From 3740218af5b637afa93cab86092bd8a51989fcda Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Wed, 10 Aug 2022 13:32:52 +0200 Subject: [PATCH] sev: update SEV patches Dropped: - patches-sev/0013-Allow-booting-SEV-ES-APs-without-GHCB-HACK.patch Added: - patches-sev/0013-x86-sev-write-AP-reset-vector.patch - patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch Signed-off-by: Sergio Lopez --- ...able-DMA-API-if-memory-is-restricted.patch | 2 +- ...booting-SEV-ES-APs-without-GHCB-HACK.patch | 92 ------ .../0013-x86-sev-write-AP-reset-vector.patch | 59 ++++ ...ver-to-retrieve-secrets-from-cmdline.patch | 294 ++++++++++++++++++ ...01-krunfw-Don-t-panic-when-init-dies.patch | 2 +- ...nfw-Ignore-run_cmd-on-orderly-reboot.patch | 2 +- ...add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch | 2 +- ...sock-add-support-for-virtio-datagram.patch | 2 +- ...st-vsock-add-support-for-vhost-dgram.patch | 2 +- ...vsock_test-add-tests-for-vsock-dgram.patch | 2 +- ...k-add-sysfs-for-rx-buf-len-for-dgram.patch | 2 +- .../0008-virtio-vsock-Fix-DGRAM-polling.patch | 2 +- ...d-DGRAM-to-virtio_transport_get_type.patch | 2 +- ...-Socket-Impersonation-implementation.patch | 2 +- ...i-allow-hijacking-sockets-tsi_hijack.patch | 2 +- 15 files changed, 365 insertions(+), 104 deletions(-) delete mode 100644 patches-sev/0013-Allow-booting-SEV-ES-APs-without-GHCB-HACK.patch create mode 100644 patches-sev/0013-x86-sev-write-AP-reset-vector.patch create mode 100644 patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch diff --git a/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch b/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch index 1938649..63db6af 100644 --- a/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch +++ b/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch @@ -46,5 +46,5 @@ index 603a6f4345ef..ebe01291bf37 100644 /* * In theory, it's possible to have a buggy QEMU-supposed -- -2.36.1 +2.35.1 diff --git a/patches-sev/0013-Allow-booting-SEV-ES-APs-without-GHCB-HACK.patch b/patches-sev/0013-Allow-booting-SEV-ES-APs-without-GHCB-HACK.patch deleted file mode 100644 index 4584bf6..0000000 --- a/patches-sev/0013-Allow-booting-SEV-ES-APs-without-GHCB-HACK.patch +++ /dev/null @@ -1,92 +0,0 @@ -From f4874ce3fc4e0465bcbf1ba8abbac7b7c244f954 Mon Sep 17 00:00:00 2001 -From: Sergio Lopez -Date: Fri, 24 Sep 2021 17:50:39 +0200 -Subject: [PATCH 13/14] Allow booting SEV-ES APs without GHCB (HACK) - -Allow booting APs with SEV-ES enabled, by setting the trampoline at a -well-known location, and moving sev_es_trampoline_start to the -beginning of realmode's .text. - -Signed-off-by: Sergio Lopez ---- - arch/x86/realmode/init.c | 5 ++++ - arch/x86/realmode/rm/trampoline_64.S | 38 ++++++++++++++-------------- - 2 files changed, 24 insertions(+), 19 deletions(-) - -diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c -index 1d20ed4b2872..27252a2d1703 100644 ---- a/arch/x86/realmode/init.c -+++ b/arch/x86/realmode/init.c -@@ -53,8 +53,13 @@ void __init reserve_real_mode(void) - - WARN_ON(slab_is_available()); - -+#if 0 - /* Has to be under 1M so we can execute real-mode AP code. */ - mem = memblock_phys_alloc_range(size, PAGE_SIZE, 0, 1<<20); -+#else -+ /* HACK: ensure the trampoline is at a well-known location. */ -+ mem = 0x90000; -+#endif - if (!mem) - pr_info("No sub-1M memory is available for the trampoline\n"); - else -diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S -index cc8391f86cdb..3470382c8784 100644 ---- a/arch/x86/realmode/rm/trampoline_64.S -+++ b/arch/x86/realmode/rm/trampoline_64.S -@@ -37,6 +37,25 @@ - .text - .code16 - -+#ifdef CONFIG_AMD_MEM_ENCRYPT -+/* SEV-ES supports non-zero IP for entry points - no alignment needed */ -+SYM_CODE_START(sev_es_trampoline_start) -+ cli # We should be safe anyway -+ -+ LJMPW_RM(1f) -+1: -+ mov %cs, %ax # Code and data in the same place -+ mov %ax, %ds -+ mov %ax, %es -+ mov %ax, %ss -+ -+ # Setup stack -+ movl $rm_stack_end, %esp -+ -+ jmp .Lswitch_to_protected -+SYM_CODE_END(sev_es_trampoline_start) -+#endif /* CONFIG_AMD_MEM_ENCRYPT */ -+ - .balign PAGE_SIZE - SYM_CODE_START(trampoline_start) - cli # We should be safe anyway -@@ -81,25 +100,6 @@ no_longmode: - jmp no_longmode - SYM_CODE_END(trampoline_start) - --#ifdef CONFIG_AMD_MEM_ENCRYPT --/* SEV-ES supports non-zero IP for entry points - no alignment needed */ --SYM_CODE_START(sev_es_trampoline_start) -- cli # We should be safe anyway -- -- LJMPW_RM(1f) --1: -- mov %cs, %ax # Code and data in the same place -- mov %ax, %ds -- mov %ax, %es -- mov %ax, %ss -- -- # Setup stack -- movl $rm_stack_end, %esp -- -- jmp .Lswitch_to_protected --SYM_CODE_END(sev_es_trampoline_start) --#endif /* CONFIG_AMD_MEM_ENCRYPT */ -- - #include "../kernel/verify_cpu.S" - - .section ".text32","ax" --- -2.36.1 - diff --git a/patches-sev/0013-x86-sev-write-AP-reset-vector.patch b/patches-sev/0013-x86-sev-write-AP-reset-vector.patch new file mode 100644 index 0000000..cf20dd6 --- /dev/null +++ b/patches-sev/0013-x86-sev-write-AP-reset-vector.patch @@ -0,0 +1,59 @@ +From 8065228eabb9ca16bd58cdbd2bc099fa01059490 Mon Sep 17 00:00:00 2001 +From: Sergio Lopez +Date: Wed, 10 Aug 2022 13:28:06 +0200 +Subject: [PATCH 13/14] x86/sev: write AP reset vector + +If a jump table can't be found, write the SEV-ES trampoline location +into the AP reset vector used by libkrun's qboot. + +Signed-off-by: Sergio Lopez +--- + arch/x86/kernel/sev.c | 25 ++++++++++++++++++++++++- + 1 file changed, 24 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c +index a0064cf77e56..c7a73b83856c 100644 +--- a/arch/x86/kernel/sev.c ++++ b/arch/x86/kernel/sev.c +@@ -558,6 +558,29 @@ static u64 get_jump_table_addr(void) + return ret; + } + ++#define KRUN_AP_RESET_VECTOR 0xfffffff4 ++ ++static int sev_es_setup_ap_reset_vector(struct real_mode_header *rmh) ++{ ++ u16 startup_cs, startup_ip; ++ u16 __iomem *ap_reset_vector; ++ ++ startup_cs = (u16)(rmh->trampoline_start >> 4); ++ startup_ip = (u16)(rmh->sev_es_trampoline_start - ++ rmh->trampoline_start); ++ ++ ap_reset_vector = ioremap_encrypted(KRUN_AP_RESET_VECTOR, 4); ++ if (!ap_reset_vector) ++ return -EIO; ++ ++ writew(startup_ip, &ap_reset_vector[0]); ++ writew(startup_cs, &ap_reset_vector[1]); ++ ++ iounmap(ap_reset_vector); ++ ++ return 0; ++} ++ + int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) + { + u16 startup_cs, startup_ip; +@@ -569,7 +592,7 @@ int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) + + /* On UP guests there is no jump table so this is not a failure */ + if (!jump_table_addr) +- return 0; ++ return sev_es_setup_ap_reset_vector(rmh); + + /* Check if AP Jump Table is page-aligned */ + if (jump_table_addr & ~PAGE_MASK) +-- +2.35.1 + diff --git a/patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch b/patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch new file mode 100644 index 0000000..2a74361 --- /dev/null +++ b/patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch @@ -0,0 +1,294 @@ +From 02531d91a7fda1641577d58b3d5fe730c32f6b73 Mon Sep 17 00:00:00 2001 +From: Sergio Lopez +Date: Wed, 3 Aug 2022 12:35:12 +0200 +Subject: [PATCH 14/14] Implement driver to retrieve secrets from cmdline + +When CMDLINE_OVERRIDE is enabled, the contents originally present in +the location passed on the cmdline pointer of the zero page are +overwritten by the built-in cmdline. + +This drivers allows to reuse that space to store an early boot +secret (such as an SEV secret injection) and serve it to userspace +through an entry in securityfs, following the model used by +efi_secret.c + +Signed-off-by: Sergio Lopez +--- + arch/x86/kernel/setup.c | 7 + + drivers/virt/Kconfig | 3 + + drivers/virt/Makefile | 1 + + drivers/virt/coco/cmdline_secret/Kconfig | 13 ++ + drivers/virt/coco/cmdline_secret/Makefile | 2 + + .../virt/coco/cmdline_secret/cmdline_secret.c | 135 ++++++++++++++++++ + include/linux/init.h | 4 + + init/main.c | 14 ++ + 8 files changed, 179 insertions(+) + create mode 100644 drivers/virt/coco/cmdline_secret/Kconfig + create mode 100644 drivers/virt/coco/cmdline_secret/Makefile + create mode 100644 drivers/virt/coco/cmdline_secret/cmdline_secret.c + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 8e56c4de00b9..a7aa5cd9306f 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -797,7 +797,9 @@ void __init setup_arch(char **cmdline_p) + */ + __flush_tlb_all(); + #else ++#ifndef CONFIG_CMDLINE_SECRET + printk(KERN_INFO "Command line: %s\n", boot_command_line); ++#endif + boot_cpu_data.x86_phys_bits = MAX_PHYSMEM_BITS; + #endif + +@@ -882,6 +884,11 @@ void __init setup_arch(char **cmdline_p) + + #ifdef CONFIG_CMDLINE_BOOL + #ifdef CONFIG_CMDLINE_OVERRIDE ++#ifdef CONFIG_CMDLINE_SECRET ++ strlcpy(early_secret_cmdline, boot_command_line, COMMAND_LINE_SIZE); ++ memzero_explicit(boot_command_line, COMMAND_LINE_SIZE); ++ clflush_cache_range(boot_command_line, COMMAND_LINE_SIZE); ++#endif + strlcpy(boot_command_line, builtin_cmdline, COMMAND_LINE_SIZE); + #else + if (builtin_cmdline[0]) { +diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig +index 8061e8ef449f..c933416f8092 100644 +--- a/drivers/virt/Kconfig ++++ b/drivers/virt/Kconfig +@@ -36,4 +36,7 @@ source "drivers/virt/vboxguest/Kconfig" + source "drivers/virt/nitro_enclaves/Kconfig" + + source "drivers/virt/acrn/Kconfig" ++ ++source "drivers/virt/coco/cmdline_secret/Kconfig" ++ + endif +diff --git a/drivers/virt/Makefile b/drivers/virt/Makefile +index 3e272ea60cd9..ad4e3de5a61d 100644 +--- a/drivers/virt/Makefile ++++ b/drivers/virt/Makefile +@@ -8,3 +8,4 @@ obj-y += vboxguest/ + + obj-$(CONFIG_NITRO_ENCLAVES) += nitro_enclaves/ + obj-$(CONFIG_ACRN_HSM) += acrn/ ++obj-$(CONFIG_CMDLINE_SECRET) += coco/cmdline_secret/ +diff --git a/drivers/virt/coco/cmdline_secret/Kconfig b/drivers/virt/coco/cmdline_secret/Kconfig +new file mode 100644 +index 000000000000..bb601280d50d +--- /dev/null ++++ b/drivers/virt/coco/cmdline_secret/Kconfig +@@ -0,0 +1,13 @@ ++# SPDX-License-Identifier: GPL-2.0-only ++config CMDLINE_SECRET ++ tristate "CMDLINE secret area securityfs support" ++ depends on CMDLINE_OVERRIDE && X86_64 ++ select SECURITYFS ++ help ++ This