kernel-5.17.7-0
* Thu May 12 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.7-0] - Set CONFIG_EFI_DXE_MEM_ATTRIBUTES (Justin M. Forbes) - efi: x86: Set the NX-compatibility flag in the PE header (Peter Jones) - efi: libstub: ensure allocated memory to be executable (Baskov Evgeniy) - efi: libstub: declare DXE services table (Baskov Evgeniy) Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
parent
7af5faffc0
commit
a6037821c0
|
@ -1,3 +1,12 @@
|
||||||
|
"https://gitlab.com/cki-project/kernel-ark/-/commit"/8a35d9b408eeb4798a147fb76eb3f10368133de8
|
||||||
|
8a35d9b408eeb4798a147fb76eb3f10368133de8 efi: x86: Set the NX-compatibility flag in the PE header
|
||||||
|
|
||||||
|
"https://gitlab.com/cki-project/kernel-ark/-/commit"/e42a2e6c9c035388d705b3cec7bf130346b632cc
|
||||||
|
e42a2e6c9c035388d705b3cec7bf130346b632cc efi: libstub: ensure allocated memory to be executable
|
||||||
|
|
||||||
|
"https://gitlab.com/cki-project/kernel-ark/-/commit"/811844b59e9b0e4e91cfa65daaab429e0664edd7
|
||||||
|
811844b59e9b0e4e91cfa65daaab429e0664edd7 efi: libstub: declare DXE services table
|
||||||
|
|
||||||
"https://gitlab.com/cki-project/kernel-ark/-/commit"/ea0c997fe80f42ae5f3028581d1bad74c4a55dc3
|
"https://gitlab.com/cki-project/kernel-ark/-/commit"/ea0c997fe80f42ae5f3028581d1bad74c4a55dc3
|
||||||
ea0c997fe80f42ae5f3028581d1bad74c4a55dc3 Revert "net: bcmgenet: Use stronger register read/writes to assure ordering"
|
ea0c997fe80f42ae5f3028581d1bad74c4a55dc3 Revert "net: bcmgenet: Use stronger register read/writes to assure ordering"
|
||||||
|
|
||||||
|
|
|
@ -2021,6 +2021,7 @@ CONFIG_EFI_ARMSTUB_DTB_LOADER=y
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
CONFIG_EFI_PGT_DUMP=y
|
CONFIG_EFI_PGT_DUMP=y
|
||||||
|
|
|
@ -1532,6 +1532,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
|
|
|
@ -2013,6 +2013,7 @@ CONFIG_EFI_ARMSTUB_DTB_LOADER=y
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
# CONFIG_EFI_PGT_DUMP is not set
|
# CONFIG_EFI_PGT_DUMP is not set
|
||||||
|
|
|
@ -1524,6 +1524,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
|
|
|
@ -2047,6 +2047,7 @@ CONFIG_EFI_ARMSTUB_DTB_LOADER=y
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
CONFIG_EFI_PGT_DUMP=y
|
CONFIG_EFI_PGT_DUMP=y
|
||||||
|
|
|
@ -2040,6 +2040,7 @@ CONFIG_EFI_ARMSTUB_DTB_LOADER=y
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
# CONFIG_EFI_PGT_DUMP is not set
|
# CONFIG_EFI_PGT_DUMP is not set
|
||||||
|
|
|
@ -2001,6 +2001,7 @@ CONFIG_EFI_ARMSTUB_DTB_LOADER=y
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
CONFIG_EFI_PGT_DUMP=y
|
CONFIG_EFI_PGT_DUMP=y
|
||||||
|
|
|
@ -1994,6 +1994,7 @@ CONFIG_EFI_ARMSTUB_DTB_LOADER=y
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
# CONFIG_EFI_PGT_DUMP is not set
|
# CONFIG_EFI_PGT_DUMP is not set
|
||||||
|
|
|
@ -1589,6 +1589,7 @@ CONFIG_EEPROM_LEGACY=m
|
||||||
CONFIG_EEPROM_MAX6875=m
|
CONFIG_EEPROM_MAX6875=m
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
CONFIG_EFI_PGT_DUMP=y
|
CONFIG_EFI_PGT_DUMP=y
|
||||||
|
|
|
@ -1381,6 +1381,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
|
|
|
@ -1580,6 +1580,7 @@ CONFIG_EEPROM_LEGACY=m
|
||||||
CONFIG_EEPROM_MAX6875=m
|
CONFIG_EEPROM_MAX6875=m
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
# CONFIG_EFI_PGT_DUMP is not set
|
# CONFIG_EFI_PGT_DUMP is not set
|
||||||
|
|
|
@ -1373,6 +1373,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
|
|
|
@ -1596,6 +1596,7 @@ CONFIG_EEPROM_LEGACY=m
|
||||||
CONFIG_EEPROM_MAX6875=m
|
CONFIG_EEPROM_MAX6875=m
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
CONFIG_EFI_PGT_DUMP=y
|
CONFIG_EFI_PGT_DUMP=y
|
||||||
|
|
|
