Daniel Axtens [Thu, 2 Apr 2020 05:16:32 +0000 (16:16 +1100)]
UBUNTU: SAUCE: (lockdown) powerpc: lock down kernel in secure boot mode
BugLink: https://bugs.launchpad.net/bugs/1855668
PowerNV has recently gained Secure Boot support. If it's enabled through
the firmware and bootloader stack, then lock down the kernel.
Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
(cherry picked from commit d4f3f12e040caf3ec669726efb67b27550a4713f) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Seth Forshee [Thu, 10 Oct 2019 16:19:32 +0000 (11:19 -0500)]
UBUNTU: SAUCE: (lockdown) security: lockdown: Make CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT more generic
s390 supports secure boot which is not based on EFI. Change the
config option to be more generic, and allow it to be enabled on
s390.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
(cherry picked from commit dd9548a9eb3f2a34ee7c60abce157f8e2868e7c7) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Seth Forshee [Thu, 10 Oct 2019 15:57:25 +0000 (10:57 -0500)]
UBUNTU: SAUCE: (lockdown) arm64: Allow locking down the kernel under EFI secure boot
Add support to arm64 for the CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
option. When enabled the lockdown LSM will be enabled with
maximum confidentiality when booted under EFI secure boot.
Based on an earlier patch by Linn Crosetto.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[v2: ported to 5.7-rc1 and adapted to the new fdt parsing mechanism] Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
(cherry picked from commit fb9c9645d977e23e9b494ce008d31507d872ffef) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Robert Holmes [Tue, 23 Apr 2019 07:39:29 +0000 (07:39 +0000)]
UBUNTU: SAUCE: (lockdown) KEYS: Make use of platform keyring for module signature verify
This patch completes commit 278311e417be ("kexec, KEYS: Make use of
platform keyring for signature verify") which, while adding the
platform keyring for bzImage verification, neglected to also add
this keyring for module verification.
As such, kernel modules signed with keys from the MokList variable
were not successfully verified.
Signed-off-by: Robert Holmes <robeholmes@gmail.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit b697ff5e26974fee8fcd31a1e221e9dd41515efc
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Jeremy Cline [Wed, 30 Oct 2019 14:37:49 +0000 (14:37 +0000)]
UBUNTU: SAUCE: (lockdown) s390: Lock down the kernel when the IPL secure flag is set
Automatically lock down the kernel to LOCKDOWN_CONFIDENTIALITY_MAX if
the IPL secure flag is set.
Upstream Status: RHEL only Suggested-by: Philipp Rudo <prudo@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 2384646bf71d8c282cf49bb20321fdf802c61cce
https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
David Howells [Mon, 30 Sep 2019 21:28:16 +0000 (21:28 +0000)]
UBUNTU: SAUCE: (lockdown) efi: Lock down the kernel if booted in secure boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware
will only load signed bootloaders and kernels. Certain use cases may
also require that all kernel modules also be signed. Add a
configuration option that to lock down the kernel - which includes
requiring validly signed modules - if the kernel is secure-booted.
Upstream Status: RHEL only Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 5850c93175b9d2e1081873f4bbe08dead202cb08
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
David Howells [Tue, 27 Feb 2018 10:04:55 +0000 (10:04 +0000)]
UBUNTU: SAUCE: (lockdown) efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
flag that can be passed to efi_enabled() to find out whether secure boot is
enabled.
Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code and set the bit there.
Upstream Status: RHEL only Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org
[Rebased for context; efi_is_table_address was moved to arch/x86] Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 53250b991f841be025fa4d264850dadc0fae2861
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Jeremy Cline [Mon, 30 Sep 2019 21:22:47 +0000 (21:22 +0000)]
UBUNTU: SAUCE: (lockdown) security: lockdown: expose a hook to lock the kernel down
In order to automatically lock down kernels running on UEFI machines
booted in Secure Boot mode, expose the lock_kernel_down() hook.
Upstream Status: RHEL only Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 72223fd1241cc5c70b96a491db14d54c83beadd8
from https://gitlab.com/cki-project/kernel-ark)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Peter Jones [Mon, 2 Oct 2017 22:18:30 +0000 (18:18 -0400)]
UBUNTU: SAUCE: (lockdown) Make get_cert_list() use efi_status_to_str() to print error messages.
Upstream Status: RHEL only Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com>
(cherry picked from commit 7ba28f03674fa9346610c3fea7fc93bc58f06d2a
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Peter Jones [Mon, 2 Oct 2017 22:22:13 +0000 (18:22 -0400)]
UBUNTU: SAUCE: (lockdown) Add efi_status_to_str() and rework efi_status_to_err().