is a driver for accessing the CMDLINE secret area via securityfs. ++ The driver exposes the secrets as files in /secrets/coco. ++ Files can be read and deleted (deleting a file wipes the secret from ++ memory). ++ ++ To compile this driver as a module, choose M here. ++ The module will be called cmdline_secret. +diff --git a/drivers/virt/coco/cmdline_secret/Makefile b/drivers/virt/coco/cmdline_secret/Makefile +new file mode 100644 +index 000000000000..327a29d0b5bd +--- /dev/null ++++ b/drivers/virt/coco/cmdline_secret/Makefile +@@ -0,0 +1,2 @@ ++# SPDX-License-Identifier: GPL-2.0-only ++obj-$(CONFIG_CMDLINE_SECRET) += cmdline_secret.o +diff --git a/drivers/virt/coco/cmdline_secret/cmdline_secret.c b/drivers/virt/coco/cmdline_secret/cmdline_secret.c +new file mode 100644 +index 000000000000..e53edce18768 +--- /dev/null ++++ b/drivers/virt/coco/cmdline_secret/cmdline_secret.c +@@ -0,0 +1,135 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * cmdline_secret module ++ * ++ * Based on efi_secrets.c ++ * ++ * Copyright (C) 2022 Red Hat Inc. ++ * Author: Sergio Lopez ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define MAX_CMDLINE_SIZE 2048 ++ ++struct cmdline_secret { ++ struct dentry *secrets_dir; ++ struct dentry *fs_dir; ++ u64 secret_cmdline_len; ++}; ++ ++static struct cmdline_secret the_cmdline_secret; ++ ++static inline struct cmdline_secret *cmdline_secret_get(void) ++{ ++ return &the_cmdline_secret; ++} ++ ++static int cmdline_secret_bin_file_show(struct seq_file *file, void *data) ++{ ++ struct cmdline_secret *s = cmdline_secret_get(); ++ ++ seq_write(file, secret_cmdline, s->secret_cmdline_len); ++ ++ return 0; ++} ++ ++DEFINE_SHOW_ATTRIBUTE(cmdline_secret_bin_file); ++ ++static int cmdline_secret_unlink(struct inode *dir, struct dentry *dentry) ++{ ++ struct cmdline_secret *s = cmdline_secret_get(); ++ ++ memzero_explicit(secret_cmdline, s->secret_cmdline_len); ++#ifdef CONFIG_X86 ++ clflush_cache_range(secret_cmdline, s->secret_cmdline_len); ++#endif ++ ++ /* ++ * securityfs_remove tries to lock the directory's inode, but we reach ++ * the unlink callback when it's already locked ++ */ ++ inode_unlock(dir); ++ securityfs_remove(dentry); ++ inode_lock(dir); ++ ++ return 0; ++} ++ ++static const struct inode_operations efi_secret_dir_inode_operations = { ++ .lookup = simple_lookup, ++ .unlink = cmdline_secret_unlink, ++}; ++ ++static int __init cmdline_secret_init(void) ++{ ++ struct cmdline_secret *s = cmdline_secret_get(); ++ struct dentry *dent; ++ int ret; ++ ++ s->secrets_dir = NULL; ++ s->fs_dir = NULL; ++ ++ dent = securityfs_create_dir("secrets", NULL); ++ if (IS_ERR(dent)) { ++ printk ++ ("Error creating secrets securityfs directory entry err=%ld\n", ++ PTR_ERR(dent)); ++ return PTR_ERR(dent); ++ } ++ s->secrets_dir = dent; ++ ++ dent = securityfs_create_dir("coco", s->secrets_dir); ++ if (IS_ERR(dent)) { ++ printk ++ ("Error creating coco securityfs directory entry err=%ld\n", ++ PTR_ERR(dent)); ++ ret = PTR_ERR(dent); ++ goto cleanup_dir; ++ } ++ d_inode(dent)->i_op = &efi_secret_dir_inode_operations; ++ s->fs_dir = dent; ++ ++ dent = securityfs_create_file("cmdline", 0440, s->fs_dir, NULL, ++ &cmdline_secret_bin_file_fops); ++ if (IS_ERR(dent)) { ++ printk("Error creating efi_secret securityfs entry\n"); ++ ret = PTR_ERR(dent); ++ goto cleanup_all; ++ } ++ ++ s->secret_cmdline_len = strnlen(secret_cmdline, MAX_CMDLINE_SIZE); ++ ++ return 0; ++ ++cleanup_all: ++ securityfs_remove(s->fs_dir); ++ s->fs_dir = NULL; ++cleanup_dir: ++ securityfs_remove(s->secrets_dir); ++ s->secrets_dir = NULL; ++ ++ return ret; ++} ++ ++static void __exit cmdline_secret_exit(void) ++{ ++ struct cmdline_secret *s = cmdline_secret_get(); ++ ++ securityfs_remove(s->fs_dir); ++ s->fs_dir = NULL; ++ ++ securityfs_remove(s->secrets_dir); ++ s->secrets_dir = NULL; ++} ++ ++MODULE_DESCRIPTION("Confidential computing CMDLINE secret area access"); ++MODULE_AUTHOR("Red Hat"); ++MODULE_LICENSE("GPL"); ++module_init(cmdline_secret_init); ++module_exit(cmdline_secret_exit); +diff --git a/include/linux/init.h b/include/linux/init.h +index d82b4b2e1d25..a049def9f307 100644 +--- a/include/linux/init.h ++++ b/include/linux/init.h +@@ -143,6 +143,10 @@ struct file_system_type; + extern int do_one_initcall(initcall_t fn); + extern char __initdata boot_command_line[]; + extern char *saved_command_line; ++#if defined(CONFIG_CMDLINE_SECRET) ++extern char __initdata early_secret_cmdline[]; ++extern char *secret_cmdline; ++#endif + extern unsigned int reset_devices; + + /* used by init/main.c */ +diff --git a/init/main.c b/init/main.c +index cf79b5a766cb..cabe5f9d7779 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -151,6 +151,11 @@ static char *extra_command_line; + /* Extra init arguments */ + static char *extra_init_args; + ++#if defined(CONFIG_CMDLINE_SECRET) ++char __initdata early_secret_cmdline[COMMAND_LINE_SIZE]; ++char *secret_cmdline; ++#endif ++ + #ifdef CONFIG_BOOT_CONFIG + /* Is bootconfig on command line? */ + static bool bootconfig_found; +@@ -673,6 +678,15 @@ static void __init setup_command_line(char *command_line) + strcpy(saved_command_line + len, extra_init_args); + } + } ++ ++#ifdef CONFIG_CMDLINE_SECRET ++ secret_cmdline = memblock_alloc(COMMAND_LINE_SIZE, SMP_CACHE_BYTES); ++ strscpy(secret_cmdline, early_secret_cmdline, COMMAND_LINE_SIZE); ++ memzero_explicit(early_secret_cmdline, COMMAND_LINE_SIZE); ++#ifdef CONFIG_X86 ++ clflush_cache_range(early_secret_cmdline, COMMAND_LINE_SIZE); ++#endif ++#endif + } + + /* +-- +2.35.1 + diff --git a/patches/0001-krunfw-Don-t-panic-when-init-dies.patch b/patches/0001-krunfw-Don-t-panic-when-init-dies.patch index 06d5303..df1f78e 100644 --- a/patches/0001-krunfw-Don-t-panic-when-init-dies.patch +++ b/patches/0001-krunfw-Don-t-panic-when-init-dies.patch @@ -58,5 +58,5 @@ index f7440c0c7e43..a5733d636668 100644 machine_restart(cmd); } -- -2.36.1 +2.35.1 diff --git a/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch b/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch index bdee6ba..7f382e2 100644 --- a/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch +++ b/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch @@ -28,5 +28,5 @@ index a5733d636668..989521b0dda7 100644 if (ret) { pr_warn("Failed to start orderly reboot: forcing the issue\n"); -- -2.36.1 +2.35.1 diff --git a/patches/0003-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch b/patches/0003-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch index 0be900a..567acca 100644 --- a/patches/0003-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch +++ b/patches/0003-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch @@ -222,5 +222,5 @@ index c5f936fbf876..e70e78d6fd19 100644 static struct virtio_driver