Linux v4.9-7150-gcdb98c2
This commit is contained in:
Justin M. Forbes
parent
b31b0fb7f4
commit
962ea4f047
|
|
@ -1,31 +0,0 @@
|
|||
From 36d02761fc952f8190fca75bb4b81c2c7b7ddf68 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH 04/20] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
Disable it if any such restrictions have been enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/acpi/custom_method.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
||||
index c68e72414a67..4277938af700 100644
|
||||
--- a/drivers/acpi/custom_method.c
|
||||
+++ b/drivers/acpi/custom_method.c
|
||||
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||
struct acpi_table_header table;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -19,8 +19,8 @@ index 5af91b58afae..190858d62fe3 100644
|
|||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -603,6 +603,9 @@ void efi_native_runtime_setup(void);
|
||||
#define LINUX_EFI_ARM_SCREEN_INFO_TABLE_GUID EFI_GUID(0xe03fc20a, 0x85dc, 0x406e, 0xb9, 0x0e, 0x4a, 0xb5, 0x02, 0x37, 0x1d, 0x95)
|
||||
#define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
|
||||
#define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b)
|
||||
|
||||
+#define EFI_CERT_SHA256_GUID EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
|
||||
+#define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
|
||||
|
|
|
|||
|
|
@ -1,63 +0,0 @@
|
|||
From 80d2d273b36b33d46820ab128c7a5b068389f643 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH 01/20] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
only modules signed with a trusted key.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
include/linux/module.h | 6 ++++++
|
||||
kernel/module.c | 10 ++++++++++
|
||||
2 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 0c3207d26ac0..05bd6c989a0c 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -641,6 +641,8 @@ static inline bool is_livepatch_module(struct module *mod)
|
||||
}
|
||||
#endif /* CONFIG_LIVEPATCH */
|
||||
|
||||
+extern bool secure_modules(void);
|
||||
+
|
||||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
static inline struct module *__module_address(unsigned long addr)
|
||||
@@ -750,6 +752,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
return false;
|
||||
}
|
||||
|
||||
+static inline bool secure_modules(void)
|
||||
+{
|
||||
+ return false;
|
||||
+}
|
||||
#endif /* CONFIG_MODULES */
|
||||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index f57dd63186e6..cb864505d020 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -4284,3 +4284,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
+
|
||||
+bool secure_modules(void)
|
||||
+{
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ return (sig_enforce || modules_disabled);
|
||||
+#else
|
||||
+ return modules_disabled;
|
||||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -1,246 +0,0 @@
|
|||
From d9e0379e8d3cb51efe4e2b1a5a60c52c2c40bdfb Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@redhat.com>
|
||||
Date: Fri, 30 Aug 2013 09:28:51 -0400
|
||||
Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
arch/x86/kernel/setup.c | 36 ++++++++++++++++++++++++++++++++++++
|
||||
drivers/input/misc/uinput.c | 1 +
|
||||
drivers/tty/sysrq.c | 19 +++++++++++++------
|
||||
include/linux/input.h | 5 +++++
|
||||
include/linux/sysrq.h | 8 +++++++-
|
||||
kernel/debug/kdb/kdb_main.c | 2 +-
|
||||
kernel/module.c | 2 +-
|
||||