This adds efi_status_to_str() for use when printing efi_status_t
messages, and reworks efi_status_to_err() so that the two use a common
list of errors.
Upstream Status: RHEL only Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 2ae9082db0b54d831a9b3782c049d9917e37d89f
from https://gitlab.com/cki-project/kernel-ark) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Greentime Hu [Tue, 16 Mar 2021 21:31:11 +0000 (21:31 +0000)]
clk: sifive: Use reset-simple in prci driver for PCIe driver
We use reset-simple in this patch so that pcie driver can use
devm_reset_control_get() to get this reset data structure and use
reset_control_deassert() to deassert pcie_power_up_rst_n.
Signed-off-by: Greentime Hu <greentime.hu@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Vincent Chen [Tue, 16 Mar 2021 21:31:07 +0000 (21:31 +0000)]
riscv: Get CPU manufacturer information
Issue 3 SBI calls to get the vendor ID, architecture ID and implementation
ID early in boot so we only need to take the SBI call overhead once.
Signed-off-by: Vincent Chen <vincent.chen@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
riscv: sifive: fu740: cpu{1, 2, 3, 4} set compatible to sifive, u74-mc
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Kai-Heng Feng [Tue, 16 Mar 2021 13:13:28 +0000 (21:13 +0800)]
UBUNTU: SAUCE: PCI: Serialize TGL e1000e PM ops
BugLink: https://bugs.launchpad.net/bugs/1919321
On TGL systems, PCI_COMMAND may randomly flip to 0 on system resume.
This is devastating to drivers that use pci_set_master(), like NVMe and
xHCI, to enable DMA in their resume routine, as pci_set_master() can
inadvertently disable PCI_COMMAND_IO and PCI_COMMAND_MEMORY, making
resources inaccessible.
The issue is reproducible on all kernel releases, but obviously the
situation is exacerbated by commit 6cecf02e77ab ('Revert "e1000e:
disable s0ix entry and exit flows for ME systems"').
Seems like ME is out to lunch until it's finally out of ULP polling. So
ensure e1000e PM ops are serialized by enforcing device links to
workaround the issue. This is another hacky hackish hack that we can't
upstream :)
Of course this will make suspend and resume a bit slower, but at least
we protect other PCI devices by keeping ME from going full basket case.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212039 Link: https://lore.kernel.org/linux-pci/20210303172223.GA634698@bjorn-Precision-5520/ Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1919123
On some platforms, the EC doesn't support the register reading sequence
for sentelic[1], and then make the EC can't respond commands for a while
when probing. It leads to the keyboard non-responsive for around 10
seconds while waking up from s2idle.
A DMI quirk to mark this platform doesn't have aux device could avoid those
commands to be sent. And the system could still using i2c interface to
communicate with the touchpad.
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com>
(cherry picked from https://lkml.org/lkml/2021/3/15/126) Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Paolo Pisati [Thu, 18 Feb 2021 14:58:21 +0000 (15:58 +0100)]
UBUNTU: SAUCE: selftests: memory-hotplug: bump timeout to 10min
$ sudo make -C tools/testing/selftests/memory-hotplug run_tests
TAP version 13
1..1
...
15:11:09 DEBUG| [stdout] not ok 1 selftests: memory-hotplug: mem-on-off-test.sh # TIMEOUT 45 seconds
The memory-hotplug selftest can take up to several minutes, depending on memory
size and cpu speed of the testbench, so bump timeout to 10 minutes.
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Andrea Righi [Thu, 14 Jan 2021 11:06:12 +0000 (12:06 +0100)]
UBUNTU: SAUCE: x86/entry: build thunk_$(BITS) only if CONFIG_PREEMPTION=y
With CONFIG_PREEMPTION disabled, arch/x86/entry/thunk_64.o is just an
empty object file.
With the newer binutils (tested with 2.35.90.20210113-1ubuntu1) the GNU
assembler doesn't generate a symbol table for empty object files and
objtool fails with the following error when a valid symbol table cannot
be found:
arch/x86/entry/thunk_64.o: warning: objtool: missing symbol table
To prevent this from happening, build thunk_$(BITS).o only if
CONFIG_PREEMPTION is enabled.
BugLink: https://bugs.launchpad.net/bugs/1911359 Fixes: 320100a5ffe5 ("x86/entry: Remove the TRACE_IRQS cruft") Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1865402
ODM asks us to use get_display_mode command to confirm the scalar's
behavior, and Windows use this command, too.
