Rebase to 4.3.y
- Backport nouveau stable fixes (rhbz 1299349) - CVE-2016-0728 Keys: reference leak in join_session_keyring (rhbz 1296623 1297475) - Add currently queued networking stable patches - Add a couple btrfs patches cc'd to stable upstream - Add SCSI patches to avoid blacklist false positives (rhbz 1299810)
This commit is contained in:
parent
de0020923c
commit
1af40db9c4
|
@ -1,76 +0,0 @@
|
|||
From d856e14fb043b742f94170db36b812770a2591d0 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Thu, 15 Oct 2015 17:21:37 +0100
|
||||
Subject: [PATCH 1/2] KEYS: Fix crash when attempt to garbage collect an
|
||||
uninstantiated keyring
|
||||
|
||||
The following sequence of commands:
|
||||
|
||||
i=`keyctl add user a a @s`
|
||||
keyctl request2 keyring foo bar @t
|
||||
keyctl unlink $i @s
|
||||
|
||||
tries to invoke an upcall to instantiate a keyring if one doesn't already
|
||||
exist by that name within the user's keyring set. However, if the upcall
|
||||
fails, the code sets keyring->type_data.reject_error to -ENOKEY or some
|
||||
other error code. When the key is garbage collected, the key destroy
|
||||
function is called unconditionally and keyring_destroy() uses list_empty()
|
||||
on keyring->type_data.link - which is in a union with reject_error.
|
||||
Subsequently, the kernel tries to unlink the keyring from the keyring names
|
||||
list - which oopses like this:
|
||||
|
||||
BUG: unable to handle kernel paging request at 00000000ffffff8a
|
||||
IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88
|
||||
...
|
||||
Workqueue: events key_garbage_collector
|
||||
...
|
||||
RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88
|
||||
RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203
|
||||
RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000
|
||||
RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40
|
||||
RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000
|
||||
R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900
|
||||
R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000
|
||||
...
|
||||
CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0
|
||||
...
|
||||
Call Trace:
|
||||
[<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f
|
||||
[<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351
|
||||
[<ffffffff8105ec9b>] process_one_work+0x28e/0x547
|
||||
[<ffffffff8105fd17>] worker_thread+0x26e/0x361
|
||||
[<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8
|
||||
[<ffffffff810648ad>] kthread+0xf3/0xfb
|
||||
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
|
||||
[<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70
|
||||
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
|
||||
|
||||
Note the value in RAX. This is a 32-bit representation of -ENOKEY.
|
||||
|
||||
The solution is to only call ->destroy() if the key was successfully
|
||||
instantiated.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
security/keys/gc.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/security/keys/gc.c b/security/keys/gc.c
|
||||
index c7952375ac53..11c36627adbf 100644
|
||||
--- a/security/keys/gc.c
|
||||
+++ b/security/keys/gc.c
|
||||
@@ -149,7 +149,9 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
|
||||
atomic_dec(&key->user->nikeys);
|
||||
|
||||
/* now throw away the key memory */
|
||||
- if (key->type->destroy)
|
||||
+ if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
|
||||
+ !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
|
||||
+ key->type->destroy)
|
||||
key->type->destroy(key);
|
||||
|
||||
key_user_put(key->user);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,169 +0,0 @@
|
|||
From 1d8007bdee074fdffcf3539492d8a151a1fb3436 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Mon, 12 Oct 2015 13:38:32 +0200
|
||||
Subject: [PATCH] KVM: x86: build kvm_userspace_memory_region in
|
||||
x86_set_memory_region
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The next patch will make x86_set_memory_region fill the
|
||||
userspace_addr. Since the struct is not used untouched
|
||||
anymore, it makes sense to build it in x86_set_memory_region
|
||||
directly; it also simplifies the callers.
|
||||
|
||||
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
|
||||
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/include/asm/kvm_host.h | 6 ++----
|
||||
arch/x86/kvm/vmx.c | 26 ++++++--------------------
|
||||
arch/x86/kvm/x86.c | 31 +++++++++++++------------------
|
||||
3 files changed, 21 insertions(+), 42 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
|
||||
index 49ec903..4e7ad7e 100644
|
||||
--- a/arch/x86/include/asm/kvm_host.h
|
||||
+++ b/arch/x86/include/asm/kvm_host.h
|
||||
@@ -1199,9 +1199,7 @@ void kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err);
|
||||
|
||||
int kvm_is_in_guest(void);
|
||||
|
||||
-int __x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem);
|
||||
-int x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem);
|
||||
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
|
||||
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
|
||||
|
||||
#endif /* _ASM_X86_KVM_HOST_H */
|
||||
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
|
||||
index 18c30b4..8461e0c 100644
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -4105,17 +4105,13 @@ static void seg_setup(int seg)
|
||||
static int alloc_apic_access_page(struct kvm *kvm)
|
||||
{
|
||||
struct page *page;
|
||||
- struct kvm_userspace_memory_region kvm_userspace_mem;
|
||||
int r = 0;
|
||||
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
if (kvm->arch.apic_access_page_done)
|
||||
goto out;
|
||||
- kvm_userspace_mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
|
||||
- kvm_userspace_mem.flags = 0;
|
||||
- kvm_userspace_mem.guest_phys_addr = APIC_DEFAULT_PHYS_BASE;
|
||||
- kvm_userspace_mem.memory_size = PAGE_SIZE;
|
||||
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
|
||||
+ r = __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
|
||||
+ APIC_DEFAULT_PHYS_BASE, PAGE_SIZE);
|
||||
if (r)
|
||||
goto out;
|
||||
|
||||
@@ -4140,17 +4136,12 @@ static int alloc_identity_pagetable(struct kvm *kvm)
|
||||
{
|
||||
/* Called with kvm->slots_lock held. */
|
||||
|
||||
- struct kvm_userspace_memory_region kvm_userspace_mem;
|
||||
int r = 0;
|
||||
|
||||
BUG_ON(kvm->arch.ept_identity_pagetable_done);
|
||||
|
||||
- kvm_userspace_mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
|
||||
- kvm_userspace_mem.flags = 0;
|
||||
- kvm_userspace_mem.guest_phys_addr =
|
||||
- kvm->arch.ept_identity_map_addr;
|
||||
- kvm_userspace_mem.memory_size = PAGE_SIZE;
|
||||
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
|
||||
+ r = __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
|
||||
+ kvm->arch.ept_identity_map_addr, PAGE_SIZE);
|
||||
|
||||
return r;
|
||||
}
|
||||
@@ -4949,14 +4940,9 @@ static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
|
||||
static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
|
||||
{
|
||||
int ret;
|
||||
- struct kvm_userspace_memory_region tss_mem = {
|
||||
- .slot = TSS_PRIVATE_MEMSLOT,
|
||||
- .guest_phys_addr = addr,
|
||||
- .memory_size = PAGE_SIZE * 3,
|
||||
- .flags = 0,
|
||||
- };
|
||||
|
||||
- ret = x86_set_memory_region(kvm, &tss_mem);
|
||||
+ ret = x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr,
|
||||
+ PAGE_SIZE * 3);
|
||||
if (ret)
|
||||
return ret;
|
||||
kvm->arch.tss_addr = addr;
|
||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||
index 373328b..b12665b 100644
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -7721,18 +7721,21 @@ void kvm_arch_sync_events(struct kvm *kvm)
|
||||
kvm_free_pit(kvm);
|
||||
}
|
||||
|
||||
-int __x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem)
|
||||
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int i, r;
|
||||
|
||||
/* Called with kvm->slots_lock held. */
|
||||
- BUG_ON(mem->slot >= KVM_MEM_SLOTS_NUM);
|
||||
+ if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
|
||||
+ return -EINVAL;
|
||||
|
||||
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
|
||||
- struct kvm_userspace_memory_region m = *mem;
|
||||
+ struct kvm_userspace_memory_region m;
|
||||
|
||||
- m.slot |= i << 16;
|
||||
+ m.slot = id | (i << 16);
|
||||
+ m.flags = 0;
|
||||
+ m.guest_phys_addr = gpa;
|
||||
+ m.memory_size = size;
|
||||
r = __kvm_set_memory_region(kvm, &m);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@@ -7742,13 +7745,12 @@ int __x86_set_memory_region(struct kvm *kvm,
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
|
||||
|
||||
-int x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem)
|
||||
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int r;
|
||||
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
- r = __x86_set_memory_region(kvm, mem);
|
||||
+ r = __x86_set_memory_region(kvm, id, gpa, size);
|
||||
mutex_unlock(&kvm->slots_lock);
|
||||
|
||||
return r;
|
||||
@@ -7763,16 +7765,9 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
|
||||
* unless the the memory map has changed due to process exit
|
||||
* or fd copying.
|
||||
*/
|
||||
- struct kvm_userspace_memory_region mem;
|
||||
- memset(&mem, 0, sizeof(mem));
|
||||
- mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
|
||||
- x86_set_memory_region(kvm, &mem);
|
||||
-
|
||||
- mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
|
||||
- x86_set_memory_region(kvm, &mem);
|
||||
-
|
||||
- mem.slot = TSS_PRIVATE_MEMSLOT;
|
||||
- x86_set_memory_region(kvm, &mem);
|
||||
+ x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, 0, 0);
|
||||
+ x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT, 0, 0);
|
||||
+ x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0);
|
||||
}
|
||||
kvm_iommu_unmap_guest(kvm);
|
||||
kfree(kvm->arch.vpic);
|
|
@ -0,0 +1,63 @@
|
|||
From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Sun, 1 Nov 2015 23:54:08 +0000
|
||||
Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
|
||||
|
||||
Fix issue from two patches overlapping causing a kernel oops
|
||||
|
||||
[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
|
||||
[ 3569.306272] pgd = dc894000
|
||||
[ 3569.309287] [00000088] *pgd=00000000
|
||||
[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
|
||||
[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
|
||||
[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
|
||||
[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
|
||||
[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
|
||||
[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
|
||||
[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
|
||||
[ 3569.417902] pc : [<bf0ab138>] lr : [<c0739c54>] psr: 600f0013
|
||||
[ 3569.417902] sp : dbaadf18 ip : 00000003 fp : 7f5d3bbe
|
||||
[ 3569.430014] r10: 00000000 r9 : 00000003 r8 : bef21ab8
|
||||
[ 3569.435535] r7 : dbbc0f7c r6 : dbbc0f18 r5 : bef21ab8 r4 : 00000000
|
||||
[ 3569.442427] r3 : 00000000 r2 : 00000000 r1 : 8004570a r0 : dbbc0f18
|
||||
[ 3569.449323] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
|
||||
[ 3569.456858] Control: 10c5387d Table: 9c894019 DAC: 00000051
|
||||
[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
|
||||
[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
|
||||
[ 3569.473790] df00: bef21ab8 dbf60e38
|
||||
[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
|
||||
[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
|
||||
[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
|
||||
[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
|
||||
[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
|
||||
[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
|
||||
[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
|
||||
[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
|
||||
[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
|
||||
[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
|
||||
[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
|
||||
[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
|
||||
[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
|
||||
|
||||
Cc: <stable@vger.kernel.org> # v4.2+
|
||||
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
||||
---
|
||||
drivers/watchdog/omap_wdt.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
|
||||
index d96bee0..6f17c93 100644
|
||||
--- a/drivers/watchdog/omap_wdt.c
|
||||
+++ b/drivers/watchdog/omap_wdt.c
|
||||
@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
|
||||
|
||||
static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
|
||||
{
|
||||
- struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
|
||||
+ struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
|
||||
void __iomem *base = wdev->base;
|
||||
u32 value;
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
From 93f27344ac019135dd5ff31a518f1ef2d9e4e4a1 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 19 Oct 2015 11:33:38 +0100
|
||||
Subject: [PATCH 2/2] KEYS: Don't permit request_key() to construct a new
|
||||
keyring
|
||||
|
||||
If request_key() is used to find a keyring, only do the search part - don't
|
||||
do the construction part if the keyring was not found by the search. We
|
||||
don't really want keyrings in the negative instantiated state since the
|
||||
rejected/negative instantiation error value in the payload is unioned with
|
||||
keyring metadata.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
security/keys/request_key.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
|
||||
index 486ef6fa393b..0d6253124278 100644
|
||||
--- a/security/keys/request_key.c
|
||||
+++ b/security/keys/request_key.c
|
||||
@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
|
||||
|
||||
kenter("");
|
||||
|
||||
+ if (ctx->index_key.type == &key_type_keyring)
|
||||
+ return ERR_PTR(-EPERM);
|
||||
+
|
||||
user = key_user_lookup(current_fsuid());
|
||||
if (!user)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,134 +0,0 @@
|
|||
From f0d648bdf0a5bbc91da6099d5282f77996558ea4 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Mon, 12 Oct 2015 13:56:27 +0200
|
||||
Subject: [PATCH] KVM: x86: map/unmap private slots in __x86_set_memory_region
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Otherwise, two copies (one of them never populated and thus bogus)
|
||||
are allocated for the regular and SMM address spaces. This breaks
|
||||
SMM with EPT but without unrestricted guest support, because the
|
||||
SMM copy of the identity page map is all zeros.
|
||||
|
||||
By moving the allocation to the caller we also remove the last
|
||||
vestiges of kernel-allocated memory regions (not accessible anymore
|
||||
in userspace since commit b74a07beed0e, "KVM: Remove kernel-allocated
|
||||
memory regions", 2010-06-21); that is a nice bonus.
|
||||
|
||||
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
|
||||
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/x86.c | 62 ++++++++++++++++++++++++++----------------------------
|
||||
1 file changed, 30 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||
index 7bf8096..3ac33f8 100644
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -7477,23 +7477,53 @@ void kvm_arch_sync_events(struct kvm *kvm)
|
||||
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int i, r;
|
||||
+ u64 hva;
|
||||
+ struct kvm_memslots *slots = kvm_memslots(kvm);
|
||||
+ struct kvm_memory_slot *slot, old;
|
||||
|
||||
/* Called with kvm->slots_lock held. */
|
||||
if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
|
||||
return -EINVAL;
|
||||
|
||||
+ slot = id_to_memslot(slots, id);
|
||||
+ if (size) {
|
||||
+ if (WARN_ON(slot->npages))
|
||||
+ return -EEXIST;
|
||||
+
|
||||
+ /*
|
||||
+ * MAP_SHARED to prevent internal slot pages from being moved
|
||||
+ * by fork()/COW.
|
||||
+ */
|
||||
+ hva = vm_mmap(NULL, 0, size, PROT_READ | PROT_WRITE,
|
||||
+ MAP_SHARED | MAP_ANONYMOUS, 0);
|
||||
+ if (IS_ERR((void *)hva))
|
||||
+ return PTR_ERR((void *)hva);
|
||||
+ } else {
|
||||
+ if (!slot->npages)
|
||||
+ return 0;
|
||||
+
|
||||
+ hva = 0;
|
||||
+ }
|
||||
+
|
||||
+ old = *slot;
|
||||
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
|
||||
struct kvm_userspace_memory_region m;
|
||||
|
||||
m.slot = id | (i << 16);
|
||||
m.flags = 0;
|
||||
m.guest_phys_addr = gpa;
|
||||
+ m.userspace_addr = hva;
|
||||
m.memory_size = size;
|
||||
r = __kvm_set_memory_region(kvm, &m);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
+ if (!size) {
|
||||
+ r = vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
|
||||
+ WARN_ON(r < 0);
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
|
||||
@@ -7623,27 +7653,6 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
|
||||
const struct kvm_userspace_memory_region *mem,
|
||||
enum kvm_mr_change change)
|
||||
{
|
||||
- /*
|
||||
- * Only private memory slots need to be mapped here since
|
||||
- * KVM_SET_MEMORY_REGION ioctl is no longer supported.
|
||||
- */
|
||||
- if ((memslot->id >= KVM_USER_MEM_SLOTS) && (change == KVM_MR_CREATE)) {
|
||||
- unsigned long userspace_addr;
|
||||
-
|
||||
- /*
|
||||
- * MAP_SHARED to prevent internal slot pages from being moved
|
||||
- * by fork()/COW.
|
||||
- */
|
||||
- userspace_addr = vm_mmap(NULL, 0, memslot->npages * PAGE_SIZE,
|
||||
- PROT_READ | PROT_WRITE,
|
||||
- MAP_SHARED | MAP_ANONYMOUS, 0);
|
||||
-
|
||||
- if (IS_ERR((void *)userspace_addr))
|
||||
- return PTR_ERR((void *)userspace_addr);
|
||||
-
|
||||
- memslot->userspace_addr = userspace_addr;
|
||||
- }
|
||||
-
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -7705,17 +7714,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
|
||||
{
|
||||
int nr_mmu_pages = 0;
|
||||
|
||||
- if (change == KVM_MR_DELETE && old->id >= KVM_USER_MEM_SLOTS) {
|
||||
- int ret;
|
||||
-
|
||||
- ret = vm_munmap(old->userspace_addr,
|
||||
- old->npages * PAGE_SIZE);
|
||||
- if (ret < 0)
|
||||
- printk(KERN_WARNING
|
||||
- "kvm_vm_ioctl_set_memory_region: "
|
||||
- "failed to munmap memory\n");
|
||||
- }
|
||||
-
|
||||
if (!kvm->arch.n_requested_mmu_pages)
|
||||
nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
From 25188b9986cf6b0cadcf1bc1d1693a2e9c50ed47 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 15:51:08 +0200
|
||||
Subject: [PATCH] KVM: x86: fix previous commit for 32-bit
|
||||
|
||||
Unfortunately I only noticed this after pushing.
|
||||
|
||||
Fixes: f0d648bdf0a5bbc91da6099d5282f77996558ea4
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/x86.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||
index 6e03546..9a9a198 100644
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -7482,7 +7482,7 @@ void kvm_arch_sync_events(struct kvm *kvm)
|
||||
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int i, r;
|
||||
- u64 hva;
|
||||
+ unsigned long hva;
|
||||
struct kvm_memslots *slots = kvm_memslots(kvm);
|
||||
struct kvm_memory_slot *slot, old;
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH] ACPI: Limit access to custom_method
|
||||
Subject: [PATCH 04/20] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
|
@ -25,3 +26,6 @@ index c68e72414a67..4277938af700 100644
|
|||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,103 @@
|
|||
From patchwork Fri Sep 25 15:10:31 2015
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: ARM: dts: Add am335x-bonegreen
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
X-Patchwork-Id: 7265851
|
||||
Message-Id: <1443193831-5693-1-git-send-email-robertcnelson@gmail.com>
|
||||
To: tony@atomide.com, devicetree@vger.kernel.org
|
||||
Cc: linux-omap@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
|
||||
Robert Nelson <robertcnelson@gmail.com>, Jason Kridner <jkridner@gmail.com>
|
||||
Date: Fri, 25 Sep 2015 10:10:31 -0500
|
||||
|
||||
SeeedStudio BeagleBone Green (BBG) is clone of the BeagleBone Black (BBB) minus
|
||||
the HDMI port and addition of two Grove connectors (i2c2 and usart2).
|
||||
|
||||
This board can be identified by the 1A value after A335BNLT (BBB) in the at24 eeprom:
|
||||
1A: [aa 55 33 ee 41 33 33 35 42 4e 4c 54 1a 00 00 00 |.U3.A335BNLT....|]
|
||||
|
||||
http://beagleboard.org/green
|
||||
http://www.seeedstudio.com/wiki/Beaglebone_green
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
CC: Tony Lindgren <tony@atomide.com>
|
||||
CC: Jason Kridner <jkridner@gmail.com>
|
||||
|
||||
---
|
||||
arch/arm/boot/dts/Makefile | 1 +
|
||||
arch/arm/boot/dts/am335x-bonegreen.dts | 53 ++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 54 insertions(+)
|
||||
create mode 100644 arch/arm/boot/dts/am335x-bonegreen.dts
|
||||
|
||||
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
|
||||
index 233159d..e45d771 100644
|
||||
--- a/arch/arm/boot/dts/Makefile
|
||||
+++ b/arch/arm/boot/dts/Makefile
|
||||
@@ -446,6 +446,7 @@ dtb-$(CONFIG_SOC_AM33XX) += \
|
||||
am335x-base0033.dtb \
|
||||
am335x-bone.dtb \
|
||||
am335x-boneblack.dtb \
|
||||
+ am335x-bonegreen.dtb \
|
||||
am335x-sl50.dtb \
|
||||
am335x-evm.dtb \
|
||||
am335x-evmsk.dtb \
|
||||
diff --git a/arch/arm/boot/dts/am335x-bonegreen.dts b/arch/arm/boot/dts/am335x-bonegreen.dts
|
||||
new file mode 100644
|
||||
index 0000000..0f65bda
|
||||
--- /dev/null
|
||||
+++ b/arch/arm/boot/dts/am335x-bonegreen.dts
|
||||
@@ -0,0 +1,53 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License version 2 as
|
||||
+ * published by the Free Software Foundation.
|
||||
+ */
|
||||
+/dts-v1/;
|
||||
+
|
||||
+#include "am33xx.dtsi"
|
||||
+#include "am335x-bone-common.dtsi"
|
||||
+
|
||||
+/ {
|
||||
+ model = "TI AM335x BeagleBone Green";
|
||||
+ compatible = "ti,am335x-bone-green", "ti,am335x-bone-black", "ti,am335x-bone", "ti,am33xx";
|
||||
+};
|
||||
+
|
||||
+&ldo3_reg {
|
||||
+ regulator-min-microvolt = <1800000>;
|
||||
+ regulator-max-microvolt = <1800000>;
|
||||
+ regulator-always-on;
|
||||
+};
|
||||
+
|
||||
+&mmc1 {
|
||||
+ vmmc-supply = <&vmmcsd_fixed>;
|
||||
+};
|
||||
+
|
||||
+&mmc2 {
|
||||
+ vmmc-supply = <&vmmcsd_fixed>;
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&emmc_pins>;
|
||||
+ bus-width = <8>;
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&am33xx_pinmux {
|
||||
+ uart2_pins: uart2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 (PIN_INPUT | MUX_MODE1) /* spi0_sclk.uart2_rxd */
|
||||
+ 0x154 (PIN_OUTPUT | MUX_MODE1) /* spi0_d0.uart2_txd */
|
||||
+ >;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&uart2 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart2_pins>;
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
+&rtc {
|
||||
+ system-power-controller;
|
||||
+};
|
|
@ -1,6 +1,7 @@
|
|||
From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH] Add an EFI signature blob parser and key loader.
