rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rebase to 4.3.y 

- Backport nouveau stable fixes (rhbz 1299349)
- CVE-2016-0728 Keys: reference leak in join_session_keyring (rhbz 1296623 1297475)
- Add currently queued networking stable patches
- Add a couple btrfs patches cc'd to stable upstream
- Add SCSI patches to avoid blacklist false positives (rhbz 1299810)
This commit is contained in:
Josh Boyer 2016-01-19 16:29:42 -05:00
parent de0020923c
commit 1af40db9c4
73 changed files with 6183 additions and 968 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
View File

@ -1,76 +0,0 @@
From d856e14fb043b742f94170db36b812770a2591d0 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Thu, 15 Oct 2015 17:21:37 +0100
Subject: [PATCH 1/2] KEYS: Fix crash when attempt to garbage collect an
uninstantiated keyring
The following sequence of commands:
i=`keyctl add user a a @s`
keyctl request2 keyring foo bar @t
keyctl unlink $i @s
tries to invoke an upcall to instantiate a keyring if one doesn't already
exist by that name within the user's keyring set. However, if the upcall
fails, the code sets keyring->type_data.reject_error to -ENOKEY or some
other error code. When the key is garbage collected, the key destroy
function is called unconditionally and keyring_destroy() uses list_empty()
on keyring->type_data.link - which is in a union with reject_error.
Subsequently, the kernel tries to unlink the keyring from the keyring names
list - which oopses like this:
BUG: unable to handle kernel paging request at 00000000ffffff8a
IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88
...
Workqueue: events key_garbage_collector
...
RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88
RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203
RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40
RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000
R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900
R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000
...
CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0
...
Call Trace:
[<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f
[<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351
[<ffffffff8105ec9b>] process_one_work+0x28e/0x547
[<ffffffff8105fd17>] worker_thread+0x26e/0x361
[<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8
[<ffffffff810648ad>] kthread+0xf3/0xfb
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
[<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
Note the value in RAX. This is a 32-bit representation of -ENOKEY.
The solution is to only call ->destroy() if the key was successfully
instantiated.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/gc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/security/keys/gc.c b/security/keys/gc.c
index c7952375ac53..11c36627adbf 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -149,7 +149,9 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
atomic_dec(&key->user->nikeys);
/* now throw away the key memory */
- if (key->type->destroy)
+ if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
+ !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
+ key->type->destroy)
key->type->destroy(key);
key_user_put(key->user);
--
2.4.3

169
0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
View File

@ -1,169 +0,0 @@
From 1d8007bdee074fdffcf3539492d8a151a1fb3436 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 12 Oct 2015 13:38:32 +0200
Subject: [PATCH] KVM: x86: build kvm_userspace_memory_region in
x86_set_memory_region
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The next patch will make x86_set_memory_region fill the
userspace_addr. Since the struct is not used untouched
anymore, it makes sense to build it in x86_set_memory_region
directly; it also simplifies the callers.
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
Cc: stable@vger.kernel.org
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/include/asm/kvm_host.h | 6 ++----
arch/x86/kvm/vmx.c | 26 ++++++--------------------
arch/x86/kvm/x86.c | 31 +++++++++++++------------------
3 files changed, 21 insertions(+), 42 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 49ec903..4e7ad7e 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1199,9 +1199,7 @@ void kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err);
int kvm_is_in_guest(void);
-int __x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem);
-int x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem);
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
#endif /* _ASM_X86_KVM_HOST_H */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 18c30b4..8461e0c 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -4105,17 +4105,13 @@ static void seg_setup(int seg)
static int alloc_apic_access_page(struct kvm *kvm)
{
struct page *page;
- struct kvm_userspace_memory_region kvm_userspace_mem;
int r = 0;
mutex_lock(&kvm->slots_lock);
if (kvm->arch.apic_access_page_done)
goto out;
- kvm_userspace_mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
- kvm_userspace_mem.flags = 0;
- kvm_userspace_mem.guest_phys_addr = APIC_DEFAULT_PHYS_BASE;
- kvm_userspace_mem.memory_size = PAGE_SIZE;
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
+ r = __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
+ APIC_DEFAULT_PHYS_BASE, PAGE_SIZE);
if (r)
goto out;
@@ -4140,17 +4136,12 @@ static int alloc_identity_pagetable(struct kvm *kvm)
{
/* Called with kvm->slots_lock held. */
- struct kvm_userspace_memory_region kvm_userspace_mem;
int r = 0;
BUG_ON(kvm->arch.ept_identity_pagetable_done);
- kvm_userspace_mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
- kvm_userspace_mem.flags = 0;
- kvm_userspace_mem.guest_phys_addr =
- kvm->arch.ept_identity_map_addr;
- kvm_userspace_mem.memory_size = PAGE_SIZE;
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
+ r = __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
+ kvm->arch.ept_identity_map_addr, PAGE_SIZE);
return r;
}
@@ -4949,14 +4940,9 @@ static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
{
int ret;
- struct kvm_userspace_memory_region tss_mem = {
- .slot = TSS_PRIVATE_MEMSLOT,
- .guest_phys_addr = addr,
- .memory_size = PAGE_SIZE * 3,
- .flags = 0,
- };
- ret = x86_set_memory_region(kvm, &tss_mem);
+ ret = x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr,
+ PAGE_SIZE * 3);
if (ret)
return ret;
kvm->arch.tss_addr = addr;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 373328b..b12665b 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7721,18 +7721,21 @@ void kvm_arch_sync_events(struct kvm *kvm)
kvm_free_pit(kvm);
}
-int __x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem)
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int i, r;
/* Called with kvm->slots_lock held. */
- BUG_ON(mem->slot >= KVM_MEM_SLOTS_NUM);
+ if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
+ return -EINVAL;
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
- struct kvm_userspace_memory_region m = *mem;
+ struct kvm_userspace_memory_region m;
- m.slot |= i << 16;
+ m.slot = id | (i << 16);
+ m.flags = 0;
+ m.guest_phys_addr = gpa;
+ m.memory_size = size;
r = __kvm_set_memory_region(kvm, &m);
if (r < 0)
return r;
@@ -7742,13 +7745,12 @@ int __x86_set_memory_region(struct kvm *kvm,
}
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
-int x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem)
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int r;
mutex_lock(&kvm->slots_lock);
- r = __x86_set_memory_region(kvm, mem);
+ r = __x86_set_memory_region(kvm, id, gpa, size);
mutex_unlock(&kvm->slots_lock);
return r;
@@ -7763,16 +7765,9 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
* unless the the memory map has changed due to process exit
* or fd copying.
*/
- struct kvm_userspace_memory_region mem;
- memset(&mem, 0, sizeof(mem));
- mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
- x86_set_memory_region(kvm, &mem);
-
- mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
- x86_set_memory_region(kvm, &mem);
-
- mem.slot = TSS_PRIVATE_MEMSLOT;
- x86_set_memory_region(kvm, &mem);
+ x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, 0, 0);
+ x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT, 0, 0);
+ x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0);
}
kvm_iommu_unmap_guest(kvm);
kfree(kvm->arch.vpic);

63
0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch Normal file
View File

@ -0,0 +1,63 @@
From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Sun, 1 Nov 2015 23:54:08 +0000
Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
Fix issue from two patches overlapping causing a kernel oops
[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
[ 3569.306272] pgd = dc894000
[ 3569.309287] [00000088] *pgd=00000000
[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
[ 3569.417902] pc : [<bf0ab138>] lr : [<c0739c54>] psr: 600f0013
[ 3569.417902] sp : dbaadf18 ip : 00000003 fp : 7f5d3bbe
[ 3569.430014] r10: 00000000 r9 : 00000003 r8 : bef21ab8
[ 3569.435535] r7 : dbbc0f7c r6 : dbbc0f18 r5 : bef21ab8 r4 : 00000000
[ 3569.442427] r3 : 00000000 r2 : 00000000 r1 : 8004570a r0 : dbbc0f18
[ 3569.449323] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 3569.456858] Control: 10c5387d Table: 9c894019 DAC: 00000051
[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
[ 3569.473790] df00: bef21ab8 dbf60e38
[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
drivers/watchdog/omap_wdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
index d96bee0..6f17c93 100644
--- a/drivers/watchdog/omap_wdt.c
+++ b/drivers/watchdog/omap_wdt.c
@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
{
- struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
+ struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
void __iomem *base = wdev->base;
u32 value;
--
2.5.0

34
0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
View File

@ -1,34 +0,0 @@
From 93f27344ac019135dd5ff31a518f1ef2d9e4e4a1 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 19 Oct 2015 11:33:38 +0100
Subject: [PATCH 2/2] KEYS: Don't permit request_key() to construct a new
keyring
If request_key() is used to find a keyring, only do the search part - don't
do the construction part if the keyring was not found by the search. We
don't really want keyrings in the negative instantiated state since the
rejected/negative instantiation error value in the payload is unioned with
keyring metadata.
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/request_key.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 486ef6fa393b..0d6253124278 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
kenter("");
+ if (ctx->index_key.type == &key_type_keyring)
+ return ERR_PTR(-EPERM);
+
user = key_user_lookup(current_fsuid());
if (!user)
return ERR_PTR(-ENOMEM);
--
2.4.3

134
0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
View File

@ -1,134 +0,0 @@
From f0d648bdf0a5bbc91da6099d5282f77996558ea4 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 12 Oct 2015 13:56:27 +0200
Subject: [PATCH] KVM: x86: map/unmap private slots in __x86_set_memory_region
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise, two copies (one of them never populated and thus bogus)
are allocated for the regular and SMM address spaces. This breaks
SMM with EPT but without unrestricted guest support, because the
SMM copy of the identity page map is all zeros.
By moving the allocation to the caller we also remove the last
vestiges of kernel-allocated memory regions (not accessible anymore
in userspace since commit b74a07beed0e, "KVM: Remove kernel-allocated
memory regions", 2010-06-21); that is a nice bonus.
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
Cc: stable@vger.kernel.org
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/x86.c | 62 ++++++++++++++++++++++++++----------------------------
1 file changed, 30 insertions(+), 32 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 7bf8096..3ac33f8 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7477,23 +7477,53 @@ void kvm_arch_sync_events(struct kvm *kvm)
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int i, r;
+ u64 hva;
+ struct kvm_memslots *slots = kvm_memslots(kvm);
+ struct kvm_memory_slot *slot, old;
/* Called with kvm->slots_lock held. */
if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
return -EINVAL;
+ slot = id_to_memslot(slots, id);
+ if (size) {
+ if (WARN_ON(slot->npages))
+ return -EEXIST;
+
+ /*
+ * MAP_SHARED to prevent internal slot pages from being moved
+ * by fork()/COW.
+ */
+ hva = vm_mmap(NULL, 0, size, PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_ANONYMOUS, 0);
+ if (IS_ERR((void *)hva))
+ return PTR_ERR((void *)hva);
+ } else {
+ if (!slot->npages)
+ return 0;
+
+ hva = 0;
+ }
+
+ old = *slot;
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
struct kvm_userspace_memory_region m;
m.slot = id | (i << 16);
m.flags = 0;
m.guest_phys_addr = gpa;
+ m.userspace_addr = hva;
m.memory_size = size;
r = __kvm_set_memory_region(kvm, &m);
if (r < 0)
return r;
}
+ if (!size) {
+ r = vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
+ WARN_ON(r < 0);
+ }
+
return 0;
}
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
@@ -7623,27 +7653,6 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
const struct kvm_userspace_memory_region *mem,
enum kvm_mr_change change)
{
- /*
- * Only private memory slots need to be mapped here since
- * KVM_SET_MEMORY_REGION ioctl is no longer supported.
- */
- if ((memslot->id >= KVM_USER_MEM_SLOTS) && (change == KVM_MR_CREATE)) {
- unsigned long userspace_addr;
-
- /*
- * MAP_SHARED to prevent internal slot pages from being moved
- * by fork()/COW.
- */
- userspace_addr = vm_mmap(NULL, 0, memslot->npages * PAGE_SIZE,
- PROT_READ | PROT_WRITE,
- MAP_SHARED | MAP_ANONYMOUS, 0);
-
- if (IS_ERR((void *)userspace_addr))
- return PTR_ERR((void *)userspace_addr);
-
- memslot->userspace_addr = userspace_addr;
- }
-
return 0;
}
@@ -7705,17 +7714,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
{
int nr_mmu_pages = 0;
- if (change == KVM_MR_DELETE && old->id >= KVM_USER_MEM_SLOTS) {
- int ret;
-
- ret = vm_munmap(old->userspace_addr,
- old->npages * PAGE_SIZE);
- if (ret < 0)
- printk(KERN_WARNING
- "kvm_vm_ioctl_set_memory_region: "
- "failed to munmap memory\n");
- }
-
if (!kvm->arch.n_requested_mmu_pages)
nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
--
2.5.0

30
0003-KVM-x86-fix-previous-commit-for-32-bit.patch
View File

@ -1,30 +0,0 @@
From 25188b9986cf6b0cadcf1bc1d1693a2e9c50ed47 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 14 Oct 2015 15:51:08 +0200
Subject: [PATCH] KVM: x86: fix previous commit for 32-bit
Unfortunately I only noticed this after pushing.
Fixes: f0d648bdf0a5bbc91da6099d5282f77996558ea4
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6e03546..9a9a198 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7482,7 +7482,7 @@ void kvm_arch_sync_events(struct kvm *kvm)
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int i, r;
- u64 hva;
+ unsigned long hva;
struct kvm_memslots *slots = kvm_memslots(kvm);
struct kvm_memory_slot *slot, old;
--
2.5.0

6
ACPI-Limit-access-to-custom_method.patch
View File

@ -1,6 +1,7 @@
From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH] ACPI: Limit access to custom_method
Subject: [PATCH 04/20] ACPI: Limit access to custom_method
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
@ -25,3 +26,6 @@ index c68e72414a67..4277938af700 100644
if (!(*ppos)) {
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
--
2.4.3

103
ARM-dts-Add-am335x-bonegreen.patch Normal file
View File

@ -0,0 +1,103 @@
From patchwork Fri Sep 25 15:10:31 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: ARM: dts: Add am335x-bonegreen
From: Robert Nelson <robertcnelson@gmail.com>
X-Patchwork-Id: 7265851
Message-Id: <1443193831-5693-1-git-send-email-robertcnelson@gmail.com>
To: tony@atomide.com, devicetree@vger.kernel.org
Cc: linux-omap@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
Robert Nelson <robertcnelson@gmail.com>, Jason Kridner <jkridner@gmail.com>
Date: Fri, 25 Sep 2015 10:10:31 -0500
SeeedStudio BeagleBone Green (BBG) is clone of the BeagleBone Black (BBB) minus
the HDMI port and addition of two Grove connectors (i2c2 and usart2).
This board can be identified by the 1A value after A335BNLT (BBB) in the at24 eeprom:
1A: [aa 55 33 ee 41 33 33 35 42 4e 4c 54 1a 00 00 00 |.U3.A335BNLT....|]
http://beagleboard.org/green
http://www.seeedstudio.com/wiki/Beaglebone_green
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
CC: Tony Lindgren <tony@atomide.com>
CC: Jason Kridner <jkridner@gmail.com>
---
arch/arm/boot/dts/Makefile | 1 +
arch/arm/boot/dts/am335x-bonegreen.dts | 53 ++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
create mode 100644 arch/arm/boot/dts/am335x-bonegreen.dts
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
index 233159d..e45d771 100644
--- a/arch/arm/boot/dts/Makefile
+++ b/arch/arm/boot/dts/Makefile
@@ -446,6 +446,7 @@ dtb-$(CONFIG_SOC_AM33XX) += \
am335x-base0033.dtb \
am335x-bone.dtb \
am335x-boneblack.dtb \
+ am335x-bonegreen.dtb \
am335x-sl50.dtb \
am335x-evm.dtb \
am335x-evmsk.dtb \
diff --git a/arch/arm/boot/dts/am335x-bonegreen.dts b/arch/arm/boot/dts/am335x-bonegreen.dts
new file mode 100644
index 0000000..0f65bda
--- /dev/null
+++ b/arch/arm/boot/dts/am335x-bonegreen.dts
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+/dts-v1/;
+
+#include "am33xx.dtsi"
+#include "am335x-bone-common.dtsi"
+
+/ {
+ model = "TI AM335x BeagleBone Green";
+ compatible = "ti,am335x-bone-green", "ti,am335x-bone-black", "ti,am335x-bone", "ti,am33xx";
+};
+
+&ldo3_reg {
+ regulator-min-microvolt = <1800000>;
+ regulator-max-microvolt = <1800000>;
+ regulator-always-on;
+};
+
+&mmc1 {
+ vmmc-supply = <&vmmcsd_fixed>;
+};
+
+&mmc2 {
+ vmmc-supply = <&vmmcsd_fixed>;
+ pinctrl-names = "default";
+ pinctrl-0 = <&emmc_pins>;
+ bus-width = <8>;
+ status = "okay";
+};
+
+&am33xx_pinmux {
+ uart2_pins: uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 (PIN_INPUT | MUX_MODE1) /* spi0_sclk.uart2_rxd */
+ 0x154 (PIN_OUTPUT | MUX_MODE1) /* spi0_d0.uart2_txd */
+ >;
+ };
+};
+
+&uart2 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart2_pins>;
+ status = "okay";
+};
+
+&rtc {
+ system-power-controller;
+};

8
Add-an-EFI-signature-blob-parser-and-key-loader.patch
View File

@ -1,6 +1,7 @@
From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH] Add an EFI signature blob parser and key loader.
Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
X.509 certificates are loaded into the specified keyring as asymmetric type
keys.
@ -32,7 +33,7 @@ index 4870f28403f5..4a1b50d73b80 100644
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index e47fcd9ac5e8..6512f6596785 100644
index cd1406f9b14a..d9db380bbe53 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
@ -173,3 +174,6 @@ index fac43c611614..414c3c3d988d 100644
/**
* efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address
--
2.4.3