@ -1385,6 +1385,7 @@ CONFIG_EDAC_PND2=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
|
|
|
@ -1587,6 +1587,7 @@ CONFIG_EEPROM_LEGACY=m
|
||||||
CONFIG_EEPROM_MAX6875=m
|
CONFIG_EEPROM_MAX6875=m
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
# CONFIG_EFI_PGT_DUMP is not set
|
# CONFIG_EFI_PGT_DUMP is not set
|
||||||
|
|
|
@ -1377,6 +1377,7 @@ CONFIG_EDAC_PND2=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
|
|
|
@ -1383,6 +1383,7 @@ CONFIG_EDAC_PND2=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_PARTITION=y
|
CONFIG_EFI_PARTITION=y
|
||||||
|
|
|
@ -1737,6 +1737,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH is not set
|
# CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_MIXED=y
|
CONFIG_EFI_MIXED=y
|
||||||
|
|
|
@ -1480,6 +1480,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_MIXED=y
|
CONFIG_EFI_MIXED=y
|
||||||
|
|
|
@ -1728,6 +1728,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH is not set
|
# CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_MIXED=y
|
CONFIG_EFI_MIXED=y
|
||||||
|
|
|
@ -1472,6 +1472,7 @@ CONFIG_EEPROM_MAX6875=m
|
||||||
# CONFIG_EFI_CAPSULE_LOADER is not set
|
# CONFIG_EFI_CAPSULE_LOADER is not set
|
||||||
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
|
||||||
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
# CONFIG_EFI_DISABLE_PCI_DMA is not set
|
||||||
|
CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
||||||
# CONFIG_EFI_FAKE_MEMMAP is not set
|
# CONFIG_EFI_FAKE_MEMMAP is not set
|
||||||
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y
|
||||||
CONFIG_EFI_MIXED=y
|
CONFIG_EFI_MIXED=y
|
||||||
|
|
14
kernel.spec
14
kernel.spec
|
@ -130,7 +130,7 @@ Summary: The Linux kernel
|
||||||
# The kernel tarball/base version
|
# The kernel tarball/base version
|
||||||
%define kversion 5.17
|
%define kversion 5.17
|
||||||
|
|
||||||
%define rpmversion 5.17.6
|
%define rpmversion 5.17.7
|
||||||
%define patchversion 5.17
|
%define patchversion 5.17
|
||||||
%define pkgrelease 300
|
%define pkgrelease 300
|
||||||
|
|
||||||
|
@ -695,7 +695,7 @@ BuildRequires: lld
|
||||||
# exact git commit you can run
|
# exact git commit you can run
|
||||||
#
|
#
|
||||||
# xzcat -qq ${TARBALL} | git get-tar-commit-id
|
# xzcat -qq ${TARBALL} | git get-tar-commit-id
|
||||||
Source0: linux-5.17.6.tar.xz
|
Source0: linux-5.17.7.tar.xz
|
||||||
|
|
||||||
Source1: Makefile.rhelver
|
Source1: Makefile.rhelver
|
||||||
|
|
||||||
|
@ -1387,8 +1387,8 @@ ApplyOptionalPatch()
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
%setup -q -n kernel-5.17.6 -c
|
%setup -q -n kernel-5.17.7 -c
|
||||||
mv linux-5.17.6 linux-%{KVERREL}
|
mv linux-5.17.7 linux-%{KVERREL}
|
||||||
|
|
||||||
cd linux-%{KVERREL}
|
cd linux-%{KVERREL}
|
||||||
cp -a %{SOURCE1} .
|
cp -a %{SOURCE1} .
|
||||||
|
@ -3015,6 +3015,12 @@ fi
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 12 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.7-0]
|
||||||
|
- Set CONFIG_EFI_DXE_MEM_ATTRIBUTES (Justin M. Forbes)
|
||||||
|
- efi: x86: Set the NX-compatibility flag in the PE header (Peter Jones)
|
||||||
|
- efi: libstub: ensure allocated memory to be executable (Baskov Evgeniy)
|
||||||
|
- efi: libstub: declare DXE services table (Baskov Evgeniy)
|
||||||
|
|
||||||
* Mon May 09 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.6-0]
|
* Mon May 09 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.6-0]
|
||||||
- fedora: arm: Enable new Rockchip 356x series drivers (Peter Robinson)
|
- fedora: arm: Enable new Rockchip 356x series drivers (Peter Robinson)
|
||||||
- fedora: arm: enable DRM_I2C_NXP_TDA998X on aarch64 (Peter Robinson)
|
- fedora: arm: enable DRM_I2C_NXP_TDA998X on aarch64 (Peter Robinson)
