From 11752b9c342d102533d1fd07728016209f722538 Mon Sep 17 00:00:00 2001 From: Pablo Greco Date: Mar 14 2020 14:29:56 +0000 Subject: Update to 5.4.25 --- diff --git a/.gitignore b/.gitignore index 83498ea..581ba1a 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,14 @@ SOURCES/*.bz2 SOURCES/*.rpm SOURCES/*.orig SOURCES/*.sign + +#files generated by %prep +SOURCES/filter-aarch64.sh +SOURCES/filter-armv7hl.sh +SOURCES/filter-i686.sh +SOURCES/filter-modules.sh +SOURCES/filter-ppc64le.sh +SOURCES/filter-s390x.sh +SOURCES/filter-x86_64.sh +SOURCES/mod-extra.list +SOURCES/x509.genkey diff --git a/.kernel.metadata b/.kernel.metadata index ffdc3a8..f3af03e 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,2 +1,2 @@ 98ae49ad49397d5a4dcb3ff9a082223edf7c5bbd SOURCES/linux-5.4.tar.xz -7ffe5446faa1749bd4efbab9540625a2bef4bec6 SOURCES/patch-5.4.22.xz +58f37a7fb4f4f0050b291c2f71ea111082d46654 SOURCES/patch-5.4.25.xz diff --git a/SOURCES/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch b/SOURCES/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch deleted file mode 100644 index 34934a9..0000000 --- a/SOURCES/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 3ce5852ec6add45a28fe1706e9163351940e905c Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 2 Oct 2017 18:25:29 -0400 -Subject: [PATCH 1/3] Make get_cert_list() not complain about cert lists that - aren't present. - -Signed-off-by: Peter Jones ---- - security/integrity/platform_certs/load_uefi.c | 37 ++++++++++++++++++++++--------------- - 1 file changed, 22 insertions(+), 15 deletions(-) - -diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c -index 81b19c52832b..e188f3ecbce3 100644 ---- a/security/integrity/platform_certs/load_uefi.c -+++ b/security/integrity/platform_certs/load_uefi.c -@@ -38,8 +38,8 @@ static __init bool uefi_check_ignore_db(void) - /* - * Get a certificate list blob from the named EFI variable. - */ --static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, -- unsigned long *size) -+static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, -+ unsigned long *size , void **cert_list) - { - efi_status_t status; - unsigned long lsize = 4; -@@ -47,24 +47,31 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, - void *db; - - status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); -+ if (status == EFI_NOT_FOUND) { -+ *size = 0; -+ *cert_list = NULL; -+ return 0; -+ } -+ - if (status != EFI_BUFFER_TOO_SMALL) { - pr_err("Couldn't get size: 0x%lx\n", status); -- return NULL; -+ return efi_status_to_err(status); - } - - db = kmalloc(lsize, GFP_KERNEL); - if (!db) -- return NULL; -+ return -ENOMEM; - - status = efi.get_variable(name, guid, NULL, &lsize, db); - if (status != EFI_SUCCESS) { - kfree(db); - pr_err("Error reading db var: 0x%lx\n", status); -- return NULL; -+ return efi_status_to_err(status); - } - - *size = lsize; -- return db; -+ *cert_list = db; -+ return 0; - } - - /* -@@ -153,10 +160,10 @@ static int __init load_uefi_certs(void) - * an error if we can't get them. - */ - if (!uefi_check_ignore_db()) { -- db = get_cert_list(L"db", &secure_var, &dbsize); -- if (!db) { -+ rc = get_cert_list(L"db", &secure_var, &dbsize, &db); -+ if (rc < 0) { - pr_err("MODSIGN: Couldn't get UEFI db list\n"); -- } else { -+ } else if (dbsize != 0) { - rc = parse_efi_signature_list("UEFI:db", - db, dbsize, get_handler_for_db); - if (rc) -@@ -166,10 +173,10 @@ static int __init load_uefi_certs(void) - } - } - -- mok = get_cert_list(L"MokListRT", &mok_var, &moksize); -- if (!mok) { -+ rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); -+ if (rc < 0) { - pr_info("Couldn't get UEFI MokListRT\n"); -- } else { -+ } else if (moksize != 0) { - rc = parse_efi_signature_list("UEFI:MokListRT", - mok, moksize, get_handler_for_db); - if (rc) -@@ -177,10 +184,10 @@ static int __init load_uefi_certs(void) - kfree(mok); - } - -- dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); -- if (!dbx) { -+ rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx); -+ if (rc < 0) { - pr_info("Couldn't get UEFI dbx list\n"); -- } else { -+ } else if (dbxsize != 0) { - rc = parse_efi_signature_list("UEFI:dbx", - dbx, dbxsize, - get_handler_for_dbx); diff --git a/SOURCES/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch b/SOURCES/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch deleted file mode 100644 index 6f3bd3c..0000000 --- a/SOURCES/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch +++ /dev/null @@ -1,95 +0,0 @@ -From a34309d16f41c48ffd90e56a6f865d6a1a8c49f0 Mon Sep 17 00:00:00 2001 -From: Catalin Marinas -Date: Wed, 19 Feb 2020 12:31:56 +0000 -Subject: [PATCH] mm: Avoid creating virtual address aliases in - brk()/mmap()/mremap() - -Currently the arm64 kernel ignores the top address byte passed to brk(), -mmap() and mremap(). When the user is not aware of the 56-bit address -limit or relies on the kernel to return an error, untagging such -pointers has the potential to create address aliases in user-space. -Passing a tagged address to munmap(), madvise() is permitted since the -tagged pointer is expected to be inside an existing mapping. - -The current behaviour breaks the existing glibc malloc() implementation -which relies on brk() with an address beyond 56-bit to be rejected by -the kernel. - -Remove untagging in the above functions by partially reverting commit -ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In -addition, update the arm64 tagged-address-abi.rst document accordingly. - -Link: https://bugzilla.redhat.com/1797052 -Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk") -Cc: # 5.4.x- -Cc: Andrew Morton -Cc: Florian Weimer -Reported-by: Victor Stinner -Acked-by: Will Deacon -Acked-by: Andrey Konovalov -Signed-off-by: Catalin Marinas ---- - Documentation/arm64/tagged-address-abi.rst | 11 +++++++++-- - mm/mmap.c | 4 ---- - mm/mremap.c | 1 - - 3 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/Documentation/arm64/tagged-address-abi.rst b/Documentation/arm64/tagged-address-abi.rst -index d4a85d535bf9..f6289116893c 100644 ---- a/Documentation/arm64/tagged-address-abi.rst -+++ b/Documentation/arm64/tagged-address-abi.rst -@@ -44,8 +44,15 @@ The AArch64 Tagged Address ABI has two stages of relaxation depending - how the user addresses are used by the kernel: - - 1. User addresses not accessed by the kernel but used for address space -- management (e.g. ``mmap()``, ``mprotect()``, ``madvise()``). The use -- of valid tagged pointers in this context is always allowed. -+ management (e.g. ``mprotect()``, ``madvise()``). The use of valid -+ tagged pointers in this context is allowed with the exception of -+ ``brk()``, ``mmap()`` and the ``new_address`` argument to -+ ``mremap()`` as these have the potential of aliasing with existing -+ user addresses. -+ -+ NOTE: This behaviour changed in v5.6 and so some earlier kernels may -+ incorrectly accept valid tagged pointers for the ``brk()``, -+ ``mmap()`` and ``mremap()`` system calls. - - 2. User addresses accessed by the kernel (e.g. ``write()``). This ABI - relaxation is disabled by default and the application thread needs to -diff --git a/mm/mmap.c b/mm/mmap.c -index 4390dbea4aa5..514cc19c5916 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -195,8 +195,6 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - bool downgraded = false; - LIST_HEAD(uf); - -- brk = untagged_addr(brk); -- - if (down_write_killable(&mm->mmap_sem)) - return -EINTR; - -@@ -1583,8 +1581,6 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len, - struct file *file = NULL; - unsigned long retval; - -- addr = untagged_addr(addr); -- - if (!(flags & MAP_ANONYMOUS)) { - audit_mmap_fd(fd, flags); - file = fget(fd); -diff --git a/mm/mremap.c b/mm/mremap.c -index 1fc8a29fbe3f..1d98281f7204 100644 ---- a/mm/mremap.c -+++ b/mm/mremap.c -@@ -607,7 +607,6 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, - LIST_HEAD(uf_unmap); - - addr = untagged_addr(addr); -- new_addr = untagged_addr(new_addr); - - if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) - return ret; --- -2.24.1 - diff --git a/SOURCES/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch b/SOURCES/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch index ec107ba..d1e43ed 100644 --- a/SOURCES/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch +++ b/SOURCES/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch @@ -1,38 +1,39 @@ -From 520e902d864930e2d4f329983d9ae9781a24231f Mon Sep 17 00:00:00 2001 +From 46daeedffe98b489014dcdcf14c89438362de7eb Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 2 Oct 2017 18:18:30 -0400 -Subject: [PATCH 3/3] Make get_cert_list() use efi_status_to_str() to print - error messages. +Subject: [PATCH] Make get_cert_list() use efi_status_to_str() to print error + messages. Signed-off-by: Peter Jones +Signed-off-by: Jeremy Cline --- security/integrity/platform_certs/load_uefi.