|
||||
Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
|
@ -32,7 +33,7 @@ index 4870f28403f5..4a1b50d73b80 100644
|
|||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index e47fcd9ac5e8..6512f6596785 100644
|
||||
index cd1406f9b14a..d9db380bbe53 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
|
||||
|
@ -173,3 +174,6 @@ index fac43c611614..414c3c3d988d 100644
|
|||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
* @start: starting kvirt address
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
||||
Subject: [PATCH] Add option to automatically enforce module signatures when in
|
||||
Secure Boot mode
|
||||
Subject: [PATCH 10/20] Add option to automatically enforce module signatures
|
||||
when in Secure Boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
|
@ -20,10 +21,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
7 files changed, 69 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||
index 82fbdbc1e0b0..a811210ad486 100644
|
||||
index 95a4d34af3fd..b8527c6b7646 100644
|
||||
--- a/Documentation/x86/zero-page.txt
|
||||
+++ b/Documentation/x86/zero-page.txt
|
||||
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
|
||||
@@ -31,6 +31,8 @@ Offset Proto Name Meaning
|
||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||
(below)
|
||||
|
@ -33,10 +34,10 @@ index 82fbdbc1e0b0..a811210ad486 100644
|
|||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||
2D0/A00 ALL e820_map E820 memory map table
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 3dbb7e7909ca..4da6644b1fd0 100644
|
||||
index cc0d73eac047..14db458f4774 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1703,6 +1703,16 @@ config EFI_MIXED
|
||||
@@ -1734,6 +1734,16 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
|
@ -54,7 +55,7 @@ index 3dbb7e7909ca..4da6644b1fd0 100644
|
|||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 2c82bd150d43..1ef8ea7f8ed9 100644
|
||||
index ee1b6d346b98..b4de3faa3f29 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -12,6 +12,7 @@
|
||||
|
@ -115,7 +116,7 @@ index 2c82bd150d43..1ef8ea7f8ed9 100644
|
|||
|
||||
setup_efi_pci(boot_params);
|
||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
||||
index ab456dc233b5..74ba4083e7ce 100644
|
||||
index 329254373479..b61f8533c0fd 100644
|
||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
||||
@@ -134,7 +134,8 @@ struct boot_params {
|
||||
|
@ -129,10 +130,10 @@ index ab456dc233b5..74ba4083e7ce 100644
|
|||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
||||
*
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 80f874bf999e..c2e4f52cad30 100644
|
||||
index baadbf90a7c5..1ac118146e90 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
io_delay_init();
|
||||
|
||||
|
@ -146,10 +147,10 @@ index 80f874bf999e..c2e4f52cad30 100644
|
|||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
||||
*/
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 57474384b66b..b69d657c3700 100644
|
||||
index db386349cd01..4b8df91f03cd 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -189,6 +189,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
|
||||
struct notifier_block;
|
||||
|
||||
|
@ -163,10 +164,10 @@ index 57474384b66b..b69d657c3700 100644
|
|||
|
||||
extern int modules_disabled; /* for sysctl */
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index e9869c497175..87fa14fedc88 100644
|
||||
index 7f045246e123..2b403ab0ef29 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -4084,6 +4084,13 @@ void module_layout(struct module *mod,
|
||||
@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
||||
|
@ -180,3 +181,6 @@ index e9869c497175..87fa14fedc88 100644
|
|||
bool secure_modules(void)
|
||||
{
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH] Add secure_modules() call
|
||||
Subject: [PATCH 01/20] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
|
@ -16,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
2 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index d67b1932cc59..57474384b66b 100644
|
||||
index 3a19c79918e0..db386349cd01 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
return module && module->async_probe_requested;
|
||||
}
|
||||
|
||||
|
@ -28,7 +29,7 @@ index d67b1932cc59..57474384b66b 100644
|
|||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
/* Given an address, look for it in the exception tables. */
|
||||
@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -40,10 +41,10 @@ index d67b1932cc59..57474384b66b 100644
|
|||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 4d2b82e610e2..e9869c497175 100644
|
||||
index b86b7bf1be38..7f045246e123 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
|
||||
@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
@ -57,3 +58,6 @@ index 4d2b82e610e2..e9869c497175 100644
|
|||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@redhat.com>
|
||||
Date: Fri, 30 Aug 2013 09:28:51 -0400
|
||||
Subject: [PATCH] Add sysrq option to disable secure boot mode
|
||||
Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
@ -15,7 +16,7 @@ Upstream-status: Fedora mustard
|
|||
7 files changed, 64 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 5def6b4143fa..1eac9d22cb0b 100644
|
||||
index f93826b8522c..41679b1aca83 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -70,6 +70,11 @@
|
||||
|
@ -30,7 +31,7 @@ index 5def6b4143fa..1eac9d22cb0b 100644
|
|||
#include <video/edid.h>
|
||||
|
||||
#include <asm/mtrr.h>
|
||||
@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
|
||||
@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
|
||||
|
||||
#endif /* CONFIG_X86_32 */
|
||||
|
||||
|
@ -69,10 +70,10 @@ index 5def6b4143fa..1eac9d22cb0b 100644
|
|||
.notifier_call = dump_kernel_offset
|
||||
};
|
||||
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
|
||||
index 421e29e4cd81..61c1eb97806c 100644
|
||||
index 345df9b03aed..dea6a6c4a39b 100644
|
||||
--- a/drivers/input/misc/uinput.c
|
||||
+++ b/drivers/input/misc/uinput.c
|
||||
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
if (!udev->dev)
|
||||
return -ENOMEM;
|
||||
|
||||
|
@ -81,10 +82,10 @@ index 421e29e4cd81..61c1eb97806c 100644
|
|||
input_set_drvdata(udev->dev, udev);
|
||||
|
||||
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
|
||||
index b5b427888b24..289c7898a3b0 100644
|
||||
index 95b330a9ea98..dfa3e154a719 100644
|
||||
--- a/drivers/tty/sysrq.c
|
||||
+++ b/drivers/tty/sysrq.c
|
||||
@@ -465,6 +465,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
/* x: May be registered on mips for TLB dump */
|
||||
/* x: May be registered on ppc/powerpc for xmon */
|
||||
/* x: May be registered on sparc64 for global PMU dump */
|
||||
|
@ -92,7 +93,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
NULL, /* x */
|
||||
/* y: May be registered on sparc64 for global register dump */
|
||||
NULL, /* y */
|
||||
@@ -508,7 +509,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
sysrq_key_table[i] = op_p;
|
||||
}
|
||||
|
||||
|
@ -101,7 +102,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
{
|
||||
struct sysrq_key_op *op_p;
|
||||
int orig_log_level;
|
||||
@@ -528,11 +529,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
|
||||
op_p = __sysrq_get_key_op(key);
|
||||
if (op_p) {
|
||||
|
@ -118,7 +119,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
pr_cont("%s\n", op_p->action_msg);
|
||||
console_loglevel = orig_log_level;
|
||||
op_p->handler(key);
|
||||
@@ -564,7 +569,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
void handle_sysrq(int key)
|
||||
{
|
||||
if (sysrq_on())
|
||||
|
@ -127,7 +128,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
}
|
||||
EXPORT_SYMBOL(handle_sysrq);
|
||||
|
||||
@@ -645,7 +650,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
static void sysrq_handle_reset_request(struct sysrq_state *state)
|
||||
{
|
||||
if (state->reset_requested)
|
||||
|
@ -136,7 +137,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
|
||||
if (sysrq_reset_downtime_ms)
|
||||
mod_timer(&state->keyreset_timer,
|
||||
@@ -796,8 +801,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
|
||||
default:
|
||||
if (sysrq->active && value && value != 2) {
|
||||
|
@ -148,7 +149,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
}
|
||||
break;
|
||||
}
|
||||
@@ -1077,7 +1084,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
|
||||
if (get_user(c, buf))
|
||||
return -EFAULT;
|
||||
|
@ -228,7 +229,7 @@ index 4121345498e0..0ff3cef5df96 100644
|
|||
|
||||
return 0;
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 87fa14fedc88..61385e686d49 100644
|
||||
index 2b403ab0ef29..7818c110e95c 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
|
||||
|
@ -240,3 +241,6 @@ index 87fa14fedc88..61385e686d49 100644
|
|||
#ifndef CONFIG_MODULE_SIG_FORCE
|
||||
module_param(sig_enforce, bool_enable_only, 0644);
|
||||
#endif /* !CONFIG_MODULE_SIG_FORCE */
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
From 259072b7a1c20f8612dcaa8e0e027004aa98f864 Mon Sep 17 00:00:00 2001
|
||||
From: Filipe Manana <fdmanana@suse.com>
|
||||
Date: Wed, 6 Jan 2016 22:42:35 +0000
|
||||
Subject: [PATCH 2/2] Btrfs: fix fitrim discarding device area reserved for
|
||||
boot loader's use
|
||||
|
||||
As of the 4.3 kernel release, the fitrim ioctl can now discard any region
|
||||
of a disk that is not allocated to any chunk/block group, including the
|
||||
first megabyte which is used for our primary superblock and by the boot
|
||||
loader (grub for example).
|
||||
|
||||
Fix this by not allowing to trim/discard any region in the device starting
|
||||
with an offset not greater than min(alloc_start_mount_option, 1Mb), just
|
||||
as it was not possible before 4.3.
|
||||
|
||||
A reproducer test case for xfstests follows.
|
||||
|
||||
seq=`basename $0`
|
||||
seqres=$RESULT_DIR/$seq
|
||||
echo "QA output created by $seq"
|
||||
tmp=/tmp/$$
|
||||
status=1 # failure is the default!
|
||||
trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
|
||||
_cleanup()
|
||||
{
|
||||
cd /
|
||||
rm -f $tmp.*
|
||||
}
|
||||
|
||||
# get standard environment, filters and checks
|
||||
. ./common/rc
|
||||
. ./common/filter
|
||||
|
||||
# real QA test starts here
|
||||
_need_to_be_root
|
||||
_supported_fs btrfs
|
||||
_supported_os Linux
|
||||
_require_scratch
|
||||
|
||||
rm -f $seqres.full
|
||||
|
||||
_scratch_mkfs >>$seqres.full 2>&1
|
||||
|
||||
# Write to the [0, 64Kb[ and [68Kb, 1Mb[ ranges of the device. These ranges are
|
||||
# reserved for a boot loader to use (GRUB for example) and btrfs should never
|
||||
# use them - neither for allocating metadata/data nor should trim/discard them.
|
||||
# The range [64Kb, 68Kb[ is used for the primary superblock of the filesystem.
|
||||
$XFS_IO_PROG -c "pwrite -S 0xfd 0 64K" $SCRATCH_DEV | _filter_xfs_io
|
||||
$XFS_IO_PROG -c "pwrite -S 0xfd 68K 956K" $SCRATCH_DEV | _filter_xfs_io
|
||||
|
||||
# Now mount the filesystem and perform a fitrim against it.
|
||||
_scratch_mount
|
||||
_require_batched_discard $SCRATCH_MNT
|
||||
$FSTRIM_PROG $SCRATCH_MNT
|
||||
|
||||
# Now unmount the filesystem and verify the content of the ranges was not
|
||||
# modified (no trim/discard happened on them).
|
||||
_scratch_unmount
|
||||
echo "Content of the ranges [0, 64Kb] and [68Kb, 1Mb[ after fitrim:"
|
||||
od -t x1 -N $((64 * 1024)) $SCRATCH_DEV
|
||||
od -t x1 -j $((68 * 1024)) -N $((956 * 1024)) $SCRATCH_DEV
|
||||
|
||||
status=0
|
||||
exit
|
||||
|
||||
Reported-by: Vincent Petry <PVince81@yahoo.fr>
|
||||
Reported-by: Andrei Borzenkov <arvidjaar@gmail.com>
|
||||
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=109341
|
||||
Fixes: 499f377f49f0 (btrfs: iterate over unused chunk space in FITRIM)
|
||||
Cc: stable@vger.kernel.org # 4.3+
|
||||
Signed-off-by: Filipe Manana <fdmanana@suse.com>
|
||||
---
|
||||
fs/btrfs/volumes.c | 20 ++++++++++----------
|
||||
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
|
||||
index b816b3a2e118..96f8c827d563 100644
|
||||
--- a/fs/btrfs/volumes.c
|
||||
+++ b/fs/btrfs/volumes.c
|
||||
@@ -1208,6 +1208,15 @@ int find_free_dev_extent_start(struct btrfs_transaction *transaction,
|
||||
int ret;
|
||||
int slot;
|
||||
struct extent_buffer *l;
|
||||
+ u64 min_search_start;
|
||||
+
|
||||
+ /*
|
||||
+ * We don't want to overwrite the superblock on the drive nor any area
|
||||
+ * used by the boot loader (grub for example), so we make sure to start
|
||||
+ * at an offset of at least 1MB.
|
||||
+ */
|
||||
+ min_search_start = max(root->fs_info->alloc_start, 1024ull * 1024);
|
||||
+ search_start = max(search_start, min_search_start);
|
||||
|
||||
path = btrfs_alloc_path();
|
||||
if (!path)
|
||||
@@ -1348,18 +1357,9 @@ int find_free_dev_extent(struct btrfs_trans_handle *trans,
|
||||
struct btrfs_device *device, u64 num_bytes,
|
||||
u64 *start, u64 *len)
|
||||
{
|
||||
- struct btrfs_root *root = device->dev_root;
|
||||
- u64 search_start;
|
||||
-
|
||||
/* FIXME use last free of some kind */
|
||||
-
|
||||
- /*
|
||||
- * we don't want to overwrite the superblock on the drive,
|
||||
- * so we make sure to start at an offset of at least 1MB
|
||||
- */
|
||||
- search_start = max(root->fs_info->alloc_start, 1024ull * 1024);
|
||||
return find_free_dev_extent_start(trans->transaction, device,
|
||||
- num_bytes, search_start, start, len);
|
||||
+ num_bytes, 0, start, len);
|
||||
}
|
||||
|
||||
static int btrfs_free_dev_extent(struct btrfs_trans_handle *trans,
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,133 @@
|
|||
From 84ac7d370783d4819c5986da1c5d5c62d360dc8f Mon Sep 17 00:00:00 2001
|
||||
From: Mika Westerberg <mika.westerberg@linux.intel.com>
|
||||
Date: Wed, 7 Oct 2015 15:33:43 +0300
|
||||
Subject: [PATCH] HID: multitouch: Fetch feature reports on demand for Win8
|
||||
devices
|
||||
|
||||
Some newer Intel Skylake based Dell laptops with Win8 precision touchpad
|
||||
fail when initial feature reports are fetched from it. Below is an example
|
||||
output with some additional debug included:
|
||||
|
||||
i2c_hid i2c-DLL0704:01: Fetching the HID descriptor
|
||||
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=20 00
|
||||
i2c_hid i2c-DLL0704:01: HID Descriptor: 1e 00 00 01 99 02 21 00 24 ...
|
||||
...
|
||||
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
|
||||
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 38 02 23 00
|
||||
i2c_hid i2c-DLL0704:01: report (len=4): 04 00 08 05
|
||||
i2c_hid i2c-DLL0704:01: report id 13
|
||||
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
|
||||
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 3d 02 23 00
|
||||
i2c_hid i2c-DLL0704:01: failed to retrieve report from device.
|
||||
i2c_hid i2c-DLL0704:01: report id 7
|
||||
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
|
||||
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 37 02 23 00
|
||||
i2c_hid i2c-DLL0704:01: report (len=259): 03 01 07 fc 28 fe 84 40 ...
|
||||
i2c_hid i2c-DLL0704:01: report id 4
|
||||
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
|
||||
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 34 02 23 00
|
||||
|
||||
We manage to fetch few reports but then the touchpad dies:
|
||||
|
||||
i2c_designware i2c_designware.1: i2c_dw_handle_tx_abort: lost arbitration
|
||||
i2c_hid i2c-DLL0704:01: failed to retrieve report from device.
|
||||
|
||||
it eventually pulls the whole I2C bus low:
|
||||
|
||||
i2c_designware i2c_designware.1: controller timed out
|
||||
i2c_hid i2c-DLL0704:01: failed to set a report to device.
|
||||
|
||||
Fix this by preventing initial feature report retrieval for Win8 devices.
|
||||
Instead we fetch reports as needed in mt_feature_mapping(). This prevents
|
||||
fetching reports which might cause problems with the device in question.
|
||||
|
||||
Suggested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
|
||||
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Tested-by: Seth Forshee <seth.forshee@canonical.com>
|
||||
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
||||
---
|
||||
drivers/hid/hid-multitouch.c | 45 +++++++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 44 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
|
||||
index 426b2f1a3450..4afe8d78b366 100644
|
||||
--- a/drivers/hid/hid-multitouch.c
|
||||
+++ b/drivers/hid/hid-multitouch.c
|
||||
@@ -309,6 +309,41 @@ static struct attribute_group mt_attribute_group = {
|
||||
.attrs = sysfs_attrs
|
||||
};
|
||||
|
||||
+static void mt_get_feature(struct hid_device *hdev, struct hid_report *report)
|
||||
+{
|
||||
+ struct mt_device *td = hid_get_drvdata(hdev);
|
||||
+ int ret, size = hid_report_len(report);
|
||||
+ u8 *buf;
|
||||
+
|
||||
+ /*
|
||||
+ * Only fetch the feature report if initial reports are not already
|
||||
+ * been retrieved. Currently this is only done for Windows 8 touch
|
||||
+ * devices.
|
||||
+ */
|
||||
+ if (!(hdev->quirks & HID_QUIRK_NO_INIT_REPORTS))
|
||||
+ return;
|
||||
+ if (td->mtclass.name != MT_CLS_WIN_8)
|
||||
+ return;
|
||||
+
|
||||
+ buf = hid_alloc_report_buf(report, GFP_KERNEL);
|
||||
+ if (!buf)
|
||||
+ return;
|
||||
+
|
||||
+ ret = hid_hw_raw_request(hdev, report->id, buf, size,
|
||||
+ HID_FEATURE_REPORT, HID_REQ_GET_REPORT);
|
||||
+ if (ret < 0) {
|
||||
+ dev_warn(&hdev->dev, "failed to fetch feature %d\n",
|
||||
+ report->id);
|
||||
+ } else {
|
||||
+ ret = hid_report_raw_event(hdev, HID_FEATURE_REPORT, buf,
|
||||
+ size, 0);
|
||||
+ if (ret)
|
||||
+ dev_warn(&hdev->dev, "failed to report feature\n");
|
||||
+ }
|
||||
+
|
||||
+ kfree(buf);
|
||||
+}
|
||||
+
|
||||
static void mt_feature_mapping(struct hid_device *hdev,
|
||||
struct hid_field *field, struct hid_usage *usage)
|
||||
{
|
||||
@@ -327,6 +362,8 @@ static void mt_feature_mapping(struct hid_device *hdev,
|
||||
|
||||
break;
|
||||
case HID_DG_CONTACTMAX:
|
||||
+ mt_get_feature(hdev, field->report);
|
||||
+
|
||||
td->maxcontact_report_id = field->report->id;
|
||||
td->maxcontacts = field->value[0];
|
||||
if (!td->maxcontacts &&
|
||||
@@ -343,6 +380,7 @@ static void mt_feature_mapping(struct hid_device *hdev,
|
||||
break;
|
||||
}
|
||||
|
||||
+ mt_get_feature(hdev, field->report);
|
||||
if (field->value[usage->usage_index] == MT_BUTTONTYPE_CLICKPAD)
|
||||
td->is_buttonpad = true;
|
||||
|
||||
@@ -1026,8 +1064,13 @@ static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id)
|
||||
* reports. Fortunately, the Win8 spec says that all touches
|
||||
* should be sent during each report, making the initialization
|
||||
* of input reports unnecessary.
|
||||
+ *
|
||||
+ * In addition some touchpads do not behave well if we read
|
||||
+ * all feature reports from them. Instead we prevent
|
||||
+ * initial report fetching and then selectively fetch each
|
||||
+ * report we are interested in.
|
||||
*/
|
||||
- hdev->quirks |= HID_QUIRK_NO_INIT_INPUT_REPORTS;
|
||||
+ hdev->quirks |= HID_QUIRK_NO_INIT_REPORTS;
|
||||
|
||||
td = devm_kzalloc(&hdev->dev, sizeof(struct mt_device), GFP_KERNEL);
|
||||
if (!td) {
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||
Subject: [PATCH] KEYS: Add a system blacklist keyring
|
||||
Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
|
||||
|
||||
This adds an additional keyring that is used to store certificates that
|
||||
are blacklisted. This keyring is searched first when loading signed modules
|
||||
|
@ -9,72 +10,15 @@ useful in cases where third party certificates are used for module signing.
|
|||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
certs/system_keyring.c | 27 +++++++++++++++++++++++++++
|
||||
include/keys/system_keyring.h | 4 ++++
|
||||
init/Kconfig | 9 +++++++++
|
||||
kernel/module_signing.c | 12 ++++++++++++
|
||||
kernel/system_keyring.c | 17 +++++++++++++++++
|
||||
4 files changed, 42 insertions(+)
|
||||
3 files changed, 40 insertions(+)
|
||||
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 72665eb80692..2c7b80d31366 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index af09b4fb43d2..62f6fd191e4f 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1752,6 +1752,15 @@ config SYSTEM_TRUSTED_KEYRING
|
||||
|
||||
Keys in this keyring are used by module signature checking.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
|
||||
index be5b8fac4bd0..fed815fcdaf2 100644
|
||||
--- a/kernel/module_signing.c
|
||||
+++ b/kernel/module_signing.c
|
||||
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
|
||||
|
||||
pr_debug("Look up: \"%s\"\n", id);
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
|
||||
+ &key_type_asymmetric, id);
|
||||
+ if (!IS_ERR(key)) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key '%s' is in blacklist\n", id);
|
||||
+ key_ref_put(key);
|
||||
+ kfree(id);
|
||||
+ return ERR_PTR(-EKEYREJECTED);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
|
||||
&key_type_asymmetric, id);
|
||||
if (IS_ERR(key))
|
||||
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
|
||||
index 875f64e8935b..c15e93f5a418 100644
|
||||
--- a/kernel/system_keyring.c
|
||||
+++ b/kernel/system_keyring.c
|
||||
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
|
||||
index 2570598b784d..53733822993f 100644
|
||||
--- a/certs/system_keyring.c
|
||||
+++ b/certs/system_keyring.c
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
struct key *system_trusted_keyring;
|
||||
|
@ -90,7 +34,7 @@ index 875f64e8935b..c15e93f5a418 100644
|
|||
|
||||
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
|
||||
+
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
|
||||
+ KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
+ current_cred(),
|
||||
|
@ -106,3 +50,56 @@ index 875f64e8935b..c15e93f5a418 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
|
||||
+ if (!ret) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key is in the blacklist\n");
|
||||
+ ret = -EKEYREJECTED;
|
||||
+ goto error;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index b20cd885c1fd..51d8ddc60e0f 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -35,4 +35,8 @@ extern int system_verify_data(const void *data, unsigned long len,
|
||||
enum key_being_used_for usage);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 02da9f1fd9df..782d26f02885 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
|
||||
module verification, kexec image verification and firmware blob
|
||||
verification.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
From 05fd13592b60c3e9873f56705f80ff934e98b046 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 18 Jan 2016 10:53:31 +0000
|
||||
Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring()
|
||||
|
||||
This fixes CVE-2016-0728.
|
||||
|
||||
If a thread is asked to join as a session keyring the keyring that's already
|
||||
set as its session, we leak a keyring reference.
|
||||
|
||||
This can be tested with the following program:
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <keyutils.h>
|
||||
|
||||
int main(int argc, const char *argv[])
|
||||
{
|
||||
int i = 0;
|
||||
key_serial_t serial;
|
||||
|
||||
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
|
||||
"leaked-keyring");
|
||||
if (serial < 0) {
|
||||
perror("keyctl");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (keyctl(KEYCTL_SETPERM, serial,
|
||||
KEY_POS_ALL | KEY_USR_ALL) < 0) {
|
||||
perror("keyctl");
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < 100; i++) {
|
||||
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
|
||||
"leaked-keyring");
|
||||
if (serial < 0) {
|
||||
perror("keyctl");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
If, after the program has run, there something like the following line in
|
||||
/proc/keys:
|
||||
|
||||
3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
|
||||
|
||||
with a usage count of 100 * the number of times the program has been run,
|
||||
then the kernel is malfunctioning. If leaked-keyring has zero usages or
|
||||
has been garbage collected, then the problem is fixed.