7 files changed, 64 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index b93183336674..dab2882927c2 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -70,6 +70,11 @@
|
||||
#include <linux/tboot.h>
|
||||
#include <linux/jiffies.h>
|
||||
|
||||
+#include <linux/fips.h>
|
||||
+#include <linux/cred.h>
|
||||
+#include <linux/sysrq.h>
|
||||
+#include <linux/init_task.h>
|
||||
+
|
||||
#include <video/edid.h>
|
||||
|
||||
#include <asm/mtrr.h>
|
||||
@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
|
||||
|
||||
#endif /* CONFIG_X86_32 */
|
||||
|
||||
+#ifdef CONFIG_MAGIC_SYSRQ
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+extern bool sig_enforce;
|
||||
+#endif
|
||||
+
|
||||
+static void sysrq_handle_secure_boot(int key)
|
||||
+{
|
||||
+ if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
+ return;
|
||||
+
|
||||
+ pr_info("Secure boot disabled\n");
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ sig_enforce = fips_enabled;
|
||||
+#endif
|
||||
+}
|
||||
+static struct sysrq_key_op secure_boot_sysrq_op = {
|
||||
+ .handler = sysrq_handle_secure_boot,
|
||||
+ .help_msg = "unSB(x)",
|
||||
+ .action_msg = "Disabling Secure Boot restrictions",
|
||||
+ .enable_mask = SYSRQ_DISABLE_USERSPACE,
|
||||
+};
|
||||
+static int __init secure_boot_sysrq(void)
|
||||
+{
|
||||
+ if (efi_enabled(EFI_SECURE_BOOT))
|
||||
+ register_sysrq_key('x', &secure_boot_sysrq_op);
|
||||
+ return 0;
|
||||
+}
|
||||
+late_initcall(secure_boot_sysrq);
|
||||
+#endif /*CONFIG_MAGIC_SYSRQ*/
|
||||
+
|
||||
+
|
||||
static struct notifier_block kernel_offset_notifier = {
|
||||
.notifier_call = dump_kernel_offset
|
||||
};
|
||||
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
|
||||
index 92595b98e7ed..894ed3f74f04 100644
|
||||
--- a/drivers/input/misc/uinput.c
|
||||
+++ b/drivers/input/misc/uinput.c
|
||||
@@ -379,6 +379,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
if (!udev->dev)
|
||||
return -ENOMEM;
|
||||
|
||||
+ udev->dev->flags |= INPUTDEV_FLAGS_SYNTHETIC;
|
||||
udev->dev->event = uinput_dev_event;
|
||||
input_set_drvdata(udev->dev, udev);
|
||||
|
||||
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
|
||||
index 52bbd27e93ae..594bd731253a 100644
|
||||
--- a/drivers/tty/sysrq.c
|
||||
+++ b/drivers/tty/sysrq.c
|
||||
@@ -479,6 +479,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
/* x: May be registered on mips for TLB dump */
|
||||
/* x: May be registered on ppc/powerpc for xmon */
|
||||
/* x: May be registered on sparc64 for global PMU dump */
|
||||
+ /* x: May be registered on x86_64 for disabling secure boot */
|
||||
NULL, /* x */
|
||||
/* y: May be registered on sparc64 for global register dump */
|
||||
NULL, /* y */
|
||||
@@ -522,7 +523,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
sysrq_key_table[i] = op_p;
|
||||
}
|
||||
|
||||
-void __handle_sysrq(int key, bool check_mask)
|
||||
+void __handle_sysrq(int key, int from)
|
||||
{
|
||||
struct sysrq_key_op *op_p;
|
||||
int orig_log_level;
|
||||
@@ -542,11 +543,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
|
||||
op_p = __sysrq_get_key_op(key);
|
||||
if (op_p) {
|
||||
+ /* Ban synthetic events from some sysrq functionality */
|
||||
+ if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
|
||||
+ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE)
|
||||
+ printk("This sysrq operation is disabled from userspace.\n");
|
||||
/*
|
||||
* Should we check for enabled operations (/proc/sysrq-trigger
|
||||
* should not) and is the invoked operation enabled?
