mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 23:24:50 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Ard Biesheuvel cafb9cad9b efi: libstub: check Shim mode using MokSBStateRT 
commit 5f56a74cc0 upstream.

We currently check the MokSBState variable to decide whether we should
treat UEFI secure boot as being disabled, even if the firmware thinks
otherwise. This is used by shim to indicate that it is not checking
signatures on boot images. In the kernel, we use this to relax lockdown
policies.

However, in cases where shim is not even being used, we don't want this
variable to interfere with lockdown, given that the variable may be
non-volatile and therefore persist across a reboot. This means setting
it once will persistently disable lockdown checks on a given system.

So switch to the mirrored version of this variable, called MokSBStateRT,
which is supposed to be volatile, and this is something we can check.

Cc: <stable@vger.kernel.org> # v4.19+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-28 11:04:04 +02:00
..
accessibility
acpi ACPI: processor: Remove freq Qos request for all CPUs 2022-09-05 10:27:44 +02:00
amba
android binder: fix UAF of ref->proc caused by race condition 2022-09-15 12:04:51 +02:00
ata ata: libata-eh: Add missing command name 2022-08-25 11:18:18 +02:00
atm atm: idt77252: fix use-after-free bugs caused by tst_timer 2022-08-25 11:18:26 +02:00
auxdisplay
base driver core: Don't probe devices after bus_type.match() probe deferral 2022-09-15 12:04:52 +02:00
bcma
block loop: Check for overflow while configuring loop 2022-09-05 10:27:43 +02:00
bluetooth Bluetooth: hci_intel: Add check for platform_driver_register 2022-08-25 11:17:47 +02:00
bus bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() 2022-08-25 11:17:35 +02:00
cdrom
char random: update comment from copy_to_user() -> copy_to_iter() 2022-06-29 08:58:49 +02:00
clk clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate 2022-09-15 12:04:51 +02:00
clocksource clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() 2022-07-07 17:36:53 +02:00
connector
counter
cpufreq cpufreq: pmac32-cpufreq: Fix refcount leak bug 2022-07-21 20:59:24 +02:00
cpuidle
crypto crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of 2022-08-25 11:17:48 +02:00
dax dax: make sure inodes are flushed before destroy cache 2022-04-15 14:18:12 +02:00
dca
devfreq PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events 2022-07-07 17:36:49 +02:00
dio
dma dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed 2022-08-25 11:18:35 +02:00
dma-buf udmabuf: Set the DMA mask for the udmabuf device (v2) 2022-09-05 10:27:45 +02:00
edac EDAC/synopsys: Read the error count from the correct register 2022-04-27 13:50:48 +02:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-06-14 18:12:00 +02:00
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:23:41 +02:00
firmware efi: libstub: check Shim mode using MokSBStateRT 2022-09-28 11:04:04 +02:00
fpga fpga: altera-pr-ip: fix unsigned comparison with less than zero 2022-08-25 11:17:51 +02:00
fsi
gnss
gpio gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx 2022-09-28 11:03:57 +02:00
gpu drm/meson: Fix OSD1 RGB to YCbCr coefficient 2022-09-28 11:03:57 +02:00
greybus greybus: svc: fix an error handling bug in gb_svc_hello() 2022-04-15 14:17:58 +02:00
hid hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message 2022-09-20 12:27:59 +02:00
hsi
hv random: remove unused irq_flags argument from add_interrupt_randomness() 2022-06-22 14:11:06 +02:00
hwmon hwmon: (gpio-fan) Fix array out of bounds access 2022-09-15 12:04:52 +02:00
hwspinlock
hwtracing intel_th: pci: Add Meteor Lake-P support 2022-08-25 11:18:13 +02:00
i2c i2c: mux-gpmux: Add of_node_put() when breaking out of loop 2022-08-25 11:17:47 +02:00
i3c
ide
idle
iio iio: adc: mcp3911: use correct formula for AD conversion 2022-09-15 12:04:51 +02:00
infiniband RDMA/mlx5: Set local port to one when accessing counters 2022-09-15 12:04:55 +02:00
input Input: iforce - add support for Boeder Force Feedback Wheel 2022-09-20 12:27:59 +02:00
interconnect
iommu iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) 2022-08-25 11:18:15 +02:00
ipack
irqchip irqchip/tegra: Fix overflow implicit truncation warnings 2022-08-25 11:18:32 +02:00
isdn
leds
lightnvm lightnvm: disable the subsystem 2022-05-09 09:03:20 +02:00
macintosh macintosh/adb: fix oob read in do_adb_query() function 2022-08-11 12:57:53 +02:00
mailbox mailbox: forward the hrtimer if not queued and under a lock 2022-06-14 18:11:42 +02:00