|
||||||
|
|
|
@ -7,6 +7,8 @@
|
||||||
arch/s390/include/asm/ipl.h | 1 +
|
arch/s390/include/asm/ipl.h | 1 +
|
||||||
arch/s390/kernel/ipl.c | 5 +
|
arch/s390/kernel/ipl.c | 5 +
|
||||||
arch/s390/kernel/setup.c | 4 +
|
arch/s390/kernel/setup.c | 4 +
|
||||||
|
arch/x86/boot/header.S | 4 +
|
||||||
|
arch/x86/include/asm/efi.h | 5 +
|
||||||
arch/x86/kernel/setup.c | 22 ++--
|
arch/x86/kernel/setup.c | 22 ++--
|
||||||
crypto/rng.c | 73 +++++++++++-
|
crypto/rng.c | 73 +++++++++++-
|
||||||
drivers/acpi/apei/hest.c | 8 ++
|
drivers/acpi/apei/hest.c | 8 ++
|
||||||
|
@ -16,8 +18,11 @@
|
||||||
drivers/char/ipmi/ipmi_dmi.c | 15 +++
|
drivers/char/ipmi/ipmi_dmi.c | 15 +++
|
||||||
drivers/char/ipmi/ipmi_msghandler.c | 16 ++-
|
drivers/char/ipmi/ipmi_msghandler.c | 16 ++-
|
||||||
drivers/char/random.c | 115 +++++++++++++++++++
|
drivers/char/random.c | 115 +++++++++++++++++++
|
||||||
|
drivers/firmware/efi/Kconfig | 12 ++
|
||||||
drivers/firmware/efi/Makefile | 1 +
|
drivers/firmware/efi/Makefile | 1 +
|
||||||
drivers/firmware/efi/efi.c | 124 +++++++++++++++------
|
drivers/firmware/efi/efi.c | 124 +++++++++++++++------
|
||||||
|
drivers/firmware/efi/libstub/efistub.h | 74 ++++++++++++
|
||||||
|
drivers/firmware/efi/libstub/x86-stub.c | 119 +++++++++++++++++++-
|
||||||
drivers/firmware/efi/secureboot.c | 38 +++++++
|
drivers/firmware/efi/secureboot.c | 38 +++++++
|
||||||
drivers/gpu/drm/i915/display/intel_bios.c | 6 +
|
drivers/gpu/drm/i915/display/intel_bios.c | 6 +
|
||||||
drivers/gpu/drm/i915/display/intel_psr.c | 9 ++
|
drivers/gpu/drm/i915/display/intel_psr.c | 9 ++
|
||||||
|
@ -35,7 +40,7 @@
|
||||||
fs/nfs/client.c | 3 +-
|
fs/nfs/client.c | 3 +-
|
||||||
fs/nfs/fs_context.c | 8 ++
|
fs/nfs/fs_context.c | 8 ++
|
||||||
include/linux/dma-mapping.h | 8 ++
|
include/linux/dma-mapping.h | 8 ++
|
||||||
include/linux/efi.h | 22 ++--
|
include/linux/efi.h | 24 ++--
|
||||||
include/linux/lsm_hook_defs.h | 2 +
|
include/linux/lsm_hook_defs.h | 2 +
|
||||||
include/linux/lsm_hooks.h | 6 +
|
include/linux/lsm_hooks.h | 6 +
|
||||||
include/linux/module.h | 1 +
|
include/linux/module.h | 1 +
|
||||||
|
@ -54,7 +59,7 @@
|
||||||
security/lockdown/Kconfig | 13 +++
|
security/lockdown/Kconfig | 13 +++
|
||||||
security/lockdown/lockdown.c | 1 +
|
security/lockdown/lockdown.c | 1 +
|
||||||
security/security.c | 6 +
|
security/security.c | 6 +
|
||||||
56 files changed, 769 insertions(+), 207 deletions(-)
|
61 files changed, 980 insertions(+), 212 deletions(-)
|
||||||
|
|
||||||
diff --git a/Documentation/core-api/dma-attributes.rst b/Documentation/core-api/dma-attributes.rst
|
diff --git a/Documentation/core-api/dma-attributes.rst b/Documentation/core-api/dma-attributes.rst
|
||||||
index 1887d92e8e92..17706dc91ec9 100644
|
index 1887d92e8e92..17706dc91ec9 100644
|
||||||
|
@ -106,7 +111,7 @@ index 000000000000..733a26bd887a
|
||||||
+
|
+
|
||||||
+endmenu
|
+endmenu
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index 7ef8dd5ab6f2..330889bd62b2 100644
|
index ce65b393a2b4..c7526eac960f 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
||||||
|
@ -219,6 +224,38 @@ index 05327be3a982..c473e5ca67f1 100644
|
||||||
/* Have one command line that is parsed and saved in /proc/cmdline */
|
/* Have one command line that is parsed and saved in /proc/cmdline */
|
||||||
/* boot_command_line has been already set up in early.c */
|
/* boot_command_line has been already set up in early.c */
|
||||||
*cmdline_p = boot_command_line;
|
*cmdline_p = boot_command_line;
|
||||||
|
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
|
||||||
|
index 6dbd7e9f74c9..0352e4589efa 100644
|
||||||
|