32
Add-option-to-automatically-enforce-module-signature.patch
View File

@ -1,7 +1,8 @@
From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH] Add option to automatically enforce module signatures when in
Secure Boot mode
Subject: [PATCH 10/20] Add option to automatically enforce module signatures
when in Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
@ -20,10 +21,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 82fbdbc1e0b0..a811210ad486 100644
index 95a4d34af3fd..b8527c6b7646 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
@@ -31,6 +31,8 @@ Offset Proto Name Meaning
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
(below)
@ -33,10 +34,10 @@ index 82fbdbc1e0b0..a811210ad486 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 3dbb7e7909ca..4da6644b1fd0 100644
index cc0d73eac047..14db458f4774 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1703,6 +1703,16 @@ config EFI_MIXED
@@ -1734,6 +1734,16 @@ config EFI_MIXED
If unsure, say N.
@ -54,7 +55,7 @@ index 3dbb7e7909ca..4da6644b1fd0 100644
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 2c82bd150d43..1ef8ea7f8ed9 100644
index ee1b6d346b98..b4de3faa3f29 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
@ -115,7 +116,7 @@ index 2c82bd150d43..1ef8ea7f8ed9 100644
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index ab456dc233b5..74ba4083e7ce 100644
index 329254373479..b61f8533c0fd 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -134,7 +134,8 @@ struct boot_params {
@ -129,10 +130,10 @@ index ab456dc233b5..74ba4083e7ce 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 80f874bf999e..c2e4f52cad30 100644
index baadbf90a7c5..1ac118146e90 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
@ -146,10 +147,10 @@ index 80f874bf999e..c2e4f52cad30 100644
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index 57474384b66b..b69d657c3700 100644
index db386349cd01..4b8df91f03cd 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -189,6 +189,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
struct notifier_block;
@ -163,10 +164,10 @@ index 57474384b66b..b69d657c3700 100644
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index e9869c497175..87fa14fedc88 100644
index 7f045246e123..2b403ab0ef29 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4084,6 +4084,13 @@ void module_layout(struct module *mod,
@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
@ -180,3 +181,6 @@ index e9869c497175..87fa14fedc88 100644
bool secure_modules(void)
{
#ifdef CONFIG_MODULE_SIG
--
2.4.3

16
Add-secure_modules-call.patch
View File

@ -1,6 +1,7 @@
From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH] Add secure_modules() call
Subject: [PATCH 01/20] Add secure_modules() call
Provide a single call to allow kernel code to determine whether the system
has been configured to either disable module loading entirely or to load
@ -16,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 16 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index d67b1932cc59..57474384b66b 100644
index 3a19c79918e0..db386349cd01 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
return module && module->async_probe_requested;
}
@ -28,7 +29,7 @@ index d67b1932cc59..57474384b66b 100644
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
return false;
}
@ -40,10 +41,10 @@ index d67b1932cc59..57474384b66b 100644
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
index 4d2b82e610e2..e9869c497175 100644
index b86b7bf1be38..7f045246e123 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
@ -57,3 +58,6 @@ index 4d2b82e610e2..e9869c497175 100644
+#endif
+}
+EXPORT_SYMBOL(secure_modules);
--
2.4.3

32
Add-sysrq-option-to-disable-secure-boot-mode.patch
View File

@ -1,6 +1,7 @@
From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@redhat.com>
Date: Fri, 30 Aug 2013 09:28:51 -0400
Subject: [PATCH] Add sysrq option to disable secure boot mode
Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
Bugzilla: N/A
Upstream-status: Fedora mustard
@ -15,7 +16,7 @@ Upstream-status: Fedora mustard
7 files changed, 64 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 5def6b4143fa..1eac9d22cb0b 100644
index f93826b8522c..41679b1aca83 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -70,6 +70,11 @@
@ -30,7 +31,7 @@ index 5def6b4143fa..1eac9d22cb0b 100644
#include <video/edid.h>
#include <asm/mtrr.h>
@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
#endif /* CONFIG_X86_32 */
@ -69,10 +70,10 @@ index 5def6b4143fa..1eac9d22cb0b 100644
.notifier_call = dump_kernel_offset
};
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 421e29e4cd81..61c1eb97806c 100644
index 345df9b03aed..dea6a6c4a39b 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
if (!udev->dev)
return -ENOMEM;
@ -81,10 +82,10 @@ index 421e29e4cd81..61c1eb97806c 100644
input_set_drvdata(udev->dev, udev);
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index b5b427888b24..289c7898a3b0 100644
index 95b330a9ea98..dfa3e154a719 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -465,6 +465,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
/* x: May be registered on mips for TLB dump */
/* x: May be registered on ppc/powerpc for xmon */
/* x: May be registered on sparc64 for global PMU dump */
@ -92,7 +93,7 @@ index b5b427888b24..289c7898a3b0 100644
NULL, /* x */
/* y: May be registered on sparc64 for global register dump */
NULL, /* y */
@@ -508,7 +509,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
sysrq_key_table[i] = op_p;
}
@ -101,7 +102,7 @@ index b5b427888b24..289c7898a3b0 100644
{
struct sysrq_key_op *op_p;
int orig_log_level;
@@ -528,11 +529,15 @@ void __handle_sysrq(int key, bool check_mask)
@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
op_p = __sysrq_get_key_op(key);
if (op_p) {
@ -118,7 +119,7 @@ index b5b427888b24..289c7898a3b0 100644
pr_cont("%s\n", op_p->action_msg);
console_loglevel = orig_log_level;
op_p->handler(key);
@@ -564,7 +569,7 @@ void __handle_sysrq(int key, bool check_mask)
@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
void handle_sysrq(int key)
{
if (sysrq_on())
@ -127,7 +128,7 @@ index b5b427888b24..289c7898a3b0 100644
}
EXPORT_SYMBOL(handle_sysrq);
@@ -645,7 +650,7 @@ static void sysrq_do_reset(unsigned long _state)
@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
static void sysrq_handle_reset_request(struct sysrq_state *state)
{
if (state->reset_requested)
@ -136,7 +137,7 @@ index b5b427888b24..289c7898a3b0 100644
if (sysrq_reset_downtime_ms)
mod_timer(&state->keyreset_timer,
@@ -796,8 +801,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
default:
if (sysrq->active && value && value != 2) {
@ -148,7 +149,7 @@ index b5b427888b24..289c7898a3b0 100644
}
break;
}
@@ -1077,7 +1084,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
if (get_user(c, buf))
return -EFAULT;
@ -228,7 +229,7 @@ index 4121345498e0..0ff3cef5df96 100644
return 0;
diff --git a/kernel/module.c b/kernel/module.c
index 87fa14fedc88..61385e686d49 100644
index 2b403ab0ef29..7818c110e95c 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
@ -240,3 +241,6 @@ index 87fa14fedc88..61385e686d49 100644
#ifndef CONFIG_MODULE_SIG_FORCE
module_param(sig_enforce, bool_enable_only, 0644);
#endif /* !CONFIG_MODULE_SIG_FORCE */
--
2.4.3

119
Btrfs-fix-fitrim-discarding-device-area-reserved-for.patch Normal file
View File

@ -0,0 +1,119 @@
From 259072b7a1c20f8612dcaa8e0e027004aa98f864 Mon Sep 17 00:00:00 2001
From: Filipe Manana <fdmanana@suse.com>
Date: Wed, 6 Jan 2016 22:42:35 +0000
Subject: [PATCH 2/2] Btrfs: fix fitrim discarding device area reserved for
boot loader's use
As of the 4.3 kernel release, the fitrim ioctl can now discard any region
of a disk that is not allocated to any chunk/block group, including the
first megabyte which is used for our primary superblock and by the boot
loader (grub for example).
Fix this by not allowing to trim/discard any region in the device starting
with an offset not greater than min(alloc_start_mount_option, 1Mb), just
as it was not possible before 4.3.
A reproducer test case for xfstests follows.
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
# real QA test starts here
_need_to_be_root
_supported_fs btrfs
_supported_os Linux
_require_scratch
rm -f $seqres.full
_scratch_mkfs >>$seqres.full 2>&1
# Write to the [0, 64Kb[ and [68Kb, 1Mb[ ranges of the device. These ranges are
# reserved for a boot loader to use (GRUB for example) and btrfs should never
# use them - neither for allocating metadata/data nor should trim/discard them.
# The range [64Kb, 68Kb[ is used for the primary superblock of the filesystem.
$XFS_IO_PROG -c "pwrite -S 0xfd 0 64K" $SCRATCH_DEV | _filter_xfs_io
$XFS_IO_PROG -c "pwrite -S 0xfd 68K 956K" $SCRATCH_DEV | _filter_xfs_io
# Now mount the filesystem and perform a fitrim against it.
_scratch_mount
_require_batched_discard $SCRATCH_MNT
$FSTRIM_PROG $SCRATCH_MNT
# Now unmount the filesystem and verify the content of the ranges was not
# modified (no trim/discard happened on them).
_scratch_unmount
echo "Content of the ranges [0, 64Kb] and [68Kb, 1Mb[ after fitrim:"
od -t x1 -N $((64 * 1024)) $SCRATCH_DEV
od -t x1 -j $((68 * 1024)) -N $((956 * 1024)) $SCRATCH_DEV
status=0
exit
Reported-by: Vincent Petry <PVince81@yahoo.fr>
Reported-by: Andrei Borzenkov <arvidjaar@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=109341
Fixes: 499f377f49f0 (btrfs: iterate over unused chunk space in FITRIM)
Cc: stable@vger.kernel.org # 4.3+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
---
fs/btrfs/volumes.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index b816b3a2e118..96f8c827d563 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -1208,6 +1208,15 @@ int find_free_dev_extent_start(struct btrfs_transaction *transaction,
int ret;
int slot;
struct extent_buffer *l;
+ u64 min_search_start;
+
+ /*
+ * We don't want to overwrite the superblock on the drive nor any area
+ * used by the boot loader (grub for example), so we make sure to start
+ * at an offset of at least 1MB.
+ */
+ min_search_start = max(root->fs_info->alloc_start, 1024ull * 1024);
+ search_start = max(search_start, min_search_start);
path = btrfs_alloc_path();
if (!path)
@@ -1348,18 +1357,9 @@ int find_free_dev_extent(struct btrfs_trans_handle *trans,
struct btrfs_device *device, u64 num_bytes,
u64 *start, u64 *len)
{
- struct btrfs_root *root = device->dev_root;
- u64 search_start;
-
/* FIXME use last free of some kind */
-
- /*
- * we don't want to overwrite the superblock on the drive,
- * so we make sure to start at an offset of at least 1MB
- */
- search_start = max(root->fs_info->alloc_start, 1024ull * 1024);
return find_free_dev_extent_start(trans->transaction, device,
- num_bytes, search_start, start, len);
+ num_bytes, 0, start, len);
}
static int btrfs_free_dev_extent(struct btrfs_trans_handle *trans,
--
2.5.0

133
HID-multitouch-Fetch-feature-reports-on-demand-for-W.patch Normal file
View File

@ -0,0 +1,133 @@
From 84ac7d370783d4819c5986da1c5d5c62d360dc8f Mon Sep 17 00:00:00 2001
From: Mika Westerberg <mika.westerberg@linux.intel.com>
Date: Wed, 7 Oct 2015 15:33:43 +0300
Subject: [PATCH] HID: multitouch: Fetch feature reports on demand for Win8
devices
Some newer Intel Skylake based Dell laptops with Win8 precision touchpad
fail when initial feature reports are fetched from it. Below is an example
output with some additional debug included:
i2c_hid i2c-DLL0704:01: Fetching the HID descriptor
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=20 00
i2c_hid i2c-DLL0704:01: HID Descriptor: 1e 00 00 01 99 02 21 00 24 ...
...
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 38 02 23 00
i2c_hid i2c-DLL0704:01: report (len=4): 04 00 08 05
i2c_hid i2c-DLL0704:01: report id 13
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 3d 02 23 00
i2c_hid i2c-DLL0704:01: failed to retrieve report from device.
i2c_hid i2c-DLL0704:01: report id 7
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 37 02 23 00
i2c_hid i2c-DLL0704:01: report (len=259): 03 01 07 fc 28 fe 84 40 ...
i2c_hid i2c-DLL0704:01: report id 4
i2c_hid i2c-DLL0704:01: i2c_hid_get_report
i2c_hid i2c-DLL0704:01: __i2c_hid_command: cmd=22 00 34 02 23 00
We manage to fetch few reports but then the touchpad dies:
i2c_designware i2c_designware.1: i2c_dw_handle_tx_abort: lost arbitration
i2c_hid i2c-DLL0704:01: failed to retrieve report from device.
it eventually pulls the whole I2C bus low:
i2c_designware i2c_designware.1: controller timed out
i2c_hid i2c-DLL0704:01: failed to set a report to device.
Fix this by preventing initial feature report retrieval for Win8 devices.
Instead we fetch reports as needed in mt_feature_mapping(). This prevents
fetching reports which might cause problems with the device in question.
Suggested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Tested-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
drivers/hid/hid-multitouch.c | 45 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
index 426b2f1a3450..4afe8d78b366 100644
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -309,6 +309,41 @@ static struct attribute_group mt_attribute_group = {
.attrs = sysfs_attrs
};
+static void mt_get_feature(struct hid_device *hdev, struct hid_report *report)
+{
+ struct mt_device *td = hid_get_drvdata(hdev);
+ int ret, size = hid_report_len(report);
+ u8 *buf;
+
+ /*
+ * Only fetch the feature report if initial reports are not already
+ * been retrieved. Currently this is only done for Windows 8 touch
+ * devices.
+ */
+ if (!(hdev->quirks & HID_QUIRK_NO_INIT_REPORTS))
+ return;
+ if (td->mtclass.name != MT_CLS_WIN_8)
+ return;
+
+ buf = hid_alloc_report_buf(report, GFP_KERNEL);
+ if (!buf)
+ return;
+
+ ret = hid_hw_raw_request(hdev, report->id, buf, size,
+ HID_FEATURE_REPORT, HID_REQ_GET_REPORT);
+ if (ret < 0) {
+ dev_warn(&hdev->dev, "failed to fetch feature %d\n",
+ report->id);
+ } else {
+ ret = hid_report_raw_event(hdev, HID_FEATURE_REPORT, buf,
+ size, 0);
+ if (ret)
+ dev_warn(&hdev->dev, "failed to report feature\n");
+ }
+
+ kfree(buf);
+}
+
static void mt_feature_mapping(struct hid_device *hdev,
struct hid_field *field, struct hid_usage *usage)
{
@@ -327,6 +362,8 @@ static void mt_feature_mapping(struct hid_device *hdev,
break;
case HID_DG_CONTACTMAX:
+ mt_get_feature(hdev, field->report);
+
td->maxcontact_report_id = field->report->id;
td->maxcontacts = field->value[0];
if (!td->maxcontacts &&
@@ -343,6 +380,7 @@ static void mt_feature_mapping(struct hid_device *hdev,
break;
}
+ mt_get_feature(hdev, field->report);
if (field->value[usage->usage_index] == MT_BUTTONTYPE_CLICKPAD)
td->is_buttonpad = true;
@@ -1026,8 +1064,13 @@ static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id)
* reports. Fortunately, the Win8 spec says that all touches
* should be sent during each report, making the initialization
* of input reports unnecessary.
+ *
+ * In addition some touchpads do not behave well if we read
+ * all feature reports from them. Instead we prevent
+ * initial report fetching and then selectively fetch each
+ * report we are interested in.
*/
- hdev->quirks |= HID_QUIRK_NO_INIT_INPUT_REPORTS;
+ hdev->quirks |= HID_QUIRK_NO_INIT_REPORTS;
td = devm_kzalloc(&hdev->dev, sizeof(struct mt_device), GFP_KERNEL);
if (!td) {
--
2.5.0

127
KEYS-Add-a-system-blacklist-keyring.patch
View File

@ -1,6 +1,7 @@
From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH] KEYS: Add a system blacklist keyring
Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules
@ -9,72 +10,15 @@ useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
certs/system_keyring.c | 27 +++++++++++++++++++++++++++
include/keys/system_keyring.h | 4 ++++
init/Kconfig | 9 +++++++++
kernel/module_signing.c | 12 ++++++++++++
kernel/system_keyring.c | 17 +++++++++++++++++
4 files changed, 42 insertions(+)
3 files changed, 40 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 72665eb80692..2c7b80d31366 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
}
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index af09b4fb43d2..62f6fd191e4f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1752,6 +1752,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fac4bd0..fed815fcdaf2 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
pr_debug("Look up: \"%s\"\n", id);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
+ &key_type_asymmetric, id);
+ if (!IS_ERR(key)) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key '%s' is in blacklist\n", id);
+ key_ref_put(key);
+ kfree(id);
+ return ERR_PTR(-EKEYREJECTED);
+ }
+#endif
+
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
&key_type_asymmetric, id);
if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 875f64e8935b..c15e93f5a418 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 2570598b784d..53733822993f 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
@ -90,7 +34,7 @@ index 875f64e8935b..c15e93f5a418 100644
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
@ -106,3 +50,56 @@ index 875f64e8935b..c15e93f5a418 100644
return 0;
}
@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
if (ret < 0)
goto error;
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
+ if (!ret) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key is in the blacklist\n");
+ ret = -EKEYREJECTED;
+ goto error;
+ }
+#endif
+
ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
if (ret < 0)
goto error;
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index b20cd885c1fd..51d8ddc60e0f 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -35,4 +35,8 @@ extern int system_verify_data(const void *data, unsigned long len,
enum key_being_used_for usage);
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 02da9f1fd9df..782d26f02885 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
module verification, kexec image verification and firmware blob
verification.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
--
2.4.3

78
KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch Normal file
View File

@ -0,0 +1,78 @@
From 05fd13592b60c3e9873f56705f80ff934e98b046 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 18 Jan 2016 10:53:31 +0000
Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring()
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
if (keyctl(KEYCTL_SETPERM, serial,
KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}
for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}
return 0;
}
If, after the program has run, there something like the following line in
/proc/keys:
3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning. If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
RH-bugzilla: 1298036
---
security/keys/process_keys.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 43b4cddbf2b3..7877e5cd4e23 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -794,6 +794,7 @@ long join_session_keyring(const char *name)
ret = PTR_ERR(keyring);
goto error2;
} else if (keyring == new->session_keyring) {
+ key_put(keyring);
ret = 0;
goto error2;
}
--
2.5.0

34
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
View File

@ -1,3 +1,4 @@
From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 414c3c3d988d..d920a6be6c8b 100644
index 85ef051ac6fb..a042b2ece788 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
@@ -600,6 +600,12 @@ typedef struct {
u64 table;
} efi_config_table_64_t;
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
@ -40,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
+
typedef struct {
efi_guid_t guid;
u64 table;
u32 table;
diff --git a/init/Kconfig b/init/Kconfig
index 62f6fd191e4f..648bb79d6b73 100644
index 02da9f1fd9df..90c73a0564b1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1906,6 +1906,15 @@ config MODULE_SIG_ALL
@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
@ -62,26 +63,26 @@ index 62f6fd191e4f..648bb79d6b73 100644
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index 43c4c920f30a..3193574387ac 100644
index d4988410b410..55e886239e7e 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -48,6 +48,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
@@ -47,6 +47,7 @@ endif
obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h
obj-$(CONFIG_HAS_IOMEM) += memremap.o
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+
$(obj)/configs.o: $(obj)/config_data.h
# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644
index 000000000000..94b0eb38a284
@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284
+ return rc;
+}
+late_initcall(load_uefi_certs);
--
2.4.3

6
MODSIGN-Support-not-importing-certs-from-db.patch
View File

@ -1,6 +1,7 @@
From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH] MODSIGN: Support not importing certs from db
Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
@ -78,3 +79,6 @@ index 94b0eb38a284..ae28b974d49a 100644
}
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
2.4.3