virtio_vsock_driver = { -- -2.36.1 +2.35.1 diff --git a/patches/0004-virtio-vsock-add-support-for-virtio-datagram.patch b/patches/0004-virtio-vsock-add-support-for-virtio-datagram.patch index 19f4ff2..610020f 100644 --- a/patches/0004-virtio-vsock-add-support-for-virtio-datagram.patch +++ b/patches/0004-virtio-vsock-add-support-for-virtio-datagram.patch @@ -986,5 +986,5 @@ index ec2c2afbf0d0..7b62b6f6cc23 100644 /* Release refcnt obtained when we fetched this socket out of the -- -2.36.1 +2.35.1 diff --git a/patches/0005-vhost-vsock-add-support-for-vhost-dgram.patch b/patches/0005-vhost-vsock-add-support-for-vhost-dgram.patch index c3ea618..102574a 100644 --- a/patches/0005-vhost-vsock-add-support-for-vhost-dgram.patch +++ b/patches/0005-vhost-vsock-add-support-for-vhost-dgram.patch @@ -439,5 +439,5 @@ index 4436c2fd5095..2b9b354b4d56 100644 return ret; return misc_register(&vhost_vsock_misc); -- -2.36.1 +2.35.1 diff --git a/patches/0006-vsock_test-add-tests-for-vsock-dgram.patch b/patches/0006-vsock_test-add-tests-for-vsock-dgram.patch index ba3ef48..b6526ed 100644 --- a/patches/0006-vsock_test-add-tests-for-vsock-dgram.patch +++ b/patches/0006-vsock_test-add-tests-for-vsock-dgram.patch @@ -372,5 +372,5 @@ index 2a3638c0a008..98d9811747f4 100644 }; -- -2.36.1 +2.35.1 diff --git a/patches/0007-virtio-vsock-add-sysfs-for-rx-buf-len-for-dgram.patch b/patches/0007-virtio-vsock-add-sysfs-for-rx-buf-len-for-dgram.patch index a500feb..910a46f 100644 --- a/patches/0007-virtio-vsock-add-sysfs-for-rx-buf-len-for-dgram.patch +++ b/patches/0007-virtio-vsock-add-sysfs-for-rx-buf-len-for-dgram.patch @@ -97,5 +97,5 @@ index 59b34b7a6500..c050dd570e5e 100644 module_init(virtio_vsock_init); -- -2.36.1 +2.35.1 diff --git a/patches/0008-virtio-vsock-Fix-DGRAM-polling.patch b/patches/0008-virtio-vsock-Fix-DGRAM-polling.patch index 9daa6c3..dfb4462 100644 --- a/patches/0008-virtio-vsock-Fix-DGRAM-polling.patch +++ b/patches/0008-virtio-vsock-Fix-DGRAM-polling.patch @@ -49,5 +49,5 @@ index 4805e7b23d07..9ee5c1ce64ce 100644 } -- -2.36.1 +2.35.1 diff --git a/patches/0009-virtio-vsock-add-DGRAM-to-virtio_transport_get_type.patch b/patches/0009-virtio-vsock-add-DGRAM-to-virtio_transport_get_type.patch index 84e0b92..e17b354 100644 --- a/patches/0009-virtio-vsock-add-DGRAM-to-virtio_transport_get_type.patch +++ b/patches/0009-virtio-vsock-add-DGRAM-to-virtio_transport_get_type.patch @@ -27,5 +27,5 @@ index 7b62b6f6cc23..0ad2f3c31786 100644 /* This function can only be used on connecting/connected sockets, -- -2.36.1 +2.35.1 diff --git a/patches/0010-Transparent-Socket-Impersonation-implementation.patch b/patches/0010-Transparent-Socket-Impersonation-implementation.patch index dc275ed..fc8f5de 100644 --- a/patches/0010-Transparent-Socket-Impersonation-implementation.patch +++ b/patches/0010-Transparent-Socket-Impersonation-implementation.patch @@ -1510,5 +1510,5 @@ index 000000000000..cf381734bebe + +#endif -- -2.36.1 +2.35.1 diff --git a/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch b/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch index 796d381..7906aa7 100644 --- a/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch +++ b/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch @@ -55,5 +55,5 @@ index bb3976abd269..b274930a3691 100644 pf = rcu_dereference(net_families[family]); err = -EAFNOSUPPORT; -- -2.36.1 +2.35.1