--- /dev/null
+From d32de9130f6c79533508e2c7879f18997bfbe2a0 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Sat, 26 Sep 2020 10:52:42 +0200
+Subject: efi/arm64: libstub: Deal gracefully with EFI_RNG_PROTOCOL failure
+
+From: Ard Biesheuvel <ardb@kernel.org>
+
+commit d32de9130f6c79533508e2c7879f18997bfbe2a0 upstream.
+
+Currently, on arm64, we abort on any failure from efi_get_random_bytes()
+other than EFI_NOT_FOUND when it comes to setting the physical seed for
+KASLR, but ignore such failures when obtaining the seed for virtual
+KASLR or for early seeding of the kernel's entropy pool via the config
+table. This is inconsistent, and may lead to unexpected boot failures.
+
+So let's permit any failure for the physical seed, and simply report
+the error code if it does not equal EFI_NOT_FOUND.
+
+Cc: <stable@vger.kernel.org> # v5.8+
+Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/efi/libstub/arm64-stub.c | 8 +++++---
+ drivers/firmware/efi/libstub/fdt.c | 4 +---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/firmware/efi/libstub/arm64-stub.c
++++ b/drivers/firmware/efi/libstub/arm64-stub.c
+@@ -62,10 +62,12 @@ efi_status_t handle_kernel_image(unsigne
+ status = efi_get_random_bytes(sizeof(phys_seed),
+ (u8 *)&phys_seed);
+ if (status == EFI_NOT_FOUND) {
+- efi_info("EFI_RNG_PROTOCOL unavailable, no randomness supplied\n");
++ efi_info("EFI_RNG_PROTOCOL unavailable, KASLR will be disabled\n");
++ efi_nokaslr = true;
+ } else if (status != EFI_SUCCESS) {
+- efi_err("efi_get_random_bytes() failed\n");
+- return status;
++ efi_err("efi_get_random_bytes() failed (0x%lx), KASLR will be disabled\n",
++ status);
++ efi_nokaslr = true;
+ }
+ } else {
+ efi_info("KASLR disabled on kernel command line\n");
+--- a/drivers/firmware/efi/libstub/fdt.c
++++ b/drivers/firmware/efi/libstub/fdt.c
+@@ -136,7 +136,7 @@ static efi_status_t update_fdt(void *ori
+ if (status)
+ goto fdt_set_fail;
+
+- if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
++ if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && !efi_nokaslr) {
+ efi_status_t efi_status;
+
+ efi_status = efi_get_random_bytes(sizeof(fdt_val64),
+@@ -145,8 +145,6 @@ static efi_status_t update_fdt(void *ori
+ status = fdt_setprop_var(fdt, node, "kaslr-seed", fdt_val64);
+ if (status)
+ goto fdt_set_fail;
+- } else if (efi_status != EFI_NOT_FOUND) {
+- return efi_status;
+ }
+ }
+
--- /dev/null
+From 06e67b849ab910a49a629445f43edb074153d0eb Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 2 Oct 2020 10:38:14 -0700
+Subject: fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 06e67b849ab910a49a629445f43edb074153d0eb upstream.
+
+The "FIRMWARE_EFI_EMBEDDED" enum is a "where", not a "what". It
+should not be distinguished separately from just "FIRMWARE", as this
+confuses the LSMs about what is being loaded. Additionally, there was
+no actual validation of the firmware contents happening.
+
+Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()")
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Acked-by: Scott Branden <scott.branden@broadcom.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20201002173828.2099543-3-keescook@chromium.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+diff --git a/drivers/base/firmware_loader/fallback_platform.c b/drivers/base/firmware_loader/fallback_platform.c
+index 685edb7dd05a..6958ab1a8059 100644
+--- a/drivers/base/firmware_loader/fallback_platform.c
++++ b/drivers/base/firmware_loader/fallback_platform.c
+@@ -17,7 +17,7 @@ int firmware_fallback_platform(struct fw_priv *fw_priv, u32 opt_flags)
+ if (!(opt_flags & FW_OPT_FALLBACK_PLATFORM))
+ return -ENOENT;
+
+- rc = security_kernel_load_data(LOADING_FIRMWARE_EFI_EMBEDDED);
++ rc = security_kernel_load_data(LOADING_FIRMWARE);
+ if (rc)
+ return rc;
+
+diff --git a/include/linux/fs.h b/include/linux/fs.h
+index 7336e22d0c5d..3fb7af12d033 100644
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -2858,11 +2858,10 @@ static inline void i_readcount_inc(struct inode *inode)
+ #endif
+ extern int do_pipe_flags(int *, int);
+
+-/* This is a list of *what* is being read, not *how*. */
++/* This is a list of *what* is being read, not *how* nor *where*. */
+ #define __kernel_read_file_id(id) \
+ id(UNKNOWN, unknown) \
+ id(FIRMWARE, firmware) \
+- id(FIRMWARE_EFI_EMBEDDED, firmware) \
+ id(MODULE, kernel-module) \
+ id(KEXEC_IMAGE, kexec-image) \
+ id(KEXEC_INITRAMFS, kexec-initramfs) \
--- /dev/null
+From 548b8b5168c90c42e88f70fcf041b4ce0b8e7aa8 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Date: Thu, 17 Sep 2020 08:56:11 +0200
+Subject: scripts/setlocalversion: make git describe output more reliable
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+commit 548b8b5168c90c42e88f70fcf041b4ce0b8e7aa8 upstream.