23
Makefile.config
View File

@ -12,9 +12,9 @@ CONFIGFILES = \
$(CFG)-armv7hl.config $(CFG)-armv7hl-lpae.config \
$(CFG)-aarch64.config \
$(CFG)-ppc64.config $(CFG)-ppc64p7.config $(CFG)-ppc64-debug.config \
$(CFG)-ppc64le.config
$(CFG)-ppc64le.config $(CFG)-ppc64le-debug.config
PLATFORMS = x86 x86_64 powerpc powerpc64 s390x arm arm64
PLATFORMS = x86 x86_64 powerpc s390x arm arm64
TEMPFILES = $(addprefix temp-, $(addsuffix -generic, $(PLATFORMS)))
configs: $(CONFIGFILES)
@ -74,18 +74,12 @@ temp-x86_64-generic: temp-x86-64 temp-generic
temp-x86_64-debug-generic: temp-x86-64 temp-debug-generic
perl merge.pl $^ > $@
temp-powerpc-generic: config-powerpc-generic temp-generic
temp-powerpc64-generic: config-powerpc64-generic temp-generic
perl merge.pl $^ > $@
temp-powerpc-debug-generic: config-powerpc-generic temp-debug-generic
temp-powerpc64-debug-generic: config-powerpc64-generic temp-debug-generic
perl merge.pl $^ > $@
temp-powerpc64-generic: config-powerpc64 temp-powerpc-generic
perl merge.pl $^ > $@
temp-powerpc64le-generic: config-powerpc64le temp-powerpc64-generic
perl merge.pl $^ > $@
temp-s390-generic: config-s390x temp-generic
perl merge.pl $^ > $@
@ -107,16 +101,19 @@ $(CFG)-x86_64.config: /dev/null temp-x86_64-generic
$(CFG)-x86_64-debug.config: /dev/null temp-x86_64-debug-generic
perl merge.pl $^ x86_64 > $@
$(CFG)-ppc64.config: /dev/null temp-powerpc64-generic
$(CFG)-ppc64.config: config-powerpc64 temp-powerpc64-generic
perl merge.pl $^ powerpc > $@
$(CFG)-ppc64-debug.config: temp-powerpc64-generic temp-powerpc-debug-generic
$(CFG)-ppc64-debug.config: config-powerpc64 temp-powerpc64-debug-generic
perl merge.pl $^ powerpc > $@
$(CFG)-ppc64p7.config: config-powerpc64p7 temp-powerpc64-generic
perl merge.pl $^ powerpc > $@
$(CFG)-ppc64le.config: /dev/null temp-powerpc64le-generic
$(CFG)-ppc64le.config: config-powerpc64le temp-powerpc64-generic
perl merge.pl $^ powerpc > $@
$(CFG)-ppc64le-debug.config: config-powerpc64le temp-powerpc64-debug-generic
perl merge.pl $^ powerpc > $@
$(CFG)-s390x.config: config-s390x temp-s390-generic

4
Makefile.release
View File

@ -82,7 +82,3 @@ config-release:
@# Change defaults back to sane things.
@perl -pi -e 's/CONFIG_MAXSMP=y/# CONFIG_MAXSMP is not set/' config-x86-generic
@perl -pi -e 's/CONFIG_SCHEDSTATS=y/# CONFIG_SCHEDSTATS is not set/' config-nodebug
@perl -pi -e 's/CONFIG_LATENCYTOP=y/# CONFIG_LATENCYTOP is not set/' config-nodebug

7
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
View File

@ -1,6 +1,8 @@
From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
enabled
Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
@ -111,3 +113,6 @@ index b91c4da68365..98f5637304d1 100644
return -EPERM;
dev = pci_get_bus_and_slot(bus, dfn);
--
2.4.3

6
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
View File

@ -1,6 +1,7 @@
From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
restricted
Allowing users to write to address space makes it possible for the kernel
@ -36,3 +37,6 @@ index 53fe675f9bd7..b52c88860532 100644
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p);
--
2.4.3

140
SCSI-fix-bug-in-scsi_dev_info_list-matching.patch Normal file
View File

@ -0,0 +1,140 @@
From 4abc12dd59bed74aa1730c2b3129d1750604d530 Mon Sep 17 00:00:00 2001
From: Alan Stern <stern@rowland.harvard.edu>
Date: Mon, 3 Aug 2015 11:57:29 -0400
Subject: [PATCH 2/2] SCSI: fix bug in scsi_dev_info_list matching
The "compatible" matching algorithm used for looking up old-style
blacklist entries in a scsi_dev_info_list is buggy. The core of the
algorithm looks like this:
if (memcmp(devinfo->vendor, vendor,
min(max, strlen(devinfo->vendor))))
/* not a match */
where max is the length of the device's vendor string after leading
spaces have been removed but trailing spaces have not. Because of the
min() computation, either entry could be a proper substring of the
other and the code would still think that they match.
In the case originally reported, the device's vendor and product
strings were "Inateck " and " ". These matched against
the following entry in the global device list:
{"", "Scanner", "1.80", BLIST_NOLUN}
because "" is a substring of "Inateck " and "" (the result of removing
leading spaces from the device's product string) is a substring of
"Scanner". The mistaken match prevented the system from scanning and
finding the device's second Logical Unit.
This patch fixes the problem by making two changes. First, the code
for leading-space removal is hoisted out of the loop. (This means it
will sometimes run unnecessarily, but since a large percentage of all
lookups involve the "compatible" entries in global device list, this
should be an overall improvement.) Second and more importantly, the
patch removes trailing spaces and adds a check to verify that the two
resulting strings are exactly the same length. This prevents matches
where one entry is a proper substring of the other.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Giulio Bernardi <ugilio@gmail.com>
Tested-by: Giulio Bernardi <ugilio@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
---
drivers/scsi/scsi_devinfo.c | 69 +++++++++++++++++++++++----------------------
1 file changed, 35 insertions(+), 34 deletions(-)
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
index 2f49a224462d..2c1160c7ec92 100644
--- a/drivers/scsi/scsi_devinfo.c
+++ b/drivers/scsi/scsi_devinfo.c
@@ -407,51 +407,52 @@ static struct scsi_dev_info_list *scsi_dev_info_list_find(const char *vendor,
struct scsi_dev_info_list *devinfo;
struct scsi_dev_info_list_table *devinfo_table =
scsi_devinfo_lookup_by_key(key);
+ size_t vmax, mmax;
+ const char *vskip, *mskip;
if (IS_ERR(devinfo_table))
return (struct scsi_dev_info_list *) devinfo_table;
+ /* Prepare for "compatible" matches */
+
+ /*
+ * XXX why skip leading spaces? If an odd INQUIRY
+ * value, that should have been part of the
+ * scsi_static_device_list[] entry, such as " FOO"
+ * rather than "FOO". Since this code is already
+ * here, and we don't know what device it is
+ * trying to work with, leave it as-is.
+ */
+ vmax = 8; /* max length of vendor */
+ vskip = vendor;
+ while (vmax > 0 && *vskip == ' ') {
+ vmax--;
+ vskip++;
+ }
+ /* Also skip trailing spaces */
+ while (vmax > 0 && vskip[vmax - 1] == ' ')
+ --vmax;
+
+ mmax = 16; /* max length of model */
+ mskip = model;
+ while (mmax > 0 && *mskip == ' ') {
+ mmax--;
+ mskip++;
+ }
+ while (mmax > 0 && mskip[mmax - 1] == ' ')
+ --mmax;
+
list_for_each_entry(devinfo, &devinfo_table->scsi_dev_info_list,
dev_info_list) {
if (devinfo->compatible) {
/*
* Behave like the older version of get_device_flags.
*/
- size_t max;
- /*
- * XXX why skip leading spaces? If an odd INQUIRY
- * value, that should have been part of the
- * scsi_static_device_list[] entry, such as " FOO"
- * rather than "FOO". Since this code is already
- * here, and we don't know what device it is
- * trying to work with, leave it as-is.
- */
- max = 8; /* max length of vendor */
- while ((max > 0) && *vendor == ' ') {
- max--;
- vendor++;
- }
- /*
- * XXX removing the following strlen() would be
- * good, using it means that for a an entry not in
- * the list, we scan every byte of every vendor
- * listed in scsi_static_device_list[], and never match
- * a single one (and still have to compare at
- * least the first byte of each vendor).
- */
- if (memcmp(devinfo->vendor, vendor,
- min(max, strlen(devinfo->vendor))))
+ if (memcmp(devinfo->vendor, vskip, vmax) ||
+ devinfo->vendor[vmax])
continue;
- /*
- * Skip spaces again.
- */
- max = 16; /* max length of model */
- while ((max > 0) && *model == ' ') {
- max--;
- model++;
- }
- if (memcmp(devinfo->model, model,
- min(max, strlen(devinfo->model))))
+ if (memcmp(devinfo->model, mskip, mmax) ||
+ devinfo->model[mmax])
continue;
return devinfo;
} else {
--
2.5.0

183
SCSI-refactor-device-matching-code-in-scsi_devinfo.c.patch Normal file
View File

@ -0,0 +1,183 @@
From 26d61e8347b27a981d647d3ea4ec8c7f462c1fcf Mon Sep 17 00:00:00 2001
From: Alan Stern <stern@rowland.harvard.edu>
Date: Mon, 3 Aug 2015 11:57:21 -0400
Subject: [PATCH 1/2] SCSI: refactor device-matching code in scsi_devinfo.c
In drivers/scsi/scsi_devinfo.c, the scsi_dev_info_list_del_keyed() and
scsi_get_device_flags_keyed() routines contain a large amount of
duplicate code for finding vendor/product matches in a
scsi_dev_info_list. This patch factors out the duplicate code and
puts it in a separate function, scsi_dev_info_list_find().
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Suggested-by: Giulio Bernardi <ugilio@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
---
drivers/scsi/scsi_devinfo.c | 112 ++++++++++++++++----------------------------
1 file changed, 41 insertions(+), 71 deletions(-)
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
index 9f77d23239a2..2f49a224462d 100644
--- a/drivers/scsi/scsi_devinfo.c
+++ b/drivers/scsi/scsi_devinfo.c
@@ -390,25 +390,26 @@ int scsi_dev_info_list_add_keyed(int compatible, char *vendor, char *model,
EXPORT_SYMBOL(scsi_dev_info_list_add_keyed);
/**
- * scsi_dev_info_list_del_keyed - remove one dev_info list entry.
+ * scsi_dev_info_list_find - find a matching dev_info list entry.
* @vendor: vendor string
* @model: model (product) string
* @key: specify list to use
*
* Description:
- * Remove and destroy one dev_info entry for @vendor, @model
+ * Finds the first dev_info entry matching @vendor, @model
* in list specified by @key.
*
- * Returns: 0 OK, -error on failure.
+ * Returns: pointer to matching entry, or ERR_PTR on failure.
**/
-int scsi_dev_info_list_del_keyed(char *vendor, char *model, int key)
+static struct scsi_dev_info_list *scsi_dev_info_list_find(const char *vendor,
+ const char *model, int key)
{
- struct scsi_dev_info_list *devinfo, *found = NULL;
+ struct scsi_dev_info_list *devinfo;
struct scsi_dev_info_list_table *devinfo_table =
scsi_devinfo_lookup_by_key(key);
if (IS_ERR(devinfo_table))
- return PTR_ERR(devinfo_table);
+ return (struct scsi_dev_info_list *) devinfo_table;
list_for_each_entry(devinfo, &devinfo_table->scsi_dev_info_list,
dev_info_list) {
@@ -452,25 +453,42 @@ int scsi_dev_info_list_del_keyed(char *vendor, char *model, int key)
if (memcmp(devinfo->model, model,
min(max, strlen(devinfo->model))))
continue;
- found = devinfo;
+ return devinfo;
} else {
if (!memcmp(devinfo->vendor, vendor,
sizeof(devinfo->vendor)) &&
!memcmp(devinfo->model, model,
sizeof(devinfo->model)))
- found = devinfo;
+ return devinfo;
}
- if (found)
- break;
}
- if (found) {
- list_del(&found->dev_info_list);
- kfree(found);
- return 0;
- }
+ return ERR_PTR(-ENOENT);
+}
+
+/**
+ * scsi_dev_info_list_del_keyed - remove one dev_info list entry.
+ * @vendor: vendor string
+ * @model: model (product) string
+ * @key: specify list to use
+ *
+ * Description:
+ * Remove and destroy one dev_info entry for @vendor, @model
+ * in list specified by @key.
+ *
+ * Returns: 0 OK, -error on failure.
+ **/
+int scsi_dev_info_list_del_keyed(char *vendor, char *model, int key)
+{
+ struct scsi_dev_info_list *found;
- return -ENOENT;
+ found = scsi_dev_info_list_find(vendor, model, key);
+ if (IS_ERR(found))
+ return PTR_ERR(found);
+
+ list_del(&found->dev_info_list);
+ kfree(found);
+ return 0;
}
EXPORT_SYMBOL(scsi_dev_info_list_del_keyed);
@@ -565,64 +583,16 @@ int scsi_get_device_flags_keyed(struct scsi_device *sdev,
int key)
{
struct scsi_dev_info_list *devinfo;
- struct scsi_dev_info_list_table *devinfo_table;
+ int err;
- devinfo_table = scsi_devinfo_lookup_by_key(key);
+ devinfo = scsi_dev_info_list_find(vendor, model, key);
+ if (!IS_ERR(devinfo))
+ return devinfo->flags;
- if (IS_ERR(devinfo_table))
- return PTR_ERR(devinfo_table);
+ err = PTR_ERR(devinfo);
+ if (err != -ENOENT)
+ return err;
- list_for_each_entry(devinfo, &devinfo_table->scsi_dev_info_list,
- dev_info_list) {
- if (devinfo->compatible) {
- /*
- * Behave like the older version of get_device_flags.
- */
- size_t max;
- /*
- * XXX why skip leading spaces? If an odd INQUIRY
- * value, that should have been part of the
- * scsi_static_device_list[] entry, such as " FOO"
- * rather than "FOO". Since this code is already
- * here, and we don't know what device it is
- * trying to work with, leave it as-is.
- */
- max = 8; /* max length of vendor */
- while ((max > 0) && *vendor == ' ') {
- max--;
- vendor++;
- }
- /*
- * XXX removing the following strlen() would be
- * good, using it means that for a an entry not in
- * the list, we scan every byte of every vendor
- * listed in scsi_static_device_list[], and never match
- * a single one (and still have to compare at
- * least the first byte of each vendor).
- */
- if (memcmp(devinfo->vendor, vendor,
- min(max, strlen(devinfo->vendor))))
- continue;
- /*
- * Skip spaces again.
- */
- max = 16; /* max length of model */
- while ((max > 0) && *model == ' ') {
- max--;
- model++;
- }
- if (memcmp(devinfo->model, model,
- min(max, strlen(devinfo->model))))
- continue;
- return devinfo->flags;
- } else {
- if (!memcmp(devinfo->vendor, vendor,
- sizeof(devinfo->vendor)) &&
- !memcmp(devinfo->model, model,
- sizeof(devinfo->model)))
- return devinfo->flags;
- }
- }
/* nothing found, return nothing */
if (key != SCSI_DEVINFO_GLOBAL)
return 0;
--
2.5.0

14
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
View File

@ -1,7 +1,8 @@
From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
is restricted
Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
loading is restricted
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
@ -13,10 +14,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 3b8963f21b36..a5ae6a7fef5e 100644
index 739a4a6b3b9b..9ef2a020a7a9 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@
@@ -40,6 +40,7 @@
#include <linux/list.h>
#include <linux/jiffies.h>
#include <linux/semaphore.h>
@ -24,7 +25,7 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
#include <asm/io.h>
#include <asm/uaccess.h>
@@ -255,7 +256,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
@ -33,3 +34,6 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
return acpi_rsdp;
#endif
--
2.4.3

41
alua_fix.patch Normal file
View File

@ -0,0 +1,41 @@
From 221255aee67ec1c752001080aafec0c4e9390d95 Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Tue, 1 Dec 2015 10:16:42 +0100
Subject: scsi: ignore errors from scsi_dh_add_device()
device handler initialisation might fail due to a number of
reasons. But as device_handlers are optional this shouldn't
cause us to disable the device entirely.
So just ignore errors from scsi_dh_add_device().
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---
drivers/scsi/scsi_sysfs.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index fc3cd26..d015374 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -1120,11 +1120,12 @@ int scsi_sysfs_add_sdev(struct scsi_device *sdev)
}
error = scsi_dh_add_device(sdev);
- if (error) {
+ if (error)
+ /*
+ * device_handler is optional, so any error can be ignored
+ */
sdev_printk(KERN_INFO, sdev,
"failed to add device handler: %d\n", error);
- return error;
- }
device_enable_async_suspend(&sdev->sdev_dev);
error = device_add(&sdev->sdev_dev);
--
cgit v0.11.2

21
arm64-acpi-drop-expert-patch.patch Normal file
View File

@ -0,0 +1,21 @@
From: Peter Robinson <pbrobinson@gmail.com>
Date: Sun, 3 May 2015 18:35:23 +0100
Subject: [PATCH] arm64: acpi drop expert patch
---
drivers/acpi/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
index 114cf48085ab..70ba3ef9a37b 100644
--- a/drivers/acpi/Kconfig
+++ b/drivers/acpi/Kconfig
@@ -5,7 +5,7 @@
menuconfig ACPI
bool "ACPI (Advanced Configuration and Power Interface) Support"
depends on !IA64_HP_SIM
- depends on IA64 || X86 || (ARM64 && EXPERT)
+ depends on IA64 || X86 || ARM64
depends on PCI
select PNP
default y

8
asus-wmi-Restrict-debugfs-interface-when-module-load.patch
View File

@ -1,7 +1,8 @@
From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
restricted
Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
loading is restricted
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
@ -48,3 +49,6 @@ index efbc3f0c592b..071171be4b7f 100644
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
1, asus->debug.method_id,
&input, &output);
--
2.4.3

43
block-ensure-to-split-after-potentially-bouncing-a-b.patch Normal file
View File

@ -0,0 +1,43 @@
From 23688bf4f830a89866fd0ed3501e342a7360fe4f Mon Sep 17 00:00:00 2001
From: Junichi Nomura <j-nomura@ce.jp.nec.com>
Date: Tue, 22 Dec 2015 10:23:44 -0700
Subject: [PATCH] block: ensure to split after potentially bouncing a bio
blk_queue_bio() does split then bounce, which makes the segment
counting based on pages before bouncing and could go wrong. Move
the split to after bouncing, like we do for blk-mq, and the we
fix the issue of having the bio count for segments be wrong.
Fixes: 54efd50bfd87 ("block: make generic_make_request handle arbitrarily sized bios")
Cc: stable@vger.kernel.org
Tested-by: Artem S. Tashkinov <t.artem@lycos.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
---
block/blk-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index 3636be469fa2..c487b94c59e3 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1689,8 +1689,6 @@ static blk_qc_t blk_queue_bio(struct request_queue *q, struct bio *bio)
struct request *req;
unsigned int request_count = 0;
- blk_queue_split(q, &bio, q->bio_split);
-
/*
* low level driver can indicate that it wants pages above a
* certain limit bounced to low memory (ie for highmem, or even
@@ -1698,6 +1696,8 @@ static blk_qc_t blk_queue_bio(struct request_queue *q, struct bio *bio)
*/
blk_queue_bounce(q, &bio);
+ blk_queue_split(q, &bio, q->bio_split);
+
if (bio_integrity_enabled(bio) && bio_integrity_prep(bio)) {
bio->bi_error = -EIO;
bio_endio(bio);
--
2.5.0

