Merge remote-tracking branch 'up/master' into master-riscv64
Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
This commit is contained in:
commit
08e119a980
|
@ -1,35 +0,0 @@
|
||||||
From 0de1315ee843713bafb9a59bc040a024f688c62a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laura Abbott <labbott@redhat.com>
|
|
||||||
Date: Wed, 23 Jan 2019 13:56:47 +0100
|
|
||||||
Subject: [PATCH] Correct warning with gcc9
|
|
||||||
|
|
||||||
Suggested from Arnd
|
|
||||||
|
|
||||||
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
|
||||||
---
|
|
||||||
include/linux/module.h | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
|
||||||
index 8fa38d3e7538..f2a24b59cca4 100644
|
|
||||||
--- a/include/linux/module.h
|
|
||||||
+++ b/include/linux/module.h
|
|
||||||
@@ -129,13 +129,13 @@ extern void cleanup_module(void);
|
|
||||||
#define module_init(initfn) \
|
|
||||||
static inline initcall_t __maybe_unused __inittest(void) \
|
|
||||||
{ return initfn; } \
|
|
||||||
- int init_module(void) __attribute__((alias(#initfn)));
|
|
||||||
+ int init_module(void) __attribute__((cold, alias(#initfn)));
|
|
||||||
|
|
||||||
/* This is only required if you want to be unloadable. */
|
|
||||||
#define module_exit(exitfn) \
|
|
||||||
static inline exitcall_t __maybe_unused __exittest(void) \
|
|
||||||
{ return exitfn; } \
|
|
||||||
- void cleanup_module(void) __attribute__((alias(#exitfn)));
|
|
||||||
+ void cleanup_module(void) __attribute__((cold, alias(#exitfn)));
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ index f5b1d0d168e0..5f31107b22d1 100644
|
||||||
@@ -430,7 +430,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE
|
@@ -430,7 +430,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE
|
||||||
KBUILD_CFLAGS := -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs \
|
KBUILD_CFLAGS := -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs \
|
||||||
-fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE \
|
-fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE \
|
||||||
-Werror-implicit-function-declaration -Werror=implicit-int \
|
-Werror=implicit-function-declaration -Werror=implicit-int \
|
||||||
- -Wno-format-security \
|
- -Wno-format-security \
|
||||||
+ -Wno-format-security -Wno-address-of-packed-member \
|
+ -Wno-format-security -Wno-address-of-packed-member \
|
||||||
-std=gnu89
|
-std=gnu89
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
From 4bab8719d0712b13063cdd0c0a3d24984bcd8b1f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laura Abbott <labbott@redhat.com>
|
|
||||||
Date: Thu, 7 Mar 2019 10:37:06 -0800
|
|
||||||
Subject: [PATCH] Fix from Arnd for compilation error
|
|
||||||
|
|
||||||
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
|
||||||
---
|
|
||||||
include/uapi/asm-generic/socket.h | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/include/uapi/asm-generic/socket.h b/include/uapi/asm-generic/socket.h
|
|
||||||
index c8b430cb6dc4..8c1391c89171 100644
|
|
||||||
--- a/include/uapi/asm-generic/socket.h
|
|
||||||
+++ b/include/uapi/asm-generic/socket.h
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
#ifndef __ASM_GENERIC_SOCKET_H
|
|
||||||
#define __ASM_GENERIC_SOCKET_H
|
|
||||||
|
|
||||||
+#include <linux/posix_types.h>
|
|
||||||
#include <asm/sockios.h>
|
|
||||||
-#include <asm/bitsperlong.h>
|
|
||||||
|
|
||||||
/* For setsockopt(2) */
|
|
||||||
#define SOL_SOCKET 1