+
+When building for an embedded target using Yocto, we're sometimes
+observing that the version string that gets built into vmlinux (and
+thus what uname -a reports) differs from the path under /lib/modules/
+where modules get installed in the rootfs, but only in the length of
+the -gabc123def suffix. Hence modprobe always fails.
+
+The problem is that Yocto has the concept of "sstate" (shared state),
+which allows different developers/buildbots/etc. to share build
+artifacts, based on a hash of all the metadata that went into building
+that artifact - and that metadata includes all dependencies (e.g. the
+compiler used etc.). That normally works quite well; usually a clean
+build (without using any sstate cache) done by one developer ends up
+being binary identical to a build done on another host. However, one
+thing that can cause two developers to end up with different builds
+[and thus make one's vmlinux package incompatible with the other's
+kernel-dev package], which is not captured by the metadata hashing, is
+this `git describe`: The output of that can be affected by
+
+(1) git version: before 2.11 git defaulted to a minimum of 7, since
+2.11 (git.git commit e6c587) the default is dynamic based on the
+number of objects in the repo
+(2) hence even if both run the same git version, the output can differ
+based on how many remotes are being tracked (or just lots of local
+development branches or plain old garbage)
+(3) and of course somebody could have a core.abbrev config setting in
+~/.gitconfig
+
+So in order to avoid `uname -a` output relying on such random details
+of the build environment which are rather hard to ensure are
+consistent between developers and buildbots, make sure the abbreviated
+sha1 always consists of exactly 12 hex characters. That is consistent
+with the current rule for -stable patches, and is almost always enough
+to identify the head commit unambigously - in the few cases where it
+does not, the v5.4.3-00021- prefix would certainly nail it down.
+
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/setlocalversion | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+--- a/scripts/setlocalversion
++++ b/scripts/setlocalversion
+@@ -45,7 +45,7 @@ scm_version()
+
+ # Check for git and a git repo.
+ if test -z "$(git rev-parse --show-cdup 2>/dev/null)" &&
+- head=$(git rev-parse --verify --short HEAD 2>/dev/null); then
++ head=$(git rev-parse --verify HEAD 2>/dev/null); then
+
+ # If we are at a tagged commit (like "v2.6.30-rc6"), we ignore
+ # it, because this version is defined in the top level Makefile.
+@@ -59,11 +59,22 @@ scm_version()
+ fi
+ # If we are past a tagged commit (like
+ # "v2.6.30-rc5-302-g72357d5"), we pretty print it.
+- if atag="$(git describe 2>/dev/null)"; then
+- echo "$atag" | awk -F- '{printf("-%05d-%s", $(NF-1),$(NF))}'
++ #
++ # Ensure the abbreviated sha1 has exactly 12
++ # hex characters, to make the output
++ # independent of git version, local
++ # core.abbrev settings and/or total number of
++ # objects in the current repository - passing
++ # --abbrev=12 ensures a minimum of 12, and the
++ # awk substr() then picks the 'g' and first 12
++ # hex chars.
++ if atag="$(git describe --abbrev=12 2>/dev/null)"; then
++ echo "$atag" | awk -F- '{printf("-%05d-%s", $(NF-1),substr($(NF),0,13))}'
+
+- # If we don't have a tag at all we print -g{commitish}.
++ # If we don't have a tag at all we print -g{commitish},
++ # again using exactly 12 hex chars.
+ else
++ head="$(echo $head | cut -c1-12)"
+ printf '%s%s' -g $head
+ fi
+ fi
io_uring-fix-use-of-xarray-in-__io_uring_files_cancel.patch
io_uring-fix-xarray-usage-in-io_uring_add_task_file.patch
io_uring-convert-advanced-xarray-uses-to-the-normal-api.patch
+scripts-setlocalversion-make-git-describe-output-more-reliable.patch
+efi-arm64-libstub-deal-gracefully-with-efi_rng_protocol-failure.patch
+fs-kernel_read_file-remove-firmware_efi_embedded-enum.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