66
btrfs-handle-invalid-num_stripes-in-sys_array.patch Normal file
View File

@ -0,0 +1,66 @@
From 43d10880aa4ac713cf73dbac428be9671ef1bf9d Mon Sep 17 00:00:00 2001
From: David Sterba <dsterba@suse.com>
Date: Mon, 30 Nov 2015 17:27:06 +0100
Subject: [PATCH 1/2] btrfs: handle invalid num_stripes in sys_array
We can handle the special case of num_stripes == 0 directly inside
btrfs_read_sys_array. The BUG_ON in btrfs_chunk_item_size is there to
catch other unhandled cases where we fail to validate external data.
A crafted or corrupted image crashes at mount time:
BTRFS: device fsid 9006933e-2a9a-44f0-917f-514252aeec2c devid 1 transid 7 /dev/loop0
BTRFS info (device loop0): disk space caching is enabled
BUG: failure at fs/btrfs/ctree.h:337/btrfs_chunk_item_size()!
Kernel panic - not syncing: BUG!
CPU: 0 PID: 313 Comm: mount Not tainted 4.2.5-00657-ge047887-dirty #25
Stack:
637af890 60062489 602aeb2e 604192ba
60387961 00000011 637af8a0 6038a835
637af9c0 6038776b 634ef32b 00000000
Call Trace:
[<6001c86d>] show_stack+0xfe/0x15b
[<6038a835>] dump_stack+0x2a/0x2c
[<6038776b>] panic+0x13e/0x2b3
[<6020f099>] btrfs_read_sys_array+0x25d/0x2ff
[<601cfbbe>] open_ctree+0x192d/0x27af
[<6019c2c1>] btrfs_mount+0x8f5/0xb9a
[<600bc9a7>] mount_fs+0x11/0xf3
[<600d5167>] vfs_kern_mount+0x75/0x11a
[<6019bcb0>] btrfs_mount+0x2e4/0xb9a
[<600bc9a7>] mount_fs+0x11/0xf3
[<600d5167>] vfs_kern_mount+0x75/0x11a
[<600d710b>] do_mount+0xa35/0xbc9
[<600d7557>] SyS_mount+0x95/0xc8
[<6001e884>] handle_syscall+0x6b/0x8e
Reported-by: Jiri Slaby <jslaby@suse.com>
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
CC: stable@vger.kernel.org # 3.19+
Signed-off-by: David Sterba <dsterba@suse.com>
---
fs/btrfs/volumes.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 6fc735869c18..b816b3a2e118 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -6399,6 +6399,14 @@ int btrfs_read_sys_array(struct btrfs_root *root)
goto out_short_read;
num_stripes = btrfs_chunk_num_stripes(sb, chunk);
+ if (!num_stripes) {
+ printk(KERN_ERR
+ "BTRFS: invalid number of stripes %u in sys_array at offset %u\n",
+ num_stripes, cur_offset);
+ ret = -EIO;
+ break;
+ }
+
len = btrfs_chunk_item_size(num_stripes);
if (cur_offset + len > array_size)
goto out_short_read;
--
2.5.0

29
config-arm-generic
View File

@ -40,6 +40,8 @@ CONFIG_FB_SIMPLE=y
CONFIG_HAVE_PERF_REGS=y
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
CONFIG_ARM_PMU=y
# ARM AMBA generic HW
CONFIG_ARM_AMBA=y
CONFIG_KERNEL_MODE_NEON=y
@ -64,6 +66,17 @@ CONFIG_RTC_DRV_PL031=y
CONFIG_PL330_DMA=m
CONFIG_GPIO_PL061=y
CONFIG_USB_ISP1760=m
CONFIG_ARM_PL172_MPMC=m
# HW crypto and rng
CONFIG_ARM_CRYPTO=y
CONFIG_CRYPTO_AES_ARM=y
CONFIG_CRYPTO_AES_ARM_BS=y
CONFIG_CRYPTO_SHA1_ARM=y
CONFIG_CRYPTO_SHA256_ARM=y
CONFIG_CRYPTO_SHA1_ARM_NEON=y
CONFIG_CRYPTO_SHA512_ARM_NEON=y
CONFIG_CRYPTO_SHA512_ARM=y
# ARM VExpress
CONFIG_ARCH_VEXPRESS=y
@ -106,6 +119,8 @@ CONFIG_OF_NET=y
CONFIG_OF_OVERLAY=y
CONFIG_OF_PCI_IRQ=m
CONFIG_OF_PCI=m
# CONFIG_PCI_HOST_GENERIC is not set
# CONFIG_PCIE_IPROC is not set
CONFIG_OF_RESERVED_MEM=y
CONFIG_OF_RESOLVE=y
CONFIG_PM_GENERIC_DOMAINS_OF=y
@ -122,15 +137,6 @@ CONFIG_MAILBOX=y
CONFIG_ARM_MHU=m
# CONFIG_PL320_MBOX is not set
# HW crypto and rng
CONFIG_ARM_CRYPTO=y
CONFIG_CRYPTO_AES_ARM=m
# CONFIG_CRYPTO_AES_ARM_BS is not set
CONFIG_CRYPTO_SHA1_ARM=m
CONFIG_CRYPTO_SHA256_ARM=m
CONFIG_CRYPTO_SHA1_ARM_NEON=m
CONFIG_CRYPTO_SHA512_ARM_NEON=m
CONFIG_CRYPTO_SHA512_ARM=m
# USB
CONFIG_USB_OHCI_HCD_PLATFORM=m
CONFIG_USB_EHCI_HCD_PLATFORM=m
@ -213,6 +219,7 @@ CONFIG_I2C_MUX_GPIO=m
CONFIG_I2C_MUX_PINCTRL=m
CONFIG_I2C_MUX_PCA9541=m
CONFIG_I2C_MUX_PCA954x=m
CONFIG_I2C_MUX_REG=m
# spi
CONFIG_SPI_PL022=m
@ -280,6 +287,7 @@ CONFIG_VFIO_AMBA=m
# CONFIG_KEYBOARD_OMAP4 is not set
# CONFIG_KEYBOARD_BCM is not set
# CONFIG_PHY_SAMSUNG_USB2 is not set
# CONFIG_OMAP_GPMC_DEBUG is not set
### turn off things which make no sense on embedded SoC
@ -349,3 +357,6 @@ CONFIG_VFIO_AMBA=m
# CONFIG_BMP085_SPI is not set
# CONFIG_TI_DAC7512 is not set
# CONFIG_SPI_ROCKCHIP is not set
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
CONFIG_CHECKPOINT_RESTORE=y

26
config-arm64
View File

@ -18,6 +18,10 @@ CONFIG_ARCH_XGENE=y
# CONFIG_ARCH_QCOM is not set
# CONFIG_ARCH_SPRD is not set
# CONFIG_ARCH_ZYNQMP is not set
# CONFIG_ARCH_BCM_IPROC is not set
# CONFIG_ARCH_BERLIN is not set
# CONFIG_ARCH_ROCKCHIP is not set
# Erratum
CONFIG_ARM64_ERRATUM_826319=y
@ -36,7 +40,10 @@ CONFIG_ARM_SMMU_V3=y
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
CONFIG_ARCH_REQUIRE_GPIOLIB=y
CONFIG_ARM64_64K_PAGES=y
# CONFIG_COMPAT is not set
CONFIG_ARM64_HW_AFDBM=y
CONFIG_ARM64_PAN=y
CONFIG_ARM64_LSE_ATOMICS=y
CONFIG_BCMA_POSSIBLE=y
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
@ -83,13 +90,13 @@ CONFIG_ACPI_NFIT=m
CONFIG_PCC=y
CONFIG_ARM64_CRYPTO=y
CONFIG_CRYPTO_SHA1_ARM64_CE=m
CONFIG_CRYPTO_SHA2_ARM64_CE=m
CONFIG_CRYPTO_SHA1_ARM64_CE=y
CONFIG_CRYPTO_SHA2_ARM64_CE=y
CONFIG_CRYPTO_GHASH_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
CONFIG_CRYPTO_AES_ARM64_CE=y
CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y
CONFIG_CRYPTO_CRC32_ARM64=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
@ -138,6 +145,10 @@ CONFIG_AMD_XGBE_PHY=m
# HiSilicon
CONFIG_POWER_RESET_HISI=y
CONFIG_HISI_THERMAL=m
CONFIG_STUB_CLK_HI6220=y
# ThunderX
# CONFIG_MDIO_OCTEON is not set
CONFIG_NET_VENDOR_MELLANOX=y
CONFIG_MLX4_EN=m
@ -165,3 +176,4 @@ CONFIG_ND_BLK=m
CONFIG_DEBUG_SECTION_MISMATCH=y
# CONFIG_FSL_MC_BUS is not set
# CONFIG_FUJITSU_ES is not set

16
config-armv7
View File

@ -25,8 +25,6 @@ CONFIG_SOC_OMAP3430=y
CONFIG_SOC_TI81XX=y
# CONFIG_MACH_NOKIA_RX51 is not set
# CONFIG_MACH_OMAP_LDP is not set
# CONFIG_MACH_OMAP3530_LV_SOM is not set
# CONFIG_MACH_OMAP3_TORPEDO is not set
# CONFIG_MACH_OMAP3517EVM is not set
# CONFIG_MACH_OMAP3_PANDORA is not set
@ -284,6 +282,7 @@ CONFIG_PINCTRL_MSM8960=m
CONFIG_PINCTRL_MSM8X74=m
CONFIG_PINCTRL_MSM8916=m
CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
CONFIG_PINCTRL_QCOM_SSBI_PMIC=m
CONFIG_COMMON_CLK_QCOM=m
# CONFIG_MSM_GCC_8916 is not set
# CONFIG_IPQ_LCC_806X is not set
@ -339,6 +338,13 @@ CONFIG_SND_SOC_LPASS_PLATFORM=m
CONFIG_SND_SOC_STORM=m
CONFIG_PHY_QCOM_UFS=m
CONFIG_HWSPINLOCK_QCOM=m
CONFIG_QCOM_COINCELL=m
CONFIG_USB_QCOM_8X16_PHY=m
CONFIG_QCOM_SMD=m
CONFIG_QCOM_SMD_RPM=m
CONFIG_QCOM_SMEM=m
CONFIG_REGULATOR_QCOM_SMD_RPM=m
# CONFIG_QCOM_SMEM is not set
# i.MX
# CONFIG_MXC_DEBUG_BOARD is not set
@ -348,6 +354,7 @@ CONFIG_SOC_IMX53=y
CONFIG_SOC_IMX6Q=y
CONFIG_SOC_IMX6SL=y
CONFIG_SOC_IMX6SX=y
CONFIG_SOC_IMX6UL=y
CONFIG_SOC_IMX7D=y
# CONFIG_SOC_LS1021A is not set
# CONFIG_SOC_VF610 is not set
@ -371,6 +378,7 @@ CONFIG_NET_VENDOR_FREESCALE=y
CONFIG_FEC=m
# CONFIG_FSL_PQ_MDIO is not set
# CONFIG_FSL_XGMAC_MDIO is not set
CONFIG_KEYBOARD_SNVS_PWRKEY=m
CONFIG_KEYBOARD_IMX=m
CONFIG_KEYBOARD_STMPE=m
CONFIG_TOUCHSCREEN_STMPE=m
@ -404,6 +412,7 @@ CONFIG_RTC_DRV_SNVS=m
CONFIG_FB_MXS=m
# CONFIG_FB_MX3 is not set
# CONFIG_FB_IMX is not set
CONFIG_TOUCHSCREEN_IMX6UL_TSC=m
CONFIG_SND_IMX_SOC=m
CONFIG_SND_SOC_FSL_ASOC_CARD=m
@ -493,8 +502,6 @@ CONFIG_ARCH_EXYNOS4=y
CONFIG_SOC_EXYNOS4212=y
CONFIG_SOC_EXYNOS4412=y
CONFIG_SOC_EXYNOS4415=y
CONFIG_ARM_EXYNOS4210_CPUFREQ=y
CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
CONFIG_AK8975=m
CONFIG_CM36651=m
CONFIG_KEYBOARD_SAMSUNG=m
@ -620,6 +627,7 @@ CONFIG_CADENCE_WATCHDOG=m
CONFIG_REGULATOR_ISL9305=m
CONFIG_EDAC_SYNOPSYS=m
CONFIG_PINCTRL_ZYNQ=y
CONFIG_AXI_DMAC=m
# Multi function devices
CONFIG_MFD_88PM800=m

19
config-armv7-generic
View File

@ -33,6 +33,7 @@ CONFIG_XZ_DEC_ARMTHUMB=y
CONFIG_ARCH_HAS_TICK_BROADCAST=y
CONFIG_IRQ_CROSSBAR=y
CONFIG_IOMMU_IO_PGTABLE_LPAE=y
CONFIG_CPU_SW_DOMAIN_PAN=y
# CONFIG_MCPM is not set
# CONFIG_OABI_COMPAT is not set
@ -141,7 +142,6 @@ CONFIG_XZ_DEC_ARM=y
CONFIG_PCI_HOST_GENERIC=y
# CONFIG_PCI_LAYERSCAPE is not set
# CONFIG_PCIE_IPROC is not set
# Do NOT enable this, it breaks stuff and makes things go slow
# CONFIG_UACCESS_WITH_MEMCPY is not set
@ -183,6 +183,7 @@ CONFIG_MACH_SUN7I=y
CONFIG_MACH_SUN8I=y
# CONFIG_MACH_SUN9I is not set
CONFIG_SUNXI_SRAM=y
CONFIG_DMA_SUN4I=m
CONFIG_DMA_SUN6I=m
CONFIG_SUNXI_WATCHDOG=m
CONFIG_NET_VENDOR_ALLWINNER=y
@ -215,6 +216,8 @@ CONFIG_MTD_NAND_SUNXI=m
CONFIG_SERIO_SUN4I_PS2=m
CONFIG_KEYBOARD_SUN4I_LRADC=m
CONFIG_PWM_SUN4I=m
CONFIG_USB_MUSB_SUNXI=m
CONFIG_CRYPTO_DEV_SUN4I_SS=m
# Exynos
CONFIG_ARCH_EXYNOS3=y
@ -229,8 +232,6 @@ CONFIG_SOC_EXYNOS5410=y
CONFIG_SOC_EXYNOS5800=y
CONFIG_SERIAL_SAMSUNG=y
CONFIG_SERIAL_SAMSUNG_CONSOLE=y
CONFIG_ARM_EXYNOS_CPUFREQ=m
CONFIG_ARM_EXYNOS5250_CPUFREQ=y
CONFIG_ARM_EXYNOS5440_CPUFREQ=m
CONFIG_ARM_EXYNOS_CPU_FREQ_BOOST_SW=y
# CONFIG_ARM_EXYNOS_CPUIDLE is not set
@ -352,6 +353,9 @@ CONFIG_DRM_ROCKCHIP=m
CONFIG_ROCKCHIP_DW_HDMI=m
CONFIG_PHY_ROCKCHIP_USB=m
CONFIG_DWMAC_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
CONFIG_SND_SOC_ROCKCHIP_RT5645=m
CONFIG_REGULATOR_ACT8865=m
# Tegra
CONFIG_ARCH_TEGRA_114_SOC=y
@ -393,6 +397,8 @@ CONFIG_TEGRA_SOCTHERM=m
CONFIG_TEGRA_MC=y
CONFIG_TEGRA124_EMC=y
CONFIG_ARM_TEGRA_DEVFREQ=m
# CONFIG_ARM_TEGRA20_CPUFREQ is not set
CONFIG_ARM_TEGRA124_CPUFREQ=m
# Jetson TK1
CONFIG_PINCTRL_AS3722=y
@ -457,6 +463,7 @@ CONFIG_COMMON_CLK_SI5351=m
CONFIG_RTC_DRV_ARMADA38X=m
# CONFIG_CACHE_FEROCEON_L2 is not set
# CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
CONFIG_LEDS_NS2=m
# DRM panels
CONFIG_DRM_PANEL=y
@ -464,6 +471,9 @@ CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_DRM_PANEL_LD9040=m
CONFIG_DRM_PANEL_S6E8AA0=m
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
CONFIG_DRM_PANEL_LG_LG4573=m
CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
CONFIG_DRM_DW_HDMI=m
# regmap
@ -718,6 +728,7 @@ CONFIG_REGULATOR_DA9211=m
CONFIG_REGULATOR_ISL9305=m
CONFIG_REGULATOR_MAX77802=m
CONFIG_REGULATOR_PWM=m
# CONFIG_REGULATOR_MT6311 is not set
CONFIG_SENSORS_LTC2978_REGULATOR=y
CONFIG_POWER_AVS=y
@ -748,6 +759,7 @@ CONFIG_SENSORS_ISL29028=m
CONFIG_SENSORS_LIS3_SPI=m
CONFIG_SENSORS_LM70=m
CONFIG_SENSORS_MAX1111=m
CONFIG_MPL3115=m
CONFIG_SI7005=m
CONFIG_SI7020=m
@ -856,6 +868,7 @@ CONFIG_R8188EU=m
# CONFIG_DRM_TILCDC is not set
# CONFIG_DRM_IMX is not set
# CONFIG_DRM_STI is not set
# CONFIG_DRM_FSL_DCU is not set
# CONFIG_AHCI_IMX is not set
# CONFIG_IMX_THERMAL is not set
# CONFIG_TI_DAC7512 is not set

1
config-armv7-lpae
View File

@ -12,6 +12,7 @@ CONFIG_ARCH_KEYSTONE=y
# CONFIG_ARCH_AXXIA is not set
CONFIG_ARM_LPAE=y
# CONFIG_CPU_SW_DOMAIN_PAN is not set
CONFIG_SYS_SUPPORTS_HUGETLBFS=y
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
CONFIG_ARM_VIRT_EXT=y

2
config-debug
View File

@ -90,7 +90,7 @@ CONFIG_RTLWIFI_DEBUG=y
CONFIG_DEBUG_OBJECTS_WORK=y
CONFIG_DMADEVICES_DEBUG=y
CONFIG_DMADEVICES_VDEBUG=y
# CONFIG_DMADEVICES_VDEBUG is not set
CONFIG_PM_ADVANCED_DEBUG=y

