openharmony/kernel_linux
1
0
Fork 0
mirror of https://gitee.com/openharmony/kernel_linux synced 2025-04-09 02:21:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
kernel_linux/arch/x86/kernel
History
Dave Young 1f94d5e9a3 lockdown: Copy secure_boot flag in boot params across kexec reboot 
mainline inclusion
from mainline-v5.4-rc1
commit fef5dad9876034253d59acbf8c0c314f4d94cf87
category: bugfix
bugzilla: NA
CVE: CVE-2015-7837

-------------------------------------------------

Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load.  In this state, the system is missing the protections provided
by secure boot.

Adding a patch to fix this by retain the secure_boot flag in original
kernel.

secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub.  Fixing this issue by copying secure_boot flag across kexec reboot.

Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: kexec@lists.infradead.org
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Yu Changchun <yuchangchun1@huawei.com>
2021-02-05 11:36:42 +08:00
..
acpi
x86: ACPI: fix CPU hotplug deadlock
2020-04-23 10:30:20 +02:00
apic
x86/ioapic: Unbreak check_timer()
2020-10-01 13:14:25 +02:00
cpu
x86/mce/inject: Fix a wrong assignment of i_mce.status
2020-08-19 08:14:47 +02:00
fpu
x86/fpu: Allow multiple bits in clearcpuid= parameter
2020-10-29 09:55:00 +01:00
kprobes
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
2020-06-25 15:33:10 +02:00
.gitignore
alternative.c
x86/modules: Avoid breaking W^X while loading modules
2019-05-31 06:46:12 -07:00
amd_gart_64.c
x86/dma/amd_gart: Use dma_direct_{alloc,free}()
2018-03-20 10:01:57 +01:00
amd_nb.c
x86/amd_nb: Add Family 19h PCI IDs
2020-06-22 09:05:25 +02:00
apb_timer.c
aperture_64.c
x86/gart: Exclude GART aperture from kcore
2019-04-20 09:15:59 +02:00
apm_32.c
x86/APM: Fix build warning when PROC_FS is not enabled
2018-09-15 10:16:25 +02:00
asm-offsets_32.c
x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler
2018-07-20 01:11:36 +02:00
asm-offsets_64.c
x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c
2018-07-20 01:11:35 +02:00
asm-offsets.c
x86/entry/32: Enter the kernel via trampoline stack
2018-07-20 01:11:37 +02:00
audit_64.c
bootflag.c
check.c
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
2018-11-13 11:08:19 -08:00
cpuid.c
x86/cpuid: Allow cpuid_read() to schedule
2018-03-27 12:01:48 +02:00
crash_dump_32.c
crash_dump_64.c
crash.c
kexec_file, x86: move re-factored code to generic side
2018-04-13 17:10:27 -07:00
devicetree.c
Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-04-02 16:15:32 -07:00
doublefault.c
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
2017-12-17 13:59:55 +01:00
dumpstack_32.c
x86/dumpstack: Unify show_regs()
2018-03-08 12:04:59 +01:00
dumpstack_64.c
x86/dumpstack: Unify show_regs()
2018-03-08 12:04:59 +01:00
dumpstack.c
x86/process: Don't mix user/kernel regs in 64bit __show_regs()
2018-09-06 14:33:12 +02:00
e820.c
Revert "x86/e820: put !E820_TYPE_RAM regions into memblock.reserved"
2018-12-13 09:16:20 +01:00
early_printk.c
x86/earlyprintk: Add a force option for pciserial device
2018-11-27 16:13:00 +01:00
early-quirks.c
On GEM side:
2018-07-20 12:29:24 +10:00
ebda.c
eisa.c
x86/EISA: Don't probe EISA bus for Xen PV guests
2018-09-11 23:36:50 +02:00
espfix_64.c
x86/espfix: Document use of _PAGE_GLOBAL
2018-04-09 18:27:33 +02:00
ftrace_32.S
x86/stackframe, x86/ftrace: Add pt_regs frame annotations
2020-02-14 16:33:28 -05:00
ftrace_64.S
x86/stackframe, x86/ftrace: Add pt_regs frame annotations
