Linux v3.17.2
This commit is contained in:
parent
0c45118133
commit
0f09adff3f
|
@ -1,138 +0,0 @@
|
|||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1021036
|
||||
Upstream-status: Send upstream for 3.17
|
||||
|
||||
From 0ad19912cb324f0a356a212433ec0b2a31f61acc Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 20 Jun 2014 10:29:16 +0200
|
||||
Subject: [PATCH] ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling
|
||||
|
||||
It seems that the same problems which lead to adding an rfkill blacklist and
|
||||
putting the Lenovo Yoga 2 11 on it are also present on the Lenovo Yoga 2 13
|
||||
and Lenovo Yoga 2 Pro too:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1021036
|
||||
https://forums.lenovo.com/t5/Linux-Discussion/Yoga-2-13-not-Pro-Linux-Warning/m-p/1517612
|
||||
|
||||
Testing has shown that the firmware rfkill settings are persistent over
|
||||
reboots. So blacklisting the driver is not good enough, if the wifi is blocked
|
||||
at the firmware level the wifi needs to be explictly unblocked through the
|
||||
ideapad-laptop interface.
|
||||
|
||||
And at least on the Lenovo Yoga 2 13 the VPCCMD_RF register which on devices
|
||||
with hardware kill switch reports the hardware switch state, needs to be
|
||||
explictly set to 1 (radio enabled / not blocked).
|
||||
|
||||
So this patch does 3 things to get proper rfkill handling on these models:
|
||||
|
||||
1) Instead of blacklisting the rfkill functionality, which means that people
|
||||
with a firmware blocked wifi get stuck in that situation, ignore the value
|
||||
reported by the not present hardware rfkill switch, as this is what is causing
|
||||
ideapad-laptop to wrongly report all radios as hardware blocks. But do register
|
||||
the rfkill interfaces so that the user can soft [un]block them.
|
||||
|
||||
2) On models without a hardware rfkill switch, explictly set VPCCMD_RF to 1
|
||||
|
||||
3) Drop the " 11" postfix from the dmi match string, as the entire Yoga 2
|
||||
series is affected.
|
||||
|
||||
Yoga 2 11:
|
||||
Reported-and-tested-by: Vincent Gerris <vgerris@gmail.com>
|
||||
|
||||
Yoga 2 13:
|
||||
Tested-by: madls05 <http://ubuntuforums.org/showthread.php?t=2215044>
|
||||
|
||||
Yoga 2 Pro:
|
||||
Reported-and-tested-by: Peter F. Patel-Schneider <pfpschneider@gmail.com>
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/ideapad-laptop.c | 41 +++++++++++++++++++++++------------
|
||||
1 file changed, 27 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
|
||||
index b4c495a..b0e3a2e 100644
|
||||
--- a/drivers/platform/x86/ideapad-laptop.c
|
||||
+++ b/drivers/platform/x86/ideapad-laptop.c
|
||||
@@ -87,6 +87,7 @@ struct ideapad_private {
|
||||
struct backlight_device *blightdev;
|
||||
struct dentry *debug;
|
||||
unsigned long cfg;
|
||||
+ bool has_hw_rfkill_switch;
|
||||
};
|
||||
|
||||
static bool no_bt_rfkill;
|
||||
@@ -473,12 +474,14 @@ static struct rfkill_ops ideapad_rfk_ops = {
|
||||
|
||||
static void ideapad_sync_rfk_state(struct ideapad_private *priv)
|
||||
{
|
||||
- unsigned long hw_blocked;
|
||||
+ unsigned long hw_blocked = 0;
|
||||
int i;
|
||||
|
||||
- if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
|
||||
- return;
|
||||
- hw_blocked = !hw_blocked;
|
||||
+ if (priv->has_hw_rfkill_switch) {
|
||||
+ if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
|
||||
+ return;
|
||||
+ hw_blocked = !hw_blocked;
|
||||
+ }
|
||||
|
||||
for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
|
||||
if (priv->rfk[i])
|
||||
@@ -821,14 +824,17 @@ static void ideapad_acpi_notify(acpi_handle handle, u32 event, void *data)
|
||||
}
|
||||
}
|
||||
|
||||
-/* Blacklist for devices where the ideapad rfkill interface does not work */
|
||||
-static struct dmi_system_id rfkill_blacklist[] = {
|
||||
- /* The Lenovo Yoga 2 11 always reports everything as blocked */
|
||||
+/*
|
||||
+ * Some ideapads don't have a hardware rfkill switch, reading VPCCMD_R_RF
|
||||
+ * always results in 0 on these models, causing ideapad_laptop to wrongly
|
||||
+ * report all radios as hardware-blocked.
|
||||
+ */
|
||||
+static struct dmi_system_id no_hw_rfkill_list[] = {
|
||||
{
|
||||
- .ident = "Lenovo Yoga 2 11",
|
||||
+ .ident = "Lenovo Yoga 2 11 / 13 / Pro",
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
- DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2 11"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2"),
|
||||
},
|
||||
},
|
||||
{}
|
||||
@@ -856,6 +862,7 @@ static int ideapad_acpi_add(struct platform_device *pdev)
|
||||
priv->cfg = cfg;
|
||||
priv->adev = adev;
|
||||
priv->platform_device = pdev;
|
||||
+ priv->has_hw_rfkill_switch = !dmi_check_system(no_hw_rfkill_list);
|
||||
|
||||
ret = ideapad_sysfs_init(priv);
|
||||
if (ret)
|
||||
@@ -869,11 +876,17 @@ static int ideapad_acpi_add(struct platform_device *pdev)
|
||||
if (ret)
|
||||
goto input_failed;
|
||||
|
||||
- if (!dmi_check_system(rfkill_blacklist)) {
|
||||
- for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
|
||||
- if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
|
||||
- ideapad_register_rfkill(priv, i);
|
||||
- }
|
||||
+ /*
|
||||
+ * On some models without a hw-switch (the yoga 2 13 at least)
|
||||
+ * VPCCMD_W_RF must be explicitly set to 1 for the wifi to work.
|
||||
+ */
|
||||
+ if (!priv->has_hw_rfkill_switch)
|
||||
+ write_ec_cmd(priv->adev->handle, VPCCMD_W_RF, 1);
|
||||
+
|
||||
+ for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
|
||||
+ if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
|
||||
+ ideapad_register_rfkill(priv, i);
|
||||
+
|
||||
ideapad_sync_rfk_state(priv);
|
||||
ideapad_sync_touchpad_state(priv);
|
||||
|
||||
--
|
||||
2.0.0
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
Disable it if any such restrictions have been enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/acpi/custom_method.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
||||
index c68e72414a67..4277938af700 100644
|
||||
--- a/drivers/acpi/custom_method.c
|
||||
+++ b/drivers/acpi/custom_method.c
|
||||
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||
struct acpi_table_header table;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Thu, 3 May 2012 20:27:11 +0100
|
||||
Subject: [PATCH] ARM: tegra: usb no reset
|
||||
|
||||
Patch for disconnect issues with storage attached to a
|
||||
tegra-ehci controller
|
||||
---
|
||||
drivers/usb/core/hub.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
|
||||
index dc849154f9de..88647f158ed2 100644
|
||||
--- a/drivers/usb/core/hub.c
|
||||
+++ b/drivers/usb/core/hub.c
|
||||
@@ -5038,6 +5038,13 @@ static void hub_events(void)
|
||||
(u16) hub->change_bits[0],
|
||||
(u16) hub->event_bits[0]);
|
||||
|
||||
+ /* Don't disconnect USB-SATA on TrimSlice */
|
||||
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
|
||||
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
|
||||
+ (hub->event_bits[0] == 0x2))
|
||||
+ hub->event_bits[0] = 0;
|
||||
+ }
|
||||
+
|
||||
/* Lock the device, then check to see if we were
|
||||
* disconnected while waiting for the lock to succeed. */
|
||||
usb_lock_device(hdev);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||
Subject: [PATCH] Add EFI signature data types
|
||||
|
||||
Add the data types that are used for containing hashes, keys and certificates
|
||||
for cryptographic verification.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
include/linux/efi.h | 20 ++++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index ebe6a24cc1e1..5ce40e215f15 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -581,6 +581,12 @@ void efi_native_runtime_setup(void);
|
||||
#define DEVICE_TREE_GUID \
|
||||
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
|
||||
|
||||
+#define EFI_CERT_SHA256_GUID \
|
||||
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
|
||||
+
|
||||
+#define EFI_CERT_X509_GUID \
|
||||
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
@@ -796,6 +802,20 @@ typedef struct _efi_file_io_interface {
|
||||
|
||||
#define EFI_INVALID_TABLE_ADDR (~0UL)
|
||||
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_owner;
|
||||
+ u8 signature_data[];
|
||||
+} efi_signature_data_t;
|
||||
+
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_type;
|
||||
+ u32 signature_list_size;
|
||||
+ u32 signature_header_size;
|
||||
+ u32 signature_size;
|
||||
+ u8 signature_header[];
|
||||
+ /* efi_signature_data_t signatures[][] */
|
||||
+} efi_signature_list_t;
|
||||
+
|
||||
/*
|
||||
* All runtime access to EFI goes through this structure:
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,178 @@
|
|||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH] Add an EFI signature blob parser and key loader.
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
crypto/asymmetric_keys/Kconfig | 8 +++
|
||||
crypto/asymmetric_keys/Makefile | 1 +
|
||||
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
|
||||
include/linux/efi.h | 4 ++
|
||||
4 files changed, 122 insertions(+)
|
||||
create mode 100644 crypto/asymmetric_keys/efi_parser.c
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
|
||||
index 4870f28403f5..4a1b50d73b80 100644
|
||||
--- a/crypto/asymmetric_keys/Kconfig
|
||||
+++ b/crypto/asymmetric_keys/Kconfig
|
||||
@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION
|
||||
This option provides support for verifying the signature(s) on a
|
||||
signed PE binary.
|
||||
|
||||
+config EFI_SIGNATURE_LIST_PARSER
|
||||
+ bool "EFI signature list parser"
|
||||
+ depends on EFI
|
||||
+ select X509_CERTIFICATE_PARSER
|
||||
+ help
|
||||
+ This option provides support for parsing EFI signature lists for
|
||||
+ X.509 certificates and turning them into keys.
|
||||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index e47fcd9ac5e8..6512f6596785 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
|
||||
|
||||
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
|
||||
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
|
||||
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
|
||||
|
||||
#
|
||||
# X.509 Certificate handling
|
||||
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
|
||||
new file mode 100644
|
||||
index 000000000000..424896a0b169
|
||||
--- /dev/null
|
||||
+++ b/crypto/asymmetric_keys/efi_parser.c
|
||||
@@ -0,0 +1,109 @@
|
||||
+/* EFI signature/key/certificate list parser
|
||||
+ *
|
||||
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
||||
+ * Written by David Howells (dhowells@redhat.com)
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU General Public Licence
|
||||
+ * as published by the Free Software Foundation; either version
|
||||
+ * 2 of the Licence, or (at your option) any later version.
|
||||
+ */
|
||||
+
|
||||
+#define pr_fmt(fmt) "EFI: "fmt
|
||||
+#include <linux/module.h>
|
||||
+#include <linux/printk.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+
|
||||
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
|
||||
+
|
||||
+/**
|
||||
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
|
||||
+ * @data: The data blob to parse
|
||||
+ * @size: The size of the data blob
|
||||
+ * @keyring: The keyring to add extracted keys to
|
||||
+ */
|
||||
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
|
||||
+{
|
||||
+ unsigned offs = 0;
|
||||
+ size_t lsize, esize, hsize, elsize;
|
||||
+
|
||||
+ pr_devel("-->%s(,%zu)\n", __func__, size);
|
||||
+
|
||||
+ while (size > 0) {
|
||||
+ efi_signature_list_t list;
|
||||
+ const efi_signature_data_t *elem;
|
||||
+ key_ref_t key;
|
||||
+
|
||||
+ if (size < sizeof(list))
|
||||
+ return -EBADMSG;
|
||||
+
|
||||
+ memcpy(&list, data, sizeof(list));
|
||||
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
|
||||
+ offs,
|
||||
+ list.signature_type.b, list.signature_list_size,
|
||||
+ list.signature_header_size, list.signature_size);
|
||||
+
|
||||
+ lsize = list.signature_list_size;
|
||||
+ hsize = list.signature_header_size;
|
||||
+ esize = list.signature_size;
|
||||
+ elsize = lsize - sizeof(list) - hsize;
|
||||
+
|
||||
+ if (lsize > size) {
|
||||
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
|
||||
+ __func__, offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+ if (lsize < sizeof(list) ||
|
||||
+ lsize - sizeof(list) < hsize ||
|
||||
+ esize < sizeof(*elem) ||
|
||||
+ elsize < esize ||
|
||||
+ elsize % esize != 0) {
|
||||
+ pr_devel("- bad size combo @%x\n", offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+
|
||||
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
|
||||
+ data += lsize;
|
||||
+ size -= lsize;
|
||||
+ offs += lsize;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ data += sizeof(list) + hsize;
|
||||
+ size -= sizeof(list) + hsize;
|
||||
+ offs += sizeof(list) + hsize;
|
||||
+
|
||||
+ for (; elsize > 0; elsize -= esize) {
|
||||
+ elem = data;
|
||||
+
|
||||
+ pr_devel("ELEM[%04x]\n", offs);
|
||||
+
|
||||
+ key = key_create_or_update(
|
||||
+ make_key_ref(keyring, 1),
|
||||
+ "asymmetric",
|
||||
+ NULL,
|
||||
+ &elem->signature_data,
|
||||
+ esize - sizeof(*elem),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA |
|
||||
+ KEY_ALLOC_TRUSTED);
|
||||
+
|
||||
+ if (IS_ERR(key))
|
||||
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
|
||||
+ PTR_ERR(key));
|
||||
+ else
|
||||
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
|
||||
+ key_ref_to_ptr(key)->description,
|
||||
+ keyring->description);
|
||||
+
|
||||
+ data += esize;
|
||||
+ size -= esize;
|
||||
+ offs += esize;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 5ce40e215f15..41359e548bcb 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -906,6 +906,10 @@ extern bool efi_poweroff_required(void);
|
||||
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
|
||||
(md) = (void *)(md) + (m)->desc_size)
|
||||
|
||||
+struct key;
|
||||
+extern int __init parse_efi_signature_list(const void *data, size_t size,
|
||||
+ struct key *keyring);
|
||||
+
|
||||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
* @start: starting kvirt address
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,185 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
||||
Subject: [PATCH] Add option to automatically enforce module signatures when in
|
||||
Secure Boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
require that all kernel modules also be signed. Add a configuration option
|
||||
that enforces this automatically when enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
Documentation/x86/zero-page.txt | 2 ++
|
||||
arch/x86/Kconfig | 10 ++++++++++
|
||||
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
|
||||
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
|
||||
arch/x86/kernel/setup.c | 6 ++++++
|
||||
include/linux/module.h | 6 ++++++
|
||||
kernel/module.c | 7 +++++++
|
||||
7 files changed, 69 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||
index 199f453cb4de..ec38acf00b40 100644
|
||||
--- a/Documentation/x86/zero-page.txt
|
||||
+++ b/Documentation/x86/zero-page.txt
|
||||
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
|
||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||
(below)
|
||||
+1EB/001 ALL kbd_status Numlock is enabled
|
||||
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
|
||||
1EF/001 ALL sentinel Used to detect broken bootloaders
|
||||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||
2D0/A00 ALL e820_map E820 memory map table
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 36327438caf0..61542c282e70 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1566,6 +1566,16 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
+config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ def_bool n
|
||||
+ prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
+ ---help---
|
||||
+ UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
+ firmware will only load signed bootloaders and kernels. Certain
|
||||
+ use cases may also require that all kernel modules also be signed.
|
||||
+ Say Y here to automatically enable module signature enforcement
|
||||
+ when a system boots with UEFI Secure Boot enabled.
|
||||
+
|
||||
config SECCOMP
|
||||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index de8eebd6f67c..975d11bfaf5b 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <asm/efi.h>
|
||||
#include <asm/setup.h>
|
||||
#include <asm/desc.h>
|
||||
+#include <asm/bootparam_utils.h>
|
||||
|
||||
#undef memcpy /* Use memcpy from misc.c */
|
||||
|
||||
@@ -814,6 +815,37 @@ out:
|
||||
return status;
|
||||
}
|
||||
|
||||
+static int get_secure_boot(void)
|
||||
+{
|
||||
+ u8 sb, setup;
|
||||
+ unsigned long datasize = sizeof(sb);
|
||||
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
+ efi_status_t status;
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (sb == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SetupMode", &var_guid, NULL, &datasize,
|
||||
+ &setup);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (setup == 1)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*
|
||||
* See if we have Graphics Output Protocol
|
||||
*/
|
||||
@@ -1389,6 +1421,10 @@ struct boot_params *efi_main(struct efi_config *c,
|
||||
else
|
||||
setup_boot_services32(efi_early);
|
||||
|
||||
+ sanitize_boot_params(boot_params);
|
||||
+
|
||||
+ boot_params->secure_boot = get_secure_boot();
|
||||
+
|
||||
setup_graphics(boot_params);
|
||||
|
||||
setup_efi_pci(boot_params);
|
||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
||||
index 225b0988043a..90dbfb73e11f 100644
|
||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
||||
@@ -133,7 +133,8 @@ struct boot_params {
|
||||
__u8 eddbuf_entries; /* 0x1e9 */
|
||||
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
|
||||
__u8 kbd_status; /* 0x1eb */
|
||||
- __u8 _pad5[3]; /* 0x1ec */
|
||||
+ __u8 secure_boot; /* 0x1ec */
|
||||
+ __u8 _pad5[2]; /* 0x1ed */
|
||||
/*
|
||||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
||||
*
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 41ead8d3bc0b..5a5cf7395724 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
io_delay_init();
|
||||
|
||||
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ if (boot_params.secure_boot) {
|
||||
+ enforce_signed_modules();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
||||
*/
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 341a73ecea2e..cca08ac450e2 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
|
||||
struct notifier_block;
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+extern void enforce_signed_modules(void);
|
||||
+#else
|
||||
+static inline void enforce_signed_modules(void) {};
|
||||
+#endif
|
||||
+
|
||||
#ifdef CONFIG_MODULES
|
||||
|
||||
extern int modules_disabled; /* for sysctl */
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 1f7b4664300e..866417ecc76a 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3843,6 +3843,13 @@ void module_layout(struct module *mod,
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+void enforce_signed_modules(void)
|
||||
+{
|
||||
+ sig_enforce = true;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
bool secure_modules(void)
|
||||
{
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
only modules signed with a trusted key.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
include/linux/module.h | 7 +++++++
|
||||
kernel/module.c | 10 ++++++++++
|
||||
2 files changed, 17 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 71f282a4e307..341a73ecea2e 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb);
|
||||
|
||||
extern void print_modules(void);
|
||||
|
||||
+extern bool secure_modules(void);
|
||||
+
|
||||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
/* Given an address, look for it in the exception tables. */
|
||||
@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
|
||||
static inline void print_modules(void)
|
||||
{
|
||||
}
|
||||
+
|
||||
+static inline bool secure_modules(void)
|
||||
+{
|
||||
+ return false;
|
||||
+}
|
||||
#endif /* CONFIG_MODULES */
|
||||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 03214bd288e9..1f7b4664300e 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3842,3 +3842,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
+
|
||||
+bool secure_modules(void)
|
||||
+{
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ return (sig_enforce || modules_disabled);
|
||||
+#else
|
||||
+ return modules_disabled;
|
||||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,11 +1,9 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
||||
From 29c1f71a2d0845a71ea2ebd2fb33542373dc52dd Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@redhat.com>
|
||||
Date: Fri, 30 Aug 2013 09:28:51 -0400
|
||||
Subject: [PATCH] Add sysrq option to disable secure boot mode
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
arch/x86/kernel/setup.c | 36 ++++++++++++++++++++++++++++++++++++
|
||||
drivers/input/misc/uinput.c | 1 +
|
||||
|
@ -17,7 +15,7 @@ Subject: [PATCH] Add sysrq option to disable secure boot mode
|
|||
7 files changed, 65 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index c773add..92c480c 100644
|
||||
index fb282ff6a802..d291d16ba257 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -70,6 +70,11 @@
|
||||
|
@ -32,7 +30,7 @@ index c773add..92c480c 100644
|
|||
#include <video/edid.h>
|
||||
|
||||
#include <asm/mtrr.h>
|
||||
@@ -1275,6 +1280,37 @@ void __init i386_reserve_resources(void)
|
||||
@@ -1268,6 +1273,37 @@ void __init i386_reserve_resources(void)
|
||||
|
||||
#endif /* CONFIG_X86_32 */
|
||||
|
||||
|
@ -71,10 +69,10 @@ index c773add..92c480c 100644
|
|||
.notifier_call = dump_kernel_offset
|
||||
};
|
||||
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
|
||||
index 7728359..a3e8ba8 100644
|
||||
index 421e29e4cd81..61c1eb97806c 100644
|
||||
--- a/drivers/input/misc/uinput.c
|
||||
+++ b/drivers/input/misc/uinput.c
|
||||
@@ -351,6 +351,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
if (!udev->dev)
|
||||
return -ENOMEM;
|
||||
|
||||
|
@ -83,10 +81,10 @@ index 7728359..a3e8ba8 100644
|
|||
input_set_drvdata(udev->dev, udev);
|
||||
|
||||
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
|
||||
index ce396ec..aee594a 100644
|
||||
index 42bad18c66c9..496e073b09d7 100644
|
||||
--- a/drivers/tty/sysrq.c
|
||||
+++ b/drivers/tty/sysrq.c
|
||||
@@ -462,6 +462,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
@@ -463,6 +463,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
&sysrq_showstate_blocked_op, /* w */
|
||||
/* x: May be registered on ppc/powerpc for xmon */
|
||||
/* x: May be registered on sparc64 for global PMU dump */
|
||||
|
@ -94,7 +92,7 @@ index ce396ec..aee594a 100644
|
|||
NULL, /* x */
|
||||
/* y: May be registered on sparc64 for global register dump */
|
||||
NULL, /* y */
|
||||
@@ -505,7 +506,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
@@ -506,7 +507,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
sysrq_key_table[i] = op_p;
|
||||
}
|
||||
|
||||
|
@ -103,7 +101,7 @@ index ce396ec..aee594a 100644
|
|||
{
|
||||
struct sysrq_key_op *op_p;
|
||||
int orig_log_level;
|
||||
@@ -525,11 +526,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -526,11 +527,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
|
||||
op_p = __sysrq_get_key_op(key);
|
||||
if (op_p) {
|
||||
|
@ -120,7 +118,7 @@ index ce396ec..aee594a 100644
|
|||
printk("%s\n", op_p->action_msg);
|
||||
console_loglevel = orig_log_level;
|
||||
op_p->handler(key);
|
||||
@@ -560,7 +565,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -562,7 +567,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
void handle_sysrq(int key)
|
||||
{
|
||||
if (sysrq_on())
|
||||
|
@ -129,7 +127,7 @@ index ce396ec..aee594a 100644
|
|||
}
|
||||
EXPORT_SYMBOL(handle_sysrq);
|
||||
|
||||
@@ -640,7 +645,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
@@ -642,7 +647,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
static void sysrq_handle_reset_request(struct sysrq_state *state)
|
||||
{
|
||||
if (state->reset_requested)
|
||||
|
@ -138,7 +136,7 @@ index ce396ec..aee594a 100644
|
|||
|
||||
if (sysrq_reset_downtime_ms)
|
||||
mod_timer(&state->keyreset_timer,
|
||||
@@ -791,8 +796,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
@@ -793,8 +798,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
|
||||
default:
|
||||
if (sysrq->active && value && value != 2) {
|
||||
|
@ -150,7 +148,7 @@ index ce396ec..aee594a 100644
|
|||
}
|
||||
break;
|
||||
}
|
||||
@@ -1080,7 +1087,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
@@ -1089,7 +1096,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
|
||||
if (get_user(c, buf))
|
||||
return -EFAULT;
|
||||
|
@ -160,7 +158,7 @@ index ce396ec..aee594a 100644
|
|||
|
||||
return count;
|
||||
diff --git a/include/linux/input.h b/include/linux/input.h
|
||||
index 82ce323..9e534f2 100644
|
||||
index 82ce323b9986..9e534f228945 100644
|
||||
--- a/include/linux/input.h
|
||||
+++ b/include/linux/input.h
|
||||
@@ -42,6 +42,7 @@ struct input_value {
|
||||
|
@ -190,7 +188,7 @@ index 82ce323..9e534f2 100644
|
|||
* Verify that we are in sync with input_device_id mod_devicetable.h #defines
|
||||
*/
|
||||
diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
|
||||
index 387fa7d..4b07e30 100644
|
||||
index 387fa7d05c98..4b07e30b3279 100644
|
||||
--- a/include/linux/sysrq.h
|
||||
+++ b/include/linux/sysrq.h
|
||||
@@ -28,6 +28,8 @@
|
||||
|
@ -217,7 +215,7 @@ index 387fa7d..4b07e30 100644
|
|||
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
|
||||
struct sysrq_key_op *__sysrq_get_key_op(int key);
|
||||
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
|
||||
index 0b097c8..18b400d 100644
|
||||
index 379650b984f8..070f29fefdc2 100644
|
||||
--- a/kernel/debug/kdb/kdb_main.c
|
||||
+++ b/kernel/debug/kdb/kdb_main.c
|
||||
@@ -1924,7 +1924,7 @@ static int kdb_sr(int argc, const char **argv)
|
||||
|
@ -230,10 +228,10 @@ index 0b097c8..18b400d 100644
|
|||
|
||||
return 0;
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 92b73b1..a44fb2a 100644
|
||||
index 866417ecc76a..d7ca95c5a349 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
|
||||
@@ -108,9 +108,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
|
||||
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
#ifdef CONFIG_MODULE_SIG_FORCE
|
||||
|
@ -246,5 +244,5 @@ index 92b73b1..a44fb2a 100644
|
|||
static int param_set_bool_enable_only(const char *val,
|
||||
const struct kernel_param *kp)
|
||||
--
|
||||
1.8.4.2
|
||||
1.9.3
|
||||
|
|
@ -1,76 +0,0 @@
|
|||
From 109571cf3ec78a39477eedd6b11927f52cbcb1e8 Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Duggan <aduggan@synaptics.com>
|
||||
Date: Fri, 11 Jul 2014 16:34:18 -0700
|
||||
Subject: [PATCH] HID: i2c-hid: call the hid driver's suspend and resume
|
||||
callbacks
|
||||
|
||||
Currently, the i2c-hid driver does not call the suspend, resume, and
|
||||
reset_resume callbacks in the hid_driver struct when those events occur.
|
||||
This means that HID drivers for i2c-hid devices will not be able to execute
|
||||
commands which may be needed during suspend or resume. One example is when a
|
||||
touchpad using the hid-multitouch driver gets reset by i2c-hid coming out of
|
||||
resume. Since the reset_resume callback never gets called the device is never
|
||||
put back into the correct input mode. This patch calls the suspend and resume
|
||||
callbacks and tries to duplicate the functionality of the usb-hid driver.
|
||||
|
||||
Bugzilla: 1143812
|
||||
Upstream-status: 3.17
|
||||
|
||||
Signed-off-by: Andrew Duggan <aduggan@synaptics.com>
|
||||
Signed-off-by: Vincent Huang <vincent.huang@tw.synaptics.com>
|
||||
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
||||
---
|
||||
drivers/hid/i2c-hid/i2c-hid.c | 15 ++++++++++++++-
|
||||
1 file changed, 14 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c
|
||||
index 21aafc8f48c8..747d54421e73 100644
|
||||
--- a/drivers/hid/i2c-hid/i2c-hid.c
|
||||
+++ b/drivers/hid/i2c-hid/i2c-hid.c
|
||||
@@ -1054,21 +1054,29 @@ static int i2c_hid_remove(struct i2c_client *client)
|
||||
static int i2c_hid_suspend(struct device *dev)
|
||||
{
|
||||
struct i2c_client *client = to_i2c_client(dev);
|
||||
+ struct i2c_hid *ihid = i2c_get_clientdata(client);
|
||||
+ struct hid_device *hid = ihid->hid;
|
||||
+ int ret = 0;
|
||||
|
||||
disable_irq(client->irq);
|
||||
if (device_may_wakeup(&client->dev))
|
||||
enable_irq_wake(client->irq);
|
||||
|
||||
+ if (hid->driver && hid->driver->suspend)
|
||||
+ ret = hid->driver->suspend(hid, PMSG_SUSPEND);
|
||||
+
|
||||
/* Save some power */
|
||||
i2c_hid_set_power(client, I2C_HID_PWR_SLEEP);
|
||||
|
||||
- return 0;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
static int i2c_hid_resume(struct device *dev)
|
||||
{
|
||||
int ret;
|
||||
struct i2c_client *client = to_i2c_client(dev);
|
||||
+ struct i2c_hid *ihid = i2c_get_clientdata(client);
|
||||
+ struct hid_device *hid = ihid->hid;
|
||||
|
||||
enable_irq(client->irq);
|
||||
ret = i2c_hid_hwreset(client);
|
||||
@@ -1078,6 +1086,11 @@ static int i2c_hid_resume(struct device *dev)
|
||||
if (device_may_wakeup(&client->dev))
|
||||
disable_irq_wake(client->irq);
|
||||
|
||||
+ if (hid->driver && hid->driver->reset_resume) {
|
||||
+ ret = hid->driver->reset_resume(hid);
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
--
|
||||
2.1.0
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Date: Wed, 3 Sep 2014 15:43:25 -0400
|
||||
Subject: [PATCH] HID: wacom: Add support for the Cintiq Companion
|
||||
|
||||
The Wacom Cintiq Companion shares the same sensor than the Cintiq
|
||||
Companion Hybrid, with the exception of the different PIDs.
|
||||
|
||||
Bugzilla: 1134969
|
||||
Upstream-status: Queued for 3.18
|
||||
|
||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
---
|
||||
drivers/hid/wacom_wac.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
|
||||
index aa6a08eb7ad6..c3cbbfb5811f 100644
|
||||
--- a/drivers/hid/wacom_wac.c
|
||||
+++ b/drivers/hid/wacom_wac.c
|
||||
@@ -2573,6 +2573,14 @@ static const struct wacom_features wacom_features_0x309 =
|
||||
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
|
||||
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10,
|
||||
.check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
|
||||
+static const struct wacom_features wacom_features_0x30A =
|
||||
+ { "Wacom ISDv5 30A", 59352, 33648, 2047, 63,
|
||||
+ CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
|
||||
+static const struct wacom_features wacom_features_0x30C =
|
||||
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30A, .touch_max = 10,
|
||||
+ .check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
|
||||
|
||||
#define USB_DEVICE_WACOM(prod) \
|
||||
HID_DEVICE(BUS_USB, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
|
||||
@@ -2708,6 +2716,8 @@ const struct hid_device_id wacom_ids[] = {
|
||||
{ USB_DEVICE_WACOM(0x304) },
|
||||
{ USB_DEVICE_WACOM(0x307) },
|
||||
{ USB_DEVICE_WACOM(0x309) },
|
||||
+ { USB_DEVICE_WACOM(0x30A) },
|
||||
+ { USB_DEVICE_WACOM(0x30C) },
|
||||
{ USB_DEVICE_WACOM(0x30E) },
|
||||
{ USB_DEVICE_WACOM(0x314) },
|
||||
{ USB_DEVICE_WACOM(0x315) },
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
From 2e34e3ea944701855624f77f976db48cd8cb3828 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
|
||||
Date: Tue, 2 Sep 2014 09:49:18 -0700
|
||||
Subject: [PATCH] Input: synaptics - gate forcepad support by DMI check
|
||||
|
@ -10,15 +9,15 @@ Cc: stable@vger.kernel.org
|
|||
Reported-by: Nicole Faerber <nicole.faerber@kernelconcepts.de>
|
||||
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
|
||||
---
|
||||
drivers/input/mouse/synaptics.c | 23 ++++++++++++++++++++++-
|
||||
drivers/input/mouse/synaptics.c | 22 +++++++++++++++++++++-
|
||||
drivers/input/mouse/synaptics.h | 8 ++------
|
||||
2 files changed, 24 insertions(+), 7 deletions(-)
|
||||
2 files changed, 23 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
|
||||
index a50a2a7a43f7..b08acfe23f2c 100644
|
||||
index 6394d9b5bfd3..9031a0a28ea4 100644
|
||||
--- a/drivers/input/mouse/synaptics.c
|
||||
+++ b/drivers/input/mouse/synaptics.c
|
||||
@@ -615,6 +615,8 @@ static void synaptics_parse_agm(const unsigned char buf[],
|
||||
@@ -607,6 +607,8 @@ static void synaptics_parse_agm(const unsigned char buf[],
|
||||
priv->agm_pending = true;
|
||||
}
|
||||
|
||||
|
@ -27,7 +26,7 @@ index a50a2a7a43f7..b08acfe23f2c 100644
|
|||
static int synaptics_parse_hw_state(const unsigned char buf[],
|
||||
struct synaptics_data *priv,
|
||||
struct synaptics_hw_state *hw)
|
||||
@@ -644,7 +646,7 @@ static int synaptics_parse_hw_state(const unsigned char buf[],
|
||||
@@ -636,7 +638,7 @@ static int synaptics_parse_hw_state(const unsigned char buf[],
|
||||
hw->left = (buf[0] & 0x01) ? 1 : 0;
|
||||
hw->right = (buf[0] & 0x02) ? 1 : 0;
|
||||
|
||||
|
@ -36,7 +35,7 @@ index a50a2a7a43f7..b08acfe23f2c 100644
|
|||
/*
|
||||
* ForcePads, like Clickpads, use middle button
|
||||
* bits to report primary button clicks.
|
||||
@@ -1613,10 +1615,29 @@ static const struct dmi_system_id olpc_dmi_table[] __initconst = {
|
||||
@@ -1667,11 +1669,29 @@ static const struct dmi_system_id __initconst cr48_dmi_table[] = {
|
||||
{ }
|
||||
};
|
||||
|
||||
|
@ -51,12 +50,12 @@ index a50a2a7a43f7..b08acfe23f2c 100644
|
|||
+#endif
|
||||
+ { }
|
||||
+};
|
||||
+
|
||||
+
|
||||
void __init synaptics_module_init(void)
|
||||
{
|
||||
impaired_toshiba_kbc = dmi_check_system(toshiba_dmi_table);
|
||||
broken_olpc_ec = dmi_check_system(olpc_dmi_table);
|
||||
cr48_profile_sensor = dmi_check_system(cr48_dmi_table);
|
||||
+
|
||||
+ /*
|
||||
+ * Unfortunately ForcePad capability is not exported over PS/2,
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
From bdfffc320102278edac2db5a397ffbfd89faeab3 Mon Sep 17 00:00:00 2001
|
||||
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Date: Wed, 3 Sep 2014 15:43:25 -0400
|
||||
Subject: [PATCH] Input: wacom: Add support for the Cintiq Companion
|
||||
|
||||
The Wacom Cintiq Companion shares the same sensor than the Cintiq
|
||||
Companion Hybrid, with the exception of the different PIDs.
|
||||
|
||||
Bugzilla: 1134969
|
||||
Upstream-status: Queued for 3.18
|
||||
|
||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
---
|
||||
drivers/input/tablet/wacom_wac.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/tablet/wacom_wac.c b/drivers/input/tablet/wacom_wac.c
|
||||
index e73cf2c71f35..7f6caf8c85fb 100644
|
||||
--- a/drivers/input/tablet/wacom_wac.c
|
||||
+++ b/drivers/input/tablet/wacom_wac.c
|
||||
@@ -2332,6 +2332,13 @@ static const struct wacom_features wacom_features_0x0307 =
|
||||
static const struct wacom_features wacom_features_0x0309 =
|
||||
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
|
||||
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10 };
|
||||
+static const struct wacom_features wacom_features_0x030A =
|
||||
+ { "Wacom ISDv5 30A", WACOM_PKGLEN_INTUOS, 59352, 33648, 2047,
|
||||
+ 63, CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
|
||||
+static const struct wacom_features wacom_features_0x030C =
|
||||
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x030A, .touch_max = 10 };
|
||||
|
||||
#define USB_DEVICE_WACOM(prod) \
|
||||
USB_DEVICE(USB_VENDOR_ID_WACOM, prod), \
|
||||
@@ -2478,6 +2485,8 @@ const struct usb_device_id wacom_ids[] = {
|
||||
{ USB_DEVICE_WACOM(0xFA) },
|
||||
{ USB_DEVICE_WACOM(0xFB) },
|
||||
{ USB_DEVICE_WACOM(0x0307) },
|
||||
+ { USB_DEVICE_WACOM(0x030A) },
|
||||
+ { USB_DEVICE_DETAILED(0x030C, USB_CLASS_HID, 0, 0) },
|
||||
{ USB_DEVICE_DETAILED(0x0309, USB_CLASS_HID, 0, 0) },
|
||||
{ USB_DEVICE_LENOVO(0x6004) },
|
||||
{ }
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,111 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||
Subject: [PATCH] KEYS: Add a system blacklist keyring
|
||||
|
||||
This adds an additional keyring that is used to store certificates that
|
||||
are blacklisted. This keyring is searched first when loading signed modules
|
||||
and if the module's certificate is found, it will refuse to load. This is
|
||||
useful in cases where third party certificates are used for module signing.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/keys/system_keyring.h | 4 ++++
|
||||
init/Kconfig | 9 +++++++++
|
||||
kernel/module_signing.c | 12 ++++++++++++
|
||||
kernel/system_keyring.c | 17 +++++++++++++++++
|
||||
4 files changed, 42 insertions(+)
|
||||
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 72665eb80692..2c7b80d31366 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 80a6907f91c5..dfdd7f738247 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1723,6 +1723,15 @@ config SYSTEM_TRUSTED_KEYRING
|
||||
|
||||
Keys in this keyring are used by module signature checking.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
|
||||
index be5b8fac4bd0..fed815fcdaf2 100644
|
||||
--- a/kernel/module_signing.c
|
||||
+++ b/kernel/module_signing.c
|
||||
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
|
||||
|
||||
pr_debug("Look up: \"%s\"\n", id);
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
|
||||
+ &key_type_asymmetric, id);
|
||||
+ if (!IS_ERR(key)) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key '%s' is in blacklist\n", id);
|
||||
+ key_ref_put(key);
|
||||
+ kfree(id);
|
||||
+ return ERR_PTR(-EKEYREJECTED);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
|
||||
&key_type_asymmetric, id);
|
||||
if (IS_ERR(key))
|
||||
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
|
||||
index 875f64e8935b..c15e93f5a418 100644
|
||||
--- a/kernel/system_keyring.c
|
||||
+++ b/kernel/system_keyring.c
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
struct key *system_trusted_keyring;
|
||||
EXPORT_SYMBOL_GPL(system_trusted_keyring);
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
|
||||
extern __initconst const u8 system_certificate_list[];
|
||||
extern __initconst const unsigned long system_certificate_list_size;
|
||||
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
|
||||
panic("Can't allocate system trusted keyring\n");
|
||||
|
||||
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
|
||||
+
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
|
||||
+ KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
+ current_cred(),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW | KEY_USR_READ,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
|
||||
+ if (IS_ERR(system_blacklist_keyring))
|
||||
+ panic("Can't allocate system blacklist keyring\n");
|
||||
+
|
||||
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
|
||||
+#endif
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 16 Sep 2014 17:29:03 +0100
|
||||
Subject: [PATCH] KEYS: Reinstate EPERM for a key type name beginning with a
|
||||
'.'
|
||||
|
||||
Reinstate the generation of EPERM for a key type name beginning with a '.' in
|
||||
a userspace call. Types whose name begins with a '.' are internal only.
|
||||
|
||||
The test was removed by:
|
||||
|
||||
commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d
|
||||
Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
|
||||
Date: Thu May 22 14:02:23 2014 -0400
|
||||
Subject: KEYS: special dot prefixed keyring name bug fix
|
||||
|
||||
I think we want to keep the restriction on type name so that userspace can't
|
||||
add keys of a special internal type.
|
||||
|
||||
Note that removal of the test causes several of the tests in the keyutils
|
||||
testsuite to fail.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
Acked-by: Vivek Goyal <vgoyal@redhat.com>
|
||||
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
|
||||
---
|
||||
security/keys/keyctl.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
|
||||
index e26f860e5f2e..eff88a5f5d40 100644
|
||||
--- a/security/keys/keyctl.c
|
||||
+++ b/security/keys/keyctl.c
|
||||
@@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type,
|
||||
return ret;
|
||||
if (ret == 0 || ret >= len)
|
||||
return -EINVAL;
|
||||
+ if (type[0] == '.')
|
||||
+ return -EPERM;
|
||||
type[len - 1] = '\0';
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Fri, 24 Oct 2014 17:07:21 +0200
|
||||
Subject: [PATCH] KVM: emulate: avoid accessing NULL ctxt->memopp
|
||||
|
||||
A failure to decode the instruction can cause a NULL pointer access.
|
||||
This is fixed simply by moving the "done" label as close as possible
|
||||
to the return.
|
||||
|
||||
This fixes CVE-2014-8481.
|
||||
|
||||
Reported-by: Andy Lutomirski <luto@amacapital.net>
|
||||
Cc: stable@vger.kernel.org
|
||||
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
|
||||
index a0a04090d2ff..5669ed12f9ee 100644
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -4565,10 +4565,10 @@ done_prefixes:
|
||||
/* Decode and fetch the destination operand: register or memory. */
|
||||
rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
|
||||
|
||||
-done:
|
||||
if (ctxt->rip_relative)
|
||||
ctxt->memopp->addr.mem.ea += ctxt->_eip;
|
||||
|
||||
+done:
|
||||
return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Fri, 24 Oct 2014 17:07:20 +0200
|
||||
Subject: [PATCH] KVM: x86: Decoding guest instructions which cross page
|
||||
boundary may fail
|
||||
|
||||
Once an instruction crosses a page boundary, the size read from the second page
|
||||
disregards the common case that part of the operand resides on the first page.
|
||||
As a result, fetch of long insturctions may fail, and thereby cause the
|
||||
decoding to fail as well.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Fixes: 5cfc7e0f5e5e1adf998df94f8e36edaf5d30d38e
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
|
||||
index 1ac496349f39..a0a04090d2ff 100644
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -777,8 +777,10 @@ static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size)
|
||||
static __always_inline int do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt,
|
||||
unsigned size)
|
||||
{
|
||||
- if (unlikely(ctxt->fetch.end - ctxt->fetch.ptr < size))
|
||||
- return __do_insn_fetch_bytes(ctxt, size);
|
||||
+ unsigned done_size = ctxt->fetch.end - ctxt->fetch.ptr;
|
||||
+
|
||||
+ if (unlikely(done_size < size))
|
||||
+ return __do_insn_fetch_bytes(ctxt, size - done_size);
|
||||
else
|
||||
return X86EMUL_CONTINUE;
|
||||
}
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,77 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Fri, 24 Oct 2014 17:07:22 +0200
|
||||
Subject: [PATCH] KVM: x86: Emulator does not decode clflush well
|
||||
|
||||
Currently, all group15 instructions are decoded as clflush (e.g., mfence,
|
||||
xsave). In addition, the clflush instruction requires no prefix (66/f2/f3)
|
||||
would exist. If prefix exists it may encode a different instruction (e.g.,
|
||||
clflushopt).
|
||||
|
||||
Creating a group for clflush, and different group for each prefix.
|
||||
|
||||
This has been the case forever, but the next patch needs the cflush group
|
||||
in order to fix a bug introduced in 3.17.
|
||||
|
||||
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 20 +++++++++++++++++---
|
||||
1 file changed, 17 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
|
||||
index 5669ed12f9ee..d1a19289d11a 100644
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -3458,6 +3458,12 @@ static int em_bswap(struct x86_emulate_ctxt *ctxt)
|
||||
return X86EMUL_CONTINUE;
|
||||
}
|
||||
|
||||
+static int em_clflush(struct x86_emulate_ctxt *ctxt)
|
||||
+{
|
||||
+ /* emulating clflush regardless of cpuid */
|
||||
+ return X86EMUL_CONTINUE;
|
||||
+}
|
||||
+
|
||||
static bool valid_cr(int nr)
|
||||
{
|
||||
switch (nr) {
|
||||
@@ -3790,6 +3796,16 @@ static const struct opcode group11[] = {
|
||||
X7(D(Undefined)),
|
||||
};
|
||||
|
||||
+static const struct gprefix pfx_0f_ae_7 = {
|
||||
+ I(0, em_clflush), N, N, N,
|
||||
+};
|
||||
+
|
||||
+static const struct group_dual group15 = { {
|
||||
+ N, N, N, N, N, N, N, GP(0, &pfx_0f_ae_7),
|
||||
+}, {
|
||||
+ N, N, N, N, N, N, N, N,
|
||||
+} };
|
||||
+
|
||||
static const struct gprefix pfx_0f_6f_0f_7f = {
|
||||
I(Mmx, em_mov), I(Sse | Aligned, em_mov), N, I(Sse | Unaligned, em_mov),
|
||||
};
|
||||
@@ -4049,7 +4065,7 @@ static const struct opcode twobyte_table[256] = {
|
||||
F(DstMem | SrcReg | ModRM | BitOp | Lock | PageTable, em_bts),
|
||||
F(DstMem | SrcReg | Src2ImmByte | ModRM, em_shrd),
|
||||
F(DstMem | SrcReg | Src2CL | ModRM, em_shrd),
|
||||
- D(ModRM), F(DstReg | SrcMem | ModRM, em_imul),
|
||||
+ GD(0, &group15), F(DstReg | SrcMem | ModRM, em_imul),
|
||||
/* 0xB0 - 0xB7 */
|
||||
I2bv(DstMem | SrcReg | ModRM | Lock | PageTable, em_cmpxchg),
|
||||
I(DstReg | SrcMemFAddr | ModRM | Src2SS, em_lseg),
|
||||
@@ -4976,8 +4992,6 @@ twobyte_insn:
|
||||
case 0x90 ... 0x9f: /* setcc r/m8 */
|
||||
ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags);
|
||||
break;
|
||||
- case 0xae: /* clflush */
|
||||
- break;
|
||||
case 0xb6 ... 0xb7: /* movzx */
|
||||
ctxt->dst.bytes = ctxt->op_bytes;
|
||||
ctxt->dst.val = (ctxt->src.bytes == 1) ? (u8) ctxt->src.val
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
From 283c612d99d60749ecb728d09ebb7d72b087d305 Mon Sep 17 00:00:00 2001
|
||||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Fri, 24 Oct 2014 17:07:17 +0200
|
||||
Subject: [PATCH] KVM: x86: Handle errors when RIP is set during far jumps
|
||||
|
@ -20,10 +19,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|||
1 file changed, 88 insertions(+), 30 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
|
||||
index 88bb0c20d31d..9a1946cb43c8 100644
|
||||
index e52e74feedb8..1ac496349f39 100644
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -1439,7 +1439,9 @@ static int write_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
@@ -1442,7 +1442,9 @@ static int write_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
|
||||
/* Does not support long mode */
|
||||
static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
|
@ -34,16 +33,16 @@ index 88bb0c20d31d..9a1946cb43c8 100644
|
|||
{
|
||||
struct desc_struct seg_desc, old_desc;
|
||||
u8 dpl, rpl;
|
||||
@@ -1568,6 +1570,8 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
@@ -1574,6 +1576,8 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
}
|
||||
load:
|
||||
ctxt->ops->set_segment(ctxt, selector, &seg_desc, 0, seg);
|
||||
ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg);
|
||||
+ if (desc)
|
||||
+ *desc = seg_desc;
|
||||
return X86EMUL_CONTINUE;
|
||||
exception:
|
||||
emulate_exception(ctxt, err_vec, err_code, true);
|
||||
@@ -1578,7 +1582,7 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
@@ -1584,7 +1588,7 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
u16 selector, int seg)
|
||||
{
|
||||
u8 cpl = ctxt->ops->cpl(ctxt);
|
||||
|
@ -52,7 +51,7 @@ index 88bb0c20d31d..9a1946cb43c8 100644
|
|||
}
|
||||
|
||||
static void write_register_operand(struct operand *op)
|
||||
@@ -1975,17 +1979,31 @@ static int em_iret(struct x86_emulate_ctxt *ctxt)
|
||||
@@ -1978,17 +1982,31 @@ static int em_iret(struct x86_emulate_ctxt *ctxt)
|
||||
static int em_jmp_far(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
int rc;
|
||||
|
@ -89,7 +88,7 @@ index 88bb0c20d31d..9a1946cb43c8 100644
|
|||
}
|
||||
|
||||
static int em_grp45(struct x86_emulate_ctxt *ctxt)
|
||||
@@ -2049,21 +2067,34 @@ static int em_ret(struct x86_emulate_ctxt *ctxt)
|
||||
@@ -2055,21 +2073,34 @@ static int em_ret(struct x86_emulate_ctxt *ctxt)
|
||||
static int em_ret_far(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
int rc;
|
||||
|
@ -129,7 +128,7 @@ index 88bb0c20d31d..9a1946cb43c8 100644
|
|||
return rc;
|
||||
}
|
||||
|
||||
@@ -2487,19 +2518,24 @@ static int load_state_from_tss16(struct x86_emulate_ctxt *ctxt,
|
||||
@@ -2496,19 +2527,24 @@ static int load_state_from_tss16(struct x86_emulate_ctxt *ctxt,
|
||||
* Now load segment descriptors. If fault happens at this stage
|
||||
* it is handled in a context of new task
|
||||
*/
|
||||
|
@ -159,7 +158,7 @@ index 88bb0c20d31d..9a1946cb43c8 100644
|
|||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
|
||||
@@ -2624,25 +2660,32 @@ static int load_state_from_tss32(struct x86_emulate_ctxt *ctxt,
|
||||
@@ -2633,25 +2669,32 @@ static int load_state_from_tss32(struct x86_emulate_ctxt *ctxt,
|
||||
* Now load segment descriptors. If fault happenes at this stage
|
||||
* it is handled in a context of new task
|
||||
*/
|
||||
|
@ -199,7 +198,7 @@ index 88bb0c20d31d..9a1946cb43c8 100644
|
|||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
|
||||
@@ -2925,24 +2968,39 @@ static int em_call_far(struct x86_emulate_ctxt *ctxt)
|
||||
@@ -2934,24 +2977,39 @@ static int em_call_far(struct x86_emulate_ctxt *ctxt)
|
||||
u16 sel, old_cs;
|
||||
ulong old_eip;
|
||||
int rc;
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Fri, 24 Oct 2014 17:07:23 +0200
|
||||
Subject: [PATCH] KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
|
||||
|
||||
The decode phase of the x86 emulator assumes that every instruction with the
|
||||
ModRM flag, and which can be used with RIP-relative addressing, has either
|
||||
SrcMem or DstMem. This is not the case for several instructions - prefetch,
|
||||
hint-nop and clflush.
|
||||
|
||||
Adding SrcMem|NoAccess for prefetch and hint-nop and SrcMem for clflush.
|
||||
|
||||
This fixes CVE-2014-8480.
|
||||
|
||||
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
|
||||
index d1a19289d11a..48daa1a097af 100644
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -3797,7 +3797,7 @@ static const struct opcode group11[] = {
|
||||
};
|
||||
|
||||
static const struct gprefix pfx_0f_ae_7 = {
|
||||
- I(0, em_clflush), N, N, N,
|
||||
+ I(SrcMem | ByteOp, em_clflush), N, N, N,
|
||||
};
|
||||
|
||||
static const struct group_dual group15 = { {
|
||||
@@ -4010,10 +4010,11 @@ static const struct opcode twobyte_table[256] = {
|
||||
N, I(ImplicitOps | EmulateOnUD, em_syscall),
|
||||
II(ImplicitOps | Priv, em_clts, clts), N,
|
||||
DI(ImplicitOps | Priv, invd), DI(ImplicitOps | Priv, wbinvd), N, N,
|
||||
- N, D(ImplicitOps | ModRM), N, N,
|
||||
+ N, D(ImplicitOps | ModRM | SrcMem | NoAccess), N, N,
|
||||
/* 0x10 - 0x1F */
|
||||
N, N, N, N, N, N, N, N,
|
||||
- D(ImplicitOps | ModRM), N, N, N, N, N, N, D(ImplicitOps | ModRM),
|
||||
+ D(ImplicitOps | ModRM | SrcMem | NoAccess),
|
||||
+ N, N, N, N, N, N, D(ImplicitOps | ModRM | SrcMem | NoAccess),
|
||||
/* 0x20 - 0x2F */
|
||||
DIP(ModRM | DstMem | Priv | Op3264 | NoMod, cr_read, check_cr_read),
|
||||
DIP(ModRM | DstMem | Priv | Op3264 | NoMod, dr_read, check_dr_read),
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,185 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
||||
Secure Boot stores a list of allowed certificates in the 'db' variable.
|
||||
This imports those certificates into the system trusted keyring. This
|
||||
allows for a third party signing certificate to be used in conjunction
|
||||
with signed modules. By importing the public certificate into the 'db'
|
||||
variable, a user can allow a module signed with that certificate to
|
||||
load. The shim UEFI bootloader has a similar certificate list stored
|
||||
in the 'MokListRT' variable. We import those as well.
|
||||
|
||||
In the opposite case, Secure Boot maintains a list of disallowed
|
||||
certificates in the 'dbx' variable. We load those certificates into
|
||||
the newly introduced system blacklist keyring and forbid any module
|
||||
signed with those from loading.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/linux/efi.h | 6 ++++
|
||||
init/Kconfig | 9 +++++
|
||||
kernel/Makefile | 3 ++
|
||||
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 110 insertions(+)
|
||||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 41359e548bcb..db9e6118575e 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -587,6 +587,12 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
+
|
||||
+#define EFI_SHIM_LOCK_GUID \
|
||||
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index dfdd7f738247..3c866db603a7 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1877,6 +1877,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
+config MODULE_SIG_UEFI
|
||||
+ bool "Allow modules signed with certs stored in UEFI"
|
||||
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
|
||||
+ select EFI_SIGNATURE_LIST_PARSER
|
||||
+ help
|
||||
+ This will import certificates stored in UEFI and allow modules
|
||||
+ signed with those to be loaded. It will also disallow loading
|
||||
+ of modules stored in the UEFI dbx variable.
|
||||
+
|
||||
choice
|
||||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index dc5c77544fd6..95bdf3398880 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -45,6 +45,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
# config_data.h contains the same information as ikconfig.h but gzipped.
|
||||
# Info from config_data can be extracted from /proc/config*
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..94b0eb38a284
|
||||
--- /dev/null
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -0,0 +1,92 @@
|
||||
+#include <linux/kernel.h>
|
||||
+#include <linux/sched.h>
|
||||
+#include <linux/cred.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <linux/slab.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+#include <keys/system_keyring.h>
|
||||
+#include "module-internal.h"
|
||||
+
|
||||
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned long lsize = 4;
|
||||
+ unsigned long tmpdb[4];
|
||||
+ void *db = NULL;
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
|
||||
+ if (status != EFI_BUFFER_TOO_SMALL) {
|
||||
+ pr_err("Couldn't get size: 0x%lx\n", status);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ db = kmalloc(lsize, GFP_KERNEL);
|
||||
+ if (!db) {
|
||||
+ pr_err("Couldn't allocate memory for uefi cert list\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
|
||||
+ if (status != EFI_SUCCESS) {
|
||||
+ kfree(db);
|
||||
+ db = NULL;
|
||||
+ pr_err("Error reading db var: 0x%lx\n", status);
|
||||
+ }
|
||||
+out:
|
||||
+ *size = lsize;
|
||||
+ return db;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * * Load the certs contained in the UEFI databases
|
||||
+ * */
|
||||
+static int __init load_uefi_certs(void)
|
||||
+{
|
||||
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
|
||||
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
+ void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
+ int rc = 0;
|
||||
+
|
||||
+ /* Check if SB is enabled and just return if not */
|
||||
+ if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
+ * an error if we can't get them.
|
||||
+ */
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
+
|
||||
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
+ if (!mok) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
|
||||
+ kfree(mok);
|
||||
+ }
|
||||
+
|
||||
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
|
||||
+ if (!dbx) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(dbx, dbxsize,
|
||||
+ system_blacklist_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
|
||||
+ kfree(dbx);
|
||||
+ }
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+late_initcall(load_uefi_certs);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,83 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH] MODSIGN: Support not importing certs from db
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
Have the uefi import code look for this and not import things from the db
|
||||
variable.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 31 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
index 94b0eb38a284..ae28b974d49a 100644
|
||||
--- a/kernel/modsign_uefi.c
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -8,6 +8,23 @@
|
||||
#include <keys/system_keyring.h>
|
||||
#include "module-internal.h"
|
||||
|
||||
+static __init int check_ignore_db(void)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned int db = 0;
|
||||
+ unsigned long size = sizeof(db);
|
||||
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
|
||||
+
|
||||
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
|
||||
+ * then we don't ignore DB. If it succeeds, we do.
|
||||
+ */
|
||||
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
{
|
||||
efi_status_t status;
|
||||
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
|
||||
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
- int rc = 0;
|
||||
+ int ignore_db, rc = 0;
|
||||
|
||||
/* Check if SB is enabled and just return if not */
|
||||
if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
return 0;
|
||||
|
||||
+ /* See if the user has setup Ignore DB mode */
|
||||
+ ignore_db = check_ignore_db();
|
||||
+
|
||||
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
* an error if we can't get them.
|
||||
*/
|
||||
- db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
- if (!db) {
|
||||
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
- } else {
|
||||
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
- if (rc)
|
||||
- pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
- kfree(db);
|
||||
+ if (!ignore_db) {
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
}
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,116 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
kernel code, allowing them to circumvent disabled module loading or module
|
||||
signing. Default to paranoid - in future we can potentially relax this for
|
||||
sufficiently IOMMU-isolated devices.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/pci/pci-sysfs.c | 10 ++++++++++
|
||||
drivers/pci/proc.c | 8 +++++++-
|
||||
drivers/pci/syscall.c | 3 ++-
|
||||
3 files changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index 76ef7914c9aa..dddc802ccd2c 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <linux/vgaarb.h>
|
||||
#include <linux/pm_runtime.h>
|
||||
#include <linux/of.h>
|
||||
+#include <linux/module.h>
|
||||
#include "pci.h"
|
||||
|
||||
static int sysfs_initialized; /* = 0 */
|
||||
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
loff_t init_off = off;
|
||||
u8 *data = (u8 *) buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (off > dev->cfg_size)
|
||||
return 0;
|
||||
if (off + count > dev->cfg_size) {
|
||||
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
resource_size_t start, end;
|
||||
int i;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
||||
if (res == &pdev->resource[i])
|
||||
break;
|
||||
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *attr, char *buf,
|
||||
loff_t off, size_t count)
|
||||
{
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
|
||||
}
|
||||
|
||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||
index 3f155e78513f..4265ea07e3b0 100644
|
||||
--- a/drivers/pci/proc.c
|
||||
+++ b/drivers/pci/proc.c
|
||||
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
|
||||
int size = dev->cfg_size;
|
||||
int cnt;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (pos >= size)
|
||||
return 0;
|
||||
if (nbytes >= size)
|
||||
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
|
||||
#endif /* HAVE_PCI_MMAP */
|
||||
int ret = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
switch (cmd) {
|
||||
case PCIIOC_CONTROLLER:
|
||||
ret = pci_domain_nr(dev->bus);
|
||||
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
struct pci_filp_private *fpriv = file->private_data;
|
||||
int i, ret;
|
||||
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
/* Make sure the caller is mapping a real resource for this device */
|
||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||
index b91c4da68365..98f5637304d1 100644
|
||||
--- a/drivers/pci/syscall.c
|
||||
+++ b/drivers/pci/syscall.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/errno.h>
|
||||
#include <linux/pci.h>
|
||||
#include <linux/syscalls.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include "pci.h"
|
||||
|
||||
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
||||
u32 dword;
|
||||
int err = 0;
|
||||
|
||||
- if (!capable(CAP_SYS_ADMIN))
|
||||
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
to be subverted, avoiding module loading restrictions. Prevent this when
|
||||
any restrictions have been imposed on loading modules.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/char/mem.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index cdf839f9defe..c63cf93b00eb 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
if (p != *ppos)
|
||||
return -EFBIG;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!valid_phys_addr_range(p, count))
|
||||
return -EFAULT;
|
||||
|
||||
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
|
||||
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
|
||||
int err = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
|
||||
is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
loading modules. Disable it in that case.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||
---
|
||||
drivers/acpi/osl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index 3abe9b223ba7..ee8f11cf65da 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
- if (acpi_rsdp)
|
||||
+ if (acpi_rsdp && !secure_modules())
|
||||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
460
arm-beagle.patch
460
arm-beagle.patch
|
@ -1,460 +0,0 @@
|
|||
Bugzilla: 1012025
|
||||
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
|
||||
|
||||
From b5a2528c89fc8049b2a6a750634c14983e33d00f Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:05:09 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index 6b71ad9..09ffbd8 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -74,5 +74,18 @@
|
||||
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
|
||||
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
|
||||
status = "okay";
|
||||
+
|
||||
+ panel-info {
|
||||
+ bpp = <16>;
|
||||
+ ac-bias = <255>;
|
||||
+ ac-bias-intrpt = <0>;
|
||||
+ dma-burst-sz = <16>;
|
||||
+ fdd = <16>;
|
||||
+ sync-edge = <1>;
|
||||
+ sync-ctrl = <1>;
|
||||
+ raster-order = <0>;
|
||||
+ fifo-th = <0>;
|
||||
+ invert-pxl-clk;
|
||||
+ };
|
||||
};
|
||||
};
|
||||
--
|
||||
1.8.5.1
|
||||
|
||||
From 1da083a002581520dd358b8b8e097078000d12b9 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:14:19 -0600
|
||||
Subject: [PATCH 2/2] arm: dts: am335x-boneblack: add cpu0 opp points
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index 09ffbd8..f213ccd 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -67,6 +67,24 @@
|
||||
};
|
||||
|
||||
/ {
|
||||
+ cpus {
|
||||
+ cpu@0 {
|
||||
+ cpu0-supply = <&dcdc2_reg>;
|
||||
+ /*
|
||||
+ * To consider voltage drop between PMIC and SoC,
|
||||
+ * tolerance value is reduced to 2% from 4% and
|
||||
+ * voltage value is increased as a precaution.
|
||||
+ */
|
||||
+ operating-points = <
|
||||
+ /* kHz uV */
|
||||
+ 1000000 1325000
|
||||
+ 800000 1300000
|
||||
+ 600000 1112000
|
||||
+ 300000 969000
|
||||
+ >;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
hdmi {
|
||||
compatible = "ti,tilcdc,slave";
|
||||
i2c = <&i2c0>;
|
||||
--
|
||||
1.8.5.1
|
||||
|
||||
From 8551d8aa7d3e002da2097e7e902fb96fceb8694e Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 11:17:45 -0600
|
||||
Subject: [PATCH 3/3] arm: dts: am335x-bone-common: enable and use i2c2
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
|
||||
1 file changed, 39 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index e3f27ec..54366b6 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -84,6 +84,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ i2c2_pins: pinmux_i2c2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
|
||||
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
uart0_pins: pinmux_uart0_pins {
|
||||
pinctrl-single,pins = <
|
||||
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
|
||||
@@ -220,6 +227,38 @@
|
||||
reg = <0x24>;
|
||||
};
|
||||
|
||||
+ baseboard_eeprom: baseboard_eeprom@50 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x50>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&i2c2 {
|
||||
+ status = "okay";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c2_pins>;
|
||||
+
|
||||
+ clock-frequency = <100000>;
|
||||
+
|
||||
+ cape_eeprom0: cape_eeprom0@54 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x54>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom1: cape_eeprom1@55 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x55>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom2: cape_eeprom2@56 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x56>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom3: cape_eeprom3@57 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x57>;
|
||||
+ };
|
||||
};
|
||||
|
||||
/include/ "tps65217.dtsi"
|
||||
--
|
||||
1.8.5.2
|
||||
|
||||
From a3099dc53a47d1694a5b575580ec3406dc429bf8 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 14:18:00 -0600
|
||||
Subject: [PATCH 4/4] arm: dts: am335x-bone-common: setup default pinmux
|
||||
http://elinux.org/Basic_Proto_Cape
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
|
||||
1 file changed, 130 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index e4571af..f85cabc 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -98,6 +98,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart1_pins: pinmux_uart1_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
|
||||
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
@@ -178,6 +185,33 @@
|
||||
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
|
||||
>;
|
||||
};
|
||||
+
|
||||
+ spi0_pins: pinmux_spi0_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
|
||||
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
|
||||
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
|
||||
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
|
||||
+ >;
|
||||
+ };
|
||||
};
|
||||
|
||||
&uart0 {
|
||||
@@ -187,6 +221,13 @@
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
+&uart1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart1_pins>;
|
||||
+
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
&usb {
|
||||
status = "okay";
|
||||
|
||||
@@ -261,6 +302,56 @@
|
||||
};
|
||||
};
|
||||
|
||||
+&epwmss0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ecap@48300100 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&epwmss1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <
|
||||
+ &ehrpwm1_pin_p9_14
|
||||
+ &ehrpwm1_pin_p9_16
|
||||
+ >;
|
||||
+
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ehrpwm@48302200 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&spi0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&spi0_pins>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ spidev0: spi@0 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <0>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ spi-cpha;
|
||||
+ };
|
||||
+
|
||||
+ spidev1: spi@1 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <1>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&tscadc {
|
||||
+ status = "okay";
|
||||
+ adc {
|
||||
+ ti,adc-channels = <4 5 6>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
/include/ "tps65217.dtsi"
|
||||
|
||||
&tps {
|
||||
@@ -336,3 +427,42 @@
|
||||
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
|
||||
cd-inverted;
|
||||
};
|
||||
+
|
||||
+/ {
|
||||
+ ocp {
|
||||
+ //FIXME: these pwm's still need work, this guild isn't working..
|
||||
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
|
||||
+ pwm_test_P9_14@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_14";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_16@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_16";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_42 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ecap0 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_42";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+ };
|
||||
+};
|
||||
--
|
||||
1.8.5.2
|
||||
|
||||
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Thu, 13 Mar 2014 14:18:52 -0500
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: add
|
||||
uart2_pins/uart4_pins/uart5_pins
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index f85cabc..5270d18 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -105,6 +105,27 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart2_pins: pinmux_uart2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
|
||||
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart4_pins: pinmux_uart4_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
|
||||
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart5_pins: pinmux_uart5_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
|
||||
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
--
|
||||
1.9.0
|
||||
|
||||
From 72567452d5d6007010597158f6afd00e2bf07579 Mon Sep 17 00:00:00 2001
|
||||
From: Pantelis Antoniou <panto@antoniou-consulting.com>
|
||||
Date: Sat, 15 Sep 2012 12:00:41 +0300
|
||||
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
|
||||
|
||||
When using pinctrl-single to handle i2c initialization, it has
|
||||
to be done early. Whether this is the best way to do so, is an
|
||||
exercise left to the reader.
|
||||
---
|
||||
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
|
||||
index 829b98c..5107dcf 100644
|
||||
--- a/drivers/pinctrl/pinctrl-single.c
|
||||
+++ b/drivers/pinctrl/pinctrl-single.c
|
||||
@@ -2039,7 +2039,17 @@ static struct platform_driver pcs_driver = {
|
||||
#endif
|
||||
};
|
||||
|
||||
-module_platform_driver(pcs_driver);
|
||||
+static int __init pcs_init(void)
|
||||
+{
|
||||
+ return platform_driver_register(&pcs_driver);
|
||||
+}
|
||||
+postcore_initcall(pcs_init);
|
||||
+
|
||||
+static void __exit pcs_exit(void)
|
||||
+{
|
||||
+ platform_driver_unregister(&pcs_driver);
|
||||
+}
|
||||
+module_exit(pcs_exit);
|
||||
|
||||
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
|
||||
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
|
||||
--
|
||||
1.8.5.2
|
||||
|
||||
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Thu, 13 Mar 2014 14:18:52 -0500
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: add
|
||||
uart2_pins/uart4_pins/uart5_pins
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index f85cabc..5270d18 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -105,6 +105,27 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart2_pins: pinmux_uart2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
|
||||
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart4_pins: pinmux_uart4_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
|
||||
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart5_pins: pinmux_uart5_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
|
||||
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
--
|
||||
1.9.0
|
|
@ -0,0 +1,45 @@
|
|||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Thu, 13 Mar 2014 14:18:52 -0500
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: add
|
||||
uart2_pins/uart4_pins/uart5_pins
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index 86cdb52dbf8a..db4518ef755d 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -105,6 +105,27 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart2_pins: pinmux_uart2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
|
||||
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart4_pins: pinmux_uart4_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
|
||||
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart5_pins: pinmux_uart5_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
|
||||
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 11:17:45 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: enable and use i2c2
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
|
||||
1 file changed, 39 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index bde1777b62be..c7357bcc7d5c 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -84,6 +84,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ i2c2_pins: pinmux_i2c2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
|
||||
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
uart0_pins: pinmux_uart0_pins {
|
||||
pinctrl-single,pins = <
|
||||
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
|
||||
@@ -220,6 +227,38 @@
|
||||
reg = <0x24>;
|
||||
};
|
||||
|
||||
+ baseboard_eeprom: baseboard_eeprom@50 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x50>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&i2c2 {
|
||||
+ status = "okay";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c2_pins>;
|
||||
+
|
||||
+ clock-frequency = <100000>;
|
||||
+
|
||||
+ cape_eeprom0: cape_eeprom0@54 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x54>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom1: cape_eeprom1@55 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x55>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom2: cape_eeprom2@56 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x56>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom3: cape_eeprom3@57 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x57>;
|
||||
+ };
|
||||
};
|
||||
|
||||
/include/ "tps65217.dtsi"
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,179 @@
|
|||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 14:18:00 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: setup default pinmux
|
||||
http://elinux.org/Basic_Proto_Cape
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
|
||||
1 file changed, 130 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index c7357bcc7d5c..86cdb52dbf8a 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -98,6 +98,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart1_pins: pinmux_uart1_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
|
||||
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
@@ -178,6 +185,33 @@
|
||||
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
|
||||
>;
|
||||
};
|
||||
+
|
||||
+ spi0_pins: pinmux_spi0_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
|
||||
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
|
||||
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
|
||||
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
|
||||
+ >;
|
||||
+ };
|
||||
};
|
||||
|
||||
&uart0 {
|
||||
@@ -187,6 +221,13 @@
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
+&uart1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart1_pins>;
|
||||
+
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
&usb {
|
||||
status = "okay";
|
||||
};
|
||||
@@ -261,6 +302,56 @@
|
||||
};
|
||||
};
|
||||
|
||||
+&epwmss0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ecap@48300100 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&epwmss1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <
|
||||
+ &ehrpwm1_pin_p9_14
|
||||
+ &ehrpwm1_pin_p9_16
|
||||
+ >;
|
||||
+
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ehrpwm@48302200 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&spi0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&spi0_pins>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ spidev0: spi@0 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <0>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ spi-cpha;
|
||||
+ };
|
||||
+
|
||||
+ spidev1: spi@1 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <1>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&tscadc {
|
||||
+ status = "okay";
|
||||
+ adc {
|
||||
+ ti,adc-channels = <4 5 6>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
/include/ "tps65217.dtsi"
|
||||
|
||||
&tps {
|
||||
@@ -337,3 +428,42 @@
|
||||
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
|
||||
cd-inverted;
|
||||
};
|
||||
+
|
||||
+/ {
|
||||
+ ocp {
|
||||
+ //FIXME: these pwm's still need work, this guild isn't working..
|
||||
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
|
||||
+ pwm_test_P9_14@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_14";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_16@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_16";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_42 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ecap0 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_42";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+ };
|
||||
+};
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:14:19 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-boneblack: add cpu0 opp points
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index bf5349165542..acfff3befff5 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -66,6 +66,24 @@
|
||||
};
|
||||
|
||||
/ {
|
||||
+ cpus {
|
||||
+ cpu@0 {
|
||||
+ cpu0-supply = <&dcdc2_reg>;
|
||||
+ /*
|
||||
+ * To consider voltage drop between PMIC and SoC,
|
||||
+ * tolerance value is reduced to 2% from 4% and
|
||||
+ * voltage value is increased as a precaution.
|
||||
+ */
|
||||
+ operating-points = <
|
||||
+ /* kHz uV */
|
||||
+ 1000000 1325000
|
||||
+ 800000 1300000
|
||||
+ 600000 1112000
|
||||
+ 300000 969000
|
||||
+ >;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
hdmi {
|
||||
compatible = "ti,tilcdc,slave";
|
||||
i2c = <&i2c0>;
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:05:09 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
|
||||
|
||||
Bugzilla: 1012025
|
||||
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index 305975d3f531..bf5349165542 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -73,5 +73,18 @@
|
||||
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
|
||||
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
|
||||
status = "okay";
|
||||
+
|
||||
+ panel-info {
|
||||
+ bpp = <16>;
|
||||
+ ac-bias = <255>;
|
||||
+ ac-bias-intrpt = <0>;
|
||||
+ dma-burst-sz = <16>;
|
||||
+ fdd = <16>;
|
||||
+ sync-edge = <1>;
|
||||
+ sync-ctrl = <1>;
|
||||
+ raster-order = <0>;
|
||||
+ fifo-th = <0>;
|
||||
+ invert-pxl-clk;
|
||||
+ };
|
||||
};
|
||||
};
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,213 @@
|
|||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Tue, 30 Sep 2014 14:29:26 +0100
|
||||
Subject: [PATCH] arm: dts sun7i bananapi
|
||||
|
||||
The Banana Pi is an A20 based development board using Raspberry Pi compatible
|
||||
IO headers. It comes with 1 GB RAM, 1 Gb ethernet, 2x USB host, sata, hdmi
|
||||
and stereo audio out + various expenansion headers:
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
|
||||
---
|
||||
arch/arm/boot/dts/Makefile | 1 +
|
||||
arch/arm/boot/dts/sun7i-a20-bananapi.dts | 177 +++++++++++++++++++++++++++++++
|
||||
2 files changed, 178 insertions(+)
|
||||
create mode 100644 arch/arm/boot/dts/sun7i-a20-bananapi.dts
|
||||
|
||||
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
|
||||
index e6aa6e77a3ec..0e858ebdad9e 100644
|
||||
--- a/arch/arm/boot/dts/Makefile
|
||||
+++ b/arch/arm/boot/dts/Makefile
|
||||
@@ -414,6 +414,7 @@ dtb-$(CONFIG_MACH_SUN6I) += \
|
||||
sun6i-a31-hummingbird.dtb \
|
||||
sun6i-a31-m9.dtb
|
||||
dtb-$(CONFIG_MACH_SUN7I) += \
|
||||
+ sun7i-a20-bananapi.dtb \
|
||||
sun7i-a20-cubieboard2.dtb \
|
||||
sun7i-a20-cubietruck.dtb \
|
||||
sun7i-a20-i12-tvbox.dtb \
|
||||
diff --git a/arch/arm/boot/dts/sun7i-a20-bananapi.dts b/arch/arm/boot/dts/sun7i-a20-bananapi.dts
|
||||
new file mode 100644
|
||||
index 000000000000..7214475a3c36
|
||||
--- /dev/null
|
||||
+++ b/arch/arm/boot/dts/sun7i-a20-bananapi.dts
|
||||
@@ -0,0 +1,177 @@
|
||||
+/*
|
||||
+ * Copyright 2014 Hans de Goede <hdegoede@xxxxxxxxxx>
|
||||
+ *
|
||||
+ * The code contained herein is licensed under the GNU General Public
|
||||
+ * License. You may obtain a copy of the GNU General Public License
|
||||
+ * Version 2 or later at the following locations:
|
||||
+ *
|
||||
+ * http://www.opensource.org/licenses/gpl-license.html
|
||||
+ * http://www.gnu.org/copyleft/gpl.html
|
||||
+ */
|
||||
+
|
||||
+/dts-v1/;
|
||||
+/include/ "sun7i-a20.dtsi"
|
||||
+/include/ "sunxi-common-regulators.dtsi"
|
||||
+
|
||||
+/ {
|
||||
+ model = "LeMaker Banana Pi";
|
||||
+ compatible = "lemaker,bananapi", "allwinner,sun7i-a20";
|
||||
+
|
||||
+ soc@01c00000 {
|
||||
+ mmc0: mmc@01c0f000 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bananapi>;
|
||||
+ vmmc-supply = <®_vcc3v3>;
|
||||
+ bus-width = <4>;
|
||||
+ cd-gpios = <&pio 7 10 0>; /* PH10 */
|
||||
+ cd-inverted;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ usbphy: phy@01c13400 {
|
||||
+ usb1_vbus-supply = <®_usb1_vbus>;
|
||||
+ usb2_vbus-supply = <®_usb2_vbus>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ehci0: usb@01c14000 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ohci0: usb@01c14400 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ahci: sata@01c18000 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ehci1: usb@01c1c000 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ohci1: usb@01c1c400 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pinctrl@01c20800 {
|
||||
+ uart3_pins_bananapi: uart3_pin@0 {
|
||||
+ allwinner,pins = "PH0", "PH1";
|
||||
+ allwinner,function = "uart3";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <0>;
|
||||
+ };
|
||||
+
|
||||
+ mmc0_cd_pin_bananapi: mmc0_cd_pin@0 {
|
||||
+ allwinner,pins = "PH10";
|
||||
+ allwinner,function = "gpio_in";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <1>;
|
||||
+ };
|
||||
+
|
||||
+ gmac_power_pin_bananapi: gmac_power_pin@0 {
|
||||
+ allwinner,pins = "PH23";
|
||||
+ allwinner,function = "gpio_out";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <0>;
|
||||
+ };
|
||||
+
|
||||
+ led_pins_bananapi: led_pins@0 {
|
||||
+ allwinner,pins = "PH24";
|
||||
+ allwinner,function = "gpio_out";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <0>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ ir0: ir@01c21800 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ir0_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ uart0: serial@01c28000 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart0_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ uart3: serial@01c28c00 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart3_pins_bananapi>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ uart7: serial@01c29c00 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart7_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ i2c0: i2c@01c2ac00 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c0_pins_a>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ axp209: pmic@34 {
|
||||
+ compatible = "x-powers,axp209";
|
||||
+ reg = <0x34>;
|
||||
+ interrupt-parent = <&nmi_intc>;
|
||||
+ interrupts = <0 8>;
|
||||
+
|
||||
+ interrupt-controller;
|
||||
+ #interrupt-cells = <1>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ i2c2: i2c@01c2b400 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c2_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ gmac: ethernet@01c50000 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&gmac_pins_rgmii_a>;
|
||||
+ phy = <&phy1>;
|
||||
+ phy-mode = "rgmii";
|
||||
+ phy-supply = <®_gmac_3v3>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ phy1: ethernet-phy@1 {
|
||||
+ reg = <1>;
|
||||
+ };
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ leds {
|
||||
+ compatible = "gpio-leds";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&led_pins_bananapi>;
|
||||
+
|
||||
+ green {
|
||||
+ label = "bananapi:green:usr";
|
||||
+ gpios = <&pio 7 24 0>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ reg_usb1_vbus: usb1-vbus {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ reg_usb2_vbus: usb2-vbus {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ reg_gmac_3v3: gmac-3v3 {
|
||||
+ compatible = "regulator-fixed";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&gmac_power_pin_bananapi>;
|
||||
+ regulator-name = "gmac-3v3";
|
||||
+ regulator-min-microvolt = <3300000>;
|
||||
+ regulator-max-microvolt = <3300000>;
|
||||
+ startup-delay-us = <50000>;
|
||||
+ enable-active-high;
|
||||
+ gpio = <&pio 7 23 0>;
|
||||
+ };
|
||||
+};
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
From: Kyle McMartin <kmcmartin@redhat.com>
|
||||
Date: Tue, 30 Sep 2014 16:19:47 -0400
|
||||
Subject: [PATCH] arm: highbank l2 reverts
|
||||
|
||||
Revert some v3.16 changes to mach-highbank which broke L2 cache enablement.
|
||||
Will debug upstream separately, but we need F22/21 running there. (#1139762)
|
||||
---
|
||||
arch/arm/mach-highbank/highbank.c | 21 ++++++++++++---------
|
||||
1 file changed, 12 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/arch/arm/mach-highbank/highbank.c b/arch/arm/mach-highbank/highbank.c
|
||||
index 8c35ae4ff176..38e1dc3b4c6e 100644
|
||||
--- a/arch/arm/mach-highbank/highbank.c
|
||||
+++ b/arch/arm/mach-highbank/highbank.c
|
||||
@@ -51,13 +51,11 @@ static void __init highbank_scu_map_io(void)
|
||||
}
|
||||
|
||||
|
||||
-static void highbank_l2c310_write_sec(unsigned long val, unsigned reg)
|
||||
+static void highbank_l2x0_disable(void)
|
||||
{
|
||||
- if (reg == L2X0_CTRL)
|
||||
- highbank_smc1(0x102, val);
|
||||
- else
|
||||
- WARN_ONCE(1, "Highbank L2C310: ignoring write to reg 0x%x\n",
|
||||
- reg);
|
||||
+ outer_flush_all();
|
||||
+ /* Disable PL310 L2 Cache controller */
|
||||
+ highbank_smc1(0x102, 0x0);
|
||||
}
|
||||
|
||||
static void __init highbank_init_irq(void)
|
||||
@@ -66,6 +64,14 @@ static void __init highbank_init_irq(void)
|
||||
|
||||
if (of_find_compatible_node(NULL, NULL, "arm,cortex-a9"))
|
||||
highbank_scu_map_io();
|
||||
+
|
||||
+ /* Enable PL310 L2 Cache controller */
|
||||
+ if (IS_ENABLED(CONFIG_CACHE_L2X0) &&
|
||||
+ of_find_compatible_node(NULL, NULL, "arm,pl310-cache")) {
|
||||
+ highbank_smc1(0x102, 0x1);
|
||||
+ l2x0_of_init(0, ~0);
|
||||
+ outer_cache.disable = highbank_l2x0_disable;
|
||||
+ }
|
||||
}
|
||||
|
||||
static void highbank_power_off(void)
|
||||
@@ -179,9 +185,6 @@ DT_MACHINE_START(HIGHBANK, "Highbank")
|
||||
#if defined(CONFIG_ZONE_DMA) && defined(CONFIG_ARM_LPAE)
|
||||
.dma_zone_size = (4ULL * SZ_1G),
|
||||
#endif
|
||||
- .l2c_aux_val = 0,
|
||||
- .l2c_aux_mask = ~0,
|
||||
- .l2c_write_sec = highbank_l2c310_write_sec,
|
||||
.init_irq = highbank_init_irq,
|
||||
.init_machine = highbank_init,
|
||||
.dt_compat = highbank_match,
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,5 +1,13 @@
|
|||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Fri, 11 Jul 2014 00:10:56 +0100
|
||||
Subject: [PATCH] arm: i.MX6 Utilite device dtb
|
||||
|
||||
---
|
||||
arch/arm/boot/dts/imx6q-cm-fx6.dts | 38 ++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 38 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/imx6q-cm-fx6.dts b/arch/arm/boot/dts/imx6q-cm-fx6.dts
|
||||
index 99b46f8..8b6ddd1 100644
|
||||
index 99b46f8030ad..8b6ddd16dcc5 100644
|
||||
--- a/arch/arm/boot/dts/imx6q-cm-fx6.dts
|
||||
+++ b/arch/arm/boot/dts/imx6q-cm-fx6.dts
|
||||
@@ -97,11 +97,49 @@
|
||||
|
@ -52,3 +60,6 @@ index 99b46f8..8b6ddd1 100644
|
|||
+ pinctrl-0 = <&pinctrl_usdhc3>;
|
||||
+ status = "okay";
|
||||
+};
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,472 +0,0 @@
|
|||
commit d10715be03bd8bad59ddc50236cb140c3bd73c7b
|
||||
Author: Pawel Moll <pawel.moll@arm.com>
|
||||
Date: Tue Jun 24 12:55:11 2014 +0100
|
||||
|
||||
video: ARM CLCD: Add DT support
|
||||
|
||||
This patch adds basic DT bindings for the PL11x CLCD cells
|
||||
and make their fbdev driver use them.
|
||||
|
||||
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
|
||||
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
|
||||
|
||||
diff --git a/Documentation/devicetree/bindings/video/arm,pl11x.txt b/Documentation/devicetree/bindings/video/arm,pl11x.txt
|
||||
new file mode 100644
|
||||
index 0000000..3e3039a
|
||||
--- /dev/null
|
||||
+++ b/Documentation/devicetree/bindings/video/arm,pl11x.txt
|
||||
@@ -0,0 +1,109 @@
|
||||
+* ARM PrimeCell Color LCD Controller PL110/PL111
|
||||
+
|
||||
+See also Documentation/devicetree/bindings/arm/primecell.txt
|
||||
+
|
||||
+Required properties:
|
||||
+
|
||||
+- compatible: must be one of:
|
||||
+ "arm,pl110", "arm,primecell"
|
||||
+ "arm,pl111", "arm,primecell"
|
||||
+
|
||||
+- reg: base address and size of the control registers block
|
||||
+
|
||||
+- interrupt-names: either the single entry "combined" representing a
|
||||
+ combined interrupt output (CLCDINTR), or the four entries
|
||||
+ "mbe", "vcomp", "lnbu", "fuf" representing the individual
|
||||
+ CLCDMBEINTR, CLCDVCOMPINTR, CLCDLNBUINTR, CLCDFUFINTR interrupts
|
||||
+
|
||||
+- interrupts: contains an interrupt specifier for each entry in
|
||||
+ interrupt-names
|
||||
+
|
||||
+- clock-names: should contain "clcdclk" and "apb_pclk"
|
||||
+
|
||||
+- clocks: contains phandle and clock specifier pairs for the entries
|
||||
+ in the clock-names property. See
|
||||
+ Documentation/devicetree/binding/clock/clock-bindings.txt
|
||||
+
|
||||
+Optional properties:
|
||||
+
|
||||
+- memory-region: phandle to a node describing memory (see
|
||||
+ Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt)
|
||||
+ to be used for the framebuffer; if not present, the framebuffer
|
||||
+ may be located anywhere in the memory
|
||||
+
|
||||
+- max-memory-bandwidth: maximum bandwidth in bytes per second that the
|
||||
+ cell's memory interface can handle; if not present, the memory
|
||||
+ interface is fast enough to handle all possible video modes
|
||||
+
|
||||
+Required sub-nodes:
|
||||
+
|
||||
+- port: describes LCD panel signals, following the common binding
|
||||
+ for video transmitter interfaces; see
|
||||
+ Documentation/devicetree/bindings/media/video-interfaces.txt;
|
||||
+ when it is a TFT panel, the port's endpoint must define the
|
||||
+ following property:
|
||||
+
|
||||
+ - arm,pl11x,tft-r0g0b0-pads: an array of three 32-bit values,
|
||||
+ defining the way CLD pads are wired up; first value
|
||||
+ contains index of the "CLD" external pin (pad) used
|
||||
+ as R0 (first bit of the red component), second value
|
||||
+ index of the pad used as G0, third value index of the
|
||||
+ pad used as B0, see also "LCD panel signal multiplexing
|
||||
+ details" paragraphs in the PL110/PL111 Technical
|
||||
+ Reference Manuals; this implicitly defines available
|
||||
+ color modes, for example:
|
||||
+ - PL111 TFT 4:4:4 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <4 15 20>;
|
||||
+ - PL110 TFT (1:)5:5:5 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <1 7 13>;
|
||||
+ - PL111 TFT (1:)5:5:5 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <3 11 19>;
|
||||
+ - PL111 TFT 5:6:5 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <3 10 19>;
|
||||
+ - PL110 and PL111 TFT 8:8:8 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
|
||||
+ - PL110 and PL111 TFT 8:8:8 panel, R & B components swapped:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <16 8 0>;
|
||||
+
|
||||
+
|
||||
+Example:
|
||||
+
|
||||
+ clcd@10020000 {
|
||||
+ compatible = "arm,pl111", "arm,primecell";
|
||||
+ reg = <0x10020000 0x1000>;
|
||||
+ interrupt-names = "combined";
|
||||
+ interrupts = <0 44 4>;
|
||||
+ clocks = <&oscclk1>, <&oscclk2>;
|
||||
+ clock-names = "clcdclk", "apb_pclk";
|
||||
+ max-memory-bandwidth = <94371840>; /* Bps, 1024x768@60 16bpp */
|
||||
+
|
||||
+ port {
|
||||
+ clcd_pads: endpoint {
|
||||
+ remote-endpoint = <&clcd_panel>;
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ };
|
||||
+
|
||||
+ panel {
|
||||
+ compatible = "panel-dpi";
|
||||
+
|
||||
+ port {
|
||||
+ clcd_panel: endpoint {
|
||||
+ remote-endpoint = <&clcd_pads>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ panel-timing {
|
||||
+ clock-frequency = <25175000>;
|
||||
+ hactive = <640>;
|
||||
+ hback-porch = <40>;
|
||||
+ hfront-porch = <24>;
|
||||
+ hsync-len = <96>;
|
||||
+ vactive = <480>;
|
||||
+ vback-porch = <32>;
|
||||
+ vfront-porch = <11>;
|
||||
+ vsync-len = <2>;
|
||||
+ };
|
||||
+ };
|
||||
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
|
||||
index 4a7098f..6f451ad 100644
|
||||
--- a/drivers/video/fbdev/Kconfig
|
||||
+++ b/drivers/video/fbdev/Kconfig
|
||||
@@ -280,6 +280,7 @@ config FB_ARMCLCD
|
||||
select FB_CFB_FILLRECT
|
||||
select FB_CFB_COPYAREA
|
||||
select FB_CFB_IMAGEBLIT
|
||||
+ select VIDEOMODE_HELPERS if OF
|
||||
help
|
||||
This framebuffer device driver is for the ARM PrimeCell PL110
|
||||
Colour LCD controller. ARM PrimeCells provide the building
|
||||
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
|
||||
index 14d6b37..23b3519 100644
|
||||
--- a/drivers/video/fbdev/amba-clcd.c
|
||||
+++ b/drivers/video/fbdev/amba-clcd.c
|
||||
@@ -26,6 +26,13 @@
|
||||
#include <linux/amba/clcd.h>
|
||||
#include <linux/clk.h>
|
||||
#include <linux/hardirq.h>
|
||||
+#include <linux/dma-mapping.h>
|
||||
+#include <linux/of.h>
|
||||
+#include <linux/of_address.h>
|
||||
+#include <linux/of_graph.h>
|
||||
+#include <video/display_timing.h>
|
||||
+#include <video/of_display_timing.h>
|
||||
+#include <video/videomode.h>
|
||||
|
||||
#include <asm/sizes.h>
|
||||
|
||||
@@ -543,6 +550,259 @@ static int clcdfb_register(struct clcd_fb *fb)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+#ifdef CONFIG_OF
|
||||
+static int clcdfb_of_get_dpi_panel_mode(struct device_node *node,
|
||||
+ struct fb_videomode *mode)
|
||||
+{
|
||||
+ int err;
|
||||
+ struct display_timing timing;
|
||||
+ struct videomode video;
|
||||
+
|
||||
+ err = of_get_display_timing(node, "panel-timing", &timing);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ videomode_from_timing(&timing, &video);
|
||||
+
|
||||
+ err = fb_videomode_from_videomode(&video, mode);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_snprintf_mode(char *buf, int size, struct fb_videomode *mode)
|
||||
+{
|
||||
+ return snprintf(buf, size, "%ux%u@%u", mode->xres, mode->yres,
|
||||
+ mode->refresh);
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_get_mode(struct device *dev, struct device_node *endpoint,
|
||||
+ struct fb_videomode *mode)
|
||||
+{
|
||||
+ int err;
|
||||
+ struct device_node *panel;
|
||||
+ char *name;
|
||||
+ int len;
|
||||
+
|
||||
+ panel = of_graph_get_remote_port_parent(endpoint);
|
||||
+ if (!panel)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ /* Only directly connected DPI panels supported for now */
|
||||
+ if (of_device_is_compatible(panel, "panel-dpi"))
|
||||
+ err = clcdfb_of_get_dpi_panel_mode(panel, mode);
|
||||
+ else
|
||||
+ err = -ENOENT;
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ len = clcdfb_snprintf_mode(NULL, 0, mode);
|
||||
+ name = devm_kzalloc(dev, len + 1, GFP_KERNEL);
|
||||
+ clcdfb_snprintf_mode(name, len + 1, mode);
|
||||
+ mode->name = name;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_init_tft_panel(struct clcd_fb *fb, u32 r0, u32 g0, u32 b0)
|
||||
+{
|
||||
+ static struct {
|
||||
+ unsigned int part;
|
||||
+ u32 r0, g0, b0;
|
||||
+ u32 caps;
|
||||
+ } panels[] = {
|
||||
+ { 0x110, 1, 7, 13, CLCD_CAP_5551 },
|
||||
+ { 0x110, 0, 8, 16, CLCD_CAP_888 },
|
||||
+ { 0x111, 4, 14, 20, CLCD_CAP_444 },
|
||||
+ { 0x111, 3, 11, 19, CLCD_CAP_444 | CLCD_CAP_5551 },
|
||||
+ { 0x111, 3, 10, 19, CLCD_CAP_444 | CLCD_CAP_5551 |
|
||||
+ CLCD_CAP_565 },
|
||||
+ { 0x111, 0, 8, 16, CLCD_CAP_444 | CLCD_CAP_5551 |
|
||||
+ CLCD_CAP_565 | CLCD_CAP_888 },
|
||||
+ };
|
||||
+ int i;
|
||||
+
|
||||
+ /* Bypass pixel clock divider, data output on the falling edge */
|
||||
+ fb->panel->tim2 = TIM2_BCD | TIM2_IPC;
|
||||
+
|
||||
+ /* TFT display, vert. comp. interrupt at the start of the back porch */
|
||||
+ fb->panel->cntl |= CNTL_LCDTFT | CNTL_LCDVCOMP(1);
|
||||
+
|
||||
+ fb->panel->caps = 0;
|
||||
+
|
||||
+ /* Match the setup with known variants */
|
||||
+ for (i = 0; i < ARRAY_SIZE(panels) && !fb->panel->caps; i++) {
|
||||
+ if (amba_part(fb->dev) != panels[i].part)
|
||||
+ continue;
|
||||
+ if (g0 != panels[i].g0)
|
||||
+ continue;
|
||||
+ if (r0 == panels[i].r0 && b0 == panels[i].b0)
|
||||
+ fb->panel->caps = panels[i].caps & CLCD_CAP_RGB;
|
||||
+ if (r0 == panels[i].b0 && b0 == panels[i].r0)
|
||||
+ fb->panel->caps = panels[i].caps & CLCD_CAP_BGR;
|
||||
+ }
|
||||
+
|
||||
+ return fb->panel->caps ? 0 : -EINVAL;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_init_display(struct clcd_fb *fb)
|
||||
+{
|
||||
+ struct device_node *endpoint;
|
||||
+ int err;
|
||||
+ u32 max_bandwidth;
|
||||
+ u32 tft_r0b0g0[3];
|
||||
+
|
||||
+ fb->panel = devm_kzalloc(&fb->dev->dev, sizeof(*fb->panel), GFP_KERNEL);
|
||||
+ if (!fb->panel)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ endpoint = of_graph_get_next_endpoint(fb->dev->dev.of_node, NULL);
|
||||
+ if (!endpoint)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ err = clcdfb_of_get_mode(&fb->dev->dev, endpoint, &fb->panel->mode);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ err = of_property_read_u32(fb->dev->dev.of_node, "max-memory-bandwidth",
|
||||
+ &max_bandwidth);
|
||||
+ if (!err)
|
||||
+ fb->panel->bpp = 8 * max_bandwidth / (fb->panel->mode.xres *
|
||||
+ fb->panel->mode.yres * fb->panel->mode.refresh);
|
||||
+ else
|
||||
+ fb->panel->bpp = 32;
|
||||
+
|
||||
+#ifdef CONFIG_CPU_BIG_ENDIAN
|
||||
+ fb->panel->cntl |= CNTL_BEBO;
|
||||
+#endif
|
||||
+ fb->panel->width = -1;
|
||||
+ fb->panel->height = -1;
|
||||
+
|
||||
+ if (of_property_read_u32_array(endpoint,
|
||||
+ "arm,pl11x,tft-r0g0b0-pads",
|
||||
+ tft_r0b0g0, ARRAY_SIZE(tft_r0b0g0)) == 0)
|
||||
+ return clcdfb_of_init_tft_panel(fb, tft_r0b0g0[0],
|
||||
+ tft_r0b0g0[1], tft_r0b0g0[2]);
|
||||
+
|
||||
+ return -ENOENT;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_vram_setup(struct clcd_fb *fb)
|
||||
+{
|
||||
+ int err;
|
||||
+ struct device_node *memory;
|
||||
+ u64 size;
|
||||
+
|
||||
+ err = clcdfb_of_init_display(fb);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ memory = of_parse_phandle(fb->dev->dev.of_node, "memory-region", 0);
|
||||
+ if (!memory)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ fb->fb.screen_base = of_iomap(memory, 0);
|
||||
+ if (!fb->fb.screen_base)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ fb->fb.fix.smem_start = of_translate_address(memory,
|
||||
+ of_get_address(memory, 0, &size, NULL));
|
||||
+ fb->fb.fix.smem_len = size;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_vram_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
|
||||
+{
|
||||
+ unsigned long off, user_size, kernel_size;
|
||||
+
|
||||
+
|
||||
+ off = vma->vm_pgoff << PAGE_SHIFT;
|
||||
+ user_size = vma->vm_end - vma->vm_start;
|
||||
+ kernel_size = fb->fb.fix.smem_len;
|
||||
+
|
||||
+ if (off >= kernel_size || user_size > (kernel_size - off))
|
||||
+ return -ENXIO;
|
||||
+
|
||||
+ return remap_pfn_range(vma, vma->vm_start,
|
||||
+ __phys_to_pfn(fb->fb.fix.smem_start) + vma->vm_pgoff,
|
||||
+ user_size,
|
||||
+ pgprot_writecombine(vma->vm_page_prot));
|
||||
+}
|
||||
+
|
||||
+static void clcdfb_of_vram_remove(struct clcd_fb *fb)
|
||||
+{
|
||||
+ iounmap(fb->fb.screen_base);
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_dma_setup(struct clcd_fb *fb)
|
||||
+{
|
||||
+ unsigned long framesize;
|
||||
+ dma_addr_t dma;
|
||||
+ int err;
|
||||
+
|
||||
+ err = clcdfb_of_init_display(fb);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ framesize = fb->panel->mode.xres * fb->panel->mode.yres *
|
||||
+ fb->panel->bpp / 8;
|
||||
+ fb->fb.screen_base = dma_alloc_coherent(&fb->dev->dev, framesize,
|
||||
+ &dma, GFP_KERNEL);
|
||||
+ if (!fb->fb.screen_base)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ fb->fb.fix.smem_start = dma;
|
||||
+ fb->fb.fix.smem_len = framesize;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_dma_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
|
||||
+{
|
||||
+ return dma_mmap_writecombine(&fb->dev->dev, vma, fb->fb.screen_base,
|
||||
+ fb->fb.fix.smem_start, fb->fb.fix.smem_len);
|
||||
+}
|
||||
+
|
||||
+static void clcdfb_of_dma_remove(struct clcd_fb *fb)
|
||||
+{
|
||||
+ dma_free_coherent(&fb->dev->dev, fb->fb.fix.smem_len,
|
||||
+ fb->fb.screen_base, fb->fb.fix.smem_start);
|
||||
+}
|
||||
+
|
||||
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
|
||||
+{
|
||||
+ struct clcd_board *board = devm_kzalloc(&dev->dev, sizeof(*board),
|
||||
+ GFP_KERNEL);
|
||||
+ struct device_node *node = dev->dev.of_node;
|
||||
+
|
||||
+ if (!board)
|
||||
+ return NULL;
|
||||
+
|
||||
+ board->name = of_node_full_name(node);
|
||||
+ board->caps = CLCD_CAP_ALL;
|
||||
+ board->check = clcdfb_check;
|
||||
+ board->decode = clcdfb_decode;
|
||||
+ if (of_find_property(node, "memory-region", NULL)) {
|
||||
+ board->setup = clcdfb_of_vram_setup;
|
||||
+ board->mmap = clcdfb_of_vram_mmap;
|
||||
+ board->remove = clcdfb_of_vram_remove;
|
||||
+ } else {
|
||||
+ board->setup = clcdfb_of_dma_setup;
|
||||
+ board->mmap = clcdfb_of_dma_mmap;
|
||||
+ board->remove = clcdfb_of_dma_remove;
|
||||
+ }
|
||||
+
|
||||
+ return board;
|
||||
+}
|
||||
+#else
|
||||
+static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
|
||||
{
|
||||
struct clcd_board *board = dev_get_platdata(&dev->dev);
|
||||
@@ -550,6 +810,9 @@ static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
|
||||
int ret;
|
||||
|
||||
if (!board)
|
||||
+ board = clcdfb_of_get_board(dev);
|
||||
+
|
||||
+ if (!board)
|
||||
return -EINVAL;
|
||||
|
||||
ret = dma_set_mask_and_coherent(&dev->dev, DMA_BIT_MASK(32));
|
||||
commit 1d5167b72ca05b2096760e1200fcd53b5f9a7562
|
||||
Author: Pawel Moll <pawel.moll@arm.com>
|
||||
Date: Fri Aug 1 15:43:34 2014 +0100
|
||||
|
||||
video: ARM CLCD: Fix DT-related build problems
|
||||
|
||||
This patch fixes the following error when !CONFIG_OF:
|
||||
|
||||
drivers/video/fbdev/amba-clcd.c:800:54: warning: ‘struct amba_dev’ declared inside parameter list [enabled by default]
|
||||
static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
|
||||
^
|
||||
and adds a missing Kconfig select causing this
|
||||
when CONFIG_OF && !CONFIG_FB_MODE_HELPERS:
|
||||
|
||||
drivers/video/fbdev/amba-clcd.c:567: undefined reference to `fb_videomode_from_videomode'
|
||||
|
||||
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
|
||||
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
|
||||
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
|
||||
|
||||
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
|
||||
index 6f451ad..ef94623 100644
|
||||
--- a/drivers/video/fbdev/Kconfig
|
||||
+++ b/drivers/video/fbdev/Kconfig
|
||||
@@ -280,6 +280,7 @@ config FB_ARMCLCD
|
||||
select FB_CFB_FILLRECT
|
||||
select FB_CFB_COPYAREA
|
||||
select FB_CFB_IMAGEBLIT
|
||||
+ select FB_MODE_HELPERS if OF
|
||||
select VIDEOMODE_HELPERS if OF
|
||||
help
|
||||
This framebuffer device driver is for the ARM PrimeCell PL110
|
||||
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
|
||||
index 23b3519..beadd3e 100644
|
||||
--- a/drivers/video/fbdev/amba-clcd.c
|
||||
+++ b/drivers/video/fbdev/amba-clcd.c
|
||||
@@ -797,7 +797,7 @@ static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
|
||||
return board;
|
||||
}
|
||||
#else
|
||||
-static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
|
||||
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
|
||||
{
|
||||
return NULL;
|
||||
}
|
|
@ -1,16 +0,0 @@
|
|||
--- linux-3.3.4-3.fc17.x86_64_orig/drivers/usb/core/hub.c 2012-05-02 20:08:18.421685932 -0400
|
||||
+++ linux-3.3.4-3.fc17.x86_64/drivers/usb/core/hub.c 2012-05-02 20:30:36.565865425 -0400
|
||||
@@ -3484,6 +3484,13 @@ static void hub_events(void)
|
||||
(u16) hub->change_bits[0],
|
||||
(u16) hub->event_bits[0]);
|
||||
|
||||
+ /* Don't disconnect USB-SATA on TrimSlice */
|
||||
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
|
||||
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
|
||||
+ (hub->event_bits[0] == 0x2))
|
||||
+ hub->event_bits[0] = 0;
|
||||
+ }
|
||||
+
|
||||
/* Lock the device, then check to see if we were
|
||||
* disconnected while waiting for the lock to succeed. */
|
||||
usb_lock_device(hdev);
|
|
@ -1,69 +0,0 @@
|
|||
Bugzilla: 1097436
|
||||
Upstream-status: Sent upstream for 3.16
|
||||
|
||||
From f6fad201a0e4584e9826a2deb8ebbfccdb8cb13b Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 17:41:01 +0200
|
||||
Subject: [PATCH 04/14] asus-wmi: Add a no backlight quirk
|
||||
|
||||
Some Asus motherboards for desktop PC-s export an acpi-video and
|
||||
an asus-wmi interface advertising backlight support. Add a quirk to allow
|
||||
to blacklist these so that desktop environments such as gnome don't start
|
||||
showing nonsense brightness controls.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/asus-wmi.c | 8 ++++++--
|
||||
drivers/platform/x86/asus-wmi.h | 1 +
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index c5e082fb82fa..6f73dc5125ca 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1272,6 +1272,9 @@ static int asus_wmi_backlight_init(struct asus_wmi *asus)
|
||||
int max;
|
||||
int power;
|
||||
|
||||
+ if (asus->driver->quirks->no_backlight)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
max = read_brightness_max(asus);
|
||||
|
||||
if (max == -ENODEV)
|
||||
@@ -1370,7 +1373,7 @@ static void asus_wmi_notify(u32 value, void *context)
|
||||
code = ASUS_WMI_BRN_DOWN;
|
||||
|
||||
if (code == ASUS_WMI_BRN_DOWN || code == ASUS_WMI_BRN_UP) {
|
||||
- if (!acpi_video_backlight_support()) {
|
||||
+ if (asus->backlight_device) {
|
||||
asus_wmi_backlight_notify(asus, orig_code);
|
||||
goto exit;
|
||||
}
|
||||
@@ -1773,7 +1776,8 @@ static int asus_wmi_add(struct platform_device *pdev)
|
||||
if (err)
|
||||
goto fail_rfkill;
|
||||
|
||||
- if (asus->driver->quirks->wmi_backlight_power)
|
||||
+ if (asus->driver->quirks->wmi_backlight_power ||
|
||||
+ asus->driver->quirks->no_backlight)
|
||||
acpi_video_dmi_promote_vendor();
|
||||
if (!acpi_video_backlight_support()) {
|
||||
pr_info("Disabling ACPI video driver\n");
|
||||
diff --git a/drivers/platform/x86/asus-wmi.h b/drivers/platform/x86/asus-wmi.h
|
||||
index 4da4c8bafe70..cc47efe14974 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.h
|
||||
+++ b/drivers/platform/x86/asus-wmi.h
|
||||
@@ -42,6 +42,7 @@ struct quirk_entry {
|
||||
bool scalar_panel_brightness;
|
||||
bool store_backlight_power;
|
||||
bool wmi_backlight_power;
|
||||
+ bool no_backlight;
|
||||
int wapf;
|
||||
/*
|
||||
* For machines with AMD graphic chips, it will send out WMI event
|
||||
--
|
||||
1.9.0
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
|
||||
restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
be manipulated in such a way that arbitrary code can be executed in the
|
||||
kernel, circumventing module loading restrictions. Prevent that if any of
|
||||
these features are enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/platform/x86/asus-wmi.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index 21fc932da3a1..c6d42ad95c08 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1590,6 +1590,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
||||
|
||||
if (err < 0)
|
||||
@@ -1606,6 +1609,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
||||
&retval);
|
||||
|
||||
@@ -1630,6 +1636,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||
union acpi_object *obj;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,6 +1,16 @@
|
|||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Wed, 6 Feb 2013 09:57:47 -0500
|
||||
Subject: [PATCH] ath9k: rx dma stop check
|
||||
|
||||
---
|
||||
drivers/net/wireless/ath/ath9k/mac.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c
|
||||
index 275205ab5f15..bb842623bdf6 100644
|
||||
--- a/drivers/net/wireless/ath/ath9k/mac.c
|
||||
+++ b/drivers/net/wireless/ath/ath9k/mac.c
|
||||
@@ -689,7 +689,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
|
||||
@@ -700,7 +700,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
|
||||
{
|
||||
#define AH_RX_STOP_DMA_TIMEOUT 10000 /* usec */
|
||||
struct ath_common *common = ath9k_hw_common(ah);
|
||||
|
@ -9,7 +19,7 @@
|
|||
int i;
|
||||
|
||||
/* Enable access to the DMA observation bus */
|
||||
@@ -719,6 +719,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
|
||||
@@ -730,6 +730,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
|
||||
}
|
||||
|
||||
if (i == 0) {
|
||||
|
@ -26,3 +36,6 @@
|
|||
ath_err(common,
|
||||
"DMA failed to stop in %d ms AR_CR=0x%08x AR_DIAG_SW=0x%08x DMADBG_7=0x%08x\n",
|
||||
AH_RX_STOP_DMA_TIMEOUT / 1000,
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
From bcf090e0040e30f8409e6a535a01e6473afb096f Mon Sep 17 00:00:00 2001
|
||||
From: Kent Overstreet <kmo@daterainc.com>
|
||||
Date: Mon, 19 May 2014 08:57:55 -0700
|
||||
Subject: [PATCH] bcache: Make sure to pass GFP_WAIT to mempool_alloc()
|
||||
|
||||
this was very wrong - mempool_alloc() only guarantees success with GFP_WAIT.
|
||||
bcache uses GFP_NOWAIT in various other places where we have a fallback,
|
||||
circuits must've gotten crossed when writing this code or something.
|
||||
|
||||
Upstream-status: 3.17
|
||||
Bugzilla: 1149414
|
||||
|
||||
Signed-off-by: Kent Overstreet <kmo@daterainc.com>
|
||||
---
|
||||
drivers/md/bcache/btree.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
|
||||
index 9dd9f1c4d0d9..e538d45fa65a 100644
|
||||
--- a/drivers/md/bcache/btree.c
|
||||
+++ b/drivers/md/bcache/btree.c
|
||||
@@ -202,7 +202,7 @@ void bch_btree_node_read_done(struct btree *b)
|
||||
struct bset *i = btree_bset_first(b);
|
||||
struct btree_iter *iter;
|
||||
|
||||
- iter = mempool_alloc(b->c->fill_iter, GFP_NOWAIT);
|
||||
+ iter = mempool_alloc(b->c->fill_iter, GFP_NOIO);
|
||||
iter->size = b->c->sb.bucket_size / b->c->sb.block_size;
|
||||
iter->used = 0;
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -8,6 +8,7 @@ CONFIG_HW_PERF_EVENTS=y
|
|||
CONFIG_NFS_FS=y
|
||||
|
||||
CONFIG_CRASH=m
|
||||
CONFIG_CC_STACKPROTECTOR=y
|
||||
|
||||
# CONFIG_PID_IN_CONTEXTIDR is not set
|
||||
|
||||
|
@ -42,6 +43,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y
|
|||
# ARM AMBA generic HW
|
||||
CONFIG_ARM_AMBA=y
|
||||
CONFIG_ARM_CCI=y
|
||||
CONFIG_ARM_CCN=y
|
||||
CONFIG_ARM_DMA_USE_IOMMU=y
|
||||
CONFIG_ARM_DMA_IOMMU_ALIGNMENT=8
|
||||
CONFIG_ARM_GIC=y
|
||||
|
@ -77,15 +79,12 @@ CONFIG_GENERIC_CPUFREQ_CPU0=m
|
|||
# Device tree
|
||||
CONFIG_DTC=y
|
||||
CONFIG_DMA_OF=y
|
||||
CONFIG_PROC_DEVICETREE=y
|
||||
CONFIG_OF=y
|
||||
CONFIG_OF_ADDRESS=y
|
||||
CONFIG_OF_DEVICE=y
|
||||
CONFIG_OF_DYNAMIC=y
|
||||
CONFIG_OF_EARLY_FLATTREE=y
|
||||
CONFIG_OF_FLATTREE=y
|
||||
CONFIG_OF_GPIO=y
|
||||
CONFIG_OF_I2C=m
|
||||
CONFIG_OF_IOMMU=y
|
||||
CONFIG_OF_IRQ=y
|
||||
CONFIG_OF_MDIO=m
|
||||
|
@ -101,14 +100,13 @@ CONFIG_THERMAL_OF=y
|
|||
|
||||
# External Connectors
|
||||
CONFIG_EXTCON=m
|
||||
CONFIG_OF_EXTCON=m
|
||||
CONFIG_EXTCON_GPIO=m
|
||||
CONFIG_EXTCON_ADC_JACK=m
|
||||
# CONFIG_EXTCON_SM5502 is not set
|
||||
|
||||
# MTD
|
||||
CONFIG_MTD_BLKDEVS=m
|
||||
CONFIG_MTD_BLOCK=m
|
||||
CONFIG_MTD_CHAR=m
|
||||
CONFIG_MTD_CFI=m
|
||||
CONFIG_MTD_CFI_INTELEXT=m
|
||||
CONFIG_MTD_CFI_AMDSTD=m
|
||||
|
@ -177,18 +175,27 @@ CONFIG_CMA_AREAS=7
|
|||
# CONFIG_CRYPTO_TEST is not set
|
||||
# CONFIG_TRANSPARENT_HUGEPAGE is not set
|
||||
# CONFIG_XEN is not set
|
||||
|
||||
# CONFIG_MMC_DW_SOCFPGA is not set
|
||||
# CONFIG_DRM_RCAR_DU is not set
|
||||
# CONFIG_I2C_RCAR is not set
|
||||
# CONFIG_DRM_SHMOBILE is not set
|
||||
# CONFIG_I2C_SH_MOBILE is not set
|
||||
# CONFIG_I2C_NOMADIK is not set
|
||||
# CONFIG_LEDS_RENESAS_TPU is not set
|
||||
# CONFIG_IRQ_DOMAIN_DEBUG is not set
|
||||
# CONFIG_LOCK_STAT is not set
|
||||
|
||||
# CONFIG_DRM_ARMADA is not set
|
||||
# CONFIG_DRM_TEGRA is not set
|
||||
# CONFIG_SHMOBILE_IOMMU is not set
|
||||
|
||||
# CONFIG_COMMON_CLK_SI570 is not set
|
||||
# CONFIG_COMMON_CLK_QCOM is not set
|
||||
|
||||
# CONFIG_IRQ_DOMAIN_DEBUG is not set
|
||||
# CONFIG_ARM_PTDUMP is not set
|
||||
|
||||
### turn off things which make no sense on ARM
|
||||
# CONFIG_PATA_PLATFORM is not set
|
||||
# CONFIG_USB_ULPI is not set
|
||||
|
||||
### turn off things which make no sense on embedded SoC
|
||||
|
||||
# core
|
||||
|
||||
|
@ -201,8 +208,6 @@ CONFIG_CMA_AREAS=7
|
|||
# CONFIG_ISDN is not set
|
||||
# CONFIG_GAMEPORT is not set
|
||||
# CONFIG_AGP is not set
|
||||
# CONFIG_PATA_PLATFORM is not set
|
||||
# CONFIG_USB_ULPI is not set
|
||||
|
||||
# netdrv
|
||||
|
||||
|
@ -220,7 +225,6 @@ CONFIG_CMA_AREAS=7
|
|||
# CONFIG_NET_VENDOR_SUN is not set
|
||||
# CONFIG_NET_VENDOR_WIZNET is not set
|
||||
# CONFIG_NET_VENDOR_XIRCOM is not set
|
||||
# CONFIG_NET_PCMCIA is not set
|
||||
|
||||
# scsi
|
||||
|
||||
|
@ -241,10 +245,17 @@ CONFIG_CMA_AREAS=7
|
|||
# CONFIG_SCSI_MPT3SAS is not set
|
||||
|
||||
# serial
|
||||
# CONFIG_SERIAL_SH_SCI is not set
|
||||
# CONFIG_SERIAL_MAX3100 is not set
|
||||
# CONFIG_SERIAL_MAX310X is not set
|
||||
# CONFIG_SERIAL_IFX6X60 is not set
|
||||
|
||||
# drm
|
||||
# CONFIG_DRM_VMWGFX is not set
|
||||
# CONFIG_IMX_IPUV3_CORE is not set
|
||||
|
||||
# CONFIG_DEBUG_SET_MODULE_RONX is not set
|
||||
|
||||
# CONFIG_LATTICE_ECP3_CONFIG is not set
|
||||
# CONFIG_BMP085_SPI is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
# CONFIG_SPI_ROCKCHIP is not set
|
||||
|
|
35
config-arm64
35
config-arm64
|
@ -9,12 +9,11 @@ CONFIG_SCHED_SMT=y
|
|||
# arm64 only SoCs
|
||||
CONFIG_ARCH_XGENE=y
|
||||
|
||||
# CONFIG_ALWAYS_USE_PERSISTENT_CLOCK is not set
|
||||
# CONFIG_AMBA_PL08X is not set
|
||||
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
|
||||
CONFIG_ARCH_REQUIRE_GPIOLIB=y
|
||||
# CONFIG_ARM64_64K_PAGES is not set
|
||||
CONFIG_COMPAT=y
|
||||
CONFIG_ARM64_64K_PAGES=y
|
||||
# CONFIG_COMPAT is not set
|
||||
|
||||
CONFIG_BCMA_POSSIBLE=y
|
||||
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
|
||||
|
@ -26,11 +25,9 @@ CONFIG_CMDLINE="console=ttyAMA0"
|
|||
# CONFIG_CMDLINE_FORCE is not set
|
||||
CONFIG_CONSOLE_TRANSLATIONS=y
|
||||
|
||||
CONFIG_GENERIC_ACL=y
|
||||
CONFIG_GENERIC_CALIBRATE_DELAY=y
|
||||
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
|
||||
CONFIG_GENERIC_CSUM=y
|
||||
CONFIG_GENERIC_HARDIRQS=y
|
||||
CONFIG_GENERIC_HWEIGHT=y
|
||||
CONFIG_GENERIC_IO=y
|
||||
CONFIG_GENERIC_PCI_IOMAP=y
|
||||
|
@ -81,6 +78,10 @@ CONFIG_CRYPTO_AES_ARM64_CE=m
|
|||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
|
||||
CONFIG_CRYPTO_DEV_CCP=y
|
||||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
|
||||
|
||||
|
||||
# APM Xgene
|
||||
CONFIG_POWER_RESET_XGENE=y
|
||||
|
@ -111,3 +112,27 @@ CONFIG_PCI_XGENE=y
|
|||
CONFIG_HOTPLUG_PCI=y
|
||||
# CONFIG_HOTPLUG_PCI_CPCI is not set
|
||||
# CONFIG_HOTPLUG_PCI_SHPC is not set
|
||||
|
||||
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
|
||||
|
||||
# CONFIG_PNP_DEBUG_MESSAGES is not set
|
||||
CONFIG_NET_SB1000=y
|
||||
CONFIG_SBSAUART_TTY=y
|
||||
CONFIG_I2C_SCMI=m
|
||||
CONFIG_SENSORS_ACPI_POWER=m
|
||||
CONFIG_IMX_THERMAL=m
|
||||
CONFIG_PWM_LPSS=m
|
||||
CONFIG_ACPI=y
|
||||
CONFIG_ACPI_PROCFS_POWER=y
|
||||
CONFIG_ACPI_EC_DEBUGFS=y
|
||||
CONFIG_ACPI_BUTTON=m
|
||||
CONFIG_ACPI_FAN=m
|
||||
CONFIG_ACPI_DOCK=y
|
||||
CONFIG_ACPI_IPMI=y
|
||||
CONFIG_ACPI_CONTAINER=y
|
||||
CONFIG_ACPI_HED=m
|
||||
CONFIG_ACPI_CUSTOM_METHOD=m
|
||||
|
||||
CONFIG_AMD_XGBE=y
|
||||
CONFIG_AMD_XGBE_PHY=y
|
||||
# CONFIG_AMD_XGBE_DCB is not set
|
||||
|
|
56
config-armv7
56
config-armv7
|
@ -10,7 +10,6 @@ CONFIG_ARCH_OMAP4=y
|
|||
CONFIG_ARCH_PICOXCELL=y
|
||||
CONFIG_ARCH_QCOM=y
|
||||
CONFIG_ARCH_ROCKCHIP=y
|
||||
# CONFIG_ARCH_SOCFPGA is not set
|
||||
CONFIG_ARCH_TEGRA=y
|
||||
CONFIG_ARCH_U8500=y
|
||||
# CONFIG_ARCH_VIRT is not set
|
||||
|
@ -23,7 +22,6 @@ CONFIG_ARCH_ZYNQ=y
|
|||
# CONFIG_VIRTUALIZATION is not set
|
||||
|
||||
# mvebu
|
||||
CONFIG_MACH_ARMADA_370_XP=y
|
||||
CONFIG_MACH_ARMADA_370=y
|
||||
CONFIG_MACH_ARMADA_375=y
|
||||
CONFIG_MACH_ARMADA_38X=y
|
||||
|
@ -39,7 +37,7 @@ CONFIG_MV643XX_ETH=m
|
|||
CONFIG_PINCTRL_MVEBU=y
|
||||
CONFIG_PINCTRL_ARMADA_370=y
|
||||
CONFIG_PINCTRL_ARMADA_XP=y
|
||||
# CONFIG_ARM_ARMADA_370_XP_CPUIDLE is not set
|
||||
# CONFIG_ARM_MVEBU_V7_CPUIDLE is not set
|
||||
CONFIG_PINCTRL_DOVE=y
|
||||
CONFIG_EDAC_MV64X60=m
|
||||
CONFIG_RTC_DRV_S35390A=m
|
||||
|
@ -50,7 +48,6 @@ CONFIG_MVNETA=m
|
|||
CONFIG_GPIO_MVEBU=y
|
||||
CONFIG_MVEBU_CLK_CORE=y
|
||||
CONFIG_MVEBU_CLK_COREDIV=y
|
||||
CONFIG_MVEBU_CLK_GATING=y
|
||||
CONFIG_MMC_MVSDIO=m
|
||||
CONFIG_MMC_SDHCI_DOVE=m
|
||||
CONFIG_SPI_ORION=m
|
||||
|
@ -81,15 +78,12 @@ CONFIG_SOC_TI81XX=y
|
|||
# CONFIG_MACH_CM_T3517 is not set
|
||||
# CONFIG_MACH_CRANEBOARD is not set
|
||||
# CONFIG_MACH_DEVKIT8000 is not set
|
||||
# CONFIG_MACH_IGEP0030 is not set
|
||||
# CONFIG_MACH_NOKIA_RX51 is not set
|
||||
# CONFIG_MACH_OMAP_3430SDP is not set
|
||||
# CONFIG_MACH_OMAP_3630SDP is not set
|
||||
# CONFIG_MACH_OMAP_LDP is not set
|
||||
# CONFIG_MACH_OMAP3_BEAGLE is not set
|
||||
# CONFIG_MACH_OMAP3517EVM is not set
|
||||
# CONFIG_MACH_OMAP3530_LV_SOM is not set
|
||||
# CONFIG_MACH_OMAP3EVM is not set
|
||||
# CONFIG_MACH_OMAP3_PANDORA is not set
|
||||
# CONFIG_MACH_OMAP3_TORPEDO is not set
|
||||
# CONFIG_MACH_OVERO is not set
|
||||
|
@ -103,19 +97,16 @@ CONFIG_OMAP_RESET_CLOCKS=y
|
|||
CONFIG_OMAP_MUX=y
|
||||
CONFIG_OMAP_MUX_WARNINGS=y
|
||||
CONFIG_OMAP_32K_TIMER=y
|
||||
CONFIG_OMAP_32K_TIMER_HZ=128
|
||||
CONFIG_OMAP_PACKAGE_CBB=y
|
||||
CONFIG_OMAP_PACKAGE_CUS=y
|
||||
# CONFIG_OMAP3_L2_AUX_SECURE_SAVE_RESTORE is not set
|
||||
|
||||
CONFIG_OMAP_MCBSP=y
|
||||
CONFIG_OMAP2PLUS_MBOX=m
|
||||
CONFIG_OMAP_MBOX_KFIFO_SIZE=256
|
||||
CONFIG_OMAP_DM_TIMER=y
|
||||
CONFIG_OMAP_PM_NOOP=y
|
||||
CONFIG_DMA_OMAP=y
|
||||
CONFIG_OMAP_IOMMU=y
|
||||
CONFIG_OMAP_IOVMM=m
|
||||
CONFIG_HWSPINLOCK_OMAP=m
|
||||
CONFIG_OMAP3_EMU=y
|
||||
# CONFIG_OMAP3_SDRC_AC_TIMING is not set
|
||||
|
@ -136,9 +127,9 @@ CONFIG_BATTERY_TWL4030_MADC=m
|
|||
CONFIG_OMAP_USB2=m
|
||||
CONFIG_OMAP_CONTROL_PHY=m
|
||||
CONFIG_TI_PIPE3=m
|
||||
CONFIG_PCI_DRA7XX=y
|
||||
CONFIG_TWL4030_USB=m
|
||||
CONFIG_TWL6030_USB=m
|
||||
CONFIG_TWL6030_PWM=m
|
||||
CONFIG_TWL6040_CORE=y
|
||||
CONFIG_CLK_TWL6040=m
|
||||
CONFIG_OMAP_INTERCONNECT=m
|
||||
|
@ -151,7 +142,6 @@ CONFIG_USB_EHCI_HCD_OMAP=m
|
|||
CONFIG_USB_OHCI_HCD_OMAP3=m
|
||||
CONFIG_USB_MUSB_AM35X=m
|
||||
CONFIG_USB_MUSB_OMAP2PLUS=m
|
||||
CONFIG_OMAP_CONTROL_USB=m
|
||||
CONFIG_MMC_OMAP=m
|
||||
CONFIG_MMC_OMAP_HS=y
|
||||
CONFIG_RTC_DRV_MAX8907=m
|
||||
|
@ -173,6 +163,7 @@ CONFIG_REGULATOR_PBIAS=m
|
|||
CONFIG_RTC_DRV_PALMAS=m
|
||||
CONFIG_OMAP5_DSS_HDMI=y
|
||||
CONFIG_OMAP5_DSS_HDMI_AUDIO=y
|
||||
CONFIG_COMMON_CLK_PALMAS=m
|
||||
|
||||
CONFIG_WL_TI=y
|
||||
CONFIG_WLCORE_SDIO=m
|
||||
|
@ -186,7 +177,6 @@ CONFIG_MTD_ONENAND_OMAP2=m
|
|||
CONFIG_MTD_NAND_OMAP2=m
|
||||
CONFIG_MTD_NAND_OMAP_BCH=y
|
||||
CONFIG_SPI_OMAP24XX=m
|
||||
CONFIG_MFD_TI_SSP=m
|
||||
CONFIG_SPI_TI_QSPI=m
|
||||
|
||||
CONFIG_INPUT_TWL4030_PWRBUTTON=m
|
||||
|
@ -194,10 +184,8 @@ CONFIG_INPUT_TWL4030_VIBRA=m
|
|||
CONFIG_INPUT_TWL6040_VIBRA=m
|
||||
CONFIG_KEYBOARD_OMAP4=m
|
||||
CONFIG_KEYBOARD_TWL4030=m
|
||||
CONFIG_TOUCHSCREEN_TI_TSCADC=m
|
||||
|
||||
# OMAP thermal temp. Can likely be built as module but doesn't autoload so build in to ensure performance on PandaES
|
||||
CONFIG_OMAP_BANDGAP=y
|
||||
CONFIG_TI_SOC_THERMAL=y
|
||||
CONFIG_TI_THERMAL=y
|
||||
CONFIG_OMAP4_THERMAL=y
|
||||
|
@ -224,13 +212,10 @@ CONFIG_HW_RANDOM_OMAP3_ROM=m
|
|||
CONFIG_DRM_OMAP=m
|
||||
CONFIG_DRM_OMAP_NUM_CRTCS=2
|
||||
CONFIG_OMAP2_VRFB=y
|
||||
# CONFIG_FB_OMAP_BOOTLOADER_INIT is not set
|
||||
# CONFIG_FB_OMAP_LCD_VGA is not set
|
||||
# CONFIG_FB_OMAP2 is not set
|
||||
# CONFIG_FB_DA8XX is not set
|
||||
|
||||
CONFIG_OMAP2_DSS=m
|
||||
# CONFIG_OMAP2_DSS_DEBUG_SUPPORT is not set
|
||||
# CONFIG_OMAP2_DSS_COLLECT_IRQ_STATS is not set
|
||||
CONFIG_OMAP2_DSS_DPI=y
|
||||
CONFIG_OMAP2_DSS_RFBI=y
|
||||
|
@ -238,9 +223,7 @@ CONFIG_OMAP2_DSS_VENC=y
|
|||
CONFIG_OMAP4_DSS_HDMI=y
|
||||
CONFIG_OMAP2_DSS_SDI=y
|
||||
CONFIG_OMAP2_DSS_DSI=y
|
||||
# CONFIG_OMAP2_DSS_FAKE_VSYNC is not set
|
||||
CONFIG_OMAP2_DSS_MIN_FCK_PER_PCK=0
|
||||
CONFIG_OMAP2_DSS_SLEEP_BEFORE_RESET=y
|
||||
CONFIG_OMAP2_DSS_SLEEP_AFTER_VENC_RESET=y
|
||||
|
||||
CONFIG_DISPLAY_ENCODER_TFP410=m
|
||||
|
@ -263,14 +246,9 @@ CONFIG_V4L_PLATFORM_DRIVERS=y
|
|||
# CONFIG_VIDEO_OMAP2_VOUT is not set
|
||||
CONFIG_VIDEO_OMAP3=m
|
||||
# CONFIG_VIDEO_OMAP4 is not set
|
||||
# CONFIG_VIDEO_OMAP4_DEBUG is not set
|
||||
# The ones below are for TI Davinci
|
||||
# CONFIG_VIDEO_VPFE_CAPTURE is not set
|
||||
# CONFIG_VIDEO_VPSS_SYSTEM is not set
|
||||
# CONFIG_VIDEO_DM6446_CCDC is not set
|
||||
# CONFIG_VIDEO_DM644X_VPBE is not set
|
||||
# CONFIG_VIDEO_DM355_CCDC is not set
|
||||
# CONFIG_VIDEO_ISIF is not set
|
||||
# Also enable vivi driver - useful for testing a full kernelspace V4L2 driver
|
||||
CONFIG_V4L_TEST_DRIVERS=y
|
||||
CONFIG_VIDEO_VIVI=m
|
||||
|
@ -280,18 +258,13 @@ CONFIG_SND_SOC_I2C_AND_SPI=m
|
|||
CONFIG_SND_OMAP_SOC_AM3517EVM=m
|
||||
CONFIG_SND_OMAP_SOC_DMIC=m
|
||||
CONFIG_SND_OMAP_SOC_HDMI=m
|
||||
CONFIG_SND_OMAP_SOC_IGEP0020=m
|
||||
CONFIG_SND_OMAP_SOC_MCBSP=m
|
||||
CONFIG_SND_OMAP_SOC_MCPDM=m
|
||||
CONFIG_SND_OMAP_SOC_OMAP_HDMI=m
|
||||
CONFIG_SND_OMAP_SOC_OMAP_ABE_TWL6040=m
|
||||
CONFIG_SND_OMAP_SOC_OMAP_TWL4030=m
|
||||
CONFIG_SND_OMAP_SOC_OMAP3EVM=m
|
||||
CONFIG_SND_OMAP_SOC_OMAP3_BEAGLE=m
|
||||
CONFIG_SND_OMAP_SOC_OMAP3_PANDORA=m
|
||||
CONFIG_SND_OMAP_SOC_OVERO=m
|
||||
CONFIG_SND_OMAP_SOC_RX51=m
|
||||
CONFIG_SND_OMAP_SOC_SDP4430=m
|
||||
CONFIG_SND_SOC_TLV320AIC23=m
|
||||
CONFIG_SND_SOC_TLV320AIC3X=m
|
||||
CONFIG_SND_SOC_TWL4030=m
|
||||
|
@ -301,7 +274,6 @@ CONFIG_RADIO_WL128X=m
|
|||
|
||||
CONFIG_OMAP_REMOTEPROC=m
|
||||
|
||||
# CONFIG_TIDSPBRIDGE is not set
|
||||
# CONFIG_OMAP2_DSS_DEBUGFS is not set
|
||||
# CONFIG_OMAP_IOMMU_DEBUG is not set
|
||||
# CONFIG_OMAP_MUX_DEBUG is not set
|
||||
|
@ -334,6 +306,7 @@ CONFIG_SND_DAVINCI_SOC_I2S=m
|
|||
CONFIG_SND_DAVINCI_SOC_MCASP=m
|
||||
CONFIG_SND_DAVINCI_SOC_VCIF=m
|
||||
CONFIG_SND_DAVINCI_SOC_GENERIC_EVM=m
|
||||
CONFIG_SND_EDMA_SOC=m
|
||||
CONFIG_SND_AM33XX_SOC_EVM=m
|
||||
CONFIG_REGULATOR_TI_ABB=m
|
||||
CONFIG_TI_ADC081C=m
|
||||
|
@ -351,7 +324,6 @@ CONFIG_SERIAL_MSM_CONSOLE=y
|
|||
CONFIG_PINCTRL_APQ8064=m
|
||||
CONFIG_PINCTRL_IPQ8064=m
|
||||
CONFIG_PINCTRL_MSM8960=m
|
||||
CONFIG_PINCTRL_MSM8960=m
|
||||
CONFIG_COMMON_CLK_QCOM=m
|
||||
CONFIG_APQ_GCC_8084=m
|
||||
CONFIG_APQ_MMCC_8084=m
|
||||
|
@ -370,6 +342,9 @@ CONFIG_USB_MSM_OTG=m
|
|||
CONFIG_MMC_SDHCI_MSM=m
|
||||
CONFIG_QCOM_BAM_DMA=m
|
||||
CONFIG_QCOM_GSBI=m
|
||||
CONFIG_PHY_QCOM_APQ8064_SATA=m
|
||||
CONFIG_PHY_QCOM_IPQ806X_SATA=m
|
||||
CONFIG_CRYPTO_DEV_QCE=m
|
||||
CONFIG_MSM_IOMMU=y
|
||||
CONFIG_DRM_MSM=m
|
||||
CONFIG_DRM_MSM_FBDEV=y
|
||||
|
@ -377,7 +352,6 @@ CONFIG_USB_EHCI_MSM=m
|
|||
# CONFIG_DRM_MSM_REGISTER_LOGGING is not set
|
||||
|
||||
# i.MX
|
||||
CONFIG_MXC_IRQ_PRIOR=y
|
||||
# CONFIG_MXC_DEBUG_BOARD is not set
|
||||
CONFIG_SOC_IMX50=y
|
||||
CONFIG_SOC_IMX51=y
|
||||
|
@ -386,7 +360,6 @@ CONFIG_SOC_IMX6Q=y
|
|||
CONFIG_SOC_IMX6SL=y
|
||||
CONFIG_SOC_IMX6SX=y
|
||||
# CONFIG_SOC_VF610 is not set
|
||||
CONFIG_MACH_IMX51_DT=y
|
||||
CONFIG_ARM_IMX6Q_CPUFREQ=m
|
||||
CONFIG_PCI_IMX6=y
|
||||
CONFIG_IMX_THERMAL=m
|
||||
|
@ -414,7 +387,6 @@ CONFIG_STMPE_I2C=y
|
|||
CONFIG_SPI_IMX=m
|
||||
CONFIG_SPI_FSL_QUADSPI=m
|
||||
CONFIG_STMPE_SPI=y
|
||||
CONFIG_MFD_MC13783=m
|
||||
CONFIG_MFD_MC13XXX_SPI=m
|
||||
CONFIG_MFD_STMPE=y
|
||||
CONFIG_MTD_NAND_GPMI_NAND=m
|
||||
|
@ -428,6 +400,7 @@ CONFIG_RTC_DRV_SNVS=m
|
|||
# CONFIG_FB_IMX is not set
|
||||
|
||||
CONFIG_SND_IMX_SOC=m
|
||||
CONFIG_SND_SOC_FSL_ASRC=m
|
||||
CONFIG_SND_SOC_FSL_ESAI=m
|
||||
CONFIG_SND_SOC_FSL_SAI=m
|
||||
CONFIG_SND_SOC_FSL_SPDIF=m
|
||||
|
@ -442,7 +415,6 @@ CONFIG_SND_SOC_IMX_WM8962=m
|
|||
CONFIG_SND_SOC_IMX_MC13783=m
|
||||
CONFIG_SND_SOC_IMX_SPDIF=m
|
||||
CONFIG_SND_SOC_EUKREA_TLV320=m
|
||||
CONFIG_SND_SOC_TVL320AIC32X4=m
|
||||
CONFIG_SND_SOC_WM8731=m
|
||||
|
||||
CONFIG_USB_IMX21_HCD=m
|
||||
|
@ -503,10 +475,17 @@ CONFIG_REGULATOR_DA9055=m
|
|||
|
||||
# picoxcell
|
||||
# CONFIG_CRYPTO_DEV_PICOXCELL is not set
|
||||
# CONFIG_HW_RANDOM_PICOXCELL is not set
|
||||
|
||||
# Exynos 4
|
||||
CONFIG_ARCH_EXYNOS4=y
|
||||
CONFIG_SOC_EXYNOS4212=y
|
||||
CONFIG_SOC_EXYNOS4412=y
|
||||
|
||||
# Rockchips
|
||||
CONFIG_I2C_RK3X=m
|
||||
CONFIG_SPI_ROCKCHIP=m
|
||||
CONFIG_SND_SOC_ROCKCHIP=m
|
||||
CONFIG_PWM_ROCKCHIP=m
|
||||
|
||||
# ST Ericsson
|
||||
CONFIG_MACH_HREFV60=y
|
||||
|
@ -584,7 +563,6 @@ CONFIG_MFD_TPS80031=y
|
|||
CONFIG_KEYBOARD_NVEC=y
|
||||
CONFIG_SERIO_NVEC_PS2=y
|
||||
CONFIG_NVEC_POWER=y
|
||||
CONFIG_NVEC_LEDS=y
|
||||
CONFIG_NVEC_PAZ00=y
|
||||
CONFIG_MFD_TPS6586X=y
|
||||
CONFIG_GPIO_TPS6586X=y
|
||||
|
@ -605,6 +583,8 @@ CONFIG_LATTICE_ECP3_CONFIG=m
|
|||
CONFIG_NET_VENDOR_XILINX=y
|
||||
CONFIG_XILINX_EMACLITE=m
|
||||
CONFIG_GPIO_XILINX=y
|
||||
# Broken
|
||||
# CONFIG_GPIO_ZYNQ is not set
|
||||
CONFIG_I2C_XILINX=m
|
||||
CONFIG_SPI_XILINX=m
|
||||
CONFIG_SPI_CADENCE=m
|
||||
|
|
|
@ -35,7 +35,6 @@ CONFIG_ZBOOT_ROM_TEXT=0x0
|
|||
CONFIG_ZBOOT_ROM_BSS=0x0
|
||||
CONFIG_XZ_DEC_ARMTHUMB=y
|
||||
CONFIG_ARCH_HAS_TICK_BROADCAST=y
|
||||
CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y
|
||||
CONFIG_IRQ_CROSSBAR=y
|
||||
|
||||
# CONFIG_MCPM is not set
|
||||
|
@ -60,9 +59,13 @@ CONFIG_ARCH_VEXPRESS_CORTEX_A5_A9_ERRATA=y
|
|||
# CONFIG_ARCH_BCM is not set
|
||||
# CONFIG_ARCH_BERLIN is not set
|
||||
# CONFIG_ARCH_HI3xxx is not set
|
||||
# CONFIG_ARCH_HISI is not set
|
||||
# CONFIG_ARCH_MEDIATEK is not set
|
||||
# CONFIG_ARCH_QCOM is not set
|
||||
# CONFIG_ARCH_S5PV210 is not set
|
||||
# CONFIG_ARCH_SHMOBILE_MULTI is not set
|
||||
# CONFIG_ARCH_SIRF is not set
|
||||
# CONFIG_ARCH_SOCFPGA is not set
|
||||
# CONFIG_PLAT_SPEAR is not set
|
||||
# CONFIG_ARCH_STI is not set
|
||||
# CONFIG_ARCH_U8500 is not set
|
||||
|
@ -122,7 +125,6 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768
|
|||
CONFIG_XZ_DEC_ARM=y
|
||||
|
||||
CONFIG_UACCESS_WITH_MEMCPY=y
|
||||
CONFIG_CC_STACKPROTECTOR=y
|
||||
|
||||
CONFIG_PCI_HOST_GENERIC=y
|
||||
|
||||
|
@ -165,11 +167,11 @@ CONFIG_ARM_HIGHBANK_CPUFREQ=m
|
|||
# CONFIG_MACH_SUN5I is not set
|
||||
CONFIG_MACH_SUN6I=y
|
||||
CONFIG_MACH_SUN7I=y
|
||||
CONFIG_PINCTRL_SUNXI=y
|
||||
# CONFIG_MACH_SUN8I is not set
|
||||
CONFIG_DMA_SUN6I=m
|
||||
CONFIG_SUNXI_WATCHDOG=m
|
||||
CONFIG_NET_VENDOR_ALLWINNER=y
|
||||
CONFIG_STMMAC_PLATFORM=y
|
||||
CONFIG_DWMAC_SOCFPGA=y
|
||||
CONFIG_DWMAC_SUNXI=y
|
||||
CONFIG_EEPROM_SUNXI_SID=m
|
||||
CONFIG_RTC_DRV_SUNXI=m
|
||||
|
@ -184,18 +186,15 @@ CONFIG_POWER_RESET_SUN6I=y
|
|||
CONFIG_TOUCHSCREEN_SUN4I=m
|
||||
CONFIG_MFD_AXP20X=y
|
||||
CONFIG_REGULATOR_AXP20X=m
|
||||
CONFIG_IR_SUNXI=m
|
||||
CONFIG_MDIO_SUN4I=m
|
||||
CONFIG_SUN4I_EMAC=m
|
||||
|
||||
CONFIG_MDIO_SUN4I=m
|
||||
CONFIG_SUN4I_EMAC=m
|
||||
# Exynos
|
||||
CONFIG_ARCH_EXYNOS3=y
|
||||
CONFIG_ARCH_EXYNOS4=y
|
||||
# CONFIG_ARCH_EXYNOS4 is not set
|
||||
CONFIG_ARCH_EXYNOS5=y
|
||||
CONFIG_SOC_EXYNOS3250=y
|
||||
CONFIG_SOC_EXYNOS4212=y
|
||||
CONFIG_SOC_EXYNOS4412=y
|
||||
CONFIG_SOC_EXYNOS5250=y
|
||||
CONFIG_SOC_EXYNOS5420=y
|
||||
CONFIG_SOC_EXYNOS5440=y
|
||||
|
@ -304,8 +303,6 @@ CONFIG_TEGRA_IOMMU_SMMU=y
|
|||
CONFIG_MMC_SDHCI_TEGRA=m
|
||||
CONFIG_TEGRA_WATCHDOG=m
|
||||
CONFIG_I2C_TEGRA=m
|
||||
CONFIG_TEGRA_SYSTEM_DMA=y
|
||||
CONFIG_TEGRA_EMC_SCALING_ENABLE=y
|
||||
CONFIG_TEGRA_AHB=y
|
||||
CONFIG_TEGRA20_APB_DMA=y
|
||||
CONFIG_SPI_TEGRA114=m
|
||||
|
@ -326,6 +323,9 @@ CONFIG_DRM_TEGRA_FBDEV=y
|
|||
# CONFIG_DRM_TEGRA_DEBUG is not set
|
||||
CONFIG_DRM_TEGRA_STAGING=y
|
||||
CONFIG_NOUVEAU_PLATFORM_DRIVER=m
|
||||
CONFIG_AD525X_DPOT=m
|
||||
CONFIG_AD525X_DPOT_I2C=m
|
||||
CONFIG_AD525X_DPOT_SPI=m
|
||||
|
||||
# Jetson TK1
|
||||
CONFIG_PINCTRL_AS3722=y
|
||||
|
@ -365,7 +365,6 @@ CONFIG_AX88796_93CX6=y
|
|||
# usb gadget
|
||||
CONFIG_USB_OTG=y
|
||||
CONFIG_USB_GADGET=m
|
||||
CONFIG_USB_GADGET_MUSB_HDRC=m
|
||||
CONFIG_USB_GADGET_VBUS_DRAW=100
|
||||
CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2
|
||||
CONFIG_USB_MUSB_HDRC=m
|
||||
|
@ -382,12 +381,10 @@ CONFIG_USB_CONFIGFS_NCM=y
|
|||
CONFIG_USB_CONFIGFS_OBEX=y
|
||||
# CONFIG_USB_CONFIGFS_RNDIS is not set
|
||||
CONFIG_USB_CONFIGFS_SERIAL=y
|
||||
CONFIG_USB_CONFIGFS_STORAGE=y
|
||||
# CONFIG_USB_CONFIGFS_F_LB_SS is not set
|
||||
# CONFIG_USB_CONFIGFS_F_FS is not set
|
||||
|
||||
# CONFIG_MUSB_PIO_ONLY is not set
|
||||
# CONFIG_USB_MUSB_DEBUG is not set
|
||||
# CONFIG_USB_GADGET_DEBUG is not set
|
||||
# CONFIG_USB_GADGET_DEBUG_FILES is not set
|
||||
# CONFIG_USB_GADGET_DEBUG_FS is not set
|
||||
|
@ -427,6 +424,7 @@ CONFIG_MFD_TPS65912_SPI=y
|
|||
# CONFIG_MFD_TPS80031 is not set
|
||||
# CONFIG_TWL4030_CORE is not set
|
||||
# CONFIG_TWL6040_CORE is not set
|
||||
#
|
||||
|
||||
# Pin stuff
|
||||
CONFIG_PINMUX=y
|
||||
|
@ -435,11 +433,11 @@ CONFIG_PINCTRL=y
|
|||
CONFIG_PINCTRL_SINGLE=y
|
||||
CONFIG_GENERIC_PINCONF=y
|
||||
# CONFIG_PINCTRL_SAMSUNG is not set
|
||||
# CONFIG_PINCTRL_CAPRI is not set
|
||||
# CONFIG_PINCTRL_MSM8X74 is not set
|
||||
# CONFIG_PINCTRL_BCM281XX is not set
|
||||
# CONFIG_PINCTRL_APQ8064 is not set
|
||||
# CONFIG_PINCTRL_IPQ8064 is not set
|
||||
# CONFIG_PINCTRL_MSM8960 is not set
|
||||
|
||||
# GPIO
|
||||
# CONFIG_GPIO_EM is not set
|
||||
|
@ -478,7 +476,6 @@ CONFIG_SPI_OC_TINY=m
|
|||
CONFIG_SPI_SC18IS602=m
|
||||
CONFIG_SPI_TLE62X0=m
|
||||
CONFIG_SPI_XCOMM=m
|
||||
CONFIG_SPI_XILINX=m
|
||||
# CONFIG_SPI_FSL_SPI is not set
|
||||
# CONFIG_SPI_CADENCE is not set
|
||||
|
||||
|
@ -493,6 +490,8 @@ CONFIG_I2C_MV64XXX=m
|
|||
CONFIG_CRYPTO_SHA1_ARM=m
|
||||
CONFIG_CRYPTO_AES_ARM=m
|
||||
# CONFIG_CRYPTO_AES_ARM_BS is not set
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=m
|
||||
|
||||
# DMA
|
||||
CONFIG_TI_PRIV_EDMA=y
|
||||
|
@ -504,7 +503,6 @@ CONFIG_EDAC_MM_EDAC=m
|
|||
CONFIG_EDAC_LEGACY_SYSFS=y
|
||||
|
||||
# Watchdog
|
||||
CONFIG_MPCORE_WATCHDOG=m
|
||||
|
||||
# Thermal / powersaving
|
||||
CONFIG_THERMAL=y
|
||||
|
@ -550,7 +548,6 @@ CONFIG_MMC_DW_PLTFM=m
|
|||
CONFIG_MMC_DW_PCI=m
|
||||
CONFIG_SPI_DW_MMIO=m
|
||||
CONFIG_SPI_DW_PCI=m
|
||||
# CONFIG_MMC_DW_SOCFPGA is not set
|
||||
# CONFIG_MMC_DW_IDMAC is not set
|
||||
# CONFIG_MMC_DW_K3 is not set
|
||||
CONFIG_USB_DWC2=y
|
||||
|
@ -565,6 +562,7 @@ CONFIG_USB_DWC3_OMAP=m
|
|||
CONFIG_USB_DWC3_PCI=m
|
||||
# CONFIG_USB_DWC3_DEBUG is not set
|
||||
# CONFIG_USB_DWC3_KEYSTONE is not set
|
||||
# CONFIG_DWC3_HOST_USB3_LPM_ENABLE is not set
|
||||
CONFIG_DW_WATCHDOG=m
|
||||
CONFIG_PCIE_DW=y
|
||||
|
||||
|
@ -579,7 +577,6 @@ CONFIG_SND_DMAENGINE_PCM=m
|
|||
CONFIG_SND_JACK=y
|
||||
CONFIG_SND_SIMPLE_CARD=m
|
||||
CONFIG_SND_SOC_ALL_CODECS=m
|
||||
CONFIG_SND_SOC_CACHE_LZO=y
|
||||
CONFIG_SND_SOC_DMIC=m
|
||||
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
|
||||
CONFIG_SND_SOC_HDMI_CODEC=m
|
||||
|
@ -618,15 +615,21 @@ CONFIG_SND_SOC_SPDIF=m
|
|||
# CONFIG_SND_SOC_WM8903 is not set
|
||||
# CONFIG_SND_SOC_WM8962 is not set
|
||||
# CONFIG_SND_SOC_TPA6130A2 is not set
|
||||
# CONFIG_SND_SOC_FSL_SAI is not set
|
||||
# CONFIG_SND_SOC_FSL_SSI is not set
|
||||
# CONFIG_SND_SOC_FSL_SPDIF is not set
|
||||
# CONFIG_SND_SOC_FSL_ASRC is not set
|
||||
# CONFIG_SND_SOC_FSL_ESAI is not set
|
||||
# CONFIG_SND_SOC_FSL_SAI is not set
|
||||
# CONFIG_SND_SOC_FSL_SPDIF is not set
|
||||
# CONFIG_SND_SOC_FSL_SSI is not set
|
||||
# CONFIG_SND_SOC_IMX_AUDMUX is not set
|
||||
# CONFIG_SND_SOC_ALC5623 is not set
|
||||
# CONFIG_SND_SOC_CS42L56 is not set
|
||||
# CONFIG_SND_SOC_STA350 is not set
|
||||
# CONFIG_SND_ATMEL_SOC is not set
|
||||
# CONFIG_SND_SOC_TLV320AIC31XX is not set
|
||||
# CONFIG_SND_SOC_TAS2552 is not set
|
||||
# CONFIG_SND_SOC_CS4265 is not set
|
||||
# CONFIG_SND_EDMA_SOC is not set
|
||||
# CONFIG_SND_SOC_ROCKCHIP is not set
|
||||
|
||||
# Displays
|
||||
CONFIG_BACKLIGHT_TPS65217=m
|
||||
|
@ -652,7 +655,6 @@ CONFIG_RTC_DRV_TPS80031=m
|
|||
# Regulators
|
||||
CONFIG_REGULATOR=y
|
||||
CONFIG_RFKILL_REGULATOR=m
|
||||
CONFIG_REGULATOR_DUMMY=y
|
||||
CONFIG_REGULATOR_FIXED_VOLTAGE=y
|
||||
CONFIG_REGULATOR_VIRTUAL_CONSUMER=m
|
||||
CONFIG_REGULATOR_USERSPACE_CONSUMER=m
|
||||
|
@ -685,6 +687,7 @@ CONFIG_REGULATOR_TPS65912=m
|
|||
CONFIG_REGULATOR_TPS80031=m
|
||||
CONFIG_REGULATOR_LTC3589=m
|
||||
CONFIG_REGULATOR_ANATOP=m
|
||||
CONFIG_REGULATOR_DA9211=m
|
||||
|
||||
CONFIG_CHARGER_MANAGER=y
|
||||
CONFIG_CHARGER_BQ2415X=m
|
||||
|
@ -771,7 +774,6 @@ CONFIG_UBIFS_FS=m
|
|||
CONFIG_UBIFS_FS_ADVANCED_COMPR=y
|
||||
CONFIG_UBIFS_FS_LZO=y
|
||||
CONFIG_UBIFS_FS_ZLIB=y
|
||||
# CONFIG_UBIFS_FS_DEBUG is not set
|
||||
|
||||
# Sensors
|
||||
CONFIG_SENSORS_HTU21=m
|
||||
|
@ -792,6 +794,7 @@ CONFIG_BPF_JIT=y
|
|||
# HW Enabled in armv7 not lpae
|
||||
# CONFIG_DRM_TILCDC is not set
|
||||
# CONFIG_DRM_IMX is not set
|
||||
# CONFIG_DRM_STI is not set
|
||||
# CONFIG_AHCI_IMX is not set
|
||||
# CONFIG_IMX_THERMAL is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
|
@ -828,6 +831,7 @@ CONFIG_BPF_JIT=y
|
|||
# CONFIG_MMC_TMIO is not set
|
||||
# CONFIG_PINCTRL_IMX35 is not set
|
||||
# CONFIG_DVB_USB_PCTV452E is not set
|
||||
# CONFIG_DWMAC_SOCFPGA is not set
|
||||
|
||||
# CONFIG_MFD_LP8788 is not set
|
||||
# CONFIG_MFD_MAX77693 is not set
|
||||
|
|
|
@ -11,7 +11,6 @@ CONFIG_ARCH_VIRT=y
|
|||
# CONFIG_SOC_AM43XX is not set
|
||||
# CONFIG_SOC_DRA7XX is not set
|
||||
# CONFIG_ARCH_ROCKCHIP is not set
|
||||
# CONFIG_ARCH_SOCFPGA is not set
|
||||
# CONFIG_ARCH_ZYNQ is not set
|
||||
# CONFIG_ARCH_AXXIA is not set
|
||||
|
||||
|
@ -62,6 +61,7 @@ CONFIG_TI_AEMIF=m
|
|||
CONFIG_POWER_RESET_KEYSTONE=y
|
||||
CONFIG_DAVINCI_WATCHDOG=m
|
||||
CONFIG_SPI_DAVINCI=m
|
||||
CONFIG_TI_DAVINCI_MDIO=m
|
||||
# CONFIG_TI_SOC_THERMAL is not set
|
||||
|
||||
# Tegra (non A15 device options)
|
||||
|
|
|
@ -31,14 +31,12 @@ CONFIG_LOCK_STAT=y
|
|||
CONFIG_DEBUG_STACK_USAGE=y
|
||||
|
||||
CONFIG_ACPI_DEBUG=y
|
||||
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
|
||||
|
||||
CONFIG_DEBUG_SG=y
|
||||
CONFIG_DEBUG_PI_LIST=y
|
||||
|
||||
# CONFIG_DEBUG_PAGEALLOC is not set
|
||||
|
||||
CONFIG_DEBUG_WRITECOUNT=y
|
||||
CONFIG_DEBUG_OBJECTS=y
|
||||
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
|
||||
CONFIG_DEBUG_OBJECTS_FREE=y
|
||||
|
@ -53,7 +51,6 @@ CONFIG_CAN_DEBUG_DEVICES=y
|
|||
|
||||
CONFIG_MODULE_FORCE_UNLOAD=y
|
||||
|
||||
CONFIG_SYSCTL_SYSCALL_CHECK=y
|
||||
|
||||
CONFIG_DEBUG_NOTIFIERS=y
|
||||
|
||||
|
@ -97,7 +94,6 @@ CONFIG_PM_ADVANCED_DEBUG=y
|
|||
CONFIG_CEPH_LIB_PRETTYDEBUG=y
|
||||
CONFIG_QUOTA_DEBUG=y
|
||||
|
||||
CONFIG_PCI_DEFAULT_USE_CRS=y
|
||||
|
||||
CONFIG_KGDB_KDB=y
|
||||
CONFIG_KDB_KEYBOARD=y
|
||||
|
@ -123,6 +119,8 @@ CONFIG_MAC80211_MESSAGE_TRACING=y
|
|||
|
||||
CONFIG_EDAC_DEBUG=y
|
||||
|
||||
CONFIG_SPI_DEBUG=y
|
||||
|
||||
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
|
||||
CONFIG_LATENCYTOP=y
|
||||
CONFIG_SCHEDSTATS=y
|
||||
|
|
377
config-generic
377
config-generic
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,5 @@
|
|||
# CONFIG_HIGHMEM4G is not set
|
||||
CONFIG_HIGHMEM64G=y
|
||||
# CONFIG_OLPC_OPENFIRMWARE is not set
|
||||
|
||||
CONFIG_XEN_DEV_EVTCHN=m
|
||||
CONFIG_XEN_SYS_HYPERVISOR=y
|
||||
|
|
|
@ -31,14 +31,12 @@ CONFIG_CPUMASK_OFFSTACK=y
|
|||
# CONFIG_DEBUG_STACK_USAGE is not set
|
||||
|
||||
# CONFIG_ACPI_DEBUG is not set
|
||||
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
|
||||
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
# CONFIG_DEBUG_PI_LIST is not set
|
||||
|
||||
# CONFIG_DEBUG_PAGEALLOC is not set
|
||||
|
||||
# CONFIG_DEBUG_WRITECOUNT is not set
|
||||
# CONFIG_DEBUG_OBJECTS is not set
|
||||
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
|
||||
# CONFIG_DEBUG_OBJECTS_FREE is not set
|
||||
|
@ -53,7 +51,6 @@ CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
|
|||
|
||||
# CONFIG_MODULE_FORCE_UNLOAD is not set
|
||||
|
||||
# CONFIG_SYSCTL_SYSCALL_CHECK is not set
|
||||
|
||||
# CONFIG_DEBUG_NOTIFIERS is not set
|
||||
|
||||
|
@ -97,7 +94,6 @@ CONFIG_PM_ADVANCED_DEBUG=y
|
|||
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
|
||||
# CONFIG_QUOTA_DEBUG is not set
|
||||
|
||||
CONFIG_PCI_DEFAULT_USE_CRS=y
|
||||
|
||||
CONFIG_KGDB_KDB=y
|
||||
CONFIG_KDB_KEYBOARD=y
|
||||
|
|
|
@ -14,7 +14,6 @@ CONFIG_TAU_AVERAGE=y
|
|||
# CONFIG_GEN_RTC is not set
|
||||
# CONFIG_GEN_RTC_X is not set
|
||||
CONFIG_RTC_DRV_GENERIC=y
|
||||
CONFIG_PROC_DEVICETREE=y
|
||||
# CONFIG_CMDLINE_BOOL is not set
|
||||
|
||||
CONFIG_ADB=y
|
||||
|
@ -61,21 +60,17 @@ CONFIG_CAPI_EICON=y
|
|||
|
||||
CONFIG_NVRAM=y
|
||||
|
||||
# CONFIG_PCMCIA_M8XX is not set
|
||||
# CONFIG_SCSI_AHA1542 is not set
|
||||
# CONFIG_SCSI_IN2000 is not set
|
||||
# CONFIG_SCSI_IPS is not set
|
||||
# CONFIG_NI52 is not set
|
||||
# CONFIG_NI65 is not set
|
||||
# CONFIG_LANCE is not set
|
||||
# CONFIG_3C515 is not set
|
||||
# CONFIG_ELPLUS is not set
|
||||
|
||||
CONFIG_MEMORY_HOTPLUG=y
|
||||
|
||||
# Stuff which wants bus_to_virt() or virt_to_bus()
|
||||
# CONFIG_BLK_CPQ_DA is not set
|
||||
# CONFIG_VIDEO_STRADIS is not set
|
||||
# CONFIG_VIDEO_ZORAN is not set
|
||||
# CONFIG_ATM_HORIZON is not set
|
||||
# CONFIG_ATM_FIRESTREAM is not set
|
||||
|
@ -97,7 +92,6 @@ CONFIG_PPC_MEDIA5200=y
|
|||
# CONFIG_PPC_LITE5200 is not set
|
||||
CONFIG_PPC_BESTCOMM=y
|
||||
CONFIG_PMAC_RACKMETER=m
|
||||
CONFIG_USB_OHCI_HCD_PPC_SOC=y
|
||||
CONFIG_USB_OHCI_HCD_PCI=y
|
||||
CONFIG_USB_OHCI_HCD_PPC_OF=y
|
||||
CONFIG_USB_OHCI_HCD_PPC_OF_BE=y
|
||||
|
@ -186,7 +180,6 @@ CONFIG_PATA_OF_PLATFORM=m
|
|||
CONFIG_USB_EHCI_HCD_PPC_OF=y
|
||||
|
||||
# CONFIG_MPC5121_ADS is not set
|
||||
# CONFIG_MPC5121_GENERIC is not set
|
||||
CONFIG_MTD_OF_PARTS=y
|
||||
# CONFIG_MTD_NAND_FSL_ELBC is not set
|
||||
CONFIG_THERMAL=y
|
||||
|
@ -227,7 +220,6 @@ CONFIG_NET_VENDOR_IBM=y
|
|||
|
||||
# CONFIG_QUICC_ENGINE is not set
|
||||
# CONFIG_QE_GPIO is not set
|
||||
# CONFIG_MPC8xxx_GPIO is not set
|
||||
|
||||
CONFIG_IDE_GD=y
|
||||
CONFIG_IDE_GD_ATA=y
|
||||
|
@ -278,7 +270,6 @@ CONFIG_MMC_SDHCI_OF=m
|
|||
|
||||
# CONFIG_CONSISTENT_SIZE_BOOL is not set
|
||||
|
||||
CONFIG_CAN_SJA1000_OF_PLATFORM=m
|
||||
|
||||
CONFIG_PPC_EMULATED_STATS=y
|
||||
|
||||
|
@ -292,7 +283,6 @@ CONFIG_PPC_DISABLE_WERROR=y
|
|||
# CONFIG_XILINX_EMACLITE is not set
|
||||
|
||||
CONFIG_GPIO_WM831X=m
|
||||
# CONFIG_GPIO_LANGWELL is not set
|
||||
# CONFIG_GPIO_UCB1400 is not set
|
||||
# CONFIG_EDAC_MPC85XX is not set
|
||||
|
||||
|
@ -305,7 +295,6 @@ CONFIG_SPARSE_IRQ=y
|
|||
CONFIG_PATA_MACIO=y
|
||||
CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
|
||||
# CONFIG_PMIC_ADP5520 is not set
|
||||
# CONFIG_MFD_88PM8607 is not set
|
||||
# CONFIG_MFD_MAX8997 is not set
|
||||
# CONFIG_MFD_TPS65910 is not set
|
||||
# CONFIG_MFD_TPS65912_I2C is not set
|
||||
|
@ -314,7 +303,6 @@ CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
|
|||
# CONFIG_MMC_SDHCI_OF_ESDHC is not set
|
||||
# CONFIG_MMC_SDHCI_OF_HLWD is not set
|
||||
|
||||
# CONFIG_MFD_TC35892 is not set
|
||||
# CONFIG_MFD_AAT2870_CORE is not set
|
||||
|
||||
# CONFIG_GPIO_SCH is not set
|
||||
|
@ -368,10 +356,7 @@ CONFIG_PPC_DENORMALISATION=y
|
|||
# CONFIG_RTC_DRV_SNVS is not set
|
||||
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
|
||||
|
||||
# CONFIG_OF_DISPLAY_TIMING is not set
|
||||
# CONFIG_OF_VIDEOMODE is not set
|
||||
|
||||
# CONFIG_POWERNV_MSI is not set
|
||||
# CONFIG_CPU_LITTLE_ENDIAN is not set
|
||||
|
||||
CONFIG_POWER_RESET_GPIO=y
|
||||
|
|
|
@ -8,11 +8,9 @@ CONFIG_PPC_PMAC64=y
|
|||
CONFIG_PPC_MAPLE=y
|
||||
# CONFIG_PPC_CELL is not set
|
||||
# CONFIG_PPC_IBM_CELL_BLADE is not set
|
||||
# CONFIG_PPC_ISERIES is not set
|
||||
CONFIG_PPC_PSERIES=y
|
||||
CONFIG_PPC_PMAC=y
|
||||
CONFIG_PPC_POWERNV=y
|
||||
CONFIG_POWERNV_MSI=y
|
||||
CONFIG_PPC_POWERNV_RTAS=y
|
||||
CONFIG_SENSORS_IBMPOWERNV=y
|
||||
CONFIG_HW_RANDOM_POWERNV=m
|
||||
|
@ -51,15 +49,10 @@ CONFIG_SCSI_IPR=m
|
|||
CONFIG_SCSI_IPR_TRACE=y
|
||||
CONFIG_SCSI_IPR_DUMP=y
|
||||
CONFIG_HVC_RTAS=y
|
||||
# CONFIG_HVC_ISERIES is not set
|
||||
CONFIG_HVC_OPAL=y
|
||||
|
||||
# iSeries device drivers
|
||||
#
|
||||
# CONFIG_ISERIES_VETH is not set
|
||||
CONFIG_VIODASD=m
|
||||
CONFIG_VIOCD=m
|
||||
CONFIG_VIOTAPE=m
|
||||
|
||||
CONFIG_PASEMI_MAC=m
|
||||
CONFIG_SERIAL_OF_PLATFORM=m
|
||||
|
@ -86,10 +79,8 @@ CONFIG_NR_CPUS=1024
|
|||
# CONFIG_FB_ATY128 is not set
|
||||
# CONFIG_FB_ATY is not set
|
||||
|
||||
# CONFIG_POWER4_ONLY is not set
|
||||
|
||||
CONFIG_RTAS_PROC=y
|
||||
CONFIG_IOMMU_VMERGE=y
|
||||
CONFIG_NUMA=y
|
||||
CONFIG_NUMA_BALANCING=y
|
||||
CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
|
||||
|
@ -119,17 +110,14 @@ CONFIG_INFINIBAND_EHCA=m
|
|||
|
||||
CONFIG_XMON_DISASSEMBLY=y
|
||||
|
||||
CONFIG_SCSI_IBMVSCSIS=m
|
||||
|
||||
# CONFIG_TUNE_CELL is not set
|
||||
# CONFIG_BLK_DEV_PLATFORM is not set
|
||||
|
||||
# CONFIG_VIRQ_DEBUG is not set
|
||||
|
||||
CONFIG_EDAC_CPC925=m
|
||||
CONFIG_FRAME_WARN=2048
|
||||
|
||||
CONFIG_PHYP_DUMP=y
|
||||
CONFIG_FORCE_MAX_ZONEORDER=9
|
||||
CONFIG_VIRTUALIZATION=y
|
||||
|
||||
|
@ -140,12 +128,14 @@ CONFIG_SCSI_IBMVFC=m
|
|||
CONFIG_IBM_BSR=m
|
||||
|
||||
CONFIG_CRASH_DUMP=y
|
||||
CONFIG_FA_DUMP=y
|
||||
CONFIG_RELOCATABLE=y
|
||||
|
||||
CONFIG_RCU_FANOUT=64
|
||||
|
||||
CONFIG_CMA=y
|
||||
# CONFIG_CMA_DEBUG is not set
|
||||
CONFIG_CMA_AREAS=7
|
||||
CONFIG_KVM_BOOK3S_64=m
|
||||
CONFIG_KVM_BOOK3S_64_HV=m
|
||||
CONFIG_KVM_BOOK3S_64_PR=m
|
||||
|
@ -189,3 +179,5 @@ CONFIG_BPF_JIT=y
|
|||
# CONFIG_PPC_TRANSACTIONAL_MEM is not set
|
||||
# CONFIG_SND_HDA_INTEL is not set
|
||||
CONFIG_BLK_DEV_RSXX=m
|
||||
|
||||
# CONFIG_CARL9170 is not set
|
||||
|
|
|
@ -3,12 +3,9 @@ CONFIG_POWER7_CPU=y
|
|||
# CONFIG_PPC_MAPLE is not set
|
||||
# CONFIG_PPC_CELL is not set
|
||||
# CONFIG_PPC_IBM_CELL_BLADE is not set
|
||||
# CONFIG_PPC_ISERIES is not set
|
||||
# CONFIG_POWER3 is not set
|
||||
CONFIG_PPC_PSERIES=y
|
||||
# CONFIG_PPC_PMAC is not set
|
||||
CONFIG_PPC_POWERNV=y
|
||||
CONFIG_POWERNV_MSI=y
|
||||
CONFIG_PPC_POWERNV_RTAS=y
|
||||
CONFIG_HW_RANDOM_POWERNV=m
|
||||
CONFIG_SENSORS_IBMPOWERNV=y
|
||||
|
@ -43,15 +40,10 @@ CONFIG_SCSI_IPR=m
|
|||
CONFIG_SCSI_IPR_TRACE=y
|
||||
CONFIG_SCSI_IPR_DUMP=y
|
||||
CONFIG_HVC_RTAS=y
|
||||
# CONFIG_HVC_ISERIES is not set
|
||||
CONFIG_HVC_OPAL=y
|
||||
|
||||
# iSeries device drivers
|
||||
#
|
||||
# CONFIG_ISERIES_VETH is not set
|
||||
CONFIG_VIODASD=m
|
||||
CONFIG_VIOCD=m
|
||||
CONFIG_VIOTAPE=m
|
||||
|
||||
CONFIG_SERIAL_OF_PLATFORM=m
|
||||
|
||||
|
@ -77,10 +69,8 @@ CONFIG_NR_CPUS=1024
|
|||
# CONFIG_FB_ATY128 is not set
|
||||
# CONFIG_FB_ATY is not set
|
||||
|
||||
# CONFIG_POWER4_ONLY is not set
|
||||
|
||||
CONFIG_RTAS_PROC=y
|
||||
CONFIG_IOMMU_VMERGE=y
|
||||
CONFIG_NUMA=y
|
||||
CONFIG_NUMA_BALANCING=y
|
||||
CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
|
||||
|
@ -110,17 +100,14 @@ CONFIG_INFINIBAND_EHCA=m
|
|||
|
||||
CONFIG_XMON_DISASSEMBLY=y
|
||||
|
||||
CONFIG_SCSI_IBMVSCSIS=m
|
||||
|
||||
# CONFIG_TUNE_CELL is not set
|
||||
# CONFIG_BLK_DEV_PLATFORM is not set
|
||||
|
||||
# CONFIG_VIRQ_DEBUG is not set
|
||||
|
||||
CONFIG_EDAC_CPC925=m
|
||||
CONFIG_FRAME_WARN=2048
|
||||
|
||||
CONFIG_PHYP_DUMP=y
|
||||
CONFIG_FORCE_MAX_ZONEORDER=9
|
||||
CONFIG_VIRTUALIZATION=y
|
||||
|
||||
|
@ -131,12 +118,14 @@ CONFIG_SCSI_IBMVFC=m
|
|||
CONFIG_IBM_BSR=m
|
||||
|
||||
CONFIG_CRASH_DUMP=y
|
||||
CONFIG_FA_DUMP=y
|
||||
CONFIG_RELOCATABLE=y
|
||||
|
||||
CONFIG_RCU_FANOUT=64
|
||||
|
||||
CONFIG_CMA=y
|
||||
# CONFIG_CMA_DEBUG is not set
|
||||
CONFIG_CMA_AREAS=7
|
||||
CONFIG_KVM_BOOK3S_64=m
|
||||
CONFIG_KVM_BOOK3S_64_HV=m
|
||||
CONFIG_KVM_BOOK3S_64_PR=m
|
||||
|
|
59
config-s390x
59
config-s390x
|
@ -14,7 +14,6 @@ CONFIG_HZ_100=y
|
|||
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
|
||||
|
||||
CONFIG_LOG_BUF_SHIFT=16
|
||||
CONFIG_NO_IDLE_HZ=y
|
||||
|
||||
#
|
||||
# I/O subsystem configuration
|
||||
|
@ -25,13 +24,9 @@ CONFIG_QDIO=m
|
|||
# Misc
|
||||
#
|
||||
CONFIG_IPL=y
|
||||
# CONFIG_IPL_TAPE is not set
|
||||
CONFIG_IPL_VM=y
|
||||
# CONFIG_PROCESS_DEBUG is not set
|
||||
CONFIG_PFAULT=y
|
||||
CONFIG_SHARED_KERNEL=y
|
||||
CONFIG_CMM=m
|
||||
CONFIG_CMM_PROC=y
|
||||
# CONFIG_NETIUCV is not set
|
||||
CONFIG_SMSGIUCV=m
|
||||
CONFIG_CRASH_DUMP=y
|
||||
|
@ -40,7 +35,6 @@ CONFIG_CRASH_DUMP=y
|
|||
# SCSI low-level drivers
|
||||
#
|
||||
CONFIG_ZFCP=m
|
||||
CONFIG_ZFCPDUMP=y
|
||||
CONFIG_CCW=y
|
||||
|
||||
#
|
||||
|
@ -83,7 +77,6 @@ CONFIG_TN3270_FS=m
|
|||
#
|
||||
# S/390 tape interface support
|
||||
#
|
||||
CONFIG_S390_TAPE_BLOCK=y
|
||||
|
||||
#
|
||||
# S/390 tape hardware support
|
||||
|
@ -149,10 +142,7 @@ CONFIG_CRYPTO_AES_S390=m
|
|||
#
|
||||
CONFIG_PACK_STACK=y
|
||||
CONFIG_CHECK_STACK=y
|
||||
# CONFIG_WARN_STACK is not set
|
||||
# CONFIG_SMALL_STACK is not set
|
||||
|
||||
CONFIG_ZVM_WATCHDOG=m
|
||||
CONFIG_DIAG288_WATCHDOG=m
|
||||
CONFIG_VMLOGRDR=m
|
||||
CONFIG_MONREADER=m
|
||||
|
@ -171,15 +161,12 @@ CONFIG_VIRT_CPU_ACCOUNTING=y
|
|||
CONFIG_STACK_GUARD=256
|
||||
CONFIG_CMM_IUCV=y
|
||||
|
||||
# CONFIG_DETECT_SOFTLOCKUP is not set
|
||||
|
||||
CONFIG_S390_HYPFS_FS=y
|
||||
|
||||
CONFIG_MONWRITER=m
|
||||
CONFIG_ZCRYPT=m
|
||||
CONFIG_ZCRYPT_MONOLITHIC=y
|
||||
|
||||
CONFIG_S390_EXEC_PROTECT=y
|
||||
CONFIG_AFIUCV=m
|
||||
CONFIG_S390_PRNG=m
|
||||
|
||||
|
@ -218,7 +205,6 @@ CONFIG_SMSGIUCV_EVENT=m
|
|||
|
||||
CONFIG_VMCP=y
|
||||
|
||||
CONFIG_ZFCP_DIF=y
|
||||
|
||||
CONFIG_SCHED_MC=y
|
||||
CONFIG_SCHED_BOOK=y
|
||||
|
@ -235,10 +221,30 @@ CONFIG_SCM_BLOCK=m
|
|||
CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
|
||||
# CONFIG_S390_PTDUMP is not set
|
||||
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
|
||||
# CONFIG_PCI is not set
|
||||
|
||||
CONFIG_PCI=y
|
||||
CONFIG_PCI_NR_FUNCTIONS=64
|
||||
CONFIG_PCI_NR_MSI=256
|
||||
CONFIG_HOTPLUG_PCI=y
|
||||
CONFIG_HOTPLUG_PCI_CPCI=y
|
||||
CONFIG_HOTPLUG_PCI_SHPC=y
|
||||
CONFIG_HOTPLUG_PCI_S390=y
|
||||
|
||||
# CONFIG_NEW_LEDS is not set
|
||||
# CONFIG_HID is not set
|
||||
# CONFIG_MTD is not set
|
||||
|
||||
# CONFIG_PARPORT is not set
|
||||
# CONFIG_UWB is not set
|
||||
# CONFIG_MMC is not set
|
||||
# CONFIG_FB is not set
|
||||
# CONFIG_MFD_CORE is not set
|
||||
# CONFIG_TIFM_CORE is not set
|
||||
# CONFIG_CB710_CORE is not set
|
||||
# CONFIG_FCOE is not set
|
||||
# CONFIG_FUSION is not set
|
||||
# CONFIG_FIREWIRE is not set
|
||||
# CONFIG_FIREWIRE_NOSY is not set
|
||||
|
||||
# CONFIG_INPUT is not set
|
||||
# CONFIG_INPUT_JOYDEV is not set
|
||||
|
@ -248,6 +254,8 @@ CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
|
|||
# CONFIG_INPUT_TABLET is not set
|
||||
# CONFIG_INPUT_TOUCHSCREEN is not set
|
||||
# CONFIG_INPUT_MISC is not set
|
||||
# CONFIG_GAMEPORT_EMU10K1 is not set
|
||||
# CONFIG_GAMEPORT_FM801 is not set
|
||||
# CONFIG_SERIO is not set
|
||||
|
||||
# CONFIG_ACCESSIBILITY is not set
|
||||
|
@ -269,6 +277,17 @@ CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
|
|||
# CONFIG_I2C_NFORCE2 is not set
|
||||
# CONFIG_PTP_1588_CLOCK is not set
|
||||
# CONFIG_PPS is not set
|
||||
# CONFIG_W1 is not set
|
||||
# CONFIG_HWMON is not set
|
||||
# CONFIG_SSB is not set
|
||||
# CONFIG_BCMA is not set
|
||||
# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
|
||||
# CONFIG_LCD_CLASS_DEVICE is not set
|
||||
# CONFIG_LCD_PLATFORM is not set
|
||||
# CONFIG_BACKLIGHT_CLASS_DEVICE is not set
|
||||
# CONFIG_MFD_RTSX_PCI is not set
|
||||
# CONFIG_MFD_SM501 is not set
|
||||
# CONFIG_MFD_VX855 is not set
|
||||
|
||||
# CONFIG_PHYLIB is not set
|
||||
# CONFIG_ATM_DRIVERS is not set
|
||||
|
@ -282,4 +301,14 @@ CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
|
|||
|
||||
# CONFIG_FMC is not set
|
||||
|
||||
CONFIG_MLX4_EN=m
|
||||
CONFIG_MLX4_EN_DCB=y
|
||||
CONFIG_INFINIBAND=m
|
||||
CONFIG_INFINIBAND_USER_ACCESS=m
|
||||
CONFIG_MLX4_INFINIBAND=m
|
||||
CONFIG_RDS=m
|
||||
CONFIG_RDS_RDMA=m
|
||||
CONFIG_RDS_TCP=m
|
||||
CONFIG_IRQ_DOMAIN_DEBUG=y
|
||||
|
||||
CONFIG_CRASH=m
|
||||
|
|
|
@ -2,15 +2,9 @@
|
|||
|
||||
# CONFIG_X86_32_NON_STANDARD is not set
|
||||
|
||||
# CONFIG_X86_ELAN is not set
|
||||
# CONFIG_X86_GOLDFISH is not set
|
||||
# CONFIG_X86_NUMAQ is not set
|
||||
# CONFIG_X86_SUMMIT is not set
|
||||
CONFIG_X86_BIGSMP=y
|
||||
# CONFIG_X86_VISWS is not set
|
||||
# CONFIG_X86_RDC321X is not set
|
||||
# CONFIG_X86_ES7000 is not set
|
||||
# CONFIG_M386 is not set
|
||||
# CONFIG_M486 is not set
|
||||
# CONFIG_M586 is not set
|
||||
# CONFIG_M586TSC is not set
|
||||
|
@ -89,7 +83,6 @@ CONFIG_X86_LONGRUN=y
|
|||
# CONFIG_X86_E_POWERSAVER is not set
|
||||
|
||||
CONFIG_X86_HT=y
|
||||
CONFIG_X86_TRAMPOLINE=y
|
||||
|
||||
|
||||
# CONFIG_4KSTACKS is not set
|
||||
|
@ -113,7 +106,6 @@ CONFIG_SCx200_ACB=m
|
|||
|
||||
CONFIG_PC8736x_GPIO=m
|
||||
# CONFIG_NSC_GPIO is not set
|
||||
CONFIG_CS5535_GPIO=m
|
||||
CONFIG_GPIO_SCH=m
|
||||
|
||||
CONFIG_HW_RANDOM_GEODE=m
|
||||
|
@ -143,7 +135,6 @@ CONFIG_LBDAF=y
|
|||
|
||||
|
||||
CONFIG_OLPC=y
|
||||
CONFIG_OLPC_OPENFIRMWARE=y
|
||||
CONFIG_BATTERY_OLPC=y
|
||||
CONFIG_MOUSE_PS2_OLPC=y
|
||||
CONFIG_OLPC_XO1_PM=y
|
||||
|
@ -160,10 +151,8 @@ CONFIG_RCU_FANOUT=32
|
|||
|
||||
# CONFIG_X86_ANCIENT_MCE is not set
|
||||
|
||||
# CONFIG_X86_MRST is not set
|
||||
|
||||
CONFIG_I2C_PXA=m
|
||||
# CONFIG_GPIO_LANGWELL is not set
|
||||
|
||||
# CONFIG_INTEL_TXT is not set
|
||||
|
||||
|
@ -184,7 +173,6 @@ CONFIG_POWER_RESET_GPIO=y
|
|||
|
||||
CONFIG_MTD_OF_PARTS=y
|
||||
CONFIG_MTD_PHYSMAP_OF=m
|
||||
CONFIG_PROC_DEVICETREE=y
|
||||
CONFIG_SERIAL_OF_PLATFORM=m
|
||||
CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
|
||||
# CONFIG_MMC_SDHCI_OF is not set
|
||||
|
@ -209,7 +197,6 @@ CONFIG_BACKLIGHT_PWM=m
|
|||
|
||||
# CONFIG_EDAC_SBRIDGE is not set
|
||||
|
||||
# CONFIG_X86_WANT_INTEL_MID is not set
|
||||
# CONFIG_OF_SELFTEST is not set
|
||||
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
|
||||
# CONFIG_INPUT_GP2A is not set
|
||||
|
@ -223,12 +210,9 @@ CONFIG_BACKLIGHT_PWM=m
|
|||
# CONFIG_BACKLIGHT_OT200 is not set
|
||||
# CONFIG_RTC_DRV_SNVS is not set
|
||||
# CONFIG_RTC_DRV_HYM8563 is not set
|
||||
# CONFIG_OF_DISPLAY_TIMING is not set
|
||||
# CONFIG_OF_VIDEOMODE is not set
|
||||
|
||||
# CONFIG_MLX5_INFINIBAND is not set
|
||||
# CONFIG_PINCTRL_SINGLE is not set
|
||||
# CONFIG_PINCTRL_CAPRI is not set
|
||||
# CONFIG_PINCTRL_MSM8X74 is not set
|
||||
# CONFIG_PINCTRL_BCM281XX is not set
|
||||
# CONFIG_PINCTRL_APQ8064 is not set
|
||||
|
|
|
@ -10,10 +10,12 @@ CONFIG_HPET_TIMER=y
|
|||
|
||||
CONFIG_I8K=m
|
||||
CONFIG_SONYPI_COMPAT=y
|
||||
CONFIG_MICROCODE=m
|
||||
CONFIG_MICROCODE=y
|
||||
CONFIG_MICROCODE_EARLY=y
|
||||
CONFIG_MICROCODE_INTEL=y
|
||||
CONFIG_MICROCODE_INTEL_EARLY=y
|
||||
CONFIG_MICROCODE_AMD=y
|
||||
CONFIG_MICROCODE_AMD_EARLY=y
|
||||
|
||||
CONFIG_X86_MSR=y
|
||||
CONFIG_X86_CPUID=y
|
||||
|
@ -50,7 +52,6 @@ CONFIG_EFI_RUNTIME_MAP=y
|
|||
# CONFIG_FB_N411 is not set
|
||||
|
||||
CONFIG_INTEL_IOMMU=y
|
||||
CONFIG_DMAR_BROKEN_GFX_WA=y
|
||||
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
|
||||
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
|
||||
CONFIG_SCSI_ADVANSYS=m
|
||||
|
@ -69,7 +70,6 @@ CONFIG_DEBUG_STACKOVERFLOW=y
|
|||
|
||||
CONFIG_ACPI=y
|
||||
CONFIG_ACPI_AC=y
|
||||
# CONFIG_ACPI_ASUS is not set
|
||||
CONFIG_ACPI_BATTERY=y
|
||||
CONFIG_ACPI_BUTTON=y
|
||||
CONFIG_ACPI_CONTAINER=y
|
||||
|
@ -86,7 +86,6 @@ CONFIG_ACPI_VIDEO=m
|
|||
CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y
|
||||
# FIXME: Next two are deprecated. Remove them when they disappear upstream
|
||||
# CONFIG_ACPI_PROCFS_POWER is not set
|
||||
# CONFIG_ACPI_PROC_EVENT is not set
|
||||
CONFIG_PNPACPI=y
|
||||
CONFIG_ACPI_PROCESSOR_AGGREGATOR=m
|
||||
CONFIG_ACPI_HED=m
|
||||
|
@ -119,6 +118,7 @@ CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
|
|||
CONFIG_CRYPTO_DEV_CCP=y
|
||||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
|
||||
|
||||
CONFIG_GENERIC_ISA_DMA=y
|
||||
|
||||
|
@ -142,6 +142,9 @@ CONFIG_IPW2200_QOS=y
|
|||
|
||||
CONFIG_BLK_DEV_AMD74XX=y
|
||||
|
||||
# I2C_ACPI casues I2C to be built in. This should probably be fixed.
|
||||
CONFIG_I2C=y
|
||||
CONFIG_ACPI_I2C_OPREGION=y
|
||||
CONFIG_I2C_AMD756=m
|
||||
CONFIG_I2C_AMD756_S4882=m
|
||||
CONFIG_I2C_AMD8111=m
|
||||
|
@ -183,6 +186,7 @@ CONFIG_EDAC_X38=m
|
|||
CONFIG_EDAC_MCE_INJ=m
|
||||
CONFIG_EDAC_DECODE_MCE=m
|
||||
CONFIG_EDAC_LEGACY_SYSFS=y
|
||||
CONFIG_EDAC_IE31200=m
|
||||
|
||||
CONFIG_SCHED_MC=y
|
||||
|
||||
|
@ -238,7 +242,6 @@ CONFIG_PVPANIC=m
|
|||
# CONFIG_TOUCHSCREEN_INTEL_MID is not set
|
||||
|
||||
# CONFIG_SMSC37B787_WDT is not set
|
||||
CONFIG_W83697HF_WDT=m
|
||||
CONFIG_VIA_WDT=m
|
||||
CONFIG_IE6XX_WDT=m
|
||||
|
||||
|
@ -262,7 +265,6 @@ CONFIG_PARAVIRT_TIME_ACCOUNTING=y
|
|||
# PARAVIRT_SPINLOCKS has a 5% perf hit on native hw (see kconfig)
|
||||
# CONFIG_PARAVIRT_SPINLOCKS is not set
|
||||
|
||||
CONFIG_KVM_CLOCK=y
|
||||
CONFIG_KVM_GUEST=y
|
||||
CONFIG_KVM_MMU_AUDIT=y # default $x would be nice...
|
||||
# CONFIG_KVM_DEBUG_FS is not set
|
||||
|
@ -286,7 +288,6 @@ CONFIG_XEN_COMPAT_XENFS=y
|
|||
CONFIG_XEN_BACKEND=y
|
||||
CONFIG_XEN_BLKDEV_BACKEND=m
|
||||
CONFIG_XEN_DEBUG_FS=y
|
||||
CONFIG_XEN_PLATFORM_PCI=y
|
||||
CONFIG_XEN_GNTDEV=m
|
||||
CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m
|
||||
CONFIG_XEN_SELFBALLOONING=y
|
||||
|
@ -367,6 +368,7 @@ CONFIG_X86_DECODER_SELFTEST=y
|
|||
CONFIG_ACPI_CMPC=m
|
||||
CONFIG_MSI_WMI=m
|
||||
CONFIG_TOSHIBA_BT_RFKILL=m
|
||||
CONFIG_TOSHIBA_HAPS=m
|
||||
|
||||
CONFIG_VGA_SWITCHEROO=y
|
||||
CONFIG_LPC_SCH=m
|
||||
|
@ -377,12 +379,38 @@ CONFIG_GPIO_ICH=m
|
|||
# CONFIG_GPIO_MCP23S08 is not set
|
||||
# CONFIG_GPIO_F7188X is not set
|
||||
|
||||
# These should all go away with IC2_ACPI is fixed
|
||||
# CONFIG_MFD_AS3711 is not set
|
||||
# CONFIG_PMIC_ADP5520 is not set
|
||||
# CONFIG_MFD_AAT2870_CORE is not set
|
||||
# CONFIG_MFD_AXP20X is not set
|
||||
# CONFIG_PMIC_DA903X is not set
|
||||
# CONFIG_MFD_DA9052_I2C is not set
|
||||
# CONFIG_MFD_DA9055 is not set
|
||||
# CONFIG_MFD_88PM800 is not set
|
||||
# CONFIG_MFD_88PM805 is not set
|
||||
# CONFIG_MFD_MAX14577 is not set
|
||||
# CONFIG_MFD_MAX77686 is not set
|
||||
# CONFIG_MFD_MAX77693 is not set
|
||||
# CONFIG_MFD_MAX8907 is not set
|
||||
# CONFIG_MFD_MAX8997 is not set
|
||||
# CONFIG_MFD_RC5T583 is not set
|
||||
# CONFIG_MFD_SEC_CORE is not set
|
||||
# CONFIG_MFD_SMSC is not set
|
||||
# CONFIG_MFD_LP8788 is not set
|
||||
# CONFIG_MFD_PALMAS is not set
|
||||
# CONFIG_MFD_TPS65090 is not set
|
||||
# CONFIG_MFD_TPS65910 is not set
|
||||
# CONFIG_MFD_TPS65912_I2C is not set
|
||||
# CONFIG_MFD_TPS80031 is not set
|
||||
# CONFIG_TWL4030_CORE is not set
|
||||
# CONFIG_TWL6040_CORE is not set
|
||||
|
||||
|
||||
CONFIG_PCI_CNB20LE_QUIRK=y
|
||||
|
||||
CONFIG_ACPI_EC_DEBUGFS=m
|
||||
# CONFIG_ACPI_APEI_ERST_DEBUG is not set
|
||||
# CONFIG_ACPI_QUICKSTART is not set
|
||||
|
||||
CONFIG_INTEL_IDLE=y
|
||||
|
||||
|
@ -467,6 +495,9 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
|
|||
CONFIG_XZ_DEC_X86=y
|
||||
|
||||
CONFIG_MPILIB=y
|
||||
CONFIG_PKCS7_MESSAGE_PARSER=y
|
||||
# CONFIG_PKCS7_TEST_KEY is not set
|
||||
CONFIG_SIGNED_PE_FILE_VERIFICATION=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
|
||||
CONFIG_MODULE_SIG=y
|
||||
|
@ -477,6 +508,9 @@ CONFIG_MODULE_SIG_SHA256=y
|
|||
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
|
||||
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
||||
|
||||
# CONFIG_KEXEC_FILE is not set
|
||||
# CONFIG_KEXEC_VERIFY_SIG is not set
|
||||
|
||||
CONFIG_MODULE_SIG_UEFI=y
|
||||
|
||||
CONFIG_VMXNET3=m
|
||||
|
|
|
@ -9,7 +9,6 @@ CONFIG_GENERIC_CPU=y
|
|||
CONFIG_X86_UV=y
|
||||
CONFIG_UV_MMTIMER=m
|
||||
CONFIG_NUMA=y
|
||||
CONFIG_K8_NUMA=y
|
||||
CONFIG_AMD_NUMA=y
|
||||
CONFIG_X86_64_ACPI_NUMA=y
|
||||
# CONFIG_NUMA_EMU is not set
|
||||
|
@ -42,6 +41,9 @@ CONFIG_CGROUP_HUGETLB=y
|
|||
CONFIG_MEM_SOFT_DIRTY=y
|
||||
|
||||
CONFIG_KEXEC_JUMP=y
|
||||
CONFIG_KEXEC_FILE=y
|
||||
CONFIG_KEXEC_VERIFY_SIG=y
|
||||
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
|
||||
|
||||
CONFIG_ACPI_HOTPLUG_MEMORY=y
|
||||
|
||||
|
@ -49,6 +51,8 @@ CONFIG_ACPI_HOTPLUG_MEMORY=y
|
|||
|
||||
CONFIG_INTEL_MIC_HOST=m
|
||||
CONFIG_INTEL_MIC_CARD=m
|
||||
CONFIG_INTEL_MIC_BUS=m
|
||||
CONFIG_INTEL_MIC_X100_DMA=m
|
||||
|
||||
# SHPC has half-arsed PCI probing, which makes it load on too many systems
|
||||
CONFIG_HOTPLUG_PCI_SHPC=m
|
||||
|
@ -62,7 +66,6 @@ CONFIG_CRYPTO_SHA1_SSSE3=m
|
|||
CONFIG_CRYPTO_SHA256_SSSE3=m
|
||||
CONFIG_CRYPTO_SHA512_SSSE3=m
|
||||
CONFIG_CRYPTO_BLOWFISH_X86_64=m
|
||||
CONFIG_CRYPTO_BLOWFISH_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m
|
||||
CONFIG_CRYPTO_CAMELLIA_X86_64=m
|
||||
CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
|
||||
|
@ -73,7 +76,7 @@ CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
|
|||
CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_DES3_EDE_X86_64=m
|
||||
# staging crypto
|
||||
# CONFIG_CRYPTO_SKEIN is not set
|
||||
# CONFIG_CRYPTO_THREEFISH is not set
|
||||
|
@ -144,7 +147,6 @@ CONFIG_RCU_FANOUT=64
|
|||
|
||||
CONFIG_INTEL_TXT=y
|
||||
|
||||
CONFIG_GPIO_LANGWELL=y
|
||||
|
||||
CONFIG_FUNCTION_GRAPH_TRACER=y
|
||||
|
||||
|
@ -158,6 +160,8 @@ CONFIG_CHECKPOINT_RESTORE=y
|
|||
# Should be 32bit only, but lacks KConfig depends
|
||||
# CONFIG_XO15_EBOOK is not set
|
||||
|
||||
CONFIG_THUNDERBOLT=m
|
||||
|
||||
CONFIG_NTB=m
|
||||
CONFIG_NTB_NETDEV=m
|
||||
|
||||
|
@ -170,9 +174,12 @@ CONFIG_MLX4_EN_DCB=y
|
|||
CONFIG_SFC=m
|
||||
CONFIG_SFC_MCDI_MON=y
|
||||
CONFIG_SFC_SRIOV=y
|
||||
CONFIG_SFC_PTP=y
|
||||
CONFIG_SFC_MTD=y
|
||||
# Override MTD stuff because SFC_MTD needs it
|
||||
CONFIG_MTD_CHAR=m
|
||||
CONFIG_MTD_BLOCK=m
|
||||
|
||||
CONFIG_NO_HZ_FULL=y
|
||||
# CONFIG_NO_HZ_IDLE is not set
|
||||
# CONFIG_NO_HZ_FULL_ALL is not set
|
||||
# CONFIG_NO_HZ_FULL_SYSIDLE is not set
|
||||
# CONFIG_CONTEXT_TRACKING_FORCE is not set
|
||||
|
|
|
@ -1,66 +1,67 @@
|
|||
From 1786bc697d34af944e29437ce44337b0eb8b6799 Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@dreadnought.bos.jkkm.org>
|
||||
From: Dave Anderson <anderson@redhat.com>
|
||||
Date: Tue, 26 Nov 2013 12:42:46 -0500
|
||||
Subject: [PATCH] crash-driver
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
arch/arm/include/asm/crash.h | 6 ++
|
||||
arch/arm64/include/asm/crash.h | 6 ++
|
||||
arch/ia64/include/asm/crash.h | 90 +++++++++++++++++++++++++++
|
||||
arch/ia64/kernel/ia64_ksyms.c | 3 +
|
||||
arch/powerpc/include/asm/crash.h | 6 ++
|
||||
arch/s390/include/asm/crash.h | 60 ++++++++++++++++++
|
||||
arch/s390/mm/maccess.c | 2 +
|
||||
arch/x86/include/asm/crash.h | 6 ++
|
||||
drivers/char/Kconfig | 3 +
|
||||
drivers/char/Makefile | 2 +
|
||||
drivers/char/crash.c | 128 +++++++++++++++++++++++++++++++++++++++
|
||||
include/asm-generic/crash.h | 72 ++++++++++++++++++++++
|
||||
arch/arm/include/asm/crash-driver.h | 6 ++
|
||||
arch/arm64/include/asm/crash-driver.h | 6 ++
|
||||
arch/ia64/include/asm/crash-driver.h | 90 ++++++++++++++++++++++
|
||||
arch/ia64/kernel/ia64_ksyms.c | 3 +
|
||||
arch/powerpc/include/asm/crash-driver.h | 6 ++
|
||||
arch/s390/include/asm/crash-driver.h | 60 +++++++++++++++
|
||||
arch/s390/mm/maccess.c | 2 +
|
||||
arch/x86/include/asm/crash-driver.h | 6 ++
|
||||
drivers/char/Kconfig | 3 +
|
||||
drivers/char/Makefile | 2 +
|
||||
drivers/char/crash.c | 128 ++++++++++++++++++++++++++++++++
|
||||
include/asm-generic/crash-driver.h | 72 ++++++++++++++++++
|
||||
12 files changed, 384 insertions(+)
|
||||
create mode 100644 arch/arm/include/asm/crash.h
|
||||
create mode 100644 arch/arm64/include/asm/crash.h
|
||||
create mode 100644 arch/ia64/include/asm/crash.h
|
||||
create mode 100644 arch/powerpc/include/asm/crash.h
|
||||
create mode 100644 arch/s390/include/asm/crash.h
|
||||
create mode 100644 arch/x86/include/asm/crash.h
|
||||
create mode 100644 arch/arm/include/asm/crash-driver.h
|
||||
create mode 100644 arch/arm64/include/asm/crash-driver.h
|
||||
create mode 100644 arch/ia64/include/asm/crash-driver.h
|
||||
create mode 100644 arch/powerpc/include/asm/crash-driver.h
|
||||
create mode 100644 arch/s390/include/asm/crash-driver.h
|
||||
create mode 100644 arch/x86/include/asm/crash-driver.h
|
||||
create mode 100644 drivers/char/crash.c
|
||||
create mode 100644 include/asm-generic/crash.h
|
||||
create mode 100644 include/asm-generic/crash-driver.h
|
||||
|
||||
diff --git a/arch/arm/include/asm/crash.h b/arch/arm/include/asm/crash.h
|
||||
diff --git a/arch/arm/include/asm/crash-driver.h b/arch/arm/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..1d2e537
|
||||
index 000000000000..06e7ae916601
|
||||
--- /dev/null
|
||||
+++ b/arch/arm/include/asm/crash.h
|
||||
+++ b/arch/arm/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _ARM_CRASH_H
|
||||
+#define _ARM_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _ARM_CRASH_H */
|
||||
diff --git a/arch/arm64/include/asm/crash.h b/arch/arm64/include/asm/crash.h
|
||||
diff --git a/arch/arm64/include/asm/crash-driver.h b/arch/arm64/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..a7fcc28
|
||||
index 000000000000..43b26da0c5d6
|
||||
--- /dev/null
|
||||
+++ b/arch/arm64/include/asm/crash.h
|
||||
+++ b/arch/arm64/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _ARM64_CRASH_H
|
||||
+#define _ARM64_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _ARM64_CRASH_H */
|
||||
diff --git a/arch/ia64/include/asm/crash.h b/arch/ia64/include/asm/crash.h
|
||||
diff --git a/arch/ia64/include/asm/crash-driver.h b/arch/ia64/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..28bd955
|
||||
index 000000000000..404bcb93c112
|
||||
--- /dev/null
|
||||
+++ b/arch/ia64/include/asm/crash.h
|
||||
+++ b/arch/ia64/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,90 @@
|
||||
+#ifndef _ASM_IA64_CRASH_H
|
||||
+#define _ASM_IA64_CRASH_H
|
||||
+
|
||||
+/*
|
||||
+ * linux/include/asm-ia64/crash.h
|
||||
+ * linux/include/asm-ia64/crash-driver.h
|
||||
+ *
|
||||
+ * Copyright (c) 2004 Red Hat, Inc. All rights reserved.
|
||||
+ *
|
||||
|
@ -147,7 +148,7 @@ index 0000000..28bd955
|
|||
+
|
||||
+#endif /* _ASM_IA64_CRASH_H */
|
||||
diff --git a/arch/ia64/kernel/ia64_ksyms.c b/arch/ia64/kernel/ia64_ksyms.c
|
||||
index 5b7791d..aee4b87 100644
|
||||
index 5b7791dd3965..aee4b870c763 100644
|
||||
--- a/arch/ia64/kernel/ia64_ksyms.c
|
||||
+++ b/arch/ia64/kernel/ia64_ksyms.c
|
||||
@@ -84,6 +84,9 @@ EXPORT_SYMBOL(ia64_save_scratch_fpregs);
|
||||
|
@ -160,23 +161,23 @@ index 5b7791d..aee4b87 100644
|
|||
#if defined(CONFIG_IA64_ESI) || defined(CONFIG_IA64_ESI_MODULE)
|
||||
extern void esi_call_phys (void);
|
||||
EXPORT_SYMBOL_GPL(esi_call_phys);
|
||||
diff --git a/arch/powerpc/include/asm/crash.h b/arch/powerpc/include/asm/crash.h
|
||||
diff --git a/arch/powerpc/include/asm/crash-driver.h b/arch/powerpc/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..daa8c4d
|
||||
index 000000000000..50092d965dc5
|
||||
--- /dev/null
|
||||
+++ b/arch/powerpc/include/asm/crash.h
|
||||
+++ b/arch/powerpc/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _PPC64_CRASH_H
|
||||
+#define _PPC64_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _PPC64_CRASH_H */
|
||||
diff --git a/arch/s390/include/asm/crash.h b/arch/s390/include/asm/crash.h
|
||||
diff --git a/arch/s390/include/asm/crash-driver.h b/arch/s390/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..552be5e
|
||||
index 000000000000..552be5e2c571
|
||||
--- /dev/null
|
||||
+++ b/arch/s390/include/asm/crash.h
|
||||
+++ b/arch/s390/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,60 @@
|
||||
+#ifndef _S390_CRASH_H
|
||||
+#define _S390_CRASH_H
|
||||
|
@ -239,10 +240,10 @@ index 0000000..552be5e
|
|||
+
|
||||
+#endif /* _S390_CRASH_H */
|
||||
diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c
|
||||
index d1e0e0c..a2be459 100644
|
||||
index 2a2e35416d2f..a529181429bb 100644
|
||||
--- a/arch/s390/mm/maccess.c
|
||||
+++ b/arch/s390/mm/maccess.c
|
||||
@@ -219,6 +219,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
|
||||
@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
|
||||
put_online_cpus();
|
||||
return bounce;
|
||||
}
|
||||
|
@ -250,25 +251,25 @@ index d1e0e0c..a2be459 100644
|
|||
|
||||
/*
|
||||
* Free converted buffer for /dev/mem access (if necessary)
|
||||
@@ -228,3 +229,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
|
||||
@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
|
||||
if ((void *) addr != buf)
|
||||
free_page((unsigned long) buf);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(unxlate_dev_mem_ptr);
|
||||
diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h
|
||||
diff --git a/arch/x86/include/asm/crash-driver.h b/arch/x86/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..27a4156
|
||||
index 000000000000..fd4736ec99f5
|
||||
--- /dev/null
|
||||
+++ b/arch/x86/include/asm/crash.h
|
||||
+++ b/arch/x86/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _X86_CRASH_H
|
||||
+#define _X86_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _X86_CRASH_H */
|
||||
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
|
||||
index fa3243d..83643e5b 100644
|
||||
index 6e9f74a5c095..ee6bae16b04c 100644
|
||||
--- a/drivers/char/Kconfig
|
||||
+++ b/drivers/char/Kconfig
|
||||
@@ -4,6 +4,9 @@
|
||||
|
@ -282,10 +283,10 @@ index fa3243d..83643e5b 100644
|
|||
|
||||
config DEVKMEM
|
||||
diff --git a/drivers/char/Makefile b/drivers/char/Makefile
|
||||
index 7ff1d0d..3ed67af 100644
|
||||
index a324f9303e36..33ce2fb1d0a3 100644
|
||||
--- a/drivers/char/Makefile
|
||||
+++ b/drivers/char/Makefile
|
||||
@@ -62,3 +62,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
|
||||
@@ -61,3 +61,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
|
||||
js-rtc-y = rtc.o
|
||||
|
||||
obj-$(CONFIG_TILE_SROM) += tile-srom.o
|
||||
|
@ -293,7 +294,7 @@ index 7ff1d0d..3ed67af 100644
|
|||
+obj-$(CONFIG_CRASH) += crash.o
|
||||
diff --git a/drivers/char/crash.c b/drivers/char/crash.c
|
||||
new file mode 100644
|
||||
index 0000000..a142bb3
|
||||
index 000000000000..085378a1d539
|
||||
--- /dev/null
|
||||
+++ b/drivers/char/crash.c
|
||||
@@ -0,0 +1,128 @@
|
||||
|
@ -329,7 +330,7 @@ index 0000000..a142bb3
|
|||
+#include <asm/io.h>
|
||||
+#include <asm/uaccess.h>
|
||||
+#include <asm/types.h>
|
||||
+#include <asm/crash.h>
|
||||
+#include <asm/crash-driver.h>
|
||||
+
|
||||
+#define CRASH_VERSION "1.0"
|
||||
+
|
||||
|
@ -425,17 +426,17 @@ index 0000000..a142bb3
|
|||
+module_exit(crash_cleanup_module);
|
||||
+
|
||||
+MODULE_LICENSE("GPL");
|
||||
diff --git a/include/asm-generic/crash.h b/include/asm-generic/crash.h
|
||||
diff --git a/include/asm-generic/crash-driver.h b/include/asm-generic/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..8a0a69a
|
||||
index 000000000000..25ab9869d566
|
||||
--- /dev/null
|
||||
+++ b/include/asm-generic/crash.h
|
||||
+++ b/include/asm-generic/crash-driver.h
|
||||
@@ -0,0 +1,72 @@
|
||||
+#ifndef __CRASH_H__
|
||||
+#define __CRASH_H__
|
||||
+
|
||||
+/*
|
||||
+ * include/linux/crash.h
|
||||
+ * include/linux/crash-driver.h
|
||||
+ *
|
||||
+ * Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
+ *
|
||||
|
@ -504,5 +505,5 @@ index 0000000..8a0a69a
|
|||
+
|
||||
+#endif /* __CRASH_H__ */
|
||||
--
|
||||
1.8.3.1
|
||||
1.9.3
|
||||
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 5 Sep 2014 13:19:59 -0400
|
||||
Subject: [PATCH] drm/vmwgfx: Fix drm.h include
|
||||
|
||||
The userspace drm.h include doesn't prefix the drm directory. This can lead
|
||||
to compile failures as /usr/include/drm/ isn't in the standard gcc include
|
||||
paths. Fix it to be <drm/drm.h>, which matches the rest of the driver drm
|
||||
header files that get installed into /usr/include/drm.
|
||||
|
||||
Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1138759
|
||||
|
||||
Fixes: 1d7a5cbf8f74e
|
||||
Reported-by: Jeffrey Bastian <jbastian@redhat.com>
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/uapi/drm/vmwgfx_drm.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/uapi/drm/vmwgfx_drm.h b/include/uapi/drm/vmwgfx_drm.h
|
||||
index 4fc66f6b12ce..c472bedbe38e 100644
|
||||
--- a/include/uapi/drm/vmwgfx_drm.h
|
||||
+++ b/include/uapi/drm/vmwgfx_drm.h
|
||||
@@ -29,7 +29,7 @@
|
||||
#define __VMWGFX_DRM_H__
|
||||
|
||||
#ifndef __KERNEL__
|
||||
-#include <drm.h>
|
||||
+#include <drm/drm.h>
|
||||
#endif
|
||||
|
||||
#define DRM_VMW_MAX_SURFACE_FACES 6
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
Bugzilla: 1097463
|
||||
Upstream-status: Sent for 3.16
|
||||
|
||||
From 7ad066ecd4dfb4c36fb00f9f9eb1a5d6099db834 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 17:41:02 +0200
|
||||
Subject: [PATCH 05/14] eeepc-wmi: Add no backlight quirk for Asus H87I-PLUS
|
||||
Motherboard
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/eeepc-wmi.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/eeepc-wmi.c b/drivers/platform/x86/eeepc-wmi.c
|
||||
index 6112933f6278..a7286bbfe28e 100644
|
||||
--- a/drivers/platform/x86/eeepc-wmi.c
|
||||
+++ b/drivers/platform/x86/eeepc-wmi.c
|
||||
@@ -114,6 +114,10 @@ static struct quirk_entry quirk_asus_x101ch = {
|
||||
.wmi_backlight_power = true,
|
||||
};
|
||||
|
||||
+static struct quirk_entry quirk_asus_no_backlight = {
|
||||
+ .no_backlight = true,
|
||||
+};
|
||||
+
|
||||
static struct quirk_entry *quirks;
|
||||
|
||||
static void et2012_quirks(void)
|
||||
@@ -182,6 +186,15 @@ static struct dmi_system_id asus_quirks[] = {
|
||||
},
|
||||
.driver_data = &quirk_asus_x101ch,
|
||||
},
|
||||
+ {
|
||||
+ .callback = dmi_matched,
|
||||
+ .ident = "ASUSTeK Computer INC. H87I-PLUS",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK COMPUTER INC."),
|
||||
+ DMI_MATCH(DMI_BOARD_NAME, "H87I-PLUS"),
|
||||
+ },
|
||||
+ .driver_data = &quirk_asus_no_backlight,
|
||||
+ },
|
||||
{},
|
||||
};
|
||||
|
||||
--
|
||||
1.9.0
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:33:03 -0400
|
||||
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
for use with efi_enabled.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/kernel/setup.c | 2 ++
|
||||
include/linux/efi.h | 1 +
|
||||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 5a5cf7395724..fb282ff6a802 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
if (boot_params.secure_boot) {
|
||||
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
|
||||
enforce_signed_modules();
|
||||
+ pr_info("Secure boot enabled\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 45cb4ffdea62..ebe6a24cc1e1 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -923,6 +923,7 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
|
||||
#define EFI_PARAVIRT 6 /* Access is via a paravirt interface */
|
||||
#define EFI_ARCH_1 7 /* First arch-specific bit */
|
||||
+#define EFI_SECURE_BOOT 8 /* Are we in Secure Boot mode? */
|
||||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
|
||||
|
||||
A user can manually tell the shim boot loader to disable validation of
|
||||
images it loads. When a user does this, it creates a UEFI variable called
|
||||
MokSBState that does not have the runtime attribute set. Given that the
|
||||
user explicitly disabled validation, we can honor that and not enable
|
||||
secure boot mode if that variable is set.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
|
||||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 975d11bfaf5b..94bf7819857a 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -817,8 +817,9 @@ out:
|
||||
|
||||
static int get_secure_boot(void)
|
||||
{
|
||||
- u8 sb, setup;
|
||||
+ u8 sb, setup, moksbstate;
|
||||
unsigned long datasize = sizeof(sb);
|
||||
+ u32 attr;
|
||||
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
efi_status_t status;
|
||||
|
||||
@@ -842,6 +843,23 @@ static int get_secure_boot(void)
|
||||
if (setup == 1)
|
||||
return 0;
|
||||
|
||||
+ /* See if a user has put shim into insecure_mode. If so, and the variable
|
||||
+ * doesn't have the runtime attribute set, we might as well honor that.
|
||||
+ */
|
||||
+ var_guid = EFI_SHIM_LOCK_GUID;
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"MokSBState", &var_guid, &attr, &datasize,
|
||||
+ &moksbstate);
|
||||
+
|
||||
+ /* If it fails, we don't care why. Default to secure */
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
|
||||
+ if (moksbstate == 1)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:28:43 -0400
|
||||
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
|
||||
The functionality of the config option is dependent upon the platform being
|
||||
UEFI based. Reflect this in the config deps.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/Kconfig | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 61542c282e70..e5ee669e87b6 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1567,7 +1567,8 @@ config EFI_MIXED
|
||||
If unsure, say N.
|
||||
|
||||
config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
- def_bool n
|
||||
+ def_bool n
|
||||
+ depends on EFI
|
||||
prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
---help---
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 20 Jun 2014 08:53:24 -0400
|
||||
Subject: [PATCH] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
so until we can work with signed hibernate images we disable it in
|
||||
a secure modules environment.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/power/hibernate.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index a9dfa79b6bab..14c7356ff53a 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/genhd.h>
|
||||
+#include <linux/module.h>
|
||||
#include <trace/events/power.h>
|
||||
|
||||
#include "power.h"
|
||||
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
|
||||
bool hibernation_available(void)
|
||||
{
|
||||
- return (nohibernate == 0);
|
||||
+ return ((nohibernate == 0) && !secure_modules());
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
From ef15224bce9875f9a5fbc93a2823219df6936a18 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Wed, 30 Jul 2014 17:56:05 +0200
|
||||
Subject: [PATCH 1/3] i8042: Also store the aux firmware id in multi-plexed aux
|
||||
ports
|
||||
|
||||
So that firmware-id matching can be used with multiplexed aux ports too.
|
||||
|
||||
Bugzilla: 1110011
|
||||
Upstream-status: sent for 3.17/3.18
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/input/serio/i8042.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index f1aeb0240d6e..4b5015f27f9e 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -1253,6 +1253,8 @@ static int __init i8042_create_aux_port(int idx)
|
||||
} else {
|
||||
snprintf(serio->name, sizeof(serio->name), "i8042 AUX%d port", idx);
|
||||
snprintf(serio->phys, sizeof(serio->phys), I8042_MUX_PHYS_DESC, idx + 1);
|
||||
+ strlcpy(serio->firmware_id, i8042_aux_firmware_id,
|
||||
+ sizeof(serio->firmware_id));
|
||||
}
|
||||
|
||||
port->serio = serio;
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,34 +1,50 @@
|
|||
From b4e96f34c17e5a79cd28774cc722bb33e7e02c6e Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Thu, 25 Sep 2008 16:23:33 -0400
|
||||
Subject: [PATCH] Don't print an error message just because there's no i8042 chip.
|
||||
Subject: [PATCH] input: silence i8042 noise
|
||||
|
||||
Don't print an error message just because there's no i8042 chip.
|
||||
Some systems, such as EFI-based Apple systems, won't necessarily have an
|
||||
i8042 to initialize. We shouldn't be printing an error message in this
|
||||
case, since not detecting the chip is the correct behavior.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
drivers/base/power/main.c | 2 --
|
||||
drivers/input/serio/i8042.c | 1 -
|
||||
net/can/af_can.c | 8 ++------
|
||||
3 files changed, 2 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
|
||||
index b67d9aef9fe4..dd58b0fdaafd 100644
|
||||
--- a/drivers/base/power/main.c
|
||||
+++ b/drivers/base/power/main.c
|
||||
@@ -122,8 +122,6 @@ void device_pm_unlock(void)
|
||||
*/
|
||||
void device_pm_add(struct device *dev)
|
||||
{
|
||||
- pr_debug("PM: Adding info for %s:%s\n",
|
||||
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
|
||||
mutex_lock(&dpm_list_mtx);
|
||||
if (dev->parent && dev->parent->power.is_prepared)
|
||||
dev_warn(dev, "parent %s should not be sleeping\n",
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index 52c9ebf..c374a96 100644
|
||||
index f5a98af3b325..9bb95eab6926 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -855,7 +855,6 @@ static int __init i8042_check_aux(void)
|
||||
@@ -857,7 +857,6 @@ static int __init i8042_check_aux(void)
|
||||
static int i8042_controller_check(void)
|
||||
{
|
||||
if (i8042_flush()) {
|
||||
- pr_err("No controller found\n");
|
||||
return -ENODEV;
|
||||
}
|
||||
|
||||
--
|
||||
|
||||
Socket fuzzers like sfuzz will trigger this printk a lot, even though it's
|
||||
ratelimited. It isn't particularly useful, so just remove it.
|
||||
|
||||
Signed-off-by: Dave Jones <davej@redhat.com>
|
||||
|
||||
diff --git a/net/can/af_can.c b/net/can/af_can.c
|
||||
index ce82337521f6..a3fee4becc93 100644
|
||||
--- a/net/can/af_can.c
|
||||
+++ b/net/can/af_can.c
|
||||
@@ -157,13 +157,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
|
||||
@@ -158,13 +158,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
|
||||
err = request_module("can-proto-%d", protocol);
|
||||
|
||||
/*
|
||||
|
@ -44,22 +60,6 @@ Signed-off-by: Dave Jones <davej@redhat.com>
|
|||
|
||||
cp = can_get_proto(protocol);
|
||||
}
|
||||
|
||||
This was removed in revision 1.6 of linux-2.6-silence-noise.patch
|
||||
in ye olde CVS tree. I have no idea why. Originally the pr_debug in
|
||||
device_pm_remove was nuked as well, but that seems to have gotten lost in
|
||||
the r1.634 of kernel.spec (2.6.26-rc2-git5.)
|
||||
--
|
||||
1.9.3
|
||||
|
||||
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
|
||||
index 2a52270..bacbdd2 100644
|
||||
--- a/drivers/base/power/main.c
|
||||
+++ b/drivers/base/power/main.c
|
||||
@@ -87,8 +87,6 @@ void device_pm_unlock(void)
|
||||
*/
|
||||
void device_pm_add(struct device *dev)
|
||||
{
|
||||
- pr_debug("PM: Adding info for %s:%s\n",
|
||||
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
|
||||
mutex_lock(&dpm_list_mtx);
|
||||
if (dev->parent && dev->parent->power.is_prepared)
|
||||
dev_warn(dev, "parent %s should not be sleeping\n",
|
|
@ -1,7 +1,3 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: ??
|
||||
|
||||
From fd4e7f06ecc891474dea3a93df083de5f8c50cdc Mon Sep 17 00:00:00 2001
|
||||
From: Roland McGrath <roland@redhat.com>
|
||||
Date: Mon, 6 Oct 2008 23:03:03 -0700
|
||||
Subject: [PATCH] kbuild: AFTER_LINK
|
||||
|
@ -9,6 +5,9 @@ Subject: [PATCH] kbuild: AFTER_LINK
|
|||
If the make variable AFTER_LINK is set, it is a command line to run
|
||||
after each final link. This includes vmlinux itself and vDSO images.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: ??
|
||||
|
||||
Signed-off-by: Roland McGrath <roland@redhat.com>
|
||||
---
|
||||
arch/arm64/kernel/vdso/Makefile | 3 ++-
|
||||
|
@ -21,17 +20,17 @@ Signed-off-by: Roland McGrath <roland@redhat.com>
|
|||
7 files changed, 17 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
|
||||
index 6d20b7d162d8..863a01bde0bf 100644
|
||||
index ff3bddea482d..d8a439dd6351 100644
|
||||
--- a/arch/arm64/kernel/vdso/Makefile
|
||||
+++ b/arch/arm64/kernel/vdso/Makefile
|
||||
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S
|
||||
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S FORCE
|
||||
|
||||
# Actual build commands
|
||||
quiet_cmd_vdsold = VDSOL $@
|
||||
quiet_cmd_vdsold = VDSOL $@
|
||||
- cmd_vdsold = $(CC) $(c_flags) -Wl,-n -Wl,-T $^ -o $@
|
||||
+ cmd_vdsold = $(CC) $(c_flags) -Wl,-n -Wl,-T $^ -o $@ \
|
||||
+ $(if $(AFTER_LINK),;$(AFTER_LINK))
|
||||
quiet_cmd_vdsoas = VDSOA $@
|
||||
+ $(if $(AFTER_LINK),;$(AFTER_LINK))
|
||||
quiet_cmd_vdsoas = VDSOA $@
|
||||
cmd_vdsoas = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/powerpc/kernel/vdso32/Makefile b/arch/powerpc/kernel/vdso32/Makefile
|
||||
|
@ -91,10 +90,10 @@ index 2a8ddfd12a5b..452ca53561fe 100644
|
|||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
|
||||
index 9206ac7961a5..3d7f533f6757 100644
|
||||
index 5a4affe025e8..8ff38ce94c8e 100644
|
||||
--- a/arch/x86/vdso/Makefile
|
||||
+++ b/arch/x86/vdso/Makefile
|
||||
@@ -181,8 +181,9 @@ $(obj)/vdso32-syms.lds: $(vdso32.so-y:%=$(obj)/vdso32-%-syms.lds) FORCE
|
||||
@@ -171,8 +171,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
|
||||
quiet_cmd_vdso = VDSO $@
|
||||
cmd_vdso = $(CC) -nostdlib -o $@ \
|
||||
$(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
|
||||
|
@ -105,9 +104,9 @@ index 9206ac7961a5..3d7f533f6757 100644
|
|||
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
|
||||
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
|
||||
$(LTO_CFLAGS)
|
||||
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
|
||||
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
|
||||
index 2dcb37736d84..25e170e92ef1 100644
|
||||
index 86a4fe75f453..161637ed5611 100644
|
||||
--- a/scripts/link-vmlinux.sh
|
||||
+++ b/scripts/link-vmlinux.sh
|
||||
@@ -65,6 +65,10 @@ vmlinux_link()
|
||||
|
@ -122,5 +121,5 @@ index 2dcb37736d84..25e170e92ef1 100644
|
|||
|
||||
|
||||
--
|
||||
1.8.5.3
|
||||
1.9.3
|
||||
|
184
kernel.spec
184
kernel.spec
|
@ -68,13 +68,13 @@ Summary: The Linux kernel
|
|||
# base_sublevel is the kernel version we're starting with and patching
|
||||
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
|
||||
# which yields a base_sublevel of 0.
|
||||
%define base_sublevel 16
|
||||
%define base_sublevel 17
|
||||
|
||||
## If this is a released kernel ##
|
||||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 7
|
||||
%define stable_update 2
|
||||
# Is it a -stable RC?
|
||||
%define stable_rc 0
|
||||
# Set rpm version accordingly
|
||||
|
@ -610,7 +610,7 @@ Patch00: patch-3.%{base_sublevel}-git%{gitrev}.xz
|
|||
Patch04: compile-fixes.patch
|
||||
|
||||
# build tweak for build ID magic, even for -vanilla
|
||||
Patch05: makefile-after_link.patch
|
||||
Patch05: kbuild-AFTER_LINK.patch
|
||||
|
||||
%if !%{nopatches}
|
||||
|
||||
|
@ -628,20 +628,38 @@ Patch470: die-floppy-die.patch
|
|||
|
||||
Patch500: Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
|
||||
|
||||
Patch510: silence-noise.patch
|
||||
Patch510: input-silence-i8042-noise.patch
|
||||
Patch530: silence-fbcon-logo.patch
|
||||
|
||||
Patch600: 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
Patch600: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
|
||||
Patch800: crash-driver.patch
|
||||
|
||||
# crypto/
|
||||
|
||||
# secure boot
|
||||
Patch1000: secure-modules.patch
|
||||
Patch1001: modsign-uefi.patch
|
||||
# atch1002: sb-hibernate.patch
|
||||
Patch1003: sysrq-secure-boot.patch
|
||||
Patch1000: Add-secure_modules-call.patch
|
||||
Patch1001: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
|
||||
Patch1002: x86-Lock-down-IO-port-access-when-module-security-is.patch
|
||||
Patch1003: ACPI-Limit-access-to-custom_method.patch
|
||||
Patch1004: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
|
||||
Patch1005: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
|
||||
Patch1006: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
|
||||
Patch1007: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
|
||||
Patch1008: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
|
||||
Patch1009: Add-option-to-automatically-enforce-module-signature.patch
|
||||
Patch1010: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
|
||||
Patch1011: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
|
||||
Patch1012: efi-Add-EFI_SECURE_BOOT-bit.patch
|
||||
Patch1013: hibernate-Disable-in-a-signed-modules-environment.patch
|
||||
|
||||
Patch1014: Add-EFI-signature-data-types.patch
|
||||
Patch1015: Add-an-EFI-signature-blob-parser-and-key-loader.patch
|
||||
Patch1016: KEYS-Add-a-system-blacklist-keyring.patch
|
||||
Patch1017: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
|
||||
Patch1018: MODSIGN-Support-not-importing-certs-from-db.patch
|
||||
|
||||
Patch1019: Add-sysrq-option-to-disable-secure-boot-mode.patch
|
||||
|
||||
# virt + ksm patches
|
||||
|
||||
|
@ -664,16 +682,25 @@ Patch14000: hibernate-freeze-filesystems.patch
|
|||
|
||||
Patch14010: lis3-improve-handling-of-null-rate.patch
|
||||
|
||||
Patch15000: nowatchdog-on-virt.patch
|
||||
Patch15000: watchdog-Disable-watchdog-on-virtual-machines.patch
|
||||
|
||||
# PPC
|
||||
Patch18000: ppc64-fixtools.patch
|
||||
# ARM64
|
||||
|
||||
# ARMv7
|
||||
Patch21020: arm-tegra-usb-no-reset-linux33.patch
|
||||
Patch21021: arm-beagle.patch
|
||||
Patch21022: arm-imx6-utilite.patch
|
||||
# http://www.spinics.net/lists/linux-tegra/msg17948.html
|
||||
Patch21024: arm-qemu-fixdisplay.patch
|
||||
Patch21020: ARM-tegra-usb-no-reset.patch
|
||||
Patch21021: arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
|
||||
Patch21022: arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
|
||||
Patch21023: arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
|
||||
Patch21024: arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
|
||||
Patch21025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
|
||||
Patch21026: pinctrl-pinctrl-single-must-be-initialized-early.patch
|
||||
|
||||
Patch21028: arm-i.MX6-Utilite-device-dtb.patch
|
||||
Patch21029: arm-dts-sun7i-bananapi.patch
|
||||
|
||||
Patch21100: arm-highbank-l2-reverts.patch
|
||||
|
||||
#rhbz 754518
|
||||
Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
|
@ -682,44 +709,36 @@ Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
|||
Patch21242: criu-no-expert.patch
|
||||
|
||||
#rhbz 892811
|
||||
Patch21247: ath9k_rx_dma_stop_check.patch
|
||||
Patch21247: ath9k-rx-dma-stop-check.patch
|
||||
|
||||
Patch22000: weird-root-dentry-name-debug.patch
|
||||
|
||||
#rhbz 1025603
|
||||
Patch25063: disable-libdw-unwind-on-non-x86.patch
|
||||
|
||||
Patch26000: perf-lib64.patch
|
||||
Patch26000: perf-install-trace-event-plugins.patch
|
||||
|
||||
# Patch series from Hans for various backlight and platform driver fixes
|
||||
Patch26002: samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
|
||||
Patch26004: asus-wmi-Add-a-no-backlight-quirk.patch
|
||||
Patch26005: eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
|
||||
|
||||
Patch25109: revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
|
||||
|
||||
#rhbz 1021036, submitted upstream
|
||||
Patch25110: 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
|
||||
|
||||
#rhbz 1134969
|
||||
Patch26019: Input-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
Patch26016: HID-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
|
||||
#rhbz 1110011
|
||||
Patch26021: i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
|
||||
Patch26022: psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
|
||||
Patch26023: psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
|
||||
Patch26019: psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
|
||||
Patch26020: psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
|
||||
|
||||
#rhbz 1143812
|
||||
Patch26027: HID-i2c-hid-call-the-hid-driver-s-suspend-and-resume.patch
|
||||
#rhbz 1138759
|
||||
Patch26021: drm-vmwgfx-Fix-drm.h-include.patch
|
||||
|
||||
#rhbz 1145318
|
||||
Patch26029: KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch
|
||||
|
||||
Patch26030: GFS2-Make-rename-not-save-dirent-location.patch
|
||||
|
||||
#CVE-2014-7970 rhbz 1151095 1151484
|
||||
Patch26032: mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch
|
||||
|
||||
#rhbz 1149414
|
||||
Patch26033: bcache-Make-sure-to-pass-GFP_WAIT-to-mempool_alloc.patch
|
||||
|
||||
#rhbz 1149509
|
||||
Patch26034: USB-core-add-device-qualifier-quirk.patch
|
||||
Patch26035: USB-quirks-enable-device-qualifier-quirk-for-Elan-To.patch
|
||||
|
@ -755,6 +774,7 @@ Patch26064: i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch
|
|||
# CVE-2014-3611 kvm: PIT timer race condition (rhbz 1144878 1156537)
|
||||
# CVE-2014-3646 kvm: vmx: invvpid vm exit not handled (rhbz 1144825 1156534)
|
||||
# CVE-2014-8369 kvm: excessive pages un-pinning in kvm_iommu_map error path (rhbz 1156518 1156522)
|
||||
# CVE-2014-8480 CVE-2014-8481 kvm: NULL pointer dereference during rip relative instruction emulation (rhbz 1156615 1156616)
|
||||
Patch26070: KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch
|
||||
Patch26071: KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch
|
||||
Patch26072: KVM-x86-Improve-thread-safety-in-pit.patch
|
||||
|
@ -763,13 +783,17 @@ Patch26074: KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch
|
|||
Patch26075: KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch
|
||||
Patch26076: kvm-vmx-handle-invvpid-vm-exit-gracefully.patch
|
||||
Patch26077: kvm-x86-don-t-kill-guest-on-unknown-exit-reason.patch
|
||||
Patch26078: KVM-x86-Decoding-guest-instructions-which-cross-page.patch
|
||||
Patch26079: KVM-emulate-avoid-accessing-NULL-ctxt-memopp.patch
|
||||
Patch26080: KVM-x86-Emulator-does-not-decode-clflush-well.patch
|
||||
Patch26081: KVM-x86-PREFETCH-and-HINT_NOP-should-have-SrcMem-fla.patch
|
||||
Patch26082: kvm-fix-excessive-pages-un-pinning-in-kvm_iommu_map-.patch
|
||||
|
||||
#rhbz 1157327
|
||||
Patch26083: quirk-for-Lenovo-Yoga-3-no-rfkill-switch.patch
|
||||
|
||||
#rhbz 1154454
|
||||
Patch26084: media-cxusb-increase-buffer-length-to-80-bytes.patch
|
||||
#rhbz 1159592
|
||||
Patch26084: x86-microcode-AMD-Fix-early-ucode-loading-on-32-bit.patch
|
||||
|
||||
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
|
||||
Patch30000: kernel-arm64.patch
|
||||
|
@ -1302,7 +1326,7 @@ do
|
|||
rm $i.tmp
|
||||
done
|
||||
|
||||
ApplyPatch makefile-after_link.patch
|
||||
ApplyPatch kbuild-AFTER_LINK.patch
|
||||
|
||||
#
|
||||
# misc small stuff to make things compile
|
||||
|
@ -1316,17 +1340,29 @@ ApplyOptionalPatch upstream-reverts.patch -R
|
|||
|
||||
# Architecture patches
|
||||
# x86(-64)
|
||||
ApplyPatch 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
ApplyPatch lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
|
||||
# PPC
|
||||
ApplyPatch ppc64-fixtools.patch
|
||||
|
||||
# ARM64
|
||||
|
||||
#
|
||||
# ARM
|
||||
#
|
||||
ApplyPatch arm-tegra-usb-no-reset-linux33.patch
|
||||
ApplyPatch arm-beagle.patch
|
||||
ApplyPatch arm-imx6-utilite.patch
|
||||
ApplyPatch arm-qemu-fixdisplay.patch
|
||||
ApplyPatch ARM-tegra-usb-no-reset.patch
|
||||
|
||||
ApplyPatch arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
|
||||
ApplyPatch arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
|
||||
ApplyPatch arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
|
||||
ApplyPatch arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
|
||||
ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
|
||||
ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
|
||||
|
||||
ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
|
||||
ApplyPatch arm-dts-sun7i-bananapi.patch
|
||||
|
||||
ApplyPatch arm-highbank-l2-reverts.patch
|
||||
|
||||
#
|
||||
# bugfixes to drivers and filesystems
|
||||
|
@ -1374,7 +1410,7 @@ ApplyPatch die-floppy-die.patch
|
|||
ApplyPatch no-pcspkr-modalias.patch
|
||||
|
||||
# Silence some useless messages that still get printed with 'quiet'
|
||||
ApplyPatch silence-noise.patch
|
||||
ApplyPatch input-silence-i8042-noise.patch
|
||||
|
||||
# Make fbcon not show the penguins with 'quiet'
|
||||
ApplyPatch silence-fbcon-logo.patch
|
||||
|
@ -1387,10 +1423,28 @@ ApplyPatch crash-driver.patch
|
|||
# crypto/
|
||||
|
||||
# secure boot
|
||||
ApplyPatch secure-modules.patch
|
||||
ApplyPatch modsign-uefi.patch
|
||||
# pplyPatch sb-hibernate.patch
|
||||
ApplyPatch sysrq-secure-boot.patch
|
||||
ApplyPatch Add-secure_modules-call.patch
|
||||
ApplyPatch PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
|
||||
ApplyPatch x86-Lock-down-IO-port-access-when-module-security-is.patch
|
||||
ApplyPatch ACPI-Limit-access-to-custom_method.patch
|
||||
ApplyPatch asus-wmi-Restrict-debugfs-interface-when-module-load.patch
|
||||
ApplyPatch Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
|
||||
ApplyPatch acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
|
||||
ApplyPatch kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
|
||||
ApplyPatch x86-Restrict-MSR-access-when-module-loading-is-restr.patch
|
||||
ApplyPatch Add-option-to-automatically-enforce-module-signature.patch
|
||||
ApplyPatch efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
|
||||
ApplyPatch efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
|
||||
ApplyPatch efi-Add-EFI_SECURE_BOOT-bit.patch
|
||||
ApplyPatch hibernate-Disable-in-a-signed-modules-environment.patch
|
||||
|
||||
ApplyPatch Add-EFI-signature-data-types.patch
|
||||
ApplyPatch Add-an-EFI-signature-blob-parser-and-key-loader.patch
|
||||
ApplyPatch KEYS-Add-a-system-blacklist-keyring.patch
|
||||
ApplyPatch MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
|
||||
ApplyPatch MODSIGN-Support-not-importing-certs-from-db.patch
|
||||
|
||||
ApplyPatch Add-sysrq-option-to-disable-secure-boot-mode.patch
|
||||
|
||||
# Assorted Virt Fixes
|
||||
|
||||
|
@ -1412,7 +1466,7 @@ ApplyPatch disable-i8042-check-on-apple-mac.patch
|
|||
ApplyPatch lis3-improve-handling-of-null-rate.patch
|
||||
|
||||
# Disable watchdog on virtual machines.
|
||||
ApplyPatch nowatchdog-on-virt.patch
|
||||
ApplyPatch watchdog-Disable-watchdog-on-virtual-machines.patch
|
||||
|
||||
#rhbz 754518
|
||||
ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
|
@ -1423,42 +1477,34 @@ ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
|||
ApplyPatch criu-no-expert.patch
|
||||
|
||||
#rhbz 892811
|
||||
ApplyPatch ath9k_rx_dma_stop_check.patch
|
||||
ApplyPatch ath9k-rx-dma-stop-check.patch
|
||||
|
||||
#rhbz 1025603
|
||||
ApplyPatch disable-libdw-unwind-on-non-x86.patch
|
||||
|
||||
ApplyPatch perf-lib64.patch
|
||||
ApplyPatch perf-install-trace-event-plugins.patch
|
||||
|
||||
# Patch series from Hans for various backlight and platform driver fixes
|
||||
ApplyPatch samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
|
||||
ApplyPatch asus-wmi-Add-a-no-backlight-quirk.patch
|
||||
ApplyPatch eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
|
||||
|
||||
ApplyPatch revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
|
||||
|
||||
#rhbz 1021036, submitted upstream
|
||||
ApplyPatch 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
|
||||
|
||||
#rhbz 1134969
|
||||
ApplyPatch Input-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
ApplyPatch HID-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
|
||||
#rhbz 1110011
|
||||
ApplyPatch i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
|
||||
ApplyPatch psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
|
||||
ApplyPatch psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
|
||||
|
||||
#rhbz 1143812
|
||||
ApplyPatch HID-i2c-hid-call-the-hid-driver-s-suspend-and-resume.patch
|
||||
#rhbz 1138759
|
||||
ApplyPatch drm-vmwgfx-Fix-drm.h-include.patch
|
||||
|
||||
#rhbz 1145318
|
||||
ApplyPatch KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch
|
||||
|
||||
ApplyPatch GFS2-Make-rename-not-save-dirent-location.patch
|
||||
|
||||
#CVE-2014-7970 rhbz 1151095 1151484
|
||||
ApplyPatch mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch
|
||||
|
||||
#rhbz 1149414
|
||||
ApplyPatch bcache-Make-sure-to-pass-GFP_WAIT-to-mempool_alloc.patch
|
||||
|
||||
#rhbz 1149509
|
||||
ApplyPatch USB-core-add-device-qualifier-quirk.patch
|
||||
ApplyPatch USB-quirks-enable-device-qualifier-quirk-for-Elan-To.patch
|
||||
|
@ -1494,6 +1540,7 @@ ApplyPatch i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch
|
|||
# CVE-2014-3611 kvm: PIT timer race condition (rhbz 1144878 1156537)
|
||||
# CVE-2014-3646 kvm: vmx: invvpid vm exit not handled (rhbz 1144825 1156534)
|
||||
# CVE-2014-8369 kvm: excessive pages un-pinning in kvm_iommu_map error path (rhbz 1156518 1156522)
|
||||
# CVE-2014-8480 CVE-2014-8481 kvm: NULL pointer dereference during rip relative instruction emulation (rhbz 1156615 1156616)
|
||||
ApplyPatch KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch
|
||||
ApplyPatch KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch
|
||||
ApplyPatch KVM-x86-Improve-thread-safety-in-pit.patch
|
||||
|
@ -1502,13 +1549,17 @@ ApplyPatch KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch
|
|||
ApplyPatch KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch
|
||||
ApplyPatch kvm-vmx-handle-invvpid-vm-exit-gracefully.patch
|
||||
ApplyPatch kvm-x86-don-t-kill-guest-on-unknown-exit-reason.patch
|
||||
ApplyPatch KVM-x86-Decoding-guest-instructions-which-cross-page.patch
|
||||
ApplyPatch KVM-emulate-avoid-accessing-NULL-ctxt-memopp.patch
|
||||
ApplyPatch KVM-x86-Emulator-does-not-decode-clflush-well.patch
|
||||
ApplyPatch KVM-x86-PREFETCH-and-HINT_NOP-should-have-SrcMem-fla.patch
|
||||
ApplyPatch kvm-fix-excessive-pages-un-pinning-in-kvm_iommu_map-.patch
|
||||
|
||||
#rhbz 1157327
|
||||
ApplyPatch quirk-for-Lenovo-Yoga-3-no-rfkill-switch.patch
|
||||
|
||||
#rhbz 1154454
|
||||
ApplyPatch media-cxusb-increase-buffer-length-to-80-bytes.patch
|
||||
#rhbz 1159592
|
||||
ApplyPatch x86-microcode-AMD-Fix-early-ucode-loading-on-32-bit.patch
|
||||
|
||||
%if 0%{?aarch64patches}
|
||||
ApplyPatch kernel-arm64.patch
|
||||
|
@ -2328,6 +2379,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Tue Nov 04 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.17.2-200
|
||||
- Linux v3.17.2
|
||||
|
||||
* Thu Oct 30 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.16.7-200
|
||||
- Linux v3.16.7
|
||||
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
|
||||
loading restrictions
|
||||
|
||||
kexec permits the loading and execution of arbitrary code in ring 0, which
|
||||
is something that module signing enforcement is meant to prevent. It makes
|
||||
sense to disable kexec in this situation.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
kernel/kexec.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index 2bee072268d9..891477dbfee0 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -1251,6 +1252,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
+ * kexec can be used to circumvent module loading restrictions, so
|
||||
+ * prevent loading in that case
|
||||
+ */
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
+ /*
|
||||
* Verify we have a legal set of flags
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,7 +1,3 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: Nak'd, supposedly replacement coming to auto-select
|
||||
|
||||
From 0f3f5c5b4ca2eb1f41947c50bedb9b17aa1a1f80 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 11 Nov 2013 08:39:16 -0500
|
||||
Subject: [PATCH] lib/cpumask: Make CPUMASK_OFFSTACK usable without debug
|
||||
|
@ -14,16 +10,19 @@ operation of the feature, and we need CPUMASK_OFFSTACK to increase the
|
|||
NR_CPUS value beyond 512 on x86. We drop the current dependency and make
|
||||
sure SMP is set.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Nak'd, supposedly replacement coming to auto-select
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
lib/Kconfig | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/Kconfig b/lib/Kconfig
|
||||
index b3c8be0..50b47cd 100644
|
||||
index 54cf309a92a5..64f8bb4882fb 100644
|
||||
--- a/lib/Kconfig
|
||||
+++ b/lib/Kconfig
|
||||
@@ -342,7 +342,8 @@ config CHECK_SIGNATURE
|
||||
@@ -382,7 +382,8 @@ config CHECK_SIGNATURE
|
||||
bool
|
||||
|
||||
config CPUMASK_OFFSTACK
|
||||
|
@ -34,5 +33,5 @@ index b3c8be0..50b47cd 100644
|
|||
Use dynamic allocation for cpumask_var_t, instead of putting
|
||||
them on the stack. This is a bit more expensive, but avoids
|
||||
--
|
||||
1.8.3.1
|
||||
1.9.3
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
From eb9da073bd002f2968c84129a5c49625911a3199 Mon Sep 17 00:00:00 2001
|
||||
From: Mauro Carvalho Chehab <m.chehab@samsung.com>
|
||||
Date: Mon, 30 Jun 2014 11:56:33 -0300
|
||||
Subject: [PATCH] [media] cxusb: increase buffer length to 80 bytes
|
||||
|
||||
As reported by Vincent:
|
||||
[ 16.332247] xc2028 0-0061: Loading firmware for type=BASE F8MHZ (3), id 0000000000000000.
|
||||
[ 16.344378] cxusb: i2c wr: len=64 is too big!
|
||||
|
||||
64 bytes is too short for firmware load on this device. So, increase it
|
||||
to 80 bytes.
|
||||
|
||||
Bugzilla: 1154454
|
||||
Upstream-status: 3.17
|
||||
|
||||
Reported-by: Vincent McIntyre <vincent.mcintyre@gmail.com>
|
||||
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
|
||||
---
|
||||
drivers/media/usb/dvb-usb/cxusb.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c
|
||||
index b7461ac1ce74..f379f7e1fcb0 100644
|
||||
--- a/drivers/media/usb/dvb-usb/cxusb.c
|
||||
+++ b/drivers/media/usb/dvb-usb/cxusb.c
|
||||
@@ -46,7 +46,7 @@
|
||||
#include "si2157.h"
|
||||
|
||||
/* Max transfer size done by I2C transfer functions */
|
||||
-#define MAX_XFER_SIZE 64
|
||||
+#define MAX_XFER_SIZE 80
|
||||
|
||||
/* debug */
|
||||
static int dvb_usb_cxusb_debug;
|
||||
--
|
||||
2.1.0
|
||||
|
|
@ -1,624 +0,0 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
From fa2bfe718da40bf24f92c85846577e9bc788882c Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||
Subject: [PATCH 1/5] Add EFI signature data types
|
||||
|
||||
Add the data types that are used for containing hashes, keys and certificates
|
||||
for cryptographic verification.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
include/linux/efi.h | 20 ++++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index e73f391fd3c8..3d66a61bbbca 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -578,6 +578,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
|
||||
#define DEVICE_TREE_GUID \
|
||||
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
|
||||
|
||||
+#define EFI_CERT_SHA256_GUID \
|
||||
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
|
||||
+
|
||||
+#define EFI_CERT_X509_GUID \
|
||||
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
@@ -793,6 +799,20 @@ typedef struct _efi_file_io_interface {
|
||||
|
||||
#define EFI_INVALID_TABLE_ADDR (~0UL)
|
||||
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_owner;
|
||||
+ u8 signature_data[];
|
||||
+} efi_signature_data_t;
|
||||
+
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_type;
|
||||
+ u32 signature_list_size;
|
||||
+ u32 signature_header_size;
|
||||
+ u32 signature_size;
|
||||
+ u8 signature_header[];
|
||||
+ /* efi_signature_data_t signatures[][] */
|
||||
+} efi_signature_list_t;
|
||||
+
|
||||
/*
|
||||
* All runtime access to EFI goes through this structure:
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 922e0512ce70101b596558d5bb075cd40a450322 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH 2/5] Add an EFI signature blob parser and key loader.
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
crypto/asymmetric_keys/Kconfig | 8 +++
|
||||
crypto/asymmetric_keys/Makefile | 1 +
|
||||
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
|
||||
include/linux/efi.h | 4 ++
|
||||
4 files changed, 122 insertions(+)
|
||||
create mode 100644 crypto/asymmetric_keys/efi_parser.c
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
|
||||
index 03a6eb95ab50..6306ffc2a7fe 100644
|
||||
--- a/crypto/asymmetric_keys/Kconfig
|
||||
+++ b/crypto/asymmetric_keys/Kconfig
|
||||
@@ -37,4 +37,12 @@ config X509_CERTIFICATE_PARSER
|
||||
data and provides the ability to instantiate a crypto key from a
|
||||
public key packet found inside the certificate.
|
||||
|
||||
+config EFI_SIGNATURE_LIST_PARSER
|
||||
+ bool "EFI signature list parser"
|
||||
+ depends on EFI
|
||||
+ select X509_CERTIFICATE_PARSER
|
||||
+ help
|
||||
+ This option provides support for parsing EFI signature lists for
|
||||
+ X.509 certificates and turning them into keys.
|
||||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index 0727204aab68..cd8388e5f2f1 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
|
||||
|
||||
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
|
||||
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
|
||||
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
|
||||
|
||||
#
|
||||
# X.509 Certificate handling
|
||||
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
|
||||
new file mode 100644
|
||||
index 000000000000..424896a0b169
|
||||
--- /dev/null
|
||||
+++ b/crypto/asymmetric_keys/efi_parser.c
|
||||
@@ -0,0 +1,109 @@
|
||||
+/* EFI signature/key/certificate list parser
|
||||
+ *
|
||||
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
||||
+ * Written by David Howells (dhowells@redhat.com)
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU General Public Licence
|
||||
+ * as published by the Free Software Foundation; either version
|
||||
+ * 2 of the Licence, or (at your option) any later version.
|
||||
+ */
|
||||
+
|
||||
+#define pr_fmt(fmt) "EFI: "fmt
|
||||
+#include <linux/module.h>
|
||||
+#include <linux/printk.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+
|
||||
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
|
||||
+
|
||||
+/**
|
||||
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
|
||||
+ * @data: The data blob to parse
|
||||
+ * @size: The size of the data blob
|
||||
+ * @keyring: The keyring to add extracted keys to
|
||||
+ */
|
||||
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
|
||||
+{
|
||||
+ unsigned offs = 0;
|
||||
+ size_t lsize, esize, hsize, elsize;
|
||||
+
|
||||
+ pr_devel("-->%s(,%zu)\n", __func__, size);
|
||||
+
|
||||
+ while (size > 0) {
|
||||
+ efi_signature_list_t list;
|
||||
+ const efi_signature_data_t *elem;
|
||||
+ key_ref_t key;
|
||||
+
|
||||
+ if (size < sizeof(list))
|
||||
+ return -EBADMSG;
|
||||
+
|
||||
+ memcpy(&list, data, sizeof(list));
|
||||
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
|
||||
+ offs,
|
||||
+ list.signature_type.b, list.signature_list_size,
|
||||
+ list.signature_header_size, list.signature_size);
|
||||
+
|
||||
+ lsize = list.signature_list_size;
|
||||
+ hsize = list.signature_header_size;
|
||||
+ esize = list.signature_size;
|
||||
+ elsize = lsize - sizeof(list) - hsize;
|
||||
+
|
||||
+ if (lsize > size) {
|
||||
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
|
||||
+ __func__, offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+ if (lsize < sizeof(list) ||
|
||||
+ lsize - sizeof(list) < hsize ||
|
||||
+ esize < sizeof(*elem) ||
|
||||
+ elsize < esize ||
|
||||
+ elsize % esize != 0) {
|
||||
+ pr_devel("- bad size combo @%x\n", offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+
|
||||
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
|
||||
+ data += lsize;
|
||||
+ size -= lsize;
|
||||
+ offs += lsize;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ data += sizeof(list) + hsize;
|
||||
+ size -= sizeof(list) + hsize;
|
||||
+ offs += sizeof(list) + hsize;
|
||||
+
|
||||
+ for (; elsize > 0; elsize -= esize) {
|
||||
+ elem = data;
|
||||
+
|
||||
+ pr_devel("ELEM[%04x]\n", offs);
|
||||
+
|
||||
+ key = key_create_or_update(
|
||||
+ make_key_ref(keyring, 1),
|
||||
+ "asymmetric",
|
||||
+ NULL,
|
||||
+ &elem->signature_data,
|
||||
+ esize - sizeof(*elem),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA |
|
||||
+ KEY_ALLOC_TRUSTED);
|
||||
+
|
||||
+ if (IS_ERR(key))
|
||||
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
|
||||
+ PTR_ERR(key));
|
||||
+ else
|
||||
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
|
||||
+ key_ref_to_ptr(key)->description,
|
||||
+ keyring->description);
|
||||
+
|
||||
+ data += esize;
|
||||
+ size -= esize;
|
||||
+ offs += esize;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 3d66a61bbbca..7854ff3c0f11 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -901,6 +901,10 @@ extern struct efi_memory_map memmap;
|
||||
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
|
||||
(md) = (void *)(md) + (m)->desc_size)
|
||||
|
||||
+struct key;
|
||||
+extern int __init parse_efi_signature_list(const void *data, size_t size,
|
||||
+ struct key *keyring);
|
||||
+
|
||||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
* @start: starting kvirt address
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 2534dedee545507c00973279d5db515e122b5104 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||
Subject: [PATCH 3/5] KEYS: Add a system blacklist keyring
|
||||
|
||||
This adds an additional keyring that is used to store certificates that
|
||||
are blacklisted. This keyring is searched first when loading signed modules
|
||||
and if the module's certificate is found, it will refuse to load. This is
|
||||
useful in cases where third party certificates are used for module signing.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/keys/system_keyring.h | 4 ++++
|
||||
init/Kconfig | 9 +++++++++
|
||||
kernel/module_signing.c | 12 ++++++++++++
|
||||
kernel/system_keyring.c | 17 +++++++++++++++++
|
||||
4 files changed, 42 insertions(+)
|
||||
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 8dabc399bd1d..e466de10ceec 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -18,6 +18,10 @@
|
||||
|
||||
extern struct key *system_trusted_keyring;
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif
|
||||
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 9d76b99af1b9..ac5f580437a0 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1677,6 +1677,15 @@ config SYSTEM_TRUSTED_KEYRING
|
||||
|
||||
Keys in this keyring are used by module signature checking.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
|
||||
index be5b8fac4bd0..fed815fcdaf2 100644
|
||||
--- a/kernel/module_signing.c
|
||||
+++ b/kernel/module_signing.c
|
||||
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
|
||||
|
||||
pr_debug("Look up: \"%s\"\n", id);
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
|
||||
+ &key_type_asymmetric, id);
|
||||
+ if (!IS_ERR(key)) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key '%s' is in blacklist\n", id);
|
||||
+ key_ref_put(key);
|
||||
+ kfree(id);
|
||||
+ return ERR_PTR(-EKEYREJECTED);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
|
||||
&key_type_asymmetric, id);
|
||||
if (IS_ERR(key))
|
||||
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
|
||||
index 52ebc70263f4..478c4f8ec908 100644
|
||||
--- a/kernel/system_keyring.c
|
||||
+++ b/kernel/system_keyring.c
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
struct key *system_trusted_keyring;
|
||||
EXPORT_SYMBOL_GPL(system_trusted_keyring);
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
|
||||
extern __initconst const u8 system_certificate_list[];
|
||||
extern __initconst const unsigned long system_certificate_list_size;
|
||||
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
|
||||
panic("Can't allocate system trusted keyring\n");
|
||||
|
||||
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
|
||||
+
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
|
||||
+ KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
+ current_cred(),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW | KEY_USR_READ,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
|
||||
+ if (IS_ERR(system_blacklist_keyring))
|
||||
+ panic("Can't allocate system blacklist keyring\n");
|
||||
+
|
||||
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
|
||||
+#endif
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From a72ed58241f0d62b7f9fbf4e1fbbcc1e02145098 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH 4/5] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
||||
Secure Boot stores a list of allowed certificates in the 'db' variable.
|
||||
This imports those certificates into the system trusted keyring. This
|
||||
allows for a third party signing certificate to be used in conjunction
|
||||
with signed modules. By importing the public certificate into the 'db'
|
||||
variable, a user can allow a module signed with that certificate to
|
||||
load. The shim UEFI bootloader has a similar certificate list stored
|
||||
in the 'MokListRT' variable. We import those as well.
|
||||
|
||||
In the opposite case, Secure Boot maintains a list of disallowed
|
||||
certificates in the 'dbx' variable. We load those certificates into
|
||||
the newly introduced system blacklist keyring and forbid any module
|
||||
signed with those from loading.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/linux/efi.h | 6 ++++
|
||||
init/Kconfig | 9 +++++
|
||||
kernel/Makefile | 3 ++
|
||||
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 110 insertions(+)
|
||||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 7854ff3c0f11..31fd75e7230b 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -584,6 +584,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
+
|
||||
+#define EFI_SHIM_LOCK_GUID \
|
||||
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index ac5f580437a0..ca7268b594aa 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1831,6 +1831,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
+config MODULE_SIG_UEFI
|
||||
+ bool "Allow modules signed with certs stored in UEFI"
|
||||
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
|
||||
+ select EFI_SIGNATURE_LIST_PARSER
|
||||
+ help
|
||||
+ This will import certificates stored in UEFI and allow modules
|
||||
+ signed with those to be loaded. It will also disallow loading
|
||||
+ of modules stored in the UEFI dbx variable.
|
||||
+
|
||||
choice
|
||||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index f2a8b6246ce9..706e7952bde5 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
# config_data.h contains the same information as ikconfig.h but gzipped.
|
||||
# Info from config_data can be extracted from /proc/config*
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..94b0eb38a284
|
||||
--- /dev/null
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -0,0 +1,92 @@
|
||||
+#include <linux/kernel.h>
|
||||
+#include <linux/sched.h>
|
||||
+#include <linux/cred.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <linux/slab.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+#include <keys/system_keyring.h>
|
||||
+#include "module-internal.h"
|
||||
+
|
||||
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned long lsize = 4;
|
||||
+ unsigned long tmpdb[4];
|
||||
+ void *db = NULL;
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
|
||||
+ if (status != EFI_BUFFER_TOO_SMALL) {
|
||||
+ pr_err("Couldn't get size: 0x%lx\n", status);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ db = kmalloc(lsize, GFP_KERNEL);
|
||||
+ if (!db) {
|
||||
+ pr_err("Couldn't allocate memory for uefi cert list\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
|
||||
+ if (status != EFI_SUCCESS) {
|
||||
+ kfree(db);
|
||||
+ db = NULL;
|
||||
+ pr_err("Error reading db var: 0x%lx\n", status);
|
||||
+ }
|
||||
+out:
|
||||
+ *size = lsize;
|
||||
+ return db;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * * Load the certs contained in the UEFI databases
|
||||
+ * */
|
||||
+static int __init load_uefi_certs(void)
|
||||
+{
|
||||
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
|
||||
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
+ void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
+ int rc = 0;
|
||||
+
|
||||
+ /* Check if SB is enabled and just return if not */
|
||||
+ if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
+ * an error if we can't get them.
|
||||
+ */
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
+
|
||||
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
+ if (!mok) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
|
||||
+ kfree(mok);
|
||||
+ }
|
||||
+
|
||||
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
|
||||
+ if (!dbx) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(dbx, dbxsize,
|
||||
+ system_blacklist_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
|
||||
+ kfree(dbx);
|
||||
+ }
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+late_initcall(load_uefi_certs);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 11bb98e3a62de77fc66a3e2197578dd9d891b998 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH 5/5] MODSIGN: Support not importing certs from db
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
Have the uefi import code look for this and not import things from the db
|
||||
variable.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 31 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
index 94b0eb38a284..ae28b974d49a 100644
|
||||
--- a/kernel/modsign_uefi.c
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -8,6 +8,23 @@
|
||||
#include <keys/system_keyring.h>
|
||||
#include "module-internal.h"
|
||||
|
||||
+static __init int check_ignore_db(void)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned int db = 0;
|
||||
+ unsigned long size = sizeof(db);
|
||||
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
|
||||
+
|
||||
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
|
||||
+ * then we don't ignore DB. If it succeeds, we do.
|
||||
+ */
|
||||
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
{
|
||||
efi_status_t status;
|
||||
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
|
||||
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
- int rc = 0;
|
||||
+ int ignore_db, rc = 0;
|
||||
|
||||
/* Check if SB is enabled and just return if not */
|
||||
if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
return 0;
|
||||
|
||||
+ /* See if the user has setup Ignore DB mode */
|
||||
+ ignore_db = check_ignore_db();
|
||||
+
|
||||
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
* an error if we can't get them.
|
||||
*/
|
||||
- db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
- if (!db) {
|
||||
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
- } else {
|
||||
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
- if (rc)
|
||||
- pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
- kfree(db);
|
||||
+ if (!ignore_db) {
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
}
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From: Kyle McMartin <kmcmarti@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 15:11:01 -0400
|
||||
Subject: [PATCH] perf: install trace-event plugins
|
||||
|
||||
perf hardcodes $libdir to be lib for all but x86_64, so kludge around it
|
||||
until upstream gets their act together.
|
||||
---
|
||||
tools/perf/config/Makefile | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
|
||||
index 86c21a24da46..bf0fe97bd358 100644
|
||||
--- a/tools/perf/config/Makefile
|
||||
+++ b/tools/perf/config/Makefile
|
||||
@@ -642,8 +642,12 @@ endif
|
||||
ifeq ($(IS_X86_64),1)
|
||||
lib = lib64
|
||||
else
|
||||
+ifdef MULTILIBDIR
|
||||
+lib = $(MULTILIBDIR)
|
||||
+else
|
||||
lib = lib
|
||||
endif
|
||||
+endif
|
||||
libdir = $(prefix)/$(lib)
|
||||
|
||||
# Shell quote (do not use $(call) to accommodate ancient setups);
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
|
||||
index 802cf54..7f30bfa 100644
|
||||
--- a/tools/perf/config/Makefile
|
||||
+++ b/tools/perf/config/Makefile
|
||||
@@ -621,8 +621,12 @@ endif
|
||||
ifeq ($(IS_X86_64),1)
|
||||
lib = lib64
|
||||
else
|
||||
+ifdef MULTILIBDIR
|
||||
+lib = $(MULTILIBDIR)
|
||||
+else
|
||||
lib = lib
|
||||
endif
|
||||
+endif
|
||||
libdir = $(prefix)/$(lib)
|
||||
|
||||
# Shell quote (do not use $(call) to accommodate ancient setups);
|
|
@ -0,0 +1,37 @@
|
|||
From: Pantelis Antoniou <panto@antoniou-consulting.com>
|
||||
Date: Sat, 15 Sep 2012 12:00:41 +0300
|
||||
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
|
||||
|
||||
When using pinctrl-single to handle i2c initialization, it has
|
||||
to be done early. Whether this is the best way to do so, is an
|
||||
exercise left to the reader.
|
||||
---
|
||||
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
|
||||
index 95dd9cf55cb3..800fc34d7ea9 100644
|
||||
--- a/drivers/pinctrl/pinctrl-single.c
|
||||
+++ b/drivers/pinctrl/pinctrl-single.c
|
||||
@@ -2012,7 +2012,17 @@ static struct platform_driver pcs_driver = {
|
||||
#endif
|
||||
};
|
||||
|
||||
-module_platform_driver(pcs_driver);
|
||||
+static int __init pcs_init(void)
|
||||
+{
|
||||
+ return platform_driver_register(&pcs_driver);
|
||||
+}
|
||||
+postcore_initcall(pcs_init);
|
||||
+
|
||||
+static void __exit pcs_exit(void)
|
||||
+{
|
||||
+ platform_driver_unregister(&pcs_driver);
|
||||
+}
|
||||
+module_exit(pcs_exit);
|
||||
|
||||
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
|
||||
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Mon, 6 Oct 2014 15:15:15 +0100
|
||||
Subject: [PATCH] ppc64-fixtools
|
||||
|
||||
Build tools on ppc64le (rhbz 1138884), Some minor ppc64 cleanups
|
||||
---
|
||||
tools/perf/arch/powerpc/util/skip-callchain-idx.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/tools/perf/arch/powerpc/util/skip-callchain-idx.c b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
|
||||
index a7c23a4b3778..d73ef8bb08c7 100644
|
||||
--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c
|
||||
+++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
|
||||
@@ -15,6 +15,7 @@
|
||||
|
||||
#include "util/thread.h"
|
||||
#include "util/callchain.h"
|
||||
+#include "util/debug.h"
|
||||
|
||||
/*
|
||||
* When saving the callchain on Power, the kernel conservatively saves
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
From d0d1fbdb2d34a669ffbec814893696909381ac0e Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 27 Jun 2014 18:46:42 +0200
|
||||
Subject: [PATCH 2/3] psmouse: Add psmouse_matches_pnp_id helper function
|
||||
Subject: [PATCH] psmouse: Add psmouse_matches_pnp_id helper function
|
||||
|
||||
The matches_pnp_id function from the synaptics driver is useful for other
|
||||
drivers too. Make it a generic psmouse helper function.
|
||||
|
@ -17,7 +16,7 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|||
3 files changed, 18 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
|
||||
index cff065f6261c..bc1bc2653f15 100644
|
||||
index b4e1f014ddc2..02e68c3008a3 100644
|
||||
--- a/drivers/input/mouse/psmouse-base.c
|
||||
+++ b/drivers/input/mouse/psmouse-base.c
|
||||
@@ -462,6 +462,20 @@ static int psmouse_poll(struct psmouse *psmouse)
|
||||
|
@ -54,7 +53,7 @@ index 2f0b39d59a9b..f4cf664c7db3 100644
|
|||
struct psmouse_attribute {
|
||||
struct device_attribute dattr;
|
||||
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
|
||||
index e8573c68f77e..854caca6e86e 100644
|
||||
index fd23181c1fb7..6394d9b5bfd3 100644
|
||||
--- a/drivers/input/mouse/synaptics.c
|
||||
+++ b/drivers/input/mouse/synaptics.c
|
||||
@@ -185,18 +185,6 @@ static const char * const topbuttonpad_pnp_ids[] = {
|
||||
|
@ -86,7 +85,7 @@ index e8573c68f77e..854caca6e86e 100644
|
|||
priv->x_min = min_max_pnpid_table[i].x_min;
|
||||
priv->x_max = min_max_pnpid_table[i].x_max;
|
||||
priv->y_min = min_max_pnpid_table[i].y_min;
|
||||
@@ -1456,7 +1445,7 @@ static void set_input_params(struct psmouse *psmouse,
|
||||
@@ -1492,7 +1481,7 @@ static void set_input_params(struct psmouse *psmouse,
|
||||
|
||||
if (SYN_CAP_CLICKPAD(priv->ext_cap_0c)) {
|
||||
__set_bit(INPUT_PROP_BUTTONPAD, dev->propbit);
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
From 4ab16f30317966f892342e8821a6dc26070d1a06 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 27 Jun 2014 18:50:33 +0200
|
||||
Subject: [PATCH 3/3] psmouse: Add support for detecting FocalTech PS/2
|
||||
touchpads
|
||||
Subject: [PATCH] psmouse: Add support for detecting FocalTech PS/2 touchpads
|
||||
|
||||
The Asus X450 and X550 laptops use a PS/2 touchpad from a new manufacturer
|
||||
called FocalTech:
|
||||
|
@ -120,7 +118,7 @@ index 000000000000..0d0fc49451fe
|
|||
+
|
||||
+#endif
|
||||
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
|
||||
index bc1bc2653f15..0730209cddb0 100644
|
||||
index 02e68c3008a3..2c8c8e2172a2 100644
|
||||
--- a/drivers/input/mouse/psmouse-base.c
|
||||
+++ b/drivers/input/mouse/psmouse-base.c
|
||||
@@ -35,6 +35,7 @@
|
||||
|
@ -131,7 +129,7 @@ index bc1bc2653f15..0730209cddb0 100644
|
|||
|
||||
#define DRIVER_DESC "PS/2 mouse driver"
|
||||
|
||||
@@ -720,6 +721,13 @@ static int psmouse_extensions(struct psmouse *psmouse,
|
||||
@@ -722,6 +723,13 @@ static int psmouse_extensions(struct psmouse *psmouse,
|
||||
{
|
||||
bool synaptics_hardware = false;
|
||||
|
||||
|
@ -145,7 +143,7 @@ index bc1bc2653f15..0730209cddb0 100644
|
|||
/*
|
||||
* We always check for lifebook because it does not disturb mouse
|
||||
* (it only checks DMI information).
|
||||
@@ -871,6 +879,8 @@ static int psmouse_extensions(struct psmouse *psmouse,
|
||||
@@ -873,6 +881,8 @@ static int psmouse_extensions(struct psmouse *psmouse,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: Sent upstream
|
||||
|
||||
This reverts commit 1b2faaf7e219fc2905d75afcd4c815e5d39eda80.
|
||||
|
||||
The Intuos4 series presents a bug in which it hangs if it receives
|
||||
a set feature command while switching to the enhanced mode.
|
||||
This bug is triggered when plugging an Intuos 4 while having
|
||||
a gnome user session up and running.
|
||||
|
||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>
|
||||
---
|
||||
|
||||
Hi Aris,
|
||||
|
||||
actually, you bisected the bug, so can I consider that I have your signed-off-by?
|
||||
|
||||
Cheers,
|
||||
Benjamin
|
||||
|
||||
drivers/input/tablet/wacom_sys.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/tablet/wacom_sys.c b/drivers/input/tablet/wacom_sys.c
|
||||
index 7087b33..319a3ff 100644
|
||||
--- a/drivers/input/tablet/wacom_sys.c
|
||||
+++ b/drivers/input/tablet/wacom_sys.c
|
||||
@@ -536,6 +536,9 @@ static int wacom_set_device_mode(struct usb_interface *intf, int report_id, int
|
||||
|
||||
error = wacom_set_report(intf, WAC_HID_FEATURE_REPORT,
|
||||
report_id, rep_data, length, 1);
|
||||
+ if (error >= 0)
|
||||
+ error = wacom_get_report(intf, WAC_HID_FEATURE_REPORT,
|
||||
+ report_id, rep_data, length, 1);
|
||||
} while ((error < 0 || rep_data[1] != mode) && limit++ < WAC_MSG_RETRIES);
|
||||
|
||||
kfree(rep_data);
|
||||
--
|
||||
1.9.0
|
||||
|
|
@ -1,13 +1,25 @@
|
|||
--- a/drivers/scsi/sd.c
|
||||
+++ a/drivers/scsi/sd.c
|
||||
@@ -2362,13 +2362,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Fri, 10 Feb 2012 14:56:13 -0500
|
||||
Subject: [PATCH] scsi: sd_revalidate_disk prevent NULL ptr deref
|
||||
|
||||
Bugzilla: 754518
|
||||
Upstream-status: Fedora mustard (might be worth dropping...)
|
||||
---
|
||||
drivers/scsi/sd.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
|
||||
index 2c2041ca4b70..e10812d985af 100644
|
||||
--- a/drivers/scsi/sd.c
|
||||
+++ b/drivers/scsi/sd.c
|
||||
@@ -2749,13 +2749,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
|
||||
static int sd_revalidate_disk(struct gendisk *disk)
|
||||
{
|
||||
struct scsi_disk *sdkp = scsi_disk(disk);
|
||||
- struct scsi_device *sdp = sdkp->device;
|
||||
+ struct scsi_device *sdp;
|
||||
unsigned char *buffer;
|
||||
unsigned flush = 0;
|
||||
unsigned int max_xfer;
|
||||
|
||||
SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
|
||||
"sd_revalidate_disk\n"));
|
||||
|
@ -20,3 +32,6 @@
|
|||
/*
|
||||
* If the device is offline, don't try and read capacity or any
|
||||
* of the other niceties.
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
|
|
@ -1,877 +0,0 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
|
||||
|
||||
From 952dbcbea4cffb1a05773af3b5f41e8ed477c5fe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH 01/14] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
only modules signed with a trusted key.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
include/linux/module.h | 7 +++++++
|
||||
kernel/module.c | 10 ++++++++++
|
||||
2 files changed, 17 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index f520a767c86c..fc9b54eb779e 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -509,6 +509,8 @@ int unregister_module_notifier(struct notifier_block *nb);
|
||||
|
||||
extern void print_modules(void);
|
||||
|
||||
+extern bool secure_modules(void);
|
||||
+
|
||||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
/* Given an address, look for it in the exception tables. */
|
||||
@@ -619,6 +621,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
|
||||
static inline void print_modules(void)
|
||||
{
|
||||
}
|
||||
+
|
||||
+static inline bool secure_modules(void)
|
||||
+{
|
||||
+ return false;
|
||||
+}
|
||||
#endif /* CONFIG_MODULES */
|
||||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 81e727cf6df9..fc14f48915dd 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3843,3 +3843,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
+
|
||||
+bool secure_modules(void)
|
||||
+{
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ return (sig_enforce || modules_disabled);
|
||||
+#else
|
||||
+ return modules_disabled;
|
||||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 3b451a12e60a47d152ecce1c02634c4d7320b024 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
|
||||
enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
kernel code, allowing them to circumvent disabled module loading or module
|
||||
signing. Default to paranoid - in future we can potentially relax this for
|
||||
sufficiently IOMMU-isolated devices.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/pci/pci-sysfs.c | 10 ++++++++++
|
||||
drivers/pci/proc.c | 8 +++++++-
|
||||
drivers/pci/syscall.c | 3 ++-
|
||||
3 files changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index 9ff0a901ecf7..8d0d5d92b8d9 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <linux/vgaarb.h>
|
||||
#include <linux/pm_runtime.h>
|
||||
#include <linux/of.h>
|
||||
+#include <linux/module.h>
|
||||
#include "pci.h"
|
||||
|
||||
static int sysfs_initialized; /* = 0 */
|
||||
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
loff_t init_off = off;
|
||||
u8 *data = (u8 *) buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (off > dev->cfg_size)
|
||||
return 0;
|
||||
if (off + count > dev->cfg_size) {
|
||||
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
resource_size_t start, end;
|
||||
int i;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
||||
if (res == &pdev->resource[i])
|
||||
break;
|
||||
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *attr, char *buf,
|
||||
loff_t off, size_t count)
|
||||
{
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
|
||||
}
|
||||
|
||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||
index 3f155e78513f..4265ea07e3b0 100644
|
||||
--- a/drivers/pci/proc.c
|
||||
+++ b/drivers/pci/proc.c
|
||||
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
|
||||
int size = dev->cfg_size;
|
||||
int cnt;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (pos >= size)
|
||||
return 0;
|
||||
if (nbytes >= size)
|
||||
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
|
||||
#endif /* HAVE_PCI_MMAP */
|
||||
int ret = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
switch (cmd) {
|
||||
case PCIIOC_CONTROLLER:
|
||||
ret = pci_domain_nr(dev->bus);
|
||||
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
struct pci_filp_private *fpriv = file->private_data;
|
||||
int i, ret;
|
||||
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
/* Make sure the caller is mapping a real resource for this device */
|
||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||
index b91c4da68365..98f5637304d1 100644
|
||||
--- a/drivers/pci/syscall.c
|
||||
+++ b/drivers/pci/syscall.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/errno.h>
|
||||
#include <linux/pci.h>
|
||||
#include <linux/syscalls.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include "pci.h"
|
||||
|
||||
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
||||
u32 dword;
|
||||
int err = 0;
|
||||
|
||||
- if (!capable(CAP_SYS_ADMIN))
|
||||
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 42a620055ac873fb378ec69731c7a2200f6779cc Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
||||
Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
|
||||
enabled
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO register
|
||||
space. This would potentially permit root to trigger arbitrary DMA, so lock
|
||||
it down by default.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/ioport.c | 5 +++--
|
||||
drivers/char/mem.c | 4 ++++
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
||||
index 4ddaf66ea35f..00b440307419 100644
|
||||
--- a/arch/x86/kernel/ioport.c
|
||||
+++ b/arch/x86/kernel/ioport.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <linux/thread_info.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/bitmap.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/syscalls.h>
|
||||
|
||||
/*
|
||||
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||
|
||||
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
|
||||
return -EINVAL;
|
||||
- if (turn_on && !capable(CAP_SYS_RAWIO))
|
||||
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
|
||||
return -EINVAL;
|
||||
/* Trying to gain more privileges? */
|
||||
if (level > old) {
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
}
|
||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index 917403fe10da..cdf839f9defe 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -27,6 +27,7 @@
|
||||
#include <linux/export.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/aio.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
||||
unsigned long i = *ppos;
|
||||
const char __user *tmp = buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!access_ok(VERIFY_READ, buf, count))
|
||||
return -EFAULT;
|
||||
while (count-- > 0 && i < 65536) {
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 8019fb7c7b5f18b19f7c980987953680ee218c9f Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH 04/14] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
Disable it if any such restrictions have been enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/acpi/custom_method.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
||||
index c68e72414a67..4277938af700 100644
|
||||
--- a/drivers/acpi/custom_method.c
|
||||
+++ b/drivers/acpi/custom_method.c
|
||||
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||
struct acpi_table_header table;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From bf84e9e1022b2d3d0c97ae48fb8b61e5336c50f8 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
|
||||
loading is restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
be manipulated in such a way that arbitrary code can be executed in the
|
||||
kernel, circumventing module loading restrictions. Prevent that if any of
|
||||
these features are enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/platform/x86/asus-wmi.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index 3c6ccedc82b6..960c46536c65 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1592,6 +1592,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
||||
|
||||
if (err < 0)
|
||||
@@ -1608,6 +1611,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
||||
&retval);
|
||||
|
||||
@@ -1632,6 +1638,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||
union acpi_object *obj;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 9a56e8715d3b6dc84989997f34b6b5d407cabad2 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
to be subverted, avoiding module loading restrictions. Prevent this when
|
||||
any restrictions have been imposed on loading modules.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/char/mem.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index cdf839f9defe..c63cf93b00eb 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
if (p != *ppos)
|
||||
return -EFBIG;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!valid_phys_addr_range(p, count))
|
||||
return -EFAULT;
|
||||
|
||||
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
|
||||
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
|
||||
int err = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 8d6faa19bbbaa4df411becda7e40c4ea0684c134 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
|
||||
loading is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
loading modules. Disable it in that case.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||
---
|
||||
drivers/acpi/osl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index bad25b070fe0..0606585e8b93 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
- if (acpi_rsdp)
|
||||
+ if (acpi_rsdp && !secure_modules())
|
||||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 1ff86ddea019f543f6668b56889f86811028f303 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
|
||||
loading restrictions
|
||||
|
||||
kexec permits the loading and execution of arbitrary code in ring 0, which
|
||||
is something that module signing enforcement is meant to prevent. It makes
|
||||
sense to disable kexec in this situation.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
kernel/kexec.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index 4b8f0c925884..df14daa323a9 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -34,6 +34,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -947,6 +948,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
+ * kexec can be used to circumvent module loading restrictions, so
|
||||
+ * prevent loading in that case
|
||||
+ */
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
+ /*
|
||||
* Verify we have a legal set of flags
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 4d56368f1364b45c18067bab1d6abc5ce0f67183 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||
Subject: [PATCH 09/14] x86: Restrict MSR access when module loading is
|
||||
restricted
|
||||
|
||||
Writing to MSRs should not be allowed if module loading is restricted,
|
||||
since it could lead to execution of arbitrary code in kernel mode. Based
|
||||
on a patch by Kees Cook.
|
||||
|
||||
Cc: Kees Cook <keescook@chromium.org>
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/msr.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
|
||||
index c9603ac80de5..8bef43fc3f40 100644
|
||||
--- a/arch/x86/kernel/msr.c
|
||||
+++ b/arch/x86/kernel/msr.c
|
||||
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
|
||||
int err = 0;
|
||||
ssize_t bytes = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (count % 8)
|
||||
return -EINVAL; /* Invalid chunk size */
|
||||
|
||||
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
|
||||
err = -EBADF;
|
||||
break;
|
||||
}
|
||||
+ if (secure_modules()) {
|
||||
+ err = -EPERM;
|
||||
+ break;
|
||||
+ }
|
||||
if (copy_from_user(®s, uregs, sizeof regs)) {
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From aab8ba85241a85a0b2ed622edd7874c74cafa496 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
||||
Subject: [PATCH 10/14] Add option to automatically enforce module signatures
|
||||
when in Secure Boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
require that all kernel modules also be signed. Add a configuration option
|
||||
that enforces this automatically when enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
Documentation/x86/zero-page.txt | 2 ++
|
||||
arch/x86/Kconfig | 10 ++++++++++
|
||||
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
|
||||
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
|
||||
arch/x86/kernel/setup.c | 6 ++++++
|
||||
include/linux/module.h | 6 ++++++
|
||||
kernel/module.c | 7 +++++++
|
||||
7 files changed, 69 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||
index 199f453cb4de..ec38acf00b40 100644
|
||||
--- a/Documentation/x86/zero-page.txt
|
||||
+++ b/Documentation/x86/zero-page.txt
|
||||
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
|
||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||
(below)
|
||||
+1EB/001 ALL kbd_status Numlock is enabled
|
||||
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
|
||||
1EF/001 ALL sentinel Used to detect broken bootloaders
|
||||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||
2D0/A00 ALL e820_map E820 memory map table
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index d24887b645dc..870aac9520b3 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1557,6 +1557,16 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
+config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ def_bool n
|
||||
+ prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
+ ---help---
|
||||
+ UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
+ firmware will only load signed bootloaders and kernels. Certain
|
||||
+ use cases may also require that all kernel modules also be signed.
|
||||
+ Say Y here to automatically enable module signature enforcement
|
||||
+ when a system boots with UEFI Secure Boot enabled.
|
||||
+
|
||||
config SECCOMP
|
||||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 0331d765c2bb..85defaf5a27c 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <asm/efi.h>
|
||||
#include <asm/setup.h>
|
||||
#include <asm/desc.h>
|
||||
+#include <asm/bootparam_utils.h>
|
||||
|
||||
#undef memcpy /* Use memcpy from misc.c */
|
||||
|
||||
@@ -809,6 +810,37 @@ out:
|
||||
return status;
|
||||
}
|
||||
|
||||
+static int get_secure_boot(void)
|
||||
+{
|
||||
+ u8 sb, setup;
|
||||
+ unsigned long datasize = sizeof(sb);
|
||||
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
+ efi_status_t status;
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (sb == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SetupMode", &var_guid, NULL, &datasize,
|
||||
+ &setup);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (setup == 1)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*
|
||||
* See if we have Graphics Output Protocol
|
||||
*/
|
||||
@@ -1372,6 +1404,10 @@ struct boot_params *efi_main(struct efi_config *c,
|
||||
else
|
||||
setup_boot_services32(efi_early);
|
||||
|
||||
+ sanitize_boot_params(boot_params);
|
||||
+
|
||||
+ boot_params->secure_boot = get_secure_boot();
|
||||
+
|
||||
setup_graphics(boot_params);
|
||||
|
||||
setup_efi_pci(boot_params);
|
||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
||||
index 225b0988043a..90dbfb73e11f 100644
|
||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
||||
@@ -133,7 +133,8 @@ struct boot_params {
|
||||
__u8 eddbuf_entries; /* 0x1e9 */
|
||||
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
|
||||
__u8 kbd_status; /* 0x1eb */
|
||||
- __u8 _pad5[3]; /* 0x1ec */
|
||||
+ __u8 secure_boot; /* 0x1ec */
|
||||
+ __u8 _pad5[2]; /* 0x1ed */
|
||||
/*
|
||||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
||||
*
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 78a0e6298922..8ecfec85e527 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
io_delay_init();
|
||||
|
||||
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ if (boot_params.secure_boot) {
|
||||
+ enforce_signed_modules();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
||||
*/
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index fc9b54eb779e..7377bc851461 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
|
||||
struct notifier_block;
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+extern void enforce_signed_modules(void);
|
||||
+#else
|
||||
+static inline void enforce_signed_modules(void) {};
|
||||
+#endif
|
||||
+
|
||||
#ifdef CONFIG_MODULES
|
||||
|
||||
extern int modules_disabled; /* for sysctl */
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index fc14f48915dd..2d68d276f3b6 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3844,6 +3844,13 @@ void module_layout(struct module *mod,
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+void enforce_signed_modules(void)
|
||||
+{
|
||||
+ sig_enforce = true;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
bool secure_modules(void)
|
||||
{
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From eae8a80ddc185b3f233e2620dbfc6454b6f0c3a6 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||
Subject: [PATCH 11/14] efi: Disable secure boot if shim is in insecure mode
|
||||
|
||||
A user can manually tell the shim boot loader to disable validation of
|
||||
images it loads. When a user does this, it creates a UEFI variable called
|
||||
MokSBState that does not have the runtime attribute set. Given that the
|
||||
user explicitly disabled validation, we can honor that and not enable
|
||||
secure boot mode if that variable is set.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
|
||||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 85defaf5a27c..b4013a4ba005 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -812,8 +812,9 @@ out:
|
||||
|
||||
static int get_secure_boot(void)
|
||||
{
|
||||
- u8 sb, setup;
|
||||
+ u8 sb, setup, moksbstate;
|
||||
unsigned long datasize = sizeof(sb);
|
||||
+ u32 attr;
|
||||
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
efi_status_t status;
|
||||
|
||||
@@ -837,6 +838,23 @@ static int get_secure_boot(void)
|
||||
if (setup == 1)
|
||||
return 0;
|
||||
|
||||
+ /* See if a user has put shim into insecure_mode. If so, and the variable
|
||||
+ * doesn't have the runtime attribute set, we might as well honor that.
|
||||
+ */
|
||||
+ var_guid = EFI_SHIM_LOCK_GUID;
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"MokSBState", &var_guid, &attr, &datasize,
|
||||
+ &moksbstate);
|
||||
+
|
||||
+ /* If it fails, we don't care why. Default to secure */
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
|
||||
+ if (moksbstate == 1)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 9728a4f49b284b7354876e1d77174d5838306e21 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:28:43 -0400
|
||||
Subject: [PATCH 12/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
|
||||
The functionality of the config option is dependent upon the platform being
|
||||
UEFI based. Reflect this in the config deps.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/Kconfig | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 870aac9520b3..7aecd3f9f8ee 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1558,7 +1558,8 @@ config EFI_MIXED
|
||||
If unsure, say N.
|
||||
|
||||
config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
- def_bool n
|
||||
+ def_bool n
|
||||
+ depends on EFI
|
||||
prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
---help---
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 4211b4919b8ccecc4f4cdc0a46ead7294478b687 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:33:03 -0400
|
||||
Subject: [PATCH 13/14] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
for use with efi_enabled.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/kernel/setup.c | 2 ++
|
||||
include/linux/efi.h | 1 +
|
||||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 8ecfec85e527..5ce785fc9f05 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
if (boot_params.secure_boot) {
|
||||
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
|
||||
enforce_signed_modules();
|
||||
+ pr_info("Secure boot enabled\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 41bbf8ba4ba8..e73f391fd3c8 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -917,6 +917,7 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||
#define EFI_MEMMAP 4 /* Can we use EFI memory map? */
|
||||
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
|
||||
#define EFI_ARCH_1 6 /* First arch-specific bit */
|
||||
+#define EFI_SECURE_BOOT 7 /* Are we in Secure Boot mode? */
|
||||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 18b50c6f0597b606cb03cbd8a9fdef7478cb2b21 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 20 Jun 2014 08:53:24 -0400
|
||||
Subject: [PATCH 14/14] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
so until we can work with signed hibernate images we disable it in
|
||||
a secure modules environment.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/power/hibernate.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index fcc2611d3f14..61711801a9c4 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/genhd.h>
|
||||
+#include <linux/module.h>
|
||||
#include <trace/events/power.h>
|
||||
|
||||
#include "power.h"
|
||||
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
|
||||
bool hibernation_available(void)
|
||||
{
|
||||
- return (nohibernate == 0);
|
||||
+ return ((nohibernate == 0) && !secure_modules());
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
1.9.3
|
||||
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
|||
5c569ed649a0c9711879f333e90c5386 linux-3.16.tar.xz
|
||||
49868ce6467b35cd9ffea1120d129462 perf-man-3.16.tar.gz
|
||||
062f41ed40a33485605d98bad4bcc5a1 patch-3.16.7.xz
|
||||
fb30d0f29214d75cddd2faa94f73d5cf linux-3.17.tar.xz
|
||||
159e969cbc27201d8e2fa0f609dc722f perf-man-3.17.tar.gz
|
||||
d694b8625f834791f5e02d7c9add1406 patch-3.17.2.xz
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
Bugzilla: 971139
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
From 17109685bfce322c73a816e097b137458fbd55ae Mon Sep 17 00:00:00 2001
|
||||
From: Dave Jones <davej@redhat.com>
|
||||
Date: Tue, 24 Jun 2014 08:43:34 -0400
|
||||
Subject: [PATCH] Disable watchdog on virtual machines.
|
||||
Subject: [PATCH] watchdog: Disable watchdog on virtual machines.
|
||||
|
||||
For various reasons, VMs seem to trigger the soft lockup detector a lot,
|
||||
in cases where it's just not possible for a lockup to occur.
|
||||
|
@ -15,13 +11,16 @@ the VM for a very long time (Could be the host was under heavy load).
|
|||
|
||||
Just disable the detector on VMs.
|
||||
|
||||
Bugzilla: 971139
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
Signed-off-by: Dave Jones <davej@redhat.com>
|
||||
---
|
||||
kernel/watchdog.c | 29 +++++++++++++++++++++++++++++
|
||||
1 file changed, 29 insertions(+)
|
||||
|
||||
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
|
||||
index c3319bd1b040..0e3687675aaa 100644
|
||||
index a8d6914030fe..d0a8c308170d 100644
|
||||
--- a/kernel/watchdog.c
|
||||
+++ b/kernel/watchdog.c
|
||||
@@ -24,6 +24,7 @@
|
||||
|
@ -65,7 +64,7 @@ index c3319bd1b040..0e3687675aaa 100644
|
|||
/*
|
||||
* Hard-lockup warnings should be triggered after just a few seconds. Soft-
|
||||
* lockups can have false positives under extreme conditions. So we generally
|
||||
@@ -641,6 +668,8 @@ out:
|
||||
@@ -644,6 +671,8 @@ out:
|
||||
|
||||
void __init lockup_detector_init(void)
|
||||
{
|
|
@ -0,0 +1,70 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
||||
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO register
|
||||
space. This would potentially permit root to trigger arbitrary DMA, so lock
|
||||
it down by default.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/ioport.c | 5 +++--
|
||||
drivers/char/mem.c | 4 ++++
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
||||
index 4ddaf66ea35f..00b440307419 100644
|
||||
--- a/arch/x86/kernel/ioport.c
|
||||
+++ b/arch/x86/kernel/ioport.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <linux/thread_info.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/bitmap.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/syscalls.h>
|
||||
|
||||
/*
|
||||
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||
|
||||
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
|
||||
return -EINVAL;
|
||||
- if (turn_on && !capable(CAP_SYS_RAWIO))
|
||||
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
|
||||
return -EINVAL;
|
||||
/* Trying to gain more privileges? */
|
||||
if (level > old) {
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
}
|
||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index 917403fe10da..cdf839f9defe 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -27,6 +27,7 @@
|
||||
#include <linux/export.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/aio.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
||||
unsigned long i = *ppos;
|
||||
const char __user *tmp = buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!access_ok(VERIFY_READ, buf, count))
|
||||
return -EFAULT;
|
||||
while (count-- > 0 && i < 65536) {
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
|
||||
|
||||
Writing to MSRs should not be allowed if module loading is restricted,
|
||||
since it could lead to execution of arbitrary code in kernel mode. Based
|
||||
on a patch by Kees Cook.
|
||||
|
||||
Cc: Kees Cook <keescook@chromium.org>
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/msr.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
|
||||
index c9603ac80de5..8bef43fc3f40 100644
|
||||
--- a/arch/x86/kernel/msr.c
|
||||
+++ b/arch/x86/kernel/msr.c
|
||||
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
|
||||
int err = 0;
|
||||
ssize_t bytes = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (count % 8)
|
||||
return -EINVAL; /* Invalid chunk size */
|
||||
|
||||
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
|
||||
err = -EBADF;
|
||||
break;
|
||||
}
|
||||
+ if (secure_modules()) {
|
||||
+ err = -EPERM;
|
||||
+ break;
|
||||
+ }
|
||||
if (copy_from_user(®s, uregs, sizeof regs)) {
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
From 4232c1bb6b7ed45b96d2112e6f151cf5c9c28470 Mon Sep 17 00:00:00 2001
|
||||
From: Borislav Petkov <bp@alien8.de>
|
||||
Date: Sat, 1 Nov 2014 11:01:00 +0100
|
||||
Subject: [PATCH] x86, microcode, AMD: Fix early ucode loading on 32-bit
|
||||
|
||||
Hi guys,
|
||||
|
||||
please queue this for the next batch to Linus.
|
||||
|
||||
Thanks.
|
||||
---
|
||||
arch/x86/kernel/cpu/microcode/amd_early.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/cpu/microcode/amd_early.c b/arch/x86/kernel/cpu/microcode/amd_early.c
|
||||
index 617a9e284245..65bdfb598880 100644
|
||||
--- a/arch/x86/kernel/cpu/microcode/amd_early.c
|
||||
+++ b/arch/x86/kernel/cpu/microcode/amd_early.c
|
||||
@@ -348,6 +348,7 @@ int __init save_microcode_in_initrd_amd(void)
|
||||
{
|
||||
unsigned long cont;
|
||||
enum ucode_state ret;
|
||||
+ u8 *cont_va;
|
||||
u32 eax;
|
||||
|
||||
if (!container)
|
||||
@@ -355,13 +356,15 @@ int __init save_microcode_in_initrd_amd(void)
|
||||
|
||||
#ifdef CONFIG_X86_32
|
||||
get_bsp_sig();
|
||||
- cont = (unsigned long)container;
|
||||
+ cont = (unsigned long)container;
|
||||
+ cont_va = __va(container);
|
||||
#else
|
||||
/*
|
||||
* We need the physical address of the container for both bitness since
|
||||
* boot_params.hdr.ramdisk_image is a physical address.
|
||||
*/
|
||||
- cont = __pa(container);
|
||||
+ cont = __pa(container);
|
||||
+ cont_va = container;
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -372,6 +375,8 @@ int __init save_microcode_in_initrd_amd(void)
|
||||
if (relocated_ramdisk)
|
||||
container = (u8 *)(__va(relocated_ramdisk) +
|
||||
(cont - boot_params.hdr.ramdisk_image));
|
||||
+ else
|
||||
+ container = cont_va;
|
||||
|
||||
if (ucode_new_rev)
|
||||
pr_info("microcode: updated early to new patch_level=0x%08x\n",
|
||||
--
|
||||
1.9.3
|
||||
|
Loading…
Reference in New Issue