84
config-generic
View File

@ -51,8 +51,10 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_FUTEX=y
# CONFIG_FAIL_FUTEX is not set
CONFIG_EPOLL=y
CONFIG_BPF_SYSCALL=y
CONFIG_USERFAULTFD=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
@ -67,6 +69,7 @@ CONFIG_NET_NS=y
CONFIG_USER_NS=y
CONFIG_POSIX_MQUEUE=y
CONFIG_KDBUS=m
# CONFIG_PREEMPT_NONE is not set
CONFIG_PREEMPT_VOLUNTARY=y
# CONFIG_PREEMPT is not set
@ -143,6 +146,8 @@ CONFIG_MMC_TIFM_SD=m
CONFIG_MMC_WBSD=m
CONFIG_MMC_VIA_SDMMC=m
CONFIG_MMC_SDHCI_PLTFM=m
# CONFIG_MMC_SDHCI_OF is not set
# CONFIG_MMC_SDHCI_OF_AT91 is not set
CONFIG_MMC_CB710=m
CONFIG_MMC_RICOH_MMC=y
CONFIG_MMC_USHC=m
@ -172,10 +177,12 @@ CONFIG_INFINIBAND_SRPT=m
CONFIG_INFINIBAND_USER_MAD=m
CONFIG_INFINIBAND_USER_ACCESS=m
CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
CONFIG_INFINIBAND_IPATH=m
# Deprecated and moved to staging
# CONFIG_INFINIBAND_IPATH is not set
CONFIG_INFINIBAND_ISER=m
CONFIG_INFINIBAND_ISERT=m
CONFIG_INFINIBAND_AMSO1100=m
# Deprecated and moved to staging
# CONFIG_INFINIBAND_AMSO1100 is not set
# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
CONFIG_INFINIBAND_CXGB3=m
CONFIG_INFINIBAND_CXGB4=m
@ -320,6 +327,8 @@ CONFIG_MTD_CFI_I2=y
# CONFIG_MTD_NAND_ECC_BCH is not set
# CONFIG_MTD_NAND_DISKONCHIP is not set
# CONFIG_MTD_NAND_HISI504 is not set
# CONFIG_MTD_NAND_DENALI_PCI is not set
# CONFIG_MTD_NAND_DENALI_DT is not set
# CONFIG_MTD_LPDDR is not set
CONFIG_MTD_UBI=m
CONFIG_MTD_UBI_WL_THRESHOLD=4096
@ -349,6 +358,7 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
# CONFIG_ND_BLK is not set
# CONFIG_BTT is not set
# CONFIG_NVMEM is not set
#
# Block devices
@ -382,6 +392,7 @@ CONFIG_BLK_DEV_RAM_SIZE=16384
CONFIG_BLK_DEV_PMEM=m
CONFIG_BLK_DEV_INITRD=y
CONFIG_BLK_DEV_IO_TRACE=y
CONFIG_BLK_DEV_RAM_DAX=y
CONFIG_BLK_DEV_BSG=y
CONFIG_BLK_DEV_BSGLIB=y
@ -818,6 +829,7 @@ CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_FO=m
CONFIG_IP_VS_OVF=m
CONFIG_IP_VS_IPV6=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
@ -846,6 +858,7 @@ CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_MIP6=y
CONFIG_IPV6_ILA=m
CONFIG_IPV6_VTI=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=y
@ -1073,8 +1086,12 @@ CONFIG_NFT_REJECT=m
CONFIG_NFT_COMPAT=m
CONFIG_NF_TABLES_IPV4=m
CONFIG_NF_DUP_IPV4=m
CONFIG_NF_DUP_IPV6=m
CONFIG_NF_REJECT_IPV6=m
CONFIG_NFT_REJECT_IPV4=m
CONFIG_NFT_DUP_IPV4=m
CONFIG_NFT_DUP_IPV6=m
CONFIG_NFT_CHAIN_ROUTE_IPV4=m
CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NF_TABLES_ARP=m
@ -1262,6 +1279,7 @@ CONFIG_BATMAN_ADV_MCAST=y
# CONFIG_BATMAN_ADV_DEBUG is not set
CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_CONNTRACK=y
CONFIG_OPENVSWITCH_GRE=y
CONFIG_OPENVSWITCH_VXLAN=y
CONFIG_OPENVSWITCH_GENEVE=y
@ -1300,6 +1318,7 @@ CONFIG_TUN=m
# CONFIG_TUN_VNET_CROSS_LE is not set
CONFIG_VETH=m
CONFIG_NLMON=m
CONFIG_NET_VRF=m
#
# ATM
@ -1353,6 +1372,8 @@ CONFIG_L2TP_ETH=m
# CONFIG_CAIF is not set
CONFIG_LWTUNNEL=y
CONFIG_RFKILL=m
CONFIG_RFKILL_GPIO=m
CONFIG_RFKILL_INPUT=y
@ -1574,6 +1595,9 @@ CONFIG_SUNGEM=m
CONFIG_CASSINI=m
CONFIG_NIU=m
# CONFIG_NET_VENDOR_SYNOPSYS is not set
# CONFIG_SYNOPSYS_DWC_ETH_QOS is not set
CONFIG_NET_VENDOR_TEHUTI=y
CONFIG_TEHUTI=m
@ -1600,6 +1624,7 @@ CONFIG_BCM87XX_PHY=m
CONFIG_CICADA_PHY=m
CONFIG_DAVICOM_PHY=m
CONFIG_DP83640_PHY=m
CONFIG_MICROCHIP_PHY=m
CONFIG_FIXED_PHY=y
CONFIG_MDIO_BITBANG=m
CONFIG_MDIO_BCM_UNIMAC=m
@ -1617,7 +1642,10 @@ CONFIG_STE10XP=m
CONFIG_VITESSE_PHY=m
CONFIG_MICREL_PHY=m
CONFIG_DP83867_PHY=m
CONFIG_DP83848_PHY=m
# CONFIG_MICREL_KS8995MA is not set
CONFIG_AQUANTIA_PHY=m
CONFIG_TERANETICS_PHY=m
CONFIG_MII=m
CONFIG_NET_CORE=y
@ -1632,6 +1660,7 @@ CONFIG_BCMGENET=m
CONFIG_BNX2=m
CONFIG_BNX2X=m
CONFIG_BNX2X_SRIOV=y
CONFIG_BNX2X_VXLAN=y
CONFIG_CNIC=m
CONFIG_FEALNX=m
CONFIG_ETHOC=m
@ -1649,6 +1678,7 @@ CONFIG_JME=m
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_EN_VXLAN is not set
# CONFIG_MLX5_CORE is not set
# CONFIG_MLXSW_CORE is not set
# CONFIG_SFC is not set
# CONFIG_FDDI is not set
@ -1861,6 +1891,7 @@ CONFIG_USB_NET_RNDIS_WLAN=m
CONFIG_USB_NET_KALMIA=m
CONFIG_USB_NET_QMI_WWAN=m
CONFIG_USB_NET_SMSC75XX=m
CONFIG_USB_NET_CH9200=m
# CONFIG_WL_TI is not set
CONFIG_ZD1211RW=m
# CONFIG_ZD1211RW_DEBUG is not set
@ -1893,14 +1924,15 @@ CONFIG_IEEE802154_SOCKET=m
CONFIG_IEEE802154_6LOWPAN=m
CONFIG_IEEE802154_DRIVERS=m
CONFIG_IEEE802154_FAKELB=m
CONFIG_IEEE802154_ATUSB=m
CONFIG_IEEE802154_CC2520=m
# CONFIG_IEEE802154_AT86RF230 is not set
# CONFIG_IEEE802154_MRF24J40 is not set
CONFIG_IEEE802154_ATUSB=m
CONFIG_MAC802154=m
CONFIG_NET_MPLS_GSO=m
CONFIG_MPLS_ROUTING=m
CONFIG_MPLS_IPTUNNEL=m
CONFIG_NET_SWITCHDEV=y
@ -2017,6 +2049,7 @@ CONFIG_NFC_ST21NFCA_I2C=m
# CONFIG_NFC_NCI_SPI is not set
# CONFIG_NFC_NCI_UART is not set
# CONFIG_NFC_ST_NCI is not set
# CONFIG_NFC_S3FWRN5_I2C is not set
#
@ -2062,6 +2095,7 @@ CONFIG_WINBOND_FIR=m
#
CONFIG_BT=m
CONFIG_BT_BREDR=y
CONFIG_BT_HS=y
CONFIG_BT_LE=y
CONFIG_BT_6LOWPAN=m
# CONFIG_BT_SELFTEST is not set
@ -2090,6 +2124,7 @@ CONFIG_BT_HCIUART_ATH3K=y
CONFIG_BT_HCIUART_3WIRE=y
CONFIG_BT_HCIUART_INTEL=y
CONFIG_BT_HCIUART_BCM=y
CONFIG_BT_HCIUART_QCA=y
CONFIG_BT_HCIDTL1=m
CONFIG_BT_HCIBT3C=m
CONFIG_BT_HCIBLUECARD=m
@ -2103,6 +2138,7 @@ CONFIG_BT_HCIUART_LL=y
CONFIG_BT_MRVL=m
CONFIG_BT_MRVL_SDIO=m
CONFIG_BT_ATH3K=m
CONFIG_BT_QCA=m
CONFIG_BT_WILINK=m
#
@ -2420,6 +2456,7 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
# CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set
# CONFIG_TOUCHSCREEN_SX8654 is not set
# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
CONFIG_INPUT_MISC=y
CONFIG_INPUT_E3X0_BUTTON=m
@ -2483,7 +2520,7 @@ CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_SERIAL_8250_CS=m
CONFIG_SERIAL_8250_NR_UARTS=32
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
CONFIG_SERIAL_8250_RUNTIME_UARTS=32
CONFIG_SERIAL_8250_EXTENDED=y
CONFIG_SERIAL_8250_MANY_PORTS=y
CONFIG_SERIAL_8250_SHARE_IRQ=y
@ -2503,6 +2540,7 @@ CONFIG_SERIAL_JSM=m
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
# CONFIG_SERIAL_ALTERA_UART is not set
# CONFIG_SERIAL_UARTLITE is not set
#
# Non-8250 serial port support
@ -2542,6 +2580,7 @@ CONFIG_I2C_CHARDEV=m
# CONFIG_I2C_MUX_GPIO is not set
# CONFIG_I2C_MUX_PCA9541 is not set
# CONFIG_I2C_MUX_PINCTRL is not set
# CONFIG_I2C_MUX_REG is not set
#
#
@ -2570,6 +2609,7 @@ CONFIG_I2C_ALGOPCA=m
# CONFIG_I2C_NFORCE2_S4985 is not set
# CONFIG_I2C_EG20T is not set
# CONFIG_I2C_CBUS_GPIO is not set
# CONFIG_I2C_EMEV2 is not set
CONFIG_I2C_VIPERBOARD=m
CONFIG_EEPROM_AT24=m
@ -2761,6 +2801,7 @@ CONFIG_SENSORS_AD7314=m
CONFIG_PMBUS=m
CONFIG_SENSORS_PMBUS=m
CONFIG_SENSORS_MAX16064=m
CONFIG_SENSORS_MAX20751=m
CONFIG_SENSORS_LM25066=m
CONFIG_SENSORS_LTC2978=m
CONFIG_SENSORS_MAX34440=m
@ -2788,7 +2829,7 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m
# CONFIG_AD5380 is not set
# CONFIG_AD5064 is not set
# CONFIG_BMA180 is not set
# CONFIG_BMC150_ACCEL is not set
CONFIG_BMC150_ACCEL=m
# CONFIG_MAX1363 is not set
# CONFIG_MAX517 is not set
# CONFIG_MAX5821 is not set
@ -2882,6 +2923,9 @@ CONFIG_ACPI_ALS=m
CONFIG_KXCJK1013=m
# CONFIG_ISL29125 is not set
# CONFIG_JSA1212 is not set
CONFIG_RPR0521=m
CONFIG_OPT3001=m
CONFIG_PA12203001=m
# CONFIG_TCS3414 is not set
# CONFIG_AK09911 is not set
# CONFIG_T5403 is not set
@ -3106,6 +3150,7 @@ CONFIG_RTC_DRV_PCF85063=m
# CONFIG_RTC_DRV_ISL12057 is not set
# CONFIG_RTC_DRV_XGENE is not set
# CONFIG_RTC_DRV_ABB5ZES3 is not set
# CONFIG_RTC_DRV_ZYNQMP is not set
CONFIG_R3964=m
# CONFIG_APPLICOM is not set
@ -3131,6 +3176,7 @@ CONFIG_VGA_ARB_MAX_GPUS=16
CONFIG_DRM=m
CONFIG_DRM_FBDEV_EMULATION=y
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
CONFIG_DRM_AST=m # do not enable on f17 or older
CONFIG_DRM_CIRRUS_QEMU=m # do not enable on f17 or older
@ -3159,6 +3205,8 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
CONFIG_DRM_I2C_ADV7511=m
CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
# CONFIG_DRM_NXP_PTN3460 is not set
# CONFIG_DRM_PARADE_PS8622 is not set
CONFIG_DRM_I2C_NXP_TDA998X=m
CONFIG_DRM_UDL=m
CONFIG_DRM_VMWGFX=m
@ -3171,6 +3219,7 @@ CONFIG_DRM_PS8622=m
# CONFIG_DRM_PANEL is not set
# CONFIG_DRM_PANEL_SIMPLE is not set
# CONFIG_DRM_PANEL_S6E8AA0 is not set
# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set
CONFIG_DRM_VGEM=m
#
@ -3342,6 +3391,7 @@ CONFIG_DVB_FIREDTV=m
CONFIG_DVB_NGENE=m
CONFIG_DVB_DDBRIDGE=m
CONFIG_DVB_SMIPCIE=m
CONFIG_DVB_NETUP_UNIDVB=m
CONFIG_DVB_USB_TECHNISAT_USB2=m
CONFIG_DVB_USB_V2=m
@ -3443,6 +3493,7 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
# CONFIG_VIDEO_SH_VEU is not set
# CONFIG_VIDEO_RENESAS_VSP1 is not set
# CONFIG_V4L_TEST_DRIVERS is not set
# CONFIG_DVB_PLATFORM_DRIVERS is not set
#
# Broadcom Crystal HD video decoder driver
@ -3525,6 +3576,7 @@ CONFIG_FB_EFI=y
# CONFIG_FB_UDL is not set
# CONFIG_FB_GOLDFISH is not set
# CONFIG_FB_OPENCORES is not set
# CONFIG_FB_SM712 is not set
# CONFIG_FIRMWARE_EDID is not set
@ -3765,6 +3817,7 @@ CONFIG_USB_SL811_HCD_ISO=y
# CONFIG_USB_SL811_CS is not set
# CONFIG_USB_R8A66597_HCD is not set
CONFIG_USB_XHCI_HCD=y
# CONFIG_USB_XHCI_PLATFORM is not set
# CONFIG_USB_MAX3421_HCD is not set
#
@ -3873,6 +3926,7 @@ CONFIG_HID_EMS_FF=m
CONFIG_HID_ELECOM=m
CONFIG_HID_ELO=m
CONFIG_HID_EZKEY=m
CONFIG_HID_GEMBIRD=m
CONFIG_HID_UCLOGIC=m
CONFIG_HID_WALTOP=m
CONFIG_HID_ACRUX=m
@ -3976,6 +4030,7 @@ CONFIG_USB_KAWETH=m
CONFIG_USB_PEGASUS=m
CONFIG_USB_RTL8150=m
CONFIG_USB_RTL8152=m
CONFIG_USB_LAN78XX=m
CONFIG_USB_USBNET=m
CONFIG_USB_SPEEDTOUCH=m
CONFIG_USB_NET_AX8817X=m
@ -4260,6 +4315,7 @@ CONFIG_MFD_VIPERBOARD=m
# CONFIG_MFD_RT5033 is not set
# CONFIG_MFD_SKY81452 is not set
# CONFIG_MFD_MAX77843 is not set
# CONFIG_MFD_DA9062 is not set
# CONFIG_EZX_PCAP is not set
# CONFIG_INTEL_SOC_PMIC is not set
@ -4273,7 +4329,7 @@ CONFIG_MISC_FILESYSTEMS=y
# CONFIG_EXT2_FS is not set
# CONFIG_EXT3_FS is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_USE_FOR_EXT23=y
CONFIG_EXT4_USE_FOR_EXT2=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
# CONFIG_EXT4_ENCRYPTION is not set
@ -4310,7 +4366,7 @@ CONFIG_AUTOFS4_FS=y
# CONFIG_EXOFS_FS is not set
# CONFIG_EXOFS_DEBUG is not set
CONFIG_NILFS2_FS=m
# CONFIG_FS_DAX is not set
CONFIG_FS_DAX=y
# CONFIG_LOGFS is not set
CONFIG_CEPH_FS=m
CONFIG_CEPH_FSCACHE=y
@ -4609,6 +4665,7 @@ CONFIG_HEADERS_CHECK=y
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
# CONFIG_DEBUG_LOCKDEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
# CONFIG_STATIC_KEYS_SELFTEST is not set
# DEBUG options that don't get enabled/disabled with 'make debug/release'
@ -4846,6 +4903,7 @@ CONFIG_BACKLIGHT_LP855X=m
# CONFIG_BACKLIGHT_GPIO is not set
# CONFIG_BACKLIGHT_LV5207LP is not set
# CONFIG_BACKLIGHT_BD6107 is not set
# CONFIG_BACKLIGHT_PM8941_WLED is not set
CONFIG_LCD_CLASS_DEVICE=m
CONFIG_LCD_PLATFORM=m
@ -4879,6 +4937,7 @@ CONFIG_CGROUPS=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_SCHED=y
CONFIG_MEMCG=y
CONFIG_MEMCG_SWAP=y
@ -5065,6 +5124,10 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
# CONFIG_SND_SOC_TS3A227E is not set
# CONFIG_SND_SOC_XTFPGA_I2S is not set
# CONFIG_SND_SOC_STA32X is not set
# CONFIG_SND_SOC_CS4349 is not set
# CONFIG_SND_SOC_GTM601 is not set
# CONFIG_SND_SOC_STI_SAS is not set
#
CONFIG_BALLOON_COMPACTION=y
CONFIG_COMPACTION=y
@ -5128,6 +5191,7 @@ CONFIG_DMA_ENGINE=y
CONFIG_DW_DMAC_CORE=m
CONFIG_DW_DMAC=m
CONFIG_DW_DMAC_PCI=m
# CONFIG_IDMA64 is not set
# CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set
# CONFIG_TIMB_DMA is not set
# CONFIG_DMATEST is not set
@ -5353,6 +5417,7 @@ CONFIG_STAGING_MEDIA=y
# CONFIG_I2C_BCM2048 is not set
# CONFIG_DT3155 is not set
# CONFIG_PRISM2_USB is not set
# CONFIG_MOST is not set
CONFIG_USB_ATMEL=m
# CONFIG_COMEDI is not set
# CONFIG_PANEL is not set
@ -5404,6 +5469,7 @@ CONFIG_USBIP_HOST=m
# CONFIG_FB_SM7XX is not set
# CONFIG_FB_TFT is not set
# CONFIG_FB_SM750 is not set
# CONFIG_STAGING_RDMA is not set
# END OF STAGING
#
@ -5481,6 +5547,8 @@ CONFIG_ZSMALLOC=y
# CONFIG_ZSMALLOC_STAT is not set
# CONFIG_PGTABLE_MAPPING is not set
# CONFIG_IDLE_PAGE_TRACKING is not set
# CONFIG_MDIO_GPIO is not set
# CONFIG_KEYBOARD_GPIO is not set
# CONFIG_KEYBOARD_GPIO_POLLED is not set
@ -5528,6 +5596,7 @@ CONFIG_GPIO_VIPERBOARD=m
# CONFIG_GPIO_MCP23S08 is not set
# CONFIG_GPIO_XILINX is not set
# CONFIG_GPIO_ALTERA is not set
# CONFIG_GPIO_ZX is not set
# FIXME: Why?
@ -5568,6 +5637,7 @@ CONFIG_PSTORE_RAM=m
# CONFIG_MEMTEST is not set
# CONFIG_TEST_HEXDUMP is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_TEST_STATIC_KEYS is not set
# CONFIG_AVERAGE is not set
# CONFIG_VMXNET3 is not set