mcb
md md: call __md_stop_writes in md_stop 2022-09-05 10:27:44 +02:00
media media: pvrusb2: fix memory leak in pvr_probe 2022-09-05 10:27:45 +02:00
memory memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe 2022-04-20 09:19:34 +02:00
memstick memstick/ms_block: Fix a memory leak 2022-08-25 11:17:55 +02:00
message
mfd mfd: max77620: Fix refcount leak in max77620_initialise_fps 2022-08-25 11:18:04 +02:00
misc misc: fastrpc: fix memory corruption on open 2022-09-15 12:04:51 +02:00
mmc mmc: pxamci: Fix an error handling path in pxamci_probe() 2022-08-25 11:18:19 +02:00
mtd mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path 2022-08-25 11:17:51 +02:00
mux
net net: usb: qmi_wwan: add Quectel RM520N 2022-09-28 11:03:59 +02:00
nfc NFC: nxp-nci: don't print header length mismatch on i2c error 2022-07-21 20:59:25 +02:00
ntb NTB: ntb_tool: uninitialized heap data in tool_fn_write() 2022-08-25 11:18:26 +02:00
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-07-07 17:36:48 +02:00
nvme nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() 2022-09-20 12:27:59 +02:00
nvmem
of of: fdt: fix off-by-one error in unflatten_dt_nodes() 2022-09-28 11:03:56 +02:00
opp opp: Fix error check in dev_pm_opp_attach_genpd() 2022-08-25 11:18:00 +02:00
oprofile
parisc parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() 2022-09-28 11:03:57 +02:00
parport
pci PCI: Add ACS quirk for Broadcom BCM5750x NICs 2022-08-25 11:18:31 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:11:50 +02:00
perf perf/arm_pmu_platform: fix tests for platform_get_irq() failure 2022-09-20 12:27:59 +02:00
phy phy: qcom-qmp: fix pipe-clock imbalance on power-on failure 2022-06-14 18:11:52 +02:00
pinctrl pinctrl: amd: Don't save/restore interrupt status and wake status bits 2022-09-05 10:27:39 +02:00
platform platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes 2022-09-20 12:28:00 +02:00
pnp
power power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe 2022-07-29 17:14:10 +02:00
powercap
pps
ps3
ptp ptp: replace snprintf with sysfs_emit 2022-04-15 14:18:32 +02:00
pwm pwm: lp3943: Fix duty calculation in case period was clamped 2022-06-14 18:11:51 +02:00
rapidio
ras
regulator regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() 2022-09-28 11:03:58 +02:00
remoteproc remoteproc: qcom: wcnss: Fix handling of IRQs 2022-08-25 11:18:02 +02:00
reset reset: tegra-bpmp: Restore Handle errors in BPMP response 2022-04-27 13:50:47 +02:00
rpmsg rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge 2022-08-25 11:18:04 +02:00
rtc rtc: mt6397: check return value after calling platform_get_resource() 2022-06-14 18:11:53 +02:00
s390 scsi: zfcp: Fix missing auto port scan and thus missing target ports 2022-08-25 11:18:10 +02:00
sbus
scsi scsi: lpfc: Add missing destroy_workqueue() in error path 2022-09-15 12:04:54 +02:00
sfi
sh
siox
slimbus slimbus: qcom: Fix IRQ check in qcom_slim_probe 2022-05-18 09:47:27 +02:00
soc soc: fsl: select FSL_GUTS driver for DPIO 2022-09-20 12:28:00 +02:00
soundwire soundwire: bus_type: fix remove and shutdown support 2022-08-25 11:17:54 +02:00
spi spi: spi-rspi: Fix PIO fallback on RZ platforms 2022-08-25 11:17:32 +02:00
spmi
ssb
staging staging: rtl8712: fix use after free bugs 2022-09-15 12:04:50 +02:00
target scsi: target: tcmu: Fix possible page UAF 2022-04-20 09:19:36 +02:00
tc
tee tee: add overflow check in register_shm_helper() 2022-08-25 11:18:27 +02:00
thermal thermal: sysfs: Fix cooling_device_stats_setup() error code path 2022-08-25 11:17:22 +02:00
thunderbolt thunderbolt: Use the actual buffer in tb_async_error() 2022-09-15 12:04:52 +02:00
tty tty: serial: atmel: Preserve previous USART mode if RS485 disabled 2022-09-28 11:04:02 +02:00
uio
usb USB: serial: option: add Quectel RM520N 2022-09-28 11:04:03 +02:00
vfio vfio: Clear the caps->buf to NULL after free 2022-08-25 11:18:36 +02:00
vhost vringh: Fix loop descriptors check in the indirect cases 2022-06-14 18:12:02 +02:00
video video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write 2022-09-28 11:03:59 +02:00
virt vboxguest: Do not use devm for irq 2022-08-25 11:18:33 +02:00
virtio virtio_mmio: Restore guest page size on resume 2022-07-21 20:59:24 +02:00
visorbus
vlynq
vme
w1 w1: w1_therm: fixes w1_seq for ds28ea00 sensors 2022-04-15 14:18:35 +02:00
watchdog watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() 2022-08-25 11:18:06 +02:00
xen xen/xenbus: fix return type in xenbus_file_read() 2022-08-25 11:18:26 +02:00
zorro
Kconfig
Makefile