|
||||
|
||||
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
RH-bugzilla: 1298036
|
||||
---
|
||||
security/keys/process_keys.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
|
||||
index 43b4cddbf2b3..7877e5cd4e23 100644
|
||||
--- a/security/keys/process_keys.c
|
||||
+++ b/security/keys/process_keys.c
|
||||
@@ -794,6 +794,7 @@ long join_session_keyring(const char *name)
|
||||
ret = PTR_ERR(keyring);
|
||||
goto error2;
|
||||
} else if (keyring == new->session_keyring) {
|
||||
+ key_put(keyring);
|
||||
ret = 0;
|
||||
goto error2;
|
||||
}
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 414c3c3d988d..d920a6be6c8b 100644
|
||||
index 85ef051ac6fb..a042b2ece788 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
@@ -600,6 +600,12 @@ typedef struct {
|
||||
u64 table;
|
||||
} efi_config_table_64_t;
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
|
@ -40,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
|
|||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
u32 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 62f6fd191e4f..648bb79d6b73 100644
|
||||
index 02da9f1fd9df..90c73a0564b1 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1906,6 +1906,15 @@ config MODULE_SIG_ALL
|
||||
@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
|
@ -62,26 +63,26 @@ index 62f6fd191e4f..648bb79d6b73 100644
|
|||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index 43c4c920f30a..3193574387ac 100644
|
||||
index d4988410b410..55e886239e7e 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -48,6 +48,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
|
||||
@@ -47,6 +47,7 @@ endif
|
||||
obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
|
||||
@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
obj-$(CONFIG_HAS_IOMEM) += memremap.o
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
# config_data.h contains the same information as ikconfig.h but gzipped.
|
||||
# Info from config_data can be extracted from /proc/config*
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..94b0eb38a284
|
||||
|
@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284
|
|||
+ return rc;
|
||||
+}
|
||||
+late_initcall(load_uefi_certs);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH] MODSIGN: Support not importing certs from db
|
||||
Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
|
@ -78,3 +79,6 @@ index 94b0eb38a284..ae28b974d49a 100644
|
|||
}
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -12,9 +12,9 @@ CONFIGFILES = \
|
|||
$(CFG)-armv7hl.config $(CFG)-armv7hl-lpae.config \
|
||||
$(CFG)-aarch64.config \
|
||||
$(CFG)-ppc64.config $(CFG)-ppc64p7.config $(CFG)-ppc64-debug.config \
|
||||
$(CFG)-ppc64le.config
|
||||
$(CFG)-ppc64le.config $(CFG)-ppc64le-debug.config
|
||||
|
||||
PLATFORMS = x86 x86_64 powerpc powerpc64 s390x arm arm64
|
||||
PLATFORMS = x86 x86_64 powerpc s390x arm arm64
|
||||
TEMPFILES = $(addprefix temp-, $(addsuffix -generic, $(PLATFORMS)))
|
||||
|
||||
configs: $(CONFIGFILES)
|
||||
|
@ -74,18 +74,12 @@ temp-x86_64-generic: temp-x86-64 temp-generic
|
|||
temp-x86_64-debug-generic: temp-x86-64 temp-debug-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
temp-powerpc-generic: config-powerpc-generic temp-generic
|
||||
temp-powerpc64-generic: config-powerpc64-generic temp-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
temp-powerpc-debug-generic: config-powerpc-generic temp-debug-generic
|
||||
temp-powerpc64-debug-generic: config-powerpc64-generic temp-debug-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
temp-powerpc64-generic: config-powerpc64 temp-powerpc-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
temp-powerpc64le-generic: config-powerpc64le temp-powerpc64-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
temp-s390-generic: config-s390x temp-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
|
@ -107,16 +101,19 @@ $(CFG)-x86_64.config: /dev/null temp-x86_64-generic
|
|||
$(CFG)-x86_64-debug.config: /dev/null temp-x86_64-debug-generic
|
||||
perl merge.pl $^ x86_64 > $@
|
||||
|
||||
$(CFG)-ppc64.config: /dev/null temp-powerpc64-generic
|
||||
$(CFG)-ppc64.config: config-powerpc64 temp-powerpc64-generic
|
||||
perl merge.pl $^ powerpc > $@
|
||||
|
||||
$(CFG)-ppc64-debug.config: temp-powerpc64-generic temp-powerpc-debug-generic
|
||||
$(CFG)-ppc64-debug.config: config-powerpc64 temp-powerpc64-debug-generic
|
||||
perl merge.pl $^ powerpc > $@
|
||||
|
||||
$(CFG)-ppc64p7.config: config-powerpc64p7 temp-powerpc64-generic
|
||||
perl merge.pl $^ powerpc > $@
|
||||
|
||||
$(CFG)-ppc64le.config: /dev/null temp-powerpc64le-generic
|
||||
$(CFG)-ppc64le.config: config-powerpc64le temp-powerpc64-generic
|
||||
perl merge.pl $^ powerpc > $@
|
||||
|
||||
$(CFG)-ppc64le-debug.config: config-powerpc64le temp-powerpc64-debug-generic
|
||||
perl merge.pl $^ powerpc > $@
|
||||
|
||||
$(CFG)-s390x.config: config-s390x temp-s390-generic
|
||||
|
|
|
@ -82,7 +82,3 @@ config-release:
|
|||
|
||||
@# Change defaults back to sane things.
|
||||
@perl -pi -e 's/CONFIG_MAXSMP=y/# CONFIG_MAXSMP is not set/' config-x86-generic
|
||||
|
||||
@perl -pi -e 's/CONFIG_SCHEDSTATS=y/# CONFIG_SCHEDSTATS is not set/' config-nodebug
|
||||
@perl -pi -e 's/CONFIG_LATENCYTOP=y/# CONFIG_LATENCYTOP is not set/' config-nodebug
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
|
||||
Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
|
||||
enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
|
@ -111,3 +113,6 @@ index b91c4da68365..98f5637304d1 100644
|
|||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
|
@ -36,3 +37,6 @@ index 53fe675f9bd7..b52c88860532 100644
|
|||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,140 @@
|
|||
From 4abc12dd59bed74aa1730c2b3129d1750604d530 Mon Sep 17 00:00:00 2001
|
||||
From: Alan Stern <stern@rowland.harvard.edu>
|
||||
Date: Mon, 3 Aug 2015 11:57:29 -0400
|
||||
Subject: [PATCH 2/2] SCSI: fix bug in scsi_dev_info_list matching
|
||||
|
||||
The "compatible" matching algorithm used for looking up old-style
|
||||
blacklist entries in a scsi_dev_info_list is buggy. The core of the
|
||||
algorithm looks like this:
|
||||
|
||||
if (memcmp(devinfo->vendor, vendor,
|
||||
min(max, strlen(devinfo->vendor))))
|
||||
/* not a match */
|
||||
|
||||
where max is the length of the device's vendor string after leading
|
||||
spaces have been removed but trailing spaces have not. Because of the
|
||||
min() computation, either entry could be a proper substring of the
|
||||
other and the code would still think that they match.
|
||||
|
||||
In the case originally reported, the device's vendor and product
|
||||
strings were "Inateck " and " ". These matched against
|
||||
the following entry in the global device list:
|
||||
|
||||
{"", "Scanner", "1.80", BLIST_NOLUN}
|
||||
|
||||
because "" is a substring of "Inateck " and "" (the result of removing
|
||||
leading spaces from the device's product string) is a substring of
|
||||
"Scanner". The mistaken match prevented the system from scanning and
|
||||
finding the device's second Logical Unit.
|
||||
|
||||
This patch fixes the problem by making two changes. First, the code
|
||||
for leading-space removal is hoisted out of the loop. (This means it
|
||||
will sometimes run unnecessarily, but since a large percentage of all
|
||||
lookups involve the "compatible" entries in global device list, this
|
||||
should be an overall improvement.) Second and more importantly, the
|
||||
patch removes trailing spaces and adds a check to verify that the two
|
||||
resulting strings are exactly the same length. This prevents matches
|
||||
where one entry is a proper substring of the other.
|
||||
|
||||
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
|
||||
Reported-by: Giulio Bernardi <ugilio@gmail.com>
|
||||
Tested-by: Giulio Bernardi <ugilio@gmail.com>
|
||||
Signed-off-by: James Bottomley <JBottomley@Odin.com>
|
||||
---
|
||||
drivers/scsi/scsi_devinfo.c | 69 +++++++++++++++++++++++----------------------
|
||||
1 file changed, 35 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
|
||||
index 2f49a224462d..2c1160c7ec92 100644
|
||||
--- a/drivers/scsi/scsi_devinfo.c
|
||||
+++ b/drivers/scsi/scsi_devinfo.c
|
||||
@@ -407,51 +407,52 @@ static struct scsi_dev_info_list *scsi_dev_info_list_find(const char *vendor,
|
||||
struct scsi_dev_info_list *devinfo;
|
||||
struct scsi_dev_info_list_table *devinfo_table =
|
||||
scsi_devinfo_lookup_by_key(key);
|
||||
+ size_t vmax, mmax;
|
||||
+ const char *vskip, *mskip;
|
||||
|
||||
if (IS_ERR(devinfo_table))
|
||||
return (struct scsi_dev_info_list *) devinfo_table;
|
||||
|
||||
+ /* Prepare for "compatible" matches */
|
||||
+
|
||||
+ /*
|
||||
+ * XXX why skip leading spaces? If an odd INQUIRY
|
||||
+ * value, that should have been part of the
|
||||
+ * scsi_static_device_list[] entry, such as " FOO"
|
||||
+ * rather than "FOO". Since this code is already
|
||||
+ * here, and we don't know what device it is
|
||||
+ * trying to work with, leave it as-is.
|
||||
+ */
|
||||
+ vmax = 8; /* max length of vendor */
|
||||
+ vskip = vendor;
|
||||
+ while (vmax > 0 && *vskip == ' ') {
|
||||
+ vmax--;
|
||||
+ vskip++;
|
||||
+ }
|
||||
+ /* Also skip trailing spaces */
|
||||
+ while (vmax > 0 && vskip[vmax - 1] == ' ')
|
||||
+ --vmax;
|
||||
+
|
||||
+ mmax = 16; /* max length of model */
|
||||
+ mskip = model;
|
||||
+ while (mmax > 0 && *mskip == ' ') {
|
||||
+ mmax--;
|
||||
+ mskip++;
|
||||
+ }
|
||||
+ while (mmax > 0 && mskip[mmax - 1] == ' ')
|
||||
+ --mmax;
|
||||
+
|
||||
list_for_each_entry(devinfo, &devinfo_table->scsi_dev_info_list,
|
||||
dev_info_list) {
|
||||
if (devinfo->compatible) {
|
||||
/*
|
||||
* Behave like the older version of get_device_flags.
|
||||
*/
|
||||
- size_t max;
|
||||
- /*
|
||||
- * XXX why skip leading spaces? If an odd INQUIRY
|
||||
- * value, that should have been part of the
|
||||
- * scsi_static_device_list[] entry, such as " FOO"
|
||||
- * rather than "FOO". Since this code is already
|
||||
- * here, and we don't know what device it is
|
||||
- * trying to work with, leave it as-is.
|
||||
- */
|
||||
- max = 8; /* max length of vendor */
|
||||
- while ((max > 0) && *vendor == ' ') {
|
||||
- max--;
|
||||
- vendor++;
|
||||
- }
|
||||
- /*
|
||||
- * XXX removing the following strlen() would be
|
||||
- * good, using it means that for a an entry not in
|
||||
- * the list, we scan every byte of every vendor
|
||||
- * listed in scsi_static_device_list[], and never match
|
||||
- * a single one (and still have to compare at
|
||||
- * least the first byte of each vendor).
|
||||
- */
|
||||
- if (memcmp(devinfo->vendor, vendor,
|
||||
- min(max, strlen(devinfo->vendor))))
|
||||
+ if (memcmp(devinfo->vendor, vskip, vmax) ||
|
||||
+ devinfo->vendor[vmax])
|
||||
continue;
|
||||
- /*
|
||||
- * Skip spaces again.
|
||||
- */
|
||||
- max = 16; /* max length of model */
|
||||
- while ((max > 0) && *model == ' ') {
|
||||
- max--;
|
||||
- model++;
|
||||
- }
|
||||
- if (memcmp(devinfo->model, model,
|
||||
- min(max, strlen(devinfo->model))))
|
||||
+ if (memcmp(devinfo->model, mskip, mmax) ||
|
||||
+ devinfo->model[mmax])
|
||||
continue;
|
||||
return devinfo;
|
||||
} else {
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,183 @@
|
|||
From 26d61e8347b27a981d647d3ea4ec8c7f462c1fcf Mon Sep 17 00:00:00 2001
|
||||
From: Alan Stern <stern@rowland.harvard.edu>
|
||||
Date: Mon, 3 Aug 2015 11:57:21 -0400
|
||||
Subject: [PATCH 1/2] SCSI: refactor device-matching code in scsi_devinfo.c
|
||||
|
||||
In drivers/scsi/scsi_devinfo.c, the scsi_dev_info_list_del_keyed() and
|
||||
scsi_get_device_flags_keyed() routines contain a large amount of
|
||||
duplicate code for finding vendor/product matches in a
|
||||
scsi_dev_info_list. This patch factors out the duplicate code and
|
||||
puts it in a separate function, scsi_dev_info_list_find().
|
||||
|
||||
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
|
||||
Suggested-by: Giulio Bernardi <ugilio@gmail.com>
|
||||
Signed-off-by: James Bottomley <JBottomley@Odin.com>
|
||||
---
|
||||
drivers/scsi/scsi_devinfo.c | 112 ++++++++++++++++----------------------------
|
||||
1 file changed, 41 insertions(+), 71 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
|
||||
index 9f77d23239a2..2f49a224462d 100644
|
||||
--- a/drivers/scsi/scsi_devinfo.c
|
||||
+++ b/drivers/scsi/scsi_devinfo.c
|
||||
@@ -390,25 +390,26 @@ int scsi_dev_info_list_add_keyed(int compatible, char *vendor, char *model,
|
||||
EXPORT_SYMBOL(scsi_dev_info_list_add_keyed);
|
||||
|
||||
/**
|
||||
- * scsi_dev_info_list_del_keyed - remove one dev_info list entry.
|
||||
+ * scsi_dev_info_list_find - find a matching dev_info list entry.
|
||||
* @vendor: vendor string
|
||||
* @model: model (product) string
|
||||
* @key: specify list to use
|
||||
*
|
||||
* Description:
|
||||
- * Remove and destroy one dev_info entry for @vendor, @model
|
||||
+ * Finds the first dev_info entry matching @vendor, @model
|
||||
* in list specified by @key.
|
||||
*
|
||||
- * Returns: 0 OK, -error on failure.
|
||||
+ * Returns: pointer to matching entry, or ERR_PTR on failure.
|
||||
**/
|
||||
-int scsi_dev_info_list_del_keyed(char *vendor, char *model, int key)
|
||||
+static struct scsi_dev_info_list *scsi_dev_info_list_find(const char *vendor,
|
||||
+ const char *model, int key)
|
||||
{
|
||||
- struct scsi_dev_info_list *devinfo, *found = NULL;
|
||||
+ struct scsi_dev_info_list *devinfo;
|
||||
struct scsi_dev_info_list_table *devinfo_table =
|
||||
scsi_devinfo_lookup_by_key(key);
|
||||
|
||||
if (IS_ERR(devinfo_table))
|
||||
- return PTR_ERR(devinfo_table);
|
||||
+ return (struct scsi_dev_info_list *) devinfo_table;
|
||||
|
||||
list_for_each_entry(devinfo, &devinfo_table->scsi_dev_info_list,
|
||||
dev_info_list) {
|
||||
@@ -452,25 +453,42 @@ int scsi_dev_info_list_del_keyed(char *vendor, char *model, int key)
|
||||
if (memcmp(devinfo->model, model,
|
||||
min(max, strlen(devinfo->model))))
|
||||
continue;
|
||||
- found = devinfo;
|
||||
+ return devinfo;
|
||||
} else {
|
||||
if (!memcmp(devinfo->vendor, vendor,
|
||||
sizeof(devinfo->vendor)) &&
|
||||
!memcmp(devinfo->model, model,
|
||||
sizeof(devinfo->model)))
|
||||
- found = devinfo;
|
||||
+ return devinfo;
|
||||
}
|
||||
- if (found)
|
||||
- break;
|
||||
}
|
||||
|
||||
- if (found) {
|
||||
- list_del(&found->dev_info_list);
|
||||
- kfree(found);
|
||||
- return 0;
|
||||
- }
|
||||
+ return ERR_PTR(-ENOENT);
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ * scsi_dev_info_list_del_keyed - remove one dev_info list entry.
|
||||
+ * @vendor: vendor string
|
||||
+ * @model: model (product) string
|
||||
+ * @key: specify list to use
|
||||
+ *
|
||||
+ * Description:
|
||||
+ * Remove and destroy one dev_info entry for @vendor, @model
|
||||
+ * in list specified by @key.
|
||||
+ *
|
||||
+ * Returns: 0 OK, -error on failure.
|
||||
+ **/
|
||||
+int scsi_dev_info_list_del_keyed(char *vendor, char *model, int key)
|
||||
+{
|
||||
+ struct scsi_dev_info_list *found;
|
||||
|
||||
- return -ENOENT;
|
||||
+ found = scsi_dev_info_list_find(vendor, model, key);
|
||||
+ if (IS_ERR(found))
|
||||
+ return PTR_ERR(found);
|
||||
+
|
||||
+ list_del(&found->dev_info_list);
|
||||
+ kfree(found);
|
||||
+ return 0;
|
||||
}
|
||||
EXPORT_SYMBOL(scsi_dev_info_list_del_keyed);
|
||||
|
||||
@@ -565,64 +583,16 @@ int scsi_get_device_flags_keyed(struct scsi_device *sdev,
|
||||
int key)
|
||||
{
|
||||
struct scsi_dev_info_list *devinfo;
|
||||
- struct scsi_dev_info_list_table *devinfo_table;
|
||||
+ int err;
|
||||
|
||||
- devinfo_table = scsi_devinfo_lookup_by_key(key);
|
||||
+ devinfo = scsi_dev_info_list_find(vendor, model, key);
|
||||
+ if (!IS_ERR(devinfo))
|
||||
+ return devinfo->flags;
|
||||
|
||||
- if (IS_ERR(devinfo_table))
|
||||
- return PTR_ERR(devinfo_table);
|
||||
+ err = PTR_ERR(devinfo);
|
||||
+ if (err != -ENOENT)
|
||||
+ return err;
|
||||
|
||||
- list_for_each_entry(devinfo, &devinfo_table->scsi_dev_info_list,
|
||||
- dev_info_list) {
|
||||
- if (devinfo->compatible) {
|
||||
- /*
|
||||
- * Behave like the older version of get_device_flags.
|
||||
- */
|
||||
- size_t max;
|
||||
- /*
|
||||
- * XXX why skip leading spaces? If an odd INQUIRY
|
||||
- * value, that should have been part of the
|
||||
- * scsi_static_device_list[] entry, such as " FOO"
|
||||
- * rather than "FOO". Since this code is already
|
||||
- * here, and we don't know what device it is
|
||||
- * trying to work with, leave it as-is.
|
||||
- */
|
||||
- max = 8; /* max length of vendor */
|
||||
- while ((max > 0) && *vendor == ' ') {
|
||||
- max--;
|
||||
- vendor++;
|
||||
- }
|
||||
- /*
|
||||
- * XXX removing the following strlen() would be
|
||||
- * good, using it means that for a an entry not in
|
||||
- * the list, we scan every byte of every vendor
|
||||
- * listed in scsi_static_device_list[], and never match
|
||||
- * a single one (and still have to compare at
|
||||
- * least the first byte of each vendor).
|
||||
- */
|
||||
- if (memcmp(devinfo->vendor, vendor,
|
||||
- min(max, strlen(devinfo->vendor))))
|
||||
- continue;
|
||||
- /*
|
||||
- * Skip spaces again.
|
||||
- */
|
||||
- max = 16; /* max length of model */
|
||||
- while ((max > 0) && *model == ' ') {
|
||||
- max--;
|
||||
- model++;
|
||||
- }
|
||||
- if (memcmp(devinfo->model, model,
|
||||
- min(max, strlen(devinfo->model))))
|
||||
- continue;
|
||||
- return devinfo->flags;
|
||||
- } else {
|
||||
- if (!memcmp(devinfo->vendor, vendor,
|
||||
- sizeof(devinfo->vendor)) &&
|
||||
- !memcmp(devinfo->model, model,
|
||||
- sizeof(devinfo->model)))
|
||||
- return devinfo->flags;
|
||||
- }
|
||||
- }
|
||||
/* nothing found, return nothing */
|
||||
if (key != SCSI_DEVINFO_GLOBAL)
|
||||
return 0;
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,7 +1,8 @@
|
|||
From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
|
||||
is restricted
|
||||
Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
|
||||
loading is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
|
@ -13,10 +14,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
|||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index 3b8963f21b36..a5ae6a7fef5e 100644
|
||||
index 739a4a6b3b9b..9ef2a020a7a9 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -44,6 +44,7 @@
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
|
@ -24,7 +25,7 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
|
|||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -255,7 +256,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
|
@ -33,3 +34,6 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
|
|||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
From 221255aee67ec1c752001080aafec0c4e9390d95 Mon Sep 17 00:00:00 2001
|
||||
From: Hannes Reinecke <hare@suse.de>
|
||||
Date: Tue, 1 Dec 2015 10:16:42 +0100
|
||||
Subject: scsi: ignore errors from scsi_dh_add_device()
|
||||
|
||||
device handler initialisation might fail due to a number of
|
||||
reasons. But as device_handlers are optional this shouldn't
|
||||
cause us to disable the device entirely.
|
||||
So just ignore errors from scsi_dh_add_device().
|
||||
|
||||
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com>
|
||||
Reviewed-by: Christoph Hellwig <hch@lst.de>
|
||||
Signed-off-by: Hannes Reinecke <hare@suse.de>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/scsi_sysfs.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
|
||||
index fc3cd26..d015374 100644
|
||||
--- a/drivers/scsi/scsi_sysfs.c
|
||||
+++ b/drivers/scsi/scsi_sysfs.c
|
||||
@@ -1120,11 +1120,12 @@ int scsi_sysfs_add_sdev(struct scsi_device *sdev)
|
||||
}
|
||||
|
||||
error = scsi_dh_add_device(sdev);
|
||||
- if (error) {
|
||||
+ if (error)
|
||||
+ /*
|
||||
+ * device_handler is optional, so any error can be ignored
|
||||
+ */
|
||||
sdev_printk(KERN_INFO, sdev,
|
||||
"failed to add device handler: %d\n", error);
|
||||
- return error;
|
||||
- }
|
||||
|
||||
device_enable_async_suspend(&sdev->sdev_dev);
|
||||
error = device_add(&sdev->sdev_dev);
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Sun, 3 May 2015 18:35:23 +0100
|
||||
Subject: [PATCH] arm64: acpi drop expert patch
|
||||
|
||||
---
|
||||
drivers/acpi/Kconfig | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
|
||||
index 114cf48085ab..70ba3ef9a37b 100644
|
||||
--- a/drivers/acpi/Kconfig
|
||||
+++ b/drivers/acpi/Kconfig
|
||||
@@ -5,7 +5,7 @@
|
||||
menuconfig ACPI
|
||||
bool "ACPI (Advanced Configuration and Power Interface) Support"
|
||||
depends on !IA64_HP_SIM
|
||||
- depends on IA64 || X86 || (ARM64 && EXPERT)
|
||||
+ depends on IA64 || X86 || ARM64
|
||||
depends on PCI
|
||||
select PNP
|
||||
default y
|
|
@ -1,7 +1,8 @@
|
|||
From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
|
||||
restricted
|
||||
Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
|
||||
loading is restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
|
@ -48,3 +49,6 @@ index efbc3f0c592b..071171be4b7f 100644
|
|||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
From 23688bf4f830a89866fd0ed3501e342a7360fe4f Mon Sep 17 00:00:00 2001
|
||||
From: Junichi Nomura <j-nomura@ce.jp.nec.com>
|
||||
Date: Tue, 22 Dec 2015 10:23:44 -0700
|
||||
Subject: [PATCH] block: ensure to split after potentially bouncing a bio
|
||||
|
||||
blk_queue_bio() does split then bounce, which makes the segment
|
||||
counting based on pages before bouncing and could go wrong. Move
|
||||
the split to after bouncing, like we do for blk-mq, and the we
|
||||
fix the issue of having the bio count for segments be wrong.
|
||||
|
||||
Fixes: 54efd50bfd87 ("block: make generic_make_request handle arbitrarily sized bios")
|
||||
Cc: stable@vger.kernel.org
|
||||
Tested-by: Artem S. Tashkinov <t.artem@lycos.com>
|
||||
Signed-off-by: Jens Axboe <axboe@fb.com>
|
||||
---
|
||||
block/blk-core.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/block/blk-core.c b/block/blk-core.c
|
||||
index 3636be469fa2..c487b94c59e3 100644
|
||||
--- a/block/blk-core.c
|
||||
+++ b/block/blk-core.c
|
||||
@@ -1689,8 +1689,6 @@ static blk_qc_t blk_queue_bio(struct request_queue *q, struct bio *bio)
|
||||
struct request *req;
|
||||
unsigned int request_count = 0;
|
||||
|
||||
- blk_queue_split(q, &bio, q->bio_split);
|
||||
-
|
||||
/*
|
||||
* low level driver can indicate that it wants pages above a
|
||||
* certain limit bounced to low memory (ie for highmem, or even
|
||||
@@ -1698,6 +1696,8 @@ static blk_qc_t blk_queue_bio(struct request_queue *q, struct bio *bio)
|
||||
*/
|
||||
blk_queue_bounce(q, &bio);
|
||||
|
||||
+ blk_queue_split(q, &bio, q->bio_split);
|
||||
+
|
||||
if (bio_integrity_enabled(bio) && bio_integrity_prep(bio)) {
|
||||
bio->bi_error = -EIO;
|
||||
bio_endio(bio);
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
From 43d10880aa4ac713cf73dbac428be9671ef1bf9d Mon Sep 17 00:00:00 2001
|
||||
From: David Sterba <dsterba@suse.com>
|
||||
Date: Mon, 30 Nov 2015 17:27:06 +0100
|
||||
Subject: [PATCH 1/2] btrfs: handle invalid num_stripes in sys_array
|
||||
|
||||
We can handle the special case of num_stripes == 0 directly inside
|
||||
btrfs_read_sys_array. The BUG_ON in btrfs_chunk_item_size is there to
|
||||
catch other unhandled cases where we fail to validate external data.
|
||||
|
||||
A crafted or corrupted image crashes at mount time:
|
||||
|
||||
BTRFS: device fsid 9006933e-2a9a-44f0-917f-514252aeec2c devid 1 transid 7 /dev/loop0
|
||||
BTRFS info (device loop0): disk space caching is enabled
|
||||
BUG: failure at fs/btrfs/ctree.h:337/btrfs_chunk_item_size()!
|
||||
Kernel panic - not syncing: BUG!
|
||||
CPU: 0 PID: 313 Comm: mount Not tainted 4.2.5-00657-ge047887-dirty #25
|
||||
Stack:
|
||||
637af890 60062489 602aeb2e 604192ba
|
||||
60387961 00000011 637af8a0 6038a835
|
||||
637af9c0 6038776b 634ef32b 00000000
|
||||
Call Trace:
|
||||
[<6001c86d>] show_stack+0xfe/0x15b
|
||||
[<6038a835>] dump_stack+0x2a/0x2c
|
||||
[<6038776b>] panic+0x13e/0x2b3
|
||||
[<6020f099>] btrfs_read_sys_array+0x25d/0x2ff
|
||||
[<601cfbbe>] open_ctree+0x192d/0x27af
|
||||
[<6019c2c1>] btrfs_mount+0x8f5/0xb9a
|
||||
[<600bc9a7>] mount_fs+0x11/0xf3
|
||||
[<600d5167>] vfs_kern_mount+0x75/0x11a
|
||||
[<6019bcb0>] btrfs_mount+0x2e4/0xb9a
|
||||
[<600bc9a7>] mount_fs+0x11/0xf3
|
||||
[<600d5167>] vfs_kern_mount+0x75/0x11a
|
||||
[<600d710b>] do_mount+0xa35/0xbc9
|
||||
[<600d7557>] SyS_mount+0x95/0xc8
|
||||
[<6001e884>] handle_syscall+0x6b/0x8e
|
||||
|
||||
Reported-by: Jiri Slaby <jslaby@suse.com>
|
||||
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||||
CC: stable@vger.kernel.org # 3.19+
|
||||
Signed-off-by: David Sterba <dsterba@suse.com>
|
||||
---
|
||||
fs/btrfs/volumes.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
|
||||
index 6fc735869c18..b816b3a2e118 100644
|
||||
--- a/fs/btrfs/volumes.c
|
||||
+++ b/fs/btrfs/volumes.c
|
||||
@@ -6399,6 +6399,14 @@ int btrfs_read_sys_array(struct btrfs_root *root)
|
||||
goto out_short_read;
|
||||
|
||||
num_stripes = btrfs_chunk_num_stripes(sb, chunk);
|
||||
+ if (!num_stripes) {
|
||||
+ printk(KERN_ERR
|
||||
+ "BTRFS: invalid number of stripes %u in sys_array at offset %u\n",
|
||||
+ num_stripes, cur_offset);
|
||||
+ ret = -EIO;
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
len = btrfs_chunk_item_size(num_stripes);
|
||||
if (cur_offset + len > array_size)
|
||||
goto out_short_read;
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -40,6 +40,8 @@ CONFIG_FB_SIMPLE=y
|
|||
CONFIG_HAVE_PERF_REGS=y
|
||||
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
|
||||
|
||||
CONFIG_ARM_PMU=y
|
||||
|
||||
# ARM AMBA generic HW
|
||||
CONFIG_ARM_AMBA=y
|
||||
CONFIG_KERNEL_MODE_NEON=y
|
||||
|
@ -64,6 +66,17 @@ CONFIG_RTC_DRV_PL031=y
|
|||
CONFIG_PL330_DMA=m
|
||||
CONFIG_GPIO_PL061=y
|
||||
CONFIG_USB_ISP1760=m
|
||||
CONFIG_ARM_PL172_MPMC=m
|
||||
|
||||
# HW crypto and rng
|
||||
CONFIG_ARM_CRYPTO=y
|
||||
CONFIG_CRYPTO_AES_ARM=y
|
||||
CONFIG_CRYPTO_AES_ARM_BS=y
|
||||
CONFIG_CRYPTO_SHA1_ARM=y
|
||||
CONFIG_CRYPTO_SHA256_ARM=y
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=y
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=y
|
||||
CONFIG_CRYPTO_SHA512_ARM=y
|
||||
|
||||
# ARM VExpress
|
||||
CONFIG_ARCH_VEXPRESS=y
|
||||
|
@ -106,6 +119,8 @@ CONFIG_OF_NET=y
|
|||
CONFIG_OF_OVERLAY=y
|
||||
CONFIG_OF_PCI_IRQ=m
|
||||
CONFIG_OF_PCI=m
|
||||
# CONFIG_PCI_HOST_GENERIC is not set
|
||||
# CONFIG_PCIE_IPROC is not set
|
||||
CONFIG_OF_RESERVED_MEM=y
|
||||
CONFIG_OF_RESOLVE=y
|
||||
CONFIG_PM_GENERIC_DOMAINS_OF=y
|
||||
|
@ -122,15 +137,6 @@ CONFIG_MAILBOX=y
|
|||
CONFIG_ARM_MHU=m
|
||||
# CONFIG_PL320_MBOX is not set
|
||||
|
||||
# HW crypto and rng
|
||||
CONFIG_ARM_CRYPTO=y
|
||||
CONFIG_CRYPTO_AES_ARM=m
|
||||
# CONFIG_CRYPTO_AES_ARM_BS is not set
|
||||
CONFIG_CRYPTO_SHA1_ARM=m
|
||||
CONFIG_CRYPTO_SHA256_ARM=m
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM=m
|
||||
# USB
|
||||
CONFIG_USB_OHCI_HCD_PLATFORM=m
|
||||
CONFIG_USB_EHCI_HCD_PLATFORM=m
|
||||
|
@ -213,6 +219,7 @@ CONFIG_I2C_MUX_GPIO=m
|
|||
CONFIG_I2C_MUX_PINCTRL=m
|
||||
CONFIG_I2C_MUX_PCA9541=m
|
||||
CONFIG_I2C_MUX_PCA954x=m
|
||||
CONFIG_I2C_MUX_REG=m
|
||||
|
||||
# spi
|
||||
CONFIG_SPI_PL022=m
|
||||
|
@ -280,6 +287,7 @@ CONFIG_VFIO_AMBA=m
|
|||
# CONFIG_KEYBOARD_OMAP4 is not set
|
||||
# CONFIG_KEYBOARD_BCM is not set
|
||||
# CONFIG_PHY_SAMSUNG_USB2 is not set
|
||||
# CONFIG_OMAP_GPMC_DEBUG is not set
|
||||
|
||||
### turn off things which make no sense on embedded SoC
|
||||
|
||||
|
@ -349,3 +357,6 @@ CONFIG_VFIO_AMBA=m
|
|||
# CONFIG_BMP085_SPI is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
# CONFIG_SPI_ROCKCHIP is not set
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
|
|
26
config-arm64
26
config-arm64
|
@ -18,6 +18,10 @@ CONFIG_ARCH_XGENE=y
|
|||
# CONFIG_ARCH_QCOM is not set
|
||||
# CONFIG_ARCH_SPRD is not set
|
||||
# CONFIG_ARCH_ZYNQMP is not set
|
||||
# CONFIG_ARCH_BCM_IPROC is not set
|
||||
# CONFIG_ARCH_BERLIN is not set
|
||||
# CONFIG_ARCH_ROCKCHIP is not set
|
||||
|
||||
|
||||
# Erratum
|
||||
CONFIG_ARM64_ERRATUM_826319=y
|
||||
|
@ -36,7 +40,10 @@ CONFIG_ARM_SMMU_V3=y
|
|||
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
|
||||
CONFIG_ARCH_REQUIRE_GPIOLIB=y
|
||||
CONFIG_ARM64_64K_PAGES=y
|
||||
# CONFIG_COMPAT is not set
|
||||
|
||||
CONFIG_ARM64_HW_AFDBM=y
|
||||
CONFIG_ARM64_PAN=y
|
||||
CONFIG_ARM64_LSE_ATOMICS=y
|
||||
|
||||
CONFIG_BCMA_POSSIBLE=y
|
||||
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
|
||||
|
@ -83,13 +90,13 @@ CONFIG_ACPI_NFIT=m
|
|||
CONFIG_PCC=y
|
||||
|
||||
CONFIG_ARM64_CRYPTO=y
|
||||
CONFIG_CRYPTO_SHA1_ARM64_CE=m
|
||||
CONFIG_CRYPTO_SHA2_ARM64_CE=m
|
||||
CONFIG_CRYPTO_SHA1_ARM64_CE=y
|
||||
CONFIG_CRYPTO_SHA2_ARM64_CE=y
|
||||
CONFIG_CRYPTO_GHASH_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE=y
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y
|
||||
CONFIG_CRYPTO_CRC32_ARM64=m
|
||||
CONFIG_CRYPTO_DEV_CCP=y
|
||||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
|
@ -138,6 +145,10 @@ CONFIG_AMD_XGBE_PHY=m
|
|||
# HiSilicon
|
||||
CONFIG_POWER_RESET_HISI=y
|
||||
CONFIG_HISI_THERMAL=m
|
||||
CONFIG_STUB_CLK_HI6220=y
|
||||
|
||||
# ThunderX
|
||||
# CONFIG_MDIO_OCTEON is not set
|
||||
|
||||
CONFIG_NET_VENDOR_MELLANOX=y
|
||||
CONFIG_MLX4_EN=m
|
||||
|
@ -165,3 +176,4 @@ CONFIG_ND_BLK=m
|
|||
CONFIG_DEBUG_SECTION_MISMATCH=y
|
||||
|
||||
# CONFIG_FSL_MC_BUS is not set
|
||||
# CONFIG_FUJITSU_ES is not set
|
||||
|
|
16
config-armv7
16
config-armv7
|
@ -25,8 +25,6 @@ CONFIG_SOC_OMAP3430=y
|
|||
CONFIG_SOC_TI81XX=y
|
||||
# CONFIG_MACH_NOKIA_RX51 is not set
|
||||
# CONFIG_MACH_OMAP_LDP is not set
|
||||
# CONFIG_MACH_OMAP3530_LV_SOM is not set
|
||||
# CONFIG_MACH_OMAP3_TORPEDO is not set
|
||||
# CONFIG_MACH_OMAP3517EVM is not set
|
||||
# CONFIG_MACH_OMAP3_PANDORA is not set
|
||||
|
||||
|
@ -284,6 +282,7 @@ CONFIG_PINCTRL_MSM8960=m
|
|||
CONFIG_PINCTRL_MSM8X74=m
|
||||
CONFIG_PINCTRL_MSM8916=m
|
||||
CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
|
||||
CONFIG_PINCTRL_QCOM_SSBI_PMIC=m
|
||||
CONFIG_COMMON_CLK_QCOM=m
|
||||
# CONFIG_MSM_GCC_8916 is not set
|
||||
# CONFIG_IPQ_LCC_806X is not set
|
||||
|
@ -339,6 +338,13 @@ CONFIG_SND_SOC_LPASS_PLATFORM=m
|
|||
CONFIG_SND_SOC_STORM=m
|
||||
CONFIG_PHY_QCOM_UFS=m
|
||||
CONFIG_HWSPINLOCK_QCOM=m
|
||||
CONFIG_QCOM_COINCELL=m
|
||||
CONFIG_USB_QCOM_8X16_PHY=m
|
||||
CONFIG_QCOM_SMD=m
|
||||
CONFIG_QCOM_SMD_RPM=m
|
||||
CONFIG_QCOM_SMEM=m
|
||||
CONFIG_REGULATOR_QCOM_SMD_RPM=m
|
||||
# CONFIG_QCOM_SMEM is not set
|
||||
|
||||
# i.MX
|
||||
# CONFIG_MXC_DEBUG_BOARD is not set
|
||||
|
@ -348,6 +354,7 @@ CONFIG_SOC_IMX53=y
|
|||
CONFIG_SOC_IMX6Q=y
|
||||
CONFIG_SOC_IMX6SL=y
|
||||
CONFIG_SOC_IMX6SX=y
|
||||
CONFIG_SOC_IMX6UL=y
|
||||
CONFIG_SOC_IMX7D=y
|
||||
# CONFIG_SOC_LS1021A is not set
|
||||
# CONFIG_SOC_VF610 is not set
|
||||
|
@ -371,6 +378,7 @@ CONFIG_NET_VENDOR_FREESCALE=y
|
|||
CONFIG_FEC=m
|
||||
# CONFIG_FSL_PQ_MDIO is not set
|
||||
# CONFIG_FSL_XGMAC_MDIO is not set
|
||||
CONFIG_KEYBOARD_SNVS_PWRKEY=m
|
||||
CONFIG_KEYBOARD_IMX=m
|
||||
CONFIG_KEYBOARD_STMPE=m
|
||||
CONFIG_TOUCHSCREEN_STMPE=m
|
||||
|
@ -404,6 +412,7 @@ CONFIG_RTC_DRV_SNVS=m
|
|||
CONFIG_FB_MXS=m
|
||||
# CONFIG_FB_MX3 is not set
|
||||
# CONFIG_FB_IMX is not set
|
||||
CONFIG_TOUCHSCREEN_IMX6UL_TSC=m
|
||||
|
||||
CONFIG_SND_IMX_SOC=m
|
||||
CONFIG_SND_SOC_FSL_ASOC_CARD=m
|
||||
|
@ -493,8 +502,6 @@ CONFIG_ARCH_EXYNOS4=y
|
|||
CONFIG_SOC_EXYNOS4212=y
|
||||
CONFIG_SOC_EXYNOS4412=y
|
||||
CONFIG_SOC_EXYNOS4415=y
|
||||
CONFIG_ARM_EXYNOS4210_CPUFREQ=y
|
||||
CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
|
||||
CONFIG_AK8975=m
|
||||
CONFIG_CM36651=m
|
||||
CONFIG_KEYBOARD_SAMSUNG=m
|
||||
|
@ -620,6 +627,7 @@ CONFIG_CADENCE_WATCHDOG=m
|
|||
CONFIG_REGULATOR_ISL9305=m
|
||||
CONFIG_EDAC_SYNOPSYS=m
|
||||
CONFIG_PINCTRL_ZYNQ=y
|
||||
CONFIG_AXI_DMAC=m
|
||||
|
||||
# Multi function devices
|
||||
CONFIG_MFD_88PM800=m
|
||||
|
|
|
@ -33,6 +33,7 @@ CONFIG_XZ_DEC_ARMTHUMB=y
|
|||
CONFIG_ARCH_HAS_TICK_BROADCAST=y
|
||||
CONFIG_IRQ_CROSSBAR=y
|
||||
CONFIG_IOMMU_IO_PGTABLE_LPAE=y
|
||||
CONFIG_CPU_SW_DOMAIN_PAN=y
|
||||
|
||||
# CONFIG_MCPM is not set
|
||||
# CONFIG_OABI_COMPAT is not set
|
||||
|
@ -141,7 +142,6 @@ CONFIG_XZ_DEC_ARM=y
|
|||
|
||||
CONFIG_PCI_HOST_GENERIC=y
|
||||
# CONFIG_PCI_LAYERSCAPE is not set
|
||||
# CONFIG_PCIE_IPROC is not set
|
||||
# Do NOT enable this, it breaks stuff and makes things go slow
|
||||
# CONFIG_UACCESS_WITH_MEMCPY is not set
|
||||
|
||||
|
@ -183,6 +183,7 @@ CONFIG_MACH_SUN7I=y
|
|||
CONFIG_MACH_SUN8I=y
|
||||
# CONFIG_MACH_SUN9I is not set
|
||||
CONFIG_SUNXI_SRAM=y
|
||||
CONFIG_DMA_SUN4I=m
|
||||
CONFIG_DMA_SUN6I=m
|
||||
CONFIG_SUNXI_WATCHDOG=m
|
||||
CONFIG_NET_VENDOR_ALLWINNER=y
|
||||
|
@ -215,6 +216,8 @@ CONFIG_MTD_NAND_SUNXI=m
|
|||
CONFIG_SERIO_SUN4I_PS2=m
|
||||
CONFIG_KEYBOARD_SUN4I_LRADC=m
|
||||
CONFIG_PWM_SUN4I=m
|
||||
CONFIG_USB_MUSB_SUNXI=m
|
||||
CONFIG_CRYPTO_DEV_SUN4I_SS=m
|
||||
|
||||
# Exynos
|
||||
CONFIG_ARCH_EXYNOS3=y
|
||||
|
@ -229,8 +232,6 @@ CONFIG_SOC_EXYNOS5410=y
|
|||
CONFIG_SOC_EXYNOS5800=y
|
||||
CONFIG_SERIAL_SAMSUNG=y
|
||||
CONFIG_SERIAL_SAMSUNG_CONSOLE=y
|
||||
CONFIG_ARM_EXYNOS_CPUFREQ=m
|
||||
CONFIG_ARM_EXYNOS5250_CPUFREQ=y
|
||||
CONFIG_ARM_EXYNOS5440_CPUFREQ=m
|
||||
CONFIG_ARM_EXYNOS_CPU_FREQ_BOOST_SW=y
|
||||
# CONFIG_ARM_EXYNOS_CPUIDLE is not set
|
||||
|
@ -352,6 +353,9 @@ CONFIG_DRM_ROCKCHIP=m
|
|||
CONFIG_ROCKCHIP_DW_HDMI=m
|
||||
CONFIG_PHY_ROCKCHIP_USB=m
|
||||
CONFIG_DWMAC_ROCKCHIP=m
|
||||
CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
|
||||
CONFIG_SND_SOC_ROCKCHIP_RT5645=m
|
||||
CONFIG_REGULATOR_ACT8865=m
|
||||
|
||||
# Tegra
|
||||
CONFIG_ARCH_TEGRA_114_SOC=y
|
||||
|
@ -393,6 +397,8 @@ CONFIG_TEGRA_SOCTHERM=m
|
|||
CONFIG_TEGRA_MC=y
|
||||
CONFIG_TEGRA124_EMC=y
|
||||
CONFIG_ARM_TEGRA_DEVFREQ=m
|
||||
# CONFIG_ARM_TEGRA20_CPUFREQ is not set
|
||||
CONFIG_ARM_TEGRA124_CPUFREQ=m
|
||||
|
||||
# Jetson TK1
|
||||
CONFIG_PINCTRL_AS3722=y
|
||||
|
@ -457,6 +463,7 @@ CONFIG_COMMON_CLK_SI5351=m
|
|||
CONFIG_RTC_DRV_ARMADA38X=m
|
||||
# CONFIG_CACHE_FEROCEON_L2 is not set
|
||||
# CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
|
||||
CONFIG_LEDS_NS2=m
|
||||
|
||||
# DRM panels
|
||||
CONFIG_DRM_PANEL=y
|
||||
|
@ -464,6 +471,9 @@ CONFIG_DRM_PANEL_SIMPLE=m
|
|||
CONFIG_DRM_PANEL_LD9040=m
|
||||
CONFIG_DRM_PANEL_S6E8AA0=m
|
||||
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
|
||||
CONFIG_DRM_PANEL_LG_LG4573=m
|
||||
CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
|
||||
CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
|
||||
CONFIG_DRM_DW_HDMI=m
|
||||
|
||||
# regmap
|
||||
|
@ -718,6 +728,7 @@ CONFIG_REGULATOR_DA9211=m
|
|||
CONFIG_REGULATOR_ISL9305=m
|
||||
CONFIG_REGULATOR_MAX77802=m
|
||||
CONFIG_REGULATOR_PWM=m
|
||||
# CONFIG_REGULATOR_MT6311 is not set
|
||||
CONFIG_SENSORS_LTC2978_REGULATOR=y
|
||||
|
||||
CONFIG_POWER_AVS=y
|
||||
|
@ -748,6 +759,7 @@ CONFIG_SENSORS_ISL29028=m
|
|||
CONFIG_SENSORS_LIS3_SPI=m
|
||||
CONFIG_SENSORS_LM70=m
|
||||
CONFIG_SENSORS_MAX1111=m
|
||||
CONFIG_MPL3115=m
|
||||
CONFIG_SI7005=m
|
||||
CONFIG_SI7020=m
|
||||
|
||||
|
@ -856,6 +868,7 @@ CONFIG_R8188EU=m
|
|||
# CONFIG_DRM_TILCDC is not set
|
||||
# CONFIG_DRM_IMX is not set
|
||||
# CONFIG_DRM_STI is not set
|
||||
# CONFIG_DRM_FSL_DCU is not set
|
||||
# CONFIG_AHCI_IMX is not set
|
||||
# CONFIG_IMX_THERMAL is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
|
|
|
@ -12,6 +12,7 @@ CONFIG_ARCH_KEYSTONE=y
|
|||
# CONFIG_ARCH_AXXIA is not set
|
||||
|
||||
CONFIG_ARM_LPAE=y
|
||||
# CONFIG_CPU_SW_DOMAIN_PAN is not set
|
||||
CONFIG_SYS_SUPPORTS_HUGETLBFS=y
|
||||
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
|
||||
CONFIG_ARM_VIRT_EXT=y
|
||||
|
|
|
@ -90,7 +90,7 @@ CONFIG_RTLWIFI_DEBUG=y
|
|||
CONFIG_DEBUG_OBJECTS_WORK=y
|
||||
|
||||
CONFIG_DMADEVICES_DEBUG=y
|
||||
CONFIG_DMADEVICES_VDEBUG=y
|
||||
# CONFIG_DMADEVICES_VDEBUG is not set
|
||||
|
||||
CONFIG_PM_ADVANCED_DEBUG=y
|
||||
|
||||
|
|
|
@ -51,8 +51,10 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
|
|||
CONFIG_KALLSYMS=y
|
||||
CONFIG_KALLSYMS_ALL=y
|
||||
CONFIG_FUTEX=y
|
||||
# CONFIG_FAIL_FUTEX is not set
|
||||
CONFIG_EPOLL=y
|
||||
CONFIG_BPF_SYSCALL=y
|
||||
CONFIG_USERFAULTFD=y
|
||||
CONFIG_IOSCHED_NOOP=y
|
||||
CONFIG_IOSCHED_DEADLINE=y
|
||||
CONFIG_IOSCHED_CFQ=y
|
||||
|
@ -67,6 +69,7 @@ CONFIG_NET_NS=y
|
|||
CONFIG_USER_NS=y
|
||||
|
||||
CONFIG_POSIX_MQUEUE=y
|
||||
CONFIG_KDBUS=m
|
||||
# CONFIG_PREEMPT_NONE is not set
|
||||
CONFIG_PREEMPT_VOLUNTARY=y
|
||||
# CONFIG_PREEMPT is not set
|
||||
|
@ -143,6 +146,8 @@ CONFIG_MMC_TIFM_SD=m
|
|||
CONFIG_MMC_WBSD=m
|
||||
CONFIG_MMC_VIA_SDMMC=m
|
||||
CONFIG_MMC_SDHCI_PLTFM=m
|
||||
# CONFIG_MMC_SDHCI_OF is not set
|
||||
# CONFIG_MMC_SDHCI_OF_AT91 is not set
|
||||
CONFIG_MMC_CB710=m
|
||||
CONFIG_MMC_RICOH_MMC=y
|
||||
CONFIG_MMC_USHC=m
|
||||
|
@ -172,10 +177,12 @@ CONFIG_INFINIBAND_SRPT=m
|
|||
CONFIG_INFINIBAND_USER_MAD=m
|
||||
CONFIG_INFINIBAND_USER_ACCESS=m
|
||||
CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
|
||||
CONFIG_INFINIBAND_IPATH=m
|
||||
# Deprecated and moved to staging
|
||||
# CONFIG_INFINIBAND_IPATH is not set
|
||||
CONFIG_INFINIBAND_ISER=m
|
||||
CONFIG_INFINIBAND_ISERT=m
|
||||
CONFIG_INFINIBAND_AMSO1100=m
|
||||
# Deprecated and moved to staging
|
||||
# CONFIG_INFINIBAND_AMSO1100 is not set
|
||||
# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
|
||||
CONFIG_INFINIBAND_CXGB3=m
|
||||
CONFIG_INFINIBAND_CXGB4=m
|
||||
|
@ -320,6 +327,8 @@ CONFIG_MTD_CFI_I2=y
|
|||
# CONFIG_MTD_NAND_ECC_BCH is not set
|
||||
# CONFIG_MTD_NAND_DISKONCHIP is not set
|
||||
# CONFIG_MTD_NAND_HISI504 is not set
|
||||
# CONFIG_MTD_NAND_DENALI_PCI is not set
|
||||
# CONFIG_MTD_NAND_DENALI_DT is not set
|
||||
# CONFIG_MTD_LPDDR is not set
|
||||
CONFIG_MTD_UBI=m
|
||||
CONFIG_MTD_UBI_WL_THRESHOLD=4096
|
||||
|
@ -349,6 +358,7 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
|
|||
# CONFIG_ND_BLK is not set
|
||||
# CONFIG_BTT is not set
|
||||
|
||||
# CONFIG_NVMEM is not set
|
||||
|
||||
#
|
||||
# Block devices
|
||||
|
@ -382,6 +392,7 @@ CONFIG_BLK_DEV_RAM_SIZE=16384
|
|||
CONFIG_BLK_DEV_PMEM=m
|
||||
CONFIG_BLK_DEV_INITRD=y
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
CONFIG_BLK_DEV_RAM_DAX=y
|
||||
|
||||
CONFIG_BLK_DEV_BSG=y
|
||||
CONFIG_BLK_DEV_BSGLIB=y
|
||||
|
@ -818,6 +829,7 @@ CONFIG_IP_VS_PROTO_ESP=y
|
|||
CONFIG_IP_VS_PROTO_AH=y
|
||||
CONFIG_IP_VS_PROTO_SCTP=y
|
||||
CONFIG_IP_VS_FO=m
|
||||
CONFIG_IP_VS_OVF=m
|
||||
CONFIG_IP_VS_IPV6=y
|
||||
CONFIG_IP_VS_RR=m
|
||||
CONFIG_IP_VS_WRR=m
|
||||
|
@ -846,6 +858,7 @@ CONFIG_INET6_AH=m
|
|||
CONFIG_INET6_ESP=m
|
||||
CONFIG_INET6_IPCOMP=m
|
||||
CONFIG_IPV6_MIP6=y
|
||||
CONFIG_IPV6_ILA=m
|
||||
CONFIG_IPV6_VTI=m
|
||||
CONFIG_IPV6_SIT=m
|
||||
CONFIG_IPV6_SIT_6RD=y
|
||||
|
@ -1073,8 +1086,12 @@ CONFIG_NFT_REJECT=m
|
|||
CONFIG_NFT_COMPAT=m
|
||||
|
||||
CONFIG_NF_TABLES_IPV4=m
|
||||
CONFIG_NF_DUP_IPV4=m
|
||||
CONFIG_NF_DUP_IPV6=m
|
||||
CONFIG_NF_REJECT_IPV6=m
|
||||
CONFIG_NFT_REJECT_IPV4=m
|
||||
CONFIG_NFT_DUP_IPV4=m
|
||||
CONFIG_NFT_DUP_IPV6=m
|
||||
CONFIG_NFT_CHAIN_ROUTE_IPV4=m
|
||||
CONFIG_NFT_CHAIN_NAT_IPV4=m
|
||||
CONFIG_NF_TABLES_ARP=m
|
||||
|
@ -1262,6 +1279,7 @@ CONFIG_BATMAN_ADV_MCAST=y
|
|||
|
||||
# CONFIG_BATMAN_ADV_DEBUG is not set
|
||||
CONFIG_OPENVSWITCH=m
|
||||
CONFIG_OPENVSWITCH_CONNTRACK=y
|
||||
CONFIG_OPENVSWITCH_GRE=y
|
||||
CONFIG_OPENVSWITCH_VXLAN=y
|
||||
CONFIG_OPENVSWITCH_GENEVE=y
|
||||
|
@ -1300,6 +1318,7 @@ CONFIG_TUN=m
|
|||
# CONFIG_TUN_VNET_CROSS_LE is not set
|
||||
CONFIG_VETH=m
|
||||
CONFIG_NLMON=m
|
||||
CONFIG_NET_VRF=m
|
||||
|
||||
#
|
||||
# ATM
|
||||
|
@ -1353,6 +1372,8 @@ CONFIG_L2TP_ETH=m
|
|||
|
||||
# CONFIG_CAIF is not set
|
||||
|
||||
CONFIG_LWTUNNEL=y
|
||||
|
||||
CONFIG_RFKILL=m
|
||||
CONFIG_RFKILL_GPIO=m
|
||||
CONFIG_RFKILL_INPUT=y
|
||||
|
@ -1574,6 +1595,9 @@ CONFIG_SUNGEM=m
|
|||
CONFIG_CASSINI=m
|
||||
CONFIG_NIU=m
|
||||
|
||||
# CONFIG_NET_VENDOR_SYNOPSYS is not set
|
||||
# CONFIG_SYNOPSYS_DWC_ETH_QOS is not set
|
||||
|
||||
CONFIG_NET_VENDOR_TEHUTI=y
|
||||
CONFIG_TEHUTI=m
|
||||
|
||||
|
@ -1600,6 +1624,7 @@ CONFIG_BCM87XX_PHY=m
|
|||
CONFIG_CICADA_PHY=m
|
||||
CONFIG_DAVICOM_PHY=m
|
||||
CONFIG_DP83640_PHY=m
|
||||
CONFIG_MICROCHIP_PHY=m
|
||||
CONFIG_FIXED_PHY=y
|
||||
CONFIG_MDIO_BITBANG=m
|
||||
CONFIG_MDIO_BCM_UNIMAC=m
|
||||
|
@ -1617,7 +1642,10 @@ CONFIG_STE10XP=m
|
|||
CONFIG_VITESSE_PHY=m
|
||||
CONFIG_MICREL_PHY=m
|
||||
CONFIG_DP83867_PHY=m
|
||||
CONFIG_DP83848_PHY=m
|
||||
# CONFIG_MICREL_KS8995MA is not set
|
||||
CONFIG_AQUANTIA_PHY=m
|
||||
CONFIG_TERANETICS_PHY=m
|
||||
|
||||
CONFIG_MII=m
|
||||
CONFIG_NET_CORE=y
|
||||
|
@ -1632,6 +1660,7 @@ CONFIG_BCMGENET=m
|
|||
CONFIG_BNX2=m
|
||||
CONFIG_BNX2X=m
|
||||
CONFIG_BNX2X_SRIOV=y
|
||||
CONFIG_BNX2X_VXLAN=y
|
||||
CONFIG_CNIC=m
|
||||
CONFIG_FEALNX=m
|
||||
CONFIG_ETHOC=m
|
||||
|
@ -1649,6 +1678,7 @@ CONFIG_JME=m
|
|||
# CONFIG_MLX4_EN is not set
|
||||
# CONFIG_MLX4_EN_VXLAN is not set
|
||||
# CONFIG_MLX5_CORE is not set
|
||||
# CONFIG_MLXSW_CORE is not set
|
||||
# CONFIG_SFC is not set
|
||||
|
||||
# CONFIG_FDDI is not set
|
||||
|
@ -1861,6 +1891,7 @@ CONFIG_USB_NET_RNDIS_WLAN=m
|
|||
CONFIG_USB_NET_KALMIA=m
|
||||
CONFIG_USB_NET_QMI_WWAN=m
|
||||
CONFIG_USB_NET_SMSC75XX=m
|
||||
CONFIG_USB_NET_CH9200=m
|
||||
# CONFIG_WL_TI is not set
|
||||
CONFIG_ZD1211RW=m
|
||||
# CONFIG_ZD1211RW_DEBUG is not set
|
||||
|
@ -1893,14 +1924,15 @@ CONFIG_IEEE802154_SOCKET=m
|
|||
CONFIG_IEEE802154_6LOWPAN=m
|
||||
CONFIG_IEEE802154_DRIVERS=m
|
||||
CONFIG_IEEE802154_FAKELB=m
|
||||
CONFIG_IEEE802154_ATUSB=m
|
||||
CONFIG_IEEE802154_CC2520=m
|
||||
# CONFIG_IEEE802154_AT86RF230 is not set
|
||||
# CONFIG_IEEE802154_MRF24J40 is not set
|
||||
CONFIG_IEEE802154_ATUSB=m
|
||||
|
||||
CONFIG_MAC802154=m
|
||||
CONFIG_NET_MPLS_GSO=m
|
||||
CONFIG_MPLS_ROUTING=m
|
||||
CONFIG_MPLS_IPTUNNEL=m
|
||||
|
||||
CONFIG_NET_SWITCHDEV=y
|
||||
|
||||
|
@ -2017,6 +2049,7 @@ CONFIG_NFC_ST21NFCA_I2C=m
|
|||
# CONFIG_NFC_NCI_SPI is not set
|
||||
# CONFIG_NFC_NCI_UART is not set
|
||||
# CONFIG_NFC_ST_NCI is not set
|
||||
# CONFIG_NFC_S3FWRN5_I2C is not set
|
||||
|
||||
|
||||
#
|
||||
|
@ -2062,6 +2095,7 @@ CONFIG_WINBOND_FIR=m
|
|||
#
|
||||
CONFIG_BT=m
|
||||
CONFIG_BT_BREDR=y
|
||||
CONFIG_BT_HS=y
|
||||
CONFIG_BT_LE=y
|
||||
CONFIG_BT_6LOWPAN=m
|
||||
# CONFIG_BT_SELFTEST is not set
|
||||
|
@ -2090,6 +2124,7 @@ CONFIG_BT_HCIUART_ATH3K=y
|
|||
CONFIG_BT_HCIUART_3WIRE=y
|
||||
CONFIG_BT_HCIUART_INTEL=y
|
||||
CONFIG_BT_HCIUART_BCM=y
|
||||
CONFIG_BT_HCIUART_QCA=y
|
||||
CONFIG_BT_HCIDTL1=m
|
||||
CONFIG_BT_HCIBT3C=m
|
||||
CONFIG_BT_HCIBLUECARD=m
|
||||
|
@ -2103,6 +2138,7 @@ CONFIG_BT_HCIUART_LL=y
|
|||
CONFIG_BT_MRVL=m
|
||||
CONFIG_BT_MRVL_SDIO=m
|
||||
CONFIG_BT_ATH3K=m
|
||||
CONFIG_BT_QCA=m
|
||||
CONFIG_BT_WILINK=m
|
||||
|
||||
#
|
||||
|
@ -2420,6 +2456,7 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
|
|||
# CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set
|
||||
# CONFIG_TOUCHSCREEN_SX8654 is not set
|
||||
# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
|
||||
# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
|
||||
|
||||
CONFIG_INPUT_MISC=y
|
||||
CONFIG_INPUT_E3X0_BUTTON=m
|
||||
|
@ -2483,7 +2520,7 @@ CONFIG_SERIAL_8250=y
|
|||
CONFIG_SERIAL_8250_CONSOLE=y
|
||||
CONFIG_SERIAL_8250_CS=m
|
||||
CONFIG_SERIAL_8250_NR_UARTS=32
|
||||
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
|
||||
CONFIG_SERIAL_8250_RUNTIME_UARTS=32
|
||||
CONFIG_SERIAL_8250_EXTENDED=y
|
||||
CONFIG_SERIAL_8250_MANY_PORTS=y
|
||||
CONFIG_SERIAL_8250_SHARE_IRQ=y
|
||||
|
@ -2503,6 +2540,7 @@ CONFIG_SERIAL_JSM=m
|
|||
|
||||
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
|
||||
# CONFIG_SERIAL_ALTERA_UART is not set
|
||||
# CONFIG_SERIAL_UARTLITE is not set
|
||||
|
||||
#
|
||||
# Non-8250 serial port support
|
||||
|
@ -2542,6 +2580,7 @@ CONFIG_I2C_CHARDEV=m
|
|||
# CONFIG_I2C_MUX_GPIO is not set
|
||||
# CONFIG_I2C_MUX_PCA9541 is not set
|
||||
# CONFIG_I2C_MUX_PINCTRL is not set
|
||||
# CONFIG_I2C_MUX_REG is not set
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2570,6 +2609,7 @@ CONFIG_I2C_ALGOPCA=m
|
|||
# CONFIG_I2C_NFORCE2_S4985 is not set
|
||||
# CONFIG_I2C_EG20T is not set
|
||||
# CONFIG_I2C_CBUS_GPIO is not set
|
||||
# CONFIG_I2C_EMEV2 is not set
|
||||
CONFIG_I2C_VIPERBOARD=m
|
||||
|
||||
CONFIG_EEPROM_AT24=m
|
||||
|
@ -2761,6 +2801,7 @@ CONFIG_SENSORS_AD7314=m
|
|||
CONFIG_PMBUS=m
|
||||
CONFIG_SENSORS_PMBUS=m
|
||||
CONFIG_SENSORS_MAX16064=m
|
||||
CONFIG_SENSORS_MAX20751=m
|
||||
CONFIG_SENSORS_LM25066=m
|
||||
CONFIG_SENSORS_LTC2978=m
|
||||
CONFIG_SENSORS_MAX34440=m
|
||||
|
@ -2788,7 +2829,7 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m
|
|||
# CONFIG_AD5380 is not set
|
||||
# CONFIG_AD5064 is not set
|
||||
# CONFIG_BMA180 is not set
|
||||
# CONFIG_BMC150_ACCEL is not set
|
||||
CONFIG_BMC150_ACCEL=m
|
||||
# CONFIG_MAX1363 is not set
|
||||
# CONFIG_MAX517 is not set
|
||||
# CONFIG_MAX5821 is not set
|
||||
|
@ -2882,6 +2923,9 @@ CONFIG_ACPI_ALS=m
|
|||
CONFIG_KXCJK1013=m
|
||||
# CONFIG_ISL29125 is not set
|
||||
# CONFIG_JSA1212 is not set
|
||||
CONFIG_RPR0521=m
|
||||
CONFIG_OPT3001=m
|
||||
CONFIG_PA12203001=m
|
||||
# CONFIG_TCS3414 is not set
|
||||
# CONFIG_AK09911 is not set
|
||||
# CONFIG_T5403 is not set
|
||||
|
@ -3106,6 +3150,7 @@ CONFIG_RTC_DRV_PCF85063=m
|
|||
# CONFIG_RTC_DRV_ISL12057 is not set
|
||||
# CONFIG_RTC_DRV_XGENE is not set
|
||||
# CONFIG_RTC_DRV_ABB5ZES3 is not set
|
||||
# CONFIG_RTC_DRV_ZYNQMP is not set
|
||||
|
||||
CONFIG_R3964=m
|
||||
# CONFIG_APPLICOM is not set
|
||||
|
@ -3131,6 +3176,7 @@ CONFIG_VGA_ARB_MAX_GPUS=16
|
|||
|
||||
|
||||
CONFIG_DRM=m
|
||||
CONFIG_DRM_FBDEV_EMULATION=y
|
||||
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
|
||||
CONFIG_DRM_AST=m # do not enable on f17 or older
|
||||
CONFIG_DRM_CIRRUS_QEMU=m # do not enable on f17 or older
|
||||
|
@ -3159,6 +3205,8 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
|
|||
CONFIG_DRM_I2C_ADV7511=m
|
||||
CONFIG_DRM_I2C_CH7006=m
|
||||
CONFIG_DRM_I2C_SIL164=m
|
||||
# CONFIG_DRM_NXP_PTN3460 is not set
|
||||
# CONFIG_DRM_PARADE_PS8622 is not set
|
||||
CONFIG_DRM_I2C_NXP_TDA998X=m
|
||||
CONFIG_DRM_UDL=m
|
||||
CONFIG_DRM_VMWGFX=m
|
||||
|
@ -3171,6 +3219,7 @@ CONFIG_DRM_PS8622=m
|
|||
# CONFIG_DRM_PANEL is not set
|
||||
# CONFIG_DRM_PANEL_SIMPLE is not set
|
||||
# CONFIG_DRM_PANEL_S6E8AA0 is not set
|
||||
# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set
|
||||
CONFIG_DRM_VGEM=m
|
||||
|
||||
#
|
||||
|
@ -3342,6 +3391,7 @@ CONFIG_DVB_FIREDTV=m
|
|||
CONFIG_DVB_NGENE=m
|
||||
CONFIG_DVB_DDBRIDGE=m
|
||||
CONFIG_DVB_SMIPCIE=m
|
||||
CONFIG_DVB_NETUP_UNIDVB=m
|
||||
CONFIG_DVB_USB_TECHNISAT_USB2=m
|
||||
CONFIG_DVB_USB_V2=m
|
||||
|
||||
|
@ -3443,6 +3493,7 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
|
|||
# CONFIG_VIDEO_SH_VEU is not set
|
||||
# CONFIG_VIDEO_RENESAS_VSP1 is not set
|
||||
# CONFIG_V4L_TEST_DRIVERS is not set
|
||||
# CONFIG_DVB_PLATFORM_DRIVERS is not set
|
||||
|
||||
#
|
||||
# Broadcom Crystal HD video decoder driver
|
||||
|
@ -3525,6 +3576,7 @@ CONFIG_FB_EFI=y
|
|||
# CONFIG_FB_UDL is not set
|
||||
# CONFIG_FB_GOLDFISH is not set
|
||||
# CONFIG_FB_OPENCORES is not set
|
||||
# CONFIG_FB_SM712 is not set
|
||||
|
||||
# CONFIG_FIRMWARE_EDID is not set
|
||||
|
||||
|
@ -3765,6 +3817,7 @@ CONFIG_USB_SL811_HCD_ISO=y
|
|||
# CONFIG_USB_SL811_CS is not set
|
||||
# CONFIG_USB_R8A66597_HCD is not set
|
||||
CONFIG_USB_XHCI_HCD=y
|
||||
# CONFIG_USB_XHCI_PLATFORM is not set
|
||||
# CONFIG_USB_MAX3421_HCD is not set
|
||||
|
||||
#
|
||||
|
@ -3873,6 +3926,7 @@ CONFIG_HID_EMS_FF=m
|
|||
CONFIG_HID_ELECOM=m
|
||||
CONFIG_HID_ELO=m
|
||||
CONFIG_HID_EZKEY=m
|
||||
CONFIG_HID_GEMBIRD=m
|
||||
CONFIG_HID_UCLOGIC=m
|
||||
CONFIG_HID_WALTOP=m
|
||||
CONFIG_HID_ACRUX=m
|
||||
|
@ -3976,6 +4030,7 @@ CONFIG_USB_KAWETH=m
|
|||
CONFIG_USB_PEGASUS=m
|
||||
CONFIG_USB_RTL8150=m
|
||||
CONFIG_USB_RTL8152=m
|
||||
CONFIG_USB_LAN78XX=m
|
||||
CONFIG_USB_USBNET=m
|
||||
CONFIG_USB_SPEEDTOUCH=m
|
||||
CONFIG_USB_NET_AX8817X=m
|
||||
|
@ -4260,6 +4315,7 @@ CONFIG_MFD_VIPERBOARD=m
|
|||
# CONFIG_MFD_RT5033 is not set
|
||||
# CONFIG_MFD_SKY81452 is not set
|
||||
# CONFIG_MFD_MAX77843 is not set
|
||||
# CONFIG_MFD_DA9062 is not set
|
||||
# CONFIG_EZX_PCAP is not set
|
||||
# CONFIG_INTEL_SOC_PMIC is not set
|
||||
|
||||
|
@ -4273,7 +4329,7 @@ CONFIG_MISC_FILESYSTEMS=y
|
|||
# CONFIG_EXT2_FS is not set
|
||||
# CONFIG_EXT3_FS is not set
|
||||
CONFIG_EXT4_FS=y
|
||||
CONFIG_EXT4_USE_FOR_EXT23=y
|
||||
CONFIG_EXT4_USE_FOR_EXT2=y
|
||||
CONFIG_EXT4_FS_POSIX_ACL=y
|
||||
CONFIG_EXT4_FS_SECURITY=y
|
||||
# CONFIG_EXT4_ENCRYPTION is not set
|
||||
|
@ -4310,7 +4366,7 @@ CONFIG_AUTOFS4_FS=y
|
|||
# CONFIG_EXOFS_FS is not set
|
||||
# CONFIG_EXOFS_DEBUG is not set
|
||||
CONFIG_NILFS2_FS=m
|
||||
# CONFIG_FS_DAX is not set
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_LOGFS is not set
|
||||
CONFIG_CEPH_FS=m
|
||||
CONFIG_CEPH_FSCACHE=y
|
||||
|
@ -4609,6 +4665,7 @@ CONFIG_HEADERS_CHECK=y
|
|||
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
|
||||
# CONFIG_DEBUG_LOCKDEP is not set
|
||||
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
|
||||
# CONFIG_STATIC_KEYS_SELFTEST is not set
|
||||
|
||||
# DEBUG options that don't get enabled/disabled with 'make debug/release'
|
||||
|
||||
|
@ -4846,6 +4903,7 @@ CONFIG_BACKLIGHT_LP855X=m
|
|||
# CONFIG_BACKLIGHT_GPIO is not set
|
||||
# CONFIG_BACKLIGHT_LV5207LP is not set
|
||||
# CONFIG_BACKLIGHT_BD6107 is not set
|
||||
# CONFIG_BACKLIGHT_PM8941_WLED is not set
|
||||
|
||||
CONFIG_LCD_CLASS_DEVICE=m
|
||||
CONFIG_LCD_PLATFORM=m
|
||||
|
@ -4879,6 +4937,7 @@ CONFIG_CGROUPS=y
|
|||
CONFIG_CGROUP_CPUACCT=y
|
||||
CONFIG_CGROUP_DEVICE=y
|
||||
CONFIG_CGROUP_FREEZER=y
|
||||
CONFIG_CGROUP_PIDS=y
|
||||
CONFIG_CGROUP_SCHED=y
|
||||
CONFIG_MEMCG=y
|
||||
CONFIG_MEMCG_SWAP=y
|
||||
|
@ -5065,6 +5124,10 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
|
|||
# CONFIG_SND_SOC_TS3A227E is not set
|
||||
# CONFIG_SND_SOC_XTFPGA_I2S is not set
|
||||
# CONFIG_SND_SOC_STA32X is not set
|
||||
# CONFIG_SND_SOC_CS4349 is not set
|
||||
# CONFIG_SND_SOC_GTM601 is not set
|
||||
# CONFIG_SND_SOC_STI_SAS is not set
|
||||
#
|
||||
|
||||
CONFIG_BALLOON_COMPACTION=y
|
||||
CONFIG_COMPACTION=y
|
||||
|
@ -5128,6 +5191,7 @@ CONFIG_DMA_ENGINE=y
|
|||
CONFIG_DW_DMAC_CORE=m
|
||||
CONFIG_DW_DMAC=m
|
||||
CONFIG_DW_DMAC_PCI=m
|
||||
# CONFIG_IDMA64 is not set
|
||||
# CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set
|
||||
# CONFIG_TIMB_DMA is not set
|
||||
# CONFIG_DMATEST is not set
|
||||
|
@ -5353,6 +5417,7 @@ CONFIG_STAGING_MEDIA=y
|
|||
# CONFIG_I2C_BCM2048 is not set
|
||||
# CONFIG_DT3155 is not set
|
||||
# CONFIG_PRISM2_USB is not set
|
||||
# CONFIG_MOST is not set
|
||||
CONFIG_USB_ATMEL=m
|
||||
# CONFIG_COMEDI is not set
|
||||
# CONFIG_PANEL is not set
|
||||
|
@ -5404,6 +5469,7 @@ CONFIG_USBIP_HOST=m
|
|||
# CONFIG_FB_SM7XX is not set
|
||||
# CONFIG_FB_TFT is not set
|
||||
# CONFIG_FB_SM750 is not set
|
||||
# CONFIG_STAGING_RDMA is not set
|
||||
# END OF STAGING
|
||||
|
||||
#
|
||||
|
@ -5481,6 +5547,8 @@ CONFIG_ZSMALLOC=y
|
|||
# CONFIG_ZSMALLOC_STAT is not set
|
||||
# CONFIG_PGTABLE_MAPPING is not set
|
||||
|
||||
# CONFIG_IDLE_PAGE_TRACKING is not set
|
||||
|
||||
# CONFIG_MDIO_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO_POLLED is not set
|
||||
|
@ -5528,6 +5596,7 @@ CONFIG_GPIO_VIPERBOARD=m
|
|||
# CONFIG_GPIO_MCP23S08 is not set
|
||||
# CONFIG_GPIO_XILINX is not set
|
||||
# CONFIG_GPIO_ALTERA is not set
|
||||
# CONFIG_GPIO_ZX is not set
|
||||
|
||||
# FIXME: Why?
|
||||
|
||||
|
@ -5568,6 +5637,7 @@ CONFIG_PSTORE_RAM=m
|
|||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_TEST_HEXDUMP is not set
|
||||
# CONFIG_TEST_RHASHTABLE is not set
|
||||
# CONFIG_TEST_STATIC_KEYS is not set
|
||||
|
||||
# CONFIG_AVERAGE is not set
|
||||
# CONFIG_VMXNET3 is not set
|
||||
|
|
|
@ -14,6 +14,7 @@ CONFIG_PPC_PSERIES=y
|
|||
# CONFIG_PPC_PMAC is not set
|
||||
# CONFIG_PPC_PMAC64 is not set
|
||||
# CONFIG_PPC_PS3 is not set
|
||||
CONFIG_HIBERNATION=n
|
||||
|
||||
CONFIG_EXTRA_TARGETS=""
|
||||
|
||||
|
@ -127,6 +128,7 @@ CONFIG_MTD_POWERNV_FLASH=m
|
|||
CONFIG_PPC_TRANSACTIONAL_MEM=y
|
||||
CONFIG_BLK_DEV_RSXX=m
|
||||
CONFIG_CXL=m
|
||||
CONFIG_CXLFLASH=m
|
||||
CONFIG_IBMEBUS=y
|
||||
CONFIG_EHEA=m
|
||||
CONFIG_INFINIBAND_EHCA=m
|
||||
|
@ -209,6 +211,7 @@ CONFIG_CAPI_EICON=y
|
|||
CONFIG_LEDS_TRIGGER_TIMER=m
|
||||
CONFIG_LEDS_TRIGGER_HEARTBEAT=m
|
||||
CONFIG_LEDS_TRIGGER_GPIO=m
|
||||
CONFIG_LEDS_POWERNV=m
|
||||
|
||||
CONFIG_USB_EHCI_HCD_PPC_OF=y
|
||||
CONFIG_USB_OHCI_HCD_PCI=y
|
||||
|
@ -358,6 +361,8 @@ CONFIG_I2C_MPC=m
|
|||
# CONFIG_NET_VENDOR_PASEMI is not set
|
||||
# CONFIG_NET_VENDOR_TOSHIBA is not set
|
||||
|
||||
CONFIG_MDIO_OCTEON=m
|
||||
|
||||
# CONFIG_OF_UNITTEST is not set
|
||||
# CONFIG_OF_OVERLAY is not set
|
||||
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
|
|
@ -1,3 +1,6 @@
|
|||
CONFIG_CPU_LITTLE_ENDIAN=y
|
||||
|
||||
CONFIG_POWER7_CPU=y
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
|
|
|
@ -201,6 +201,7 @@ CONFIG_VMCP=y
|
|||
CONFIG_SCHED_MC=y
|
||||
CONFIG_SCHED_BOOK=y
|
||||
CONFIG_SCHED_TOPOLOGY=y
|
||||
# CONFIG_NUMA is not set
|
||||
|
||||
# CONFIG_WARN_DYNAMIC_STACK is not set
|
||||
|
||||
|
@ -290,6 +291,7 @@ CONFIG_HOTPLUG_PCI_S390=y
|
|||
# CONFIG_SH_ETH is not set
|
||||
# CONFIG_NET_VENDOR_VIA is not set
|
||||
# CONFIG_IEEE802154_DRIVERS is not set
|
||||
# CONFIG_MDIO_OCTEON is not set
|
||||
|
||||
# CONFIG_FMC is not set
|
||||
|
||||
|
|
|
@ -4,6 +4,8 @@ CONFIG_X86_EXTENDED_PLATFORM=y
|
|||
|
||||
CONFIG_X86_GENERIC=y
|
||||
|
||||
# CONFIG_X86_LEGACY_VM86 is not set
|
||||
|
||||
CONFIG_HPET=y
|
||||
CONFIG_HPET_TIMER=y
|
||||
# CONFIG_HPET_MMAP is not set
|
||||
|
@ -34,9 +36,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
|
|||
CONFIG_X86_PAT=y
|
||||
CONFIG_X86_PM_TIMER=y
|
||||
|
||||
# This requires changes to binutils and the compiler. Plus you can't actually
|
||||
# buy hardware with MPX yet. So... leave it off until all of that seems set.
|
||||
# CONFIG_X86_INTEL_MPX is not set
|
||||
CONFIG_X86_INTEL_MPX=y
|
||||
|
||||
CONFIG_EFI=y
|
||||
CONFIG_EFI_STUB=y
|
||||
|
@ -111,6 +111,7 @@ CONFIG_XPOWER_PMIC_OPREGION=y
|
|||
CONFIG_GPIO_CRYSTAL_COVE=y
|
||||
CONFIG_AXP288_ADC=y
|
||||
CONFIG_AXP288_FUEL_GAUGE=y
|
||||
# CONFIG_PWM_CRC is not set
|
||||
|
||||
|
||||
CONFIG_X86_INTEL_PSTATE=y
|
||||
|
@ -133,6 +134,7 @@ CONFIG_CRYPTO_DEV_CCP=y
|
|||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
|
||||
|
||||
CONFIG_GENERIC_ISA_DMA=y
|
||||
|
||||
|
@ -310,6 +312,9 @@ CONFIG_XEN_PCIDEV_BACKEND=m
|
|||
CONFIG_XEN_ACPI_PROCESSOR=m
|
||||
# CONFIG_XEN_SCSI_FRONTEND is not set
|
||||
# CONFIG_XEN_SCSI_BACKEND is not set
|
||||
CONFIG_XEN_SYMS=y
|
||||
|
||||
CONFIG_SPI_PXA2XX=m
|
||||
|
||||
CONFIG_MTD_ESB2ROM=m
|
||||
CONFIG_MTD_CK804XROM=m
|
||||
|
@ -457,6 +462,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
|
|||
|
||||
CONFIG_HP_ACCEL=m
|
||||
|
||||
CONFIG_SURFACE_PRO3_BUTTON=m
|
||||
|
||||
# CONFIG_RAPIDIO is not set
|
||||
|
||||
CONFIG_SCHED_SMT=y
|
||||
|
@ -498,10 +505,14 @@ CONFIG_NFC_MICROREAD_MEI=m
|
|||
# CONFIG_X86_GOLDFISH is not set
|
||||
|
||||
CONFIG_X86_INTEL_LPSS=y
|
||||
CONFIG_IDMA64=m
|
||||
|
||||
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
|
||||
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
|
||||
|
||||
CONFIG_MFD_INTEL_LPSS_ACPI=m
|
||||
CONFIG_MFD_INTEL_LPSS_PCI=m
|
||||
|
||||
CONFIG_IOSF_MBI=m
|
||||
# CONFIG_IOSF_MBI_DEBUG is not set
|
||||
CONFIG_PWM_LPSS=m
|
||||
|
@ -536,6 +547,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
|
|||
CONFIG_INTEL_SOC_DTS_THERMAL=m
|
||||
CONFIG_INT340X_THERMAL=m
|
||||
CONFIG_INTEL_RAPL=m
|
||||
CONFIG_INTEL_PCH_THERMAL=m
|
||||
|
||||
CONFIG_VMWARE_VMCI=m
|
||||
CONFIG_VMWARE_VMCI_VSOCKETS=m
|
||||
|
@ -554,6 +566,8 @@ CONFIG_MODULE_SIG_ALL=y
|
|||
# CONFIG_MODULE_SIG_SHA1 is not set
|
||||
CONFIG_MODULE_SIG_SHA256=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
|
||||
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
||||
|
||||
|
@ -563,9 +577,11 @@ CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
|||
CONFIG_MODULE_SIG_UEFI=y
|
||||
|
||||
CONFIG_VMXNET3=m
|
||||
CONFIG_FUJITSU_ES=m
|
||||
CONFIG_VFIO_PCI_VGA=y
|
||||
|
||||
CONFIG_PCH_CAN=m
|
||||
|
||||
# CONFIG_X86_DEBUG_FPU is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_AMD_MCE_INJ is not set
|
||||
|
|
|
@ -86,6 +86,8 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
|
|||
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_DES3_EDE_X86_64=m
|
||||
CONFIG_CRYPTO_POLY1305_X86_64=m
|
||||
CONFIG_CRYPTO_CHACHA20_X86_64=m
|
||||
# staging crypto
|
||||
# CONFIG_CRYPTO_SKEIN is not set
|
||||
|
||||
|
@ -134,6 +136,7 @@ CONFIG_XEN_SYS_HYPERVISOR=y
|
|||
# CONFIG_XEN_MCE_LOG is not set
|
||||
# CONFIG_XEN_STUB is not set
|
||||
# CONFIG_XEN_PVH is not set
|
||||
CONFIG_XEN_512GB=y
|
||||
|
||||
CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
|
||||
|
||||
|
@ -199,6 +202,8 @@ CONFIG_BTT=y
|
|||
CONFIG_ND_BTT=m
|
||||
CONFIG_ND_BLK=m
|
||||
|
||||
CONFIG_MDIO_OCTEON=m
|
||||
|
||||
CONFIG_NO_HZ_FULL=y
|
||||
# CONFIG_NO_HZ_IDLE is not set
|
||||
# CONFIG_NO_HZ_FULL_ALL is not set
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 31e64826785b5bafef7a6361516c060be2bca253 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Thu, 20 May 2010 10:30:31 -0400
|
||||
Subject: [PATCH] disable i8042 check on apple mac
|
||||
|
@ -17,11 +18,11 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
|
|||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index 4022b75eaad7..1aaf06aa7b0f 100644
|
||||
index c9c98f0ab284..5137185e14a9 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -1506,6 +1506,22 @@ static struct platform_driver i8042_driver = {
|
||||
.shutdown = i8042_shutdown,
|
||||
@@ -1540,6 +1540,22 @@ static struct notifier_block i8042_kbd_bind_notifier_block = {
|
||||
.notifier_call = i8042_kbd_bind_notifier,
|
||||
};
|
||||
|
||||
+#ifdef CONFIG_DMI
|
||||
|
@ -43,7 +44,7 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
|
|||
static int __init i8042_init(void)
|
||||
{
|
||||
struct platform_device *pdev;
|
||||
@@ -1513,6 +1529,12 @@ static int __init i8042_init(void)
|
||||
@@ -1547,6 +1563,12 @@ static int __init i8042_init(void)
|
||||
|
||||
dbg_init();
|
||||
|
||||
|
@ -56,3 +57,6 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
|
|||
err = i8042_platform_init();
|
||||
if (err)
|
||||
return err;
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Jackson <ajax@redhat.com>
|
||||
Date: Wed, 13 Nov 2013 10:17:24 -0500
|
||||
Subject: [PATCH] drm/i915: hush check crtc state
|
||||
|
@ -14,15 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
|
||||
index 647b1404c441..e102a06f26e0 100644
|
||||
index ca9278be49f7..308ac0539a87 100644
|
||||
--- a/drivers/gpu/drm/i915/intel_display.c
|
||||
+++ b/drivers/gpu/drm/i915/intel_display.c
|
||||
@@ -12322,7 +12322,7 @@ check_crtc_state(struct drm_device *dev)
|
||||
|
||||
if (active &&
|
||||
!intel_pipe_config_compare(dev, crtc->config, &pipe_config)) {
|
||||
@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
|
||||
sw_config = to_intel_crtc_state(crtc->state);
|
||||
if (!intel_pipe_config_compare(dev, sw_config,
|
||||
pipe_config, false)) {
|
||||
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
|
||||
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
|
||||
intel_dump_pipe_config(crtc, &pipe_config,
|
||||
intel_dump_pipe_config(intel_crtc, pipe_config,
|
||||
"[hw state]");
|
||||
intel_dump_pipe_config(crtc, crtc->config,
|
||||
intel_dump_pipe_config(intel_crtc, sw_config,
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,204 @@
|
|||
From 424f582d0ec7f206dcc59d34c9a2fa1c8087a8aa Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Vetter <daniel.vetter@ffwll.ch>
|
||||
Date: Tue, 10 Nov 2015 17:37:31 +0100
|
||||
Subject: [PATCH] drm/nouveau: Fix pre-nv50 pageflip events (v4)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Apparently pre-nv50 pageflip events happen before the actual vblank
|
||||
period. Therefore that functionality got semi-disabled in
|
||||
|
||||
commit af4870e406126b7ac0ae7c7ce5751f25ebe60f28
|
||||
Author: Mario Kleiner <mario.kleiner.de@gmail.com>
|
||||
Date: Tue May 13 00:42:08 2014 +0200
|
||||
|
||||
drm/nouveau/kms/nv04-nv40: fix pageflip events via special case.
|
||||
|
||||
Unfortunately that hack got uprooted in
|
||||
|
||||
commit cc1ef118fc099295ae6aabbacc8af94d8d8885eb
|
||||
Author: Thierry Reding <treding@nvidia.com>
|
||||
Date: Wed Aug 12 17:00:31 2015 +0200
|
||||
|
||||
drm/irq: Make pipe unsigned and name consistent
|
||||
|
||||
Triggering a warning when trying to sample the vblank timestamp for a
|
||||
non-existing pipe. There's a few ways to fix this:
|
||||
|
||||
- Open-code the old behaviour, which just enshrines this slight
|
||||
breakage of the userspace ABI.
|
||||
|
||||
- Revert Mario's commit and again inflict broken timestamps, again not
|
||||
pretty.
|
||||
|
||||
- Fix this for real by delaying the pageflip TS until the next vblank
|
||||
interrupt, thereby making it accurate.
|
||||
|
||||
This patch implements the third option. Since having a page flip
|
||||
interrupt that happens when the pageflip gets armed and not when it
|
||||
completes in the next vblank seems to be fairly common (older i915 hw
|
||||
works very similarly) create a new helper to arm vblank events for
|
||||
such drivers.
|
||||
|
||||
v2 (Mario Kleiner):
|
||||
- Fix function prototypes in drmP.h
|
||||
- Add missing vblank_put() for pageflip completion without
|
||||
pageflip event.
|
||||
- Initialize sequence number for queued pageflip event to avoid
|
||||
trouble in drm_handle_vblank_events().
|
||||
- Remove dead code and spelling fix.
|
||||
|
||||
v3 (Mario Kleiner):
|
||||
- Add a signed-off-by and cc stable tag per Ilja's advice.
|
||||
|
||||
v4 (Thierry Reding):
|
||||
- Fix kerneldoc typo, discovered by Michel Dänzer
|
||||
- Rearrange tags and changelog
|
||||
|
||||
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=106431
|
||||
Cc: Thierry Reding <treding@nvidia.com>
|
||||
Cc: Mario Kleiner <mario.kleiner.de@gmail.com>
|
||||
Acked-by: Ben Skeggs <bskeggs@redhat.com>
|
||||
Cc: Ilia Mirkin <imirkin@alum.mit.edu>
|
||||
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
|
||||
Reviewed-by: Mario Kleiner <mario.kleiner.de@gmail.com>
|
||||
Cc: stable@vger.kernel.org # v4.3
|
||||
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
|
||||
Signed-off-by: Thierry Reding <treding@nvidia.com>
|
||||
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
||||
---
|
||||
drivers/gpu/drm/drm_irq.c | 54 ++++++++++++++++++++++++++++++-
|
||||
drivers/gpu/drm/nouveau/nouveau_display.c | 19 ++++++-----
|
||||
include/drm/drmP.h | 4 +++
|
||||
3 files changed, 68 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
|
||||
index 22d207e211e7..c5f20e41dcc6 100644
|
||||
--- a/drivers/gpu/drm/drm_irq.c
|
||||
+++ b/drivers/gpu/drm/drm_irq.c
|
||||
@@ -944,7 +944,8 @@ static void send_vblank_event(struct drm_device *dev,
|
||||
struct drm_pending_vblank_event *e,
|
||||
unsigned long seq, struct timeval *now)
|
||||
{
|
||||
- WARN_ON_SMP(!spin_is_locked(&dev->event_lock));
|
||||
+ assert_spin_locked(&dev->event_lock);
|
||||
+
|
||||
e->event.sequence = seq;
|
||||
e->event.tv_sec = now->tv_sec;
|
||||
e->event.tv_usec = now->tv_usec;
|
||||
@@ -957,6 +958,57 @@ static void send_vblank_event(struct drm_device *dev,
|
||||
}
|
||||
|
||||
/**
|
||||
+ * drm_arm_vblank_event - arm vblank event after pageflip
|
||||
+ * @dev: DRM device
|
||||
+ * @pipe: CRTC index
|
||||
+ * @e: the event to prepare to send
|
||||
+ *
|
||||
+ * A lot of drivers need to generate vblank events for the very next vblank
|
||||
+ * interrupt. For example when the page flip interrupt happens when the page
|
||||
+ * flip gets armed, but not when it actually executes within the next vblank
|
||||
+ * period. This helper function implements exactly the required vblank arming
|
||||
+ * behaviour.
|
||||
+ *
|
||||
+ * Caller must hold event lock. Caller must also hold a vblank reference for
|
||||
+ * the event @e, which will be dropped when the next vblank arrives.
|
||||
+ *
|
||||
+ * This is the legacy version of drm_crtc_arm_vblank_event().
|
||||
+ */
|
||||
+void drm_arm_vblank_event(struct drm_device *dev, unsigned int pipe,
|
||||
+ struct drm_pending_vblank_event *e)
|
||||
+{
|
||||
+ assert_spin_locked(&dev->event_lock);
|
||||
+
|
||||
+ e->pipe = pipe;
|
||||
+ e->event.sequence = drm_vblank_count(dev, pipe);
|
||||
+ list_add_tail(&e->base.link, &dev->vblank_event_list);
|
||||
+}
|
||||
+EXPORT_SYMBOL(drm_arm_vblank_event);
|
||||
+
|
||||
+/**
|
||||
+ * drm_crtc_arm_vblank_event - arm vblank event after pageflip
|
||||
+ * @crtc: the source CRTC of the vblank event
|
||||
+ * @e: the event to send
|
||||
+ *
|
||||
+ * A lot of drivers need to generate vblank events for the very next vblank
|
||||
+ * interrupt. For example when the page flip interrupt happens when the page
|
||||
+ * flip gets armed, but not when it actually executes within the next vblank
|
||||
+ * period. This helper function implements exactly the required vblank arming
|
||||
+ * behaviour.
|
||||
+ *
|
||||
+ * Caller must hold event lock. Caller must also hold a vblank reference for
|
||||
+ * the event @e, which will be dropped when the next vblank arrives.
|
||||
+ *
|
||||
+ * This is the native KMS version of drm_arm_vblank_event().
|
||||
+ */
|
||||
+void drm_crtc_arm_vblank_event(struct drm_crtc *crtc,
|
||||
+ struct drm_pending_vblank_event *e)
|
||||
+{
|
||||
+ drm_arm_vblank_event(crtc->dev, drm_crtc_index(crtc), e);
|
||||
+}
|
||||
+EXPORT_SYMBOL(drm_crtc_arm_vblank_event);
|
||||
+
|
||||
+/**
|
||||
* drm_send_vblank_event - helper to send vblank event after pageflip
|
||||
* @dev: DRM device
|
||||
* @pipe: CRTC index
|
||||
diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c
|
||||
index e905c00acf1a..54183bcca48f 100644
|
||||
--- a/drivers/gpu/drm/nouveau/nouveau_display.c
|
||||
+++ b/drivers/gpu/drm/nouveau/nouveau_display.c
|
||||
@@ -827,7 +827,6 @@ nouveau_finish_page_flip(struct nouveau_channel *chan,
|
||||
struct drm_device *dev = drm->dev;
|
||||
struct nouveau_page_flip_state *s;
|
||||
unsigned long flags;
|
||||
- int crtcid = -1;
|
||||
|
||||
spin_lock_irqsave(&dev->event_lock, flags);
|
||||
|
||||
@@ -839,15 +838,19 @@ nouveau_finish_page_flip(struct nouveau_channel *chan,
|
||||
|
||||
s = list_first_entry(&fctx->flip, struct nouveau_page_flip_state, head);
|
||||
if (s->event) {
|
||||
- /* Vblank timestamps/counts are only correct on >= NV-50 */
|
||||
- if (drm->device.info.family >= NV_DEVICE_INFO_V0_TESLA)
|
||||
- crtcid = s->crtc;
|
||||
+ if (drm->device.info.family < NV_DEVICE_INFO_V0_TESLA) {
|
||||
+ drm_arm_vblank_event(dev, s->crtc, s->event);
|
||||
+ } else {
|
||||
+ drm_send_vblank_event(dev, s->crtc, s->event);
|
||||
|
||||
- drm_send_vblank_event(dev, crtcid, s->event);
|
||||
+ /* Give up ownership of vblank for page-flipped crtc */
|
||||
+ drm_vblank_put(dev, s->crtc);
|
||||
+ }
|
||||
+ }
|
||||
+ else {
|
||||
+ /* Give up ownership of vblank for page-flipped crtc */
|
||||
+ drm_vblank_put(dev, s->crtc);
|
||||
}
|
||||
-
|
||||
- /* Give up ownership of vblank for page-flipped crtc */
|
||||
- drm_vblank_put(dev, s->crtc);
|
||||
|
||||
list_del(&s->head);
|
||||
if (ps)
|
||||
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
|
||||
index 8b5ce7c5d9bb..c98f01046bd0 100644
|
||||
--- a/include/drm/drmP.h
|
||||
+++ b/include/drm/drmP.h
|
||||
@@ -932,6 +932,10 @@ extern void drm_send_vblank_event(struct drm_device *dev, unsigned int pipe,
|
||||
struct drm_pending_vblank_event *e);
|
||||
extern void drm_crtc_send_vblank_event(struct drm_crtc *crtc,
|
||||
struct drm_pending_vblank_event *e);
|
||||
+extern void drm_arm_vblank_event(struct drm_device *dev, unsigned int pipe,
|
||||
+ struct drm_pending_vblank_event *e);
|
||||
+extern void drm_crtc_arm_vblank_event(struct drm_crtc *crtc,
|
||||
+ struct drm_pending_vblank_event *e);
|
||||
extern bool drm_handle_vblank(struct drm_device *dev, unsigned int pipe);
|
||||
extern bool drm_crtc_handle_vblank(struct drm_crtc *crtc);
|
||||
extern int drm_vblank_get(struct drm_device *dev, unsigned int pipe);
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From 65fbb05cbbf9ef7f531712634c3e914b54171707 Mon Sep 17 00:00:00 2001
|
||||
From: Alexandre Courbot <acourbot@nvidia.com>
|
||||
Date: Thu, 3 Sep 2015 17:39:52 +0900
|
||||
Subject: [PATCH] drm/nouveau/pmu: do not assume a PMU is present
|
||||
|
||||
Some devices may not have a PMU. Avoid a NULL pointer dereference in
|
||||
such cases by checking whether the pointer given to nvkm_pmu_pgob() is
|
||||
valid.