5
config-powerpc-generic → config-powerpc64-generic
View File

@ -14,6 +14,7 @@ CONFIG_PPC_PSERIES=y
# CONFIG_PPC_PMAC is not set
# CONFIG_PPC_PMAC64 is not set
# CONFIG_PPC_PS3 is not set
CONFIG_HIBERNATION=n
CONFIG_EXTRA_TARGETS=""
@ -127,6 +128,7 @@ CONFIG_MTD_POWERNV_FLASH=m
CONFIG_PPC_TRANSACTIONAL_MEM=y
CONFIG_BLK_DEV_RSXX=m
CONFIG_CXL=m
CONFIG_CXLFLASH=m
CONFIG_IBMEBUS=y
CONFIG_EHEA=m
CONFIG_INFINIBAND_EHCA=m
@ -209,6 +211,7 @@ CONFIG_CAPI_EICON=y
CONFIG_LEDS_TRIGGER_TIMER=m
CONFIG_LEDS_TRIGGER_HEARTBEAT=m
CONFIG_LEDS_TRIGGER_GPIO=m
CONFIG_LEDS_POWERNV=m
CONFIG_USB_EHCI_HCD_PPC_OF=y
CONFIG_USB_OHCI_HCD_PCI=y
@ -358,6 +361,8 @@ CONFIG_I2C_MPC=m
# CONFIG_NET_VENDOR_PASEMI is not set
# CONFIG_NET_VENDOR_TOSHIBA is not set
CONFIG_MDIO_OCTEON=m
# CONFIG_OF_UNITTEST is not set
# CONFIG_OF_OVERLAY is not set
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set

3
config-powerpc64le
View File

@ -1,3 +1,6 @@
CONFIG_CPU_LITTLE_ENDIAN=y
CONFIG_POWER7_CPU=y
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
CONFIG_CHECKPOINT_RESTORE=y

2
config-s390x
View File

@ -201,6 +201,7 @@ CONFIG_VMCP=y
CONFIG_SCHED_MC=y
CONFIG_SCHED_BOOK=y
CONFIG_SCHED_TOPOLOGY=y
# CONFIG_NUMA is not set
# CONFIG_WARN_DYNAMIC_STACK is not set
@ -290,6 +291,7 @@ CONFIG_HOTPLUG_PCI_S390=y
# CONFIG_SH_ETH is not set
# CONFIG_NET_VENDOR_VIA is not set
# CONFIG_IEEE802154_DRIVERS is not set
# CONFIG_MDIO_OCTEON is not set
# CONFIG_FMC is not set

22
config-x86-generic
View File

@ -4,6 +4,8 @@ CONFIG_X86_EXTENDED_PLATFORM=y
CONFIG_X86_GENERIC=y
# CONFIG_X86_LEGACY_VM86 is not set
CONFIG_HPET=y
CONFIG_HPET_TIMER=y
# CONFIG_HPET_MMAP is not set
@ -34,9 +36,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
CONFIG_X86_PAT=y
CONFIG_X86_PM_TIMER=y
# This requires changes to binutils and the compiler. Plus you can't actually
# buy hardware with MPX yet. So... leave it off until all of that seems set.
# CONFIG_X86_INTEL_MPX is not set
CONFIG_X86_INTEL_MPX=y
CONFIG_EFI=y
CONFIG_EFI_STUB=y
@ -111,6 +111,7 @@ CONFIG_XPOWER_PMIC_OPREGION=y
CONFIG_GPIO_CRYSTAL_COVE=y
CONFIG_AXP288_ADC=y
CONFIG_AXP288_FUEL_GAUGE=y
# CONFIG_PWM_CRC is not set
CONFIG_X86_INTEL_PSTATE=y
@ -133,6 +134,7 @@ CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
CONFIG_GENERIC_ISA_DMA=y
@ -310,6 +312,9 @@ CONFIG_XEN_PCIDEV_BACKEND=m
CONFIG_XEN_ACPI_PROCESSOR=m
# CONFIG_XEN_SCSI_FRONTEND is not set
# CONFIG_XEN_SCSI_BACKEND is not set
CONFIG_XEN_SYMS=y
CONFIG_SPI_PXA2XX=m
CONFIG_MTD_ESB2ROM=m
CONFIG_MTD_CK804XROM=m
@ -457,6 +462,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
CONFIG_HP_ACCEL=m
CONFIG_SURFACE_PRO3_BUTTON=m
# CONFIG_RAPIDIO is not set
CONFIG_SCHED_SMT=y
@ -498,10 +505,14 @@ CONFIG_NFC_MICROREAD_MEI=m
# CONFIG_X86_GOLDFISH is not set
CONFIG_X86_INTEL_LPSS=y
CONFIG_IDMA64=m
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
CONFIG_MFD_INTEL_LPSS_ACPI=m
CONFIG_MFD_INTEL_LPSS_PCI=m
CONFIG_IOSF_MBI=m
# CONFIG_IOSF_MBI_DEBUG is not set
CONFIG_PWM_LPSS=m
@ -536,6 +547,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
CONFIG_INTEL_SOC_DTS_THERMAL=m
CONFIG_INT340X_THERMAL=m
CONFIG_INTEL_RAPL=m
CONFIG_INTEL_PCH_THERMAL=m
CONFIG_VMWARE_VMCI=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
@ -554,6 +566,8 @@ CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set
CONFIG_MODULE_SIG_SHA256=y
# CONFIG_MODULE_SIG_FORCE is not set
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_TRUSTED_KEYS=""
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
@ -563,9 +577,11 @@ CONFIG_EFI_SIGNATURE_LIST_PARSER=y
CONFIG_MODULE_SIG_UEFI=y
CONFIG_VMXNET3=m
CONFIG_FUJITSU_ES=m
CONFIG_VFIO_PCI_VGA=y
CONFIG_PCH_CAN=m
# CONFIG_X86_DEBUG_FPU is not set
# CONFIG_PUNIT_ATOM_DEBUG is not set
# CONFIG_AMD_MCE_INJ is not set

5
config-x86_64-generic
View File

@ -86,6 +86,8 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
CONFIG_CRYPTO_DES3_EDE_X86_64=m
CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_CHACHA20_X86_64=m
# staging crypto
# CONFIG_CRYPTO_SKEIN is not set
@ -134,6 +136,7 @@ CONFIG_XEN_SYS_HYPERVISOR=y
# CONFIG_XEN_MCE_LOG is not set
# CONFIG_XEN_STUB is not set
# CONFIG_XEN_PVH is not set
CONFIG_XEN_512GB=y
CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
@ -199,6 +202,8 @@ CONFIG_BTT=y
CONFIG_ND_BTT=m
CONFIG_ND_BLK=m
CONFIG_MDIO_OCTEON=m
CONFIG_NO_HZ_FULL=y
# CONFIG_NO_HZ_IDLE is not set
# CONFIG_NO_HZ_FULL_ALL is not set

12
disable-i8042-check-on-apple-mac.patch
View File

@ -1,3 +1,4 @@
From 31e64826785b5bafef7a6361516c060be2bca253 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 20 May 2010 10:30:31 -0400
Subject: [PATCH] disable i8042 check on apple mac
@ -17,11 +18,11 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
1 file changed, 22 insertions(+)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index 4022b75eaad7..1aaf06aa7b0f 100644
index c9c98f0ab284..5137185e14a9 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1506,6 +1506,22 @@ static struct platform_driver i8042_driver = {
.shutdown = i8042_shutdown,
@@ -1540,6 +1540,22 @@ static struct notifier_block i8042_kbd_bind_notifier_block = {
.notifier_call = i8042_kbd_bind_notifier,
};
+#ifdef CONFIG_DMI
@ -43,7 +44,7 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
static int __init i8042_init(void)
{
struct platform_device *pdev;
@@ -1513,6 +1529,12 @@ static int __init i8042_init(void)
@@ -1547,6 +1563,12 @@ static int __init i8042_init(void)
dbg_init();
@ -56,3 +57,6 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
err = i8042_platform_init();
if (err)
return err;
--
2.4.3

18
drm-i915-hush-check-crtc-state.patch
View File

@ -1,3 +1,4 @@
From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 13 Nov 2013 10:17:24 -0500
Subject: [PATCH] drm/i915: hush check crtc state
@ -14,15 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 647b1404c441..e102a06f26e0 100644
index ca9278be49f7..308ac0539a87 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -12322,7 +12322,7 @@ check_crtc_state(struct drm_device *dev)
if (active &&
!intel_pipe_config_compare(dev, crtc->config, &pipe_config)) {
@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
sw_config = to_intel_crtc_state(crtc->state);
if (!intel_pipe_config_compare(dev, sw_config,
pipe_config, false)) {
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
intel_dump_pipe_config(crtc, &pipe_config,
intel_dump_pipe_config(intel_crtc, pipe_config,
"[hw state]");
intel_dump_pipe_config(crtc, crtc->config,
intel_dump_pipe_config(intel_crtc, sw_config,
--
2.4.3

204
drm-nouveau-Fix-pre-nv50-pageflip-events-v4.patch Normal file
View File

@ -0,0 +1,204 @@
From 424f582d0ec7f206dcc59d34c9a2fa1c8087a8aa Mon Sep 17 00:00:00 2001
From: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Tue, 10 Nov 2015 17:37:31 +0100
Subject: [PATCH] drm/nouveau: Fix pre-nv50 pageflip events (v4)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Apparently pre-nv50 pageflip events happen before the actual vblank
period. Therefore that functionality got semi-disabled in
commit af4870e406126b7ac0ae7c7ce5751f25ebe60f28
Author: Mario Kleiner <mario.kleiner.de@gmail.com>
Date: Tue May 13 00:42:08 2014 +0200
drm/nouveau/kms/nv04-nv40: fix pageflip events via special case.
Unfortunately that hack got uprooted in
commit cc1ef118fc099295ae6aabbacc8af94d8d8885eb
Author: Thierry Reding <treding@nvidia.com>
Date: Wed Aug 12 17:00:31 2015 +0200
drm/irq: Make pipe unsigned and name consistent
Triggering a warning when trying to sample the vblank timestamp for a
non-existing pipe. There's a few ways to fix this:
- Open-code the old behaviour, which just enshrines this slight
breakage of the userspace ABI.
- Revert Mario's commit and again inflict broken timestamps, again not
pretty.
- Fix this for real by delaying the pageflip TS until the next vblank
interrupt, thereby making it accurate.
This patch implements the third option. Since having a page flip
interrupt that happens when the pageflip gets armed and not when it
completes in the next vblank seems to be fairly common (older i915 hw
works very similarly) create a new helper to arm vblank events for
such drivers.
v2 (Mario Kleiner):
- Fix function prototypes in drmP.h
- Add missing vblank_put() for pageflip completion without
pageflip event.
- Initialize sequence number for queued pageflip event to avoid
trouble in drm_handle_vblank_events().
- Remove dead code and spelling fix.
v3 (Mario Kleiner):
- Add a signed-off-by and cc stable tag per Ilja's advice.
v4 (Thierry Reding):
- Fix kerneldoc typo, discovered by Michel Dänzer
- Rearrange tags and changelog
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=106431
Cc: Thierry Reding <treding@nvidia.com>
Cc: Mario Kleiner <mario.kleiner.de@gmail.com>
Acked-by: Ben Skeggs <bskeggs@redhat.com>
Cc: Ilia Mirkin <imirkin@alum.mit.edu>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Reviewed-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Cc: stable@vger.kernel.org # v4.3
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
---
drivers/gpu/drm/drm_irq.c | 54 ++++++++++++++++++++++++++++++-
drivers/gpu/drm/nouveau/nouveau_display.c | 19 ++++++-----
include/drm/drmP.h | 4 +++
3 files changed, 68 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index 22d207e211e7..c5f20e41dcc6 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -944,7 +944,8 @@ static void send_vblank_event(struct drm_device *dev,
struct drm_pending_vblank_event *e,
unsigned long seq, struct timeval *now)
{
- WARN_ON_SMP(!spin_is_locked(&dev->event_lock));
+ assert_spin_locked(&dev->event_lock);
+
e->event.sequence = seq;
e->event.tv_sec = now->tv_sec;
e->event.tv_usec = now->tv_usec;
@@ -957,6 +958,57 @@ static void send_vblank_event(struct drm_device *dev,
}
/**
+ * drm_arm_vblank_event - arm vblank event after pageflip
+ * @dev: DRM device
+ * @pipe: CRTC index
+ * @e: the event to prepare to send
+ *
+ * A lot of drivers need to generate vblank events for the very next vblank
+ * interrupt. For example when the page flip interrupt happens when the page
+ * flip gets armed, but not when it actually executes within the next vblank
+ * period. This helper function implements exactly the required vblank arming
+ * behaviour.
+ *
+ * Caller must hold event lock. Caller must also hold a vblank reference for
+ * the event @e, which will be dropped when the next vblank arrives.
+ *
+ * This is the legacy version of drm_crtc_arm_vblank_event().
+ */
+void drm_arm_vblank_event(struct drm_device *dev, unsigned int pipe,
+ struct drm_pending_vblank_event *e)
+{
+ assert_spin_locked(&dev->event_lock);
+
+ e->pipe = pipe;
+ e->event.sequence = drm_vblank_count(dev, pipe);
+ list_add_tail(&e->base.link, &dev->vblank_event_list);
+}
+EXPORT_SYMBOL(drm_arm_vblank_event);
+
+/**
+ * drm_crtc_arm_vblank_event - arm vblank event after pageflip
+ * @crtc: the source CRTC of the vblank event
+ * @e: the event to send
+ *
+ * A lot of drivers need to generate vblank events for the very next vblank
+ * interrupt. For example when the page flip interrupt happens when the page
+ * flip gets armed, but not when it actually executes within the next vblank
+ * period. This helper function implements exactly the required vblank arming
+ * behaviour.
+ *
+ * Caller must hold event lock. Caller must also hold a vblank reference for
+ * the event @e, which will be dropped when the next vblank arrives.
+ *
+ * This is the native KMS version of drm_arm_vblank_event().
+ */
+void drm_crtc_arm_vblank_event(struct drm_crtc *crtc,
+ struct drm_pending_vblank_event *e)
+{
+ drm_arm_vblank_event(crtc->dev, drm_crtc_index(crtc), e);
+}
+EXPORT_SYMBOL(drm_crtc_arm_vblank_event);
+
+/**
* drm_send_vblank_event - helper to send vblank event after pageflip
* @dev: DRM device
* @pipe: CRTC index
diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c
index e905c00acf1a..54183bcca48f 100644
--- a/drivers/gpu/drm/nouveau/nouveau_display.c
+++ b/drivers/gpu/drm/nouveau/nouveau_display.c
@@ -827,7 +827,6 @@ nouveau_finish_page_flip(struct nouveau_channel *chan,
struct drm_device *dev = drm->dev;
struct nouveau_page_flip_state *s;
unsigned long flags;
- int crtcid = -1;
spin_lock_irqsave(&dev->event_lock, flags);
@@ -839,15 +838,19 @@ nouveau_finish_page_flip(struct nouveau_channel *chan,
s = list_first_entry(&fctx->flip, struct nouveau_page_flip_state, head);
if (s->event) {
- /* Vblank timestamps/counts are only correct on >= NV-50 */
- if (drm->device.info.family >= NV_DEVICE_INFO_V0_TESLA)
- crtcid = s->crtc;
+ if (drm->device.info.family < NV_DEVICE_INFO_V0_TESLA) {
+ drm_arm_vblank_event(dev, s->crtc, s->event);
+ } else {
+ drm_send_vblank_event(dev, s->crtc, s->event);
- drm_send_vblank_event(dev, crtcid, s->event);
+ /* Give up ownership of vblank for page-flipped crtc */
+ drm_vblank_put(dev, s->crtc);
+ }
+ }
+ else {
+ /* Give up ownership of vblank for page-flipped crtc */
+ drm_vblank_put(dev, s->crtc);
}
-
- /* Give up ownership of vblank for page-flipped crtc */
- drm_vblank_put(dev, s->crtc);
list_del(&s->head);
if (ps)
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
index 8b5ce7c5d9bb..c98f01046bd0 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -932,6 +932,10 @@ extern void drm_send_vblank_event(struct drm_device *dev, unsigned int pipe,
struct drm_pending_vblank_event *e);
extern void drm_crtc_send_vblank_event(struct drm_crtc *crtc,
struct drm_pending_vblank_event *e);
+extern void drm_arm_vblank_event(struct drm_device *dev, unsigned int pipe,
+ struct drm_pending_vblank_event *e);
+extern void drm_crtc_arm_vblank_event(struct drm_crtc *crtc,
+ struct drm_pending_vblank_event *e);
extern bool drm_handle_vblank(struct drm_device *dev, unsigned int pipe);
extern bool drm_crtc_handle_vblank(struct drm_crtc *crtc);
extern int drm_vblank_get(struct drm_device *dev, unsigned int pipe);
--
2.5.0

31
drm-nouveau-pmu-do-not-assume-a-PMU-is-present.patch Normal file
View File

@ -0,0 +1,31 @@
From 65fbb05cbbf9ef7f531712634c3e914b54171707 Mon Sep 17 00:00:00 2001
From: Alexandre Courbot <acourbot@nvidia.com>
Date: Thu, 3 Sep 2015 17:39:52 +0900
Subject: [PATCH] drm/nouveau/pmu: do not assume a PMU is present
Some devices may not have a PMU. Avoid a NULL pointer dereference in
such cases by checking whether the pointer given to nvkm_pmu_pgob() is
valid.
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
---
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
index 27a79c0c3888..d95eb8659d1b 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
@@ -28,7 +28,7 @@
void
nvkm_pmu_pgob(struct nvkm_pmu *pmu, bool enable)
{
- if (pmu->func->pgob)
+ if (pmu && pmu->func->pgob)
pmu->func->pgob(pmu, enable);
}
--
2.5.0