To align the behavior with Windows, remove get_scalar_status command and
replace it with get_display_mode.
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1910965
By default no functions are assigned to LEDs. It's up to user/distribution
to provide udev rules to configure them.
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
(backported from https://github.com/sifive/meta-sifive/blob/2020.11/recipes-kernel/linux/files/freedom-u540/0007-Add-PWM-LEDs-D1-D2-D3-D4.patch) Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Atish Patra <atish.patra@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
Upstream-Status: Inappropriate [enable feature]
(backported from https://github.com/sifive/meta-sifive/blob/2020.11/recipes-kernel/linux/files/freedom-u540/0002-Microsemi-PCIe-expansion-board-DT-entry.patch) Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1896801
Since upstream has removed python3-venv, update our build dependencies and let
linux-doc build outside a virtualenv.
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: dccp: avoid double free of ccid on child socket
When a dccp socket is cloned, the pointers to dccps_hc_rx_ccid and
dccps_hc_tx_ccid are copied. When CCID features are activated on the child
socket, the CCID objects are freed, leaving the parent socket with dangling
pointers.
During cloning, set dccps_hc_rx_ccid and dccps_hc_tx_ccid to NULL so the
parent objects are not freed.
Reported-by: Hadar Manor
CVE-2020-16119 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Juerg Haefliger <juerg.haefliger@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: AppArmor: Remove the exclusive flag
With the inclusion of the "display" process attribute
mechanism AppArmor no longer needs to be treated as an
"exclusive" security module. Remove the flag that indicates
it is exclusive. Remove the stub getpeersec_dgram AppArmor
hook as it has no effect in the single LSM case and
interferes in the multiple LSM case.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 22:27:38 +0000 (15:27 -0700)]
UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context
Add an entry /proc/.../attr/context which displays the full
process security "context" in compound format:
lsm1\0value\0lsm2\0value\0...
This entry is not writable.
A security module may decide that its policy does not allow
this information to be displayed. In this case none of the
information will be displayed.
Casey Schaufler [Fri, 21 Aug 2020 21:59:03 +0000 (14:59 -0700)]
UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM
attributes
Create a new audit record type to contain the object information
when there are multiple security modules that require such data.
This record is emitted before the other records for the event, but
is linked with the same timestamp and serial number.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-audit@redhat.com Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 21:29:19 +0000 (14:29 -0700)]
UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes
Create a new audit record type to contain the subject information
when there are multiple security modules that require such data.
This record is linked with the same timestamp and serial number.
The record is produced only in cases where there is more than one
security module with a process "context".
Before this change the only audit events that required multiple
records were syscall events. Several non-syscall events include
subject contexts, so the use of audit_context data has been expanded
as necessary.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-audit@redhat.com Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 17:54:15 +0000 (10:54 -0700)]
UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob
Netlabel uses LSM interfaces requiring an lsmblob and
the internal storage is used to pass information between
these interfaces, so change the internal data from a secid
to a lsmblob. Update the netlabel interfaces and their
callers to accommodate the change. This requires that the
modules using netlabel use the lsm_id.slot to access the
correct secid when using netlabel.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 23:25:25 +0000 (16:25 -0700)]
UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx
Change the security_inode_getsecctx() interface to fill
a lsmcontext structure instead of data and length pointers.
This provides the information about which LSM created the
context so that security_release_secctx() can use the
correct hook.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 22:19:52 +0000 (15:19 -0700)]
UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx
Replace the (secctx,seclen) pointer pair with a single
lsmcontext pointer to allow return of the LSM identifier
along with the context and context length. This allows
security_release_secctx() to know how to release the
context. Callers have been modified to use or save the
returned data from the new structure.
Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 18:47:01 +0000 (11:47 -0700)]
UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser
Add a new lsmcontext data structure to hold all the information
about a "security context", including the string, its size and
which LSM allocated the string. The allocation information is
necessary because LSMs have different policies regarding the
lifecycle of these strings. SELinux allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 17:40:08 +0000 (10:40 -0700)]
UBUNTU: SAUCE: LSM: Specify which LSM to display
Create a new entry "display" in the procfs attr directory for
controlling which LSM security information is displayed for a
process. A process can only read or write its own display value.
The name of an active LSM that supplies hooks for
human readable data may be written to "display" to set the
value. The name of the LSM currently in use can be read from
"display". At this point there can only be one LSM capable
of display active. A helper function lsm_task_display() is
provided to get the display slot for a task_struct.
