From 097cca69627f45fbff23f9761405c47d440535a7 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Thu, 2 May 2013 07:51:01 -0400 Subject: [PATCH] Linux v3.9-7391-g20b4fb4 --- cfg80211-mac80211-disconnect-on-suspend.patch | 219 ---------- config-generic | 13 + config-x86-generic | 1 + ... => devel-pekey-secure-boot-20130502.patch | 395 +++++++++--------- forcedeth-dma-error-check.patch | 132 ------ ...fi-fix-freeing-uninitialized-pointer.patch | 51 --- kernel.spec | 31 +- ...ieee80211_do_stop_while_suspend_v3.9.patch | 73 ---- sources | 2 +- ...fix-channel-disabling-race-condition.patch | 40 -- 10 files changed, 217 insertions(+), 740 deletions(-) delete mode 100644 cfg80211-mac80211-disconnect-on-suspend.patch rename devel-pekey-secure-boot-20130306.patch => devel-pekey-secure-boot-20130502.patch (95%) delete mode 100644 forcedeth-dma-error-check.patch delete mode 100644 iwlwifi-fix-freeing-uninitialized-pointer.patch delete mode 100644 mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch delete mode 100644 wireless-regulatory-fix-channel-disabling-race-condition.patch diff --git a/cfg80211-mac80211-disconnect-on-suspend.patch b/cfg80211-mac80211-disconnect-on-suspend.patch deleted file mode 100644 index b3180fb54..000000000 --- a/cfg80211-mac80211-disconnect-on-suspend.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 8125696991194aacb1173b6e8196d19098b44e17 Mon Sep 17 00:00:00 2001 -From: Stanislaw Gruszka -Date: Thu, 28 Feb 2013 09:55:25 +0000 -Subject: cfg80211/mac80211: disconnect on suspend - -If possible that after suspend, cfg80211 will receive request to -disconnect what require action on interface that was removed during -suspend. - -Problem can manifest itself by various warnings similar to below one: - -WARNING: at net/mac80211/driver-ops.h:12 ieee80211_bss_info_change_notify+0x2f9/0x300 [mac80211]() -wlan0: Failed check-sdata-in-driver check, flags: 0x4 -Call Trace: - [] warn_slowpath_fmt+0x33/0x40 - [] ieee80211_bss_info_change_notify+0x2f9/0x300 [mac80211] - [] ieee80211_recalc_ps_vif+0x2a/0x30 [mac80211] - [] ieee80211_set_disassoc+0xf6/0x500 [mac80211] - [] ieee80211_mgd_deauth+0x1f1/0x280 [mac80211] - [] ieee80211_deauth+0x16/0x20 [mac80211] - [] cfg80211_mlme_down+0x70/0xc0 [cfg80211] - [] __cfg80211_disconnect+0x1b1/0x1d0 [cfg80211] - -To fix the problem disconnect from any associated network before -suspend. User space is responsible to establish connection again -after resume. This basically need to be done by user space anyway, -because associated stations can go away during suspend (for example -NetworkManager disconnects on suspend and connect on resume by default). - -Patch also handle situation when driver refuse to suspend with wowlan -configured and try to suspend again without it. - -Signed-off-by: Stanislaw Gruszka -Signed-off-by: Johannes Berg ---- -diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index d0275f3..4d105c7 100644 ---- a/net/mac80211/pm.c -+++ b/net/mac80211/pm.c -@@ -93,7 +93,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - return err; - } else if (err > 0) { - WARN_ON(err != 1); -- local->wowlan = false; -+ return err; - } else { - list_for_each_entry(sdata, &local->interfaces, list) - if (ieee80211_sdata_running(sdata)) -diff --git a/net/wireless/core.c b/net/wireless/core.c -index ea4155f..f382cae 100644 ---- a/net/wireless/core.c -+++ b/net/wireless/core.c -@@ -814,6 +814,46 @@ void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev, - rdev->num_running_monitor_ifaces += num; - } - -+void cfg80211_leave(struct cfg80211_registered_device *rdev, -+ struct wireless_dev *wdev) -+{ -+ struct net_device *dev = wdev->netdev; -+ -+ switch (wdev->iftype) { -+ case NL80211_IFTYPE_ADHOC: -+ cfg80211_leave_ibss(rdev, dev, true); -+ break; -+ case NL80211_IFTYPE_P2P_CLIENT: -+ case NL80211_IFTYPE_STATION: -+ mutex_lock(&rdev->sched_scan_mtx); -+ __cfg80211_stop_sched_scan(rdev, false); -+ mutex_unlock(&rdev->sched_scan_mtx); -+ -+ wdev_lock(wdev); -+#ifdef CONFIG_CFG80211_WEXT -+ kfree(wdev->wext.ie); -+ wdev->wext.ie = NULL; -+ wdev->wext.ie_len = 0; -+ wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; -+#endif -+ __cfg80211_disconnect(rdev, dev, -+ WLAN_REASON_DEAUTH_LEAVING, true); -+ cfg80211_mlme_down(rdev, dev); -+ wdev_unlock(wdev); -+ break; -+ case NL80211_IFTYPE_MESH_POINT: -+ cfg80211_leave_mesh(rdev, dev); -+ break; -+ case NL80211_IFTYPE_AP: -+ cfg80211_stop_ap(rdev, dev); -+ break; -+ default: -+ break; -+ } -+ -+ wdev->beacon_interval = 0; -+} -+ - static int cfg80211_netdev_notifier_call(struct notifier_block *nb, - unsigned long state, - void *ndev) -@@ -882,38 +922,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb, - dev->priv_flags |= IFF_DONT_BRIDGE; - break; - case NETDEV_GOING_DOWN: -- switch (wdev->iftype) { -- case NL80211_IFTYPE_ADHOC: -- cfg80211_leave_ibss(rdev, dev, true); -- break; -- case NL80211_IFTYPE_P2P_CLIENT: -- case NL80211_IFTYPE_STATION: -- mutex_lock(&rdev->sched_scan_mtx); -- __cfg80211_stop_sched_scan(rdev, false); -- mutex_unlock(&rdev->sched_scan_mtx); -- -- wdev_lock(wdev); --#ifdef CONFIG_CFG80211_WEXT -- kfree(wdev->wext.ie); -- wdev->wext.ie = NULL; -- wdev->wext.ie_len = 0; -- wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; --#endif -- __cfg80211_disconnect(rdev, dev, -- WLAN_REASON_DEAUTH_LEAVING, true); -- cfg80211_mlme_down(rdev, dev); -- wdev_unlock(wdev); -- break; -- case NL80211_IFTYPE_MESH_POINT: -- cfg80211_leave_mesh(rdev, dev); -- break; -- case NL80211_IFTYPE_AP: -- cfg80211_stop_ap(rdev, dev); -- break; -- default: -- break; -- } -- wdev->beacon_interval = 0; -+ cfg80211_leave(rdev, wdev); - break; - case NETDEV_DOWN: - cfg80211_update_iface_num(rdev, wdev->iftype, -1); -diff --git a/net/wireless/core.h b/net/wireless/core.h -index 9a2be8d..d5d06fd 100644 ---- a/net/wireless/core.h -+++ b/net/wireless/core.h -@@ -503,6 +503,9 @@ int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev, - void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev, - enum nl80211_iftype iftype, int num); - -+void cfg80211_leave(struct cfg80211_registered_device *rdev, -+ struct wireless_dev *wdev); -+ - void cfg80211_stop_p2p_device(struct cfg80211_registered_device *rdev, - struct wireless_dev *wdev); - -diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h -index 8c8b26f..d77e1c1 100644 ---- a/net/wireless/rdev-ops.h -+++ b/net/wireless/rdev-ops.h -@@ -6,11 +6,12 @@ - #include "core.h" - #include "trace.h" - --static inline int rdev_suspend(struct cfg80211_registered_device *rdev) -+static inline int rdev_suspend(struct cfg80211_registered_device *rdev, -+ struct cfg80211_wowlan *wowlan) - { - int ret; -- trace_rdev_suspend(&rdev->wiphy, rdev->wowlan); -- ret = rdev->ops->suspend(&rdev->wiphy, rdev->wowlan); -+ trace_rdev_suspend(&rdev->wiphy, wowlan); -+ ret = rdev->ops->suspend(&rdev->wiphy, wowlan); - trace_rdev_return_int(&rdev->wiphy, ret); - return ret; - } -diff --git a/net/wireless/sysfs.c b/net/wireless/sysfs.c -index 238ee49..8f28b9f 100644 ---- a/net/wireless/sysfs.c -+++ b/net/wireless/sysfs.c -@@ -83,6 +83,14 @@ static int wiphy_uevent(struct device *dev, struct kobj_uevent_env *env) - return 0; - } - -+static void cfg80211_leave_all(struct cfg80211_registered_device *rdev) -+{ -+ struct wireless_dev *wdev; -+ -+ list_for_each_entry(wdev, &rdev->wdev_list, list) -+ cfg80211_leave(rdev, wdev); -+} -+ - static int wiphy_suspend(struct device *dev, pm_message_t state) - { - struct cfg80211_registered_device *rdev = dev_to_rdev(dev); -@@ -90,12 +98,19 @@ static int wiphy_suspend(struct device *dev, pm_message_t state) - - rdev->suspend_at = get_seconds(); - -- if (rdev->ops->suspend) { -- rtnl_lock(); -- if (rdev->wiphy.registered) -- ret = rdev_suspend(rdev); -- rtnl_unlock(); -+ rtnl_lock(); -+ if (rdev->wiphy.registered) { -+ if (!rdev->wowlan) -+ cfg80211_leave_all(rdev); -+ if (rdev->ops->suspend) -+ ret = rdev_suspend(rdev, rdev->wowlan); -+ if (ret == 1) { -+ /* Driver refuse