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
|
@ -1,64 +0,0 @@
|
||||||
From 0eadbb65c0026fb4eec89c54f6b48a0febd87f92 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laura Abbott <labbott@redhat.com>
|
|
||||||
Date: Fri, 9 Sep 2016 08:19:17 -0700
|
|
||||||
Subject: [PATCH] iio: Use type header from kernel tree
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
To: Jonathan Cameron <jic23@kernel.org>
|
|
||||||
To: Hartmut Knaack <knaack.h@gmx.de>
|
|
||||||
To: Lars-Peter Clausen <lars@metafoo.de>
|
|
||||||
To: Peter Meerwald-Stadler <pmeerw@pmeerw.net>
|
|
||||||
Cc: linux-iio@vger.kernel.org
|
|
||||||
Cc: linux-kernel@vger.kernel.org
|
|
||||||
|
|
||||||
|
|
||||||
The iio tools have been updated as new event types have been added to
|
|
||||||
the kernel. The tools currently use the standard system headers which
|
|
||||||
means that the system may not have the newest defintitions. This leads
|
|
||||||
to build failures when building newer tools on older hosts:
|
|
||||||
|
|
||||||
gcc -Wall -g -D_GNU_SOURCE -c -o iio_event_monitor.o
|
|
||||||
iio_event_monitor.c
|
|
||||||
iio_event_monitor.c:59:3: error: ‘IIO_UVINDEX’ undeclared here (not in a
|
|
||||||
function)
|
|
||||||
[IIO_UVINDEX] = "uvindex",
|
|
||||||
^~~~~~~~~~~
|
|
||||||
iio_event_monitor.c:59:3: error: array index in initializer not of
|
|
||||||
integer type
|
|
||||||
iio_event_monitor.c:59:3: note: (near initialization for
|
|
||||||
‘iio_chan_type_name_spec’)
|
|
||||||
iio_event_monitor.c:97:3: error: ‘IIO_MOD_LIGHT_UV’ undeclared here (not
|
|
||||||
in a function)
|
|
||||||
[IIO_MOD_LIGHT_UV] = "uv",
|
|
||||||
^~~~~~~~~~~~~~~~
|
|
||||||
iio_event_monitor.c:97:3: error: array index in initializer not of
|
|
||||||
integer type
|
|
||||||
iio_event_monitor.c:97:3: note: (near initialization for
|
|
||||||
‘iio_modifier_names’)
|
|
||||||
<builtin>: recipe for target 'iio_event_monitor.o' failed
|
|
||||||
|
|
||||||
Switch to using the header from the kernel tree to ensure the newest
|
|
||||||
defintions are always picked up.
|
|
||||||
|
|
||||||
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
|
||||||
---
|
|
||||||
tools/iio/iio_event_monitor.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tools/iio/iio_event_monitor.c b/tools/iio/iio_event_monitor.c
|
|
||||||
index d9b7e0f..f02523d 100644
|
|
||||||
--- a/tools/iio/iio_event_monitor.c
|
|
||||||
+++ b/tools/iio/iio_event_monitor.c
|
|
||||||
@@ -26,7 +26,7 @@
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include "iio_utils.h"
|
|
||||||
#include <linux/iio/events.h>
|
|
||||||
-#include <linux/iio/types.h>
|
|
||||||
+#include "../../include/uapi/linux/iio/types.h"
|
|
||||||
|
|
||||||
static const char * const iio_chan_type_name_spec[] = {
|
|
||||||
[IIO_VOLTAGE] = "voltage",
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
|
@ -1,217 +0,0 @@
|
||||||
From 6b6203b92cfb457a0669a9c87a29b360405bffc6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
|
||||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
|
||||||
Subject: [PATCH 10/20] Add option to automatically enforce module signatures
|
|
||||||
when in Secure Boot mode
|
|
||||||
|
|
||||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
|
||||||
only load signed bootloaders and kernels. Certain use cases may also
|
|
||||||
require that all kernel modules also be signed. Add a configuration option
|
|
||||||
that enforces this automatically when enabled.