Setting the "display" requires that all security modules using
setprocattr hooks allow the action. Each security module is
responsible for defining its policy.
AppArmor hook provided by John Johansen <john.johansen@canonical.com>
SELinux hook provided by Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 16:24:21 +0000 (09:24 -0700)]
UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs
The IMA interfaces ima_get_action() and ima_match_policy()
call LSM functions that use lsmblobs. Change the IMA functions
to pass the lsmblob to be compatible with the LSM functions.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 15:43:21 +0000 (08:43 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid
Change the security_cred_getsecid() interface to fill in a
lsmblob instead of a u32 secid. The associated data elements
in the audit sub-system are changed from a secid to a lsmblob
to accommodate multiple possible LSM audit users.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 00:28:57 +0000 (17:28 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid
Change the security_inode_getsecid() interface to fill in a
lsmblob structure instead of a u32 secid. This allows for its
callers to gather data from all registered LSMs. Data is provided
for IMA and audit.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Wed, 19 Aug 2020 23:06:37 +0000 (16:06 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid
Change the security_task_getsecid() interface to fill in
a lsmblob structure instead of a u32 secid in support of
LSM stacking. Audit interfaces will need to collect all
possible secids for possible reporting.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 19 Mar 2020 16:40:29 +0000 (09:40 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid
There may be more than one LSM that provides IPC data
for auditing. Change security_ipc_getsecid() to fill in
a lsmblob structure instead of the u32 secid. The
audit data structure containing the secid will be updated
later, so there is a bit of scaffolding here.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Wed, 19 Aug 2020 16:32:48 +0000 (09:32 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx
Change security_secid_to_secctx() to take a lsmblob as input
instead of a u32 secid. It will then call the LSM hooks
using the lsmblob element allocated for that module. The
callers have been updated as well. This allows for the
possibility that more than one module may be called upon
to translate a secid to a string, as can occur in the
audit code.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid
Change security_secctx_to_secid() to fill in a lsmblob instead
of a u32 secid. Multiple LSMs may be able to interpret the
string, and this allows for setting whichever secid is
appropriate. Change security_secmark_relabel_packet() to use a
lsmblob instead of a u32 secid. In some other cases there is
scaffolding where interfaces have yet to be converted.
UBUNTU: SAUCE: net: Prepare UDS for security module stacking
Change the data used in UDS SO_PEERSEC processing from a
secid to a more general struct lsmblob. Update the
security_socket_getpeersec_dgram() interface to use the
lsmblob. There is a small amount of scaffolding code
that will come out when the security_secid_to_secctx()
code is brought in line with the lsmblob.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Tue, 18 Aug 2020 17:12:56 +0000 (10:12 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as
Change the security_kernel_act_as interface to use a lsmblob
structure in place of the single u32 secid in support of
module stacking. Change its only caller, set_security_override,
to do the same. Change that one's only caller,
set_security_override_from_ctx, to call it with the new
parameter type.
The security module hook is unchanged, still taking a secid.
The infrastructure passes the correct entry from the lsmblob.
lsmblob_init() is used to fill the lsmblob structure, however
this will be removed later in the series when security_secctx_to_secid()
is undated to provide a lsmblob instead of a secid.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Tue, 18 Aug 2020 00:15:27 +0000 (17:15 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match
Change the secid parameter of security_audit_rule_match
to a lsmblob structure pointer. Pass the entry from the
lsmblob structure for the approprite slot to the LSM hook.
Change the users of security_audit_rule_match to use the
lsmblob instead of a u32. The scaffolding function lsmblob_init()
fills the blob with the value of the old secid, ensuring that
it is available to the appropriate module hook. The sources of
the secid, security_task_getsecid() and security_inode_getsecid(),
will be converted to use the blob structure later in the series.
At the point the use of lsmblob_init() is dropped.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Mon, 17 Aug 2020 23:02:56 +0000 (16:02 -0700)]
UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure.
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.
The lsmblob structure is currently an array of
u32 "secids". There is an entry for each of the
security modules built into the system that would
use secids if active. The system assigns the module
a "slot" when it registers hooks. If modules are
compiled in but not registered there will be unused
slots.
A new lsm_id structure, which contains the name
of the LSM and its slot number, is created. There
is an instance for each LSM, which assigns the name
and passes it to the infrastructure to set the slot.
The audit rules data is expanded to use an array of
security module data rather than a single instance.
Because IMA uses the audit rule functions it is
affected as well.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[ update to support landlock ] Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
UBUNTU: SAUCE: LSM: Infrastructure management of the sock security
Move management of the sock->sk_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.