10
efi-Add-EFI_SECURE_BOOT-bit.patch
View File

@ -1,6 +1,7 @@
From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
@ -12,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index c2e4f52cad30..5def6b4143fa 100644
index 1ac118146e90..f93826b8522c 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
@ -37,3 +38,6 @@ index 85ef051ac6fb..de3e45088d4a 100644
#ifdef CONFIG_EFI
/*
--
2.4.3

8
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
View File

@ -1,6 +1,7 @@
From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
@ -14,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 1ef8ea7f8ed9..d82dc9c1c19e 100644
index b4de3faa3f29..5cc2ef570390 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -830,8 +830,9 @@ out:
@ -52,3 +53,6 @@ index 1ef8ea7f8ed9..d82dc9c1c19e 100644
return 1;
}
--
2.4.3

10
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
View File

@ -1,6 +1,7 @@
From 0081083434db41c15b72eced975da0bd9b80566b Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
Subject: [PATCH 12/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
The functionality of the config option is dependent upon the platform being
UEFI based. Reflect this in the config deps.
@ -11,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 4da6644b1fd0..341a1457f7c7 100644
index 14db458f4774..f6ff0a86d841 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1704,7 +1704,8 @@ config EFI_MIXED
@@ -1735,7 +1735,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE
@ -24,3 +25,6 @@ index 4da6644b1fd0..341a1457f7c7 100644
prompt "Force module signing when UEFI Secure Boot is enabled"
---help---
UEFI Secure Boot provides a mechanism for ensuring that the
--
2.4.3

2
filter-aarch64.sh Normal file → Executable file
View File

@ -11,4 +11,4 @@
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"

2
filter-armv7hl.sh Normal file → Executable file
View File

@ -11,4 +11,4 @@
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn media memstick message nfc ntb pcmcia platform ssb staging uio uwb"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"

2
filter-i686.sh Normal file → Executable file
View File

@ -11,4 +11,4 @@
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub hid-sensor-magn-3d hid-sensor-incl-3d hid-sensor-gyro-3d hid-sensor-iio-common hid-sensor-accel-3d hid-sensor-trigger hid-sensor-als hid-sensor-rotation target_core_user"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub hid-sensor-magn-3d hid-sensor-incl-3d hid-sensor-gyro-3d hid-sensor-iio-common hid-sensor-accel-3d hid-sensor-trigger hid-sensor-als hid-sensor-rotation target_core_user"

2
filter-modules.sh
View File

@ -32,7 +32,7 @@ netprots="appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee802154 irda l
drmdrvs="ast gma500 mgag200 via nouveau"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user"
# Grab the arch-specific filter list overrides
source ./filter-$2.sh

2
filter-ppc64.sh Normal file → Executable file
View File

@ -11,4 +11,4 @@
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"

2
filter-ppc64le.sh Normal file → Executable file
View File

@ -11,4 +11,4 @@
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"

2
filter-ppc64p7.sh Normal file → Executable file
View File

@ -11,4 +11,4 @@
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"

0
filter-s390x.sh Normal file → Executable file
View File

0
filter-x86_64.sh Normal file → Executable file
View File

6
hibernate-Disable-in-a-signed-modules-environment.patch
View File

@ -1,6 +1,7 @@
From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH] hibernate: Disable in a signed modules environment
Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
@ -33,3 +34,6 @@ index 690f78f210f2..037303a1cba9 100644
}
/**
--
2.4.3

1962
i915-stable-backports.patch Normal file
View File

File diff suppressed because it is too large Load Diff

40
ideapad-laptop-Add-Lenovo-Yoga-700-to-no_hw_rfkill-d.patch Normal file
View File

@ -0,0 +1,40 @@
From 90da345613c5c0910b54b72019664e0b2ada19f9 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 12 Jan 2016 07:54:39 -0500
Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
Like the Yoga 900 models the Lenovo Yoga 700 does not have a
hw rfkill switch, and trying to read the hw rfkill switch through the
ideapad module causes it to always reported blocking breaking wifi.
This commit adds the Lenovo Yoga 700 to the no_hw_rfkill dmi list, fixing
the wifi breakage.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1295272
Cc: stable@vger.kernel.org
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index d28db0e793df..51178626305d 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -900,6 +900,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
},
},
{
+ .ident = "Lenogo Yoga 700",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 700"),
+ },
+ },
+ {
.ident = "Lenovo Yoga 900",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
--
2.5.0

12
kbuild-AFTER_LINK.patch
View File

@ -1,3 +1,4 @@
From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@redhat.com>
Date: Mon, 6 Oct 2008 23:03:03 -0700
Subject: [PATCH] kbuild: AFTER_LINK
@ -62,7 +63,7 @@ index effca9404b17..713891a92d23 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
index 8ad2b34ad151..e153572ab351 100644
index ee8a18e50a25..63e33fa049f8 100644
--- a/arch/s390/kernel/vdso32/Makefile
+++ b/arch/s390/kernel/vdso32/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@ -76,7 +77,7 @@ index 8ad2b34ad151..e153572ab351 100644
cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
index 2a8ddfd12a5b..452ca53561fe 100644
index c4b03f9ed228..550450fc2f95 100644
--- a/arch/s390/kernel/vdso64/Makefile
+++ b/arch/s390/kernel/vdso64/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
@ -90,7 +91,7 @@ index 2a8ddfd12a5b..452ca53561fe 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
index e97032069f88..9ea82f444dea 100644
index a3d0767a6b29..078c9be1db8f 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
@ -103,7 +104,7 @@ index e97032069f88..9ea82f444dea 100644
+ $(if $(AFTER_LINK),; $(AFTER_LINK)) && \
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index 1a10d8ac8162..092d0c0cf72c 100755
@ -120,3 +121,6 @@ index 1a10d8ac8162..092d0c0cf72c 100755
}
--
2.4.3

439
kernel.spec
View File

@ -46,13 +46,13 @@ Summary: The Linux kernel
# base_sublevel is the kernel version we're starting with and patching
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
# which yields a base_sublevel of 0.
%define base_sublevel 2
%define base_sublevel 3
## If this is a released kernel ##
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 8
%define stable_update 3
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -393,8 +393,12 @@ BuildRequires: rpm-build, elfutils
%define debuginfo_args --strict-build-id -r
%endif
%ifarch %{ix86} x86_64
# MODULE_SIG is enabled in config-x86-generic and needs these:
BuildRequires: openssl openssl-devel
%endif
%if %{signmodules}
BuildRequires: openssl
BuildRequires: pesign >= 0.10-4
%endif
@ -436,7 +440,7 @@ Source32: config-x86-32-generic
Source40: config-x86_64-generic
Source50: config-powerpc-generic
Source50: config-powerpc64-generic
Source53: config-powerpc64
Source54: config-powerpc64p7
Source55: config-powerpc64le
@ -496,134 +500,107 @@ Patch05: kbuild-AFTER_LINK.patch
# Standalone patches
Patch450: input-kill-stupid-messages.patch
Patch452: no-pcspkr-modalias.patch
Patch451: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
Patch458: regulator-axp20x-module-alias.patch
Patch470: die-floppy-die.patch
Patch452: amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
Patch510: input-silence-i8042-noise.patch
Patch530: silence-fbcon-logo.patch
Patch453: amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
Patch600: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
Patch454: arm64-avoid-needing-console-to-enable-serial-console.patch
#rhbz 1126580
Patch601: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
Patch800: crash-driver.patch
Patch456: arm64-acpi-drop-expert-patch.patch
# crypto/
Patch457: ARM-tegra-usb-no-reset.patch
# secure boot
Patch1000: Add-secure_modules-call.patch
Patch1001: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
Patch1002: x86-Lock-down-IO-port-access-when-module-security-is.patch
Patch1003: ACPI-Limit-access-to-custom_method.patch
Patch1004: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
Patch1005: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
Patch1006: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
Patch1007: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
Patch1008: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
Patch1009: Add-option-to-automatically-enforce-module-signature.patch
Patch1010: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
Patch1011: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
Patch1012: efi-Add-EFI_SECURE_BOOT-bit.patch
Patch1013: hibernate-Disable-in-a-signed-modules-environment.patch
Patch458: ARM-dts-Add-am335x-bonegreen.patch
Patch1014: Add-EFI-signature-data-types.patch
Patch1015: Add-an-EFI-signature-blob-parser-and-key-loader.patch
Patch1016: KEYS-Add-a-system-blacklist-keyring.patch
Patch1017: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
Patch1018: MODSIGN-Support-not-importing-certs-from-db.patch
Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
Patch1019: Add-sysrq-option-to-disable-secure-boot-mode.patch
Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
# virt + ksm patches
Patch463: arm-i.MX6-Utilite-device-dtb.patch
# DRM
Patch466: input-kill-stupid-messages.patch
# nouveau + drm fixes
# intel drm is all merged upstream
Patch1826: drm-i915-hush-check-crtc-state.patch
Patch467: die-floppy-die.patch
# Quiet boot fixes
Patch468: no-pcspkr-modalias.patch
# fs fixes
Patch470: silence-fbcon-logo.patch
# NFSv4
Patch471: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
# patches headed upstream
Patch12016: disable-i8042-check-on-apple-mac.patch
Patch472: crash-driver.patch
Patch14010: lis3-improve-handling-of-null-rate.patch
Patch473: Add-secure_modules-call.patch
Patch15000: watchdog-Disable-watchdog-on-virtual-machines.patch
Patch474: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
# PPC
Patch475: x86-Lock-down-IO-port-access-when-module-security-is.patch
# ARM64
Patch16000: amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
Patch16001: amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
Patch16002: arm64-avoid-needing-console-to-enable-serial-console.patch
Patch16003: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
Patch16004: showmem-cma-correct-reserved-memory-calculation.patch
Patch476: ACPI-Limit-access-to-custom_method.patch
# ARMv7
Patch16020: ARM-tegra-usb-no-reset.patch
Patch16021: arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
Patch16022: arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
Patch16025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
Patch16026: pinctrl-pinctrl-single-must-be-initialized-early.patch
Patch477: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
Patch16028: arm-i.MX6-Utilite-device-dtb.patch
Patch478: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
#rhbz 754518
Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
Patch479: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
Patch21242: criu-no-expert.patch
Patch480: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
#rhbz 892811
Patch21247: ath9k-rx-dma-stop-check.patch
Patch481: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
#CVE-2015-2150 rhbz 1196266 1200397
Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
Patch482: Add-option-to-automatically-enforce-module-signature.patch
#rhbz 1212230
Patch26176: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
Patch483: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
#rhbz 1133378
Patch26219: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
Patch484: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
#rhbz 1226743
Patch26221: drm-i915-turn-off-wc-mmaps.patch
Patch485: efi-Add-EFI_SECURE_BOOT-bit.patch
Patch486: hibernate-Disable-in-a-signed-modules-environment.patch
#rhbz 1244511
Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
Patch487: Add-EFI-signature-data-types.patch
Patch488: Add-an-EFI-signature-blob-parser-and-key-loader.patch
Patch489: KEYS-Add-a-system-blacklist-keyring.patch
Patch490: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
Patch491: MODSIGN-Support-not-importing-certs-from-db.patch
Patch492: Add-sysrq-option-to-disable-secure-boot-mode.patch
Patch493: drm-i915-hush-check-crtc-state.patch
Patch494: disable-i8042-check-on-apple-mac.patch
Patch495: lis3-improve-handling-of-null-rate.patch
Patch496: watchdog-Disable-watchdog-on-virtual-machines.patch
Patch497: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
Patch498: criu-no-expert.patch
Patch499: ath9k-rx-dma-stop-check.patch
Patch500: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
Patch501: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
Patch503: drm-i915-turn-off-wc-mmaps.patch
Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
#rhbz 1239050
Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
#rhbz 1253789
Patch511: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
#rhbz 1257534
Patch515: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
#rhbz 1257500
Patch517: vmwgfx-Rework-device-initialization.patch
Patch518: drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
#rhbz 1272172
Patch540: 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
Patch541: 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
#CVE-2015-7799 rhbz 1271134 1271135
Patch543: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
Patch544: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
Patch512: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
Patch513: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
#CVE-2015-8104 rhbz 1278496 1279691
Patch551: KVM-svm-unconditionally-intercept-DB.patch
@ -639,11 +616,6 @@ Patch556: netfilter-ipset-Fix-extension-alignment.patch
Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
Patch558: netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
#rhbz 1278688
Patch560: 0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
Patch561: 0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
Patch562: 0003-KVM-x86-fix-previous-commit-for-32-bit.patch
#rhbz 1284059
Patch566: KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
@ -659,35 +631,66 @@ Patch570: HID-multitouch-enable-palm-rejection-if-device-imple.patch
#rhbz 1286293
Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
#rhbz 1288687
Patch572: alua_fix.patch
#CVE-XXXX-XXXX rhbz 1291329 1291332
Patch574: ovl-fix-permission-checking-for-setattr.patch
#CVE-2015-7550 rhbz 1291197 1291198
Patch575: KEYS-Fix-race-between-read-and-revoke.patch
#CVE-2015-8543 rhbz 1290475 1290477
Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
#CVE-2015-8569 rhbz 1292045 1292047
Patch577: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
#CVE-2015-8575 rhbz 1292840 1292841
Patch578: bluetooth-Validate-socket-address-length-in-sco_sock.patch
Patch601: vrf-fix-memory-leak-on-registration.patch
#CVE-2015-8709 rhbz 1295287 1295288
Patch603: ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
#atch604: drm-i915-shut-up-gen8-SDE-irq-dmesg-noise-again.patch
#CVE-2015-7513 rhbz 1284847 1296142
Patch605: KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch
#rhbz 1296677
Patch606: HID-multitouch-Fetch-feature-reports-on-demand-for-W.patch
#rhbz 1281368
Patch607: drm-nouveau-Fix-pre-nv50-pageflip-events-v4.patch
#rhbz 1296820
Patch608: drm-nouveau-pmu-do-not-assume-a-PMU-is-present.patch
#rhbz 1083853
Patch610: PNP-Add-Broadwell-to-Intel-MCH-size-workaround.patch
#CVE-2015-7566 rhbz 1296466 1297517
Patch623: usb-serial-visor-fix-crash-on-detecting-device-witho.patch
#CVE-2015-8767 rhbz 1297389 1298437
Patch624: sctp-Prevent-soft-lockup-when-sctp_accept-is-called-.patch
#rhbz 1298309
#atch624: drm-i915-Do-a-better-job-at-disabling-primary-plane-.patch
#rhbz 1298996
Patch625: block-ensure-to-split-after-potentially-bouncing-a-b.patch
#rhbz 1298192
Patch626: selinux-fix-bug-in-conditional-rules-handling.patch
#rhbz 1295272
Patch627: ideapad-laptop-Add-Lenovo-Yoga-700-to-no_hw_rfkill-d.patch
Patch628: i915-stable-backports.patch
Patch635: nouveau-stable-backports.patch
#rhbz 1299810
Patch629: SCSI-refactor-device-matching-code-in-scsi_devinfo.c.patch
Patch630: SCSI-fix-bug-in-scsi_dev_info_list-matching.patch
Patch631: btrfs-handle-invalid-num_stripes-in-sys_array.patch
Patch632: Btrfs-fix-fitrim-discarding-device-area-reserved-for.patch
Patch633: net_43.mbox
#CVE-2016-0728 rhbz 1296623 1297475
Patch634: KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
# END OF PATCH DEFINITIONS
@ -1253,183 +1256,104 @@ ApplyPatch kbuild-AFTER_LINK.patch
%if !%{nopatches}
# Architecture patches
# x86(-64)
ApplyPatch lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
# PPC
# ARM64
ApplyPatch amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
ApplyPatch amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
ApplyPatch arm64-avoid-needing-console-to-enable-serial-console.patch
ApplyPatch usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
ApplyPatch showmem-cma-correct-reserved-memory-calculation.patch
ApplyPatch arm64-acpi-drop-expert-patch.patch
#
# ARM
#
ApplyPatch ARM-tegra-usb-no-reset.patch
ApplyPatch arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
ApplyPatch arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
ApplyPatch ARM-dts-Add-am335x-bonegreen.patch
ApplyPatch 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
ApplyPatch mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
#
# bugfixes to drivers and filesystems
#
# ext4
# xfs
# btrfs
# eCryptfs
# NFSv4
# USB
# WMI
# ACPI
#
# PCI
#
#
# SCSI Bits.
#
# ACPI
# ALSA
# Networking
# Misc fixes
# The input layer spews crap no-one cares about.
ApplyPatch input-kill-stupid-messages.patch
# stop floppy.ko from autoloading during udev...
ApplyPatch die-floppy-die.patch
ApplyPatch no-pcspkr-modalias.patch
# Silence some useless messages that still get printed with 'quiet'
ApplyPatch input-silence-i8042-noise.patch
# Make fbcon not show the penguins with 'quiet'
ApplyPatch silence-fbcon-logo.patch
# Changes to upstream defaults.
#rhbz 1126580
ApplyPatch Kbuild-Add-an-option-to-enable-GCC-VTA.patch
# /dev/crash driver.
ApplyPatch crash-driver.patch
# crypto/
# secure boot
ApplyPatch Add-secure_modules-call.patch
ApplyPatch PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
ApplyPatch x86-Lock-down-IO-port-access-when-module-security-is.patch
ApplyPatch ACPI-Limit-access-to-custom_method.patch
ApplyPatch asus-wmi-Restrict-debugfs-interface-when-module-load.patch
ApplyPatch Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
ApplyPatch acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
ApplyPatch kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
ApplyPatch x86-Restrict-MSR-access-when-module-loading-is-restr.patch
ApplyPatch Add-option-to-automatically-enforce-module-signature.patch
ApplyPatch efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
ApplyPatch efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
ApplyPatch efi-Add-EFI_SECURE_BOOT-bit.patch
ApplyPatch hibernate-Disable-in-a-signed-modules-environment.patch
ApplyPatch Add-EFI-signature-data-types.patch
ApplyPatch Add-an-EFI-signature-blob-parser-and-key-loader.patch
ApplyPatch KEYS-Add-a-system-blacklist-keyring.patch
ApplyPatch MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
ApplyPatch MODSIGN-Support-not-importing-certs-from-db.patch
ApplyPatch Add-sysrq-option-to-disable-secure-boot-mode.patch
# Assorted Virt Fixes
# DRM core
# Nouveau DRM
# Intel DRM
ApplyPatch drm-i915-hush-check-crtc-state.patch
# Radeon DRM
# Patches headed upstream
ApplyPatch disable-i8042-check-on-apple-mac.patch
ApplyPatch lis3-improve-handling-of-null-rate.patch
# Disable watchdog on virtual machines.
ApplyPatch watchdog-Disable-watchdog-on-virtual-machines.patch
#rhbz 754518
ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
ApplyPatch criu-no-expert.patch
#rhbz 892811
ApplyPatch ath9k-rx-dma-stop-check.patch
#CVE-2015-2150 rhbz 1196266 1200397
ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
#rhbz 1212230
ApplyPatch Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
#rhbz 1133378
ApplyPatch firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
#rhbz 1226743
ApplyPatch drm-i915-turn-off-wc-mmaps.patch
#rhbz 1212230
# pplyPatch Input-Revert-Revert-synaptics-use-dmax-in-input_mt_a.patch
# pplyPatch Input-synaptics-allocate-3-slots-to-keep-stability-i.patch
# pplyPatch Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
#rhbz 1244511
ApplyPatch HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
ApplyPatch kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
#rhbz 1239050
ApplyPatch ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
#rhbz 1253789
ApplyPatch iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
#rhbz 1257534
ApplyPatch nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
#rhbz 1257500
ApplyPatch vmwgfx-Rework-device-initialization.patch
ApplyPatch drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
ApplyPatch regulator-axp20x-module-alias.patch
#rhbz 1272172
ApplyPatch 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
ApplyPatch 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
#CVE-2015-7799 rhbz 1271134 1271135
ApplyPatch isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
ApplyPatch ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
@ -1448,11 +1372,6 @@ ApplyPatch netfilter-ipset-Fix-extension-alignment.patch
ApplyPatch netfilter-ipset-Fix-hash-type-expiration.patch
ApplyPatch netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
#rhbz 1278688
ApplyPatch 0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
ApplyPatch 0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
ApplyPatch 0003-KVM-x86-fix-previous-commit-for-32-bit.patch
#rhbz 1284059
ApplyPatch KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
@ -1468,35 +1387,66 @@ ApplyPatch HID-multitouch-enable-palm-rejection-if-device-imple.patch
#rhbz 1286293
ApplyPatch ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
#rhbz 1288687
ApplyPatch alua_fix.patch
#CVE-XXXX-XXXX rhbz 1291329 1291332
ApplyPatch ovl-fix-permission-checking-for-setattr.patch
#CVE-2015-7550 rhbz 1291197 1291198
ApplyPatch KEYS-Fix-race-between-read-and-revoke.patch
#CVE-2015-8543 rhbz 1290475 1290477
ApplyPatch net-add-validation-for-the-socket-syscall-protocol-a.patch
#CVE-2015-8569 rhbz 1292045 1292047
ApplyPatch pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
#CVE-2015-8575 rhbz 1292840 1292841
ApplyPatch bluetooth-Validate-socket-address-length-in-sco_sock.patch
ApplyPatch vrf-fix-memory-leak-on-registration.patch
#CVE-2015-8709 rhbz 1295287 1295288
ApplyPatch ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
#atch604: drm-i915-shut-up-gen8-SDE-irq-dmesg-noise-again.patch
#CVE-2015-7513 rhbz 1284847 1296142
ApplyPatch KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch
#rhbz 1296677
ApplyPatch HID-multitouch-Fetch-feature-reports-on-demand-for-W.patch
#rhbz 1281368
ApplyPatch drm-nouveau-Fix-pre-nv50-pageflip-events-v4.patch
#rhbz 1296820
ApplyPatch drm-nouveau-pmu-do-not-assume-a-PMU-is-present.patch
#rhbz 1083853
ApplyPatch PNP-Add-Broadwell-to-Intel-MCH-size-workaround.patch
#CVE-2015-7566 rhbz 1296466 1297517
ApplyPatch usb-serial-visor-fix-crash-on-detecting-device-witho.patch
#CVE-2015-8767 rhbz 1297389 1298437
ApplyPatch sctp-Prevent-soft-lockup-when-sctp_accept-is-called-.patch
#rhbz 1298309
#atch624: drm-i915-Do-a-better-job-at-disabling-primary-plane-.patch
#rhbz 1298996
ApplyPatch block-ensure-to-split-after-potentially-bouncing-a-b.patch
#rhbz 1298192
ApplyPatch selinux-fix-bug-in-conditional-rules-handling.patch
#rhbz 1295272
ApplyPatch ideapad-laptop-Add-Lenovo-Yoga-700-to-no_hw_rfkill-d.patch
ApplyPatch i915-stable-backports.patch
ApplyPatch nouveau-stable-backports.patch
#rhbz 1299810
ApplyPatch SCSI-refactor-device-matching-code-in-scsi_devinfo.c.patch
ApplyPatch SCSI-fix-bug-in-scsi_dev_info_list-matching.patch
ApplyPatch btrfs-handle-invalid-num_stripes-in-sys_array.patch
ApplyPatch Btrfs-fix-fitrim-discarding-device-area-reserved-for.patch
ApplyPatch net_43.mbox
#CVE-2016-0728 rhbz 1296623 1297475
ApplyPatch KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
# END OF PATCH APPLICATIONS
@ -1617,11 +1567,9 @@ BuildKernel() {
cp configs/$Config .config
%if %{signmodules}
cp %{SOURCE11} .
cp %{SOURCE11} certs/.
%endif
chmod +x scripts/sign-file
Arch=`head -1 .config | cut -b 3-`
echo USING ARCH=$Arch
@ -1857,8 +1805,8 @@ BuildKernel() {
%if %{signmodules}
# Save the signing keys so we can sign the modules in __modsign_install_post
cp signing_key.priv signing_key.priv.sign${Flav}
cp signing_key.x509 signing_key.x509.sign${Flav}
cp certs/signing_key.pem certs/signing_key.pem.sign${Flav}
cp certs/signing_key.x509 certs/signing_key.x509.sign${Flav}
%endif
# Move the devel headers out of the root file system
@ -1953,16 +1901,16 @@ popd
%define __modsign_install_post \
if [ "%{signmodules}" -eq "1" ]; then \
if [ "%{with_pae}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign+%{pae} signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
%{modsign_cmd} certs/signing_key.pem.sign+%{pae} certs/signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
fi \
if [ "%{with_debug}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign+debug signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
%{modsign_cmd} certs/signing_key.pem.sign+debug certs/signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
fi \
if [ "%{with_pae_debug}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign+%{pae}debug signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
%{modsign_cmd} certs/signing_key.pem.sign+%{pae}debug certs/signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
fi \
if [ "%{with_up}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
%{modsign_cmd} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
fi \
fi \
if [ "%{zipmodules}" -eq "1" ]; then \
@ -2223,6 +2171,7 @@ fi
%dir %{_libdir}/traceevent/plugins
%{_libdir}/traceevent/plugins/*
%dir %{_libexecdir}/perf-core
%{_datadir}/perf-core/*
%{_libexecdir}/perf-core/*
%{_mandir}/man[1-8]/perf*
%{_sysconfdir}/bash_completion.d/perf
@ -2348,6 +2297,14 @@ fi
#
#
%changelog
* Tue Jan 19 2016 Josh Boyer <jwboyer@fedoraproject.org> - 4.3.3-200
- Rebase to 4.3.y
- Backport nouveau stable fixes (rhbz 1299349)
- CVE-2016-0728 Keys: reference leak in join_session_keyring (rhbz 1296623 1297475)
- Add currently queued networking stable patches
- Add a couple btrfs patches cc'd to stable upstream
- Add SCSI patches to avoid blacklist false positives (rhbz 1299810)
* Fri Jan 15 2016 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-8767 sctp: DoS during timeout (rhbz 1297389 1298437)

