Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPetr Tesarik <ptesarik@suse.cz>2019-10-04 12:22:18 +0200
committerPetr Tesarik <ptesarik@suse.cz>2019-10-04 12:22:18 +0200
commite0b2c1f92a559c888a2ffcce9f191ed1ff79402b (patch)
treefa427441060b98fdd8d5fbac03b6742ee237cbdc
parent66074a116017942088d5edebdd687671997053b5 (diff)
parent8b5e3938213dadc6541cb0ca9e70ee91e40d8c9c (diff)
Merge branch 'users/jdelvare/SLE15/for-next' into SLE15
Pull assorted fixes from Jean Delvare
-rw-r--r--patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch57
-rw-r--r--patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch14
-rw-r--r--patches.suse/eeprom-at24-make-spd-world-readable-again.patch37
-rw-r--r--patches.suse/nvmem-use-the-same-permissions-for-eeprom-as-for-nvmem.patch50
-rw-r--r--series.conf2
5 files changed, 115 insertions, 45 deletions
diff --git a/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
index b444df79d3..79045c625b 100644
--- a/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
+++ b/patches.suse/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
@@ -1,46 +1,39 @@
-From 104cff827b18e35874153bd8df14eba59e5b411a Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [PATCH 43/62] Restrict /dev/mem and /dev/kmem when the kernel is
+From: Matthew Garrett <mjg59@srcf.ucam.org>
+Date: Mon, 19 Aug 2019 17:17:41 -0700
+Subject: lockdown: Restrict /dev/{mem,kmem,port} when the kernel is
locked down
-Patch-mainline: No, submitted https://patchwork.kernel.org/patch/9665599/
+Patch-mainline: No, submitted https://lkml.org/lkml/2019/8/19/1195
References: fate#314486
-Allowing users to write to address space makes it possible for the kernel to
-be subverted, avoiding module loading restrictions. Prevent this when the
-kernel has been locked down.
+Allowing users to read and write to core kernel memory makes it possible
+for the kernel to be subverted, avoiding module loading restrictions, and
+also to steal cryptographic information.
+
+Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
+been locked down to prevent this.
+
+Also disallow /dev/port from being opened to prevent raw ioport access and
+thus DMA from being used to accomplish the same thing.
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Matthew Garrett <mjg59@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Cc: x86@kernel.org
+Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
+Acked-by: Jean Delvare <jdelvare@suse.de>
---
- drivers/char/mem.c | 6 ++++++
- 1 file changed, 6 insertions(+)
+ drivers/char/mem.c | 2 ++
+ 1 file changed, 2 insertions(+)
-diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 6d9cc2d..f814404 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
-@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
- if (p != *ppos)
- return -EFBIG;
+@@ -779,6 +779,8 @@ static loff_t memory_lseek(struct file *
+ static int open_port(struct inode *inode, struct file *filp)
+ {
+ if (kernel_is_locked_down())
+ return -EPERM;
-+
- if (!valid_phys_addr_range(p, count))
- return -EFAULT;
-
-@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
- char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
- int err = 0;
+ return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
+ }
-+ if (kernel_is_locked_down())
-+ return -EPERM;
-+
- if (p < (unsigned long) high_memory) {
- unsigned long to_write = min_t(unsigned long, count,
- (unsigned long)high_memory - p);
---
-2.10.2
-
diff --git a/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch b/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
index fd28f8af05..48aec179dc 100644
--- a/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+++ b/patches.suse/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
@@ -20,8 +20,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
arch/x86/kernel/ioport.c | 4 ++--
- drivers/char/mem.c | 2 ++
- 2 files changed, 4 insertions(+), 2 deletions(-)
+ 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -43,14 +42,3 @@ Acked-by: Lee, Chun-Yi <jlee@suse.com>
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
---- a/drivers/char/mem.c
-+++ b/drivers/char/mem.c
-@@ -768,6 +768,8 @@ static loff_t memory_lseek(struct file *
-
- static int open_port(struct inode *inode, struct file *filp)
- {
-+ if (kernel_is_locked_down())
-+ return -EPERM;
- return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
- }
-
diff --git a/patches.suse/eeprom-at24-make-spd-world-readable-again.patch b/patches.suse/eeprom-at24-make-spd-world-readable-again.patch
new file mode 100644
index 0000000000..b3ccbb5375