--- a/arch/x86/boot/header.S
|
||||||
|
+++ b/arch/x86/boot/header.S
|
||||||
|
@@ -163,7 +163,11 @@ extra_header_fields:
|
||||||
|
.long 0x200 # SizeOfHeaders
|
||||||
|
.long 0 # CheckSum
|
||||||
|
.word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application)
|
||||||
|
+#ifdef CONFIG_DXE_MEM_ATTRIBUTES
|
||||||
|
+ .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics
|
||||||
|
+#else
|
||||||
|
.word 0 # DllCharacteristics
|
||||||
|
+#endif
|
||||||
|
#ifdef CONFIG_X86_32
|
||||||
|
.long 0 # SizeOfStackReserve
|
||||||
|
.long 0 # SizeOfStackCommit
|
||||||
|
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
|
||||||
|
index 03cb12775043..4614d54383ac 100644
|
||||||
|
--- a/arch/x86/include/asm/efi.h
|
||||||
|
+++ b/arch/x86/include/asm/efi.h
|
||||||
|
@@ -352,6 +352,11 @@ static inline u32 efi64_convert_status(efi_status_t status)
|
||||||
|
runtime), \
|
||||||
|
func, __VA_ARGS__))
|
||||||
|
|
||||||
|
+#define efi_dxe_call(func, ...) \
|
||||||
|
+ (efi_is_native() \
|
||||||
|
+ ? efi_dxe_table->func(__VA_ARGS__) \
|
||||||
|
+ : __efi64_thunk_map(efi_dxe_table, func, __VA_ARGS__))
|
||||||
|
+
|
||||||
|
#else /* CONFIG_EFI_MIXED */
|
||||||
|
|
||||||
|
static inline bool efi_is_64bit(void)
|
||||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||||
index 90d7e1788c91..262198c48162 100644
|
index 90d7e1788c91..262198c48162 100644
|
||||||
--- a/arch/x86/kernel/setup.c
|
--- a/arch/x86/kernel/setup.c
|
||||||
|
@ -501,7 +538,7 @@ index bbf7029e224b..cf7faa970dd6 100644
|
||||||
dmi_decode_ipmi((const struct dmi_header *) dev->device_data);
|
dmi_decode_ipmi((const struct dmi_header *) dev->device_data);
|
||||||
|
|
||||||
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
|
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
|
||||||
index c59265146e9c..caa8458edde2 100644
|
index f1827257ef0e..5a45c2cd3dc2 100644
|
||||||
--- a/drivers/char/ipmi/ipmi_msghandler.c
|
--- a/drivers/char/ipmi/ipmi_msghandler.c
|
||||||
+++ b/drivers/char/ipmi/ipmi_msghandler.c
|
+++ b/drivers/char/ipmi/ipmi_msghandler.c
|
||||||
@@ -35,6 +35,7 @@
|
@@ -35,6 +35,7 @@
|
||||||
|
@ -512,7 +549,7 @@ index c59265146e9c..caa8458edde2 100644
|
||||||
#include <linux/delay.h>
|
#include <linux/delay.h>
|
||||||
|
|
||||||
#define IPMI_DRIVER_VERSION "39.2"
|
#define IPMI_DRIVER_VERSION "39.2"
|
||||||
@@ -5422,8 +5423,21 @@ static int __init ipmi_init_msghandler_mod(void)
|
@@ -5427,8 +5428,21 @@ static int __init ipmi_init_msghandler_mod(void)
|
||||||
{
|
{
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
|
@ -718,6 +755,29 @@ index 3404a91edf29..184dbb94710c 100644
|
||||||
+ synchronize_rcu();
|
+ synchronize_rcu();
|
||||||
+}
|
+}
|
||||||
+EXPORT_SYMBOL_GPL(random_unregister_extrng);
|
+EXPORT_SYMBOL_GPL(random_unregister_extrng);
|
||||||
|
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
|
||||||
|
index 2c3dac5ecb36..f44f8b746e42 100644
|
||||||
|
--- a/drivers/firmware/efi/Kconfig
|
||||||
|
+++ b/drivers/firmware/efi/Kconfig
|
||||||
|
@@ -91,6 +91,18 @@ config EFI_SOFT_RESERVE
|
||||||
|
|
||||||
|
If unsure, say Y.
|
||||||
|
|
||||||
|
+config EFI_DXE_MEM_ATTRIBUTES
|
||||||
|
+ bool "Adjust memory attributes in EFISTUB"
|
||||||
|
+ depends on EFI && EFI_STUB && X86
|
||||||
|
+ default y
|
||||||
|
+ help
|
||||||
|
+ UEFI specification does not guarantee all memory to be
|
||||||
|
+ accessible for both write and execute as the kernel expects
|
||||||
|
+ it to be.
|
||||||
|
+ Use DXE services to check and alter memory protection
|
||||||
|
+ attributes during boot via EFISTUB to ensure that memory
|
||||||
|
+ ranges used by the kernel are writable and executable.