|
||||
*/
|
||||
- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
|
||||
+ if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
|
||||
pr_cont("%s\n", op_p->action_msg);
|
||||
console_loglevel = orig_log_level;
|
||||
op_p->handler(key);
|
||||
@@ -578,7 +583,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
void handle_sysrq(int key)
|
||||
{
|
||||
if (sysrq_on())
|
||||
- __handle_sysrq(key, true);
|
||||
+ __handle_sysrq(key, SYSRQ_FROM_KERNEL);
|
||||
}
|
||||
EXPORT_SYMBOL(handle_sysrq);
|
||||
|
||||
@@ -659,7 +664,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
static void sysrq_handle_reset_request(struct sysrq_state *state)
|
||||
{
|
||||
if (state->reset_requested)
|
||||
- __handle_sysrq(sysrq_xlate[KEY_B], false);
|
||||
+ __handle_sysrq(sysrq_xlate[KEY_B], SYSRQ_FROM_KERNEL);
|
||||
|
||||
if (sysrq_reset_downtime_ms)
|
||||
mod_timer(&state->keyreset_timer,
|
||||
@@ -810,8 +815,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
|
||||
default:
|
||||
if (sysrq->active && value && value != 2) {
|
||||
+ int from = sysrq->handle.dev->flags & INPUTDEV_FLAGS_SYNTHETIC ?
|
||||
+ SYSRQ_FROM_SYNTHETIC : 0;
|
||||
sysrq->need_reinject = false;
|
||||
- __handle_sysrq(sysrq_xlate[code], true);
|
||||
+ __handle_sysrq(sysrq_xlate[code], from);
|
||||
}
|
||||
break;
|
||||
}
|
||||
@@ -1095,7 +1102,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
|
||||
if (get_user(c, buf))
|
||||
return -EFAULT;
|
||||
- __handle_sysrq(c, false);
|
||||
+ __handle_sysrq(c, SYSRQ_FROM_PROC);
|
||||
}
|
||||
|
||||
return count;
|
||||
diff --git a/include/linux/input.h b/include/linux/input.h
|
||||
index a65e3b24fb18..8b0357175049 100644
|
||||
--- a/include/linux/input.h
|
||||
+++ b/include/linux/input.h
|
||||
@@ -42,6 +42,7 @@ struct input_value {
|
||||
* @phys: physical path to the device in the system hierarchy
|
||||
* @uniq: unique identification code for the device (if device has it)
|
||||
* @id: id of the device (struct input_id)
|
||||
+ * @flags: input device flags (SYNTHETIC, etc.)
|
||||
* @propbit: bitmap of device properties and quirks
|
||||
* @evbit: bitmap of types of events supported by the device (EV_KEY,
|
||||
* EV_REL, etc.)
|
||||
@@ -124,6 +125,8 @@ struct input_dev {
|
||||
const char *uniq;
|
||||
struct input_id id;
|
||||
|
||||
+ unsigned int flags;
|
||||
+
|
||||
unsigned long propbit[BITS_TO_LONGS(INPUT_PROP_CNT)];
|
||||
|
||||
unsigned long evbit[BITS_TO_LONGS(EV_CNT)];
|
||||
@@ -190,6 +193,8 @@ struct input_dev {
|
||||
};
|
||||
#define to_input_dev(d) container_of(d, struct input_dev, dev)
|
||||
|
||||
+#define INPUTDEV_FLAGS_SYNTHETIC 0x000000001
|
||||
+
|
||||
/*
|
||||
* Verify that we are in sync with input_device_id mod_devicetable.h #defines
|
||||
*/
|
||||
diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
|
||||
index 387fa7d05c98..4b07e30b3279 100644
|
||||
--- a/include/linux/sysrq.h
|
||||
+++ b/include/linux/sysrq.h
|
||||
@@ -28,6 +28,8 @@
|
||||
#define SYSRQ_ENABLE_BOOT 0x0080
|
||||
#define SYSRQ_ENABLE_RTNICE 0x0100
|
||||
|
||||
+#define SYSRQ_DISABLE_USERSPACE 0x00010000
|
||||
+
|
||||
struct sysrq_key_op {
|
||||
void (*handler)(int);
|
||||
char *help_msg;
|
||||
@@ -42,8 +44,12 @@ struct sysrq_key_op {
|
||||
* are available -- else NULL's).