|
|
||||||
|
|
||||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|
||||||
---
|
|
||||||
Documentation/x86/zero-page.txt | 2 ++
|
|
||||||
arch/x86/Kconfig | 11 ++++++
|
|
||||||
arch/x86/boot/compressed/eboot.c | 66 +++++++++++++++++++++++++++++++++++
|
|
||||||
arch/x86/include/uapi/asm/bootparam.h | 3 +-
|
|
||||||
arch/x86/kernel/setup.c | 6 ++++
|
|
||||||
include/linux/module.h | 6 ++++
|
|
||||||
kernel/module.c | 7 ++++
|
|
||||||
7 files changed, 100 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
|
||||||
index 95a4d34af3fd..b8527c6b7646 100644
|
|
||||||
--- a/Documentation/x86/zero-page.txt
|
|
||||||
+++ b/Documentation/x86/zero-page.txt
|
|
||||||
@@ -31,6 +31,8 @@ Offset Proto Name Meaning
|
|
||||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
|
||||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
|
||||||
(below)
|
|
||||||
+1EB/001 ALL kbd_status Numlock is enabled
|
|
||||||
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
|
|
||||||
1EF/001 ALL sentinel Used to detect broken bootloaders
|
|
||||||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
|
||||||
2D0/A00 ALL e820_map E820 memory map table
|
|
||||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
|
||||||
index bada636d1065..d666ef8b616c 100644
|
|
||||||
--- a/arch/x86/Kconfig
|
|
||||||
+++ b/arch/x86/Kconfig
|
|
||||||
@@ -1786,6 +1786,17 @@ config EFI_MIXED
|
|
||||||
|
|
||||||
If unsure, say N.
|
|
||||||
|
|
||||||
+config EFI_SECURE_BOOT_SIG_ENFORCE
|
|
||||||
+ def_bool n
|
|
||||||
+ depends on EFI
|
|
||||||
+ prompt "Force module signing when UEFI Secure Boot is enabled"
|
|
||||||
+ ---help---
|
|
||||||
+ UEFI Secure Boot provides a mechanism for ensuring that the
|
|
||||||
+ firmware will only load signed bootloaders and kernels. Certain
|
|
||||||
+ use cases may also require that all kernel modules also be signed.
|
|
||||||
+ Say Y here to automatically enable module signature enforcement
|
|
||||||
+ when a system boots with UEFI Secure Boot enabled.
|
|
||||||
+
|
|
||||||
config SECCOMP
|
|
||||||
def_bool y
|
|
||||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
|
||||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
|
||||||
index cc69e37548db..ebc85c1eefd6 100644
|
|
||||||
--- a/arch/x86/boot/compressed/eboot.c
|
|
||||||
+++ b/arch/x86/boot/compressed/eboot.c
|
|
||||||
@@ -12,6 +12,7 @@
|
|
||||||
#include <asm/efi.h>
|
|
||||||
#include <asm/setup.h>
|
|
||||||
#include <asm/desc.h>
|
|
||||||
+#include <asm/bootparam_utils.h>
|
|
||||||
|
|
||||||
#include "../string.h"
|
|
||||||
#include "eboot.h"
|
|
||||||
@@ -537,6 +538,67 @@ static void setup_efi_pci(struct boot_params *params)
|
|
||||||
efi_call_early(free_pool, pci_handle);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static int get_secure_boot(void)
|
|
||||||
+{
|
|
||||||
+ u8 sb, setup;
|
|
||||||
+ unsigned long datasize = sizeof(sb);
|
|
||||||
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
|
||||||
+ efi_status_t status;
|
|
||||||
+
|
|
||||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
|
||||||
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
|
|
||||||
+
|
|
||||||
+ if (status != EFI_SUCCESS)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (sb == 0)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
|
||||||
+ L"SetupMode", &var_guid, NULL, &datasize,
|
|
||||||
+ &setup);
|
|
||||||
+
|
|
||||||
+ if (status != EFI_SUCCESS)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (setup == 1)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * See if we have Graphics Output Protocol
|
|
||||||
+ */
|
|
||||||
+static efi_status_t setup_gop(struct screen_info *si, efi_guid_t *proto,
|
|
||||||
+ unsigned long size)
|
|
||||||
+{
|
|
||||||
+ efi_status_t status;
|
|
||||||
+ void **gop_handle = NULL;
|
|
||||||
+
|
|
||||||
+ status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
|
|
||||||
+ size, (void **)&gop_handle);
|
|
||||||
+ if (status != EFI_SUCCESS)
|
|
||||||
+ return status;
|
|
||||||
+
|
|
||||||