|
||||||
|
+
|
||||||
|
config EFI_PARAMS_FROM_FDT
|
||||||
|
bool
|
||||||
|
help
|
||||||
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
|
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
|
||||||
index c02ff25dd477..d860f8eb9a81 100644
|
index c02ff25dd477..d860f8eb9a81 100644
|
||||||
--- a/drivers/firmware/efi/Makefile
|
--- a/drivers/firmware/efi/Makefile
|
||||||
|
@ -875,6 +935,276 @@ index 5502e176d51b..93b61ca552d6 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock);
|
static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock);
|
||||||
|
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
|
||||||
|
index edb77b0621ea..2dc24776899a 100644
|
||||||
|
--- a/drivers/firmware/efi/libstub/efistub.h
|
||||||
|
+++ b/drivers/firmware/efi/libstub/efistub.h
|
||||||
|
@@ -36,6 +36,9 @@ extern bool efi_novamap;
|
||||||
|
|
||||||
|
extern const efi_system_table_t *efi_system_table;
|
||||||
|
|
||||||
|
+typedef union efi_dxe_services_table efi_dxe_services_table_t;
|
||||||
|
+extern const efi_dxe_services_table_t *efi_dxe_table;
|
||||||
|
+
|
||||||
|
efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
|
||||||
|
efi_system_table_t *sys_table_arg);
|
||||||
|
|
||||||
|
@@ -44,6 +47,7 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
|
||||||
|
#define efi_is_native() (true)
|
||||||
|
#define efi_bs_call(func, ...) efi_system_table->boottime->func(__VA_ARGS__)
|
||||||
|
#define efi_rt_call(func, ...) efi_system_table->runtime->func(__VA_ARGS__)
|
||||||
|
+#define efi_dxe_call(func, ...) efi_dxe_table->func(__VA_ARGS__)
|
||||||
|
#define efi_table_attr(inst, attr) (inst->attr)
|
||||||
|
#define efi_call_proto(inst, func, ...) inst->func(inst, ##__VA_ARGS__)
|
||||||
|
|
||||||
|
@@ -329,6 +333,76 @@ union efi_boot_services {
|
||||||
|
} mixed_mode;
|
||||||
|
};
|
||||||
|
|
||||||
|
+typedef enum {
|
||||||
|
+ EfiGcdMemoryTypeNonExistent,
|
||||||
|
+ EfiGcdMemoryTypeReserved,
|
||||||
|
+ EfiGcdMemoryTypeSystemMemory,
|
||||||
|
+ EfiGcdMemoryTypeMemoryMappedIo,
|
||||||
|
+ EfiGcdMemoryTypePersistent,
|
||||||
|
+ EfiGcdMemoryTypeMoreReliable,
|
||||||
|
+ EfiGcdMemoryTypeMaximum
|
||||||
|
+} efi_gcd_memory_type_t;
|
||||||
|
+
|
||||||
|
+typedef struct {
|
||||||
|
+ efi_physical_addr_t base_address;
|
||||||
|
+ u64 length;
|
||||||
|
+ u64 capabilities;
|
||||||
|
+ u64 attributes;
|
||||||
|
+ efi_gcd_memory_type_t gcd_memory_type;
|
||||||
|
+ void *image_handle;
|
||||||
|
+ void *device_handle;
|
||||||
|
+} efi_gcd_memory_space_desc_t;
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * EFI DXE Services table
|
||||||
|
+ */
|
||||||
|
+union efi_dxe_services_table {
|
||||||
|
+ struct {
|
||||||
|
+ efi_table_hdr_t hdr;
|
||||||
|
+ void *add_memory_space;
|
||||||
|
+ void *allocate_memory_space;
|
||||||
|
+ void *free_memory_space;
|
||||||
|
+ void *remove_memory_space;
|
||||||
|
+ efi_status_t (__efiapi *get_memory_space_descriptor)(efi_physical_addr_t,
|
||||||
|
+ efi_gcd_memory_space_desc_t *);
|
||||||
|
+ efi_status_t (__efiapi *set_memory_space_attributes)(efi_physical_addr_t,
|
||||||
|
+ u64, u64);
|
||||||
|
+ void *get_memory_space_map;
|
||||||
|
+ void *add_io_space;
|
||||||
|
+ void *allocate_io_space;
|
||||||
|
+ void *free_io_space;
|
||||||
|
+ void *remove_io_space;
|
||||||
|
+ void *get_io_space_descriptor;
|
||||||
|
+ void *get_io_space_map;
|
||||||
|
+ void *dispatch;
|
||||||
|
+ void *schedule;
|
||||||
|
+ void *trust;
|
||||||
|
+ void *process_firmware_volume;
|
||||||
|
+ void *set_memory_space_capabilities;
|
||||||
|
+ };
|
||||||
|
+ struct {
|
||||||
|
+ efi_table_hdr_t hdr;
|
||||||
|
+ u32 add_memory_space;
|
||||||
|
+ u32 allocate_memory_space;
|
||||||
|
+ u32 free_memory_space;
|
||||||
|
+ u32 remove_memory_space;
|
||||||
|
+ u32 get_memory_space_descriptor;
|
||||||
|
+ u32 set_memory_space_attributes;
|
||||||
|
+ u32 get_memory_space_map;
|
||||||
|
+ u32 add_io_space;
|
||||||
|
+ u32 allocate_io_space;
|
||||||
|
+ u32 free_io_space;
|
||||||
|
+ u32 remove_io_space;
|
||||||
|
+ u32 get_io_space_descriptor;
|
||||||
|
+ u32 get_io_space_map;
|
||||||
|
+ u32 dispatch;
|
||||||
|
+ u32 schedule;
|
||||||
|
+ u32 trust;
|
||||||
|
+ u32 process_firmware_volume;
|
||||||
|
+ u32 set_memory_space_capabilities;
|
||||||
|
+ } mixed_mode;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
typedef union efi_uga_draw_protocol efi_uga_draw_protocol_t;
|
||||||
|
|
||||||
|
union efi_uga_draw_protocol {
|
||||||
|