22
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
View File

@ -1,3 +1,4 @@
From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
@ -13,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index a785c1015e25..81d6b404f33c 100644
index 4c5edc357923..db431971dbd4 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -36,6 +36,7 @@
#include <linux/syscore_ops.h>
#include <linux/compiler.h>
#include <linux/hugetlb.h>
@@ -10,6 +10,7 @@
#include <linux/mm.h>
#include <linux/file.h>
#include <linux/kexec.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
#include <linux/mutex.h>
#include <linux/list.h>
#include <linux/syscalls.h>
@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
@ -38,3 +39,6 @@ index a785c1015e25..81d6b404f33c 100644
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
2.4.3

28
mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch Normal file
View File

@ -0,0 +1,28 @@
From 567a18f57213647e2c31bbdc7f6b8f9991d22fad Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Fri, 13 Nov 2015 19:03:29 +0000
Subject: [PATCH] mfd: wm8994: Ensure that the whole MFD is built into a single
module
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
---
drivers/mfd/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/Makefile b/drivers/mfd/Makefile
index a59e3fc..4a767ef 100644
--- a/drivers/mfd/Makefile
+++ b/drivers/mfd/Makefile
@@ -61,7 +61,8 @@ wm8350-objs := wm8350-core.o wm8350-regmap.o wm8350-gpio.o
wm8350-objs += wm8350-irq.o
obj-$(CONFIG_MFD_WM8350) += wm8350.o
obj-$(CONFIG_MFD_WM8350_I2C) += wm8350-i2c.o
-obj-$(CONFIG_MFD_WM8994) += wm8994-core.o wm8994-irq.o wm8994-regmap.o
+wm8994-objs := wm8994-core.o wm8994-irq.o wm8994-regmap.o
+obj-$(CONFIG_MFD_WM8994) += wm8994.o
obj-$(CONFIG_TPS6105X) += tps6105x.o
obj-$(CONFIG_TPS65010) += tps65010.o
--
2.5.0

2086
net_43.mbox Normal file
View File

File diff suppressed because it is too large Load Diff

105
nouveau-stable-backports.patch Normal file
View File

@ -0,0 +1,105 @@
From fe9c94340928d8ec3ea1ae74f99c3c9b18684129 Mon Sep 17 00:00:00 2001
From: Martin Peres <martin.peres@free.fr>
Date: Sun, 29 Nov 2015 16:10:18 +0200
Subject: [PATCH 1/3] drm/nouveau/bios/fan: hardcode the fan mode to linear
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is an oversight that made use of the trip-point-based fan managenent on
cards that never expose those. This led the fan to stay at fan_min.
Fortunately, the emergency code would kick when the temperature would reach
90°C.
Reported-by: Tom Englund <tomenglund26@gmail.com>
Tested-by: Tom Englund <tomenglund26@gmail.com>
Signed-off-by: Martin Peres <martin.peres@free.fr>
Tested-by: Daemon32 <lnf.purple@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92126
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Cc: stable@vger.kernel.org
---
drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
index 43006db6fd58..80fed7e78dcb 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
@@ -83,6 +83,7 @@ nvbios_fan_parse(struct nvkm_bios *bios, struct nvbios_therm_fan *fan)
fan->type = NVBIOS_THERM_FAN_UNK;
}
+ fan->fan_mode = NVBIOS_THERM_FAN_LINEAR;
fan->min_duty = nvbios_rd08(bios, data + 0x02);
fan->max_duty = nvbios_rd08(bios, data + 0x03);
--
2.5.0
From acdc10375119fc5dd76d7051a5ae4a41f61c45aa Mon Sep 17 00:00:00 2001
From: Ben Skeggs <bskeggs@redhat.com>
Date: Mon, 4 Jan 2016 09:01:13 +1000
Subject: [PATCH 2/3] drm/nouveau/gr/nv40: fix oops in interrupt handler
fdo#93557
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Cc: stable@vger.kernel.org
---
drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c
index ffa902ece872..05a895496fc6 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv40.c
@@ -156,6 +156,7 @@ nv40_gr_chan_new(struct nvkm_gr *base, struct nvkm_fifo_chan *fifoch,
return -ENOMEM;
nvkm_object_ctor(&nv40_gr_chan, oclass, &chan->object);
chan->gr = gr;
+ chan->fifo = fifoch;
*pobject = &chan->object;
spin_lock_irqsave(&chan->gr->base.engine.lock, flags);
--
2.5.0
From c5d07dcb6d6260a51a2309d5f62c3391637afa86 Mon Sep 17 00:00:00 2001
From: Ben Skeggs <bskeggs@redhat.com>
Date: Fri, 8 Jan 2016 08:56:51 +1000
Subject: [PATCH 3/3] drm/nouveau/kms: take mode_config mutex in connector
hotplug path
fdo#93634
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Cc: stable@vger.kernel.org
---
drivers/gpu/drm/nouveau/nouveau_connector.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
index 2e7cbe933533..2a5ed7460354 100644
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
@@ -969,10 +969,13 @@ nouveau_connector_hotplug(struct nvif_notify *notify)
NV_DEBUG(drm, "%splugged %s\n", plugged ? "" : "un", name);
+ mutex_lock(&drm->dev->mode_config.mutex);
if (plugged)
drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON);
else
drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF);
+ mutex_unlock(&drm->dev->mode_config.mutex);
+
drm_helper_hpd_irq_event(connector->dev);
}
--
2.5.0

51
selinux-fix-bug-in-conditional-rules-handling.patch Normal file
View File

@ -0,0 +1,51 @@
From f3bef67992e8698897b584616535803887c4a73e Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 23 Nov 2015 16:07:41 -0500
Subject: [PATCH] selinux: fix bug in conditional rules handling
commit fa1aa143ac4a ("selinux: extended permissions for ioctls")
introduced a bug into the handling of conditional rules, skipping the
processing entirely when the caller does not provide an extended
permissions (xperms) structure. Access checks from userspace using
/sys/fs/selinux/access do not include such a structure since that
interface does not presently expose extended permission information.
As a result, conditional rules were being ignored entirely on userspace
access requests, producing denials when access was allowed by
conditional rules in the policy. Fix the bug by only skipping
computation of extended permissions in this situation, not the entire
conditional rules processing.
Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: fixed long lines in patch description]
Cc: stable@vger.kernel.org # 4.3
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
security/selinux/ss/conditional.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 18643bf9894d..456e1a9bcfde 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -638,7 +638,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
{
struct avtab_node *node;
- if (!ctab || !key || !avd || !xperms)
+ if (!ctab || !key || !avd)
return;
for (node = avtab_search_node(ctab, key); node;
@@ -657,7 +657,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
avd->auditallow |= node->datum.u.data;
- if ((node->key.specified & AVTAB_ENABLED) &&
+ if (xperms && (node->key.specified & AVTAB_ENABLED) &&
(node->key.specified & AVTAB_XPERMS))
services_compute_xperms_drivers(xperms, node);
}
--
2.5.0

61
showmem-cma-correct-reserved-memory-calculation.patch
View File

@ -1,61 +0,0 @@
From 3a83eda52f34b97168b70098ef0e34dbcaeaaf8f Mon Sep 17 00:00:00 2001
From: Vishnu Pratap Singh <vishnu.ps@samsung.com>
Date: Tue, 25 Aug 2015 00:04:44 +0000
Subject: lib/show_mem.c: correct reserved memory calculation
CMA reserved memory is not part of total reserved memory.
Currently when we print the total reserve memory it considers
cma as part of reserve memory and do minus of totalcma_pages
from reserved, which is wrong. In cases where total reserved
is less than cma reserved we will get negative values & while
printing we print as unsigned and we will get a very large value.
Below is the show mem output on X86 ubuntu based system where
CMA reserved is 100MB (25600 pages) & total reserved is ~40MB(10316 pages).
And reserve memory shows a large value because of this bug.
Before:
[ 127.066430] 898908 pages RAM
[ 127.066432] 671682 pages HighMem/MovableOnly
[ 127.066434] 4294952012 pages reserved
[ 127.066436] 25600 pages cma reserved
After:
[ 44.663129] 898908 pages RAM
[ 44.663130] 671682 pages HighMem/MovableOnly
[ 44.663130] 10316 pages reserved
[ 44.663131] 25600 pages cma reserved
Signed-off-by: Vishnu Pratap Singh <vishnu.ps@samsung.com>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Danesh Petigara <dpetigara@broadcom.com>
Cc: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/show_mem.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/lib/show_mem.c b/lib/show_mem.c
index adc98e18..1feed6a 100644
--- a/lib/show_mem.c
+++ b/lib/show_mem.c
@@ -38,11 +38,9 @@ void show_mem(unsigned int filter)
printk("%lu pages RAM\n", total);
printk("%lu pages HighMem/MovableOnly\n", highmem);
+ printk("%lu pages reserved\n", reserved);
#ifdef CONFIG_CMA
- printk("%lu pages reserved\n", (reserved - totalcma_pages));
printk("%lu pages cma reserved\n", totalcma_pages);
-#else
- printk("%lu pages reserved\n", reserved);
#endif
#ifdef CONFIG_QUICKLIST
printk("%lu pages in pagetable cache\n",
--
cgit v0.11.2

6
sources
View File

@ -1,3 +1,3 @@
3d5ea06d767e2f35c999eeadafc76523 linux-4.2.tar.xz
4c964bfba54d65b5b54cc898baddecad perf-man-4.2.tar.gz
c000fd7de765fc8cd60942aa52a996ed patch-4.2.8.xz
58b35794eee3b6d52ce7be39357801e7 linux-4.3.tar.xz
7c516c9528b9f9aac0136944b0200b7e perf-man-4.3.tar.gz
d3235b3640ae6ac1ab579171943fda4b patch-4.3.3.xz

42
vrf-fix-memory-leak-on-registration.patch Normal file
View File

@ -0,0 +1,42 @@
From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 15 Dec 2015 15:12:43 +0000
Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
The backported version of commit 7f109f7cc371 ("vrf: fix double free
and memory corruption on register_netdevice failure") incorrectly
removed a kfree() from the failure path as well as the free_netdev().
Add that back.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/net/vrf.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index c9e309c..6c25fd0 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
{
struct net_vrf *vrf = netdev_priv(dev);
struct net_vrf_dev *vrf_ptr;
+ int err;
if (!data || !data[IFLA_VRF_TABLE])
return -EINVAL;
@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
- return register_netdev(dev);
+ err = register_netdev(dev);
+ if (err)
+ kfree(vrf_ptr);
+ return err;
}
static size_t vrf_nl_getsize(const struct net_device *dev)
--
2.5.0

7
x86-Lock-down-IO-port-access-when-module-security-is.patch
View File

@ -1,6 +1,8 @@
From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
enabled
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO register
@ -65,3 +67,6 @@ index 6b1721f978c2..53fe675f9bd7 100644
if (!access_ok(VERIFY_READ, buf, count))
return -EFAULT;
while (count-- > 0 && i < 65536) {
--
2.4.3

7
x86-Restrict-MSR-access-when-module-loading-is-restr.patch
View File

@ -1,6 +1,8 @@
From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
restricted
Writing to MSRs should not be allowed if module loading is restricted,
since it could lead to execution of arbitrary code in kernel mode. Based
@ -37,3 +39,6 @@ index 113e70784854..26c2f83fc470 100644
if (copy_from_user(&regs, uregs, sizeof regs)) {
err = -EFAULT;
break;
--
2.4.3