+ status = efi_call_early(locate_handle,
|
|
||||||
+ EFI_LOCATE_BY_PROTOCOL,
|
|
||||||
+ proto, NULL, &size, gop_handle);
|
|
||||||
+ if (status != EFI_SUCCESS)
|
|
||||||
+ goto free_handle;
|
|
||||||
+
|
|
||||||
+ if (efi_early->is64)
|
|
||||||
+ status = setup_gop64(si, proto, size, gop_handle);
|
|
||||||
+ else
|
|
||||||
+ status = setup_gop32(si, proto, size, gop_handle);
|
|
||||||
+
|
|
||||||
+free_handle:
|
|
||||||
+ efi_call_early(free_pool, gop_handle);
|
|
||||||
+ return status;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static efi_status_t
|
|
||||||
setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height)
|
|
||||||
{
|
|
||||||
@@ -1094,6 +1156,10 @@ struct boot_params *efi_main(struct efi_config *c,
|
|
||||||
else
|
|
||||||
setup_boot_services32(efi_early);
|
|
||||||
|
|
||||||
+ sanitize_boot_params(boot_params);
|
|
||||||
+
|
|
||||||
+ boot_params->secure_boot = get_secure_boot();
|
|
||||||
+
|
|
||||||
setup_graphics(boot_params);
|
|
||||||
|
|
||||||
setup_efi_pci(boot_params);
|
|
||||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
|
||||||
index c18ce67495fa..2b3e5427097b 100644
|
|
||||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
|
||||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
|
||||||
@@ -134,7 +134,8 @@ struct boot_params {
|
|
||||||
__u8 eddbuf_entries; /* 0x1e9 */
|
|
||||||
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
|
|
||||||
__u8 kbd_status; /* 0x1eb */
|
|
||||||
- __u8 _pad5[3]; /* 0x1ec */
|
|
||||||
+ __u8 secure_boot; /* 0x1ec */
|
|
||||||
+ __u8 _pad5[2]; /* 0x1ed */
|
|
||||||
/*
|
|
||||||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
|
||||||
*
|
|
||||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
|
||||||
index bbfbca5fea0c..d40e961753c9 100644
|
|
||||||
--- a/arch/x86/kernel/setup.c
|
|
||||||
+++ b/arch/x86/kernel/setup.c
|
|
||||||
@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
|
|
||||||
|
|
||||||
io_delay_init();
|
|
||||||
|
|
||||||
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
|
||||||
+ if (boot_params.secure_boot) {
|
|
||||||
+ enforce_signed_modules();
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
|
||||||
*/
|
|
||||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
|
||||||
index 05bd6c989a0c..32327704e18d 100644
|
|
||||||
--- a/include/linux/module.h
|
|
||||||
+++ b/include/linux/module.h
|
|
||||||
@@ -260,6 +260,12 @@ extern const typeof(name) __mod_##type##__##name##_device_table \
|
|
||||||
|
|
||||||
struct notifier_block;
|
|
||||||
|
|
||||||
+#ifdef CONFIG_MODULE_SIG
|
|
||||||
+extern void enforce_signed_modules(void);
|
|
||||||
+#else
|
|
||||||
+static inline void enforce_signed_modules(void) {};
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#ifdef CONFIG_MODULES
|
|
||||||
|
|
||||||
extern int modules_disabled; /* for sysctl */
|
|
||||||
diff --git a/kernel/module.c b/kernel/module.c
|
|
||||||
index cb864505d020..cb1f1da69bf4 100644
|
|
||||||
--- a/kernel/module.c
|
|
||||||
+++ b/kernel/module.c
|
|
||||||
@@ -4285,6 +4285,13 @@ void module_layout(struct module *mod,
|
|
||||||
EXPORT_SYMBOL(module_layout);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifdef CONFIG_MODULE_SIG
|
|
||||||
+void enforce_signed_modules(void)
|
|
||||||
+{
|
|
||||||
+ sig_enforce = true;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
bool secure_modules(void)
|
|
||||||
{
|
|
||||||
#ifdef CONFIG_MODULE_SIG
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
From fb2ac204a70da565de9ef9a9d6d69a40c2d59727 Mon Sep 17 00:00:00 2001
|
From 7ec379c439ea60507804f96910d25196ab838ec4 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Fri, 5 May 2017 08:21:56 +0100
|
Date: Fri, 5 May 2017 08:21:56 +0100
|
||||||
Subject: [PATCH] KEYS: Allow unrestricted boot-time addition of keys to
|
Subject: [PATCH] KEYS: Allow unrestricted boot-time addition of keys to
|
||||||
|
@ -12,6 +12,7 @@ This allows keys in the UEFI database to be added in secure boot mode for
|
||||||
the purposes of module signing.
