-call-stack.patch
new file mode 100644
index 00000000000..62f98d55f26
--- /dev/null
+++ b/queue-4.14/efi-libstub-disable-shadow-call-stack.patch
@@ -0,0 +1,39 @@
+From 55705a151da312dbfb05b8e47e6a40f58f6f29ff Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 27 Apr 2020 09:00:18 -0700
+Subject: efi/libstub: Disable Shadow Call Stack
+
+From: Sami Tolvanen <samitolvanen@google.com>
+
+[ Upstream commit cc49c71d2abe99c1c2c9bedf0693ad2d3ee4a067 ]
+
+Shadow stacks are not available in the EFI stub, filter out SCS flags.
+
+Suggested-by: James Morse <james.morse@arm.com>
+Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Acked-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Stable-dep-of: 1a3887924a7e ("efi: libstub: Disable struct randomization")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/libstub/Makefile | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
+index 678bc910e080..54dbcec7e06f 100644
+--- a/drivers/firmware/efi/libstub/Makefile
++++ b/drivers/firmware/efi/libstub/Makefile
+@@ -23,6 +23,9 @@ KBUILD_CFLAGS			:= $(cflags-y) -DDISABLE_BRANCH_PROFILING \
+ 				   $(call cc-option,-ffreestanding) \
+ 				   $(call cc-option,-fno-stack-protector)
+ 
++# remove SCS flags from all objects in this directory
++KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
++
+ GCOV_PROFILE			:= n
+ KASAN_SANITIZE			:= n
+ UBSAN_SANITIZE			:= n
+-- 
+2.35.1
+
diff --git a/queue-4.14/efi-libstub-disable-struct-randomization.patch b/queue-4.14/efi-libstub-disable-struct-randomization.patch
new file mode 100644
index 00000000000..cde40a74dbd
--- /dev/null
+++ b/queue-4.14/efi-libstub-disable-struct-randomization.patch
@@ -0,0 +1,56 @@
+From 2d977350ae0a9d976238451123e8d48e6ec55fcf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 22 Aug 2022 19:20:33 +0200
+Subject: efi: libstub: Disable struct randomization
+
+From: Ard Biesheuvel <ardb@kernel.org>
+
+[ Upstream commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e ]
+
+The EFI stub is a wrapper around the core kernel that makes it look like
+a EFI compatible PE/COFF application to the EFI firmware. EFI
+applications run on top of the EFI runtime, which is heavily based on
+so-called protocols, which are struct types consisting [mostly] of
+function pointer members that are instantiated and recorded in a
+protocol database.
+
+These structs look like the ideal randomization candidates to the
+randstruct plugin (as they only carry function pointers), but of course,
+these protocols are contracts between the firmware that exposes them,
+and the EFI applications (including our stubbed kernel) that invoke
+them. This means that struct randomization for EFI protocols is not a
+great idea, and given that the stub shares very little data with the
+core kernel that is represented as a randomizable struct, we're better
+off just disabling it completely here.
+
+Cc: <stable@vger.kernel.org> # v4.14+
+Reported-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
+Tested-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Acked-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/libstub/Makefile | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
+index 54dbcec7e06f..7dc2d093962e 100644
+--- a/drivers/firmware/efi/libstub/Makefile
++++ b/drivers/firmware/efi/libstub/Makefile
+@@ -23,6 +23,13 @@ KBUILD_CFLAGS			:= $(cflags-y) -DDISABLE_BRANCH_PROFILING \
+ 				   $(call cc-option,-ffreestanding) \
+ 				   $(call cc-option,-fno-stack-protector)
+ 
++#
++# struct randomization only makes sense for Linux internal types, which the EFI
++# stub code never touches, so let's turn off struct randomization for the stub
++# altogether
++#
++KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS))
++
+ # remove SCS flags from all objects in this directory
+ KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
+ 
+-- 
+2.35.1
+
diff --git a/queue-4.14/series b/queue-4.14/series
index f997f534adc..5f06fb80e1c 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -9,3 +9,6 @@ of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
 gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch
 drm-meson-correct-osd1-global-alpha-value.patch
 parisc-ccio-dma-add-missing-iounmap-in-error-path-in.patch
+efi-libstub-disable-shadow-call-stack.patch
+efi-libstub-disable-struct-randomization.patch
+debugfs-add-debugfs_lookup_and_remove.patch
-- 
2.47.3