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
|
||||||
|
index 01ddd4502e28..b14e88ccefca 100644
|
||||||
|
--- a/drivers/firmware/efi/libstub/x86-stub.c
|
||||||
|
+++ b/drivers/firmware/efi/libstub/x86-stub.c
|
||||||
|
@@ -22,6 +22,7 @@
|
||||||
|
#define MAXMEM_X86_64_4LEVEL (1ull << 46)
|
||||||
|
|
||||||
|
const efi_system_table_t *efi_system_table;
|
||||||
|
+const efi_dxe_services_table_t *efi_dxe_table;
|
||||||
|
extern u32 image_offset;
|
||||||
|
static efi_loaded_image_t *image = NULL;
|
||||||
|
|
||||||
|
@@ -211,9 +212,110 @@ static void retrieve_apple_device_properties(struct boot_params *boot_params)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+adjust_memory_range_protection(unsigned long start, unsigned long size)
|
||||||
|
+{
|
||||||
|
+ efi_status_t status;
|
||||||
|
+ efi_gcd_memory_space_desc_t desc;
|
||||||
|
+ unsigned long end, next;
|
||||||
|
+ unsigned long rounded_start, rounded_end;
|
||||||
|
+ unsigned long unprotect_start, unprotect_size;
|
||||||
|
+ int has_system_memory = 0;
|
||||||
|
+
|
||||||
|
+ if (efi_dxe_table == NULL)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ rounded_start = rounddown(start, EFI_PAGE_SIZE);
|
||||||
|
+ rounded_end = roundup(start + size, EFI_PAGE_SIZE);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Don't modify memory region attributes, they are
|
||||||
|
+ * already suitable, to lower the possibility to
|
||||||
|
+ * encounter firmware bugs.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ for (end = start + size; start < end; start = next) {
|
||||||
|
+
|
||||||
|
+ status = efi_dxe_call(get_memory_space_descriptor, start, &desc);
|
||||||
|
+
|
||||||
|
+ if (status != EFI_SUCCESS)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ next = desc.base_address + desc.length;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Only system memory is suitable for trampoline/kernel image placement,
|
||||||
|
+ * so only this type of memory needs its attributes to be modified.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ if (desc.gcd_memory_type != EfiGcdMemoryTypeSystemMemory ||
|
||||||
|
+ (desc.attributes & (EFI_MEMORY_RO | EFI_MEMORY_XP)) == 0)
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ unprotect_start = max(rounded_start, (unsigned long)desc.base_address);
|
||||||
|
+ unprotect_size = min(rounded_end, next) - unprotect_start;
|
||||||
|
+
|
||||||
|
+ status = efi_dxe_call(set_memory_space_attributes,
|
||||||
|
+ unprotect_start, unprotect_size,
|
||||||
|
+ EFI_MEMORY_WB);
|
||||||
|
+
|
||||||
|
+ if (status != EFI_SUCCESS) {
|
||||||
|
+ efi_warn("Unable to unprotect memory range [%08lx,%08lx]: %d\n",
|
||||||
|
+ unprotect_start,
|
||||||
|
+ unprotect_start + unprotect_size,
|
||||||
|
+ (int)status);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Trampoline takes 2 pages and can be loaded in first megabyte of memory
|
||||||
|
+ * with its end placed between 128k and 640k where BIOS might start.
|
||||||
|
+ * (see arch/x86/boot/compressed/pgtable_64.c)
|
||||||
|
+ *
|
||||||
|
+ * We cannot find exact trampoline placement since memory map
|
||||||
|
+ * can be modified by UEFI, and it can alter the computed address.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#define TRAMPOLINE_PLACEMENT_BASE ((128 - 8)*1024)
|
||||||
|
+#define TRAMPOLINE_PLACEMENT_SIZE (640*1024 - (128 - 8)*1024)
|
||||||
|
+
|
||||||
|
+void startup_32(struct boot_params *boot_params);
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+setup_memory_protection(unsigned long image_base, unsigned long image_size)
|
||||||
|
+{
|
||||||
|
+ /*
|
||||||
|
+ * Allow execution of possible trampoline used
|
||||||
|
+ * for switching between 4- and 5-level page tables
|
||||||
|
+ * and relocated kernel image.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ adjust_memory_range_protection(TRAMPOLINE_PLACEMENT_BASE,
|
||||||
|
+ TRAMPOLINE_PLACEMENT_SIZE);
|
||||||
|
+
|
||||||
|
+#ifdef CONFIG_64BIT
|
||||||
|
+ if (image_base != (unsigned long)startup_32)
|
||||||
|
+ adjust_memory_range_protection(image_base, image_size);
|
||||||
|
+#else
|
||||||
|
+ /*
|
||||||
|
+ * Clear protection flags on a whole range of possible
|
||||||
|
+ * addresses used for KASLR. We don't need to do that
|
||||||
|
+ * on x86_64, since KASLR/extraction is performed after
|
||||||
|
+ * dedicated identity page tables are built and we only
|
||||||
|
+ * need to remove possible protection on relocated image
|
||||||
|
+ * itself disregarding further relocations.
