kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
net_sched-cls_route-remove-from-list-when-handle-is-0.patch
btrfs-reject-log-replay-if-there-is-unsupported-ro-compat-flag.patch
tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
+++ /dev/null
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- return NULL;
- }
-
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
-- return verify_pefile_signature(kernel, kernel_len, NULL,
-- VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- .probe = image_probe,
- .load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-- .verify_sig = image_verify_sig,
-+ .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
dm-raid-fix-address-sanitizer-warning-in-raid_resume.patch
dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
kvm-add-infrastructure-and-macro-to-mark-vm-as-bugged.patch
kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
revert-mwifiex-fix-sleep-in-atomic-context-bugs-caused-by-dev_coredumpv.patch
drm-bridge-tc358767-fix-e-dp-bridge-endpoint-parsing-in-dedicated-function.patch
drm-vc4-change-vc4_dma_range_matches-from-a-global-to-static.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
+++ /dev/null
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- return NULL;
- }
-
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
-- return verify_pefile_signature(kernel, kernel_len, NULL,
-- VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- .probe = image_probe,
- .load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-- .verify_sig = image_verify_sig,
-+ .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
powerpc-fix-eh-field-when-calling-lwarx-on-ppc32.patch
tracing-use-a-struct-alignof-to-determine-trace-event-field-alignment.patch
net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
mac80211-fix-a-memory-leak-where-sta_info-is-not-freed.patch
tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
crypto-lib-blake2s-reduce-stack-frame-usage-in-self-test.patch
tracing-perf-avoid-warray-bounds-warning-for-__rel_loc-macro.patch
drm-msm-fix-dirtyfb-refcounting.patch
drm-meson-fix-refcount-leak-in-meson_encoder_hdmi_init.patch
+io_uring-mem-account-pbuf-buckets.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
+++ /dev/null
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- return NULL;
- }
-
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
-- return verify_pefile_signature(kernel, kernel_len, NULL,
-- VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- .probe = image_probe,
- .load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-- .verify_sig = image_verify_sig,
-+ .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
btrfs-join-running-log-transaction-when-logging-new-name.patch
btrfs-convert-count_max_extents-to-use-fs_info-max_extent_size.patch
net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
crypto-lib-blake2s-reduce-stack-frame-usage-in-self-test.patch
raw-remove-unused-variables-from-raw6_icmp_error.patch
f2fs-revive-f2fs_ioc_abort_volatile_write.patch
drm-vc4-change-vc4_dma_range_matches-from-a-global-to-static.patch
f2fs-fix-null-ptr-deref-in-f2fs_get_dnode_of_data.patch
+io_uring-mem-account-pbuf-buckets.patch
+++ /dev/null
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- return NULL;
- }
-
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
-- return verify_pefile_signature(kernel, kernel_len, NULL,
-- VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- .probe = image_probe,
- .load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-- .verify_sig = image_verify_sig,
-+ .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
powerpc-fix-eh-field-when-calling-lwarx-on-ppc32.patch
powerpc64-ftrace-fix-ftrace-for-clang-builds.patch
net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
revert-drm-bridge-anx7625-use-dpi-bus-type.patch
tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
crypto-lib-blake2s-reduce-stack-frame-usage-in-self-test.patch
net-dsa-felix-fix-min-gate-len-calculation-for-tc-when-its-first-gate-is-closed.patch
revert-s390-smp-enforce-lowcore-protection-on-cpu-restart.patch
powerpc-kexec-fix-build-failure-from-uninitialised-variable.patch
+io_uring-mem-account-pbuf-buckets.patch
+++ /dev/null
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -113,18 +112,10 @@ static void *image_load(struct kimage *i
- return ERR_PTR(ret);
- }
-
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
-- return verify_pefile_signature(kernel, kernel_len, NULL,
-- VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- .probe = image_probe,
- .load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-- .verify_sig = image_verify_sig,
-+ .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
firmware-arm_scpi-ensure-scpi_info-is-not-assigned-if-the-probe-fails.patch
iommu-vt-d-avoid-invalid-memory-access-via-node_online-numa_no_node.patch
net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
btrfs-reject-log-replay-if-there-is-unsupported-ro-compat-flag.patch
kvm-add-infrastructure-and-macro-to-mark-vm-as-bugged.patch
kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
