From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 15 Aug 2022 15:32:42 +0000 (+0200)
Subject: drop arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch... 
X-Git-Tag: v5.15.61~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1e57af1e5127ee9382ee4641e0cefe8e1c802534;p=thirdparty%2Fkernel%2Fstable-queue.git

drop arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch from everywhere
---

diff --git a/queue-4.14/series b/queue-4.14/series
index cfb59049f5d..0bf2e388760 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -170,3 +170,5 @@ kvm-add-infrastructure-and-macro-to-mark-vm-as-bugged.patch
 kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
 kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
 tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
diff --git a/queue-4.19/series b/queue-4.19/series
index cafffd6726b..ac0d89ebc44 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -209,3 +209,5 @@ kvm-add-infrastructure-and-macro-to-mark-vm-as-bugged.patch
 kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
 kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
 tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
diff --git a/queue-4.9/series b/queue-4.9/series
index acc4354fce6..5182e7477f3 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -58,3 +58,5 @@ dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
 net_sched-cls_route-remove-from-list-when-handle-is-0.patch
 btrfs-reject-log-replay-if-there-is-unsupported-ro-compat-flag.patch
 tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
diff --git a/queue-5.10/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch b/queue-5.10/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
deleted file mode 100644
index 11042431c12..00000000000
--- a/queue-5.10/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image  would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c |   11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- 	return NULL;
- }
- 
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
--	return verify_pefile_signature(kernel, kernel_len, NULL,
--				       VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- 	.probe = image_probe,
- 	.load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--	.verify_sig = image_verify_sig,
-+	.verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
diff --git a/queue-5.10/series b/queue-5.10/series
index 311c0f4516c..c122e4cb5c3 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -533,7 +533,6 @@ ext4-correct-the-misjudgment-in-ext4_iget_extra_inode.patch
 dm-raid-fix-address-sanitizer-warning-in-raid_resume.patch
 dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
 net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
 kvm-add-infrastructure-and-macro-to-mark-vm-as-bugged.patch
 kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
 kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
@@ -542,3 +541,4 @@ tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
 revert-mwifiex-fix-sleep-in-atomic-context-bugs-caused-by-dev_coredumpv.patch
 drm-bridge-tc358767-fix-e-dp-bridge-endpoint-parsing-in-dedicated-function.patch
 drm-vc4-change-vc4_dma_range_matches-from-a-global-to-static.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
diff --git a/queue-5.15/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch b/queue-5.15/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
deleted file mode 100644
index 11042431c12..00000000000
--- a/queue-5.15/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image  would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c |   11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- 	return NULL;
- }
- 
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
--	return verify_pefile_signature(kernel, kernel_len, NULL,
--				       VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- 	.probe = image_probe,
- 	.load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--	.verify_sig = image_verify_sig,
-+	.verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
diff --git a/queue-5.15/series b/queue-5.15/series
index 88d3a1001f3..d24f8dc77fa 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -760,7 +760,6 @@ xen-blkfront-apply-feature_persistent-parameter-when-connect.patch
 powerpc-fix-eh-field-when-calling-lwarx-on-ppc32.patch
 tracing-use-a-struct-alignof-to-determine-trace-event-field-alignment.patch
 net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
 mac80211-fix-a-memory-leak-where-sta_info-is-not-freed.patch
 tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
 crypto-lib-blake2s-reduce-stack-frame-usage-in-self-test.patch
@@ -772,3 +771,5 @@ drm-vc4-change-vc4_dma_range_matches-from-a-global-to-static.patch
 tracing-perf-avoid-warray-bounds-warning-for-__rel_loc-macro.patch
 drm-msm-fix-dirtyfb-refcounting.patch
 drm-meson-fix-refcount-leak-in-meson_encoder_hdmi_init.patch
+io_uring-mem-account-pbuf-buckets.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch
diff --git a/queue-5.18/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch b/queue-5.18/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
deleted file mode 100644
index 11042431c12..00000000000
--- a/queue-5.18/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image  would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c |   11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- 	return NULL;
- }
- 
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
--	return verify_pefile_signature(kernel, kernel_len, NULL,
--				       VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- 	.probe = image_probe,
- 	.load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--	.verify_sig = image_verify_sig,
-+	.verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
diff --git a/queue-5.18/series b/queue-5.18/series
index e359f221d8d..52142e88bc0 100644
--- a/queue-5.18/series
+++ b/queue-5.18/series
@@ -1075,7 +1075,6 @@ powerpc-fix-eh-field-when-calling-lwarx-on-ppc32.patch
 btrfs-join-running-log-transaction-when-logging-new-name.patch
 btrfs-convert-count_max_extents-to-use-fs_info-max_extent_size.patch
 net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
 tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
 crypto-lib-blake2s-reduce-stack-frame-usage-in-self-test.patch
 raw-remove-unused-variables-from-raw6_icmp_error.patch
@@ -1093,3 +1092,4 @@ net-phy-smsc-disable-energy-detect-power-down-in-interrupt-mode.patch
 f2fs-revive-f2fs_ioc_abort_volatile_write.patch
 drm-vc4-change-vc4_dma_range_matches-from-a-global-to-static.patch
 f2fs-fix-null-ptr-deref-in-f2fs_get_dnode_of_data.patch
+io_uring-mem-account-pbuf-buckets.patch
diff --git a/queue-5.19/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch b/queue-5.19/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
deleted file mode 100644
index 11042431c12..00000000000
--- a/queue-5.19/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image  would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c |   11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- 	return NULL;
- }
- 
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
--	return verify_pefile_signature(kernel, kernel_len, NULL,
--				       VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- 	.probe = image_probe,
- 	.load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--	.verify_sig = image_verify_sig,
-+	.verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
diff --git a/queue-5.19/series b/queue-5.19/series
index 5738365d606..f329ac5fec7 100644
--- a/queue-5.19/series
+++ b/queue-5.19/series
@@ -1137,7 +1137,6 @@ xen-blkfront-apply-feature_persistent-parameter-when-connect.patch
 powerpc-fix-eh-field-when-calling-lwarx-on-ppc32.patch
 powerpc64-ftrace-fix-ftrace-for-clang-builds.patch
 net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
 revert-drm-bridge-anx7625-use-dpi-bus-type.patch
 tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
 crypto-lib-blake2s-reduce-stack-frame-usage-in-self-test.patch
@@ -1155,3 +1154,4 @@ tracing-use-a-copy-of-the-va_list-for-__assign_vstr.patch
 net-dsa-felix-fix-min-gate-len-calculation-for-tc-when-its-first-gate-is-closed.patch
 revert-s390-smp-enforce-lowcore-protection-on-cpu-restart.patch
 powerpc-kexec-fix-build-failure-from-uninitialised-variable.patch
+io_uring-mem-account-pbuf-buckets.patch
diff --git a/queue-5.4/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch b/queue-5.4/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
deleted file mode 100644
index 44b02f7ecf1..00000000000
--- a/queue-5.4/arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image  would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c |   11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -113,18 +112,10 @@ static void *image_load(struct kimage *i
- 	return ERR_PTR(ret);
- }
- 
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
--	return verify_pefile_signature(kernel, kernel_len, NULL,
--				       VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- 	.probe = image_probe,
- 	.load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--	.verify_sig = image_verify_sig,
-+	.verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
diff --git a/queue-5.4/series b/queue-5.4/series
index bcae8c51ac4..01596c7e755 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -278,9 +278,10 @@ timekeeping-contribute-wall-clock-to-rng-on-time-change.patch
 firmware-arm_scpi-ensure-scpi_info-is-not-assigned-if-the-probe-fails.patch
 iommu-vt-d-avoid-invalid-memory-access-via-node_online-numa_no_node.patch
 net_sched-cls_route-remove-from-list-when-handle-is-0.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
 btrfs-reject-log-replay-if-there-is-unsupported-ro-compat-flag.patch
 kvm-add-infrastructure-and-macro-to-mark-vm-as-bugged.patch
 kvm-x86-check-lapic_in_kernel-before-attempting-to-set-a-synic-irq.patch
 kvm-x86-avoid-theoretical-null-pointer-dereference-in-kvm_irq_delivery_to_apic_fast.patch
 tcp-fix-over-estimation-in-sk_forced_mem_schedule.patch
+scsi-sg-allow-waiting-for-commands-to-complete-on-removed-device.patch
+revert-net-usb-ax88179_178a-needs-flag_send_zlp.patch