2020-02-14 16:33:28 -05:00
ftrace.c
ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
2020-04-02 15:28:15 +02:00
head32.c
head64.c
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
2019-10-29 09:20:04 +01:00
head_32.S
x86/pgtable/32: Allocate 8k page-tables when PTI is enabled
2018-07-20 01:11:41 +02:00
head_64.S
x86/mm: Expand static page table for fixmap space
2018-09-20 23:17:22 +02:00
hpet.c
x86/hpet: Prevent potential NULL pointer dereference
2019-04-20 09:15:59 +02:00
hw_breakpoint.c
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
2019-04-20 09:15:59 +02:00
i8237.c
x86/i8237: Register device based on FADT legacy boot flag
2018-04-27 16:44:29 +02:00
i8253.c
i8259.c
x86/i8259: Use printk_deferred() to prevent deadlock
2020-08-05 10:06:06 +02:00
idt.c
x86/idt: Keep spurious entries unset in system_vectors
2020-06-25 15:33:05 +02:00
io_delay.c
ioport.c
x86/ioport: add ksys_ioperm() helper; remove in-kernel calls to sys_ioperm()
2018-04-02 20:16:12 +02:00
irq_32.c
x86: Don't include linux/irq.h from asm/hardirq.h
2018-08-05 09:53:13 +02:00
irq_64.c
x86/irq/64: Limit IST stack overflow check to #DB stack
2019-05-31 06:46:20 -07:00
irq_work.c
irq.c
x86/irq: Handle spurious interrupt after shutdown gracefully
2019-07-21 09:03:13 +02:00
irqflags.S
x86/paravirt: Make native_save_fl() extern inline
2018-07-03 10:56:27 +02:00
irqinit.c
x86: Don't include linux/irq.h from asm/hardirq.h
2018-08-05 09:53:13 +02:00
itmt.c
x86/headers: Remove duplicate #includes
2017-12-12 11:32:24 +01:00
jailhouse.c
x86: Convert x86_platform_ops to timespec64
2018-05-19 14:03:14 +02:00
jump_label.c
jump_label: move 'asm goto' support test to Kconfig
2019-06-04 08:02:34 +02:00
kdebugfs.c
kexec-bzimage64.c
lockdown: Copy secure_boot flag in boot params across kexec reboot
2021-02-05 11:36:42 +08:00
kgdb.c
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
2020-01-27 14:51:02 +01:00
ksysfs.c
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
kvm.c
x86/paravirt: Fix callee-saved function ELF sizes
2019-08-06 19:06:52 +02:00
kvmclock.c
x86/kvmclock: set offset for kvm unstable clock
2019-09-16 08:22:07 +02:00
ldt.c
x86/ldt: Remove unused variable in map_ldt_struct()
2018-11-27 16:13:08 +01:00
livepatch.c
machine_kexec_32.c
x86/kexec: Allocate 8k PGDs for PTI
2018-07-30 13:53:48 +02:00
machine_kexec_64.c
x86/mm: Stop pretending pgtable_l5_enabled is a variable
2018-05-19 11:56:57 +02:00
Makefile
jump_label: move 'asm goto' support test to Kconfig
2019-06-04 08:02:34 +02:00
mmconf-fam10h_64.c
module.c
x86/modules: Avoid breaking W^X while loading modules
2019-05-31 06:46:12 -07:00
mpparse.c
x86/boot: Fix memory leak in default_get_smp_config()
2019-07-26 09:14:25 +02:00
msr.c
nmi_selftest.c
nmi.c
x86/nmi: Fix nmi_handle() duration miscalculation
2020-10-29 09:55:00 +01:00
paravirt_patch_32.c
paravirt_patch_64.c
x86/asm/64: Use 32-bit XOR to zero registers
2018-07-03 09:59:29 +02:00
paravirt-spinlocks.c
paravirt.c
x86/paravirt: Fix some warning messages
2018-09-19 13:22:04 +02:00
pci-calgary_64.c
x86/dma: Remove dma_alloc_coherent_gfp_flags()
2018-03-20 10:01:58 +01:00
pci-dma.c
IOMMU Update for Linux v4.19
2018-08-24 13:10:38 -07:00
pci-iommu_table.c
x86/iommu: Use NULL instead of 0
2018-08-02 14:33:19 +02:00
pci-swiotlb.c
x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels
2018-10-19 07:49:32 +02:00
pcspeaker.c
x86/platform/pcspeaker: Use PTR_ERR_OR_ZERO() to fix ptr_ret.cocci warning
2018-07-24 09:46:42 +02:00
perf_regs.c