|
the purposes of module signing.
|
||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
|
Signed-off-by: Jeremy Cline <jcline@redhat.com>
|
||||||
---
|
---
|
||||||
certs/internal.h | 18 ++++++++++++++++++
|
certs/internal.h | 18 ++++++++++++++++++
|
||||||
certs/system_keyring.c | 33 +++++++++++++++++++++++++++++++++
|
certs/system_keyring.c | 33 +++++++++++++++++++++++++++++++++
|
||||||
|
@ -20,7 +21,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||||
|
|
||||||
diff --git a/certs/internal.h b/certs/internal.h
|
diff --git a/certs/internal.h b/certs/internal.h
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..5dcbefb
|
index 000000000000..5dcbefb0c23a
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/certs/internal.h
|
+++ b/certs/internal.h
|
||||||
@@ -0,0 +1,18 @@
|
@@ -0,0 +1,18 @@
|
||||||
|
@ -43,21 +44,21 @@ index 0000000..5dcbefb
|
||||||
+ const void *data, size_t len);
|
+ const void *data, size_t len);
|
||||||
+#endif
|
+#endif
|
||||||
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
|
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
|
||||||
index 6251d1b..5ac8ba6 100644
|
index c05c29ae4d5d..183e73cc81f7 100644
|
||||||
--- a/certs/system_keyring.c
|
--- a/certs/system_keyring.c
|
||||||
+++ b/certs/system_keyring.c
|
+++ b/certs/system_keyring.c
|
||||||
@@ -18,6 +18,7 @@
|
@@ -19,6 +19,7 @@
|
||||||
#include <keys/asymmetric-type.h>
|
#include <keys/asymmetric-type.h>
|
||||||
#include <keys/system_keyring.h>
|
#include <keys/system_keyring.h>
|
||||||
#include <crypto/pkcs7.h>
|
#include <crypto/pkcs7.h>
|
||||||
+#include "internal.h"
|
+#include "internal.h"
|
||||||
|
|
||||||
static struct key *builtin_trusted_keys;
|
static struct key *builtin_trusted_keys;
|
||||||
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
||||||
@@ -265,3 +266,35 @@ int verify_pkcs7_signature(const void *data, size_t len,
|
@@ -287,3 +288,35 @@ void __init set_platform_trusted_keys(struct key *keyring)
|
||||||
EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
|
platform_trusted_keys = keyring;
|
||||||
|
}
|
||||||
#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
|
#endif
|
||||||
+
|
+
|
||||||
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
||||||
+/**
|
+/**
|
||||||
|
@ -91,5 +92,5 @@ index 6251d1b..5ac8ba6 100644
|
||||||
+}
|
+}
|
||||||
+#endif /* CONFIG_SECONDARY_TRUSTED_KEYRING */
|
+#endif /* CONFIG_SECONDARY_TRUSTED_KEYRING */
|
||||||
--
|
--
|
||||||
2.9.3
|
2.20.1
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
From a446d2f94ce540689c7a46bf457d92409e9c4d7e Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Stone <jistone@redhat.com>
|
From: Josh Stone <jistone@redhat.com>
|
||||||
Date: Fri, 21 Nov 2014 10:40:00 -0800
|
Date: Fri, 21 Nov 2014 10:40:00 -0800
|
||||||
Subject: [PATCH] Kbuild: Add an option to enable GCC VTA
|
Subject: [PATCH] Kbuild: Add an option to enable GCC VTA
|
||||||
|
@ -37,32 +38,33 @@ Cc: Andrew Morton <akpm@linux-foundation.org>
|
||||||
Cc: Markus Trippelsdorf <markus@trippelsdorf.de>
|
Cc: Markus Trippelsdorf <markus@trippelsdorf.de>
|
||||||
Cc: Michel Dänzer <michel@daenzer.net>
|
Cc: Michel Dänzer <michel@daenzer.net>
|
||||||
Signed-off-by: Josh Stone <jistone@redhat.com>
|
Signed-off-by: Josh Stone <jistone@redhat.com>
|
||||||
|
Signed-off-by: Jeremy Cline <jcline@redhat.com>
|
||||||
---
|
---
|
||||||
Makefile | 4 ++++
|
Makefile | 4 ++++
|
||||||
lib/Kconfig.debug | 18 +++++++++++++++++-
|
lib/Kconfig.debug | 18 +++++++++++++++++-
|
||||||
2 files changed, 21 insertions(+), 1 deletion(-)
|
2 files changed, 21 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index 257ef5892ab7..3cc6f4477e78 100644
|
index 9ef547fc7ffe..5777d902f8f3 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -701,7 +701,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
|
@@ -735,7 +735,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
|
||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