|
||||
*/
|
||||
|
||||
+#define SYSRQ_FROM_KERNEL 0x0001
|
||||
+#define SYSRQ_FROM_PROC 0x0002
|
||||
+#define SYSRQ_FROM_SYNTHETIC 0x0004
|
||||
+
|
||||
void handle_sysrq(int key);
|
||||
-void __handle_sysrq(int key, bool check_mask);
|
||||
+void __handle_sysrq(int key, int from);
|
||||
int register_sysrq_key(int key, struct sysrq_key_op *op);
|
||||
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
|
||||
struct sysrq_key_op *__sysrq_get_key_op(int key);
|
||||
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
|
||||
index 2a20c0dfdafc..3d17205dab77 100644
|
||||
--- a/kernel/debug/kdb/kdb_main.c
|
||||
+++ b/kernel/debug/kdb/kdb_main.c
|
||||
@@ -1968,7 +1968,7 @@ static int kdb_sr(int argc, const char **argv)
|
||||
return KDB_ARGCOUNT;
|
||||
|
||||
kdb_trap_printk++;
|
||||
- __handle_sysrq(*argv[1], check_mask);
|
||||
+ __handle_sysrq(*argv[1], check_mask & SYSRQ_FROM_KERNEL);
|
||||
kdb_trap_printk--;
|
||||
|
||||
return 0;
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index cb1f1da69bf4..5933c27ba19e 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -270,7 +270,7 @@ static void module_assert_mutex_or_preempt(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
-static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
|
||||
+bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
|
||||
#ifndef CONFIG_MODULE_SIG_FORCE
|
||||
module_param(sig_enforce, bool_enable_only, 0644);
|
||||
#endif /* !CONFIG_MODULE_SIG_FORCE */
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -1,118 +0,0 @@
|
|||
From 03a4ad09f20944e1917abfd24d1d0e5f107a2861 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
|
||||
enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
kernel code, allowing them to circumvent disabled module loading or module
|
||||
signing. Default to paranoid - in future we can potentially relax this for
|
||||
sufficiently IOMMU-isolated devices.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/pci/pci-sysfs.c | 10 ++++++++++
|
||||
drivers/pci/proc.c | 8 +++++++-
|
||||
drivers/pci/syscall.c | 3 ++-
|
||||
3 files changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index bcd10c795284..a950301496f3 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <linux/vgaarb.h>
|
||||
#include <linux/pm_runtime.h>
|
||||
#include <linux/of.h>
|
||||
+#include <linux/module.h>
|
||||
#include "pci.h"
|
||||
|
||||
static int sysfs_initialized; /* = 0 */
|
||||
@@ -716,6 +717,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
loff_t init_off = off;
|
||||
u8 *data = (u8 *) buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (off > dev->cfg_size)
|
||||
return 0;
|
||||
if (off + count > dev->cfg_size) {
|
||||
@@ -1007,6 +1011,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
resource_size_t start, end;
|
||||
int i;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
||||
if (res == &pdev->resource[i])
|
||||
break;
|
||||
@@ -1106,6 +1113,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *attr, char *buf,
|
||||
loff_t off, size_t count)
|
||||
{
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
|
||||
}
|
||||
|
||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||
index 2408abe4ee8c..59f321c56c18 100644
|
||||
--- a/drivers/pci/proc.c
|
||||
+++ b/drivers/pci/proc.c
|
||||
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
|
||||
int size = dev->cfg_size;
|
||||
int cnt;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (pos >= size)
|
||||
return 0;
|
||||
if (nbytes >= size)
|
||||
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
|
||||
#endif /* HAVE_PCI_MMAP */
|
||||
int ret = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
switch (cmd) {
|
||||
case PCIIOC_CONTROLLER:
|
||||
ret = pci_domain_nr(dev->bus);
|
||||
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
struct pci_filp_private *fpriv = file->private_data;
|
||||
int i, ret, write_combine;
|
||||
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
/* Make sure the caller is mapping a real resource for this device */
|
||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||
index b91c4da68365..98f5637304d1 100644
|
||||
--- a/drivers/pci/syscall.c
|
||||