perf/x86: Store user space frame-pointer value on a sample
2018-05-25 08:11:12 +02:00
platform-quirks.c
x86/i8237: Register device based on FADT legacy boot flag
2018-04-27 16:44:29 +02:00
pmem.c
probe_roms.c
process_32.c
sched/x86: Save [ER]FLAGS on context switch
2019-05-22 07:37:36 +02:00
process_64.c
sched/x86: Save [ER]FLAGS on context switch
2019-05-22 07:37:36 +02:00
process.c
x86/speculation: Prevent rogue cross-process SSBD shutdown
2020-06-22 09:05:01 +02:00
process.h
x86/speculation: Change misspelled STIPB to STIBP
2020-06-22 09:05:04 +02:00
ptrace.c
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
2020-08-19 08:15:03 +02:00
pvclock.c
x86: Convert x86_platform_ops to timespec64
2018-05-19 14:03:14 +02:00
quirks.c
x86/mce: Check for alternate indication of machine check recovery on Skylake
2018-06-07 22:22:12 +02:00
reboot_fixups_32.c
reboot.c
x86/reboot/quirks: Add MacBook6,1 reboot quirk
2020-06-22 09:05:01 +02:00
relocate_kernel_32.S
relocate_kernel_64.S
x86/kexec: Make kexec (mostly) work in 5-level paging mode
2018-01-31 08:39:40 +01:00
resource.c
rtc.c
x86: Convert x86_platform_ops to timespec64
2018-05-19 14:03:14 +02:00
setup_percpu.c
x86/cpu_entry_area: Sync cpu_entry_area to initial_page_table
2018-03-01 09:48:27 +01:00
setup.c
x86, hibernate: Fix nosave_regions setup for hibernation
2019-09-16 08:21:48 +02:00
signal_compat.c
signal: Add TRAP_UNK si_code for undiagnosted trap exceptions
2018-04-25 10:40:56 -05:00
signal.c
x86/uaccess, signal: Fix AC=1 bloat
2019-05-31 06:46:27 -07:00
smp.c
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
2019-10-05 13:09:36 +02:00
smpboot.c
x86: Fix early boot crash on gcc-10, third try
2020-05-20 08:18:49 +02:00
stacktrace.c
x86/stacktrace: Do not fail for ORC with regs on stack
2018-06-21 16:34:56 +02:00
step.c
sys_x86_64.c
compat: Move compat_timespec/ timeval to compat_time.h
2018-04-19 13:29:54 +02:00
sysfb_efi.c
x86/sysfb_efi: Add quirks for some devices with swapped width and height
2019-07-31 07:27:10 +02:00
sysfb_simplefb.c
x86/sysfb: Fix check for bad VRAM size
2020-02-24 08:34:38 +01:00
sysfb.c
tboot.c
x86/pti: Make unpoison of pgd for trusted boot work for real
2018-01-11 23:36:59 +01:00
tce_64.c
time.c
x86_64: Fix jiffies ODR violation
2020-06-22 09:05:01 +02:00
tls.c
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
2019-07-14 08:11:17 +02:00
tls.h
topology.c
x86/xen: Disable CPU0 hotplug for Xen PV
2018-09-12 21:15:02 +02:00
trace_clock.c
tracepoint.c
traps.c
x86/speculation/mds: Revert CPU buffer clear on double fault exit
2019-05-22 07:37:34 +02:00
tsc_msr.c
x86/cpu: Sanitize FAM6_ATOM naming
2019-05-14 19:17:53 +02:00
tsc_sync.c
Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-13 19:07:38 -08:00
tsc.c
x86/cpu: Sanitize FAM6_ATOM naming
2019-05-14 19:17:53 +02:00
umip.c
signal: Ensure every siginfo we send has all bits initialized
2018-04-25 10:40:51 -05:00
unwind_frame.c
x86/unwind: Handle NULL pointer calls better in frame unwinder
2019-03-27 14:14:42 +09:00
unwind_guess.c
unwind_orc.c
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
2020-11-05 11:08:37 +01:00
uprobes.c
signal: Properly deliver SIGSEGV from x86 uprobes
2019-11-20 18:46:22 +01:00
verify_cpu.S
vm86_32.c
x86/entry: Rename update_sp0 to update_task_stack
2018-07-20 01:11:40 +02:00
vmlinux.lds.S
x86, vmlinux.lds: Page-align end of ..page_aligned sections
2020-07-29 10:16:58 +02:00
vsmp_64.c
x86_init.c
x86/tsc: Make use of tsc_calibrate_cpu_early()
2018-07-20 00:02:44 +02:00