|
||||||
|
+ */
|
||||||
|
+ adjust_memory_range_protection(LOAD_PHYSICAL_ADDR,
|
||||||
|
+ KERNEL_IMAGE_SIZE - LOAD_PHYSICAL_ADDR);
|
||||||
|
+#endif
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static const efi_char16_t apple[] = L"Apple";
|
||||||
|
|
||||||
|
-static void setup_quirks(struct boot_params *boot_params)
|
||||||
|
+static void setup_quirks(struct boot_params *boot_params,
|
||||||
|
+ unsigned long image_base,
|
||||||
|
+ unsigned long image_size)
|
||||||
|
{
|
||||||
|
efi_char16_t *fw_vendor = (efi_char16_t *)(unsigned long)
|
||||||
|
efi_table_attr(efi_system_table, fw_vendor);
|
||||||
|
@@ -222,6 +324,9 @@ static void setup_quirks(struct boot_params *boot_params)
|
||||||
|
if (IS_ENABLED(CONFIG_APPLE_PROPERTIES))
|
||||||
|
retrieve_apple_device_properties(boot_params);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES))
|
||||||
|
+ setup_memory_protection(image_base, image_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -341,8 +446,6 @@ static void __noreturn efi_exit(efi_handle_t handle, efi_status_t status)
|
||||||
|
asm("hlt");
|
||||||
|
}
|
||||||
|
|
||||||
|
-void startup_32(struct boot_params *boot_params);
|
||||||
|
-
|
||||||
|
void __noreturn efi_stub_entry(efi_handle_t handle,
|
||||||
|
efi_system_table_t *sys_table_arg,
|
||||||
|
struct boot_params *boot_params);
|
||||||
|
@@ -677,11 +780,17 @@ unsigned long efi_main(efi_handle_t handle,
|
||||||
|
efi_status_t status;
|
||||||
|
|
||||||
|
efi_system_table = sys_table_arg;
|
||||||
|
-
|
||||||
|
/* Check if we were booted by the EFI firmware */
|
||||||
|
if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)
|
||||||
|
efi_exit(handle, EFI_INVALID_PARAMETER);
|
||||||
|
|
||||||
|
+ efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID);
|
||||||
|
+ if (efi_dxe_table &&
|
||||||
|
+ efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) {
|
||||||
|
+ efi_warn("Ignoring DXE services table: invalid signature\n");
|
||||||
|
+ efi_dxe_table = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* If the kernel isn't already loaded at a suitable address,
|
||||||
|
* relocate it.
|
||||||
|
@@ -791,7 +900,7 @@ unsigned long efi_main(efi_handle_t handle,
|
||||||
|
|
||||||
|
setup_efi_pci(boot_params);
|
||||||
|
|
||||||
|
- setup_quirks(boot_params);
|
||||||
|
+ setup_quirks(boot_params, bzimage_addr, buffer_end - buffer_start);
|
||||||
|
|
||||||
|
status = exit_boot(boot_params, handle);
|
||||||
|
if (status != EFI_SUCCESS) {
|
||||||
diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
|
diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 000000000000..de0a3714a5d4
|
index 000000000000..de0a3714a5d4
|
||||||
|
@ -1639,7 +1969,7 @@ index dca2b1355bb1..6150d11a607e 100644
|
||||||
* A dma_addr_t can hold any valid DMA or bus address for the platform. It can
|
* A dma_addr_t can hold any valid DMA or bus address for the platform. It can
|
||||||
* be given to a device to use as a DMA source or target. It is specific to a
|
* be given to a device to use as a DMA source or target. It is specific to a
|
||||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||||
index ccd4d3f91c98..e64643e3e364 100644
|
index ccd4d3f91c98..2241dfa131e7 100644
|
||||||
--- a/include/linux/efi.h
|
--- a/include/linux/efi.h
|
||||||
+++ b/include/linux/efi.h
|
+++ b/include/linux/efi.h
|
||||||
@@ -43,6 +43,8 @@
|
@@ -43,6 +43,8 @@
|
||||||
|
@ -1651,7 +1981,23 @@ index ccd4d3f91c98..e64643e3e364 100644
|
||||||
typedef unsigned long efi_status_t;
|
typedef unsigned long efi_status_t;
|
||||||
typedef u8 efi_bool_t;
|
typedef u8 efi_bool_t;
|
||||||
typedef u16 efi_char16_t; /* UNICODE character */
|
typedef u16 efi_char16_t; /* UNICODE character */
|
||||||
@@ -829,6 +831,14 @@ extern int __init efi_setup_pcdp_console(char *);
|
@@ -383,6 +385,7 @@ void efi_native_runtime_setup(void);
|
||||||
|
#define EFI_LOAD_FILE_PROTOCOL_GUID EFI_GUID(0x56ec3091, 0x954c, 0x11d2, 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
|
||||||
|
#define EFI_LOAD_FILE2_PROTOCOL_GUID EFI_GUID(0x4006c0c1, 0xfcb3, 0x403e, 0x99, 0x6d, 0x4a, 0x6c, 0x87, 0x24, 0xe0, 0x6d)
|
||||||
|
#define EFI_RT_PROPERTIES_TABLE_GUID EFI_GUID(0xeb66918a, 0x7eef, 0x402a, 0x84, 0x2e, 0x93, 0x1d, 0x21, 0xc3, 0x8a, 0xe9)
|
||||||
|
+#define EFI_DXE_SERVICES_TABLE_GUID EFI_GUID(0x05ad34ba, 0x6f02, 0x4214, 0x95, 0x2e, 0x4d, 0xa0, 0x39, 0x8e, 0x2b, 0xb9)
|
||||||
|
|
||||||
|