+++ b/drivers/pci/syscall.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/errno.h>
|
||||
#include <linux/pci.h>
|
||||
#include <linux/syscalls.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include "pci.h"
|
||||
|
||||
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
||||
u32 dword;
|
||||
int err = 0;
|
||||
|
||||
- if (!capable(CAP_SYS_ADMIN))
|
||||
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
From 9f31204f829da97f99f7aacf30f0ddc26e456df7 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
to be subverted, avoiding module loading restrictions. Prevent this when
|
||||
any restrictions have been imposed on loading modules.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/char/mem.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index 7f1a7ab5850d..d6a6f05fbc1c 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
if (p != *ppos)
|
||||
return -EFBIG;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!valid_phys_addr_range(p, count))
|
||||
return -EFAULT;
|
||||
|
||||
@@ -516,6 +519,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
|
||||
if (!pfn_valid(PFN_DOWN(p)))
|
||||
return -EIO;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
From ee880324686af8bb212fc088495ea528e3042cd6 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
|
||||
loading is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
loading modules. Disable it in that case.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||
---
|
||||
drivers/acpi/osl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index 416953a42510..4887e343c7fd 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -191,7 +192,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
- if (acpi_rsdp)
|
||||
+ if (acpi_rsdp && !secure_modules())
|
||||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -1,101 +0,0 @@
|
|||
From 10879ae5f12e9cab3c4e8e9504c1aaa8a033bde7 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksey Makarov <aleksey.makarov@linaro.org>
|
||||
Date: Tue, 4 Oct 2016 10:15:32 +0300
|
||||
Subject: serial: pl011: add console matching function
|
||||
|
||||
This patch adds function pl011_console_match() that implements
|
||||
method match of struct console. It allows to match consoles against
|
||||
data specified in a string, for example taken from command line or
|
||||
compiled by ACPI SPCR table handler.
|
||||
|
||||
This patch was merged to tty-next but then reverted because of
|
||||
conflict with
|
||||
|
||||
commit 46e36683f433 ("serial: earlycon: Extend earlycon command line option to support 64-bit addresses")
|
||||
|
||||
Now it is fixed.
|
||||
|
||||
Signed-off-by: Aleksey Makarov <aleksey.makarov@linaro.org>
|
||||
Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
|
||||
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
|
||||
Tested-by: Christopher Covington <cov@codeaurora.org>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
---
|
||||
drivers/tty/serial/amba-pl011.c | 55 +++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 55 insertions(+)
|
||||
|
||||
diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c
|
||||
index e2c33b9..c00ab22 100644
|
||||
--- a/drivers/tty/serial/amba-pl011.c
|
||||
+++ b/drivers/tty/serial/amba-pl011.c
|
||||
@@ -2315,12 +2315,67 @@ static int __init pl011_console_setup(struct console *co, char *options)
|
||||
return uart_set_options(&uap->port, co, baud, parity, bits, flow);
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * pl011_console_match - non-standard console matching
|
||||
+ * @co: registering console
|
||||
+ * @name: name from console command line
|
||||
+ * @idx: index from console command line
|
||||
+ * @options: ptr to option string from console command line
|
||||
+ *
|
||||
+ * Only attempts to match console command lines of the form:
|
||||
+ * console=pl011,mmio|mmio32,<addr>[,<options>]
|
||||
+ * console=pl011,0x<addr>[,<options>]
|
||||
+ * This form is used to register an initial earlycon boot console and
|
||||
+ * replace it with the amba_console at pl011 driver init.
|
||||
+ *
|
||||
+ * Performs console setup for a match (as required by interface)
|
||||
+ * If no <options> are specified, then assume the h/w is already setup.
