From patchwork Fri Nov 24 14:45:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Fitzenreiter X-Patchwork-Id: 7356 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ScHrh64ZBz3x1x for ; Fri, 24 Nov 2023 14:47:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ScHqM5LKgz1GC; Fri, 24 Nov 2023 14:46:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ScHq92G88z30B3; Fri, 24 Nov 2023 14:46:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ScHpg65Ycz309x for ; Fri, 24 Nov 2023 14:45:47 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ScHpb0JGNz307; Fri, 24 Nov 2023 14:45:42 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1700837143; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KaVccpvFhY17VCz1Y+e6JjIhdKpsMB3fMmMcz0DNQ8U=; b=S3FWryJ/ccRDZXjM2wk3IuS5f/PtjmOe1Riq9exOSpwFxJRrnGVUMJUZzwSS+r6kzW85k0 abvWWHIyFS+FyqDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1700837143; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KaVccpvFhY17VCz1Y+e6JjIhdKpsMB3fMmMcz0DNQ8U=; b=NtZZQGuqUnXDFwpFOEv4GX0BxpOTTMVmLS8kEHrWM0gQK3UqmHkvva94VgKLI1o6ZUuImD 2bXooflGmgacumQYU+DRcoq5mcehxoqM26bJ1vbu9OGI5HqwGXVtAPW/OgP+9sh9HeI4zg oSBXRghOnRoEo9tzCG+BrproN931RDQ2alKxPd8Lf+WQ+S5+zflKR0s8+dFhl1LC10iq38 KFrje5VT9+uNQZqfYUgT/7DykhGJpsK9NeXQkaM05/4/AcNBVCzJghtgJTRx/VRPJEjrLJ gz35D2OHT55l0VFxp4DRmt5NxGHfqzYISFo/B9TrJlttVBzadCAL5Ow0dKFwxA== From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: [PATCH 2/4] kernel: purge unused patches Date: Fri, 24 Nov 2023 15:45:01 +0100 Message-ID: <20231124144503.14577-2-arne_f@ipfire.org> In-Reply-To: <20231124144503.14577-1-arne_f@ipfire.org> References: <20231124144503.14577-1-arne_f@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: QNJ32TD4KB3BMLD7GR53VIOQTOE3IJKT X-Message-ID-Hash: QNJ32TD4KB3BMLD7GR53VIOQTOE3IJKT X-MailFrom: arne_f@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arne Fitzenreiter X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Signed-off-by: Arne Fitzenreiter --- ...evtmpfs-mount-with-noexec-and-nosuid.patch | 93 ------------------- ....9.8_cs5535audio_fix_logspam_on_geos.patch | 31 ------- ...rm64-dpaa2-add-support-for-10g-modes.patch | 39 -------- ...inux-5.15-arm64-dpaa2-fix-lock-issue.patch | 81 ---------------- 4 files changed, 244 deletions(-) delete mode 100644 src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch delete mode 100644 src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch delete mode 100644 src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch delete mode 100644 src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch diff --git a/src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch b/src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch deleted file mode 100644 index 222b7b6ea..000000000 --- a/src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 28f0c335dd4a1a4b44b3e6c6402825a93132e1a4 Mon Sep 17 00:00:00 2001 -From: Kees Cook -Date: Wed, 22 Dec 2021 17:50:20 +0500 -Subject: devtmpfs: mount with noexec and nosuid - -devtmpfs is writable. Add the noexec and nosuid as default mount flags -to prevent code execution from /dev. The systems who don't use systemd -and who rely on CONFIG_DEVTMPFS_MOUNT=y are the ones to be protected by -this patch. Other systems are fine with the udev solution. - -No sane program should be relying on executing from /dev. So this patch -reduces the attack surface. It doesn't prevent any specific attack, but -it reduces the possibility that someone can use /dev as a place to put -executable code. Chrome OS has been carrying this patch for several -years. It seems trivial and simple solution to improve the protection of -/dev when CONFIG_DEVTMPFS_MOUNT=y. - -Original patch: -https://lore.kernel.org/lkml/20121120215059.GA1859@www.outflux.net/ - -Cc: ellyjones@chromium.org -Cc: Kay Sievers -Cc: Roland Eggner -Co-developed-by: Muhammad Usama Anjum -Signed-off-by: Kees Cook -Signed-off-by: Muhammad Usama Anjum -Link: https://lore.kernel.org/r/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64 -Signed-off-by: Greg Kroah-Hartman ---- - drivers/base/Kconfig | 11 +++++++++++ - drivers/base/devtmpfs.c | 10 ++++++++-- - 2 files changed, 19 insertions(+), 2 deletions(-) - -diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig -index ffcbe2bc460eb..6f04b831a5c04 100644 ---- a/drivers/base/Kconfig -+++ b/drivers/base/Kconfig -@@ -62,6 +62,17 @@ config DEVTMPFS_MOUNT - rescue mode with init=/bin/sh, even when the /dev directory - on the rootfs is completely empty. - -+config DEVTMPFS_SAFE -+ bool "Use nosuid,noexec mount options on devtmpfs" -+ depends on DEVTMPFS -+ help -+ This instructs the kernel to include the MS_NOEXEC and MS_NOSUID mount -+ flags when mounting devtmpfs. -+ -+ Notice: If enabled, things like /dev/mem cannot be mmapped -+ with the PROT_EXEC flag. This can break, for example, non-KMS -+ video drivers. -+ - config STANDALONE - bool "Select only drivers that don't need compile-time external firmware" - default y -diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index 8be352ab4ddbf..1e2c2d3882e2c 100644 ---- a/drivers/base/devtmpfs.c -+++ b/drivers/base/devtmpfs.c -@@ -29,6 +29,12 @@ - #include - #include "base.h" - -+#ifdef CONFIG_DEVTMPFS_SAFE -+#define DEVTMPFS_MFLAGS (MS_SILENT | MS_NOEXEC | MS_NOSUID) -+#else -+#define DEVTMPFS_MFLAGS (MS_SILENT) -+#endif -+ - static struct task_struct *thread; - - static int __initdata mount_dev = IS_ENABLED(CONFIG_DEVTMPFS_MOUNT); -@@ -363,7 +369,7 @@ int __init devtmpfs_mount(void) - if (!thread) - return 0; - -- err = init_mount("devtmpfs", "dev", "devtmpfs", MS_SILENT, NULL); -+ err = init_mount("devtmpfs", "dev", "devtmpfs", DEVTMPFS_MFLAGS, NULL); - if (err) - printk(KERN_INFO "devtmpfs: error mounting %i\n", err); - else -@@ -412,7 +418,7 @@ static noinline int __init devtmpfs_setup(void *p) - err = ksys_unshare(CLONE_NEWNS); - if (err) - goto out; -- err = init_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, NULL); -+ err = init_mount("devtmpfs", "/", "devtmpfs", DEVTMPFS_MFLAGS, NULL); - if (err) - goto out; - init_chdir("/.."); /* will traverse into overmounted root */ --- -cgit - diff --git a/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch b/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch deleted file mode 100644 index 79bd5e69e..000000000 --- a/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -Naur linux-4.9.8.org/sound/pci/cs5535audio/cs5535audio.c linux-4.9.8/sound/pci/cs5535audio/cs5535audio.c ---- linux-4.9.8.org/sound/pci/cs5535audio/cs5535audio.c 2017-02-04 09:47:29.000000000 +0100 -+++ linux-4.9.8/sound/pci/cs5535audio/cs5535audio.c 2017-02-09 19:24:55.658297050 +0100 -@@ -83,9 +83,9 @@ - break; - udelay(1); - } while (--timeout); -- if (!timeout) -- dev_err(cs5535au->card->dev, -- "Failure writing to cs5535 codec\n"); -+// if (!timeout) -+// dev_err(cs5535au->card->dev, -+// "Failure writing to cs5535 codec\n"); - } - - static unsigned short snd_cs5535audio_codec_read(struct cs5535audio *cs5535au, -@@ -109,10 +109,10 @@ - break; - udelay(1); - } while (--timeout); -- if (!timeout) -- dev_err(cs5535au->card->dev, -- "Failure reading codec reg 0x%x, Last value=0x%x\n", -- reg, val); -+// if (!timeout) -+// dev_err(cs5535au->card->dev, -+// "Failure reading codec reg 0x%x, Last value=0x%x\n", -+// reg, val); - - return (unsigned short) val; - } diff --git a/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch b/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch deleted file mode 100644 index ef8d459b7..000000000 --- a/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch +++ /dev/null @@ -1,39 +0,0 @@ -From c314138bd045e050432158ab021160de3ba51c5e Mon Sep 17 00:00:00 2001 -From: Russell King -Date: Thu, 30 Jan 2020 22:42:38 +0000 -Subject: [PATCH 2/4] net: dpaa2-mac: add support for more 10G modes - -Phylink documentation says: - * Note that the PHY may be able to transform from one connection - * technology to another, so, eg, don't clear 1000BaseX just - * because the MAC is unable to BaseX mode. This is more about - * clearing unsupported speeds and duplex settings. The port modes - * should not be cleared; phylink_set_port_modes() will help with this. - -So add the missing 10G modes. - -Signed-off-by: Russell King ---- - drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c -index 8fe32ed4f6dc..3be849cee47b 100644 ---- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c -+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c -@@ -140,6 +140,12 @@ static void dpaa2_mac_validate(struct phylink_config *config, - case PHY_INTERFACE_MODE_10GBASER: - case PHY_INTERFACE_MODE_USXGMII: - phylink_set(mask, 10000baseT_Full); -+ phylink_set(mask, 10000baseKR_Full); -+ phylink_set(mask, 10000baseCR_Full); -+ phylink_set(mask, 10000baseSR_Full); -+ phylink_set(mask, 10000baseLR_Full); -+ phylink_set(mask, 10000baseLRM_Full); -+ phylink_set(mask, 10000baseER_Full); - if (state->interface == PHY_INTERFACE_MODE_10GBASER) - break; - phylink_set(mask, 5000baseT_Full); --- -2.30.1 - diff --git a/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch b/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch deleted file mode 100644 index 587821bac..000000000 --- a/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 3a39dbe0c0c41f8dba5246ce6e2c5c4bcd6ba661 Mon Sep 17 00:00:00 2001 -From: Ioana Ciornei -Date: Thu, 21 Nov 2019 21:15:25 +0200 -Subject: [PATCH 1/4] dpaa2-eth: do not hold rtnl_lock on phylink_create() or - _destroy() - -The rtnl_lock should not be held when calling phylink_create() or -phylink_destroy() since it leads to the deadlock listed below: - -[ 18.656576] rtnl_lock+0x18/0x20 -[ 18.659798] sfp_bus_add_upstream+0x28/0x90 -[ 18.663974] phylink_create+0x2cc/0x828 -[ 18.667803] dpaa2_mac_connect+0x14c/0x2a8 -[ 18.671890] dpaa2_eth_connect_mac+0x94/0xd8 - -Fix this by moving the _lock() and _unlock() calls just outside of -phylink_of_phy_connect() and phylink_disconnect_phy(). - -Fixes: 719479230893 ("dpaa2-eth: add MAC/PHY support through phylink") -Reported-by: Russell King -Signed-off-by: Ioana Ciornei -Signed-off-by: Russell King ---- - drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 4 ---- - drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 4 ++++ - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c -index 8b7a29e1e221..20e65053f036 100644 ---- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c -+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c -@@ -4214,12 +4214,10 @@ static irqreturn_t dpni_irq0_handler_thread(int irq_num, void *arg) - dpaa2_eth_set_mac_addr(netdev_priv(net_dev)); - dpaa2_eth_update_tx_fqids(priv); - -- rtnl_lock(); - if (dpaa2_eth_has_mac(priv)) - dpaa2_eth_disconnect_mac(priv); - else - dpaa2_eth_connect_mac(priv); -- rtnl_unlock(); - } - - return IRQ_HANDLED; -@@ -4513,9 +4511,7 @@ static int dpaa2_eth_remove(struct fsl_mc_device *ls_dev) - #endif - - unregister_netdev(net_dev); -- rtnl_lock(); - dpaa2_eth_disconnect_mac(priv); -- rtnl_unlock(); - - dpaa2_eth_dl_port_del(priv); - dpaa2_eth_dl_traps_unregister(priv); -diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c -index ae6d382d8735..8fe32ed4f6dc 100644 ---- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c -+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c -@@ -351,7 +351,9 @@ int dpaa2_mac_connect(struct dpaa2_mac *mac) - if (mac->pcs) - phylink_set_pcs(mac->phylink, &mac->pcs->pcs); - -+ rtnl_lock(); - err = phylink_fwnode_phy_connect(mac->phylink, dpmac_node, 0); -+ rtnl_unlock(); - if (err) { - netdev_err(net_dev, "phylink_fwnode_phy_connect() = %d\n", err); - goto err_phylink_destroy; -@@ -372,7 +374,9 @@ void dpaa2_mac_disconnect(struct dpaa2_mac *mac) - if (!mac->phylink) - return; - -+ rtnl_lock(); - phylink_disconnect_phy(mac->phylink); -+ rtnl_unlock(); - phylink_destroy(mac->phylink); - dpaa2_pcs_destroy(mac); - } --- -2.30.1 -