+ifdef CONFIG_DEBUG_INFO_VTA
|
+ifdef CONFIG_DEBUG_INFO_VTA
|
||||||
+KBUILD_CFLAGS += $(call cc-option, -fvar-tracking-assignments)
|
+DEBUG_CFLAGS += $(call cc-option, -fvar-tracking-assignments)
|
||||||
+else
|
+else
|
||||||
KBUILD_CFLAGS += $(call cc-option, -fno-var-tracking-assignments)
|
DEBUG_CFLAGS := $(call cc-option, -fno-var-tracking-assignments)
|
||||||
+endif
|
+endif
|
||||||
|
|
||||||
ifdef CONFIG_DEBUG_INFO
|
ifdef CONFIG_DEBUG_INFO
|
||||||
ifdef CONFIG_DEBUG_INFO_SPLIT
|
ifdef CONFIG_DEBUG_INFO_SPLIT
|
||||||
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
|
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
|
||||||
index e2894b23efb6..d98afe18f704 100644
|
index 0d9e81779e37..424206212931 100644
|
||||||
--- a/lib/Kconfig.debug
|
--- a/lib/Kconfig.debug
|
||||||
+++ b/lib/Kconfig.debug
|
+++ b/lib/Kconfig.debug
|
||||||
@@ -165,7 +165,23 @@ config DEBUG_INFO_DWARF4
|
@@ -217,7 +217,23 @@ config DEBUG_INFO_DWARF4
|
||||||
Generate dwarf4 debug info. This requires recent versions
|
Generate dwarf4 debug info. This requires recent versions
|
||||||
of gcc and gdb. It makes the debug information larger.
|
of gcc and gdb. It makes the debug information larger.
|
||||||
But it significantly improves the success of resolving
|
But it significantly improves the success of resolving
|
||||||
|
@ -87,3 +89,6 @@ index e2894b23efb6..d98afe18f704 100644
|
||||||
|
|
||||||
config GDB_SCRIPTS
|
config GDB_SCRIPTS
|
||||||
bool "Provide GDB scripts for kernel debugging"
|
bool "Provide GDB scripts for kernel debugging"
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_DEBUG_PAGEALLOC is not set
|
|
|
@ -1 +0,0 @@
|
||||||
CONFIG_DEBUG_VM=y
|
|
|
@ -1 +0,0 @@
|
||||||
CONFIG_PM_TEST_SUSPEND=y
|
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_CROS_EC_DEBUGFS=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_CROS_EC_DEBUGFS=m
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_ARM_TEGRA124_CPUFREQ is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_BCM2835_POWER is not set
|
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_COMMON_CLK_FIXED_MMIO is not set
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_COMMON_RESET_HI3660 is not set
|
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES=y
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_CROS_EC_DEBUGFS is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_CROS_EC_LIGHTBAR is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_DEV_DAX_KMEM is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_DEV_DAX_PMEM_COMPAT is not set
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_DM_INIT=y
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_DRM_ETNAVIV is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_DRM_KOMEDA is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_DRM_PANEL_KINGDISPLAY_KD097D04 is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_DRM_PANEL_SITRONIX_ST7701 is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_DRM_PANEL_TPO_TPG110 is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_FSL_QDMA is not set
|
|
@ -1 +1 @@
|
||||||
CONFIG_GCC_PLUGIN_STACKLEAK=y
|
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
# CONFIG_GENERIC_PHY is not set
|
CONFIG_GENERIC_PHY=y
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_GPIO_AMD_FCH is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_GPIO_GW_PLD is not set
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_HID_MALTRON=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_HID_VIEWSONIC=m
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_INPUT_MSM_VIBRATOR is not set
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_IR_RCMM_DECODER=m
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_MFD_LOCHNAGAR is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_MFD_STPMIC1 is not set
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_MFD_TQMX86 is not set
