Seth Forshee [Wed, 2 Jun 2021 20:16:14 +0000 (15:16 -0500)]
UBUNTU: [Debian] exclude $(DEBIAN)/__abi.current from linux-source
BugLink: https://bugs.launchpad.net/bugs/1930713
Previously install-source ran before the flavour install, but that is
no longer the case. As a result the __abi.current driectory ends up
in the linux-source package. Explicitly exclude it when installing
files for linux-source.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Seth Forshee [Tue, 1 Jun 2021 15:36:03 +0000 (10:36 -0500)]
UBUNTU: [Debian] dkms-build -- use fakeroot if not running as root
BugLink: https://bugs.launchpad.net/bugs/1930713
Some dkms builds require running as root, or at least the illusion of
doing so. However we need to do dkms builds before deleting the
flavour build directory in order to sign the modules, and this may
happen without fakeroot. Detect whether or not dkms-build has been
invoked as root, and if not use fakeroot to do the dkms build.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Seth Forshee [Thu, 20 May 2021 21:15:13 +0000 (16:15 -0500)]
UBUNTU: [Debian] run install-$(flavour) targets during build phase
BugLink: https://bugs.launchpad.net/bugs/1930713
Move installation of files from the flavour build directories to the
build phase. This results in cleaning up of one flavour build
directory before starting the build of the next flavour, significantly
reducing the amount of space needed on builders.
Note that this will result in incorrect ownership of files in cases
where the build and binary phases of building packages are run
separately. This will be addressed in a later commit.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Seth Forshee [Thu, 20 May 2021 20:32:25 +0000 (15:32 -0500)]
UBUNTU: [Debian] use stamps for flavour install targets
BugLink: https://bugs.launchpad.net/bugs/1930713
In preparation for moving installation of files from the flavour
build directories over to the build phase, convert relevant install-*
targets to use stamps.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Install the kvm_stat systemd service in linux-host-tools package,
disabled by default. The service logs KVM kernel module trace events to
/var/log/kvm_stat.csv.
This tool is useful for observing guest behavior from the host
perspective. Often conclusions about performance or buggy behavior can
be drawn from the output.
BugLink: https://bugs.launchpad.net/bugs/1921870 Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
UBUNTU: [Packaging] Build and include GDB Python scripts into debug packages
The kernel comes with useful GDB debugging scripts/commands (enabled
with CONFIG_GDB_SCRIPTS), however these are built either with "all" make
target or with "scripts_gdb". Build these in
"$(stampdir)/stamp-build-%" target and package in "install-%" under
/usr/share/gdb/auto-load.
BugLink: https://bugs.launchpad.net/bugs/1928715 Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1920180 Signed-off-by: Alex Hung <alex.hung@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Kai-Heng Feng [Fri, 21 May 2021 13:07:18 +0000 (21:07 +0800)]
vgaarb: Use ACPI HID name to find integrated GPU
BugLink: https://bugs.launchpad.net/bugs/1929217
Commit 3d42f1ddc47a ("vgaarb: Keep adding VGA device in queue") assumes
the first device is an integrated GPU. However, on AMD platforms an
integrated GPU can have higher PCI device number than a discrete GPU.
Integrated GPU on ACPI platform generally has _DOD and _DOS method, so
use that as predicate to find integrated GPU. If the new strategy
doesn't work, fallback to use the first device as boot VGA.
Kai-Heng Feng [Wed, 19 May 2021 11:59:01 +0000 (19:59 +0800)]
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
BugLink: https://bugs.launchpad.net/bugs/1928838
Rfkill block and unblock Intel USB Bluetooth [8087:0026] may make it
stops working:
[ 509.691509] Bluetooth: hci0: HCI reset during shutdown failed
[ 514.897584] Bluetooth: hci0: MSFT filter_enable is already on
[ 530.044751] usb 3-10: reset full-speed USB device number 5 using xhci_hcd
[ 545.660350] usb 3-10: device descriptor read/64, error -110
[ 561.283530] usb 3-10: device descriptor read/64, error -110
[ 561.519682] usb 3-10: reset full-speed USB device number 5 using xhci_hcd
[ 566.686650] Bluetooth: hci0: unexpected event for opcode 0x0500
[ 568.752452] Bluetooth: hci0: urb 0000000096cd309b failed to resubmit (113)
[ 578.797955] Bluetooth: hci0: Failed to read MSFT supported features (-110)
[ 586.286565] Bluetooth: hci0: urb 00000000c522f633 failed to resubmit (113)
[ 596.215302] Bluetooth: hci0: Failed to read MSFT supported features (-110)
BugLink: https://bugs.launchpad.net/bugs/1921632
The soundwire audio driver in the kernel could work on some Dell cml
machines, so enable the machine driver and some needed codec driver.
Signed-off-by: Hui Wang <hui.wang@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Andrea Righi [Mon, 31 May 2021 10:02:50 +0000 (12:02 +0200)]
UBUNTU: [Config] set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
This option will disable uprivileged BPF by default. It can be reenabled,
though, as it uses the new value 2 for the kernel.unprivileged_bpf_disabled
sysctl. That value disables it, but allows the sysctl knob to be set back
to 0.
This allows sysadmins to enable unprivileged BPF back by using sysctl
config files.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Seth Forshee [Wed, 19 May 2021 15:21:20 +0000 (10:21 -0500)]
UBUNTU: [Config] Temporarily disable signing for ppc64el and s390x
We're awaiting testing of lockdown under secureboot on these
architectures. Disable signing in the meantime to allow putting
linux-unstable into -proposed.
UBUNTU: SAUCE: integrity: add informational messages when revoking certs
integrity_load_cert() prints messages of the source and cert details
when adding certs as trusted. Mirror those messages in
uefi_revocation_list_x509() when adding certs as revoked.
UBUNTU: SAUCE: integrity: Load mokx certs from the EFI MOK config table
Refactor load_moklist_certs() to load either MokListRT into db, or
MokListXRT into dbx. Call load_moklist_certs() twice - first to load
mokx certs into dbx, then mok certs into db.
This thus now attempts to load mokx certs via the EFI MOKvar config
table first, and if that fails, via the EFI variable. Previously mokx
certs were only loaded via the EFI variable. Which fails when
MokListXRT is large. Instead of large MokListXRT variable, only
MokListXRT{1,2,3} are available which are not loaded. This is the case
with Ubuntu's 15.4 based shim. This patch is required to address
CVE-2020-26541 when certificates are revoked via MokListXRT.
Fixes: ebd9c2ae369a ("integrity: Load mokx variables into the blacklist keyring") BugLink: https://bugs.launchpad.net/bugs/1928679 Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Juerg Haefliger [Mon, 3 May 2021 08:47:07 +0000 (10:47 +0200)]
UBUNTU: [Packaging] Drop the processing of perm-blacklist
perm-blacklist lists modules and/or symbols that are permanently excluded
from the ABI check. AFAICT this hasn't been used in ages and with the
previous commit it would move up one level which puts it outside of the
ABI directory. That in itelf is not problematic just not pretty. Take this
opportunity to get rid of the whole (unsued) concept. We can always add it
back later should the need arise (and then should probably rename it to
abi.perm-blacklist to make it clear that it's a file related to the ABI).
Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Juerg Haefliger [Mon, 3 May 2021 08:47:06 +0000 (10:47 +0200)]
UBUNTU: [Packaging] Move the ABI files up by one directory level
The current ABI root directory name is <DEBIAN/abi/previous/. This commit
drops the 'previous' path component and moves the ABI up one level. We
still need a temporary directory for downloading the current ABIs which now
has to reside outside of the ABI tree. For that, use <DEBIAN>/__abi.current/
which should clearly indicate that it's a temporary directory.
Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Andrea Righi [Tue, 11 May 2021 07:30:51 +0000 (09:30 +0200)]
UBUNTU: SAUCE: make ASYNCB_INITIALIZED available for the kernel
The flag ASYNCB_INITIALIZED is required by our driver
ubuntu/xr-usb-serial. Make it available to kernel code to prevent the
following build failure:
./build/ubuntu/xr-usb-serial/xr_usb_serial_common.c:1613:15: error: 'ASYNCB_INITIALIZED' undeclared (first use in this function); did you mean 'RCU_INITIALIZER'?
1613 | if (test_bit(ASYNCB_INITIALIZED, &xr_usb_serial->port.flags))
| ^~~~~~~~~~~~~~~~~~
| RCU_INITIALIZER
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
shiftfs expects copy_to_user() to return a negative error code on
failure, when it actually returns the amount of uncopied data. Fix all
code using copy_to_user() to handle the return values correctly.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
CVE-2021-3492 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
UBUNTU: SAUCE: shiftfs: free allocated memory in shiftfs_btrfs_ioctl_fd_replace() error paths
Many error paths in shiftfs_btrfs_ioctl_fd_replace() do not free memory
allocated near the top of the function. Fix up these error paths to free
the memory.
Additionally, the addresses for the allocated memory are assigned to
return parameters early in the function, before we know whether or not
the function as a whole will return success. Wait to assign these values
until we know the function was successful, and for good measure
initialize the return parameters to NULL at the start.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
CVE-2021-3492 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Colin Ian King [Mon, 29 Mar 2021 09:26:15 +0000 (10:26 +0100)]
UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const
Make the sk parameter const to fix a build error with clang:
security/apparmor/net.c:143:35: error: passing 'const struct sock *' to
parameter of type 'struct sock *' discards qualifiers
[-Werror,-Wincompatible-pointer-types-discards-qualifiers]
audit_unix_sk_addr(ab, "addr", sa->u.net->sk);
^~~~~~~~~~~~~
/home/ubuntu/hirsute/security/apparmor/net.c:98:24: note: passing argument
to parameter 'sk' here
struct sock *sk)
^
Fixes: 2775e0786896 ("UBUNTU: SAUCE: apparmor: af_unix mediation") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
The peer_memory_client scheme allows a driver to register with the ib_umem
system that it has the ability to understand user virtual address ranges
that are not compatible with get_user_pages(). For instance VMAs created
with io_remap_pfn_range(), or other driver special VMA.
For ranges the interface understands it can provide a DMA mapped sg_table
for use by the ib_umem, allowing user virtual ranges that cannot be
supported by get_user_pages() to be used as umems for RDMA.
This is designed to preserve the kABI, no functions or structures are
changed, only new symbols are added:
This interface is compatible with the two out of tree GPU drivers:
https://github.com/RadeonOpenCompute/ROCK-Kernel-Driver/blob/master/drivers/gpu/drm/amd/amdkfd/kfd_peerdirect.c
https://github.com/Mellanox/nv_peer_memory/blob/master/nv_peer_mem.c
Signed-off-by: Yishai Hadas <yishaih@mellanox.com> Signed-off-by: Feras Daoud <ferasda@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
(cherry picked from commit a42989294cf39d6e829424734ab0e7ec48bebcef
git://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git) Signed-off-by: dann frazier <dann.frazier@canonical.com>
[ saf: resolve conflicts with updates in 5.12 ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Daniel Axtens [Thu, 2 Apr 2020 05:16:32 +0000 (16:16 +1100)]
UBUNTU: SAUCE: (lockdown) powerpc: lock down kernel in secure boot mode
BugLink: https://bugs.launchpad.net/bugs/1855668
PowerNV has recently gained Secure Boot support. If it's enabled through
the firmware and bootloader stack, then lock down the kernel.
Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
(cherry picked from commit d4f3f12e040caf3ec669726efb67b27550a4713f) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Seth Forshee [Thu, 10 Oct 2019 16:19:32 +0000 (11:19 -0500)]
UBUNTU: SAUCE: (lockdown) security: lockdown: Make CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT more generic
s390 supports secure boot which is not based on EFI. Change the
config option to be more generic, and allow it to be enabled on
s390.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
(cherry picked from commit dd9548a9eb3f2a34ee7c60abce157f8e2868e7c7) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Seth Forshee [Thu, 10 Oct 2019 15:57:25 +0000 (10:57 -0500)]
UBUNTU: SAUCE: (lockdown) arm64: Allow locking down the kernel under EFI secure boot
Add support to arm64 for the CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
option. When enabled the lockdown LSM will be enabled with
maximum confidentiality when booted under EFI secure boot.
Based on an earlier patch by Linn Crosetto.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[v2: ported to 5.7-rc1 and adapted to the new fdt parsing mechanism] Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
(cherry picked from commit fb9c9645d977e23e9b494ce008d31507d872ffef) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Robert Holmes [Tue, 23 Apr 2019 07:39:29 +0000 (07:39 +0000)]
UBUNTU: SAUCE: (lockdown) KEYS: Make use of platform keyring for module signature verify
This patch completes commit 278311e417be ("kexec, KEYS: Make use of
platform keyring for signature verify") which, while adding the
platform keyring for bzImage verification, neglected to also add
this keyring for module verification.
As such, kernel modules signed with keys from the MokList variable
were not successfully verified.
Signed-off-by: Robert Holmes <robeholmes@gmail.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit b697ff5e26974fee8fcd31a1e221e9dd41515efc
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Jeremy Cline [Wed, 30 Oct 2019 14:37:49 +0000 (14:37 +0000)]
UBUNTU: SAUCE: (lockdown) s390: Lock down the kernel when the IPL secure flag is set
Automatically lock down the kernel to LOCKDOWN_CONFIDENTIALITY_MAX if
the IPL secure flag is set.
Upstream Status: RHEL only Suggested-by: Philipp Rudo <prudo@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 2384646bf71d8c282cf49bb20321fdf802c61cce
https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
David Howells [Mon, 30 Sep 2019 21:28:16 +0000 (21:28 +0000)]
UBUNTU: SAUCE: (lockdown) efi: Lock down the kernel if booted in secure boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware
will only load signed bootloaders and kernels. Certain use cases may
also require that all kernel modules also be signed. Add a
configuration option that to lock down the kernel - which includes
requiring validly signed modules - if the kernel is secure-booted.
Upstream Status: RHEL only Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 5850c93175b9d2e1081873f4bbe08dead202cb08
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
David Howells [Tue, 27 Feb 2018 10:04:55 +0000 (10:04 +0000)]
UBUNTU: SAUCE: (lockdown) efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
flag that can be passed to efi_enabled() to find out whether secure boot is
enabled.
Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code and set the bit there.
Upstream Status: RHEL only Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org
[Rebased for context; efi_is_table_address was moved to arch/x86] Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 53250b991f841be025fa4d264850dadc0fae2861
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Jeremy Cline [Mon, 30 Sep 2019 21:22:47 +0000 (21:22 +0000)]
UBUNTU: SAUCE: (lockdown) security: lockdown: expose a hook to lock the kernel down
In order to automatically lock down kernels running on UEFI machines
booted in Secure Boot mode, expose the lock_kernel_down() hook.
Upstream Status: RHEL only Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 72223fd1241cc5c70b96a491db14d54c83beadd8
from https://gitlab.com/cki-project/kernel-ark)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Peter Jones [Mon, 2 Oct 2017 22:18:30 +0000 (18:18 -0400)]
UBUNTU: SAUCE: (lockdown) Make get_cert_list() use efi_status_to_str() to print error messages.
Upstream Status: RHEL only Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 7ba28f03674fa9346610c3fea7fc93bc58f06d2a
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Peter Jones [Mon, 2 Oct 2017 22:22:13 +0000 (18:22 -0400)]
UBUNTU: SAUCE: (lockdown) Add efi_status_to_str() and rework efi_status_to_err().
This adds efi_status_to_str() for use when printing efi_status_t
messages, and reworks efi_status_to_err() so that the two use a common
list of errors.
Upstream Status: RHEL only Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 2ae9082db0b54d831a9b3782c049d9917e37d89f
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Greentime Hu [Tue, 16 Mar 2021 21:31:11 +0000 (21:31 +0000)]
clk: sifive: Use reset-simple in prci driver for PCIe driver
We use reset-simple in this patch so that pcie driver can use
devm_reset_control_get() to get this reset data structure and use
reset_control_deassert() to deassert pcie_power_up_rst_n.
Signed-off-by: Greentime Hu <greentime.hu@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Vincent Chen [Tue, 16 Mar 2021 21:31:07 +0000 (21:31 +0000)]
riscv: Get CPU manufacturer information
Issue 3 SBI calls to get the vendor ID, architecture ID and implementation
ID early in boot so we only need to take the SBI call overhead once.
Signed-off-by: Vincent Chen <vincent.chen@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
riscv: sifive: fu740: cpu{1, 2, 3, 4} set compatible to sifive, u74-mc
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Kai-Heng Feng [Tue, 16 Mar 2021 13:13:28 +0000 (21:13 +0800)]
UBUNTU: SAUCE: PCI: Serialize TGL e1000e PM ops
BugLink: https://bugs.launchpad.net/bugs/1919321
On TGL systems, PCI_COMMAND may randomly flip to 0 on system resume.
This is devastating to drivers that use pci_set_master(), like NVMe and
xHCI, to enable DMA in their resume routine, as pci_set_master() can
inadvertently disable PCI_COMMAND_IO and PCI_COMMAND_MEMORY, making
resources inaccessible.
The issue is reproducible on all kernel releases, but obviously the
situation is exacerbated by commit 6cecf02e77ab ('Revert "e1000e:
disable s0ix entry and exit flows for ME systems"').
Seems like ME is out to lunch until it's finally out of ULP polling. So
ensure e1000e PM ops are serialized by enforcing device links to
workaround the issue. This is another hacky hackish hack that we can't
upstream :)
Of course this will make suspend and resume a bit slower, but at least
we protect other PCI devices by keeping ME from going full basket case.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212039 Link: https://lore.kernel.org/linux-pci/20210303172223.GA634698@bjorn-Precision-5520/ Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1919123
On some platforms, the EC doesn't support the register reading sequence
for sentelic[1], and then make the EC can't respond commands for a while
when probing. It leads to the keyboard non-responsive for around 10
seconds while waking up from s2idle.
A DMI quirk to mark this platform doesn't have aux device could avoid those
commands to be sent. And the system could still using i2c interface to
communicate with the touchpad.
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com>
(cherry picked from https://lkml.org/lkml/2021/3/15/126) Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
You-Sheng Yang [Fri, 5 Mar 2021 07:08:54 +0000 (15:08 +0800)]
UBUNTU: SAUCE: drm/i915: Drop require_force_probe from JSL
BugLink: https://bugs.launchpad.net/bugs/1917843 Signed-off-by: You-Sheng Yang <vicamo.yang@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Paolo Pisati [Thu, 18 Feb 2021 14:58:21 +0000 (15:58 +0100)]
UBUNTU: SAUCE: selftests: memory-hotplug: bump timeout to 10min
$ sudo make -C tools/testing/selftests/memory-hotplug run_tests
TAP version 13
1..1
...
15:11:09 DEBUG| [stdout] not ok 1 selftests: memory-hotplug: mem-on-off-test.sh # TIMEOUT 45 seconds
The memory-hotplug selftest can take up to several minutes, depending on memory
size and cpu speed of the testbench, so bump timeout to 10 minutes.
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Andrea Righi [Thu, 14 Jan 2021 11:06:12 +0000 (12:06 +0100)]
UBUNTU: SAUCE: x86/entry: build thunk_$(BITS) only if CONFIG_PREEMPTION=y
With CONFIG_PREEMPTION disabled, arch/x86/entry/thunk_64.o is just an
empty object file.
With the newer binutils (tested with 2.35.90.20210113-1ubuntu1) the GNU
assembler doesn't generate a symbol table for empty object files and
objtool fails with the following error when a valid symbol table cannot
be found:
arch/x86/entry/thunk_64.o: warning: objtool: missing symbol table
To prevent this from happening, build thunk_$(BITS).o only if
CONFIG_PREEMPTION is enabled.
BugLink: https://bugs.launchpad.net/bugs/1911359 Fixes: 320100a5ffe5 ("x86/entry: Remove the TRACE_IRQS cruft") Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1865402
ODM asks us to use get_display_mode command to confirm the scalar's
behavior, and Windows use this command, too.
To align the behavior with Windows, remove get_scalar_status command and
replace it with get_display_mode.
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1910965
By default no functions are assigned to LEDs. It's up to user/distribution
to provide udev rules to configure them.
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
(backported from https://github.com/sifive/meta-sifive/blob/2020.11/recipes-kernel/linux/files/freedom-u540/0007-Add-PWM-LEDs-D1-D2-D3-D4.patch) Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Atish Patra <atish.patra@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
Upstream-Status: Inappropriate [enable feature]
(backported from https://github.com/sifive/meta-sifive/blob/2020.11/recipes-kernel/linux/files/freedom-u540/0002-Microsemi-PCIe-expansion-board-DT-entry.patch) Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
lz4 compatible decompressor is simple. The format is underspecified and
relies on EOF notification to determine when to stop. Initramfs buffer
format[1] explicitly states that it can have arbitrary number of zero
padding. Thus when operating without a fill function, be extra careful to
ensure that sizes less than 4, or apperantly empty chunksizes are treated
as EOF.
To test this I have created two cpio initrds, first a normal one,
main.cpio. And second one with just a single /test-file with content
"second" second.cpio. Then i compressed both of them with gzip, and with
lz4 -l. Then I created a padding of 4 bytes (dd if=/dev/zero of=pad4 bs=1
count=4). To create four testcase initrds:
The pad4 test-cases replicate the initrd load by grub, as it pads and
aligns every initrd it loads.
All of the above boot, however /test-file was not accessible in the initrd
for the testcase #4, as decoding in lz4 decompressor failed. Also an error
message printed which usually is harmless.
Whith a patched kernel, all of the above testcases now pass, and /test-file
is accessible.
This fixes lz4 initrd decompress warning on every boot with grub. And more
importantly this fixes inability to load multiple lz4 compressed initrds
with grub.
I guess I should convert above decompressor streams with/without padding
into kunit tests, across all decompressor algorithms.
BugLink: https://bugs.launchpad.net/bugs/1896801
Since upstream has removed python3-venv, update our build dependencies and let
linux-doc build outside a virtualenv.
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: dccp: avoid double free of ccid on child socket
When a dccp socket is cloned, the pointers to dccps_hc_rx_ccid and
dccps_hc_tx_ccid are copied. When CCID features are activated on the child
socket, the CCID objects are freed, leaving the parent socket with dangling
pointers.
During cloning, set dccps_hc_rx_ccid and dccps_hc_tx_ccid to NULL so the
parent objects are not freed.
Reported-by: Hadar Manor
CVE-2020-16119 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Juerg Haefliger <juerg.haefliger@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: AppArmor: Remove the exclusive flag
With the inclusion of the "display" process attribute
mechanism AppArmor no longer needs to be treated as an
"exclusive" security module. Remove the flag that indicates
it is exclusive. Remove the stub getpeersec_dgram AppArmor
hook as it has no effect in the single LSM case and
interferes in the multiple LSM case.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 22:27:38 +0000 (15:27 -0700)]
UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context
Add an entry /proc/.../attr/context which displays the full
process security "context" in compound format:
lsm1\0value\0lsm2\0value\0...
This entry is not writable.
A security module may decide that its policy does not allow
this information to be displayed. In this case none of the
information will be displayed.
Casey Schaufler [Fri, 21 Aug 2020 21:59:03 +0000 (14:59 -0700)]
UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM
attributes
Create a new audit record type to contain the object information
when there are multiple security modules that require such data.
This record is emitted before the other records for the event, but
is linked with the same timestamp and serial number.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-audit@redhat.com Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 21:29:19 +0000 (14:29 -0700)]
UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes
Create a new audit record type to contain the subject information
when there are multiple security modules that require such data.
This record is linked with the same timestamp and serial number.
The record is produced only in cases where there is more than one
security module with a process "context".
Before this change the only audit events that required multiple
records were syscall events. Several non-syscall events include
subject contexts, so the use of audit_context data has been expanded
as necessary.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-audit@redhat.com Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 17:54:15 +0000 (10:54 -0700)]
UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob
Netlabel uses LSM interfaces requiring an lsmblob and
the internal storage is used to pass information between
these interfaces, so change the internal data from a secid
to a lsmblob. Update the netlabel interfaces and their
callers to accommodate the change. This requires that the
modules using netlabel use the lsm_id.slot to access the
correct secid when using netlabel.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 23:25:25 +0000 (16:25 -0700)]
UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx
Change the security_inode_getsecctx() interface to fill
a lsmcontext structure instead of data and length pointers.
This provides the information about which LSM created the
context so that security_release_secctx() can use the
correct hook.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 22:19:52 +0000 (15:19 -0700)]
UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx
Replace the (secctx,seclen) pointer pair with a single
lsmcontext pointer to allow return of the LSM identifier
along with the context and context length. This allows
security_release_secctx() to know how to release the
context. Callers have been modified to use or save the
returned data from the new structure.
Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 18:47:01 +0000 (11:47 -0700)]
UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser
Add a new lsmcontext data structure to hold all the information
about a "security context", including the string, its size and
which LSM allocated the string. The allocation information is
necessary because LSMs have different policies regarding the
lifecycle of these strings. SELinux allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 17:40:08 +0000 (10:40 -0700)]
UBUNTU: SAUCE: LSM: Specify which LSM to display
Create a new entry "display" in the procfs attr directory for
controlling which LSM security information is displayed for a
process. A process can only read or write its own display value.
The name of an active LSM that supplies hooks for
human readable data may be written to "display" to set the
value. The name of the LSM currently in use can be read from
"display". At this point there can only be one LSM capable
of display active. A helper function lsm_task_display() is
provided to get the display slot for a task_struct.
Setting the "display" requires that all security modules using
setprocattr hooks allow the action. Each security module is
responsible for defining its policy.
AppArmor hook provided by John Johansen <john.johansen@canonical.com>
SELinux hook provided by Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 16:24:21 +0000 (09:24 -0700)]
UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs
The IMA interfaces ima_get_action() and ima_match_policy()
call LSM functions that use lsmblobs. Change the IMA functions
to pass the lsmblob to be compatible with the LSM functions.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 15:43:21 +0000 (08:43 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid
Change the security_cred_getsecid() interface to fill in a
lsmblob instead of a u32 secid. The associated data elements
in the audit sub-system are changed from a secid to a lsmblob
to accommodate multiple possible LSM audit users.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 00:28:57 +0000 (17:28 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid
Change the security_inode_getsecid() interface to fill in a
lsmblob structure instead of a u32 secid. This allows for its
callers to gather data from all registered LSMs. Data is provided
for IMA and audit.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Wed, 19 Aug 2020 23:06:37 +0000 (16:06 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid
Change the security_task_getsecid() interface to fill in
a lsmblob structure instead of a u32 secid in support of
LSM stacking. Audit interfaces will need to collect all
possible secids for possible reporting.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 19 Mar 2020 16:40:29 +0000 (09:40 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid
There may be more than one LSM that provides IPC data
for auditing. Change security_ipc_getsecid() to fill in
a lsmblob structure instead of the u32 secid. The
audit data structure containing the secid will be updated
later, so there is a bit of scaffolding here.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>