#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
|
||||||
|
#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
|
||||||
|
@@ -435,6 +438,7 @@ typedef struct {
|
||||||
|
} efi_config_table_type_t;
|
||||||
|
|
||||||
|
#define EFI_SYSTEM_TABLE_SIGNATURE ((u64)0x5453595320494249ULL)
|
||||||
|
+#define EFI_DXE_SERVICES_TABLE_SIGNATURE ((u64)0x565245535f455844ULL)
|
||||||
|
|
||||||
|
#define EFI_2_30_SYSTEM_TABLE_REVISION ((2 << 16) | (30))
|
||||||
|
#define EFI_2_20_SYSTEM_TABLE_REVISION ((2 << 16) | (20))
|
||||||
|
@@ -829,6 +833,14 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||||
#define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
|
#define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
|
||||||
#define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */
|
#define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */
|
||||||
#define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */
|
#define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */
|
||||||
|
@ -1666,7 +2012,7 @@ index ccd4d3f91c98..e64643e3e364 100644
|
||||||
|
|
||||||
#ifdef CONFIG_EFI
|
#ifdef CONFIG_EFI
|
||||||
/*
|
/*
|
||||||
@@ -840,6 +850,8 @@ static inline bool efi_enabled(int feature)
|
@@ -840,6 +852,8 @@ static inline bool efi_enabled(int feature)
|
||||||
}
|
}
|
||||||
extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused);
|
extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused);
|
||||||
|
|
||||||
|
@ -1675,7 +2021,7 @@ index ccd4d3f91c98..e64643e3e364 100644
|
||||||
bool __pure __efi_soft_reserve_enabled(void);
|
bool __pure __efi_soft_reserve_enabled(void);
|
||||||
|
|
||||||
static inline bool __pure efi_soft_reserve_enabled(void)
|
static inline bool __pure efi_soft_reserve_enabled(void)
|
||||||
@@ -860,6 +872,8 @@ static inline bool efi_enabled(int feature)
|
@@ -860,6 +874,8 @@ static inline bool efi_enabled(int feature)
|
||||||
static inline void
|
static inline void
|
||||||
efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {}
|
efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {}
|
||||||
|
|
||||||
|
@ -1684,7 +2030,7 @@ index ccd4d3f91c98..e64643e3e364 100644
|
||||||
static inline bool efi_soft_reserve_enabled(void)
|
static inline bool efi_soft_reserve_enabled(void)
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
@@ -872,6 +886,7 @@ static inline bool efi_rt_services_supported(unsigned int mask)
|
@@ -872,6 +888,7 @@ static inline bool efi_rt_services_supported(unsigned int mask)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
extern int efi_status_to_err(efi_status_t status);
|
extern int efi_status_to_err(efi_status_t status);
|
||||||
|
@ -1692,7 +2038,7 @@ index ccd4d3f91c98..e64643e3e364 100644
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Variable Attributes
|
* Variable Attributes
|
||||||
@@ -1124,13 +1139,6 @@ static inline bool efi_runtime_disabled(void) { return true; }
|
@@ -1124,13 +1141,6 @@ static inline bool efi_runtime_disabled(void) { return true; }
|
||||||
extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
|
extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
|
||||||
extern unsigned long efi_call_virt_save_flags(void);
|
extern unsigned long efi_call_virt_save_flags(void);
|
||||||
|
|
||||||
|
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
||||||
SHA512 (linux-5.17.6.tar.xz) = 952bafdd3670e467b50e7508590cfb6fb43bca1c37951cb8cd596d77a1bcb8b68dad67426218bee005d4de55a7137017b538107692bfc936a2d3a7568f898e2a
|
SHA512 (linux-5.17.7.tar.xz) = 582fd92a27f96518e6593e95bd059ea620a6553348502e09bad1b58115b359e1e861d2023e20f822b7bd72ea44f370b56bb3cac2674fd01c2ec629d44ca37ddc
|
||||||
SHA512 (kernel-abi-stablelists-5.17.6-300.tar.bz2) = 67e7f3dbf23d13609147eb946b8852cee8c05e1be0526a5d36a0e77b44ba9af233c455dd2a16b252328b0cf9770431b7d66a0bf77804f4dd1d047d2464cb030e
|
SHA512 (kernel-abi-stablelists-5.17.7-300.tar.bz2) = c456c938caad6d8271f1e01334ec643287d2440c624bb34605dbff7f0fce4f269b82f20ff1291d73f4c9ab0a222577bd8a6e044c68fc370971e0f35bd49bd220
|
||||||
SHA512 (kernel-kabi-dw-5.17.6-300.tar.bz2) = fc9f35049e24964d671b85f2aa60131c0aebcfb31f0ef70112b19570d283c3730f1ca6c575f7d10b42cbcf45cde7f2995ff4e1a27aa7202d3f926ae01909b19b
|
SHA512 (kernel-kabi-dw-5.17.7-300.tar.bz2) = 85a43ea53ebf9b507b97fc262f40cfcf1b47f3f2d281e9c4030a441785d65372578cd01abdf331a3857cef6a7f1ef67006288472ec2d574d554e7c33c40e06eb
|
||||||
|
|
Loading…
Reference in New Issue