Acked-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Tue, 6 Oct 2020 21:29:39 +0000 (14:29 -0700)]
UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()
LSM: Infrastructure management of the sock security
changes apparmor to use aa_sock() instead of SK_CTX() but doesn't
update the apparmor unix mediation because that code is not upstream.
So make the change here instead of modifying the LSM patch.
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Tue, 6 Oct 2020 21:01:04 +0000 (14:01 -0700)]
UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()
The LSM stacking patches introduce and use a macro aa_sock
which conflicts with the apparmor unix mediation patches. Rename
aa_sock() in apparmor to avoid a conflict.
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Tue, 6 Oct 2020 21:43:16 +0000 (14:43 -0700)]
UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx
Displaying the mode as part of the seectx takes up unnecessary memory,
makes it so we can't use refcounted secctx so we need to alloc/free on
every conversion from secid to secctx and introduces a space that
could be potentially mishandled by tooling.
Eg. In an audit record we get
subj_type=firefix (enforce)
Having the mode reported is not necessary, and might even be confusing
eg. when writing an audit rule to match the above record field you
would use
-F subj_type=firefox
ie. the mode is not included. AppArmor provides ways to find the mode
without reporting as part of the secctx. So disable this by default
before its use is wide spread and we can't. For now we add a sysctl
to control the behavior as we can't guarentee no one is using this.
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
ubuntu-host is a module for providing data to containers via proc.
Initially it is populated with a single file, esm-token, for
supplying ESM access tokens.
This patch only papers over the symptom, as we don't really know the
root cause of the issue. The most possible culprit is Intel ME, which
may do its own things that conflict with software.
Intel ethernet devs are aware of this issue, though they think this is
not the right solution. However, instead of papering over the cracks,
they don't have any solution either because they don't support ME under
Linux :)
Full discussion can be found here:
https://lore.kernel.org/lkml/20200923074751.10527-1-kai.heng.feng@canonical.com/
UBUNTU: SAUCE: PCI/ASPM: Enable LTR for endpoints behind VMD
BugLink: https://bugs.launchpad.net/bugs/1896598
In addition to ASPM, LTR also needs to be programmed with a reasonable
value to let PCIe link reaches L1.2.
For now, program a hardcoded value that is used under Windows.
While at it, consolidate ASPM and LTR enabling logic to share a same pci
device table.
UBUNTU: SAUCE: xhci: workaround for S3 issue on AMD SNPS 3.0 xHC
BugLink: https://bugs.launchpad.net/bugs/1893914
On some platform of AMD, S3 fails with HCE and SRE errors.To fix this,
sparse controller enable bit has to be disabled.
Signed-off-by: Nehal Bakulchandra Shah <Nehal-Bakulchandra.shah@amd.com> Link: https://lkml.org/lkml/2020/8/31/86 Signed-off-by: Aaron Ma <aaron.ma@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
As BIOS may not be able to program the config space for devices under
VMD domain, ASPM needs to be programmed manually by software. This is
also the case under Windows.
The VMD controller itself is a root complex integrated endpoint that
doesn't have ASPM capability, so we can't propagate the ASPM settings to
devices under it. Hence, simply apply ASPM_STATE_ALL to the links under
VMD domain, unsupported states will be cleared out anyway.
Seth Forshee [Wed, 19 Aug 2020 16:22:11 +0000 (11:22 -0500)]
UBUNTU: hio -- Updates for move of make_request_fn to struct block_device_operations
Commit c62b37d96b6e ("block: move ->make_request_fn to struct
block_device_operations") from v5.9-rc1 replaces make_request_fn
with a submit_bio method in struct block_device_operations and
removes the request_queue argument. Update the driver accordingly.
Seth Forshee [Wed, 19 Aug 2020 16:04:30 +0000 (11:04 -0500)]
UBUNTU: SAUCE: i915: Fix build error due to missing struct definition
FTBFS in v5.9-rc1:
In file included from /tmp/kernel-sforshee-f5108e59edd8-jyEs/build/drivers/gpu/drm/i915/i915_active.h:12,
from /tmp/kernel-sforshee-f5108e59edd8-jyEs/build/drivers/gpu/drm/i915/gt/intel_context_param.c:6:
/tmp/kernel-sforshee-f5108e59edd8-jyEs/build/drivers/gpu/drm/i915/i915_active_types.h:35:22: error: field 'rwsem' has incomplete type
35 | struct rw_semaphore rwsem;
| ^~~~~
Fix by adding an include to provide the definition.