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_MLX_WDT=m
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_NVMEM_ZYNQMP is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_PHY_MVEBU_A3700_COMPHY is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_PHY_MVEBU_A3700_UTMI is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_PHY_MVEBU_A38X_COMPHY is not set
|
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_PRINTK_CALLER is not set
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_QCOM_FASTRPC is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_QCOM_RPMHPD is not set
|
|
|
@ -1 +1 @@
|
||||||
CONFIG_RENESAS_PHY=m
|
# CONFIG_RENESAS_PHY is not set
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_RTC_DRV_ABEOZ9=m
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_RTC_DRV_CADENCE is not set
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_RTC_DRV_RV3028=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_RTC_DRV_SD3078=m
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_SERIAL_TEGRA_TCU is not set
|
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_TEST_STACKINIT is not set
|
|
@ -1 +1 @@
|
||||||
CONFIG_USB_EHCI_FSL=m
|
# CONFIG_USB_EHCI_FSL is not set
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_VALIDATE_FS_PARSER=y
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_ZYNQMP_PM_DOMAINS is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_ZYNQMP_POWER is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_CPU_BIG_ENDIAN is not set
|
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_CROS_EC_SYSFS=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_CROS_EC_VBC=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_DRM_ETNAVIV=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_DRM_ETNAVIV_THERMAL=y
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_DRM_KOMEDA=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_DRM_PANEL_KINGDISPLAY_KD097D04=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_DRM_PANEL_SITRONIX_ST7701=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_DRM_PANEL_TPO_TPG110=m
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_EXTCON_MAX3355 is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_EXTCON_RT8973A is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_EXTCON_SM5502 is not set
|
|
|
@ -1 +0,0 @@
|
||||||
CONFIG_GENERIC_PHY=y
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_IP_DCCP is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_LATTICE_ECP3_CONFIG is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_LOCK_STAT is not set
|
|
|
@ -1 +0,0 @@
|
||||||
CONFIG_MFD_WL1273_CORE=m
|
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_PCIE_ROCKCHIP is not set
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_PCI_FTPCI100 is not set
|
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_PHY_CADENCE_DPHY=m
|
|
@ -1 +1 @@
|
||||||
CONFIG_PHY_MVEBU_A3700_COMPHY=m
|
# CONFIG_PHY_MVEBU_A3700_COMPHY is not set
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
CONFIG_PHY_MVEBU_A3700_UTMI=m
|
# CONFIG_PHY_MVEBU_A3700_UTMI is not set
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_PHY_SUN6I_MIPI_DPHY=m
|
|
@ -1 +0,0 @@
|
||||||
CONFIG_PM_OPP=y
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_PWM_FSL_FTM is not set
|
|
|
@ -0,0 +1 @@
|
||||||
|
# CONFIG_PWM_IMX1 is not set
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_PWM_IMX27=m
|
|
@ -0,0 +1 @@
|
||||||
|
CONFIG_QCOM_FASTRPC=m
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_REGULATOR_AD5398 is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_REGULATOR_DA9210 is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_REGULATOR_DA9211 is not set
|
|
|
@ -1 +1 @@
|
||||||
CONFIG_REGULATOR_GPIO=m
|
CONFIG_REGULATOR_GPIO=y
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_REGULATOR_ISL6271A is not set
|
|
|
@ -1 +0,0 @@
|
||||||
# CONFIG_REGULATOR_ISL9305 is not set
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue