From: Greg Kroah-Hartman Date: Thu, 29 Oct 2020 12:35:31 +0000 (+0100) Subject: 5.9-stable patches X-Git-Tag: v4.19.154~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c37118e1d1587b3dcdd0d53ca90599a51992c820;p=thirdparty%2Fkernel%2Fstable-queue.git 5.9-stable patches added patches: efi-arm64-libstub-deal-gracefully-with-efi_rng_protocol-failure.patch fs-kernel_read_file-remove-firmware_efi_embedded-enum.patch scripts-setlocalversion-make-git-describe-output-more-reliable.patch --- diff --git a/queue-5.9/efi-arm64-libstub-deal-gracefully-with-efi_rng_protocol-failure.patch b/queue-5.9/efi-arm64-libstub-deal-gracefully-with-efi_rng_protocol-failure.patch new file mode 100644 index 00000000000..d18329a51fb --- /dev/null +++ b/queue-5.9/efi-arm64-libstub-deal-gracefully-with-efi_rng_protocol-failure.patch @@ -0,0 +1,66 @@ +From d32de9130f6c79533508e2c7879f18997bfbe2a0 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Sat, 26 Sep 2020 10:52:42 +0200 +Subject: efi/arm64: libstub: Deal gracefully with EFI_RNG_PROTOCOL failure + +From: Ard Biesheuvel + +commit d32de9130f6c79533508e2c7879f18997bfbe2a0 upstream. + +Currently, on arm64, we abort on any failure from efi_get_random_bytes() +other than EFI_NOT_FOUND when it comes to setting the physical seed for +KASLR, but ignore such failures when obtaining the seed for virtual +KASLR or for early seeding of the kernel's entropy pool via the config +table. This is inconsistent, and may lead to unexpected boot failures. + +So let's permit any failure for the physical seed, and simply report +the error code if it does not equal EFI_NOT_FOUND. + +Cc: # v5.8+ +Reported-by: Heinrich Schuchardt +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/firmware/efi/libstub/arm64-stub.c | 8 +++++--- + drivers/firmware/efi/libstub/fdt.c | 4 +--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/firmware/efi/libstub/arm64-stub.c ++++ b/drivers/firmware/efi/libstub/arm64-stub.c +@@ -62,10 +62,12 @@ efi_status_t handle_kernel_image(unsigne + status = efi_get_random_bytes(sizeof(phys_seed), + (u8 *)&phys_seed); + if (status == EFI_NOT_FOUND) { +- efi_info("EFI_RNG_PROTOCOL unavailable, no randomness supplied\n"); ++ efi_info("EFI_RNG_PROTOCOL unavailable, KASLR will be disabled\n"); ++ efi_nokaslr = true; + } else if (status != EFI_SUCCESS) { +- efi_err("efi_get_random_bytes() failed\n"); +- return status; ++ efi_err("efi_get_random_bytes() failed (0x%lx), KASLR will be disabled\n", ++ status); ++ efi_nokaslr = true; + } + } else { + efi_info("KASLR disabled on kernel command line\n"); +--- a/drivers/firmware/efi/libstub/fdt.c ++++ b/drivers/firmware/efi/libstub/fdt.c +@@ -136,7 +136,7 @@ static efi_status_t update_fdt(void *ori + if (status) + goto fdt_set_fail; + +- if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { ++ if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && !efi_nokaslr) { + efi_status_t efi_status; + + efi_status = efi_get_random_bytes(sizeof(fdt_val64), +@@ -145,8 +145,6 @@ static efi_status_t update_fdt(void *ori + status = fdt_setprop_var(fdt, node, "kaslr-seed", fdt_val64); + if (status) + goto fdt_set_fail; +- } else if (efi_status != EFI_NOT_FOUND) { +- return efi_status; + } + } + diff --git a/queue-5.9/fs-kernel_read_file-remove-firmware_efi_embedded-enum.patch b/queue-5.9/fs-kernel_read_file-remove-firmware_efi_embedded-enum.patch new file mode 100644 index 00000000000..6f743b3aa07 --- /dev/null +++ b/queue-5.9/fs-kernel_read_file-remove-firmware_efi_embedded-enum.patch @@ -0,0 +1,53 @@ +From 06e67b849ab910a49a629445f43edb074153d0eb Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Fri, 2 Oct 2020 10:38:14 -0700 +Subject: fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum + +From: Kees Cook + +commit 06e67b849ab910a49a629445f43edb074153d0eb upstream. + +The "FIRMWARE_EFI_EMBEDDED" enum is a "where", not a "what". It +should not be distinguished separately from just "FIRMWARE", as this +confuses the LSMs about what is being loaded. Additionally, there was +no actual validation of the firmware contents happening. + +Fixes: e4c2c0ff00ec ("firmware: Add new platform fallback mechanism and firmware_request_platform()") +Signed-off-by: Kees Cook +Reviewed-by: Luis Chamberlain +Acked-by: Scott Branden +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20201002173828.2099543-3-keescook@chromium.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +diff --git a/drivers/base/firmware_loader/fallback_platform.c b/drivers/base/firmware_loader/fallback_platform.c +index 685edb7dd05a..6958ab1a8059 100644 +--- a/drivers/base/firmware_loader/fallback_platform.c ++++ b/drivers/base/firmware_loader/fallback_platform.c +@@ -17,7 +17,7 @@ int firmware_fallback_platform(struct fw_priv *fw_priv, u32 opt_flags) + if (!(opt_flags & FW_OPT_FALLBACK_PLATFORM)) + return -ENOENT; + +- rc = security_kernel_load_data(LOADING_FIRMWARE_EFI_EMBEDDED); ++ rc = security_kernel_load_data(LOADING_FIRMWARE); + if (rc) + return rc; + +diff --git a/include/linux/fs.h b/include/linux/fs.h +index 7336e22d0c5d..3fb7af12d033 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -2858,11 +2858,10 @@ static inline void i_readcount_inc(struct inode *inode) + #endif + extern int do_pipe_flags(int *, int); + +-/* This is a list of *what* is being read, not *how*. */ ++/* This is a list of *what* is being read, not *how* nor *where*. */ + #define __kernel_read_file_id(id) \ + id(UNKNOWN, unknown) \ + id(FIRMWARE, firmware) \ +- id(FIRMWARE_EFI_EMBEDDED, firmware) \ + id(MODULE, kernel-module) \ + id(KEXEC_IMAGE, kexec-image) \ + id(KEXEC_INITRAMFS, kexec-initramfs) \ diff --git a/queue-5.9/scripts-setlocalversion-make-git-describe-output-more-reliable.patch b/queue-5.9/scripts-setlocalversion-make-git-describe-output-more-reliable.patch new file mode 100644 index 00000000000..3300dc964e6 --- /dev/null +++ b/queue-5.9/scripts-setlocalversion-make-git-describe-output-more-reliable.patch @@ -0,0 +1,89 @@ +From 548b8b5168c90c42e88f70fcf041b4ce0b8e7aa8 Mon Sep 17 00:00:00 2001 +From: Rasmus Villemoes +Date: Thu, 17 Sep 2020 08:56:11 +0200 +Subject: scripts/setlocalversion: make git describe output more reliable + +From: Rasmus Villemoes + +commit 548b8b5168c90c42e88f70fcf041b4ce0b8e7aa8 upstream. + +When building for an embedded target using Yocto, we're sometimes +observing that the version string that gets built into vmlinux (and +thus what uname -a reports) differs from the path under /lib/modules/ +where modules get installed in the rootfs, but only in the length of +the -gabc123def suffix. Hence modprobe always fails. + +The problem is that Yocto has the concept of "sstate" (shared state), +which allows different developers/buildbots/etc. to share build +artifacts, based on a hash of all the metadata that went into building +that artifact - and that metadata includes all dependencies (e.g. the +compiler used etc.). That normally works quite well; usually a clean +build (without using any sstate cache) done by one developer ends up +being binary identical to a build done on another host. However, one +thing that can cause two developers to end up with different builds +[and thus make one's vmlinux package incompatible with the other's +kernel-dev package], which is not captured by the metadata hashing, is +this `git describe`: The output of that can be affected by + +(1) git version: before 2.11 git defaulted to a minimum of 7, since +2.11 (git.git commit e6c587) the default is dynamic based on the +number of objects in the repo +(2) hence even if both run the same git version, the output can differ +based on how many remotes are being tracked (or just lots of local +development branches or plain old garbage) +(3) and of course somebody could have a core.abbrev config setting in +~/.gitconfig + +So in order to avoid `uname -a` output relying on such random details +of the build environment which are rather hard to ensure are +consistent between developers and buildbots, make sure the abbreviated +sha1 always consists of exactly 12 hex characters. That is consistent +with the current rule for -stable patches, and is almost always enough +to identify the head commit unambigously - in the few cases where it +does not, the v5.4.3-00021- prefix would certainly nail it down. + +Signed-off-by: Rasmus Villemoes +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman + +--- + scripts/setlocalversion | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +--- a/scripts/setlocalversion ++++ b/scripts/setlocalversion +@@ -45,7 +45,7 @@ scm_version() + + # Check for git and a git repo. + if test -z "$(git rev-parse --show-cdup 2>/dev/null)" && +- head=$(git rev-parse --verify --short HEAD 2>/dev/null); then ++ head=$(git rev-parse --verify HEAD 2>/dev/null); then + + # If we are at a tagged commit (like "v2.6.30-rc6"), we ignore + # it, because this version is defined in the top level Makefile. +@@ -59,11 +59,22 @@ scm_version() + fi + # If we are past a tagged commit (like + # "v2.6.30-rc5-302-g72357d5"), we pretty print it. +- if atag="$(git describe 2>/dev/null)"; then +- echo "$atag" | awk -F- '{printf("-%05d-%s", $(NF-1),$(NF))}' ++ # ++ # Ensure the abbreviated sha1 has exactly 12 ++ # hex characters, to make the output ++ # independent of git version, local ++ # core.abbrev settings and/or total number of ++ # objects in the current repository - passing ++ # --abbrev=12 ensures a minimum of 12, and the ++ # awk substr() then picks the 'g' and first 12 ++ # hex chars. ++ if atag="$(git describe --abbrev=12 2>/dev/null)"; then ++ echo "$atag" | awk -F- '{printf("-%05d-%s", $(NF-1),substr($(NF),0,13))}' + +- # If we don't have a tag at all we print -g{commitish}. ++ # If we don't have a tag at all we print -g{commitish}, ++ # again using exactly 12 hex chars. + else ++ head="$(echo $head | cut -c1-12)" + printf '%s%s' -g $head + fi + fi diff --git a/queue-5.9/series b/queue-5.9/series index 6a67e405010..8a734e35b37 100644 --- a/queue-5.9/series +++ b/queue-5.9/series @@ -14,3 +14,6 @@ io_uring-no-need-to-call-xa_destroy-on-empty-xarray.patch io_uring-fix-use-of-xarray-in-__io_uring_files_cancel.patch io_uring-fix-xarray-usage-in-io_uring_add_task_file.patch io_uring-convert-advanced-xarray-uses-to-the-normal-api.patch +scripts-setlocalversion-make-git-describe-output-more-reliable.patch +efi-arm64-libstub-deal-gracefully-with-efi_rng_protocol-failure.patch +fs-kernel_read_file-remove-firmware_efi_embedded-enum.patch