Seth Forshee [Tue, 11 Aug 2020 19:52:12 +0000 (14:52 -0500)]
UBUNTU: hio -- Update to use bio_{start,end}_io_acct with 5.8+
Since e722fff238bb "block: remove generic_{start,end}_io_acct"
the generic io accounting interaces are no longer available.
Switch to using the replacements.
Andrea Righi [Thu, 30 Jul 2020 15:31:37 +0000 (17:31 +0200)]
UBUNTU: SAUCE: apply a workaround to re-enable CONFIG_CRYPTO_AEGIS128_SIMD
After the update to gcc 10 we started to experience the following build
errors on ARM:
crypto/aegis128-neon-inner.c: In function 'crypto_aegis128_init_neon':
crypto/aegis128-neon-inner.c:151:3: error: incompatible types when initializing type 'unsigned char' using type 'uint8x16_t'
151 | k ^ vld1q_u8(const0),
| ^
crypto/aegis128-neon-inner.c:152:3: error: incompatible types when initializing type 'unsigned char' using type 'uint8x16_t'
152 | k ^ vld1q_u8(const1),
| ^
This seems to be a gcc bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96377
The workaround (suggested in the bug report) is to enforce a cast to
uint8x16_t.
Apply the workaround so that we can re-enable the driver disabled by 7c950e057db6 ("UBUNTU: [Config] disable CONFIG_CRYPTO_AEGIS128_SIMD").
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
UBUNTU: SAUCE: Revert "radix-tree: Use local_lock for protection"
This reverts commit cfa6705d89b6562f79c40c249f8d94073c4276e4. It
adds a gpl-only export which is leaking into nvidia module
builds. This is being discussed upstream, but revert the change
in the mean time. This is harmless, as the change is really for
RT builds and was not intended to have any functional change
outside of that context.
def test():
with tempfile.TemporaryFile() as fd:
fd.write("data".encode('utf-8'))
# re-open the file to get a read-only file descriptor
return open(f"/proc/self/fd/{fd.fileno()}", "r")
def main():
fd = test()
fd.close()
if __name__ == "__main__":
main()
a similar issue was reported here:
https://github.com/systemd/systemd/issues/14861
Our revalidate methods were very opinionated about whether or not a
lower dentry was valid especially when it became unlinked we simply
invalidated the lower dentry which caused above bug to surface. This has
led to bugs where a ESTALE was returned for e.g. temporary files that
were created and directly re-opened afterwards through
/proc/<pid>/fd/<nr-of-deleted-file>. When a file is re-opened through
/proc/<pid>/fd/<nr> LOOKUP_JUMP is set and the vfs will revalidate via
d_weak_revalidate(). Since the file has been unhashed or even already
gone negative we'd fail the open when we should've succeeded.
Navid Emamdoost [Tue, 16 Jun 2020 11:08:49 +0000 (08:08 -0300)]
UBUNTU: SAUCE: nbd_genl_status: null check for nla_nest_start
CVE-2019-16089
nla_nest_start may fail and return NULL. The check is inserted, and
errno is selected based on other call sites within the same source code.
Update: removed extra new line.
v3 Update: added release reply, thanks to Michal Kubecek for pointing
out.
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Reviewed-by: Michal Kubecek <mkubecek@suse.cz> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Ben Hutchings [Tue, 16 Aug 2016 16:27:00 +0000 (10:27 -0600)]
UBUNTU: SAUCE: security,perf: Allow further restriction of perf_event_open
https://lkml.org/lkml/2016/1/11/587
The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity. Adds the
option to disable perf_event_open() entirely for unprivileged users.
This standalone version doesn't include making the variable read-only
(or renaming it).
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.
This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
[ saf: resolve conflicts with v5.8-rc1 ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
/tmp/kernel-sforshee-6727637082e4-45IQ/build/fs/shiftfs.c: In function 'shiftfs_fiemap':
/tmp/kernel-sforshee-6727637082e4-45IQ/build/fs/shiftfs.c:731:13: error: dereferencing pointer to incomplete type 'struct fiemap_extent_info'
/tmp/kernel-sforshee-6727637082e4-45IQ/build/fs/shiftfs.c:731:26: error: 'FIEMAP_FLAG_SYNC' undeclared (first use in this function); did you mean 'FS_XFLAG_SYNC'?
It seems that shiftfs was getting linux/fiemap.h included
indirectly before. Include it directly.