--- /dev/null
+++ b/patches.suse/eeprom-at24-make-spd-world-readable-again.patch
@@ -0,0 +1,37 @@
+From: Jean Delvare <jdelvare@suse.de>
+Date: Sun, 28 Jul 2019 18:41:38 +0200
+Subject: eeprom: at24: make spd world-readable again
+Git-commit: 25e5ef302c24a6fead369c0cfe88c073d7b97ca8
+Patch-mainline: v5.3
+References: git-fixes
+
+The integration of the at24 driver into the nvmem framework broke the
+world-readability of spd EEPROMs. Fix it.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Cc: stable@vger.kernel.org
+Fixes: 57d155506dd5 ("eeprom: at24: extend driver to plug into the NVMEM framework")
+Cc: Andrew Lunn <andrew@lunn.ch>
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Bartosz Golaszewski <brgl@bgdev.pl>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+[Bartosz: backported the patch to older branches]
+Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/eeprom/at24.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/misc/eeprom/at24.c
++++ b/drivers/misc/eeprom/at24.c
+@@ -769,7 +769,7 @@ static int at24_probe(struct i2c_client
+ at24->nvmem_config.name = dev_name(&client->dev);
+ at24->nvmem_config.dev = &client->dev;
+ at24->nvmem_config.read_only = !writable;
+- at24->nvmem_config.root_only = true;
++ at24->nvmem_config.root_only = !(chip.flags & AT24_FLAG_IRUGO);
+ at24->nvmem_config.owner = THIS_MODULE;
+ at24->nvmem_config.compat = true;
+ at24->nvmem_config.base_dev = &client->dev;
diff --git a/patches.suse/nvmem-use-the-same-permissions-for-eeprom-as-for-nvmem.patch b/patches.suse/nvmem-use-the-same-permissions-for-eeprom-as-for-nvmem.patch
new file mode 100644
index 0000000000..17bcffdafc
--- /dev/null
+++ b/patches.suse/nvmem-use-the-same-permissions-for-eeprom-as-for-nvmem.patch
@@ -0,0 +1,50 @@
+From: Jean Delvare <jdelvare@suse.de>
+Date: Sun, 28 Jul 2019 18:42:55 +0200
+Subject: [PATCH] nvmem: Use the same permissions for eeprom as for nvmem
+Git-commit: e70d8b287301eb6d7c7761c6171c56af62110ea3
+Patch-mainline: v5.3
+References: git-fixes
+
+The compatibility "eeprom" attribute is currently root-only no
+matter what the configuration says. The "nvmem" attribute does
+respect the setting of the root_only configuration bit, so do the
+same for "eeprom".
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Fixes: b6c217ab9be6 ("nvmem: Add backwards compatibility support for older EEPROM drivers.")
+Reviewed-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+Cc: Andrew Lunn <andrew@lunn.ch>
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Link: https://lore.kernel.org/r/20190728184255.563332e6@endymion
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+
+---
+ drivers/nvmem/core.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+--- a/drivers/nvmem/core.c
++++ b/drivers/nvmem/core.c
+@@ -401,10 +401,17 @@ static int nvmem_setup_compat(struct nvm
+ if (!config->base_dev)
+ return -EINVAL;
+
+- if (nvmem->read_only)
+- nvmem->eeprom = bin_attr_ro_root_nvmem;
+- else
+- nvmem->eeprom = bin_attr_rw_root_nvmem;
++ if (nvmem->read_only) {
++ if (config->root_only)
++ nvmem->eeprom = bin_attr_ro_root_nvmem;
++ else
++ nvmem->eeprom = bin_attr_ro_nvmem;
++ } else {
++ if (config->root_only)
++ nvmem->eeprom = bin_attr_rw_root_nvmem;
++ else
++ nvmem->eeprom = bin_attr_rw_nvmem;
++ }
+ nvmem->eeprom.attr.name = "eeprom";
+ nvmem->eeprom.size = nvmem->size;
+ #ifdef CONFIG_DEBUG_LOCK_ALLOC
diff --git a/series.conf b/series.conf
index 495a25b2e8..9d5852ec67 100644
--- a/series.conf
+++ b/series.conf
@@ -24294,6 +24294,7 @@
patches.suse/mm-migrate-Fix-reference-check-race-between-__find_get_block-and-migration.patch
patches.suse/coredump-split-pipe-command-whitespace-before-expand.patch
patches.suse/mm-migrate-c-initialize-pud_entry-in-migrate_vma.patch
+ patches.suse/eeprom-at24-make-spd-world-readable-again.patch
patches.suse/0001-x86-speculation-Prepare-entry-code-for-Spectre-v1-sw.patch
patches.suse/0002-x86-speculation-Enable-Spectre-v1-swapgs-mitigations.patch
patches.suse/x86-speculation-swapgs-exclude-ATOMs-from-speculating-through-SWAPGS.patch
@@ -24378,6 +24379,7 @@
patches.suse/usb-iowarrior-fix-deadlock-on-disconnect.patch
patches.suse/iio-adc-max9611-Fix-misuse-of-GENMASK-macro.patch
patches.suse/driver_core-Fix_use-after-free_and_double_free_on_glue.patch
+ patches.suse/nvmem-use-the-same-permissions-for-eeprom-as-for-nvmem.patch
patches.suse/mm-hmm-fix-bad-subpage-pointer-in-try_to_unmap_one.patch
patches.suse/mm-memcontrol-c-fix-use-after-free-in-mem_cgroup_iter.patch
patches.suse/iommu-dma-handle-sg-length-overflow-better