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c -index 9ef34c44fd1..13a2826715d 100644 +index f0c908241966..4e783f6c6cfb 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c -@@ -51,7 +51,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, - } +@@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, + return NULL; - if (status != EFI_BUFFER_TOO_SMALL) { -- pr_err("Couldn't get size: 0x%lx\n", status); + if (*status != EFI_BUFFER_TOO_SMALL) { +- pr_err("Couldn't get size: 0x%lx\n", *status); + pr_err("Couldn't get size: %s (0x%lx)\n", -+ efi_status_to_str(status), status); - return efi_status_to_err(status); ++ efi_status_to_str(*status), *status); + return NULL; } -@@ -64,7 +65,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, - status = efi.get_variable(name, guid, NULL, &lsize, db); - if (status != EFI_SUCCESS) { +@@ -57,7 +58,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, + *status = efi.get_variable(name, guid, NULL, &lsize, db); + if (*status != EFI_SUCCESS) { kfree(db); -- pr_err("Error reading db var: 0x%lx\n", status); +- pr_err("Error reading db var: 0x%lx\n", *status); + pr_err("Error reading db var: %s (0x%lx)\n", -+ efi_status_to_str(status), status); - return efi_status_to_err(status); ++ efi_status_to_str(*status), *status); + return NULL; } -- -2.15.0 +2.24.1 diff --git a/SOURCES/drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch b/SOURCES/drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch deleted file mode 100644 index c0251d1..0000000 --- a/SOURCES/drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 90de578c81e983b3d992ca3e1a7e5910c803abba Mon Sep 17 00:00:00 2001 -From: Chris Wilson -Date: Mon, 30 Dec 2019 11:15:30 +0000 -Subject: [PATCH] drm/i915/gt: Detect if we miss WaIdleLiteRestore - -In order to avoid confusing the HW, we must never submit an empty ring -during lite-restore, that is we should always advance the RING_TAIL -before submitting to stay ahead of the RING_HEAD. - -Normally this is prevented by keeping a couple of spare NOPs in the -request->wa_tail so that on resubmission we can advance the tail. This -relies on the request only being resubmitted once, which is the normal -condition as it is seen once for ELSP[1] and then later in ELSP[0]. On -preemption, the requests are unwound and the tail reset back to the -normal end point (as we know the request is incomplete and therefore its -RING_HEAD is even earlier). - -However, if this w/a should fail we would try and resubmit the request -with the RING_TAIL already set to the location of this request's wa_tail -potentially causing a GPU hang. We can spot when we do try and -incorrectly resubmit without advancing the RING_TAIL and spare any -embarrassment by forcing the context restore. - -In the case of preempt-to-busy, we leave the requests running on the HW -while we unwind. As the ring is still live, we cannot rewind our -rq->tail without forcing a reload so leave it set to rq->wa_tail and -only force a reload if we resubmit after a lite-restore. (Normally, the -forced reload will be a part of the preemption event.) - -Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy") -Closes: https://gitlab.freedesktop.org/drm/intel/issues/673 -Signed-off-by: Chris Wilson -Cc: Mika Kuoppala -Cc: Tvrtko Ursulin -Reviewed-by: Tvrtko Ursulin -Cc: stable@vger.kernel.org -Link: https://patchwork.freedesktop.org/patch/msgid/20191209023215.3519970-1-chris@chris-wilson.co.uk -(cherry picked from commit 82c69bf58650e644c61aa2bf5100b63a1070fd2f) ---- - drivers/gpu/drm/i915/gt/intel_lrc.c | 42 ++++++++++++++--------------- - 1 file changed, 20 insertions(+), 22 deletions(-) - -diff --git a/drivers/gpu/drm/i915/gt/intel_lrc.c b/drivers/gpu/drm/i915/gt/intel_lrc.c -index d564bfcab6a3..49ce15553e7b 100644 ---- a/drivers/gpu/drm/i915/gt/intel_lrc.c -+++ b/drivers/gpu/drm/i915/gt/intel_lrc.c -@@ -471,12 +471,6 @@ lrc_descriptor(struct intel_context *ce, struct intel_engine_cs *engine) - return desc; - } - --static void unwind_wa_tail(struct i915_request *rq) --{ -- rq->tail = intel_ring_wrap(rq->ring, rq->wa_tail - WA_TAIL_BYTES); -- assert_ring_tail_valid(rq->ring, rq->tail); --} -- - static struct i915_request * - __unwind_incomplete_requests(struct intel_engine_cs *engine) - { -@@ -495,7 +489,6 @@ __unwind_incomplete_requests(struct intel_engine_cs *engine) - continue; /* XXX */ - - __i915_request_unsubmit(rq); -- unwind_wa_tail(rq); - - /* - * Push the request back into the queue for later resubmission. -@@ -650,13 +643,29 @@ execlists_schedule_out(struct i915_request *rq) - i915_request_put(rq); - } - --static u64 execlists_update_context(const struct i915_request *rq) -+static u64 execlists_update_context(struct i915_request *rq) - { - struct intel_context *ce = rq->hw_context; -- u64 desc; -+ u64 desc = ce->lrc_desc; -+ u32 tail; - -- ce->lrc_reg_state[CTX_RING_TAIL + 1] = -- intel_ring_set_tail(rq->ring, rq->tail); -+ /* -+ * WaIdleLiteRestore:bdw,skl -+ * -+ * We should never submit the context with the same RING_TAIL twice -+ * just in case we submit an empty ring, which confuses the HW. -+ * -+ * We append a couple of NOOPs (gen8_emit_wa_tail) after the end of -+ * the normal request to be able to always advance the RING_TAIL on -+ * subsequent resubmissions (for lite restore). Should that fail us, -+ * and we try and submit the same tail again, force the context -+ * reload. -+ */ -+ tail = intel_ring_set_tail(rq->ring, rq->tail); -+ if (unlikely(ce->lrc_reg_state[CTX_RING_TAIL + 1] == tail)) -+ desc |= CTX_DESC_FORCE_RESTORE; -+ ce->lrc_reg_state[CTX_RING_TAIL + 1] = tail; -+ rq->tail = rq->wa_tail; - - /* - * Make sure the context image is complete before we submit it to HW. -@@ -675,7 +684,6 @@ static u64 execlists_update_context(const struct i915_request *rq) - */ - mb(); - -- desc = ce->lrc_desc; - ce->lrc_desc &= ~CTX_DESC_FORCE_RESTORE; - - return desc; -@@ -1150,16 +1158,6 @@ static void execlists_dequeue(struct intel_engine_cs *engine) - if (!list_is_last(&last->sched.link, - &engine->active.requests)) - return; -- -- /* -- * WaIdleLiteRestore:bdw,skl -- * Apply the wa NOOPs to prevent -- * ring:HEAD == rq:TAIL as we resubmit the -- * request. See gen8_emit_fini_breadcrumb() for -- * where we prepare the padding after the -- * end of the request. -- */ -- last->tail = last->wa_tail; - } - } - --- -2.24.1 - diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index faec6fe..2d8ced1 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -89,7 +89,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 22 +%define stable_update 25 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -789,7 +789,6 @@ Source5000: patch-5.%{base_sublevel}-git%{gitrev}.xz # 200 - x86 / secureboot # bz 1497559 - Make kernel MODSIGN code not error on missing variables -Patch200: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch Patch201: 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch Patch202: 0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch @@ -850,13 +849,6 @@ Patch523: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch # CVE-2019-18808 rhbz 1777418 1777421 Patch527: 0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1797052 -# http://lists.infradead.org/pipermail/linux-arm-kernel/2020-February/712003.html -Patch528: 0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch - -# https://gitlab.freedesktop.org/drm/intel/issues/673 -Patch531: drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch - # ALSA code from v5.5 (Intel ASoC Sound Open Firmware driver support) Patch600: alsa-5.5.patch @@ -2905,6 +2897,9 @@ fi # # %changelog +* Sat Mar 14 2020 Pablo Greco - 5.4.25-200 +- Update to 5.4.25 + * Wed Feb 26 2020 Pablo Greco - 5.4.22-200 - Update to 5.4.22