to configure wowlan */ -+ cfg80211_leave_all(rdev); -+ ret = rdev_suspend(rdev, NULL); -+ } - } -+ rtnl_unlock(); - - return ret; - } --- -cgit v0.9.1 diff --git a/config-generic b/config-generic index fdee19c6d..075f207e9 100644 --- a/config-generic +++ b/config-generic @@ -656,6 +656,9 @@ CONFIG_NET=y CONFIG_NET_DMA=y +CONFIG_NETLINK_MMAP=y +CONFIG_NETLINK_DIAG=m + CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y @@ -1041,6 +1044,7 @@ CONFIG_IP_DCCP_CCID3=y # CONFIG_TIPC=m CONFIG_TIPC_PORTS=8192 +# CONFIG_TIPC_MEDIA_IB is not set # CONFIG_TIPC_ADVANCED is not set # CONFIG_TIPC_DEBUG is not set @@ -1111,6 +1115,8 @@ CONFIG_DNS_RESOLVER=m CONFIG_BATMAN_ADV=m CONFIG_BATMAN_ADV_BLA=y CONFIG_BATMAN_ADV_DAT=y +CONFIG_BATMAN_ADV_NC=y + # CONFIG_BATMAN_ADV_DEBUG is not set CONFIG_OPENVSWITCH=m CONFIG_VSOCKETS=m @@ -1137,6 +1143,7 @@ CONFIG_NET_TEAM_MODE_ROUNDROBIN=m CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m CONFIG_NET_TEAM_MODE_LOADBALANCE=m CONFIG_NET_TEAM_MODE_BROADCAST=m +CONFIG_NET_TEAM_MODE_RANDOM=m CONFIG_DUMMY=m CONFIG_BONDING=m CONFIG_MACVLAN=m @@ -1336,6 +1343,7 @@ CONFIG_YELLOWFIN=m CONFIG_NET_VENDOR_QLOGIC=y CONFIG_QLA3XXX=m CONFIG_QLCNIC=m +CONFIG_QLCNIC_SRIOV=y CONFIG_QLGE=m CONFIG_NETXEN_NIC=m @@ -1526,6 +1534,7 @@ CONFIG_ATH6KL=m CONFIG_ATH6KL_DEBUG=y CONFIG_ATH6KL_SDIO=m CONFIG_ATH6KL_USB=m +# CONFIG_ATH6KL_TRACING is not set CONFIG_AR5523=m CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y @@ -1630,6 +1639,7 @@ CONFIG_RT2800USB=m CONFIG_RT2800USB_RT33XX=y CONFIG_RT2800USB_RT35XX=y CONFIG_RT2800USB_RT53XX=y +CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800PCI=m CONFIG_RT2800PCI_RT3290=y @@ -1666,6 +1676,7 @@ CONFIG_RTL8192SE=m CONFIG_RTL8192CU=m CONFIG_RTL8192DE=m CONFIG_RTL8723AE=m +CONFIG_RTL8188EE=m CONFIG_MWIFIEX=m CONFIG_MWIFIEX_SDIO=m @@ -1961,6 +1972,7 @@ CONFIG_INPUT_POLLDEV=m CONFIG_INPUT_SPARSEKMAP=m # CONFIG_INPUT_ADXL34X is not set # CONFIG_INPUT_BMA150 is not set +# CONFIG_INPUT_IMS_PCU is not set CONFIG_INPUT_CMA3000=m CONFIG_INPUT_CMA3000_I2C=m @@ -1979,6 +1991,7 @@ CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m # CONFIG_SERIO_PS2MULT is not set CONFIG_SERIO_ARC_PS2=m +# CONFIG_SERIO_APBPS2 is not set # CONFIG_SERIO_CT82C710 is not set # CONFIG_SERIO_PARKBD is not set diff --git a/config-x86-generic b/config-x86-generic index 58f8ed309..c6c130373 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -37,6 +37,7 @@ CONFIG_X86_PM_TIMER=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_VARS=y +CONFIG_EFIVAR_FS=y CONFIG_EFI_VARS_PSTORE=y CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y CONFIG_EFI_PCDP=y diff --git a/devel-pekey-secure-boot-20130306.patch b/devel-pekey-secure-boot-20130502.patch similarity index 95% rename from devel-pekey-secure-boot-20130306.patch rename to devel-pekey-secure-boot-20130502.patch index 85bcec738..703bbf5ad 100644 --- a/devel-pekey-secure-boot-20130306.patch +++ b/devel-pekey-secure-boot-20130502.patch @@ -1,7 +1,7 @@ -From 1693ee9461cddd18c607f7126ac3d300915dbc05 Mon Sep 17 00:00:00 2001 +From 888c361d20210d39863ba6f2b71adb84e0a926a7 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 18 Jan 2013 13:53:35 +0000 -Subject: [PATCH 02/48] KEYS: Load *.x509 files into kernel keyring +Subject: [PATCH 01/47] KEYS: Load *.x509 files into kernel keyring Load all the files matching the pattern "*.x509" that are to be found in kernel base source dir and base build dir into the module signing keyring. @@ -15,10 +15,10 @@ Signed-off-by: David Howells 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile -index bbde5f1..6cb07a0 100644 +index d1574d4..64c97da 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -140,17 +140,40 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE +@@ -141,17 +141,40 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE $(call if_changed,bc) ifeq ($(CONFIG_MODULE_SIG),y) @@ -78,13 +78,13 @@ index 246b4c6..0a60203 100644 + .incbin "kernel/x509_certificate_list" GLOBAL(modsign_certificate_list_end) -- -1.8.1.2 +1.8.1.4 -From 80e06b81dec8a01819170c4d102a05d98df4c6f7 Mon Sep 17 00:00:00 2001 +From 26a6bf8ffbe82d706c6de06746d760d9bc425ee5 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 18:39:54 +0000 -Subject: [PATCH 03/48] KEYS: Separate the kernel signature checking keyring +Subject: [PATCH 02/47] KEYS: Separate the kernel signature checking keyring from module signing Separate the kernel signature checking keyring from module signing so that it @@ -136,10 +136,10 @@ index 0000000..8dabc39 + +#endif /* _KEYS_SYSTEM_KEYRING_H */ diff --git a/init/Kconfig b/init/Kconfig -index 22616cd..e988655 100644 +index a76d131..b9d8870 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1575,6 +1575,18 @@ config BASE_SMALL +@@ -1615,6 +1615,18 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL @@ -158,7 +158,7 @@ index 22616cd..e988655 100644 menuconfig MODULES bool "Enable loadable module support" help -@@ -1647,6 +1659,7 @@ config MODULE_SRCVERSION_ALL +@@ -1687,6 +1699,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES @@ -167,10 +167,10 @@ index 22616cd..e988655 100644 select CRYPTO select ASYMMETRIC_KEY_TYPE diff --git a/kernel/Makefile b/kernel/Makefile -index 6cb07a0..a9ecd52 100644 +index 64c97da..ecff938 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -51,8 +51,9 @@ obj-$(CONFIG_SMP) += spinlock.o +@@ -52,8 +52,9 @@ obj-$(CONFIG_SMP) += spinlock.o obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o obj-$(CONFIG_PROVE_LOCKING) += spinlock.o obj-$(CONFIG_UID16) += uid16.o @@ -181,7 +181,7 @@ index 6cb07a0..a9ecd52 100644 obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_KEXEC) += kexec.o -@@ -139,13 +140,14 @@ targets += timeconst.h +@@ -140,13 +141,14 @@ targets += timeconst.h $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE $(call if_changed,bc) @@ -199,7 +199,7 @@ index 6cb07a0..a9ecd52 100644 X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y)) -@@ -161,10 +163,11 @@ $(shell rm $(obj)/.x509.list) +@@ -162,10 +164,11 @@ $(shell rm $(obj)/.x509.list) endif endif @@ -213,7 +213,7 @@ index 6cb07a0..a9ecd52 100644 targets += $(obj)/x509_certificate_list $(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list $(call if_changed,x509certs) -@@ -174,7 +177,9 @@ $(obj)/.x509.list: +@@ -175,7 +178,9 @@ $(obj)/.x509.list: @echo $(X509_CERTIFICATES) >$@ clean-files := x509_certificate_list .x509.list @@ -497,13 +497,13 @@ index 0000000..a3ca76f +} +late_initcall(load_system_certificate_list); -- -1.8.1.2 +1.8.1.4 -From a2512743c97ac3c236eaf9ce6b2879cb0ff61dd5 Mon Sep 17 00:00:00 2001 +From 4e2b0f425d73360fc40b8719b36e6e3ca94d458e Mon Sep 17 00:00:00 2001 From: David Howells Date: Thu, 17 Jan 2013 16:25:00 +0000 -Subject: [PATCH 04/48] KEYS: Add a 'trusted' flag and a 'trusted only' flag +Subject: [PATCH 03/47] KEYS: Add a 'trusted' flag and a 'trusted only' flag Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source or had a cryptographic signature chain that led back to a trusted key the @@ -626,13 +626,13 @@ index 6ece7f2..f18d7ff 100644 if (ret == 0) { ret = __key_link_check_live_key(keyring, key); -- -1.8.1.2 +1.8.1.4 -From a466fb7f25a238e646970d1dbdbb5143f9b3b066 Mon Sep 17 00:00:00 2001 +From 3deae827abdd3de9b7976b423279812d7559e580 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:32 +0000 -Subject: [PATCH 05/48] KEYS: Rename public key parameter name arrays +Subject: [PATCH 04/47] KEYS: Rename public key parameter name arrays Rename the arrays of public key parameters (public key algorithm names, hash algorithm names and ID type names) so that the array name ends in "_name". @@ -781,13 +781,13 @@ index 0034e36..0b6b870 100644 key = request_asymmetric_key(sig, ms.signer_len, -- -1.8.1.2 +1.8.1.4 -From bb9a97b29085a9dfbda5b32a6dbdfaec5612e46b Mon Sep 17 00:00:00 2001 +From 2acf1a703de1213ad85515a71873f57535dc057d Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:33 +0000 -Subject: [PATCH 06/48] KEYS: Move the algorithm pointer array from x509 to +Subject: [PATCH 05/47] KEYS: Move the algorithm pointer array from x509 to public_key.c Move the public-key algorithm pointer array from x509_public_key.c to @@ -863,13 +863,13 @@ index 619d570..46bde25 100644 enum pkey_hash_algo { PKEY_HASH_MD4, -- -1.8.1.2 +1.8.1.4 -From 35da3ee1a151d44c8e0b38422584918f39d66298 Mon Sep 17 00:00:00 2001 +From 3cc2c6f01277dfa00106c3e4f3f3ab8184025b90 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:33 +0000 -Subject: [PATCH 07/48] KEYS: Store public key algo ID in public_key struct +Subject: [PATCH 06/47] KEYS: Store public key algo ID in public_key struct Store public key algo ID in public_key struct for reference purposes. This allows it to be removed from the x509_certificate struct and used to find a @@ -948,13 +948,13 @@ index 46bde25..05778df 100644 union { MPI mpi[5]; -- -1.8.1.2 +1.8.1.4 -From a837dc33a6ca6a4c11d7485ac51951992e7ccf53 Mon Sep 17 00:00:00 2001 +From 7dcc63793a873198d3b3c4299f896e2896292d84 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:34 +0000 -Subject: [PATCH 08/48] KEYS: Split public_key_verify_signature() and make +Subject: [PATCH 07/47] KEYS: Split public_key_verify_signature() and make available Modify public_key_verify_signature() so that it now takes a public_key struct @@ -1064,13 +1064,13 @@ index fac574c..8cb2f70 100644 pr_debug("Cert Verification: %d\n", ret); -- -1.8.1.2 +1.8.1.4 -From def87e748398cfd083e79ae48556aa2144873fc4 Mon Sep 17 00:00:00 2001 +From da18477d1a1987dce0f3c5f78b62e5b223e2bf90 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:35 +0000 -Subject: [PATCH 09/48] KEYS: Store public key algo ID in public_key_signature +Subject: [PATCH 08/47] KEYS: Store public key algo ID in public_key_signature struct Store public key algorithm ID in public_key_signature struct for reference @@ -1097,13 +1097,13 @@ index 05778df..b34fda4 100644 union { MPI mpi[2]; -- -1.8.1.2 +1.8.1.4 -From 87230ff62f9901069b350c57aaa996dabe191165 Mon Sep 17 00:00:00 2001 +From 29d80acc90a95ef5614cf36d4e30835bcc014cc4 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:35 +0000 -Subject: [PATCH 10/48] X.509: struct x509_certificate needs struct tm +Subject: [PATCH 09/47] X.509: struct x509_certificate needs struct tm declaring struct x509_certificate needs struct tm declaring by #inclusion of linux/time.h @@ -1129,13 +1129,13 @@ index e583ad0..2d01182 100644 struct x509_certificate { -- -1.8.1.2 +1.8.1.4 -From 82c121f975c92d34202a9248f94de9c9ada4f9a2 Mon Sep 17 00:00:00 2001 +From ba3ba9e41abb17a7632075668e4f0a30edb59896 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:35 +0000 -Subject: [PATCH 11/48] X.509: Add bits needed for PKCS#7 +Subject: [PATCH 10/47] X.509: Add bits needed for PKCS#7 PKCS#7 validation requires access to the serial number and the raw names in an X.509 certificate. @@ -1227,13 +1227,13 @@ index 2d01182..a6ce46f 100644 /* -- -1.8.1.2 +1.8.1.4 -From 57fb22f1b578187da39d5edfdcaf22daea5fddcb Mon Sep 17 00:00:00 2001 +From 4d2f837ab3629d5b4b3bac2bbdbdf2d0060e74a8 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:36 +0000 -Subject: [PATCH 12/48] X.509: Embed public_key_signature struct and create +Subject: [PATCH 11/47] X.509: Embed public_key_signature struct and create filler function Embed a public_key_signature struct in struct x509_certificate, eliminating @@ -1495,13 +1495,13 @@ index 8cb2f70..b7c81d8 100644 if (!cert->fingerprint || !cert->authority) { pr_warn("Cert for '%s' must have SubjKeyId and AuthKeyId extensions\n", -- -1.8.1.2 +1.8.1.4 -From c882d17501c48b2ea515b2c6cba21d91ad3ce4c4 Mon Sep 17 00:00:00 2001 +From 822175026ad1d4640240d1fdd77b1f45ddd9e7a9 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:36 +0000 -Subject: [PATCH 13/48] X.509: Check the algorithm IDs obtained from parsing an +Subject: [PATCH 12/47] X.509: Check the algorithm IDs obtained from parsing an X.509 certificate Check that the algorithm IDs obtained from the ASN.1 parse by OID lookup @@ -1536,13 +1536,13 @@ index b7c81d8..eb368d4 100644 pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n", cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1, -- -1.8.1.2 +1.8.1.4 -From a5e4fc67608e4f63189263c9840eab47569ab78b Mon Sep 17 00:00:00 2001 +From 4a1a540f79d36d8b0b8970ea638648cef080057b Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:37 +0000 -Subject: [PATCH 14/48] X.509: Handle certificates that lack an +Subject: [PATCH 13/47] X.509: Handle certificates that lack an authorityKeyIdentifier field Handle certificates that lack an authorityKeyIdentifier field by assuming @@ -1583,13 +1583,13 @@ index eb368d4..0f55e3b 100644 if (ret < 0) goto error_free_cert; -- -1.8.1.2 +1.8.1.4 -From 91fc935afe02fedb2cbf4e77994d226f0fbd25eb Mon Sep 17 00:00:00 2001 +From f5e443e719cfb7cae2aea764ad3c9ec9ffba4f60 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:37 +0000 -Subject: [PATCH 15/48] X.509: Export certificate parse and free functions +Subject: [PATCH 14/47] X.509: Export certificate parse and free functions Export certificate parse and free functions for use by modules. @@ -1629,13 +1629,13 @@ index 931f069..9cf0e16 100644 /* * Note an OID when we find one for later processing when we know how -- -1.8.1.2 +1.8.1.4 -From 14b152615af5ca6b274714b1e515d7dcf142a55b Mon Sep 17 00:00:00 2001 +From 792a56d205765cf4ece16868929ad5fbe6b89df4 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:38 +0000 -Subject: [PATCH 16/48] PKCS#7: Implement a parser [RFC 2315] +Subject: [PATCH 15/47] PKCS#7: Implement a parser [RFC 2315] Implement a parser for a PKCS#7 signed-data message as described in part of RFC 2315. @@ -2242,13 +2242,13 @@ index 6926db7..edeff85 100644 /* Distinguished Name attribute IDs [RFC 2256] */ OID_commonName, /* 2.5.4.3 */ -- -1.8.1.2 +1.8.1.4 -From ec62dd1e7576f4b83d6374cd900049c7c555a7d0 Mon Sep 17 00:00:00 2001 +From 3b4b82eecde52c1bd75ab11ef7f8a5c13ec73c40 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:38 +0000 -Subject: [PATCH 17/48] PKCS#7: Digest the data in a signed-data message +Subject: [PATCH 16/47] PKCS#7: Digest the data in a signed-data message Digest the data in a PKCS#7 signed-data message and attach to the public_key_signature struct contained in the pkcs7_message struct. @@ -2416,13 +2416,13 @@ index 0000000..2f9f26c +} +EXPORT_SYMBOL_GPL(pkcs7_verify); -- -1.8.1.2 +1.8.1.4 -From e90ddcd9bc29ed13b4b2808029c6580f3444c5b3 Mon Sep 17 00:00:00 2001 +From e67fed4626a30dd11967abad9187013ff4185991 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:39 +0000 -Subject: [PATCH 18/48] PKCS#7: Find the right key in the PKCS#7 key list and +Subject: [PATCH 17/47] PKCS#7: Find the right key in the PKCS#7 key list and verify the signature Find the appropriate key in the PKCS#7 key list and verify the signature with @@ -2515,13 +2515,13 @@ index 2f9f26c..3f6f0e2 100644 } EXPORT_SYMBOL_GPL(pkcs7_verify); -- -1.8.1.2 +1.8.1.4 -From 8e22cd5881575b9dcdd45b29671935fce505d056 Mon Sep 17 00:00:00 2001 +From 87ec8d783c887617ee6e85f66a9ce1a03c627e87 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:39 +0000 -Subject: [PATCH 19/48] PKCS#7: Verify internal certificate chain +Subject: [PATCH 18/47] PKCS#7: Verify internal certificate chain Verify certificate chain in the X.509 certificates contained within the PKCS#7 message as far as possible. If any signature that we should be able to verify @@ -2631,13 +2631,13 @@ index 6b1d877..5e35fba 100644 char *issuer; /* Name of certificate issuer */ char *subject; /* Name of certificate subject */ -- -1.8.1.2 +1.8.1.4 -From 185c80f1aa2a59a7494db7f57eba30f54a46152a Mon Sep 17 00:00:00 2001 +From cc6c40318a05330e4bb201b35378d7c0a0278aaa Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:42 +0000 -Subject: [PATCH 20/48] PKCS#7: Find intersection between PKCS#7 message and +Subject: [PATCH 19/47] PKCS#7: Find intersection between PKCS#7 message and known, trusted keys Find the intersection between the X.509 certificate chain contained in a PKCS#7 @@ -2838,13 +2838,13 @@ index 0000000..cc226f5 +} +EXPORT_SYMBOL_GPL(pkcs7_validate_trust); -- -1.8.1.2 +1.8.1.4 -From 5b9065e00fb0d0b5fd87f41d8e4c19522a624d6f Mon Sep 17 00:00:00 2001 +From f20b0d77771133bd0d7e89932fef494f00687607 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:39 +0000 -Subject: [PATCH 21/48] Provide PE binary definitions +Subject: [PATCH 20/47] Provide PE binary definitions Provide some PE binary structural and constant definitions as taken from the pesign package sources. @@ -3311,13 +3311,13 @@ index 0000000..9234aef + +#endif /* __LINUX_PE_H */ -- -1.8.1.2 +1.8.1.4 -From 0514d1400ccf6602fa4f4a45d54e82c0386788fb Mon Sep 17 00:00:00 2001 +From d329754b0c2881b6331aacafab74a26b2d9262b3 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:40 +0000 -Subject: [PATCH 22/48] pefile: Parse a PE binary to find a key and a signature +Subject: [PATCH 21/47] pefile: Parse a PE binary to find a key and a signature contained therein Parse a PE binary to find a key and a signature contained therein. Later @@ -3605,13 +3605,13 @@ index 0000000..82bcaf6 + enum pkey_hash_algo digest_algo; /* Digest algorithm */ +}; -- -1.8.1.2 +1.8.1.4 -From 84598b0ba0da9e914fe13cd8e73b4d77a77f8a8e Mon Sep 17 00:00:00 2001 +From 3794d7963e17fc0b0c2f62164306b9a45cb2254e Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:40 +0000 -Subject: [PATCH 23/48] pefile: Strip the wrapper off of the cert data block +Subject: [PATCH 22/47] pefile: Strip the wrapper off of the cert data block The certificate data block in a PE binary has a wrapper around the PKCS#7 signature we actually want to get at. Strip this off and check that we've got @@ -3709,13 +3709,13 @@ index fb80cf0..f2d4df0 100644 } -- -1.8.1.2 +1.8.1.4 -From 6c9fdc4a6bb91f67ba83a164bed515f86b487804 Mon Sep 17 00:00:00 2001 +From f23895761a15e08959140091dc17004e7e6e2035 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:40 +0000 -Subject: [PATCH 24/48] pefile: Parse the presumed PKCS#7 content of the +Subject: [PATCH 23/47] pefile: Parse the presumed PKCS#7 content of the certificate blob Parse the content of the certificate blob, presuming it to be PKCS#7 format. @@ -3763,13 +3763,13 @@ index f2d4df0..056500f 100644 static struct asymmetric_key_parser pefile_key_parser = { -- -1.8.1.2 +1.8.1.4 -From 7816d32941300ae8ed25cc98baf13064854e6cb9 Mon Sep 17 00:00:00 2001 +From fcdb91196beb6235eed676c368a662cbdf92b804 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:41 +0000 -Subject: [PATCH 25/48] pefile: Parse the "Microsoft individual code signing" +Subject: [PATCH 24/47] pefile: Parse the "Microsoft individual code signing" data blob The PKCS#7 certificate should contain a "Microsoft individual code signing" @@ -4006,13 +4006,13 @@ index edeff85..332dcf5 100644 OID_sha256, /* 2.16.840.1.101.3.4.2.1 */ -- -1.8.1.2 +1.8.1.4 -From 9e97d5c51460969ff04d3027e734a69437518cfd Mon Sep 17 00:00:00 2001 +From 63204898d9491f8ba1b90dea8660e8ff778db993 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:41 +0000 -Subject: [PATCH 26/48] pefile: Digest the PE binary and compare to the PKCS#7 +Subject: [PATCH 25/47] pefile: Digest the PE binary and compare to the PKCS#7 data Digest the signed parts of the PE binary, canonicalising the section table @@ -4242,13 +4242,13 @@ index f1c8cc1..dfdb85e 100644 error: -- -1.8.1.2 +1.8.1.4 -From 2b5752323fc40cd9145150158f32b088fb0d4fa2 Mon Sep 17 00:00:00 2001 +From 17ed825e5f3f595665abd3fc11a6c180e6762b87 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 18 Jan 2013 13:58:35 +0000 -Subject: [PATCH 27/48] PEFILE: Validate PKCS#7 trust chain +Subject: [PATCH 26/47] PEFILE: Validate PKCS#7 trust chain Validate the PKCS#7 trust chain against the contents of the system keyring. @@ -4294,13 +4294,13 @@ index dfdb85e..edad948 100644 error: -- -1.8.1.2 +1.8.1.4 -From 1d94bb9d91322f250d870a1df94e24f9717a1660 Mon Sep 17 00:00:00 2001 +From ce9ca4236f691264a94bcbe10beda9ec5a035baf Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Jan 2013 15:33:42 +0000 -Subject: [PATCH 28/48] PEFILE: Load the contained key if we consider the +Subject: [PATCH 27/47] PEFILE: Load the contained key if we consider the container to be validly signed Load the key contained in the PE binary if the signature on the container can @@ -4385,13 +4385,13 @@ index 0f55e3b..c3e5a6d 100644 static struct asymmetric_key_parser x509_key_parser = { .owner = THIS_MODULE, -- -1.8.1.2 +1.8.1.4 -From ef929c440551421ba319fe2305a063706ce7c8a6 Mon Sep 17 00:00:00 2001 +From 395cc1b55a0645ced39f92b31ba3bcc141e59383 Mon Sep 17 00:00:00 2001 From: Chun-Yi Lee Date: Thu, 21 Feb 2013 19:23:49 +0800 -Subject: [PATCH 29/48] MODSIGN: Fix including certificate twice when the +Subject: [PATCH 28/47] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists This issue was found in devel-pekey branch on linux-modsign.git tree. The @@ -4424,10 +4424,10 @@ Signed-off-by: David Howells 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/Makefile b/kernel/Makefile -index a9ecd52..c94d081 100644 +index ecff938..52f3426 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -148,7 +148,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE +@@ -149,7 +149,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE # ############################################################################### ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) @@ -4440,13 +4440,13 @@ index a9ecd52..c94d081 100644 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y)) -- -1.8.1.2 +1.8.1.4 -From 614232115eed153b4f56f37319114a18d590daaa Mon Sep 17 00:00:00 2001 +From 0ef575739cff3fda47dd2a9415f066ab44dcc922 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 20 Sep 2012 10:40:56 -0400 -Subject: [PATCH 30/48] Secure boot: Add new capability +Subject: [PATCH 29/47] Secure boot: Add new capability Secure boot adds certain policy requirements, including that root must not be able to do anything that could cause the kernel to execute arbitrary code. @@ -4477,13 +4477,13 @@ index ba478fa..7109e65 100644 #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) -- -1.8.1.2 +1.8.1.4 -From 5c31721c6ec69d901a3f81a1cfa1518ca138ab75 Mon Sep 17 00:00:00 2001 +From 7312bed4fb9125d4880f11a64521b110079a3c0a Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Thu, 20 Sep 2012 10:41:05 -0400 -Subject: [PATCH 31/48] SELinux: define mapping for new Secure Boot capability +Subject: [PATCH 30/47] SELinux: define mapping for new Secure Boot capability Add the name of the new Secure Boot capability. This allows SELinux policies to properly map CAP_COMPROMISE_KERNEL to the appropriate @@ -4510,13 +4510,13 @@ index 14d04e6..ed99a2d 100644 { "tun_socket", { COMMON_SOCK_PERMS, "attach_queue", NULL } }, -- -1.8.1.2 +1.8.1.4 -From b7c947a5862f33eb44bc33211a89ac1d8fd32475 Mon Sep 17 00:00:00 2001 +From e99e1273b0a50d874d2a53461e95f74460e1b812 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Thu, 20 Sep 2012 10:41:02 -0400 -Subject: [PATCH 32/48] Secure boot: Add a dummy kernel parameter that will +Subject: [PATCH 31/47] Secure boot: Add a dummy kernel parameter that will switch on Secure Boot mode This forcibly drops CAP_COMPROMISE_KERNEL from both cap_permitted and cap_bset @@ -4530,10 +4530,10 @@ Signed-off-by: Josh Boyer 2 files changed, 24 insertions(+) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 4609e81..7c0b137 100644 +index 8c01a02..ee6c1ca 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -2683,6 +2683,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2744,6 +2744,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Note: increases power consumption, thus should only be enabled if running jitter sensitive (HPC/RT) workloads. @@ -4576,13 +4576,13 @@ index e0573a4..c3f4e3e 100644 * prepare_kernel_cred - Prepare a set of credentials for a kernel service * @daemon: A userspace daemon to be used as a reference -- -1.8.1.2 +1.8.1.4 -From b218aab3dcc56d27324b2fc170d620e98c726603 Mon Sep 17 00:00:00 2001 +From eeac2b5391d834eefebfae49a100244fdccc82e5 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 20 Sep 2012 10:41:03 -0400 -Subject: [PATCH 33/48] efi: Enable secure boot lockdown automatically when +Subject: [PATCH 32/47] efi: Enable secure boot lockdown automatically when enabled in firmware The firmware has a set of flags that indicate whether secure boot is enabled @@ -4616,10 +4616,10 @@ index 199f453..ff651d3 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index c205035..96d859d 100644 +index 35ee62f..0998ec7 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -861,6 +861,36 @@ fail: +@@ -906,6 +906,36 @@ fail: return status; } @@ -4656,7 +4656,7 @@ index c205035..96d859d 100644 /* * Because the x86 boot code expects to be passed a boot_params we * need to create one ourselves (usually the bootloader would create -@@ -1155,6 +1185,8 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, +@@ -1200,6 +1230,8 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) goto fail; @@ -4664,12 +4664,12 @@ index c205035..96d859d 100644 + setup_graphics(boot_params); - setup_efi_pci(boot_params); + setup_efi_vars(boot_params); diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h -index ae93f72..05ecc52 100644 +index 653668d..69a6c08 100644 --- a/arch/x86/include/asm/bootparam_utils.h +++ b/arch/x86/include/asm/bootparam_utils.h -@@ -22,9 +22,13 @@ static void sanitize_boot_params(struct boot_params *boot_params) +@@ -38,9 +38,13 @@ static void sanitize_boot_params(struct boot_params *boot_params) memset(&boot_params->olpc_ofw_header, 0, (char *)&boot_params->efi_info - (char *)&boot_params->olpc_ofw_header); @@ -4686,10 +4686,10 @@ index ae93f72..05ecc52 100644 (char *)&boot_params->edd_mbr_sig_buffer[0] - (char *)&boot_params->_pad7[0]); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h -index c15ddaf..85d7685 100644 +index 0874424..56b7d39 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h -@@ -131,7 +131,8 @@ struct boot_params { +@@ -132,7 +132,8 @@ struct boot_params { __u8 eddbuf_entries; /* 0x1e9 */ __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ __u8 kbd_status; /* 0x1eb */ @@ -4700,10 +4700,10 @@ index c15ddaf..85d7685 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 84d3285..2485897 100644 +index 56f7fcf..3af6cf8 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1098,6 +1098,13 @@ void __init setup_arch(char **cmdline_p) +@@ -1131,6 +1131,13 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); @@ -4731,10 +4731,10 @@ index 04421e8..9e69542 100644 * check for validity of credentials */ diff --git a/include/linux/efi.h b/include/linux/efi.h -index 9bf2f1f..1bf382b 100644 +index 2bc0ad7..10b167a 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -627,6 +627,7 @@ extern int __init efi_setup_pcdp_console(char *); +@@ -634,6 +634,7 @@ extern int __init efi_setup_pcdp_console(char *); #define EFI_RUNTIME_SERVICES 3 /* Can we use runtime services? */ #define EFI_MEMMAP 4 /* Can we use EFI memory map? */ #define EFI_64BIT 5 /* Is the firmware 64-bit? */ @@ -4743,13 +4743,13 @@ index 9bf2f1f..1bf382b 100644 #ifdef CONFIG_EFI # ifdef CONFIG_X86 -- -1.8.1.2 +1.8.1.4 -From c2a1ee697d989d5d5ba7c5d7c20abf6d320afe74 Mon Sep 17 00:00:00 2001 +From a1ac3b80b7a85d4fce665047b9701713fcfc1ea0 Mon Sep 17 00:00:00 2001 From: Dave Howells Date: Tue, 23 Oct 2012 09:30:54 -0400 -Subject: [PATCH 34/48] Add EFI signature data types +Subject: [PATCH 33/47] Add EFI signature data types Add the data types that are used for containing hashes, keys and certificates for cryptographic verification. @@ -4760,10 +4760,10 @@ Signed-off-by: David Howells 1 file changed, 20 insertions(+) diff --git a/include/linux/efi.h b/include/linux/efi.h -index 1bf382b..8902faf 100644 +index 10b167a..d3ef7c6 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -388,6 +388,12 @@ typedef efi_status_t efi_query_capsule_caps_t(efi_capsule_header_t **capsules, +@@ -389,6 +389,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si #define EFI_FILE_SYSTEM_GUID \ EFI_GUID( 0x964e5b22, 0x6459, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b ) @@ -4776,7 +4776,7 @@ index 1bf382b..8902faf 100644 typedef struct { efi_guid_t guid; u64 table; -@@ -523,6 +529,20 @@ typedef struct { +@@ -524,6 +530,20 @@ typedef struct { #define EFI_INVALID_TABLE_ADDR (~0UL) @@ -4798,13 +4798,13 @@ index 1bf382b..8902faf 100644 * All runtime access to EFI goes through this structure: */ -- -1.8.1.2 +1.8.1.4 -From 03401c77362c324756e7f4ce3b0e72f06e79e0d7 Mon Sep 17 00:00:00 2001 +From fac308c18ba449322666325f37f6a08ad818cf9f Mon Sep 17 00:00:00 2001 From: Dave Howells Date: Tue, 23 Oct 2012 09:36:28 -0400 -Subject: [PATCH 35/48] Add an EFI signature blob parser and key loader. +Subject: [PATCH 34/47] Add an EFI signature blob parser and key loader. X.509 certificates are loaded into the specified keyring as asymmetric type keys. @@ -4963,10 +4963,10 @@ index 0000000..424896a + return 0; +} diff --git a/include/linux/efi.h b/include/linux/efi.h -index 8902faf..ff3c599 100644 +index d3ef7c6..4f0fbb7 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -612,6 +612,10 @@ extern int efi_set_rtc_mmss(unsigned long nowtime); +@@ -619,6 +619,10 @@ extern int efi_set_rtc_mmss(unsigned long nowtime); extern void efi_reserve_boot_services(void); extern struct efi_memory_map memmap; @@ -4978,13 +4978,13 @@ index 8902faf..ff3c599 100644 * efi_range_is_wc - check the WC bit on an address range * @start: starting kvirt address -- -1.8.1.2 +1.8.1.4 -From 5f7f02ad9d46cf93090a0aed55530c44ce96cb96 Mon Sep 17 00:00:00 2001 +From 75560e565cb8a4e853a3b6f6c65ed70c1ba29039 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Fri, 26 Oct 2012 12:36:24 -0400 -Subject: [PATCH 36/48] KEYS: Add a system blacklist keyring +Subject: [PATCH 35/47] KEYS: Add a system blacklist keyring This adds an additional keyring that is used to store certificates that are blacklisted. This keyring is searched first when loading signed modules @@ -5015,10 +5015,10 @@ index 8dabc39..e466de1 100644 #endif /* _KEYS_SYSTEM_KEYRING_H */ diff --git a/init/Kconfig b/init/Kconfig -index e988655..3cac597 100644 +index b9d8870..4f9771f 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1587,6 +1587,15 @@ config SYSTEM_TRUSTED_KEYRING +@@ -1627,6 +1627,15 @@ config SYSTEM_TRUSTED_KEYRING Keys in this keyring are used by module signature checking. @@ -5093,13 +5093,13 @@ index dae8778..2913c70 100644 } -- -1.8.1.2 +1.8.1.4 -From 4fa15a799f5955b7f82b83953fc6726f9113e385 Mon Sep 17 00:00:00 2001 +From e46bf80471882ce1ab0b75dc954b2b59deec6fbb Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Fri, 26 Oct 2012 12:42:16 -0400 -Subject: [PATCH 37/48] MODSIGN: Import certificates from UEFI Secure Boot +Subject: [PATCH 36/47] MODSIGN: Import certificates from UEFI Secure Boot Secure Boot stores a list of allowed certificates in the 'db' variable. This imports those certificates into the system trusted keyring. This @@ -5119,15 +5119,15 @@ Signed-off-by: Josh Boyer include/linux/efi.h | 6 ++++ init/Kconfig | 9 +++++ kernel/Makefile | 3 ++ - kernel/modsign_uefi.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 109 insertions(+) + kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 110 insertions(+) create mode 100644 kernel/modsign_uefi.c diff --git a/include/linux/efi.h b/include/linux/efi.h -index ff3c599..8400949 100644 +index 4f0fbb7..7ac7a17 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -394,6 +394,12 @@ typedef efi_status_t efi_query_capsule_caps_t(efi_capsule_header_t **capsules, +@@ -395,6 +395,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si #define EFI_CERT_X509_GUID \ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) @@ -5141,10 +5141,10 @@ index ff3c599..8400949 100644 efi_guid_t guid; u64 table; diff --git a/init/Kconfig b/init/Kconfig -index 3cac597..e7e0216 100644 +index 4f9771f..da92f1c 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1705,6 +1705,15 @@ config MODULE_SIG_ALL +@@ -1745,6 +1745,15 @@ config MODULE_SIG_ALL comment "Do not forget to sign required modules with scripts/sign-file" depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL @@ -5161,10 +5161,10 @@ index 3cac597..e7e0216 100644 prompt "Which hash algorithm should modules be signed with?" depends on MODULE_SIG diff --git a/kernel/Makefile b/kernel/Makefile -index c94d081..94be1fc 100644 +index 52f3426..e2a616f 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -54,6 +54,7 @@ obj-$(CONFIG_UID16) += uid16.o +@@ -55,6 +55,7 @@ obj-$(CONFIG_UID16) += uid16.o obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULE_SIG) += module_signing.o @@ -5172,7 +5172,7 @@ index c94d081..94be1fc 100644 obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_KEXEC) += kexec.o -@@ -113,6 +114,8 @@ obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o +@@ -114,6 +115,8 @@ obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o $(obj)/configs.o: $(obj)/config_data.h @@ -5183,15 +5183,16 @@ index c94d081..94be1fc 100644 targets += config_data.gz diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c new file mode 100644 -index 0000000..df831ff +index 0000000..94b0eb3 --- /dev/null +++ b/kernel/modsign_uefi.c -@@ -0,0 +1,91 @@ +@@ -0,0 +1,92 @@ +#include +#include +#include +#include +#include ++#include +#include +#include +#include "module-internal.h" @@ -5279,13 +5280,13 @@ index 0000000..df831ff +} +late_initcall(load_uefi_certs); -- -1.8.1.2 +1.8.1.4 -From 439626853a29ad3a731d5563a0ee82645eb4f012 Mon Sep 17 00:00:00 2001 +From 8724600edad99706cce510645eff15f28787561a Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 20 Sep 2012 10:40:57 -0400 -Subject: [PATCH 38/48] PCI: Lock down BAR access in secure boot environments +Subject: [PATCH 37/47] PCI: Lock down BAR access in secure boot environments Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to cause @@ -5300,7 +5301,7 @@ Signed-off-by: Matthew Garrett 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 9c6e9bb..b966089 100644 +index 5b4a9d9..db2ff9e 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -622,6 +622,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, @@ -5334,11 +5335,11 @@ index 9c6e9bb..b966089 100644 } diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index 0b00947..7639f68 100644 +index 0812608..544132d 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c -@@ -139,6 +139,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof - int size = dp->size; +@@ -136,6 +136,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof + int size = dev->cfg_size; int cnt; + if (!capable(CAP_COMPROMISE_KERNEL)) @@ -5347,7 +5348,7 @@ index 0b00947..7639f68 100644 if (pos >= size) return 0; if (nbytes >= size) -@@ -219,6 +222,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd, +@@ -215,6 +218,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd, #endif /* HAVE_PCI_MMAP */ int ret = 0; @@ -5357,7 +5358,7 @@ index 0b00947..7639f68 100644 switch (cmd) { case PCIIOC_CONTROLLER: ret = pci_domain_nr(dev->bus); -@@ -259,7 +265,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) +@@ -253,7 +259,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) struct pci_filp_private *fpriv = file->private_data; int i, ret; @@ -5380,13 +5381,13 @@ index e1c1ec5..97e785f 100644 dev = pci_get_bus_and_slot(bus, dfn); -- -1.8.1.2 +1.8.1.4 -From 55d73bfee2d162dadf4f697cfeb1235a68c90aa8 Mon Sep 17 00:00:00 2001 +From 2361c561632c00e3974a092454ecc7daafb7cdf6 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 20 Sep 2012 10:40:58 -0400 -Subject: [PATCH 39/48] x86: Lock down IO port access in secure boot +Subject: [PATCH 38/47] x86: Lock down IO port access in secure boot environments IO port access would permit users to gain access to PCI configuration @@ -5437,13 +5438,13 @@ index 2c644af..7eee4d8 100644 return -EFAULT; while (count-- > 0 && i < 65536) { -- -1.8.1.2 +1.8.1.4 -From 985b096320b1689dbe91a97e999d0607f5461068 Mon Sep 17 00:00:00 2001 +From e97f4dd5b1baaae0854e8a5c87aa4be4d03d1854 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 20 Sep 2012 10:40:59 -0400 -Subject: [PATCH 40/48] ACPI: Limit access to custom_method +Subject: [PATCH 39/47] ACPI: Limit access to custom_method It must be impossible for even root to get code executed in kernel context under a secure boot environment. custom_method effectively allows arbitrary @@ -5469,13 +5470,13 @@ index 12b62f2..edf0710 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) -- -1.8.1.2 +1.8.1.4 -From 6fe8ea348f67771efa9738b4484e658521f42d1e Mon Sep 17 00:00:00 2001 +From f0389c3a6d823e2386ab4e21d9e012c4ebd310ac Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 20 Sep 2012 10:41:00 -0400 -Subject: [PATCH 41/48] asus-wmi: Restrict debugfs interface +Subject: [PATCH 40/47] asus-wmi: Restrict debugfs interface We have no way of validating what all of the Asus WMI methods do on a given machine, and there's a risk that some will allow hardware state to @@ -5522,13 +5523,13 @@ index c11b242..6d5f88f 100644 1, asus->debug.method_id, &input, &output); -- -1.8.1.2 +1.8.1.4 -From ddaafd6f64c317ad0fc33d06449e01632883b4b3 Mon Sep 17 00:00:00 2001 +From 2e507337fc23547c7a15e5a102647becf20dba77 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 20 Sep 2012 10:41:01 -0400 -Subject: [PATCH 42/48] Restrict /dev/mem and /dev/kmem in secure boot setups +Subject: [PATCH 41/47] Restrict /dev/mem and /dev/kmem in secure boot setups Allowing users to write to address space makes it possible for the kernel to be subverted. Restrict this when we need to protect the kernel. @@ -5563,13 +5564,13 @@ index 7eee4d8..772ee2b 100644 unsigned long to_write = min_t(unsigned long, count, (unsigned long)high_memory - p); -- -1.8.1.2 +1.8.1.4 -From acb828bd8b69f66957865a66420e543bf0666b21 Mon Sep 17 00:00:00 2001 +From ff22d9716846844f8c249dbc965684a8014efed0 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Thu, 20 Sep 2012 10:41:04 -0400 -Subject: [PATCH 43/48] acpi: Ignore acpi_rsdp kernel parameter in a secure +Subject: [PATCH 42/47] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment This option allows userspace to pass the RSDP address to the kernel. This @@ -5585,7 +5586,7 @@ Signed-off-by: Josh Boyer 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index 586e7e9..8950454 100644 +index e721863..ed82da7 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -245,7 +245,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); @@ -5598,13 +5599,13 @@ index 586e7e9..8950454 100644 #endif -- -1.8.1.2 +1.8.1.4 -From 0d76357d15402c418cf3345239462e30062a3245 Mon Sep 17 00:00:00 2001 +From b08ac626fbcf917bc219133d49c347d7d58eaae1 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 4 Sep 2012 11:55:13 -0400 -Subject: [PATCH 44/48] kexec: Disable in a secure boot environment +Subject: [PATCH 43/47] kexec: Disable in a secure boot environment kexec could be used as a vector for a malicious user to use a signed kernel to circumvent the secure boot trust model. In the long run we'll want to @@ -5617,10 +5618,10 @@ Signed-off-by: Matthew Garrett 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/kexec.c b/kernel/kexec.c -index bddd3d7..cbdb930 100644 +index 59f7b55..8bf1336 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -946,7 +946,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, +@@ -939,7 +939,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, int result; /* We only trust the superuser with rebooting the system. */ @@ -5630,13 +5631,13 @@ index bddd3d7..cbdb930 100644 /* -- -1.8.1.2 +1.8.1.4 -From 8ef1f60c8c529785450ee97365714c940d4f2d8e Mon Sep 17 00:00:00 2001 +From f0d9c2906c1145585882fb7eb167e47e998c2e24 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Fri, 5 Oct 2012 10:12:48 -0400 -Subject: [PATCH 45/48] MODSIGN: Always enforce module signing in a Secure Boot +Subject: [PATCH 44/47] MODSIGN: Always enforce module signing in a Secure Boot environment If a machine is booted into a Secure Boot environment, we need to @@ -5692,13 +5693,13 @@ index 0925c9a..af4a476 100644 static int param_set_bool_enable_only(const char *val, const struct kernel_param *kp) -- -1.8.1.2 +1.8.1.4 -From b1e2ed158dd5ba3e18a9542802bdeb9d762f0656 Mon Sep 17 00:00:00 2001 +From 1c6bfec7db39e46eeb456fb84e3153281690bbe0 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Fri, 26 Oct 2012 14:02:09 -0400 -Subject: [PATCH 46/48] hibernate: Disable in a Secure Boot environment +Subject: [PATCH 45/47] hibernate: Disable in a Secure Boot environment There is currently no way to verify the resume image when returning from hibernate. This might compromise the secure boot trust model, @@ -5806,13 +5807,13 @@ index 4ed81e7..b11a0f4 100644 if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { -- -1.8.1.2 +1.8.1.4 -From 4c086b0bca62d3028dfd4faf6e6852ce59788333 Mon Sep 17 00:00:00 2001 +From 07cda990d2f18774522889ece30bddf67c703157 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 5 Feb 2013 19:25:05 -0500 -Subject: [PATCH 47/48] efi: Disable secure boot if shim is in insecure mode +Subject: [PATCH 46/47] efi: Disable secure boot if shim is in insecure mode A user can manually tell the shim boot loader to disable validation of images it loads. When a user does this, it creates a UEFI variable called @@ -5826,10 +5827,10 @@ Signed-off-by: Josh Boyer 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 96d859d..c9ffd2f 100644 +index 0998ec7..4945ee5 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -863,8 +863,9 @@ fail: +@@ -908,8 +908,9 @@ fail: static int get_secure_boot(efi_system_table_t *_table) { @@ -5840,7 +5841,7 @@ index 96d859d..c9ffd2f 100644 efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; efi_status_t status; -@@ -888,6 +889,23 @@ static int get_secure_boot(efi_system_table_t *_table) +@@ -933,6 +934,23 @@ static int get_secure_boot(efi_system_table_t *_table) if (setup == 1) return 0; @@ -5865,13 +5866,13 @@ index 96d859d..c9ffd2f 100644 } -- -1.8.1.2 +1.8.1.4 -From 8225ade084c6137223579c69f17677fdd994940c Mon Sep 17 00:00:00 2001 +From e61066577405c37c2758f9b7fb2694967bdbe921 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 8 Feb 2013 11:12:13 -0800 -Subject: [PATCH 48/48] x86: Lock down MSR writing in secure boot +Subject: [PATCH 47/47] x86: Lock down MSR writing in secure boot Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is set since it could lead to execution of arbitrary code in kernel mode. @@ -5907,5 +5908,5 @@ index ce13049..fa4dc6c 100644 err = -EFAULT; break; -- -1.8.1.2 +1.8.1.4 diff --git a/forcedeth-dma-error-check.patch b/forcedeth-dma-error-check.patch deleted file mode 100644 index 0baee2a61..000000000 --- a/forcedeth-dma-error-check.patch +++ /dev/null @@ -1,132 +0,0 @@ -This backtrace was recently reported on a 3.9 kernel: - -Actual results: from syslog /var/log/messsages: -kernel: [17539.340285] ------------[ cut here ]------------ -kernel: [17539.341012] WARNING: at lib/dma-debug.c:937 check_unmap+0x493/0x960() -kernel: [17539.341012] Hardware name: MS-7125 -kernel: [17539.341012] forcedeth 0000:00:0a.0: DMA-API: device driver failed to -check map error[device address=0x0000000013c88000] [size=544 bytes] [mapped as -page] -kernel: [17539.341012] Modules linked in: fuse ebtable_nat ipt_MASQUERADE -nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_nat nf_nat_ipv6 -ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat -nf_nat_ipv4 nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack -nf_conntrack bnep bluetooth rfkill ebtable_filter ebtables ip6table_filter -ip6_tables snd_hda_codec_hdmi snd_cmipci snd_mpu401_uart snd_hda_intel -snd_intel8x0 snd_opl3_lib snd_ac97_codec gameport snd_hda_codec snd_rawmidi -ac97_bus snd_hwdep snd_seq snd_seq_device snd_pcm snd_page_alloc snd_timer snd -k8temp soundcore serio_raw i2c_nforce2 forcedeth ata_generic pata_acpi nouveau -video mxm_wmi wmi i2c_algo_bit drm_kms_helper ttm drm i2c_core sata_sil pata_amd -sata_nv uinput -kernel: [17539.341012] Pid: 17340, comm: sshd Not tainted -3.9.0-0.rc4.git0.1.fc19.i686.PAE #1 -kernel: [17539.341012] Call Trace: -kernel: [17539.341012] [] warn_slowpath_common+0x6c/0xa0 -kernel: [17539.341012] [] ? check_unmap+0x493/0x960 -kernel: [17539.341012] [] ? check_unmap+0x493/0x960 -kernel: [17539.341012] [] warn_slowpath_fmt+0x33/0x40 -kernel: [17539.341012] [] check_unmap+0x493/0x960 -kernel: [17539.341012] [] ? sched_clock_cpu+0xdf/0x150 -kernel: [17539.341012] [] debug_dma_unmap_page+0x67/0x70 -kernel: [17539.341012] [] nv_unmap_txskb.isra.32+0x92/0x100 - -Its pretty plainly the result of an skb fragment getting unmapped without having -its initial mapping operation checked for errors. This patch corrects that. - -Signed-off-by: Neil Horman -CC: "David S. Miller" ---- - drivers/net/ethernet/nvidia/forcedeth.c | 41 ++++++++++++++++++++++++++++++++- - 1 file changed, 40 insertions(+), 1 deletion(-) - -diff --git a/drivers/net/ethernet/nvidia/forcedeth.c b/drivers/net/ethernet/nvidia/forcedeth.c -index b62262c..5ae1247 100644 ---- a/drivers/net/ethernet/nvidia/forcedeth.c -+++ b/drivers/net/ethernet/nvidia/forcedeth.c -@@ -2200,6 +2200,7 @@ static netdev_tx_t nv_start_xmit(struct sk_buff *skb, struct net_device *dev) - struct ring_desc *start_tx; - struct ring_desc *prev_tx; - struct nv_skb_map *prev_tx_ctx; -+ struct nv_skb_map *tmp_tx_ctx = NULL, *start_tx_ctx = NULL; - unsigned long flags; - - /* add fragments to entries count */ -@@ -2261,12 +2262,31 @@ static netdev_tx_t nv_start_xmit(struct sk_buff *skb, struct net_device *dev) - do { - prev_tx = put_tx; - prev_tx_ctx = np->put_tx_ctx; -+ if (!start_tx_ctx) -+ start_tx_ctx = tmp_tx_ctx = np->put_tx_ctx; -+ - bcnt = (frag_size > NV_TX2_TSO_MAX_SIZE) ? NV_TX2_TSO_MAX_SIZE : frag_size; - np->put_tx_ctx->dma = skb_frag_dma_map( - &np->pci_dev->dev, - frag, offset, - bcnt, - DMA_TO_DEVICE); -+ if (dma_mapping_error(&np->pci_dev->dev, np->put_tx_ctx->dma)) { -+ -+ /* Unwind the mapped fragments */ -+ do { -+ nv_unmap_txskb(np, start_tx_ctx); -+ if (unlikely(tmp_tx_ctx++ == np->last_tx_ctx)) -+ tmp_tx_ctx = np->first_tx_ctx; -+ } while (tmp_tx_ctx != np->put_tx_ctx); -+ kfree_skb(skb); -+ np->put_tx_ctx = start_tx_ctx; -+ u64_stats_update_begin(&np->swstats_tx_syncp); -+ np->stat_tx_dropped++; -+ u64_stats_update_end(&np->swstats_tx_syncp); -+ return NETDEV_TX_OK; -+ } -+ - np->put_tx_ctx->dma_len = bcnt; - np->put_tx_ctx->dma_single = 0; - put_tx->buf = cpu_to_le32(np->put_tx_ctx->dma); -@@ -2327,7 +2347,8 @@ static netdev_tx_t nv_start_xmit_optimized(struct sk_buff *skb, - struct ring_desc_ex *start_tx; - struct ring_desc_ex *prev_tx; - struct nv_skb_map *prev_tx_ctx; -- struct nv_skb_map *start_tx_ctx; -+ struct nv_skb_map *start_tx_ctx = NULL; -+ struct nv_skb_map *tmp_tx_ctx = NULL; - unsigned long flags; - - /* add fragments to entries count */ -@@ -2392,11 +2413,29 @@ static netdev_tx_t nv_start_xmit_optimized(struct sk_buff *skb, - prev_tx = put_tx; - prev_tx_ctx = np->put_tx_ctx; - bcnt = (frag_size > NV_TX2_TSO_MAX_SIZE) ? NV_TX2_TSO_MAX_SIZE : frag_size; -+ if (!start_tx_ctx) -+ start_tx_ctx = tmp_tx_ctx = np->put_tx_ctx; - np->put_tx_ctx->dma = skb_frag_dma_map( - &np->pci_dev->dev, - frag, offset, - bcnt, - DMA_TO_DEVICE); -+ -+ if (dma_mapping_error(&np->pci_dev->dev, np->put_tx_ctx->dma)) { -+ -+ /* Unwind the mapped fragments */ -+ do { -+ nv_unmap_txskb(np, start_tx_ctx); -+ if (unlikely(tmp_tx_ctx++ == np->last_tx_ctx)) -+ tmp_tx_ctx = np->first_tx_ctx; -+ } while (tmp_tx_ctx != np->put_tx_ctx); -+ kfree_skb(skb); -+ np->put_tx_ctx = start_tx_ctx; -+ u64_stats_update_begin(&np->swstats_tx_syncp); -+ np->stat_tx_dropped++; -+ u64_stats_update_end(&np->swstats_tx_syncp); -+ return NETDEV_TX_OK; -+ } - np->put_tx_ctx->dma_len = bcnt; - np->put_tx_ctx->dma_single = 0; - put_tx->bufhigh = cpu_to_le32(dma_high(np->put_tx_ctx->dma)); --- -1.7.11.7 - --- -To unsubscribe from this list: send the line "unsubscribe netdev" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html \ No newline at end of file diff --git a/iwlwifi-fix-freeing-uninitialized-pointer.patch b/iwlwifi-fix-freeing-uninitialized-pointer.patch deleted file mode 100644 index 90e6b6f64..000000000 --- a/iwlwifi-fix-freeing-uninitialized-pointer.patch +++ /dev/null @@ -1,51 +0,0 @@ -If on iwl_dump_nic_event_log() error occurs before that function -initialize buf, we process uninitiated pointer in -iwl_dbgfs_log_event_read() and can hit "BUG at mm/slub.c:3409" - -Resolves: -https://bugzilla.redhat.com/show_bug.cgi?id=951241 - -Reported-by: ian.odette@eprize.com -Cc: stable@vger.kernel.org -Signed-off-by: Stanislaw Gruszka ---- -Patch is only compile tested, but I'm sure it fixes the problem. - - drivers/net/wireless/iwlwifi/dvm/debugfs.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -index 7b8178b..cb6dd58 100644 ---- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c -+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -@@ -2237,15 +2237,15 @@ static ssize_t iwl_dbgfs_log_event_read(struct file *file, - size_t count, loff_t *ppos) - { - struct iwl_priv *priv = file->private_data; -- char *buf; -- int pos = 0; -- ssize_t ret = -ENOMEM; -+ char *buf = NULL; -+ ssize_t ret; - -- ret = pos = iwl_dump_nic_event_log(priv, true, &buf, true); -- if (buf) { -- ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos); -- kfree(buf); -- } -+ ret = iwl_dump_nic_event_log(priv, true, &buf, true); -+ if (ret < 0) -+ goto err; -+ ret = simple_read_from_buffer(user_buf, count, ppos, buf, ret); -+err: -+ kfree(buf); - return ret; - } - --- -1.7.11.7 - --- -To unsubscribe from this list: send the line "unsubscribe linux-wireless" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html \ No newline at end of file diff --git a/kernel.spec b/kernel.spec index 674ee05f3..3fc851dce 100644 --- a/kernel.spec +++ b/kernel.spec @@ -95,7 +95,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 10 +%define gitrev 11 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -728,10 +728,6 @@ Patch21247: ath9k_rx_dma_stop_check.patch #rhbz 903192 Patch21261: 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch -#rhbz 856863 892599 -Patch21273: cfg80211-mac80211-disconnect-on-suspend.patch -Patch21274: mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch - #rhbz 859282 Patch21275: VMX-x86-handle-host-TSC-calibration-failure.patch @@ -743,15 +739,6 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch #rhbz 927469 Patch23006: fix-child-thread-introspection.patch -#rhbz 928024 -Patch23008: forcedeth-dma-error-check.patch - -#rhbz 919176 -Patch25010: wireless-regulatory-fix-channel-disabling-race-condition.patch - -#rhbz 951241 -Patch25011: iwlwifi-fix-freeing-uninitialized-pointer.patch - Patch25014: blkcg-fix-scheduling-while-atomic-in-blk_queue_bypass_start.patch # END OF PATCH DEFINITIONS @@ -1436,25 +1423,12 @@ ApplyPatch ath9k_rx_dma_stop_check.patch #rhbz 903192 ApplyPatch 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch -#rhbz 856863 892599 -ApplyPatch cfg80211-mac80211-disconnect-on-suspend.patch -ApplyPatch mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch - #rhbz 859282 ApplyPatch VMX-x86-handle-host-TSC-calibration-failure.patch #rhbz 927469 ApplyPatch fix-child-thread-introspection.patch -#rhbz 928024 -ApplyPatch forcedeth-dma-error-check.patch - -#rhbz 919176 -ApplyPatch wireless-regulatory-fix-channel-disabling-race-condition.patch - -#rhbz 951241 -ApplyPatch iwlwifi-fix-freeing-uninitialized-pointer.patch - ApplyPatch blkcg-fix-scheduling-while-atomic-in-blk_queue_bypass_start.patch # END OF PATCH APPLICATIONS @@ -2290,6 +2264,9 @@ fi # ||----w | # || || %changelog +* Thu May 02 2013 Josh Boyer - 3.10.0-0.rc0.git11.1 +- Linux v3.9-7391-g20b4fb4 + * Wed May 01 2013 Josh Boyer - 3.10.0-0.rc0.git10.1 - Linux v3.9-5308-g8a72f38 diff --git a/mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch b/mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch deleted file mode 100644 index 7d49d9834..000000000 --- a/mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch +++ /dev/null @@ -1,73 +0,0 @@ -diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index baaa860..7a3d675 100644 ---- a/net/mac80211/iface.c -+++ b/net/mac80211/iface.c -@@ -748,8 +748,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, - sdata->dev->addr_len); - spin_unlock_bh(&local->filter_lock); - netif_addr_unlock_bh(sdata->dev); -- -- ieee80211_configure_filter(local); -+ /* configure filter latter (if not suspended) */ - } - - del_timer_sync(&local->dynamic_ps_timer); -@@ -814,10 +813,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, - } - - ieee80211_adjust_monitor_flags(sdata, -1); -- ieee80211_configure_filter(local); -- mutex_lock(&local->mtx); -- ieee80211_recalc_idle(local); -- mutex_unlock(&local->mtx); -+ /* tell driver latter (if not suspended) */ - break; - case NL80211_IFTYPE_P2P_DEVICE: - /* relies on synchronize_rcu() below */ -@@ -848,28 +844,31 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, - - drv_remove_interface_debugfs(local, sdata); - -- if (going_down) -+ if (going_down && !local->suspended) - drv_remove_interface(local, sdata); - } - - sdata->bss = NULL; - -- ieee80211_recalc_ps(local, -1); -- -- if (local->open_count == 0) { -- if (local->ops->napi_poll) -- napi_disable(&local->napi); -- ieee80211_clear_tx_pending(local); -- ieee80211_stop_device(local); -- -- /* no reconfiguring after stop! */ -- hw_reconf_flags = 0; -+ if (!local->suspended) { -+ if (local->open_count == 0) { -+ if (local->ops->napi_poll) -+ napi_disable(&local->napi); -+ ieee80211_clear_tx_pending(local); -+ ieee80211_stop_device(local); -+ } else { -+ ieee80211_configure_filter(local); -+ ieee80211_recalc_ps(local, -1); -+ -+ mutex_lock(&local->mtx); -+ ieee80211_recalc_idle(local); -+ mutex_unlock(&local->mtx); -+ -+ if (hw_reconf_flags) -+ ieee80211_hw_config(local, hw_reconf_flags); -+ } - } - -- /* do after stop to avoid reconfiguring when we stop anyway */ -- if (hw_reconf_flags) -- ieee80211_hw_config(local, hw_reconf_flags); -- - spin_lock_irqsave(&local->queue_stop_reason_lock, flags); - for (i = 0; i < IEEE80211_MAX_QUEUES; i++) { - skb_queue_walk_safe(&local->pending[i], skb, tmp) { diff --git a/sources b/sources index 1bea5d4c5..1d915f779 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz -1a396dd43ce26c6d811b5b474626be9a patch-3.9-git10.xz +a79517eb8c6db4d0080bff9f4140ba8d patch-3.9-git11.xz diff --git a/wireless-regulatory-fix-channel-disabling-race-condition.patch b/wireless-regulatory-fix-channel-disabling-race-condition.patch deleted file mode 100644 index 313735377..000000000 --- a/wireless-regulatory-fix-channel-disabling-race-condition.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Johannes Berg - -When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz -part of the scan disables a 5.2 GHz channel due to, e.g. receiving -country or frequency information, that 5.2 GHz channel might already -be in the list of channels to scan next. Then, when the driver checks -if it should do a passive scan, that will return false and attempt an -active scan. This is not only wrong but can also lead to the iwlwifi -device firmware crashing since it checks regulatory as well. - -Fix this by not setting the channel flags to just disabled but rather -OR'ing in the disabled flag. That way, even if the race happens, the -channel will be scanned passively which is still (mostly) correct. - -Cc: stable@vger.kernel.org -Signed-off-by: Johannes Berg ---- - net/wireless/reg.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/net/wireless/reg.c b/net/wireless/reg.c -index 93ab840..507c28e 100644 ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy, - return; - - REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); -- chan->flags = IEEE80211_CHAN_DISABLED; -+ chan->flags |= IEEE80211_CHAN_DISABLED; - return; - } - --- -1.8.0 - --- -To unsubscribe from this list: send the line "unsubscribe linux-wireless" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html \ No newline at end of file