UBUNTU: SAUCE: shiftfs: let userns root destroy subvolumes from other users
BugLink: https://bugs.launchpad.net/bugs/1879688
Stéphane reported a bug found during NorthSec that makes heavy use of
shiftfs. When a subvolume or snapshot is created as userns root in the
container and then chowned to another user a delete as the root user
will fail. The reason for this is that we drop all capabilities as a
safety measure before calling btrfs ioctls. The only workable fix I
could think of is to retain the CAP_DAC_OVERRIDE capability for the
BTRFS_IOC_SNAP_DESTROY ioctl. All other solutions would be way more
invasive.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Cc: Seth Forshee <seth.forshee@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Tue, 3 Mar 2020 17:09:31 +0000 (11:09 -0600)]
UBUNTU: SAUCE: selftests/net -- disable timeout
Some of our net selftests are timing out in autopkgtest. These
tests pass when run in a different (presumably faster)
environment. It appears that we can't disable the timeout for
individual test cases, so disable the timeout for the net
selftests globally.
Seth Forshee [Tue, 3 Mar 2020 17:23:25 +0000 (11:23 -0600)]
UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test
Our autotest infrastructure tries to disable the test by making
it not executable, but the kselftest runner regards this as an
error. Remove the test from the net selftest makefile to avoid
this.
UBUNTU: SAUCE: shiftfs: record correct creator credentials
BugLink: https://bugs.launchpad.net/bugs/1872094
When shiftfs is nested we failed to be able to create any files or
access directories because we recorded the wrong creator credentials. We
need to record the credentials of the creator of the lowers mark mount
of shiftfs. Otherwise we aren't privileged wrt to the shiftfs layer in
the nesting case. This is similar to how we always record the user
namespace of the base filesystem.
Suggested-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Commit "581e260 block: move block layer internals out of include/linux/genhd.h"
hid disk_map_sector_rcu() (and other blk APIs) from driver code, locally add
back the prototype.
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
...
WARNING: modpost: drivers/platform/x86/dell-uart-backlight.o(.text+0x979): Section mismatch in reference from the function dell_uart_bl_add() to the variable .init.rodata:dell_uart_backlight_alpha_platform
The function dell_uart_bl_add() references
the variable __initconst dell_uart_backlight_alpha_platform.
This is often because dell_uart_bl_add lacks a __initconst
annotation or the annotation of dell_uart_backlight_alpha_platform is wrong.
dell_uart_bl_add() was referencing an __initconst
dell_uart_backlight_alpha_platform variable without the __init annotation: fix it by removing __initconst
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Andrea Righi [Mon, 9 Mar 2020 17:22:40 +0000 (18:22 +0100)]
UBUNTU: SAUCE: ptp: free ptp clock properly
There is a bug in ptp_clock_unregister() where pps_unregister_source()
can free up resources needed by posix_clock_unregister() to properly
destroy a related sysfs device.
Fix this by calling pps_unregister_source() in ptp_clock_release().
BugLink: https://bugs.launchpad.net/bugs/1864754 Fixes: a33121e5487b ("ptp: fix the race between the release of ptp_clock and cdev") Tested-by: Piotr Morgwai Kotarbiński <foss@morgwai.pl> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
You-Sheng Yang [Mon, 16 Mar 2020 09:27:21 +0000 (17:27 +0800)]
UBUNTU: SAUCE: Input: i8042 - fix the selftest retry logic
BugLink: https://bugs.launchpad.net/bugs/1866734
It returns -NODEV at the first selftest timeout, so the retry logic
doesn't work. Move the return outside of the while loop to make it real
retry 5 times before returns -ENODEV.
BTW, the origin loop will retry 6 times, also fix this.
Signed-off-by: You-Sheng Yang <vicamo.yang@canonical.com>
(backported from
https://lore.kernel.org/linux-input/20200310033640.14440-1-vicamo@gmail.com/) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
AceLan Kao [Wed, 12 Feb 2020 06:53:15 +0000 (14:53 +0800)]
UBUNTU: SAUCE: platform/x86: dell-uart-backlight: increase retry times
BugLink: https://bugs.launchpad.net/bugs/1862885
From ODM, scalar takes some time to activate panel during booting up,
it can't respond the UART commands within 1 seconds.
So, we add retry and wait 2 seconds for the response. But sometimes it
still fails to read the response.
During the boot up time, it sometimes takes more than 2 seconds to respond
the first command, so we enlarge the retry timeout from 2 seconds to 5
seconds to make sure we get the first response from scalar.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-By: You-Sheng Yang <vicamo.yang@canonical.com> Acked-by: Anthony Wong <anthony.wong@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Andrea Righi [Wed, 12 Feb 2020 09:39:42 +0000 (10:39 +0100)]
UBUNTU: hio -- proc_create() requires a "struct proc_ops" in 5.6
With d56c0d45f0e27f814e87a1676b6bdccccbc252e9 ("proc: decouple proc from
VFS with "struct proc_ops"") proc_create() requires a "struct proc_ops"
instead of a "struct file_operations". Change the code accordingly.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Stefan Bader [Wed, 15 Jan 2020 09:14:28 +0000 (10:14 +0100)]
UBUNTU: SAUCE: md/raid0: Use kernel specific layout
BugLink: https://bugs.launchpad.net/bugs/1850540
This allows to roll out the support for the alternate layout which
accidentally got introduced since kernel v3.14+ without causing
breakage on reboot. The real danger is moving between a 3.13 or
older kernel and any newer. This either has already happened and
the damage has potentially been done or is not yet immediate or
not happening at all (if the raid0 array was created by a 3.14+
kernel). So it is better to just warn from the kernel or once the
user-space tool supporting meta-data update gets rolled out, from
there as well.
Once user-space is in place an with a bit of waiting time this change
should get reverted later.
UBUNTU: SAUCE: shiftfs: prevent lower dentries from going negative during unlink
BugLink: https://bugs.launchpad.net/bugs/1860041
All non-special files (For shiftfs this only includes fifos and - for
this case - unix sockets - since we don't allow character and block
devices to be created.) go through shiftfs_open() and have their dentry
pinned through this codepath preventing it from going negative. But
fifos don't use the shiftfs fops but rather use the pipefifo_fops which
means they do not go through shiftfs_open() and thus don't have their
dentry pinned that way. Thus, the lower dentries for such files can go
negative on unlink causing segfaults. The following C program can be
used to reproduce the crash:
AceLan Kao [Wed, 8 Jan 2020 07:59:45 +0000 (15:59 +0800)]
UBUNTU: SAUCE: platform/x86: dell-uart-backlight: add retry for get scalar status
BugLink: https://bugs.launchpad.net/bugs/1858761
Found on new platforms that UART require more than 1 second to respond
commands in the first 10 seconds after booted.
dell_uart_get_scalar_status() is the first command we send to scalar and
this command should be more reliable than other commands, and make sure
we got correct response from scalar. So, add retry and increase the read
timeout to 2 seconds.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Connor Kuehl <connor.kuehl@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
dann frazier [Wed, 18 Dec 2019 14:29:30 +0000 (07:29 -0700)]
UBUNTU: SAUCE: md/raid0: Link to wiki with guidance on multi-zone RAID0 layout migration
BugLink: https://bugs.launchpad.net/bugs/1850540
Helping an administrator understand this issue and how to deal with it
requires more text than achievable in a kernel error message. Let's
clarify the issue in the Ubuntu wiki, and have the kernel emit a link
to it.
I've submitted a similar change upstream:
https://marc.info/?l=linux-raid&m=157360088014027&w=2
Should it get merged, we should consider replacing this patch with that one.
Otherwise, it is probably safe to drop this SAUCE patch after focal.
Signed-off-by: dann frazier <dann.frazier@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Kai-Heng Feng [Thu, 5 Dec 2019 17:05:27 +0000 (01:05 +0800)]
UBUNTU: SAUCE: USB: core: Attempt power cycle port when it's in eSS.Disabled state
BugLink: https://bugs.launchpad.net/bugs/1855312
On Dell TB16, Realtek USB ethernet (r8152) connects to an SMSC hub which
then connects to ASMedia xHCI's root hub:
/: Bus 04.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 5000M
|__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/7p, 5000M
|__ Port 2: Dev 3, If 0, Class=Vendor Specific Class, Driver=r8152, 5000M
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 004 Device 002: ID 0424:5537 Standard Microsystems Corp. USB5537B
Bus 004 Device 003: ID 0bda:8153 Realtek Semiconductor Corp. RTL8153 Gigabit Ethernet Adapter
The SMSC hub may disconnect after system resume from suspend. When this
happens, the reset resume attempt fails, and the last resort to disable
the port and see something comes up later, also fails.
When the issue occurs, the link state stays in eSS.Disabled state
despite the warm reset attempts. Accoding to spec this can be caused by
invalid VBus, after some expiremets, the SMSC hub can be brought back
after a powercycle.
So let's power cycle the port at the end of reset resume attempt, if
it's in eSS.Disabled state.