|
||||
|
||||
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
|
||||
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
||||
---
|
||||
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
|
||||
index 27a79c0c3888..d95eb8659d1b 100644
|
||||
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
|
||||
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
|
||||
@@ -28,7 +28,7 @@
|
||||
void
|
||||
nvkm_pmu_pgob(struct nvkm_pmu *pmu, bool enable)
|
||||
{
|
||||
- if (pmu->func->pgob)
|
||||
+ if (pmu && pmu->func->pgob)
|
||||
pmu->func->pgob(pmu, enable);
|
||||
}
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:33:03 -0400
|
||||
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
|
||||
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
for use with efi_enabled.
|
||||
|
@ -12,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index c2e4f52cad30..5def6b4143fa 100644
|
||||
index 1ac118146e90..f93826b8522c 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
if (boot_params.secure_boot) {
|
||||
|
@ -37,3 +38,6 @@ index 85ef051ac6fb..de3e45088d4a 100644
|
|||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
|
||||
Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
|
||||
|
||||
A user can manually tell the shim boot loader to disable validation of
|
||||
images it loads. When a user does this, it creates a UEFI variable called
|
||||
|
@ -14,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 1ef8ea7f8ed9..d82dc9c1c19e 100644
|
||||
index b4de3faa3f29..5cc2ef570390 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -830,8 +830,9 @@ out:
|
||||
|
@ -52,3 +53,6 @@ index 1ef8ea7f8ed9..d82dc9c1c19e 100644
|
|||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 0081083434db41c15b72eced975da0bd9b80566b Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:28:43 -0400
|
||||
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
Subject: [PATCH 12/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
|
||||
The functionality of the config option is dependent upon the platform being
|
||||
UEFI based. Reflect this in the config deps.
|
||||
|
@ -11,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 4da6644b1fd0..341a1457f7c7 100644
|
||||
index 14db458f4774..f6ff0a86d841 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1704,7 +1704,8 @@ config EFI_MIXED
|
||||
@@ -1735,7 +1735,8 @@ config EFI_MIXED
|
||||
If unsure, say N.
|
||||
|
||||
config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
|
@ -24,3 +25,6 @@ index 4da6644b1fd0..341a1457f7c7 100644
|
|||
prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
---help---
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -11,4 +11,4 @@
|
|||
|
||||
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
|
|
|
@ -11,4 +11,4 @@
|
|||
|
||||
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn media memstick message nfc ntb pcmcia platform ssb staging uio uwb"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
|
|
|
@ -11,4 +11,4 @@
|
|||
|
||||
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub hid-sensor-magn-3d hid-sensor-incl-3d hid-sensor-gyro-3d hid-sensor-iio-common hid-sensor-accel-3d hid-sensor-trigger hid-sensor-als hid-sensor-rotation target_core_user"
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub hid-sensor-magn-3d hid-sensor-incl-3d hid-sensor-gyro-3d hid-sensor-iio-common hid-sensor-accel-3d hid-sensor-trigger hid-sensor-als hid-sensor-rotation target_core_user"
|
||||
|
|
|
@ -32,7 +32,7 @@ netprots="appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee802154 irda l
|
|||
|
||||
drmdrvs="ast gma500 mgag200 via nouveau"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user"
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user"
|
||||
|
||||
# Grab the arch-specific filter list overrides
|
||||
source ./filter-$2.sh
|
||||
|
|
|
@ -11,4 +11,4 @@
|
|||
|
||||
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
|
|
|
@ -11,4 +11,4 @@
|
|||
|
||||
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
|
|
|
@ -11,4 +11,4 @@
|
|||
|
||||
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 20 Jun 2014 08:53:24 -0400
|
||||
Subject: [PATCH] hibernate: Disable in a signed modules environment
|
||||
Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
|
@ -33,3 +34,6 @@ index 690f78f210f2..037303a1cba9 100644
|
|||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,40 @@
|
|||
From 90da345613c5c0910b54b72019664e0b2ada19f9 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 12 Jan 2016 07:54:39 -0500
|
||||
Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
|
||||
|
||||
Like the Yoga 900 models the Lenovo Yoga 700 does not have a
|
||||
hw rfkill switch, and trying to read the hw rfkill switch through the
|
||||
ideapad module causes it to always reported blocking breaking wifi.
|
||||
|
||||
This commit adds the Lenovo Yoga 700 to the no_hw_rfkill dmi list, fixing
|
||||
the wifi breakage.
|
||||
|
||||
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1295272
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
|
||||
index d28db0e793df..51178626305d 100644
|
||||
--- a/drivers/platform/x86/ideapad-laptop.c
|
||||
+++ b/drivers/platform/x86/ideapad-laptop.c
|
||||
@@ -900,6 +900,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
|
||||
},
|
||||
},
|
||||
{
|
||||
+ .ident = "Lenogo Yoga 700",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 700"),
|
||||
+ },
|
||||
+ },
|
||||
+ {
|
||||
.ident = "Lenovo Yoga 900",
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
|
||||
From: Roland McGrath <roland@redhat.com>
|
||||
Date: Mon, 6 Oct 2008 23:03:03 -0700
|
||||
Subject: [PATCH] kbuild: AFTER_LINK
|
||||
|
@ -62,7 +63,7 @@ index effca9404b17..713891a92d23 100644
|
|||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
|
||||
index 8ad2b34ad151..e153572ab351 100644
|
||||
index ee8a18e50a25..63e33fa049f8 100644
|
||||
--- a/arch/s390/kernel/vdso32/Makefile
|
||||
+++ b/arch/s390/kernel/vdso32/Makefile
|
||||
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
|
||||
|
@ -76,7 +77,7 @@ index 8ad2b34ad151..e153572ab351 100644
|
|||
cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
|
||||
index 2a8ddfd12a5b..452ca53561fe 100644
|
||||
index c4b03f9ed228..550450fc2f95 100644
|
||||
--- a/arch/s390/kernel/vdso64/Makefile
|
||||
+++ b/arch/s390/kernel/vdso64/Makefile
|
||||
@@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
|
||||
|
@ -90,7 +91,7 @@ index 2a8ddfd12a5b..452ca53561fe 100644
|
|||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
|
||||
index e97032069f88..9ea82f444dea 100644
|
||||
index a3d0767a6b29..078c9be1db8f 100644
|
||||
--- a/arch/x86/entry/vdso/Makefile
|
||||
+++ b/arch/x86/entry/vdso/Makefile
|
||||
@@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
|
||||
|
@ -103,7 +104,7 @@ index e97032069f88..9ea82f444dea 100644
|
|||
+ $(if $(AFTER_LINK),; $(AFTER_LINK)) && \
|
||||
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
|
||||
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
|
||||
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
|
||||
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
|
||||
index 1a10d8ac8162..092d0c0cf72c 100755
|
||||
|
@ -120,3 +121,6 @@ index 1a10d8ac8162..092d0c0cf72c 100755
|
|||
}
|
||||
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
439
kernel.spec
439
kernel.spec
|
@ -46,13 +46,13 @@ Summary: The Linux kernel
|
|||
# base_sublevel is the kernel version we're starting with and patching
|
||||
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
|
||||
# which yields a base_sublevel of 0.
|
||||
%define base_sublevel 2
|
||||
%define base_sublevel 3
|
||||
|
||||
## If this is a released kernel ##
|
||||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 8
|
||||
%define stable_update 3
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -393,8 +393,12 @@ BuildRequires: rpm-build, elfutils
|
|||
%define debuginfo_args --strict-build-id -r
|
||||
%endif
|
||||
|
||||
%ifarch %{ix86} x86_64
|
||||
# MODULE_SIG is enabled in config-x86-generic and needs these:
|
||||
BuildRequires: openssl openssl-devel
|
||||
%endif
|
||||
|
||||
%if %{signmodules}
|
||||
BuildRequires: openssl
|
||||
BuildRequires: pesign >= 0.10-4
|
||||
%endif
|
||||
|
||||
|
@ -436,7 +440,7 @@ Source32: config-x86-32-generic
|
|||
|
||||
Source40: config-x86_64-generic
|
||||
|
||||
Source50: config-powerpc-generic
|
||||
Source50: config-powerpc64-generic
|
||||
Source53: config-powerpc64
|
||||
Source54: config-powerpc64p7
|
||||
Source55: config-powerpc64le
|
||||
|
@ -496,134 +500,107 @@ Patch05: kbuild-AFTER_LINK.patch
|
|||
|
||||
# Standalone patches
|
||||
|
||||
Patch450: input-kill-stupid-messages.patch
|
||||
Patch452: no-pcspkr-modalias.patch
|
||||
Patch451: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
|
||||
Patch458: regulator-axp20x-module-alias.patch
|
||||
Patch470: die-floppy-die.patch
|
||||
Patch452: amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
|
||||
|
||||
Patch510: input-silence-i8042-noise.patch
|
||||
Patch530: silence-fbcon-logo.patch
|
||||
Patch453: amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
|
||||
|
||||
Patch600: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
Patch454: arm64-avoid-needing-console-to-enable-serial-console.patch
|
||||
|
||||
#rhbz 1126580
|
||||
Patch601: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
|
||||
Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
|
||||
|
||||
Patch800: crash-driver.patch
|
||||
Patch456: arm64-acpi-drop-expert-patch.patch
|
||||
|
||||
# crypto/
|
||||
Patch457: ARM-tegra-usb-no-reset.patch
|
||||
|
||||
# secure boot
|
||||
Patch1000: Add-secure_modules-call.patch
|
||||
Patch1001: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
|
||||
Patch1002: x86-Lock-down-IO-port-access-when-module-security-is.patch
|
||||
Patch1003: ACPI-Limit-access-to-custom_method.patch
|
||||
Patch1004: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
|
||||
Patch1005: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
|
||||
Patch1006: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
|
||||
Patch1007: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
|
||||
Patch1008: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
|
||||
Patch1009: Add-option-to-automatically-enforce-module-signature.patch
|
||||
Patch1010: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
|
||||
Patch1011: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
|
||||
Patch1012: efi-Add-EFI_SECURE_BOOT-bit.patch
|
||||
Patch1013: hibernate-Disable-in-a-signed-modules-environment.patch
|
||||
Patch458: ARM-dts-Add-am335x-bonegreen.patch
|
||||
|
||||
Patch1014: Add-EFI-signature-data-types.patch
|
||||
Patch1015: Add-an-EFI-signature-blob-parser-and-key-loader.patch
|
||||
Patch1016: KEYS-Add-a-system-blacklist-keyring.patch
|
||||
Patch1017: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
|
||||
Patch1018: MODSIGN-Support-not-importing-certs-from-db.patch
|
||||
Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
|
||||
|
||||
Patch1019: Add-sysrq-option-to-disable-secure-boot-mode.patch
|
||||
Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
|
||||
|
||||
# virt + ksm patches
|
||||
Patch463: arm-i.MX6-Utilite-device-dtb.patch
|
||||
|
||||
# DRM
|
||||
Patch466: input-kill-stupid-messages.patch
|
||||
|
||||
# nouveau + drm fixes
|
||||
# intel drm is all merged upstream
|
||||
Patch1826: drm-i915-hush-check-crtc-state.patch
|
||||
Patch467: die-floppy-die.patch
|
||||
|
||||
# Quiet boot fixes
|
||||
Patch468: no-pcspkr-modalias.patch
|
||||
|
||||
# fs fixes
|
||||
Patch470: silence-fbcon-logo.patch
|
||||
|
||||
# NFSv4
|
||||
Patch471: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
|
||||
|
||||
# patches headed upstream
|
||||
Patch12016: disable-i8042-check-on-apple-mac.patch
|
||||
Patch472: crash-driver.patch
|
||||
|
||||
Patch14010: lis3-improve-handling-of-null-rate.patch
|
||||
Patch473: Add-secure_modules-call.patch
|
||||
|
||||
Patch15000: watchdog-Disable-watchdog-on-virtual-machines.patch
|
||||
Patch474: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
|
||||
|
||||
# PPC
|
||||
Patch475: x86-Lock-down-IO-port-access-when-module-security-is.patch
|
||||
|
||||
# ARM64
|
||||
Patch16000: amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
|
||||
Patch16001: amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
|
||||
Patch16002: arm64-avoid-needing-console-to-enable-serial-console.patch
|
||||
Patch16003: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
|
||||
Patch16004: showmem-cma-correct-reserved-memory-calculation.patch
|
||||
Patch476: ACPI-Limit-access-to-custom_method.patch
|
||||
|
||||
# ARMv7
|
||||
Patch16020: ARM-tegra-usb-no-reset.patch
|
||||
Patch16021: arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
|
||||
Patch16022: arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
|
||||
Patch16025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
|
||||
Patch16026: pinctrl-pinctrl-single-must-be-initialized-early.patch
|
||||
Patch477: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
|
||||
|
||||
Patch16028: arm-i.MX6-Utilite-device-dtb.patch
|
||||
Patch478: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
|
||||
|
||||
#rhbz 754518
|
||||
Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
Patch479: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
Patch21242: criu-no-expert.patch
|
||||
Patch480: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
|
||||
|
||||
#rhbz 892811
|
||||
Patch21247: ath9k-rx-dma-stop-check.patch
|
||||
Patch481: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
|
||||
|
||||
#CVE-2015-2150 rhbz 1196266 1200397
|
||||
Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
Patch482: Add-option-to-automatically-enforce-module-signature.patch
|
||||
|
||||
#rhbz 1212230
|
||||
Patch26176: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
|
||||
Patch483: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
|
||||
|
||||
#rhbz 1133378
|
||||
Patch26219: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
|
||||
Patch484: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
|
||||
|
||||
#rhbz 1226743
|
||||
Patch26221: drm-i915-turn-off-wc-mmaps.patch
|
||||
Patch485: efi-Add-EFI_SECURE_BOOT-bit.patch
|
||||
|
||||
Patch486: hibernate-Disable-in-a-signed-modules-environment.patch
|
||||
|
||||
#rhbz 1244511
|
||||
Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
|
||||
Patch487: Add-EFI-signature-data-types.patch
|
||||
|
||||
Patch488: Add-an-EFI-signature-blob-parser-and-key-loader.patch
|
||||
|
||||
Patch489: KEYS-Add-a-system-blacklist-keyring.patch
|
||||
|
||||
Patch490: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
|
||||
|
||||
Patch491: MODSIGN-Support-not-importing-certs-from-db.patch
|
||||
|
||||
Patch492: Add-sysrq-option-to-disable-secure-boot-mode.patch
|
||||
|
||||
Patch493: drm-i915-hush-check-crtc-state.patch
|
||||
|
||||
Patch494: disable-i8042-check-on-apple-mac.patch
|
||||
|
||||
Patch495: lis3-improve-handling-of-null-rate.patch
|
||||
|
||||
Patch496: watchdog-Disable-watchdog-on-virtual-machines.patch
|
||||
|
||||
Patch497: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
|
||||
Patch498: criu-no-expert.patch
|
||||
|
||||
Patch499: ath9k-rx-dma-stop-check.patch
|
||||
|
||||
Patch500: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
|
||||
Patch501: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
|
||||
|
||||
Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
|
||||
|
||||
Patch503: drm-i915-turn-off-wc-mmaps.patch
|
||||
|
||||
Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
|
||||
|
||||
#rhbz 1239050
|
||||
Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
|
||||
|
||||
#rhbz 1253789
|
||||
Patch511: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
|
||||
|
||||
#rhbz 1257534
|
||||
Patch515: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
|
||||
|
||||
#rhbz 1257500
|
||||
Patch517: vmwgfx-Rework-device-initialization.patch
|
||||
Patch518: drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
|
||||
|
||||
#rhbz 1272172
|
||||
Patch540: 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
|
||||
Patch541: 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
|
||||
|
||||
#CVE-2015-7799 rhbz 1271134 1271135
|
||||
Patch543: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
Patch544: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
|
||||
Patch512: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
Patch513: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
|
||||
|
||||
#CVE-2015-8104 rhbz 1278496 1279691
|
||||
Patch551: KVM-svm-unconditionally-intercept-DB.patch
|
||||
|
@ -639,11 +616,6 @@ Patch556: netfilter-ipset-Fix-extension-alignment.patch
|
|||
Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
|
||||
Patch558: netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
|
||||
|
||||
#rhbz 1278688
|
||||
Patch560: 0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
|
||||
Patch561: 0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
|
||||
Patch562: 0003-KVM-x86-fix-previous-commit-for-32-bit.patch
|
||||
|
||||
#rhbz 1284059
|
||||
Patch566: KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
|
||||
|
||||
|
@ -659,35 +631,66 @@ Patch570: HID-multitouch-enable-palm-rejection-if-device-imple.patch
|
|||
#rhbz 1286293
|
||||
Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
|
||||
|
||||
#rhbz 1288687
|
||||
Patch572: alua_fix.patch
|
||||
|
||||
#CVE-XXXX-XXXX rhbz 1291329 1291332
|
||||
Patch574: ovl-fix-permission-checking-for-setattr.patch
|
||||
|
||||
#CVE-2015-7550 rhbz 1291197 1291198
|
||||
Patch575: KEYS-Fix-race-between-read-and-revoke.patch
|
||||
|
||||
#CVE-2015-8543 rhbz 1290475 1290477
|
||||
Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
|
||||
|
||||
#CVE-2015-8569 rhbz 1292045 1292047
|
||||
Patch577: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||
|
||||
#CVE-2015-8575 rhbz 1292840 1292841
|
||||
Patch578: bluetooth-Validate-socket-address-length-in-sco_sock.patch
|
||||
Patch601: vrf-fix-memory-leak-on-registration.patch
|
||||
|
||||
#CVE-2015-8709 rhbz 1295287 1295288
|
||||
Patch603: ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
|
||||
|
||||
#atch604: drm-i915-shut-up-gen8-SDE-irq-dmesg-noise-again.patch
|
||||
|
||||
#CVE-2015-7513 rhbz 1284847 1296142
|
||||
Patch605: KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch
|
||||
|
||||
#rhbz 1296677
|
||||
Patch606: HID-multitouch-Fetch-feature-reports-on-demand-for-W.patch
|
||||
|
||||
#rhbz 1281368
|
||||
Patch607: drm-nouveau-Fix-pre-nv50-pageflip-events-v4.patch
|
||||
|
||||
#rhbz 1296820
|
||||
Patch608: drm-nouveau-pmu-do-not-assume-a-PMU-is-present.patch
|
||||
|
||||
#rhbz 1083853
|
||||
Patch610: PNP-Add-Broadwell-to-Intel-MCH-size-workaround.patch
|
||||
|
||||
#CVE-2015-7566 rhbz 1296466 1297517
|
||||
Patch623: usb-serial-visor-fix-crash-on-detecting-device-witho.patch
|
||||
|
||||
#CVE-2015-8767 rhbz 1297389 1298437
|
||||
Patch624: sctp-Prevent-soft-lockup-when-sctp_accept-is-called-.patch
|
||||
#rhbz 1298309
|
||||
#atch624: drm-i915-Do-a-better-job-at-disabling-primary-plane-.patch
|
||||
|
||||
#rhbz 1298996
|
||||
Patch625: block-ensure-to-split-after-potentially-bouncing-a-b.patch
|
||||
|
||||
#rhbz 1298192
|
||||
Patch626: selinux-fix-bug-in-conditional-rules-handling.patch
|
||||
|
||||
#rhbz 1295272
|
||||
Patch627: ideapad-laptop-Add-Lenovo-Yoga-700-to-no_hw_rfkill-d.patch
|
||||
|
||||
Patch628: i915-stable-backports.patch
|
||||
Patch635: nouveau-stable-backports.patch
|
||||
|
||||
#rhbz 1299810
|
||||
Patch629: SCSI-refactor-device-matching-code-in-scsi_devinfo.c.patch
|
||||
Patch630: SCSI-fix-bug-in-scsi_dev_info_list-matching.patch
|
||||
|
||||
Patch631: btrfs-handle-invalid-num_stripes-in-sys_array.patch
|
||||
Patch632: Btrfs-fix-fitrim-discarding-device-area-reserved-for.patch
|
||||
|
||||
Patch633: net_43.mbox
|
||||
|
||||
#CVE-2016-0728 rhbz 1296623 1297475
|
||||
Patch634: KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
|
@ -1253,183 +1256,104 @@ ApplyPatch kbuild-AFTER_LINK.patch
|
|||
|
||||
%if !%{nopatches}
|
||||
|
||||
# Architecture patches
|
||||
# x86(-64)
|
||||
ApplyPatch lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
|
||||
# PPC
|
||||
|
||||
# ARM64
|
||||
ApplyPatch amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
|
||||
|
||||
ApplyPatch amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
|
||||
|
||||
ApplyPatch arm64-avoid-needing-console-to-enable-serial-console.patch
|
||||
|
||||
ApplyPatch usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
|
||||
|
||||
ApplyPatch showmem-cma-correct-reserved-memory-calculation.patch
|
||||
ApplyPatch arm64-acpi-drop-expert-patch.patch
|
||||
|
||||
#
|
||||
# ARM
|
||||
#
|
||||
ApplyPatch ARM-tegra-usb-no-reset.patch
|
||||
|
||||
ApplyPatch arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
|
||||
ApplyPatch arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
|
||||
ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
|
||||
ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
|
||||
ApplyPatch ARM-dts-Add-am335x-bonegreen.patch
|
||||
|
||||
ApplyPatch 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
|
||||
|
||||
ApplyPatch mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
|
||||
|
||||
ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
|
||||
|
||||
#
|
||||
# bugfixes to drivers and filesystems
|
||||
#
|
||||
|
||||
# ext4
|
||||
|
||||
# xfs
|
||||
|
||||
# btrfs
|
||||
|
||||
# eCryptfs
|
||||
|
||||
# NFSv4
|
||||
|
||||
# USB
|
||||
|
||||
# WMI
|
||||
|
||||
# ACPI
|
||||
|
||||
#
|
||||
# PCI
|
||||
#
|
||||
|
||||
#
|
||||
# SCSI Bits.
|
||||
#
|
||||
|
||||
# ACPI
|
||||
|
||||
# ALSA
|
||||
|
||||
# Networking
|
||||
|
||||
# Misc fixes
|
||||
# The input layer spews crap no-one cares about.
|
||||
ApplyPatch input-kill-stupid-messages.patch
|
||||
|
||||
# stop floppy.ko from autoloading during udev...
|
||||
ApplyPatch die-floppy-die.patch
|
||||
|
||||
ApplyPatch no-pcspkr-modalias.patch
|
||||
|
||||
# Silence some useless messages that still get printed with 'quiet'
|
||||
ApplyPatch input-silence-i8042-noise.patch
|
||||
|
||||
# Make fbcon not show the penguins with 'quiet'
|
||||
ApplyPatch silence-fbcon-logo.patch
|
||||
|
||||
# Changes to upstream defaults.
|
||||
#rhbz 1126580
|
||||
ApplyPatch Kbuild-Add-an-option-to-enable-GCC-VTA.patch
|
||||
|
||||
# /dev/crash driver.
|
||||
ApplyPatch crash-driver.patch
|
||||
|
||||
# crypto/
|
||||
|
||||
# secure boot
|
||||
ApplyPatch Add-secure_modules-call.patch
|
||||
|
||||
ApplyPatch PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
|
||||
|
||||
ApplyPatch x86-Lock-down-IO-port-access-when-module-security-is.patch
|
||||
|
||||
ApplyPatch ACPI-Limit-access-to-custom_method.patch
|
||||
|
||||
ApplyPatch asus-wmi-Restrict-debugfs-interface-when-module-load.patch
|
||||
|
||||
ApplyPatch Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
|
||||
|
||||
ApplyPatch acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
|
||||
|
||||
ApplyPatch kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
|
||||
|
||||
ApplyPatch x86-Restrict-MSR-access-when-module-loading-is-restr.patch
|
||||
|
||||
ApplyPatch Add-option-to-automatically-enforce-module-signature.patch
|
||||
|
||||
ApplyPatch efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
|
||||
|
||||
ApplyPatch efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
|
||||
|
||||
ApplyPatch efi-Add-EFI_SECURE_BOOT-bit.patch
|
||||
|
||||
ApplyPatch hibernate-Disable-in-a-signed-modules-environment.patch
|
||||
|
||||
ApplyPatch Add-EFI-signature-data-types.patch
|
||||
|
||||
ApplyPatch Add-an-EFI-signature-blob-parser-and-key-loader.patch
|
||||
|
||||
ApplyPatch KEYS-Add-a-system-blacklist-keyring.patch
|
||||
|
||||
ApplyPatch MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
|
||||
|
||||
ApplyPatch MODSIGN-Support-not-importing-certs-from-db.patch
|
||||
|
||||
ApplyPatch Add-sysrq-option-to-disable-secure-boot-mode.patch
|
||||
|
||||
# Assorted Virt Fixes
|
||||
|
||||
# DRM core
|
||||
|
||||
# Nouveau DRM
|
||||
|
||||
# Intel DRM
|
||||
ApplyPatch drm-i915-hush-check-crtc-state.patch
|
||||
|
||||
# Radeon DRM
|
||||
|
||||
# Patches headed upstream
|
||||
ApplyPatch disable-i8042-check-on-apple-mac.patch
|
||||
|
||||
ApplyPatch lis3-improve-handling-of-null-rate.patch
|
||||
|
||||
# Disable watchdog on virtual machines.
|
||||
ApplyPatch watchdog-Disable-watchdog-on-virtual-machines.patch
|
||||
|
||||
#rhbz 754518
|
||||
ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
ApplyPatch criu-no-expert.patch
|
||||
|
||||
#rhbz 892811
|
||||
ApplyPatch ath9k-rx-dma-stop-check.patch
|
||||
|
||||
#CVE-2015-2150 rhbz 1196266 1200397
|
||||
ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
|
||||
#rhbz 1212230
|
||||
ApplyPatch Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
|
||||
|
||||
#rhbz 1133378
|
||||
ApplyPatch firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
|
||||
|
||||
#rhbz 1226743
|
||||
ApplyPatch drm-i915-turn-off-wc-mmaps.patch
|
||||
|
||||
#rhbz 1212230
|
||||
# pplyPatch Input-Revert-Revert-synaptics-use-dmax-in-input_mt_a.patch
|
||||
# pplyPatch Input-synaptics-allocate-3-slots-to-keep-stability-i.patch
|
||||
# pplyPatch Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
|
||||
|
||||
#rhbz 1244511
|
||||
ApplyPatch HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
|
||||
|
||||
ApplyPatch kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
|
||||
|
||||
#rhbz 1239050
|
||||
ApplyPatch ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
|
||||
|
||||
#rhbz 1253789
|
||||
ApplyPatch iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
|
||||
|
||||
#rhbz 1257534
|
||||
ApplyPatch nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
|
||||
|
||||
#rhbz 1257500
|
||||
ApplyPatch vmwgfx-Rework-device-initialization.patch
|
||||
ApplyPatch drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
|
||||
|
||||
ApplyPatch regulator-axp20x-module-alias.patch
|
||||
|
||||
#rhbz 1272172
|
||||
ApplyPatch 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
|
||||
ApplyPatch 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
|
||||
|
||||
#CVE-2015-7799 rhbz 1271134 1271135
|
||||
ApplyPatch isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
ApplyPatch ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
|
||||
|
@ -1448,11 +1372,6 @@ ApplyPatch netfilter-ipset-Fix-extension-alignment.patch
|
|||
ApplyPatch netfilter-ipset-Fix-hash-type-expiration.patch
|
||||
ApplyPatch netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
|
||||
|
||||
#rhbz 1278688
|
||||
ApplyPatch 0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
|
||||
ApplyPatch 0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
|
||||
ApplyPatch 0003-KVM-x86-fix-previous-commit-for-32-bit.patch
|
||||
|
||||
#rhbz 1284059
|
||||
ApplyPatch KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
|
||||
|
||||
|
@ -1468,35 +1387,66 @@ ApplyPatch HID-multitouch-enable-palm-rejection-if-device-imple.patch
|
|||
#rhbz 1286293
|
||||
ApplyPatch ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
|
||||
|
||||
#rhbz 1288687
|
||||
ApplyPatch alua_fix.patch
|
||||
|
||||
#CVE-XXXX-XXXX rhbz 1291329 1291332
|
||||
ApplyPatch ovl-fix-permission-checking-for-setattr.patch
|
||||
|
||||
#CVE-2015-7550 rhbz 1291197 1291198
|
||||
ApplyPatch KEYS-Fix-race-between-read-and-revoke.patch
|
||||
|
||||
#CVE-2015-8543 rhbz 1290475 1290477
|
||||
ApplyPatch net-add-validation-for-the-socket-syscall-protocol-a.patch
|
||||
|
||||
#CVE-2015-8569 rhbz 1292045 1292047
|
||||
ApplyPatch pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||
|
||||
#CVE-2015-8575 rhbz 1292840 1292841
|
||||
ApplyPatch bluetooth-Validate-socket-address-length-in-sco_sock.patch
|
||||
ApplyPatch vrf-fix-memory-leak-on-registration.patch
|
||||
|
||||
#CVE-2015-8709 rhbz 1295287 1295288
|
||||
ApplyPatch ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
|
||||
|
||||
#atch604: drm-i915-shut-up-gen8-SDE-irq-dmesg-noise-again.patch
|
||||
|
||||
#CVE-2015-7513 rhbz 1284847 1296142
|
||||
ApplyPatch KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch
|
||||
|
||||
#rhbz 1296677
|
||||
ApplyPatch HID-multitouch-Fetch-feature-reports-on-demand-for-W.patch
|
||||
|
||||
#rhbz 1281368
|
||||
ApplyPatch drm-nouveau-Fix-pre-nv50-pageflip-events-v4.patch
|
||||
|
||||
#rhbz 1296820
|
||||
ApplyPatch drm-nouveau-pmu-do-not-assume-a-PMU-is-present.patch
|
||||
|
||||
#rhbz 1083853
|
||||
ApplyPatch PNP-Add-Broadwell-to-Intel-MCH-size-workaround.patch
|
||||
|
||||
#CVE-2015-7566 rhbz 1296466 1297517
|
||||
ApplyPatch usb-serial-visor-fix-crash-on-detecting-device-witho.patch
|
||||
|
||||
#CVE-2015-8767 rhbz 1297389 1298437
|
||||
ApplyPatch sctp-Prevent-soft-lockup-when-sctp_accept-is-called-.patch
|
||||
#rhbz 1298309
|
||||
#atch624: drm-i915-Do-a-better-job-at-disabling-primary-plane-.patch
|
||||
|
||||
#rhbz 1298996
|
||||
ApplyPatch block-ensure-to-split-after-potentially-bouncing-a-b.patch
|
||||
|
||||
#rhbz 1298192
|
||||
ApplyPatch selinux-fix-bug-in-conditional-rules-handling.patch
|
||||
|
||||
#rhbz 1295272
|
||||
ApplyPatch ideapad-laptop-Add-Lenovo-Yoga-700-to-no_hw_rfkill-d.patch
|
||||
|
||||
ApplyPatch i915-stable-backports.patch
|
||||
ApplyPatch nouveau-stable-backports.patch
|
||||
|
||||
#rhbz 1299810
|
||||
ApplyPatch SCSI-refactor-device-matching-code-in-scsi_devinfo.c.patch
|
||||
ApplyPatch SCSI-fix-bug-in-scsi_dev_info_list-matching.patch
|
||||
|
||||
ApplyPatch btrfs-handle-invalid-num_stripes-in-sys_array.patch
|
||||
ApplyPatch Btrfs-fix-fitrim-discarding-device-area-reserved-for.patch
|
||||
|
||||
ApplyPatch net_43.mbox
|
||||
|
||||
#CVE-2016-0728 rhbz 1296623 1297475
|
||||
ApplyPatch KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
|
@ -1617,11 +1567,9 @@ BuildKernel() {
|
|||
cp configs/$Config .config
|
||||
|
||||
%if %{signmodules}
|
||||
cp %{SOURCE11} .
|
||||
cp %{SOURCE11} certs/.
|
||||
%endif
|
||||
|
||||
chmod +x scripts/sign-file
|
||||
|
||||
Arch=`head -1 .config | cut -b 3-`
|
||||
echo USING ARCH=$Arch
|
||||
|
||||
|
@ -1857,8 +1805,8 @@ BuildKernel() {
|
|||
|
||||
%if %{signmodules}
|
||||
# Save the signing keys so we can sign the modules in __modsign_install_post
|
||||
cp signing_key.priv signing_key.priv.sign${Flav}
|
||||
cp signing_key.x509 signing_key.x509.sign${Flav}
|
||||
cp certs/signing_key.pem certs/signing_key.pem.sign${Flav}
|
||||
cp certs/signing_key.x509 certs/signing_key.x509.sign${Flav}
|
||||
%endif
|
||||
|
||||
# Move the devel headers out of the root file system
|
||||
|
@ -1953,16 +1901,16 @@ popd
|
|||
%define __modsign_install_post \
|
||||
if [ "%{signmodules}" -eq "1" ]; then \
|
||||
if [ "%{with_pae}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+%{pae} signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+%{pae} certs/signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
|
||||
fi \
|
||||
if [ "%{with_debug}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+debug signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+debug certs/signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
|
||||
fi \
|
||||
if [ "%{with_pae_debug}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+%{pae}debug signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+%{pae}debug certs/signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
|
||||
fi \
|
||||
if [ "%{with_up}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||
fi \
|
||||
fi \
|
||||
if [ "%{zipmodules}" -eq "1" ]; then \
|
||||
|
@ -2223,6 +2171,7 @@ fi
|
|||
%dir %{_libdir}/traceevent/plugins
|
||||
%{_libdir}/traceevent/plugins/*
|
||||
%dir %{_libexecdir}/perf-core
|
||||
%{_datadir}/perf-core/*
|
||||
%{_libexecdir}/perf-core/*
|
||||
%{_mandir}/man[1-8]/perf*
|
||||
%{_sysconfdir}/bash_completion.d/perf
|
||||
|
@ -2348,6 +2297,14 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Jan 19 2016 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.3-200
|
||||
- Rebase to 4.3.y
|
||||
- Backport nouveau stable fixes (rhbz 1299349)
|
||||
- CVE-2016-0728 Keys: reference leak in join_session_keyring (rhbz 1296623 1297475)
|
||||
- Add currently queued networking stable patches
|
||||
- Add a couple btrfs patches cc'd to stable upstream
|
||||
- Add SCSI patches to avoid blacklist false positives (rhbz 1299810)
|
||||
|
||||
* Fri Jan 15 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8767 sctp: DoS during timeout (rhbz 1297389 1298437)
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
|
||||
|
@ -13,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index a785c1015e25..81d6b404f33c 100644
|
||||
index 4c5edc357923..db431971dbd4 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/mm.h>
|
||||
#include <linux/file.h>
|
||||
#include <linux/kexec.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
#include <linux/mutex.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/syscalls.h>
|
||||
@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
|
@ -38,3 +39,6 @@ index a785c1015e25..81d6b404f33c 100644
|
|||
* Verify we have a legal set of flags
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
From 567a18f57213647e2c31bbdc7f6b8f9991d22fad Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Fri, 13 Nov 2015 19:03:29 +0000
|
||||
Subject: [PATCH] mfd: wm8994: Ensure that the whole MFD is built into a single
|
||||
module
|
||||
|
||||
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
|
||||
---
|
||||
drivers/mfd/Makefile | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/mfd/Makefile b/drivers/mfd/Makefile
|
||||
index a59e3fc..4a767ef 100644
|
||||
--- a/drivers/mfd/Makefile
|
||||
+++ b/drivers/mfd/Makefile
|
||||
@@ -61,7 +61,8 @@ wm8350-objs := wm8350-core.o wm8350-regmap.o wm8350-gpio.o
|
||||
wm8350-objs += wm8350-irq.o
|
||||
obj-$(CONFIG_MFD_WM8350) += wm8350.o
|
||||
obj-$(CONFIG_MFD_WM8350_I2C) += wm8350-i2c.o
|
||||
-obj-$(CONFIG_MFD_WM8994) += wm8994-core.o wm8994-irq.o wm8994-regmap.o
|
||||
+wm8994-objs := wm8994-core.o wm8994-irq.o wm8994-regmap.o
|
||||
+obj-$(CONFIG_MFD_WM8994) += wm8994.o
|
||||
|
||||
obj-$(CONFIG_TPS6105X) += tps6105x.o
|
||||
obj-$(CONFIG_TPS65010) += tps65010.o
|
||||
--
|
||||
2.5.0
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,105 @@
|
|||
From fe9c94340928d8ec3ea1ae74f99c3c9b18684129 Mon Sep 17 00:00:00 2001
|
||||
From: Martin Peres <martin.peres@free.fr>
|
||||
Date: Sun, 29 Nov 2015 16:10:18 +0200
|
||||
Subject: [PATCH 1/3] drm/nouveau/bios/fan: hardcode the fan mode to linear
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This is an oversight that made use of the trip-point-based fan managenent on
|
||||
cards that never expose those. This led the fan to stay at fan_min.
|
||||
|
||||
Fortunately, the emergency code would kick when the temperature would reach
|
||||
90°C.
|
||||
|
||||
Reported-by: Tom Englund <tomenglund26@gmail.com>
|
||||
Tested-by: Tom Englund <tomenglund26@gmail.com>
|
||||
Signed-off-by: Martin Peres <martin.peres@free.fr>
|
||||
Tested-by: Daemon32 <lnf.purple@gmail.com>
|
||||
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92126
|
||||
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
|
||||
index 43006db6fd58..80fed7e78dcb 100644
|
||||
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
|
||||
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
|
||||
@@ -83,6 +83,7 @@ nvbios_fan_parse(struct nvkm_bios *bios, struct nvbios_therm_fan *fan)
|
||||
fan->type = NVBIOS_THERM_FAN_UNK;
|
||||
}
|
||||
|
||||
+ fan->fan_mode = NVBIOS_THERM_FAN_LINEAR;
|
||||
fan->min_duty = nvbios_rd08(bios, data + 0x02);
|
||||
fan->max_duty = nvbios_rd08(bios, data + 0x03);
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
||||
|
||||
From acdc10375119fc5dd76d7051a5ae4a41f61c45aa Mon Sep 17 00:00:00 2001
|
||||
From: Ben Skeggs <bskeggs@redhat.com>
|
||||
Date: Mon, 4 Jan 2016 09:01:13 +1000
|
||||
Subject: [PATCH 2/3] drm/nouveau/gr/nv40: fix oops in interrupt handler
|
||||
|
||||
fdo#93557
|
||||
|
||||
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c
|
||||
index ffa902ece872..05a895496fc6 100644
|
||||
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c
|
||||
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c
|
||||
@@ -156,6 +156,7 @@ nv40_gr_chan_new(struct nvkm_gr *base, struct nvkm_fifo_chan *fifoch,
|
||||
return -ENOMEM;
|
||||
nvkm_object_ctor(&nv40_gr_chan, oclass, &chan->object);
|
||||
chan->gr = gr;
|
||||
+ chan->fifo = fifoch;
|
||||
*pobject = &chan->object;
|
||||
|
||||
spin_lock_irqsave(&chan->gr->base.engine.lock, flags);
|
||||
--
|
||||
2.5.0
|
||||
|
||||
|
||||
From c5d07dcb6d6260a51a2309d5f62c3391637afa86 Mon Sep 17 00:00:00 2001
|
||||
From: Ben Skeggs <bskeggs@redhat.com>
|
||||
Date: Fri, 8 Jan 2016 08:56:51 +1000
|
||||
Subject: [PATCH 3/3] drm/nouveau/kms: take mode_config mutex in connector
|
||||
hotplug path
|
||||
|
||||
fdo#93634
|
||||
|
||||
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
drivers/gpu/drm/nouveau/nouveau_connector.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
|
||||
index 2e7cbe933533..2a5ed7460354 100644
|
||||
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
|
||||
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
|
||||
@@ -969,10 +969,13 @@ nouveau_connector_hotplug(struct nvif_notify *notify)
|
||||
|
||||
NV_DEBUG(drm, "%splugged %s\n", plugged ? "" : "un", name);
|
||||
|
||||
+ mutex_lock(&drm->dev->mode_config.mutex);
|
||||
if (plugged)
|
||||
drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON);
|
||||
else
|
||||
drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF);
|
||||
+ mutex_unlock(&drm->dev->mode_config.mutex);
|
||||
+
|
||||
drm_helper_hpd_irq_event(connector->dev);
|
||||
}
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
From f3bef67992e8698897b584616535803887c4a73e Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Smalley <sds@tycho.nsa.gov>
|
||||
Date: Mon, 23 Nov 2015 16:07:41 -0500
|
||||
Subject: [PATCH] selinux: fix bug in conditional rules handling
|
||||
|
||||
commit fa1aa143ac4a ("selinux: extended permissions for ioctls")
|
||||
introduced a bug into the handling of conditional rules, skipping the
|
||||
processing entirely when the caller does not provide an extended
|
||||
permissions (xperms) structure. Access checks from userspace using
|
||||
/sys/fs/selinux/access do not include such a structure since that
|
||||
interface does not presently expose extended permission information.
|
||||
As a result, conditional rules were being ignored entirely on userspace
|
||||
access requests, producing denials when access was allowed by
|
||||
conditional rules in the policy. Fix the bug by only skipping
|
||||
computation of extended permissions in this situation, not the entire
|
||||
conditional rules processing.
|
||||
|
||||
Reported-by: Laurent Bigonville <bigon@debian.org>
|
||||
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
||||
[PM: fixed long lines in patch description]
|
||||
Cc: stable@vger.kernel.org # 4.3
|
||||
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
||||
---
|
||||
security/selinux/ss/conditional.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
|
||||
index 18643bf9894d..456e1a9bcfde 100644
|
||||
--- a/security/selinux/ss/conditional.c
|
||||
+++ b/security/selinux/ss/conditional.c
|
||||
@@ -638,7 +638,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
|
||||
{
|
||||
struct avtab_node *node;
|
||||
|
||||
- if (!ctab || !key || !avd || !xperms)
|
||||
+ if (!ctab || !key || !avd)
|
||||
return;
|
||||
|
||||
for (node = avtab_search_node(ctab, key); node;
|
||||
@@ -657,7 +657,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
|
||||
if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
|
||||
(node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
|
||||
avd->auditallow |= node->datum.u.data;
|
||||
- if ((node->key.specified & AVTAB_ENABLED) &&
|
||||
+ if (xperms && (node->key.specified & AVTAB_ENABLED) &&
|
||||
(node->key.specified & AVTAB_XPERMS))
|
||||
services_compute_xperms_drivers(xperms, node);
|
||||
}
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
From 3a83eda52f34b97168b70098ef0e34dbcaeaaf8f Mon Sep 17 00:00:00 2001
|
||||
From: Vishnu Pratap Singh <vishnu.ps@samsung.com>
|
||||
Date: Tue, 25 Aug 2015 00:04:44 +0000
|
||||
Subject: lib/show_mem.c: correct reserved memory calculation
|
||||
|
||||
CMA reserved memory is not part of total reserved memory.
|
||||
Currently when we print the total reserve memory it considers
|
||||
cma as part of reserve memory and do minus of totalcma_pages
|
||||
from reserved, which is wrong. In cases where total reserved
|
||||
is less than cma reserved we will get negative values & while
|
||||
printing we print as unsigned and we will get a very large value.
|
||||
|
||||
Below is the show mem output on X86 ubuntu based system where
|
||||
CMA reserved is 100MB (25600 pages) & total reserved is ~40MB(10316 pages).
|
||||
And reserve memory shows a large value because of this bug.
|
||||
|
||||
Before:
|
||||
[ 127.066430] 898908 pages RAM
|
||||
[ 127.066432] 671682 pages HighMem/MovableOnly
|
||||
[ 127.066434] 4294952012 pages reserved
|
||||
[ 127.066436] 25600 pages cma reserved
|
||||
|
||||
After:
|
||||
[ 44.663129] 898908 pages RAM
|
||||
[ 44.663130] 671682 pages HighMem/MovableOnly
|
||||
[ 44.663130] 10316 pages reserved
|
||||
[ 44.663131] 25600 pages cma reserved
|
||||
|
||||
Signed-off-by: Vishnu Pratap Singh <vishnu.ps@samsung.com>
|
||||
Cc: Michal Nazarewicz <mina86@mina86.com>
|
||||
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
|
||||
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
|
||||
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
|
||||
Cc: Sasha Levin <sasha.levin@oracle.com>
|
||||
Cc: Danesh Petigara <dpetigara@broadcom.com>
|
||||
Cc: Laura Abbott <lauraa@codeaurora.org>
|
||||
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
||||
---
|
||||
lib/show_mem.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/show_mem.c b/lib/show_mem.c
|
||||
index adc98e18..1feed6a 100644
|
||||
--- a/lib/show_mem.c
|
||||
+++ b/lib/show_mem.c
|
||||
@@ -38,11 +38,9 @@ void show_mem(unsigned int filter)
|
||||
|
||||
printk("%lu pages RAM\n", total);
|
||||
printk("%lu pages HighMem/MovableOnly\n", highmem);
|
||||
+ printk("%lu pages reserved\n", reserved);
|
||||
#ifdef CONFIG_CMA
|
||||
- printk("%lu pages reserved\n", (reserved - totalcma_pages));
|
||||
printk("%lu pages cma reserved\n", totalcma_pages);
|
||||
-#else
|
||||
- printk("%lu pages reserved\n", reserved);
|
||||
#endif
|
||||
#ifdef CONFIG_QUICKLIST
|
||||
printk("%lu pages in pagetable cache\n",
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
|||
3d5ea06d767e2f35c999eeadafc76523 linux-4.2.tar.xz
|
||||
4c964bfba54d65b5b54cc898baddecad perf-man-4.2.tar.gz
|
||||
c000fd7de765fc8cd60942aa52a996ed patch-4.2.8.xz
|
||||
58b35794eee3b6d52ce7be39357801e7 linux-4.3.tar.xz
|
||||
7c516c9528b9f9aac0136944b0200b7e perf-man-4.3.tar.gz
|
||||
d3235b3640ae6ac1ab579171943fda4b patch-4.3.3.xz
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
|
||||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Tue, 15 Dec 2015 15:12:43 +0000
|
||||
Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
|
||||
|
||||
The backported version of commit 7f109f7cc371 ("vrf: fix double free
|
||||
and memory corruption on register_netdevice failure") incorrectly
|
||||
removed a kfree() from the failure path as well as the free_netdev().
|
||||
Add that back.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
drivers/net/vrf.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
|
||||
index c9e309c..6c25fd0 100644
|
||||
--- a/drivers/net/vrf.c
|
||||
+++ b/drivers/net/vrf.c
|
||||
@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
|
||||
{
|
||||
struct net_vrf *vrf = netdev_priv(dev);
|
||||
struct net_vrf_dev *vrf_ptr;
|
||||
+ int err;
|
||||
|
||||
if (!data || !data[IFLA_VRF_TABLE])
|
||||
return -EINVAL;
|
||||
@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
|
||||
|
||||
rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
|
||||
|
||||
- return register_netdev(dev);
|
||||
+ err = register_netdev(dev);
|
||||
+ if (err)
|
||||
+ kfree(vrf_ptr);
|
||||
+ return err;
|
||||
}
|
||||
|
||||
static size_t vrf_nl_getsize(const struct net_device *dev)
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,8 @@
|
|||
From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
||||
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
|
||||
Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
|
||||
enabled
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO register
|
||||
|
@ -65,3 +67,6 @@ index 6b1721f978c2..53fe675f9bd7 100644
|
|||
if (!access_ok(VERIFY_READ, buf, count))
|
||||
return -EFAULT;
|
||||
while (count-- > 0 && i < 65536) {
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
|
||||
Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
|
||||
restricted
|
||||
|
||||
Writing to MSRs should not be allowed if module loading is restricted,
|
||||
since it could lead to execution of arbitrary code in kernel mode. Based
|
||||
|
@ -37,3 +39,6 @@ index 113e70784854..26c2f83fc470 100644
|
|||
if (copy_from_user(®s, uregs, sizeof regs)) {
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
Loading…
Reference in New Issue