|
||||
+ *
|
||||
+ * Returns 0 if console matches; otherwise non-zero to use default matching
|
||||
+ */
|
||||
+static int __init pl011_console_match(struct console *co, char *name, int idx,
|
||||
+ char *options)
|
||||
+{
|
||||
+ unsigned char iotype;
|
||||
+ resource_size_t addr;
|
||||
+ int i;
|
||||
+
|
||||
+ if (strcmp(name, "pl011") != 0)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ if (uart_parse_earlycon(options, &iotype, &addr, &options))
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ if (iotype != UPIO_MEM && iotype != UPIO_MEM32)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ /* try to match the port specified on the command line */
|
||||
+ for (i = 0; i < ARRAY_SIZE(amba_ports); i++) {
|
||||
+ struct uart_port *port;
|
||||
+
|
||||
+ if (!amba_ports[i])
|
||||
+ continue;
|
||||
+
|
||||
+ port = &amba_ports[i]->port;
|
||||
+
|
||||
+ if (port->mapbase != addr)
|
||||
+ continue;
|
||||
+
|
||||
+ co->index = i;
|
||||
+ port->cons = co;
|
||||
+ return pl011_console_setup(co, options);
|
||||
+ }
|
||||
+
|
||||
+ return -ENODEV;
|
||||
+}
|
||||
+
|
||||
static struct uart_driver amba_reg;
|
||||
static struct console amba_console = {
|
||||
.name = "ttyAMA",
|
||||
.write = pl011_console_write,
|
||||
.device = uart_console_device,
|
||||
.setup = pl011_console_setup,
|
||||
+ .match = pl011_console_match,
|
||||
.flags = CON_PRINTBUFFER,
|
||||
.index = -1,
|
||||
.data = &amba_reg,
|
||||
--
|
||||
cgit v0.12
|
||||
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
From ebbd8d01acdf472594f7e43e9a4274745c402e8e Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
|
||||
loading is restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
be manipulated in such a way that arbitrary code can be executed in the
|
||||
kernel, circumventing module loading restrictions. Prevent that if any of
|
||||
these features are enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/platform/x86/asus-wmi.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index ce6ca31a2d09..55d23994d6a2 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1872,6 +1872,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
||||
|
||||
if (err < 0)
|
||||
@@ -1888,6 +1891,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
||||
&retval);
|
||||
|
||||
@@ -1912,6 +1918,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||
union acpi_object *obj;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_ABP060MG=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_AD7766=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_ARM64_SW_TTBR0_PAN is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_BCM2835_VCHIQ is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_BLK_DEV_ZONED=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_BLK_WBT=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_BLK_WBT_MQ=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_BLK_WBT_SQ is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_HI3516CV300 is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_HI3798CV200 is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_MT2701 is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_MT2701_BDPSYS is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_MT2701_ETHSYS is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_MT2701_HIFSYS is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_MT2701_IMGSYS is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_MT2701_MMSYS is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_COMMON_CLK_MT2701_VDECSYS is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DA280=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DA311=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DMARD10=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DMA_FENCE_TRACE is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DPOT_DAC=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_DW_HDMI_I2S_AUDIO=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_HISI_HIBMC=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_I2C_ADV7511_AUDIO=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_DRM_I915_ALPHA_SUPPORT is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_I915_CAPTURE_ERROR=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_I915_COMPRESS_ERROR=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_I915_GVT_KVMGT=m
|
||||
|
|
@ -1 +0,0 @@
|
|||
# CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_MXSFB=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_SIL_SII8620=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DRM_TI_TFP410=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_EFI_ALLOW_SECURE_BOOT_EXIT is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_EFI_SECURE_BOOT_LOCK_DOWN is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_ENVELOPE_DETECTOR=m
|
||||
|
|
@ -1 +0,0 @@
|
|||
# CONFIG_FENCE_TRACE is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_HT16K33=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_HTS221=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_IIO_CROS_EC_SENSORS=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_IIO_CROS_EC_SENSORS_COR=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_IIO_CROS_EC_SENSORS_CORE=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_INPUT_PM8XXX_VIBRATOR=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_INPUT_PMIC8XXX_PWRKEY=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_KEYBOARD_PMIC8XXX=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_LEDS_NIC78BX=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_LEDS_USER=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_LMP91000=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_LOCK_DOWN_KERNEL is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_MFD_PM8XXX=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_MMC_SDHCI_CADENCE=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_MPU3050_I2C is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_MSM_GCC_8994 is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NVME_FC=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NVME_TARGET_FC=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_NVME_TARGET_FCLOOP=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_PINCTRL_MSM8994=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_PINCTRL_SX150X is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_QCOM_ADSP_PIL=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_QCOM_CLK_RPM is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_QCOM_CLK_SMD_RPM is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_REMOTEPROC=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_RTC_DRV_PM8XXX=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_SCR24X is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_SENSORS_TC654=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_SENSORS_TMP108=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_SPI_ARMADA_3700=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_SPI_FSL_LPSPI=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_SUN50I_A64_CCU is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_TEST_ASYNC_DRIVER_PROBE=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_UIO_HV_GENERIC=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_USB_SERIAL_F8153X=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_VFIO_MDEV=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_VFIO_MDEV_DEVICE=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_ACPI_APEI=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_ACPI_APEI_EINJ is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
# CONFIG_ACPI_APEI_ERST_DEBUG is not set
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_ACPI_APEI_GHES=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_ACPI_APEI_PCIEAER=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_ARM64_PTDUMP_DEBUGFS=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_DEBUG_WX=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_AMD_XGBE=m
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_AMD_XGBE_DCB=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_APPLE_PROPERTIES=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_EFI_ALLOW_SECURE_BOOT_EXIT=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_LOCK_DOWN_KERNEL=y
|
||||
|
|
@ -0,0 +1 @@
|
|||
CONFIG_SCHED_MC_PRIO=y
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
From 30772942cc1095c3129eecfa182e2c568e566b9d Mon Sep 17 00:00:00 2001
|
||||
From: Dan Carpenter <dan.carpenter@oracle.com>
|
||||
Date: Thu, 13 Oct 2016 11:54:31 +0300
|
||||
Subject: [PATCH] drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos()
|
||||
|
||||
If the allocation fails the current code returns success. If
|
||||
copy_from_user() fails it returns the number of bytes remaining instead
|
||||
of -EFAULT.
|
||||
|
||||
Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.")
|
||||
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
|
||||
Reviewed-by: Eric Anholt <eric@anholt.net>
|
||||
---
|
||||
drivers/gpu/drm/vc4/vc4_gem.c | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c
|
||||
index ae1609e..4050540 100644
|
||||
--- a/drivers/gpu/drm/vc4/vc4_gem.c
|
||||
+++ b/drivers/gpu/drm/vc4/vc4_gem.c
|
||||
@@ -548,14 +548,15 @@ vc4_cl_lookup_bos(struct drm_device *dev,
|
||||
|
||||
handles = drm_malloc_ab(exec->bo_count, sizeof(uint32_t));
|
||||
if (!handles) {
|
||||
+ ret = -ENOMEM;
|
||||
DRM_ERROR("Failed to allocate incoming GEM handles\n");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- ret = copy_from_user(handles,
|
||||
- (void __user *)(uintptr_t)args->bo_handles,
|
||||
- exec->bo_count * sizeof(uint32_t));
|
||||
- if (ret) {
|
||||
+ if (copy_from_user(handles,
|
||||
+ (void __user *)(uintptr_t)args->bo_handles,
|
||||
+ exec->bo_count * sizeof(uint32_t))) {
|
||||
+ ret = -EFAULT;
|
||||
DRM_ERROR("Failed to copy in GEM handles\n");
|
||||
goto fail;
|
||||
}
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
|
@ -20,7 +20,7 @@ index 46f9be3ad5a2..ad2e62e4cdba 100644
|
|||
+++ b/drivers/gpu/drm/i915/intel_display.c
|
||||
@@ -12970,7 +12970,7 @@ verify_crtc_state(struct drm_crtc *crtc,
|
||||
sw_config = to_intel_crtc_state(crtc->state);
|
||||
if (!intel_pipe_config_compare(dev, sw_config,
|
||||
if (!intel_pipe_config_compare(dev_priv, sw_config,
|
||||
pipe_config, false)) {
|
||||
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
|
||||
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue