rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Linux v3.19-rc2 

- Temporarily disable aarch64patches
- Happy New Year
This commit is contained in:
Josh Boyer 2015-01-05 16:09:49 -05:00
parent bfe354a1c3
commit 208228cebd
77 changed files with 248 additions and 2718 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ARM-tegra-usb-no-reset.patch
View File

@ -9,10 +9,10 @@ Patch for disconnect issues with storage attached to a
1 file changed, 7 insertions(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index b649fef2e35d..fb89290710ad 100644
index aeb50bb6ba9c..5859e12dd498 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5023,6 +5023,13 @@ static void hub_event(struct work_struct *work)
@@ -5021,6 +5021,13 @@ static void hub_event(struct work_struct *work)
(u16) hub->change_bits[0],
(u16) hub->event_bits[0]);

6
Add-EFI-signature-data-types.patch
View File

@ -14,10 +14,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 130ba866a24a..58d7feadd149 100644
index 16ec1c00919d..b7cb7dc5ebb4 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -586,6 +586,12 @@ void efi_native_runtime_setup(void);
@@ -589,6 +589,12 @@ void efi_native_runtime_setup(void);
#define DEVICE_TREE_GUID \
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
@ -30,7 +30,7 @@ index 130ba866a24a..58d7feadd149 100644
typedef struct {
efi_guid_t guid;
u64 table;
@@ -801,6 +807,20 @@ typedef struct _efi_file_io_interface {
@@ -804,6 +810,20 @@ typedef struct _efi_file_io_interface {
#define EFI_INVALID_TABLE_ADDR (~0UL)

4
Add-an-EFI-signature-blob-parser-and-key-loader.patch
View File

@ -159,10 +159,10 @@ index 000000000000..424896a0b169
+ return 0;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 58d7feadd149..b1d686e9175e 100644
index b7cb7dc5ebb4..fb972b96959a 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -919,6 +919,10 @@ extern bool efi_poweroff_required(void);
@@ -923,6 +923,10 @@ extern bool efi_poweroff_required(void);
char * __init efi_md_typeattr_format(char *buf, size_t size,
const efi_memory_desc_t *md);

16
Add-option-to-automatically-enforce-module-signature.patch
View File

@ -33,10 +33,10 @@ index 199f453cb4de..ec38acf00b40 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 41a503c15862..7b8969db8398 100644
index ba397bde7948..d4c55ee9f1ac 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1611,6 +1611,16 @@ config EFI_MIXED
@@ -1656,6 +1656,16 @@ config EFI_MIXED
If unsure, say N.
@ -54,7 +54,7 @@ index 41a503c15862..7b8969db8398 100644
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 1acf605a646d..6da2da7ac9c3 100644
index 92b9a5f2aed6..2192da755e34 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
@ -129,10 +129,10 @@ index 225b0988043a..90dbfb73e11f 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index ab08aa2276fb..f4eb99432db1 100644
index ab4734e5411d..5d52d67d5097 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1150,6 +1150,12 @@ void __init setup_arch(char **cmdline_p)
@@ -1152,6 +1152,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
@ -146,7 +146,7 @@ index ab08aa2276fb..f4eb99432db1 100644
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index 341a73ecea2e..cca08ac450e2 100644
index 089de6be8062..6a586a83ba7e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
@ -163,10 +163,10 @@ index 341a73ecea2e..cca08ac450e2 100644
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index 6507ffcb5445..cace4bd04956 100644
index fd8c5495fdc6..5f8c11de61fe 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3845,6 +3845,13 @@ void module_layout(struct module *mod,
@@ -3851,6 +3851,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif

10
Add-secure_modules-call.patch
View File

@ -16,10 +16,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 71f282a4e307..341a73ecea2e 100644
index ebfb0e153c6a..089de6be8062 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb);
@@ -502,6 +502,8 @@ int unregister_module_notifier(struct notifier_block *nb);
extern void print_modules(void);
@ -28,7 +28,7 @@ index 71f282a4e307..341a73ecea2e 100644
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
@@ -612,6 +614,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
static inline void print_modules(void)
{
}
@ -41,10 +41,10 @@ index 71f282a4e307..341a73ecea2e 100644
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
index 88cec1ddb1e3..6507ffcb5445 100644
index 3965511ae133..fd8c5495fdc6 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3844,3 +3844,13 @@ void module_layout(struct module *mod,
@@ -3850,3 +3850,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif

6
Add-sysrq-option-to-disable-secure-boot-mode.patch
View File

@ -15,7 +15,7 @@ Upstream-status: Fedora mustard
7 files changed, 65 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index bc31a43b31a0..5f80d12a55cb 100644
index b40d6174242f..0ee7749bad74 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -70,6 +70,11 @@
@ -228,10 +228,10 @@ index 379650b984f8..070f29fefdc2 100644
return 0;
diff --git a/kernel/module.c b/kernel/module.c
index cace4bd04956..a33be993df25 100644
index 5f8c11de61fe..13bed977f554 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -108,9 +108,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
@@ -107,9 +107,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
#ifdef CONFIG_MODULE_SIG
#ifdef CONFIG_MODULE_SIG_FORCE

84
HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch
View File

@ -1,84 +0,0 @@
From: Alan Wu <alan.c.wu@gmail.com>
Date: Mon, 3 Nov 2014 18:26:12 -0800
Subject: [PATCH] HID: add support for MS Surface Pro 3 Type Cover
Surface Pro 3 Type Cover that works with Ubuntu (and possibly Arch) from this thread. Both trackpad and keyboard work after compiling my own kernel.
http://ubuntuforums.org/showthread.php?t=2231207&page=2&s=44910e0c56047e4f93dfd9fea58121ef
Also includes Jarrad Whitaker's message which sources
http://winaero.com/blog/how-to-install-linux-on-surface-pro-3/
which he says is sourced from a Russian site
Signed-off-by: Alan Wu <alan.c.wu@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
drivers/hid/hid-core.c | 6 ++++++
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-microsoft.c | 2 ++
drivers/hid/usbhid/hid-quirks.c | 1 +
4 files changed, 10 insertions(+)
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 3402033fa52a..3d3820ecaa49 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -702,6 +702,11 @@ static void hid_scan_collection(struct hid_parser *parser, unsigned type)
if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
type == HID_COLLECTION_PHYSICAL)
hid->group = HID_GROUP_SENSOR_HUB;
+
+ if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
+ hid->product == USB_DEVICE_ID_MS_TYPE_COVER_3 &&
+ hid->group == HID_GROUP_MULTITOUCH)
+ hid->group = HID_GROUP_GENERIC;
}
static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
@@ -1862,6 +1867,7 @@ static const struct hid_device_id hid_have_special_driver[] = {
{ HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_DIGITAL_MEDIA_3K) },
{ HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_WIRELESS_OPTICAL_DESKTOP_3_0) },
{ HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_OFFICE_KB) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_3) },
{ HID_USB_DEVICE(USB_VENDOR_ID_MONTEREY, USB_DEVICE_ID_GENIUS_KB29E) },
{ HID_USB_DEVICE(USB_VENDOR_ID_MSI, USB_DEVICE_ID_MSI_GT683R_LED_PANEL) },
{ HID_USB_DEVICE(USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_TOUCH_SCREEN) },
diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
index 7c863738e419..ab562f41c00c 100644
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -649,6 +649,7 @@
#define USB_DEVICE_ID_MS_SURFACE_PRO_2 0x0799
#define USB_DEVICE_ID_MS_TOUCH_COVER_2 0x07a7
#define USB_DEVICE_ID_MS_TYPE_COVER_2 0x07a9
+#define USB_DEVICE_ID_MS_TYPE_COVER_3 0x07dc
#define USB_VENDOR_ID_MOJO 0x8282
#define USB_DEVICE_ID_RETRO_ADAPTER 0x3201
diff --git a/drivers/hid/hid-microsoft.c b/drivers/hid/hid-microsoft.c
index 8ba17a946f2a..cacda43f6a6f 100644
--- a/drivers/hid/hid-microsoft.c
+++ b/drivers/hid/hid-microsoft.c
@@ -274,6 +274,8 @@ static const struct hid_device_id ms_devices[] = {
.driver_data = MS_NOGET },
{ HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_COMFORT_MOUSE_4500),
.driver_data = MS_DUPLICATE_USAGES },
+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_3),
+ .driver_data = MS_HIDINPUT },
{ HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_PRESENTER_8K_BT),
.driver_data = MS_PRESENTER },
diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c
index 552671ee7c5d..41814fced1cc 100644
--- a/drivers/hid/usbhid/hid-quirks.c
+++ b/drivers/hid/usbhid/hid-quirks.c
@@ -78,6 +78,7 @@ static const struct hid_blacklist {
{ USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_3, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_MSI, USB_DEVICE_ID_MSI_GT683R_LED_PANEL, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_NEXIO, USB_DEVICE_ID_NEXIO_MULTITOUCH_PTI0750, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_NOVATEK, USB_DEVICE_ID_NOVATEK_MOUSE, HID_QUIRK_NO_INIT_REPORTS },
--
2.1.0

479
Input-add-driver-for-the-Goodix-touchpanel.patch
View File

@ -1,479 +0,0 @@
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 31 Oct 2014 09:26:16 -0700
Subject: [PATCH] Input: add driver for the Goodix touchpanel
Add a driver for the Goodix touchscreen panel found in Onda v975w tablets.
The driver is based off the Android driver gt9xx.c found in some Android
code dumps, but now bears no resemblance to the original driver.
The driver was tested on the aforementioned tablet.
Signed-off-by: Bastien Nocera <hadess@hadess.net>
Tested-by: Bastien Nocera <hadess@hadess.net>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---
MAINTAINERS | 6 +
drivers/input/touchscreen/Kconfig | 13 ++
drivers/input/touchscreen/Makefile | 1 +
drivers/input/touchscreen/goodix.c | 395 +++++++++++++++++++++++++++++++++++++
4 files changed, 415 insertions(+)
create mode 100644 drivers/input/touchscreen/goodix.c
diff --git a/MAINTAINERS b/MAINTAINERS
index c721042e7e45..738708f8b75f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4154,6 +4154,12 @@ L: linux-media@vger.kernel.org
S: Maintained
F: drivers/media/usb/go7007/
+GOODIX TOUCHSCREEN
+M: Bastien Nocera <hadess@hadess.net>
+L: linux-input@vger.kernel.org
+S: Maintained
+F: drivers/input/touchscreen/goodix.c
+
GPIO SUBSYSTEM
M: Linus Walleij <linus.walleij@linaro.org>
M: Alexandre Courbot <gnurou@gmail.com>
diff --git a/drivers/input/touchscreen/Kconfig b/drivers/input/touchscreen/Kconfig
index e1d8003d01f8..568a0200fbc2 100644
--- a/drivers/input/touchscreen/Kconfig
+++ b/drivers/input/touchscreen/Kconfig
@@ -295,6 +295,19 @@ config TOUCHSCREEN_FUJITSU
To compile this driver as a module, choose M here: the
module will be called fujitsu-ts.
+config TOUCHSCREEN_GOODIX
+ tristate "Goodix I2C touchscreen"
+ depends on I2C && ACPI
+ help
+ Say Y here if you have the Goodix touchscreen (such as one
+ installed in Onda v975w tablets) connected to your
+ system.
+
+ If unsure, say N.
+
+ To compile this driver as a module, choose M here: the
+ module will be called goodix.
+
config TOUCHSCREEN_ILI210X
tristate "Ilitek ILI210X based touchscreen"
depends on I2C
diff --git a/drivers/input/touchscreen/Makefile b/drivers/input/touchscreen/Makefile
index 090e61cc9171..dab4a56ac98e 100644
--- a/drivers/input/touchscreen/Makefile
+++ b/drivers/input/touchscreen/Makefile
@@ -34,6 +34,7 @@ obj-$(CONFIG_TOUCHSCREEN_EETI) += eeti_ts.o
obj-$(CONFIG_TOUCHSCREEN_ELO) += elo.o
obj-$(CONFIG_TOUCHSCREEN_EGALAX) += egalax_ts.o
obj-$(CONFIG_TOUCHSCREEN_FUJITSU) += fujitsu_ts.o
+obj-$(CONFIG_TOUCHSCREEN_GOODIX) += goodix.o
obj-$(CONFIG_TOUCHSCREEN_ILI210X) += ili210x.o
obj-$(CONFIG_TOUCHSCREEN_INEXIO) += inexio.o
obj-$(CONFIG_TOUCHSCREEN_INTEL_MID) += intel-mid-touch.o
diff --git a/drivers/input/touchscreen/goodix.c b/drivers/input/touchscreen/goodix.c
new file mode 100644
index 000000000000..ca196689f025
--- /dev/null
+++ b/drivers/input/touchscreen/goodix.c
@@ -0,0 +1,395 @@
+/*
+ * Driver for Goodix Touchscreens
+ *
+ * Copyright (c) 2014 Red Hat Inc.
+ *
+ * This code is based on gt9xx.c authored by andrew@goodix.com:
+ *
+ * 2010 - 2012 Goodix Technology.
+ */
+
+/*
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; version 2 of the License.
+ */
+
+#include <linux/kernel.h>
+#include <linux/i2c.h>
+#include <linux/input.h>
+#include <linux/input/mt.h>
+#include <linux/module.h>
+#include <linux/delay.h>
+#include <linux/irq.h>
+#include <linux/interrupt.h>
+#include <linux/slab.h>
+#include <asm/unaligned.h>
+
+struct goodix_ts_data {
+ struct i2c_client *client;
+ struct input_dev *input_dev;
+ int abs_x_max;
+ int abs_y_max;
+ unsigned int max_touch_num;
+ unsigned int int_trigger_type;
+};
+
+#define GOODIX_MAX_HEIGHT 4096
+#define GOODIX_MAX_WIDTH 4096
+#define GOODIX_INT_TRIGGER 1
+#define GOODIX_CONTACT_SIZE 8
+#define GOODIX_MAX_CONTACTS 10
+
+#define GOODIX_CONFIG_MAX_LENGTH 240
+
+/* Register defines */
+#define GOODIX_READ_COOR_ADDR 0x814E
+#define GOODIX_REG_CONFIG_DATA 0x8047
+#define GOODIX_REG_VERSION 0x8140
+
+#define RESOLUTION_LOC 1
+#define TRIGGER_LOC 6
+
+static const unsigned long goodix_irq_flags[] = {
+ IRQ_TYPE_EDGE_RISING,
+ IRQ_TYPE_EDGE_FALLING,
+ IRQ_TYPE_LEVEL_LOW,
+ IRQ_TYPE_LEVEL_HIGH,
+};
+
+/**
+ * goodix_i2c_read - read data from a register of the i2c slave device.
+ *
+ * @client: i2c device.
+ * @reg: the register to read from.
+ * @buf: raw write data buffer.
+ * @len: length of the buffer to write
+ */
+static int goodix_i2c_read(struct i2c_client *client,
+ u16 reg, u8 *buf, int len)
+{
+ struct i2c_msg msgs[2];
+ u16 wbuf = cpu_to_be16(reg);
+ int ret;
+
+ msgs[0].flags = 0;
+ msgs[0].addr = client->addr;
+ msgs[0].len = 2;
+ msgs[0].buf = (u8 *) &wbuf;
+
+ msgs[1].flags = I2C_M_RD;
+ msgs[1].addr = client->addr;
+ msgs[1].len = len;
+ msgs[1].buf = buf;
+
+ ret = i2c_transfer(client->adapter, msgs, 2);
+ return ret < 0 ? ret : (ret != ARRAY_SIZE(msgs) ? -EIO : 0);
+}
+
+static int goodix_ts_read_input_report(struct goodix_ts_data *ts, u8 *data)
+{
+ int touch_num;
+ int error;
+
+ error = goodix_i2c_read(ts->client, GOODIX_READ_COOR_ADDR, data,
+ GOODIX_CONTACT_SIZE + 1);
+ if (error) {
+ dev_err(&ts->client->dev, "I2C transfer error: %d\n", error);
+ return error;
+ }
+
+ touch_num = data[0] & 0x0f;
+ if (touch_num > GOODIX_MAX_CONTACTS)
+ return -EPROTO;
+
+ if (touch_num > 1) {
+ data += 1 + GOODIX_CONTACT_SIZE;
+ error = goodix_i2c_read(ts->client,
+ GOODIX_READ_COOR_ADDR +
+ 1 + GOODIX_CONTACT_SIZE,
+ data,
+ GOODIX_CONTACT_SIZE * (touch_num - 1));
+ if (error)
+ return error;
+ }
+
+ return touch_num;
+}
+
+static void goodix_ts_report_touch(struct goodix_ts_data *ts, u8 *coor_data)
+{
+ int id = coor_data[0] & 0x0F;
+ int input_x = get_unaligned_le16(&coor_data[1]);
+ int input_y = get_unaligned_le16(&coor_data[3]);
+ int input_w = get_unaligned_le16(&coor_data[5]);
+
+ input_mt_slot(ts->input_dev, id);
+ input_mt_report_slot_state(ts->input_dev, MT_TOOL_FINGER, true);
+ input_report_abs(ts->input_dev, ABS_MT_POSITION_X, input_x);
+ input_report_abs(ts->input_dev, ABS_MT_POSITION_Y, input_y);
+ input_report_abs(ts->input_dev, ABS_MT_TOUCH_MAJOR, input_w);
+ input_report_abs(ts->input_dev, ABS_MT_WIDTH_MAJOR, input_w);
+}
+
+/**
+ * goodix_process_events - Process incoming events
+ *
+ * @ts: our goodix_ts_data pointer
+ *
+ * Called when the IRQ is triggered. Read the current device state, and push
+ * the input events to the user space.
+ */
+static void goodix_process_events(struct goodix_ts_data *ts)
+{
+ u8 point_data[1 + GOODIX_CONTACT_SIZE * GOODIX_MAX_CONTACTS];
+ int touch_num;
+ int i;
+
+ touch_num = goodix_ts_read_input_report(ts, point_data);
+ if (touch_num < 0)
+ return;
+
+ for (i = 0; i < touch_num; i++)
+ goodix_ts_report_touch(ts,
+ &point_data[1 + GOODIX_CONTACT_SIZE * i]);
+
+ input_mt_sync_frame(ts->input_dev);
+ input_sync(ts->input_dev);
+}
+
+/**
+ * goodix_ts_irq_handler - The IRQ handler
+ *
+ * @irq: interrupt number.
+ * @dev_id: private data pointer.
+ */
+static irqreturn_t goodix_ts_irq_handler(int irq, void *dev_id)
+{
+ static const u8 end_cmd[] = {
+ GOODIX_READ_COOR_ADDR >> 8,
+ GOODIX_READ_COOR_ADDR & 0xff,
+ 0
+ };
+ struct goodix_ts_data *ts = dev_id;
+
+ goodix_process_events(ts);
+
+ if (i2c_master_send(ts->client, end_cmd, sizeof(end_cmd)) < 0)
+ dev_err(&ts->client->dev, "I2C write end_cmd error\n");
+
+ return IRQ_HANDLED;
+}
+
+/**
+ * goodix_read_config - Read the embedded configuration of the panel
+ *
+ * @ts: our goodix_ts_data pointer
+ *
+ * Must be called during probe
+ */
+static void goodix_read_config(struct goodix_ts_data *ts)
+{
+ u8 config[GOODIX_CONFIG_MAX_LENGTH];
+ int error;
+
+ error = goodix_i2c_read(ts->client, GOODIX_REG_CONFIG_DATA,
+ config,
+ GOODIX_CONFIG_MAX_LENGTH);
+ if (error) {
+ dev_warn(&ts->client->dev,
+ "Error reading config (%d), using defaults\n",
+ error);
+ ts->abs_x_max = GOODIX_MAX_WIDTH;
+ ts->abs_y_max = GOODIX_MAX_HEIGHT;
+ ts->int_trigger_type = GOODIX_INT_TRIGGER;
+ return;
+ }
+
+ ts->abs_x_max = get_unaligned_le16(&config[RESOLUTION_LOC]);
+ ts->abs_y_max = get_unaligned_le16(&config[RESOLUTION_LOC + 2]);
+ ts->int_trigger_type = (config[TRIGGER_LOC]) & 0x03;
+ if (!ts->abs_x_max || !ts->abs_y_max) {
+ dev_err(&ts->client->dev,
+ "Invalid config, using defaults\n");
+ ts->abs_x_max = GOODIX_MAX_WIDTH;
+ ts->abs_y_max = GOODIX_MAX_HEIGHT;
+ }
+}
+
+
+/**
+ * goodix_read_version - Read goodix touchscreen version
+ *
+ * @client: the i2c client
+ * @version: output buffer containing the version on success
+ */
+static int goodix_read_version(struct i2c_client *client, u16 *version)
+{
+ int error;
+ u8 buf[6];
+
+ error = goodix_i2c_read(client, GOODIX_REG_VERSION, buf, sizeof(buf));
+ if (error) {
+ dev_err(&client->dev, "read version failed: %d\n", error);
+ return error;
+ }
+
+ if (version)
+ *version = get_unaligned_le16(&buf[4]);
+
+ dev_info(&client->dev, "IC VERSION: %6ph\n", buf);
+
+ return 0;
+}
+
+/**
+ * goodix_i2c_test - I2C test function to check if the device answers.
+ *
+ * @client: the i2c client
+ */
+static int goodix_i2c_test(struct i2c_client *client)
+{
+ int retry = 0;
+ int error;
+ u8 test;
+
+ while (retry++ < 2) {
+ error = goodix_i2c_read(client, GOODIX_REG_CONFIG_DATA,
+ &test, 1);
+ if (!error)
+ return 0;
+
+ dev_err(&client->dev, "i2c test failed attempt %d: %d\n",
+ retry, error);
+ msleep(20);
+ }
+
+ return error;
+}
+
+/**
+ * goodix_request_input_dev - Allocate, populate and register the input device
+ *
+ * @ts: our goodix_ts_data pointer
+ *
+ * Must be called during probe
+ */
+static int goodix_request_input_dev(struct goodix_ts_data *ts)
+{
+ int error;
+
+ ts->input_dev = devm_input_allocate_device(&ts->client->dev);
+ if (!ts->input_dev) {
+ dev_err(&ts->client->dev, "Failed to allocate input device.");
+ return -ENOMEM;
+ }
+
+ ts->input_dev->evbit[0] = BIT_MASK(EV_SYN) |
+ BIT_MASK(EV_KEY) |
+ BIT_MASK(EV_ABS);
+
+ input_set_abs_params(ts->input_dev, ABS_MT_POSITION_X, 0,
+ ts->abs_x_max, 0, 0);
+ input_set_abs_params(ts->input_dev, ABS_MT_POSITION_Y, 0,
+ ts->abs_y_max, 0, 0);
+ input_set_abs_params(ts->input_dev, ABS_MT_WIDTH_MAJOR, 0, 255, 0, 0);
+ input_set_abs_params(ts->input_dev, ABS_MT_TOUCH_MAJOR, 0, 255, 0, 0);
+
+ input_mt_init_slots(ts->input_dev, GOODIX_MAX_CONTACTS,
+ INPUT_MT_DIRECT | INPUT_MT_DROP_UNUSED);
+
+ ts->input_dev->name = "Goodix Capacitive TouchScreen";
+ ts->input_dev->phys = "input/ts";
+ ts->input_dev->id.bustype = BUS_I2C;
+ ts->input_dev->id.vendor = 0x0416;
+ ts->input_dev->id.product = 0x1001;
+ ts->input_dev->id.version = 10427;
+
+ error = input_register_device(ts->input_dev);
+ if (error) {
+ dev_err(&ts->client->dev,
+ "Failed to register input device: %d", error);
+ return error;
+ }
+
+ return 0;
+}
+
+static int goodix_ts_probe(struct i2c_client *client,
+ const struct i2c_device_id *id)
+{
+ struct goodix_ts_data *ts;
+ unsigned long irq_flags;
+ int error;
+ u16 version_info;
+
+ dev_dbg(&client->dev, "I2C Address: 0x%02x\n", client->addr);
+
+ if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
+ dev_err(&client->dev, "I2C check functionality failed.\n");
+ return -ENXIO;
+ }
+
+ ts = devm_kzalloc(&client->dev, sizeof(*ts), GFP_KERNEL);
+ if (!ts)
+ return -ENOMEM;
+
+ ts->client = client;
+ i2c_set_clientdata(client, ts);
+
+ error = goodix_i2c_test(client);
+ if (error) {
+ dev_err(&client->dev, "I2C communication failure: %d\n", error);
+ return error;
+ }
+
+ error = goodix_read_version(client, &version_info);
+ if (error) {
+ dev_err(&client->dev, "Read version failed.\n");
+ return error;
+ }
+
+ goodix_read_config(ts);
+
+ error = goodix_request_input_dev(ts);
+ if (error)
+ return error;
+
+ irq_flags = goodix_irq_flags[ts->int_trigger_type] | IRQF_ONESHOT;
+ error = devm_request_threaded_irq(&ts->client->dev, client->irq,
+ NULL, goodix_ts_irq_handler,
+ irq_flags, client->name, ts);
+ if (error) {
+ dev_err(&client->dev, "request IRQ failed: %d\n", error);
+ return error;
+ }
+
+ return 0;
+}
+
+static const struct i2c_device_id goodix_ts_id[] = {
+ { "GDIX1001:00", 0 },
+ { }
+};
+
+static const struct acpi_device_id goodix_acpi_match[] = {
+ { "GDIX1001", 0 },
+ { }
+};
+MODULE_DEVICE_TABLE(acpi, goodix_acpi_match);
+
+static struct i2c_driver goodix_ts_driver = {
+ .probe = goodix_ts_probe,
+ .id_table = goodix_ts_id,
+ .driver = {
+ .name = "Goodix-TS",
+ .owner = THIS_MODULE,
+ .acpi_match_table = goodix_acpi_match,
+ },
+};
+module_i2c_driver(goodix_ts_driver);
+
+MODULE_AUTHOR("Benjamin Tissoires <benjamin.tissoires@gmail.com>");
+MODULE_AUTHOR("Bastien Nocera <hadess@hadess.net>");
+MODULE_DESCRIPTION("Goodix touchscreen driver");
+MODULE_LICENSE("GPL v2");
--
2.1.0

4
KEYS-Add-a-system-blacklist-keyring.patch
View File

@ -29,10 +29,10 @@ index 72665eb80692..2c7b80d31366 100644
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 2081a4d3d917..d99a519bb9ae 100644
index 9afb971497f4..ea0dbdf29b75 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1747,6 +1747,15 @@ config SYSTEM_TRUSTED_KEYRING
@@ -1742,6 +1742,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.

6
Kbuild-Add-an-option-to-enable-GCC-VTA.patch
View File

@ -43,10 +43,10 @@ Signed-off-by: Josh Stone <jistone@redhat.com>
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 3f84029f2b31..46a182f02ac4 100644
index ef748e17702f..1d3e1d1fa376 100644
--- a/Makefile
+++ b/Makefile
@@ -704,7 +704,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
@@ -705,7 +705,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
endif
endif
@ -59,7 +59,7 @@ index 3f84029f2b31..46a182f02ac4 100644
ifdef CONFIG_DEBUG_INFO
ifdef CONFIG_DEBUG_INFO_SPLIT
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 4e35a5d767ed..27410417de1d 100644
index 5f2ce616c046..6525e2a5619a 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -165,7 +165,23 @@ config DEBUG_INFO_DWARF4

12
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
View File

@ -25,10 +25,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
index b1d686e9175e..4d41f4532127 100644
index fb972b96959a..581878071c85 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -592,6 +592,12 @@ void efi_native_runtime_setup(void);
@@ -595,6 +595,12 @@ void efi_native_runtime_setup(void);
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
@ -42,10 +42,10 @@ index b1d686e9175e..4d41f4532127 100644
efi_guid_t guid;
u64 table;
diff --git a/init/Kconfig b/init/Kconfig
index d99a519bb9ae..9ef459bb44b2 100644
index ea0dbdf29b75..dac9ed0f01f7 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1901,6 +1901,15 @@ config MODULE_SIG_ALL
@@ -1896,6 +1896,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
@ -62,7 +62,7 @@ index d99a519bb9ae..9ef459bb44b2 100644
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index 17ea6d4a9a24..381fe2d56ed1 100644
index a59481a3fa6c..04b4ba9e0c9d 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -45,6 +45,7 @@ obj-$(CONFIG_UID16) += uid16.o
@ -73,7 +73,7 @@ index 17ea6d4a9a24..381fe2d56ed1 100644
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
@@ -98,6 +99,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h

1
Makefile
View File

@ -54,6 +54,7 @@ debug:
@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/' config-nodebug
@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/' config-nodebug
@perl -pi -e 's/# CONFIG_X86_PTDUMP is not set/CONFIG_X86_PTDUMP=y/' config-nodebug
@perl -pi -e 's/# CONFIG_ARM64_PTDUMP is not set/CONFIG_ARM64_PTDUMP=y/' config-nodebug
@perl -pi -e 's/# CONFIG_EFI_PGT_DUMP is not set/CONFIG_EFI_PGT_DUMP=y/' config-nodebug
@perl -pi -e 's/# CONFIG_CAN_DEBUG_DEVICES is not set/CONFIG_CAN_DEBUG_DEVICES=y/' config-nodebug
@perl -pi -e 's/# CONFIG_MODULE_FORCE_UNLOAD is not set/CONFIG_MODULE_FORCE_UNLOAD=y/' config-nodebug

2
Makefile.release
View File

@ -33,7 +33,7 @@ config-release:
@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_WORK=y/# CONFIG_DEBUG_OBJECTS_WORK is not set/' config-nodebug
@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/' config-nodebug
@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/' config-nodebug
@perl -pi -e 's/CONFIG_X86_PTDUMP=y/# CONFIG_X86_PTDUMP is not set/' config-nodebug
@perl -pi -e 's/CONFIG_ARM64_PTDUMP=y/# CONFIG_ARM64_PTDUMP is not set/' config-nodebug
@perl -pi -e 's/CONFIG_EFI_PGT_DUMP=y/# CONFIG_EFI_PGT_DUMP is not set/' config-nodebug
@perl -pi -e 's/CONFIG_CAN_DEBUG_DEVICES=y/# CONFIG_CAN_DEBUG_DEVICES is not set/' config-nodebug
@perl -pi -e 's/CONFIG_MODULE_FORCE_UNLOAD=y/# CONFIG_MODULE_FORCE_UNLOAD is not set/' config-nodebug

8
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
View File

@ -16,7 +16,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 2c6643fdc0cf..56333630ab77 100644
index aa012fb3834b..35cb5e9ff9a1 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -30,6 +30,7 @@
@ -27,7 +27,7 @@ index 2c6643fdc0cf..56333630ab77 100644
#include "pci.h"
static int sysfs_initialized; /* = 0 */
@@ -703,6 +704,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
@@ -709,6 +710,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
loff_t init_off = off;
u8 *data = (u8 *) buf;
@ -37,7 +37,7 @@ index 2c6643fdc0cf..56333630ab77 100644
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
@@ -997,6 +1001,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
@@ -1003,6 +1007,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
resource_size_t start, end;
int i;
@ -47,7 +47,7 @@ index 2c6643fdc0cf..56333630ab77 100644
for (i = 0; i < PCI_ROM_RESOURCE; i++)
if (res == &pdev->resource[i])
break;
@@ -1098,6 +1105,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
@@ -1104,6 +1111,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{

6
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
View File

@ -13,10 +13,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 6 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index c268e2581ed6..fb9ea1172ba8 100644
index fc9637812d78..dde50e5bf527 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
if (p != *ppos)
return -EFBIG;
@ -26,7 +26,7 @@ index c268e2581ed6..fb9ea1172ba8 100644
if (!valid_phys_addr_range(p, count))
return -EFAULT;
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
@@ -505,6 +508,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;

6
Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
View File

@ -15,10 +15,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 479f33204a37..e362ef82dcc1 100644
index 4df73da11adc..25ba093a98f1 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -3719,7 +3719,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
@@ -3792,7 +3792,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the allocated input device; If set to 0, video driver
will only send out the event without touching backlight
brightness level.
@ -28,7 +28,7 @@ index 479f33204a37..e362ef82dcc1 100644
virtio_mmio.device=
[VMMIO] Memory mapped virtio (platform) device.
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 9d75ead2a1f9..d7a0142cae8d 100644
index c72e79d2c5ad..d621997f2ed6 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot");

2
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 9964f70be98d..d95d258f606c 100644
index f9eeae871593..aa1dcf3d0216 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@

2
arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
View File

@ -8,7 +8,7 @@ Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
1 file changed, 18 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 5dcdcd173572..38439e097b26 100644
index 0fd89c38cf02..20660917a06f 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -71,6 +71,24 @@

5
arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
View File

@ -11,10 +11,10 @@ Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
1 file changed, 13 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 901739fcb85a..5dcdcd173572 100644
index 5c42d259fa68..0fd89c38cf02 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -78,5 +78,18 @@
@@ -78,6 +78,19 @@
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
status = "okay";
@ -33,6 +33,7 @@ index 901739fcb85a..5dcdcd173572 100644
+ };
};
};
--
2.1.0

213
arm-dts-sun7i-bananapi.patch
View File

@ -1,213 +0,0 @@
From: Hans de Goede <hdegoede@redhat.com>
Date: Tue, 30 Sep 2014 14:29:26 +0100
Subject: [PATCH] arm: dts sun7i bananapi
The Banana Pi is an A20 based development board using Raspberry Pi compatible
IO headers. It comes with 1 GB RAM, 1 Gb ethernet, 2x USB host, sata, hdmi
and stereo audio out + various expenansion headers:
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
---
arch/arm/boot/dts/Makefile | 1 +
arch/arm/boot/dts/sun7i-a20-bananapi.dts | 177 +++++++++++++++++++++++++++++++
2 files changed, 178 insertions(+)
create mode 100644 arch/arm/boot/dts/sun7i-a20-bananapi.dts
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
index 38c89cafa1ab..63422bde3a46 100644
--- a/arch/arm/boot/dts/Makefile
+++ b/arch/arm/boot/dts/Makefile
@@ -435,6 +435,7 @@ dtb-$(CONFIG_MACH_SUN6I) += \
sun6i-a31-hummingbird.dtb \
sun6i-a31-m9.dtb
dtb-$(CONFIG_MACH_SUN7I) += \
+ sun7i-a20-bananapi.dtb \
sun7i-a20-cubieboard2.dtb \
sun7i-a20-cubietruck.dtb \
sun7i-a20-hummingbird.dtb \
diff --git a/arch/arm/boot/dts/sun7i-a20-bananapi.dts b/arch/arm/boot/dts/sun7i-a20-bananapi.dts
new file mode 100644
index 000000000000..7214475a3c36
--- /dev/null
+++ b/arch/arm/boot/dts/sun7i-a20-bananapi.dts
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2014 Hans de Goede <hdegoede@xxxxxxxxxx>
+ *
+ * The code contained herein is licensed under the GNU General Public
+ * License. You may obtain a copy of the GNU General Public License
+ * Version 2 or later at the following locations:
+ *
+ * http://www.opensource.org/licenses/gpl-license.html
+ * http://www.gnu.org/copyleft/gpl.html
+ */
+
+/dts-v1/;
+/include/ "sun7i-a20.dtsi"
+/include/ "sunxi-common-regulators.dtsi"
+
+/ {
+ model = "LeMaker Banana Pi";
+ compatible = "lemaker,bananapi", "allwinner,sun7i-a20";
+
+ soc@01c00000 {
+ mmc0: mmc@01c0f000 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bananapi>;
+ vmmc-supply = <&reg_vcc3v3>;
+ bus-width = <4>;
+ cd-gpios = <&pio 7 10 0>; /* PH10 */
+ cd-inverted;
+ status = "okay";
+ };
+
+ usbphy: phy@01c13400 {
+ usb1_vbus-supply = <&reg_usb1_vbus>;
+ usb2_vbus-supply = <&reg_usb2_vbus>;
+ status = "okay";
+ };
+
+ ehci0: usb@01c14000 {
+ status = "okay";
+ };
+
+ ohci0: usb@01c14400 {
+ status = "okay";
+ };
+
+ ahci: sata@01c18000 {
+ status = "okay";
+ };
+
+ ehci1: usb@01c1c000 {
+ status = "okay";
+ };
+
+ ohci1: usb@01c1c400 {
+ status = "okay";
+ };
+
+ pinctrl@01c20800 {
+ uart3_pins_bananapi: uart3_pin@0 {
+ allwinner,pins = "PH0", "PH1";
+ allwinner,function = "uart3";
+ allwinner,drive = <0>;
+ allwinner,pull = <0>;
+ };
+
+ mmc0_cd_pin_bananapi: mmc0_cd_pin@0 {
+ allwinner,pins = "PH10";
+ allwinner,function = "gpio_in";
+ allwinner,drive = <0>;
+ allwinner,pull = <1>;
+ };
+
+ gmac_power_pin_bananapi: gmac_power_pin@0 {
+ allwinner,pins = "PH23";
+ allwinner,function = "gpio_out";
+ allwinner,drive = <0>;
+ allwinner,pull = <0>;
+ };
+
+ led_pins_bananapi: led_pins@0 {
+ allwinner,pins = "PH24";
+ allwinner,function = "gpio_out";
+ allwinner,drive = <0>;
+ allwinner,pull = <0>;
+ };
+ };
+
+ ir0: ir@01c21800 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&ir0_pins_a>;
+ status = "okay";
+ };
+
+ uart0: serial@01c28000 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart0_pins_a>;
+ status = "okay";
+ };
+
+ uart3: serial@01c28c00 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart3_pins_bananapi>;
+ status = "okay";
+ };
+
+ uart7: serial@01c29c00 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart7_pins_a>;
+ status = "okay";
+ };
+
+ i2c0: i2c@01c2ac00 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c0_pins_a>;
+ status = "okay";
+
+ axp209: pmic@34 {
+ compatible = "x-powers,axp209";
+ reg = <0x34>;
+ interrupt-parent = <&nmi_intc>;
+ interrupts = <0 8>;
+
+ interrupt-controller;
+ #interrupt-cells = <1>;
+ };
+ };
+
+ i2c2: i2c@01c2b400 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c2_pins_a>;
+ status = "okay";
+ };
+
+ gmac: ethernet@01c50000 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&gmac_pins_rgmii_a>;
+ phy = <&phy1>;
+ phy-mode = "rgmii";
+ phy-supply = <&reg_gmac_3v3>;
+ status = "okay";
+
+ phy1: ethernet-phy@1 {
+ reg = <1>;
+ };
+ };
+ };
+
+ leds {
+ compatible = "gpio-leds";
+ pinctrl-names = "default";
+ pinctrl-0 = <&led_pins_bananapi>;
+
+ green {
+ label = "bananapi:green:usr";
+ gpios = <&pio 7 24 0>;
+ };
+ };
+
+ reg_usb1_vbus: usb1-vbus {
+ status = "okay";
+ };
+
+ reg_usb2_vbus: usb2-vbus {
+ status = "okay";
+ };
+
+ reg_gmac_3v3: gmac-3v3 {
+ compatible = "regulator-fixed";
+ pinctrl-names = "default";
+ pinctrl-0 = <&gmac_power_pin_bananapi>;
+ regulator-name = "gmac-3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ startup-delay-us = <50000>;
+ enable-active-high;
+ gpio = <&pio 7 23 0>;
+ };
+};
--
2.1.0

8
asus-wmi-Restrict-debugfs-interface-when-module-load.patch
View File

@ -15,10 +15,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index 21fc932da3a1..c6d42ad95c08 100644
index 7543a56e0f45..93b5a6998371 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1590,6 +1590,9 @@ static int show_dsts(struct seq_file *m, void *data)
@@ -1589,6 +1589,9 @@ static int show_dsts(struct seq_file *m, void *data)
int err;
u32 retval = -1;
@ -28,7 +28,7 @@ index 21fc932da3a1..c6d42ad95c08 100644
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0)
@@ -1606,6 +1609,9 @@ static int show_devs(struct seq_file *m, void *data)
@@ -1605,6 +1608,9 @@ static int show_devs(struct seq_file *m, void *data)
int err;
u32 retval = -1;
@ -38,7 +38,7 @@ index 21fc932da3a1..c6d42ad95c08 100644
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval);
@@ -1630,6 +1636,9 @@ static int show_call(struct seq_file *m, void *data)
@@ -1629,6 +1635,9 @@ static int show_call(struct seq_file *m, void *data)
union acpi_object *obj;
acpi_status status;

6
ath9k-rx-dma-stop-check.patch
View File

@ -7,10 +7,10 @@ Subject: [PATCH] ath9k: rx dma stop check
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c
index 275205ab5f15..bb842623bdf6 100644
index 3e58bfa0c1fd..406eea47256e 100644
--- a/drivers/net/wireless/ath/ath9k/mac.c
+++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -700,7 +700,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
@@ -693,7 +693,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
{
#define AH_RX_STOP_DMA_TIMEOUT 10000 /* usec */
struct ath_common *common = ath9k_hw_common(ah);
@ -19,7 +19,7 @@ index 275205ab5f15..bb842623bdf6 100644
int i;
/* Enable access to the DMA observation bus */
@@ -730,6 +730,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
@@ -723,6 +723,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
}
if (i == 0) {

79
blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch
View File

@ -1,79 +0,0 @@
From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 10 Dec 2014 16:38:30 +0100
Subject: [PATCH] blk-mq: Fix uninitialized kobject at CPU hotplugging
When a CPU is hotplugged, the current blk-mq spews a warning like:
kobject '(null)' (ffffe8ffffc8b5d8): tried to add an uninitialized object, something is seriously wrong.
CPU: 1 PID: 1386 Comm: systemd-udevd Not tainted 3.18.0-rc7-2.g088d59b-default #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_171129-lamiak 04/01/2014
0000000000000000 0000000000000002 ffffffff81605f07 ffffe8ffffc8b5d8
ffffffff8132c7a0 ffff88023341d370 0000000000000020 ffff8800bb05bd58
ffff8800bb05bd08 000000000000a0a0 000000003f441940 0000000000000007
Call Trace:
[<ffffffff81005306>] dump_trace+0x86/0x330
[<ffffffff81005644>] show_stack_log_lvl+0x94/0x170
[<ffffffff81006d21>] show_stack+0x21/0x50
[<ffffffff81605f07>] dump_stack+0x41/0x51
[<ffffffff8132c7a0>] kobject_add+0xa0/0xb0
[<ffffffff8130aee1>] blk_mq_register_hctx+0x91/0xb0
[<ffffffff8130b82e>] blk_mq_sysfs_register+0x3e/0x60
[<ffffffff81309298>] blk_mq_queue_reinit_notify+0xf8/0x190
[<ffffffff8107cfdc>] notifier_call_chain+0x4c/0x70
[<ffffffff8105fd23>] cpu_notify+0x23/0x50
[<ffffffff81060037>] _cpu_up+0x157/0x170
[<ffffffff810600d9>] cpu_up+0x89/0xb0
[<ffffffff815fa5b5>] cpu_subsys_online+0x35/0x80
[<ffffffff814323cd>] device_online+0x5d/0xa0
[<ffffffff81432485>] online_store+0x75/0x80
[<ffffffff81236a5a>] kernfs_fop_write+0xda/0x150
[<ffffffff811c5532>] vfs_write+0xb2/0x1f0
[<ffffffff811c5f42>] SyS_write+0x42/0xb0
[<ffffffff8160c4ed>] system_call_fastpath+0x16/0x1b
[<00007f0132fb24e0>] 0x7f0132fb24e0
This is indeed because of an uninitialized kobject for blk_mq_ctx.
The blk_mq_ctx kobjects are initialized in blk_mq_sysfs_init(), but it
goes loop over hctx_for_each_ctx(), i.e. it initializes only for
online CPUs. Thus, when a CPU is hotplugged, the ctx for the newly
onlined CPU is registered without initialization.
This patch fixes the issue by initializing the all ctx kobjects
belonging to each queue.
Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=908794
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
---
block/blk-mq-sysfs.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
index 371d8800b48a..1630a20d5dcf 100644
--- a/block/blk-mq-sysfs.c
+++ b/block/blk-mq-sysfs.c
@@ -390,16 +390,15 @@ static void blk_mq_sysfs_init(struct request_queue *q)
{
struct blk_mq_hw_ctx *hctx;
struct blk_mq_ctx *ctx;
- int i, j;
+ int i;
kobject_init(&q->mq_kobj, &blk_mq_ktype);
- queue_for_each_hw_ctx(q, hctx, i) {
+ queue_for_each_hw_ctx(q, hctx, i)
kobject_init(&hctx->kobj, &blk_mq_hw_ktype);
- hctx_for_each_ctx(hctx, ctx, j)
- kobject_init(&ctx->kobj, &blk_mq_ctx_ktype);
- }
+ queue_for_each_ctx(q, ctx, i)
+ kobject_init(&ctx->kobj, &blk_mq_ctx_ktype);
}
/* see blk_register_queue() */
--
2.1.0

41
cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch
View File

@ -1,41 +0,0 @@
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Tue, 2 Dec 2014 09:53:25 +0200
Subject: [PATCH] cfg80211: don't WARN about two consecutive Country IE hint
This can happen and there is no point in added more
detection code lower in the stack. Catching these in one
single point (cfg80211) is enough. Stop WARNING about this
case.
This fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=89001
Cc: <stable@vger.kernel.org>
Fixes: 2f1c6c572d7b ("cfg80211: process non country IE conflicting first")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Acked-by: Luis R. Rodriguez <mcgrof@suse.com>
---
net/wireless/reg.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index b725a31a4751..695f12b2c176 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1839,11 +1839,8 @@ __reg_process_hint_country_ie(struct wiphy *wiphy,
return REG_REQ_IGNORE;
return REG_REQ_ALREADY_SET;
}
- /*
- * Two consecutive Country IE hints on the same wiphy.
- * This should be picked up early by the driver/stack
- */
- if (WARN_ON(regdom_changes(country_ie_request->alpha2)))
+
+ if (regdom_changes(country_ie_request->alpha2))
return REG_REQ_OK;
return REG_REQ_ALREADY_SET;
}
--
2.1.0

4
config-arm-generic
View File

@ -40,6 +40,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y
# ARM AMBA generic HW
CONFIG_ARM_AMBA=y
# CONFIG_TEGRA_AHB is not set
CONFIG_ARM_CCI=y
CONFIG_ARM_CCN=y
CONFIG_ARM_DMA_USE_IOMMU=y
@ -79,6 +80,7 @@ CONFIG_POWER_RESET_VERSATILE=y
CONFIG_DTC=y
CONFIG_DMA_OF=y
CONFIG_OF=y
# CONFIG_OF_UNITTEST is not set
CONFIG_OF_ADDRESS=y
CONFIG_OF_DYNAMIC=y
CONFIG_OF_EARLY_FLATTREE=y
@ -134,6 +136,7 @@ CONFIG_BACKLIGHT_GPIO=m
CONFIG_POWER_RESET_GPIO=y
CONFIG_POWER_RESET_GPIO_RESTART=y
CONFIG_POWER_RESET_RESTART=y
# CONFIG_GPIO_74XX_MMIO is not set
#i2c
CONFIG_I2C_ARB_GPIO_CHALLENGE=m
@ -260,6 +263,7 @@ CONFIG_CMA_AREAS=7
# CONFIG_IMX_IPUV3_CORE is not set
# CONFIG_DEBUG_SET_MODULE_RONX is not set
# CONFIG_CORESIGHT is not set
# CONFIG_LATTICE_ECP3_CONFIG is not set
# CONFIG_BMP085_SPI is not set

10
config-arm64
View File

@ -8,8 +8,16 @@ CONFIG_SCHED_SMT=y
# arm64 only SoCs
CONFIG_ARCH_XGENE=y
CONFIG_ARCH_SEATTLE=y
# CONFIG_ARCH_THUNDER is not set
# Erratum
CONFIG_ARM64_ERRATUM_826319=y
CONFIG_ARM64_ERRATUM_827319=y
CONFIG_ARM64_ERRATUM_824069=y
CONFIG_ARM64_ERRATUM_819472=y
CONFIG_ARM64_ERRATUM_832075=y
# CONFIG_AMBA_PL08X is not set
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
CONFIG_ARCH_REQUIRE_GPIOLIB=y
@ -78,6 +86,7 @@ CONFIG_CRYPTO_AES_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
CONFIG_CRYPTO_CRC32_ARM64=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
@ -133,6 +142,7 @@ CONFIG_AMD_XGBE_PHY=m
# CONFIG_AMD_XGBE_DCB is not set
# CONFIG_IMX_THERMAL is not set
# CONFIG_MMC_DW is not set
# still? 2014-11-11
# CONFIG_BPF_JIT is not set

11
config-armv7
View File

@ -114,6 +114,7 @@ CONFIG_OMAP3_EMU=y
CONFIG_SERIAL_OMAP=y
CONFIG_SERIAL_OMAP_CONSOLE=y
CONFIG_SERIAL_8250_OMAP=m
CONFIG_GPIO_TWL4030=m
CONFIG_GPIO_TWL6040=m
@ -258,7 +259,7 @@ CONFIG_SND_OMAP_SOC_DMIC=m
CONFIG_SND_OMAP_SOC_HDMI=m
CONFIG_SND_OMAP_SOC_MCBSP=m
CONFIG_SND_OMAP_SOC_MCPDM=m
CONFIG_SND_OMAP_SOC_OMAP_HDMI=m
CONFIG_SND_OMAP_SOC_HDMI_AUDIO=m
CONFIG_SND_OMAP_SOC_OMAP_ABE_TWL6040=m
CONFIG_SND_OMAP_SOC_OMAP_TWL4030=m
CONFIG_SND_OMAP_SOC_OMAP3_PANDORA=m
@ -372,6 +373,7 @@ CONFIG_SOC_IMX53=y
CONFIG_SOC_IMX6Q=y
CONFIG_SOC_IMX6SL=y
CONFIG_SOC_IMX6SX=y
# CONFIG_SOC_LS1021A is not set
# CONFIG_SOC_VF610 is not set
CONFIG_ARM_IMX6Q_CPUFREQ=m
CONFIG_PCI_IMX6=y
@ -411,6 +413,8 @@ CONFIG_CRYPTO_DEV_SAHARA=m
CONFIG_RTC_DRV_SNVS=m
# CONFIG_FB_MX3 is not set
# CONFIG_FB_IMX is not set
# CONFIG_FB_MXS is not set
# CONFIG_POWER_RESET_IMX is not set
CONFIG_SND_IMX_SOC=m
CONFIG_SND_SOC_FSL_ASOC_CARD=m
@ -501,6 +505,7 @@ CONFIG_REGULATOR_DA9055=m
CONFIG_ARCH_EXYNOS4=y
CONFIG_SOC_EXYNOS4212=y
CONFIG_SOC_EXYNOS4412=y
# CONFIG_SOC_EXYNOS4415 is not set
CONFIG_ARM_EXYNOS4210_CPUFREQ=y
CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
CONFIG_AK8975=m
@ -521,6 +526,10 @@ CONFIG_COMMON_CLK_RK808=m
CONFIG_REGULATOR_RK808=m
CONFIG_RTC_DRV_HYM8563=m
CONFIG_ROCKCHIP_SARADC=m
CONFIG_ROCKCHIP_IOMMU=y
CONFIG_SND_SOC_ROCKCHIP_I2S=m
CONFIG_ROCKCHIP_THERMAL=m
CONFIG_DRM_ROCKCHIP=m
# ST Ericsson
CONFIG_MACH_HREFV60=y

34
config-armv7-generic
View File

@ -123,6 +123,7 @@ CONFIG_PM_OPP=y
CONFIG_ARM_CPU_SUSPEND=y
CONFIG_ARM_PSCI=y
CONFIG_THERMAL=y
CONFIG_CLOCK_THERMAL=y
CONFIG_CPUFREQ_DT=y
# CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set
@ -134,6 +135,7 @@ CONFIG_XZ_DEC_ARM=y
CONFIG_UACCESS_WITH_MEMCPY=y
CONFIG_PCI_HOST_GENERIC=y
# CONFIG_PCI_LAYERSCAPE is not set
CONFIG_LBDAF=y
@ -174,6 +176,7 @@ CONFIG_ARM_HIGHBANK_CPUFREQ=m
CONFIG_MACH_SUN6I=y
CONFIG_MACH_SUN7I=y
# CONFIG_MACH_SUN8I is not set
# CONFIG_MACH_SUN9I is not set
CONFIG_DMA_SUN6I=m
CONFIG_SUNXI_WATCHDOG=m
CONFIG_NET_VENDOR_ALLWINNER=y
@ -196,6 +199,8 @@ CONFIG_IR_SUNXI=m
CONFIG_MDIO_SUN4I=m
CONFIG_SUN4I_EMAC=m
CONFIG_RTC_DRV_SUN6I=m
CONFIG_AXP288_ADC=m
CONFIG_MTD_NAND_SUNXI=m
# Exynos
CONFIG_ARCH_EXYNOS3=y
@ -311,6 +316,7 @@ CONFIG_EXTCON_MAX8997=m
# Tegra
CONFIG_ARCH_TEGRA_114_SOC=y
CONFIG_ARCH_TEGRA_124_SOC=y
CONFIG_TEGRA_AHB=y
CONFIG_ARM_TEGRA_CPUFREQ=y
CONFIG_TRUSTED_FOUNDATIONS=y
CONFIG_SERIAL_TEGRA=y
@ -344,6 +350,8 @@ CONFIG_NOUVEAU_PLATFORM_DRIVER=m
CONFIG_AD525X_DPOT=m
CONFIG_AD525X_DPOT_I2C=m
CONFIG_AD525X_DPOT_SPI=m
CONFIG_TEGRA_SOCTHERM=m
CONFIG_TEGRA_MC=y
# Jetson TK1
CONFIG_PINCTRL_AS3722=y
@ -361,6 +369,7 @@ CONFIG_DRM_PANEL=y
CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_DRM_PANEL_LD9040=m
CONFIG_DRM_PANEL_S6E8AA0=m
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
# regmap
CONFIG_REGMAP=y
@ -370,10 +379,6 @@ CONFIG_REGMAP_SPMI=m
CONFIG_REGMAP_MMIO=m
CONFIG_REGMAP_IRQ=y
# Power management
CONFIG_PM_OPP=y
CONFIG_ARM_CPU_SUSPEND=y
# usb
CONFIG_USB_OHCI_HCD_PLATFORM=m
CONFIG_USB_EHCI_HCD_PLATFORM=m
@ -391,6 +396,8 @@ CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2
CONFIG_USB_MUSB_HDRC=m
CONFIG_USB_MUSB_DUAL_ROLE=y
CONFIG_USB_MUSB_DSPS=m
# CONFIG_USB_MUSB_TUSB6010 is not set
# CONFIG_USB_MUSB_UX500 is not set
CONFIG_USB_GPIO_VBUS=m
CONFIG_USB_CONFIGFS=m
CONFIG_USB_CONFIGFS_ACM=y
@ -404,6 +411,10 @@ CONFIG_USB_CONFIGFS_OBEX=y
CONFIG_USB_CONFIGFS_SERIAL=y
# CONFIG_USB_CONFIGFS_F_LB_SS is not set
# CONFIG_USB_CONFIGFS_F_FS is not set
# CONFIG_USB_CONFIGFS_F_UAC1 is not set
# CONFIG_USB_CONFIGFS_F_UAC2 is not set
# CONFIG_USB_CONFIGFS_F_MIDI is not set
# CONFIG_USB_CONFIGFS_F_HID is not set
# CONFIG_MUSB_PIO_ONLY is not set
# CONFIG_USB_GADGET_DEBUG is not set
@ -416,6 +427,7 @@ CONFIG_USB_CONFIGFS_SERIAL=y
# CONFIG_USB_PXA27X is not set
# CONFIG_USB_MV_UDC is not set
# CONFIG_USB_MV_U3D is not set
# CONFIG_USB_BDC_UDC is not set
# CONFIG_USB_M66592 is not set
# CONFIG_USB_AMD5536UDC is not set
# CONFIG_USB_NET2272 is not set
@ -572,7 +584,7 @@ CONFIG_SPI_DW_PCI=m
# CONFIG_MMC_QCOM_DML is not set
# CONFIG_MMC_DW_ROCKCHIP is not set
CONFIG_USB_DWC2=y
CONFIG_USB_DWC2_HOST=m
CONFIG_USB_DWC2_HOST=y
CONFIG_USB_DWC2_PLATFORM=y
CONFIG_USB_DWC2_PCI=y
# CONFIG_USB_DWC2_PERIPHERAL is not set
@ -660,6 +672,15 @@ CONFIG_SND_SOC_SPDIF=m
# CONFIG_SND_SOC_FSL_ASOC_CARD is not set
# CONFIG_SND_EDMA_SOC is not set
# CONFIG_SND_SOC_ROCKCHIP is not set
# CONFIG_SND_SOC_ARNDALE_RT5631_ALC5631 is not set
# CONFIG_SND_SOC_CS42L51_I2C is not set
# CONFIG_SND_SOC_CS4271_I2C is not set
# CONFIG_SND_SOC_CS4271_SPI is not set
# CONFIG_SND_SOC_RT5631 is not set
# CONFIG_SND_SOC_TFA9879 is not set
# CONFIG_SND_SOC_TLV320AIC23_I2C is not set
# CONFIG_SND_SOC_TLV320AIC23_SPI is not set
# CONFIG_SND_SOC_TS3A227E is not set
# Displays
CONFIG_BACKLIGHT_TPS65217=m
@ -721,6 +742,7 @@ CONFIG_REGULATOR_DA9211=m
CONFIG_REGULATOR_ISL9305=m
CONFIG_REGULATOR_MAX77802=m
CONFIG_REGULATOR_PWM=m
CONFIG_SENSORS_LTC2978_REGULATOR=y
CONFIG_POWER_AVS=y
CONFIG_CHARGER_MANAGER=y
@ -853,6 +875,7 @@ CONFIG_I2C_CROS_EC_TUNNEL=m
# CONFIG_SERIAL_MAX3100 is not set
# CONFIG_SERIAL_MAX310X is not set
# CONFIG_SERIAL_IFX6X60 is not set
# CONFIG_SERIAL_BCM63XX is not set
# CONFIG_FB_XILINX is not set
# CONFIG_BRCMSTB_GISB_ARB is not set
# CONFIG_SUNGEM is not set
@ -888,3 +911,4 @@ CONFIG_I2C_CROS_EC_TUNNEL=m
# CONFIG_OMAP2_DSS_DEBUG is not set
# CONFIG_CRYPTO_DEV_UX500_DEBUG is not set
# CONFIG_AB8500_DEBUG is not set
# CONFIG_ARM_KERNMEM_PERMS is not set

3
config-debug
View File

@ -35,6 +35,8 @@ CONFIG_ACPI_DEBUG=y
CONFIG_DEBUG_SG=y
CONFIG_DEBUG_PI_LIST=y
# CONFIG_PAGE_EXTENSION is not set
# CONFIG_PAGE_OWNER is not set
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_DEBUG_OBJECTS=y
@ -45,6 +47,7 @@ CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
CONFIG_X86_PTDUMP=y
CONFIG_ARM64_PTDUMP=y
CONFIG_EFI_PGT_DUMP=y
CONFIG_CAN_DEBUG_DEVICES=y

59
config-generic
View File

@ -145,6 +145,7 @@ CONFIG_MMC_USHC=m
CONFIG_MMC_REALTEK_PCI=m
CONFIG_MMC_REALTEK_USB=m
CONFIG_MMC_VUB300=m
CONFIG_MMC_TOSHIBA_PCI=m
# CONFIG_MMC_SPI is not set
# CONFIG_MMC_SDHCI_PXAV2 is not set
# CONFIG_MMC_SDHCI_PXAV3 is not set
@ -166,6 +167,7 @@ CONFIG_INFINIBAND_SRP=m
CONFIG_INFINIBAND_SRPT=m
CONFIG_INFINIBAND_USER_MAD=m
CONFIG_INFINIBAND_USER_ACCESS=m
CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
CONFIG_INFINIBAND_IPATH=m
CONFIG_INFINIBAND_ISER=m
CONFIG_INFINIBAND_ISERT=m
@ -504,6 +506,7 @@ CONFIG_SCSI_BUSLOGIC=m
CONFIG_SCSI_INITIO=m
CONFIG_SCSI_FLASHPOINT=y
CONFIG_SCSI_DMX3191D=m
CONFIG_SCSI_AM53C974=m
# CONFIG_SCSI_EATA is not set
# CONFIG_SCSI_EATA_PIO is not set
# CONFIG_SCSI_FUTURE_DOMAIN is not set
@ -524,6 +527,7 @@ CONFIG_SCSI_SYM53C8XX_MMIO=y
CONFIG_SCSI_QLOGIC_1280=m
CONFIG_SCSI_DC395x=m
# CONFIG_SCSI_NSP32 is not set
CONFIG_SCSI_WD719X=m
CONFIG_SCSI_DEBUG=m
CONFIG_SCSI_DC390T=m
CONFIG_SCSI_QLA_FC=m
@ -761,6 +765,7 @@ CONFIG_IP_PIMSM_V2=y
CONFIG_SYN_COOKIES=y
CONFIG_NET_IPVTI=m
CONFIG_NET_FOU=m
CONFIG_NET_FOU_IP_TUNNELS=y
CONFIG_GENEVE=m
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
@ -1027,6 +1032,9 @@ CONFIG_NFT_MASQ_IPV4=m
CONFIG_NFT_MASQ_IPV6=m
CONFIG_NFT_NAT=m
CONFIG_NFT_QUEUE=m
CONFIG_NFT_REDIR=m
CONFIG_NFT_REDIR_IPV4=m
CONFIG_NFT_REDIR_IPV6=m
CONFIG_NFT_REJECT=m
CONFIG_NFT_COMPAT=m
@ -1204,6 +1212,7 @@ CONFIG_NET_ACT_PEDIT=m
CONFIG_NET_ACT_POLICE=m
CONFIG_NET_ACT_SIMP=m
CONFIG_NET_ACT_SKBEDIT=m
CONFIG_NET_ACT_VLAN=m
CONFIG_DCB=y
CONFIG_DNS_RESOLVER=m
@ -1246,6 +1255,7 @@ CONFIG_DUMMY=m
CONFIG_BONDING=m
CONFIG_MACVLAN=m
CONFIG_MACVTAP=m
CONFIG_IPVLAN=m
CONFIG_VXLAN=m
CONFIG_EQUALIZER=m
CONFIG_TUN=m
@ -1486,6 +1496,9 @@ CONFIG_SH_ETH=m
CONFIG_NET_VENDOR_RDC=y
CONFIG_R6040=m
CONFIG_NET_VENDOR_ROCKER=y
CONFIG_ROCKER=m
# CONFIG_NET_VENDOR_SEEQ is not set
# CONFIG_NET_VENDOR_SAMSUNG is not set
@ -1840,6 +1853,8 @@ CONFIG_IEEE802154_FAKELB=m
CONFIG_MAC802154=m
CONFIG_NET_MPLS_GSO=m
CONFIG_NET_SWITCHDEV=y
CONFIG_6LOWPAN=m
#
@ -1949,6 +1964,8 @@ CONFIG_WINBOND_FIR=m
# Bluetooth support
#
CONFIG_BT=m
CONFIG_BT_BREDR=y
CONFIG_BT_LE=y
CONFIG_BT_6LOWPAN=m
CONFIG_BT_SCO=y
CONFIG_BT_CMTP=m
@ -2197,7 +2214,7 @@ CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_TCA6416 is not set
# CONFIG_KEYBOARD_TCA8418 is not set
# CONFIG_KEYBOARD_OMAP4 is not set
# CONFIG_KEYBOARD_CAP1106 is not set
# CONFIG_KEYBOARD_CAP11XX is not set
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=y
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
@ -2210,6 +2227,9 @@ CONFIG_MOUSE_BCM5974=m
CONFIG_MOUSE_SYNAPTICS_I2C=m
CONFIG_MOUSE_SYNAPTICS_USB=m
CONFIG_MOUSE_CYAPA=m
CONFIG_MOUSE_ELAN_I2C=m
CONFIG_MOUSE_ELAN_I2C_I2C=y
CONFIG_MOUSE_ELAN_I2C_SMBUS=y
CONFIG_INPUT_JOYSTICK=y
CONFIG_JOYSTICK_ANALOG=m
CONFIG_JOYSTICK_A3D=m
@ -2252,6 +2272,7 @@ CONFIG_TOUCHSCREEN_DYNAPRO=m
CONFIG_TOUCHSCREEN_EDT_FT5X06=m
CONFIG_TOUCHSCREEN_EETI=m
CONFIG_TOUCHSCREEN_EGALAX=m
CONFIG_TOUCHSCREEN_ELAN=m
CONFIG_TOUCHSCREEN_ELO=m
CONFIG_TOUCHSCREEN_FUJITSU=m
CONFIG_TOUCHSCREEN_GUNZE=m
@ -2460,6 +2481,8 @@ CONFIG_I2C_PCA_PLATFORM=m
# CONFIG_I2C_SIS96X is not set
CONFIG_I2C_SIMTEC=m
CONFIG_I2C_STUB=m
CONFIG_I2C_SLAVE=y
CONFIG_I2C_SLAVE_EEPROM=m
CONFIG_I2C_TINY_USB=m
# CONFIG_I2C_TAOS_EVM is not set
# CONFIG_I2C_VIA is not set
@ -2542,6 +2565,7 @@ CONFIG_SENSORS_MAX6697=m
CONFIG_SENSORS_MCP3021=m
CONFIG_SENSORS_NCT6775=m
CONFIG_SENSORS_NCT6683=m
CONFIG_SENSORS_NCT7802=m
CONFIG_SENSORS_NTC_THERMISTOR=m
CONFIG_SENSORS_PC87360=m
CONFIG_SENSORS_PC87427=m
@ -2682,6 +2706,7 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
# CONFIG_MAG3110 is not set
# CONFIG_TMP006 is not set
# CONFIG_MLX90614 is not set
# CONFIG_BMP280 is not set
# CONFIG_HID_SENSOR_PRESS is not set
# CONFIG_IIO_ST_PRESS is not set
# CONFIG_KXSD9 is not set
@ -2720,6 +2745,7 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
# CONFIG_MPL3115 is not set
# CONFIG_MPL115 is not set
# CONFIG_SI7005 is not set
# CONFIG_SI7020 is not set
# CONFIG_AS3935 is not set
CONFIG_KXCJK1013=m
# CONFIG_ISL29125 is not set
@ -2815,6 +2841,7 @@ CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_SI=m
# CONFIG_IPMI_SI_PROBE_DEFAULTS is not set
CONFIG_IPMI_SSIF=m
CONFIG_IPMI_POWEROFF=m
#
@ -2885,6 +2912,7 @@ CONFIG_RTC_DRV_DS1553=m
CONFIG_RTC_DRV_DS1672=m
CONFIG_RTC_DRV_DS1742=m
CONFIG_RTC_DRV_DS1374=m
CONFIG_RTC_DRV_DS1374_WDT=y
# CONFIG_RTC_DRV_EP93XX is not set
CONFIG_RTC_DRV_FM3130=m
# CONFIG_RTC_DRV_HYM8563 is not set
@ -2987,6 +3015,7 @@ CONFIG_DRM_NOUVEAU=m
CONFIG_NOUVEAU_DEBUG=5
CONFIG_NOUVEAU_DEBUG_DEFAULT=3
CONFIG_DRM_NOUVEAU_BACKLIGHT=y
CONFIG_DRM_I2C_ADV7511=m
CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
CONFIG_DRM_I2C_NXP_TDA998X=m
@ -3169,6 +3198,7 @@ CONFIG_DVB_DM1105=m
CONFIG_DVB_FIREDTV=m
CONFIG_DVB_NGENE=m
CONFIG_DVB_DDBRIDGE=m
CONFIG_DVB_SMIPCIE=m
CONFIG_DVB_USB_TECHNISAT_USB2=m
CONFIG_DVB_USB_V2=m
@ -3259,6 +3289,7 @@ CONFIG_IR_REDRAT3=m
CONFIG_IR_ENE=m
CONFIG_IR_STREAMZAP=m
CONFIG_IR_WINBOND_CIR=m
CONFIG_IR_IGORPLUGUSB=m
CONFIG_IR_IGUANA=m
CONFIG_IR_TTUSBIR=m
CONFIG_IR_GPIO_CIR=m
@ -3534,6 +3565,7 @@ CONFIG_SND_FIREWIRE_SPEAKERS=m
CONFIG_SND_ISIGHT=m
CONFIG_SND_SCS1X=m
CONFIG_SND_DICE=m
CONFIG_SND_OXFW=m
CONFIG_SND_FIREWORKS=m
# CONFIG_SND_BEBOB is not set
@ -3631,6 +3663,7 @@ CONFIG_UHID=m
CONFIG_HID_PID=y
CONFIG_LOGITECH_FF=y
CONFIG_HID_LOGITECH_DJ=m
CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_PANTHERLORD_FF=y
CONFIG_THRUSTMASTER_FF=y
@ -3646,6 +3679,7 @@ CONFIG_LOGIWHEELS_FF=y
CONFIG_HID_MAGICMOUSE=y
CONFIG_HID_MULTITOUCH=m
CONFIG_HID_NTRIG=y
CONFIG_HID_PLANTRONICS=m
CONFIG_HID_PRIMAX=m
CONFIG_HID_PRODIKEYS=m
CONFIG_HID_DRAGONRISE=m
@ -4039,7 +4073,9 @@ CONFIG_MFD_VIPERBOARD=m
# CONFIG_MFD_TPS65912 is not set
# CONFIG_MFD_SYSCON is not set
# CONFIG_MFD_DA9063 is not set
# CONFIG_MFD_DLN2 is not set
# CONFIG_MFD_LP3943 is not set
# CONFIG_MFD_ATMEL_HLCDC is not set
# CONFIG_MFD_BCM590XX is not set
# CONFIG_MFD_TPS65218 is not set
# CONFIG_MFD_WM831X_SPI is not set
@ -4169,6 +4205,7 @@ CONFIG_CRAMFS=m
CONFIG_SQUASHFS=m
CONFIG_SQUASHFS_XATTR=y
CONFIG_SQUASHFS_LZO=y
CONFIG_SQUASHFS_LZ4=y
CONFIG_SQUASHFS_XZ=y
CONFIG_SQUASHFS_ZLIB=y
# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set
@ -4578,6 +4615,19 @@ CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=m
CONFIG_INITRAMFS_SOURCE=""
# These were all enabled by default before 3.19 made them individually
# selectable. Possibly look at enabling only the one(s) Fedora actually
# uses.
CONFIG_RD_GZIP=y
CONFIG_RD_BZIP2=y
CONFIG_RD_LZMA=y
CONFIG_RD_XZ=y
CONFIG_RD_LZO=y
CONFIG_RD_LZ4=y
CONFIG_INIT_FALLBACK=y
CONFIG_KEYS=y
CONFIG_PERSISTENT_KEYRINGS=y
CONFIG_BIG_KEYS=y
@ -4766,6 +4816,7 @@ CONFIG_LEDS_DELL_NETBOOKS=m
# CONFIG_LEDS_OT200 is not set
# CONFIG_LEDS_PWM is not set
# CONFIG_LEDS_LP8501 is not set
# CONFIG_LEDS_LP8860 is not set
# CONFIG_LEDS_PCA963X is not set
# CONFIG_LEDS_SYSCON is not set
CONFIG_LEDS_TRIGGERS=y
@ -4963,10 +5014,12 @@ CONFIG_GPIOLIB=y
# CONFIG_PINCONF is not set
CONFIG_NET_DSA=m
CONFIG_NET_DSA_HWMON=y
CONFIG_NET_DSA_MV88E6060=m
CONFIG_NET_DSA_MV88E6131=m
CONFIG_NET_DSA_MV88E6123_61_65=m
CONFIG_NET_DSA_MV88E6171=m
CONFIG_NET_DSA_MV88E6352=m
CONFIG_NET_DSA_BCM_SF2=m
# Used by Maemo, we don't care.
@ -5061,6 +5114,10 @@ CONFIG_USBIP_HOST=m
# CONFIG_GS_FPGABOOT is not set
# CONFIG_UNISYSSPAR is not set
# CONFIG_MEDIA_TUNER_MSI001 is not set
# CONFIG_COMMON_CLK_XLNX_CLKWZRD is not set
# CONFIG_VIDEO_SAA7191 is not set
# CONFIG_DVB_MN88472 is not set
# CONFIG_DVB_MN88473 is not set
# END OF STAGING
#

3
config-nodebug
View File

@ -35,6 +35,8 @@ CONFIG_CPUMASK_OFFSTACK=y
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_PI_LIST is not set
# CONFIG_PAGE_EXTENSION is not set
# CONFIG_PAGE_OWNER is not set
# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_OBJECTS is not set
@ -45,6 +47,7 @@ CONFIG_CPUMASK_OFFSTACK=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
# CONFIG_X86_PTDUMP is not set
# CONFIG_ARM64_PTDUMP is not set
# CONFIG_EFI_PGT_DUMP is not set
# CONFIG_CAN_DEBUG_DEVICES is not set

2
config-powerpc-generic
View File

@ -306,6 +306,7 @@ CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
# CONFIG_MFD_AAT2870_CORE is not set
# CONFIG_GPIO_SCH is not set
# CONFIG_GPIO_74XX_MMIO is not set
# CONFIG_PPC_MPC512x is not set
# CONFIG_RTC_DRV_MPC5121 is not set
@ -330,6 +331,7 @@ CONFIG_I2C_MPC=m
# CONFIG_NET_VENDOR_TOSHIBA is not set
# CONFIG_CPU_IDLE is not set
# CONFIG_OF_UNITTEST is not set
# CONFIG_OF_SELFTEST is not set
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
# CONFIG_INPUT_GP2A is not set

4
config-powerpc64
View File

@ -15,6 +15,7 @@ CONFIG_PPC_POWERNV_RTAS=y
CONFIG_SENSORS_IBMPOWERNV=y
CONFIG_HW_RANDOM_POWERNV=m
CONFIG_POWERNV_CPUFREQ=m
CONFIG_IPMI_POWERNV=m
CONFIG_SCOM_DEBUGFS=y
# CONFIG_PPC_PASEMI is not set
# CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set
@ -165,6 +166,9 @@ CONFIG_HW_RANDOM_AMD=m
CONFIG_UIO_PDRV=m
CONFIG_I2C_OPAL=m
CONFIG_RTC_DRV_OPAL=m
CONFIG_HW_RANDOM_PSERIES=m
CONFIG_CRYPTO_DEV_NX=y
CONFIG_CRYPTO_842=m

4
config-powerpc64p7
View File

@ -10,6 +10,7 @@ CONFIG_PPC_POWERNV_RTAS=y
CONFIG_HW_RANDOM_POWERNV=m
CONFIG_SENSORS_IBMPOWERNV=y
CONFIG_POWERNV_CPUFREQ=m
CONFIG_IPMI_POWERNV=m
CONFIG_SCOM_DEBUGFS=y
# CONFIG_PPC_PASEMI is not set
# CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set
@ -155,6 +156,9 @@ CONFIG_HW_RANDOM_AMD=m
CONFIG_UIO_PDRV=m
CONFIG_I2C_OPAL=m
CONFIG_RTC_DRV_OPAL=m
CONFIG_HW_RANDOM_PSERIES=m
CONFIG_CRYPTO_DEV_NX=y
CONFIG_CRYPTO_842=m

1
config-s390x
View File

@ -63,6 +63,7 @@ CONFIG_SCLP_VT220_TTY=y
CONFIG_SCLP_VT220_CONSOLE=y
CONFIG_SCLP_CPI=m
CONFIG_SCLP_ASYNC=m
CONFIG_SCLP_ASYNC_ID="000000000"
CONFIG_S390_TAPE=m
CONFIG_S390_TAPE_3590=m

2
config-x86-32-generic
View File

@ -197,6 +197,7 @@ CONFIG_BACKLIGHT_PWM=m
# CONFIG_EDAC_SBRIDGE is not set
# CONFIG_OF_UNITTEST is not set
# CONFIG_OF_SELFTEST is not set
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
# CONFIG_INPUT_GP2A is not set
@ -206,6 +207,7 @@ CONFIG_BACKLIGHT_PWM=m
# CONFIG_MDIO_BUS_MUX_GPIO is not set
# CONFIG_MDIO_BUS_MUX_MMIOREG is not set
# CONFIG_GPIO_SODAVILLE is not set
# CONFIG_GPIO_74XX_MMIO is not set
# CONFIG_BACKLIGHT_OT200 is not set
# CONFIG_MLX5_INFINIBAND is not set

9
config-x86-generic
View File

@ -34,6 +34,10 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
CONFIG_X86_PAT=y
CONFIG_X86_PM_TIMER=y
# This requires changes to binutils and the compiler. Plus you can't actually
# buy hardware with MPX yet. So... leave it off until all of that seems set.
# CONFIG_X86_INTEL_MPX is not set
CONFIG_EFI=y
CONFIG_EFI_STUB=y
# CONFIG_EFI_MIXED is not set
@ -99,6 +103,8 @@ CONFIG_ACPI_CUSTOM_METHOD=m
CONFIG_ACPI_BGRT=y
# CONFIG_ACPI_EXTLOG is not set
# CONFIG_PMIC_OPREGION is not set
CONFIG_X86_INTEL_PSTATE=y
CONFIG_X86_ACPI_CPUFREQ=m
CONFIG_X86_ACPI_CPUFREQ_CPB=y
@ -166,6 +172,8 @@ CONFIG_DCDBAS=m
CONFIG_EDAC=y
CONFIG_EDAC_MM_EDAC=m
# CONFIG_EDAC_AMD64_ERROR_INJECTION is not set
CONFIG_EDAC_AMD64=m
CONFIG_EDAC_AMD76X=m
CONFIG_EDAC_AMD8111=m
CONFIG_EDAC_AMD8131=m
@ -488,6 +496,7 @@ CONFIG_PWM_LPSS_PCI=m
CONFIG_PWM_LPSS_PLATFORM=m
CONFIG_PINCTRL=y
CONFIG_PINCTRL_BAYTRAIL=y
CONFIG_PINCTRL_CHERRYVIEW=m
# CONFIG_INTEL_POWERCLAMP is not set
CONFIG_X86_PKG_TEMP_THERMAL=m

2
config-x86_64-generic
View File

@ -177,6 +177,8 @@ CONFIG_SFC_MTD=y
# Override MTD stuff because SFC_MTD needs it
CONFIG_MTD_BLOCK=m
CONFIG_HSA_AMD=m
CONFIG_NO_HZ_FULL=y
# CONFIG_NO_HZ_IDLE is not set
# CONFIG_NO_HZ_FULL_ALL is not set

6
crash-driver.patch
View File

@ -240,10 +240,10 @@ index 000000000000..552be5e2c571
+
+#endif /* _S390_CRASH_H */
diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c
index 2a2e35416d2f..a529181429bb 100644
index 2eb34bdfc613..11ce5c98462c 100644
--- a/arch/s390/mm/maccess.c
+++ b/arch/s390/mm/maccess.c
@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(phys_addr_t addr)
put_online_cpus();
return bounce;
}
@ -251,7 +251,7 @@ index 2a2e35416d2f..a529181429bb 100644
/*
* Free converted buffer for /dev/mem access (if necessary)
@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(phys_addr_t addr, void *buf)
if ((void *) addr != buf)
free_page((unsigned long) buf);
}

6
criu-no-expert.patch
View File

@ -9,10 +9,10 @@ Upstream-status: Fedora mustard
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index 9ef459bb44b2..cc096e258a4a 100644
index dac9ed0f01f7..31a29fe7c555 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1149,7 +1149,7 @@ config DEBUG_BLK_CGROUP
@@ -1128,7 +1128,7 @@ config DEBUG_BLK_CGROUP
endif # CGROUPS
config CHECKPOINT_RESTORE
@ -21,7 +21,7 @@ index 9ef459bb44b2..cc096e258a4a 100644
default n
help
Enables additional kernel features in a sake of checkpoint/restore.
@@ -1160,7 +1160,7 @@ config CHECKPOINT_RESTORE
@@ -1139,7 +1139,7 @@ config CHECKPOINT_RESTORE
If unsure, say N here.
menuconfig NAMESPACES

6
disable-i8042-check-on-apple-mac.patch
View File

@ -17,10 +17,10 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
1 file changed, 22 insertions(+)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index 9bb95eab6926..4b5015f27f9e 100644
index f91ed715b604..d64498a0d473 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1471,6 +1471,22 @@ static struct platform_driver i8042_driver = {
@@ -1470,6 +1470,22 @@ static struct platform_driver i8042_driver = {
.shutdown = i8042_shutdown,
};
@ -43,7 +43,7 @@ index 9bb95eab6926..4b5015f27f9e 100644
static int __init i8042_init(void)
{
struct platform_device *pdev;
@@ -1478,6 +1494,12 @@ static int __init i8042_init(void)
@@ -1477,6 +1493,12 @@ static int __init i8042_init(void)
dbg_init();

42
dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch
View File

@ -1,42 +0,0 @@
From: Joe Thornber <ejt@redhat.com>
Date: Thu, 27 Nov 2014 12:26:46 +0000
Subject: [PATCH] dm cache: dirty flag was mistakenly being cleared when
promoting via overwrite
If the incoming bio is a WRITE and completely covers a block then we
don't bother to do any copying for a promotion operation. Once this is
done the cache block and origin block will be different, so we need to
set it to 'dirty'.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
---
drivers/md/dm-cache-target.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c
index 6f7086355691..387b93d81138 100644
--- a/drivers/md/dm-cache-target.c
+++ b/drivers/md/dm-cache-target.c
@@ -951,10 +951,14 @@ static void migration_success_post_commit(struct dm_cache_migration *mg)
}
} else {
- clear_dirty(cache, mg->new_oblock, mg->cblock);
- if (mg->requeue_holder)
+ if (mg->requeue_holder) {
+ clear_dirty(cache, mg->new_oblock, mg->cblock);
cell_defer(cache, mg->new_ocell, true);
- else {
+ } else {
+ /*
+ * The block was promoted via an overwrite, so it's dirty.
+ */
+ set_dirty(cache, mg->new_oblock, mg->cblock);
bio_endio(mg->new_ocell->holder, 0);
cell_defer(cache, mg->new_ocell, false);
}
--
2.1.0

40
dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch
View File

@ -1,40 +0,0 @@
From: Joe Thornber <ejt@redhat.com>
Date: Fri, 28 Nov 2014 09:48:25 +0000
Subject: [PATCH] dm cache: fix spurious cell_defer when dealing with partial
block at end of device
We never bother caching a partial block that is at the back end of the
origin device. No cell ever gets locked, but the calling code was
assuming it was and trying to release it.
Now the code only releases if the cell has been set to a non NULL
value.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
---
drivers/md/dm-cache-target.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c
index 387b93d81138..da496cfb458d 100644
--- a/drivers/md/dm-cache-target.c
+++ b/drivers/md/dm-cache-target.c
@@ -2554,11 +2554,11 @@ static int __cache_map(struct cache *cache, struct bio *bio, struct dm_bio_priso
static int cache_map(struct dm_target *ti, struct bio *bio)
{
int r;
- struct dm_bio_prison_cell *cell;
+ struct dm_bio_prison_cell *cell = NULL;
struct cache *cache = ti->private;
r = __cache_map(cache, bio, &cell);
- if (r == DM_MAPIO_REMAPPED) {
+ if (r == DM_MAPIO_REMAPPED && cell) {
inc_ds(cache, bio, cell);
cell_defer(cache, cell, false);
}
--
2.1.0

32
dm-cache-only-use-overwrite-optimisation-for-promoti.patch
View File

@ -1,32 +0,0 @@
From: Joe Thornber <ejt@redhat.com>
Date: Thu, 27 Nov 2014 12:21:08 +0000
Subject: [PATCH] dm cache: only use overwrite optimisation for promotion when
in writeback mode
Overwrite causes the cache block and origin blocks to diverge, which
is only allowed in writeback mode.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
---
drivers/md/dm-cache-target.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c
index 7130505c2425..6f7086355691 100644
--- a/drivers/md/dm-cache-target.c
+++ b/drivers/md/dm-cache-target.c
@@ -1070,7 +1070,8 @@ static void issue_copy(struct dm_cache_migration *mg)
avoid = is_discarded_oblock(cache, mg->new_oblock);
- if (!avoid && bio_writes_complete_block(cache, bio)) {
+ if (writeback_mode(&cache->features) &&
+ !avoid && bio_writes_complete_block(cache, bio)) {
issue_overwrite(mg, bio);
return;
}
--
2.1.0

4
drm-i915-hush-check-crtc-state.patch
View File

@ -14,10 +14,10 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 9cb5c95d5898..edf0d4b78d68 100644
index fb3e3d429191..49e5d5f9fbe5 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -10965,7 +10965,7 @@ check_crtc_state(struct drm_device *dev)
@@ -10869,7 +10869,7 @@ check_crtc_state(struct drm_device *dev)
if (active &&
!intel_pipe_config_compare(dev, &crtc->config, &pipe_config)) {

8
efi-Add-EFI_SECURE_BOOT-bit.patch
View File

@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index f4eb99432db1..bc31a43b31a0 100644
index 5d52d67d5097..b40d6174242f 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1152,7 +1152,9 @@ void __init setup_arch(char **cmdline_p)
@@ -1154,7 +1154,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
@ -26,10 +26,10 @@ index f4eb99432db1..bc31a43b31a0 100644
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 0949f9c7e872..130ba866a24a 100644
index 0238d612750e..16ec1c00919d 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -936,6 +936,7 @@ extern int __init efi_setup_pcdp_console(char *);
@@ -940,6 +940,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
#define EFI_PARAVIRT 6 /* Access is via a paravirt interface */
#define EFI_ARCH_1 7 /* First arch-specific bit */

2
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
View File

@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 6da2da7ac9c3..ba3cf70c7d5a 100644
index 2192da755e34..4b03911a502d 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -831,8 +831,9 @@ out:

4
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
View File

@ -11,10 +11,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7b8969db8398..d1f4a3d88dfc 100644
index d4c55ee9f1ac..88533b717d59 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1612,7 +1612,8 @@ config EFI_MIXED
@@ -1657,7 +1657,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE

90
groups-Consolidate-the-setgroups-permission-checks.patch
View File

@ -1,90 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 5 Dec 2014 17:19:27 -0600
Subject: [PATCH] groups: Consolidate the setgroups permission checks
Today there are 3 instances of setgroups and due to an oversight their
permission checking has diverged. Add a common function so that
they may all share the same permission checking code.
This corrects the current oversight in the current permission checks
and adds a helper to avoid this in the future.
A user namespace security fix will update this new helper, shortly.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
arch/s390/kernel/compat_linux.c | 2 +-
include/linux/cred.h | 1 +
kernel/groups.c | 9 ++++++++-
kernel/uid16.c | 2 +-
4 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
index ca38139423ae..437e61159279 100644
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -249,7 +249,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16, int, gidsetsize, u16 __user *, grouplis
struct group_info *group_info;
int retval;
- if (!capable(CAP_SETGID))
+ if (!may_setgroups())
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;
diff --git a/include/linux/cred.h b/include/linux/cred.h
index b2d0820837c4..2fb2ca2127ed 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -68,6 +68,7 @@ extern void groups_free(struct group_info *);
extern int set_current_groups(struct group_info *);
extern void set_groups(struct cred *, struct group_info *);
extern int groups_search(const struct group_info *, kgid_t);
+extern bool may_setgroups(void);
/* access the groups "array" with this macro */
#define GROUP_AT(gi, i) \
diff --git a/kernel/groups.c b/kernel/groups.c
index 451698f86cfa..02d8a251c476 100644
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -213,6 +213,13 @@ out:
return i;
}
+bool may_setgroups(void)
+{
+ struct user_namespace *user_ns = current_user_ns();
+
+ return ns_capable(user_ns, CAP_SETGID);
+}
+
/*
* SMP: Our groups are copy-on-write. We can set them safely
* without another task interfering.
@@ -223,7 +230,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
struct group_info *group_info;
int retval;
- if (!ns_capable(current_user_ns(), CAP_SETGID))
+ if (!may_setgroups())
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;
diff --git a/kernel/uid16.c b/kernel/uid16.c
index 602e5bbbceff..d58cc4d8f0d1 100644
--- a/kernel/uid16.c
+++ b/kernel/uid16.c
@@ -176,7 +176,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist)
struct group_info *group_info;
int retval;
- if (!ns_capable(current_user_ns(), CAP_SETGID))
+ if (!may_setgroups())
return -EPERM;
if ((unsigned)gidsetsize > NGROUPS_MAX)
return -EINVAL;
--
2.1.0

8
hibernate-Disable-in-a-signed-modules-environment.patch
View File

@ -13,18 +13,18 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index 1f35a3478f3c..5e2472fc3dda 100644
index 2329daae5255..48a8e82c7e2e 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -28,6 +28,7 @@
#include <linux/syscore_ops.h>
@@ -29,6 +29,7 @@
#include <linux/ctype.h>
#include <linux/genhd.h>
#include <linux/ktime.h>
+#include <linux/module.h>
#include <trace/events/power.h>
#include "power.h"
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
@@ -66,7 +67,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
bool hibernation_available(void)
{

2
input-kill-stupid-messages.patch
View File

@ -9,7 +9,7 @@ Upstream-status: Fedora mustard
1 file changed, 4 insertions(+)
diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c
index 6f5d79569136..95469f6ecfa5 100644
index e27a25892db4..9ab0a86cc03d 100644
--- a/drivers/input/keyboard/atkbd.c
+++ b/drivers/input/keyboard/atkbd.c
@@ -436,11 +436,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,

6
input-silence-i8042-noise.patch
View File

@ -29,7 +29,7 @@ index 9717d5f20139..a3101d2fd936 100644
if (dev->parent && dev->parent->power.is_prepared)
dev_warn(dev, "parent %s should not be sleeping\n",
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index f5a98af3b325..9bb95eab6926 100644
index 924e4bf357fb..f91ed715b604 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -857,7 +857,6 @@ static int __init i8042_check_aux(void)
@ -41,10 +41,10 @@ index f5a98af3b325..9bb95eab6926 100644
}
diff --git a/net/can/af_can.c b/net/can/af_can.c
index ce82337521f6..a3fee4becc93 100644
index 66e08040ced7..5268a601f406 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -158,13 +158,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
@@ -155,13 +155,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
err = request_module("can-proto-%d", protocol);
/*

54
isofs-Fix-infinite-looping-over-CE-entries.patch
View File

@ -1,54 +0,0 @@
From: Jan Kara <jack@suse.cz>
Date: Mon, 15 Dec 2014 14:22:46 +0100
Subject: [PATCH] isofs: Fix infinite looping over CE entries
Rock Ridge extensions define so called Continuation Entries (CE) which
define where is further space with Rock Ridge data. Corrupted isofs
image can contain arbitrarily long chain of these, including a one
containing loop and thus causing kernel to end in an infinite loop when
traversing these entries.
Limit the traversal to 32 entries which should be more than enough space
to store all the Rock Ridge data.
Reported-by: P J P <ppandit@redhat.com>
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
---
fs/isofs/rock.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
index f488bbae541a..bb63254ed848 100644
--- a/fs/isofs/rock.c
+++ b/fs/isofs/rock.c
@@ -30,6 +30,7 @@ struct rock_state {
int cont_size;
int cont_extent;
int cont_offset;
+ int cont_loops;
struct inode *inode;
};
@@ -73,6 +74,9 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode)
rs->inode = inode;
}
+/* Maximum number of Rock Ridge continuation entries */
+#define RR_MAX_CE_ENTRIES 32
+
/*
* Returns 0 if the caller should continue scanning, 1 if the scan must end
* and -ve on error.
@@ -105,6 +109,8 @@ static int rock_continue(struct rock_state *rs)
goto out;
}
ret = -EIO;
+ if (++rs->cont_loops >= RR_MAX_CE_ENTRIES)
+ goto out;
bh = sb_bread(rs->inode->i_sb, rs->cont_extent);
if (bh) {
memcpy(rs->buffer, bh->b_data + rs->cont_offset,
--
2.1.0

111
kernel.spec
View File

@ -6,9 +6,9 @@ Summary: The Linux kernel
# For a stable, released kernel, released_kernel should be 1. For rawhide
# and/or a kernel built from an rc or git snapshot, released_kernel should
# be 0.
%global released_kernel 1
%global released_kernel 0
%global aarch64patches 1
%global aarch64patches 0
# Sign modules on x86. Make sure the config files match this setting if more
# architectures are added.
@ -42,7 +42,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 3
%global baserelease 1
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@ -54,7 +54,7 @@ Summary: The Linux kernel
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 1
%define stable_update 0
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -67,7 +67,7 @@ Summary: The Linux kernel
# The next upstream release sublevel (base_sublevel+1)
%define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
# The rc snapshot level
%define rcrev 0
%define rcrev 2
# The git snapshot level
%define gitrev 0
# Set rpm version accordingly
@ -587,7 +587,6 @@ Patch21025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
Patch21026: pinctrl-pinctrl-single-must-be-initialized-early.patch
Patch21028: arm-i.MX6-Utilite-device-dtb.patch
Patch21029: arm-dts-sun7i-bananapi.patch
Patch21100: arm-highbank-l2-reverts.patch
@ -610,58 +609,11 @@ Patch26058: asus-nb-wmi-Add-wapf4-quirk-for-the-X550VB.patch
#rhbz 1111138
Patch26059: i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch
Patch26064: Input-add-driver-for-the-Goodix-touchpanel.patch
#rhbz 1135338
Patch26070: HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch
#CVE-2014-8134 rhbz 1172765 1172769
Patch26091: x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch
#rhbz 1164945
Patch26092: xhci-Add-broken-streams-quirk-for-Fresco-Logic-FL100.patch
Patch26093: uas-Add-US_FL_NO_ATA_1X-for-Seagate-devices-with-usb.patch
Patch26094: uas-Add-US_FL_NO_REPORT_OPCODES-for-JMicron-JMS566-w.patch
#rhbz 1172543
Patch26096: cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch
#CVE-2014-8133 rhbz 1172797 1174374
Patch26100: x86-tls-Validate-TLS-entries-to-protect-espfix.patch
#rhbz 1173806
Patch26101: powerpc-powernv-force-all-CPUs-to-be-bootable.patch
#CVE-2014-XXXX rhbz 1175235 1175250
Patch26102: isofs-Fix-infinite-looping-over-CE-entries.patch
#rhbz 1175261
Patch26103: blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch
#rhbz 1168434
Patch26104: dm-cache-only-use-overwrite-optimisation-for-promoti.patch
Patch26105: dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch
Patch26106: dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch
Patch26107: uapi-linux-target_core_user.h-fix-headers_install.sh.patch
#mount fixes for stable
Patch26108: mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch
Patch26109: mnt-Update-unprivileged-remount-test.patch
Patch26110: umount-Disallow-unprivileged-mount-force.patch
#CVE-2014-8989 rhbz 1170684 1170688
Patch26111: groups-Consolidate-the-setgroups-permission-checks.patch
Patch26112: userns-Document-what-the-invariant-required-for-safe.patch
Patch26113: userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch
Patch26114: userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch
Patch26115: userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch
Patch26116: userns-Only-allow-the-creator-of-the-userns-unprivil.patch
Patch26117: userns-Rename-id_map_mutex-to-userns_state_mutex.patch
Patch26118: userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch
Patch26119: userns-Allow-setting-gid_maps-without-privilege-when.patch
Patch26120: userns-Unbreak-the-unprivileged-remount-tests.patch
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch
@ -1251,7 +1203,6 @@ ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
ApplyPatch arm-dts-sun7i-bananapi.patch
ApplyPatch arm-highbank-l2-reverts.patch
@ -1380,58 +1331,11 @@ ApplyPatch asus-nb-wmi-Add-wapf4-quirk-for-the-X550VB.patch
#rhbz 1111138
ApplyPatch i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch
ApplyPatch Input-add-driver-for-the-Goodix-touchpanel.patch
#rhbz 1135338
ApplyPatch HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch
#CVE-2014-8134 rhbz 1172765 1172769
ApplyPatch x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch
#rhbz 1164945
ApplyPatch xhci-Add-broken-streams-quirk-for-Fresco-Logic-FL100.patch
ApplyPatch uas-Add-US_FL_NO_ATA_1X-for-Seagate-devices-with-usb.patch
ApplyPatch uas-Add-US_FL_NO_REPORT_OPCODES-for-JMicron-JMS566-w.patch
#rhbz 1172543
ApplyPatch cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch
#CVE-2014-8133 rhbz 1172797 1174374
ApplyPatch x86-tls-Validate-TLS-entries-to-protect-espfix.patch
#rhbz 1173806
ApplyPatch powerpc-powernv-force-all-CPUs-to-be-bootable.patch
#CVE-2014-XXXX rhbz 1175235 1175250
ApplyPatch isofs-Fix-infinite-looping-over-CE-entries.patch
#rhbz 1175261
ApplyPatch blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch
#rhbz 1168434
ApplyPatch dm-cache-only-use-overwrite-optimisation-for-promoti.patch
ApplyPatch dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch
ApplyPatch dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch
ApplyPatch uapi-linux-target_core_user.h-fix-headers_install.sh.patch
#mount fixes for stable
ApplyPatch mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch
ApplyPatch mnt-Update-unprivileged-remount-test.patch
ApplyPatch umount-Disallow-unprivileged-mount-force.patch
#CVE-2014-8989 rhbz 1170684 1170688
ApplyPatch groups-Consolidate-the-setgroups-permission-checks.patch
ApplyPatch userns-Document-what-the-invariant-required-for-safe.patch
ApplyPatch userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch
ApplyPatch userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch
ApplyPatch userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch
ApplyPatch userns-Only-allow-the-creator-of-the-userns-unprivil.patch
ApplyPatch userns-Rename-id_map_mutex-to-userns_state_mutex.patch
ApplyPatch userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch
ApplyPatch userns-Allow-setting-gid_maps-without-privilege-when.patch
ApplyPatch userns-Unbreak-the-unprivileged-remount-tests.patch
%if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@ -2300,6 +2204,11 @@ fi
# ||----w |
# || ||
%changelog
* Mon Jan 05 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Linux v3.19-rc2
- Temporarily disable aarch64patches
- Happy New Year
* Sun Dec 28 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Enable F2FS (rhbz 972446)

2
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 2abf9f6e9a61..417bd0599024 100644
index 9a8a01abbaed..9a0ecbf14545 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -36,6 +36,7 @@

41
mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch
View File

@ -1,41 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 13 Aug 2014 01:33:38 -0700
Subject: [PATCH] mnt: Implicitly add MNT_NODEV on remount when it was
implicitly added by mount
Now that remount is properly enforcing the rule that you can't remove
nodev at least sandstorm.io is breaking when performing a remount.
It turns out that there is an easy intuitive solution implicitly
add nodev on remount when nodev was implicitly added on mount.
Tested-by: Cedric Bosdonnat <cbosdonnat@suse.com>
Tested-by: Richard Weinberger <richard@nod.at>
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/namespace.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 5b66b2b3624d..3a1a87dc33df 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2098,7 +2098,13 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
}
if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
!(mnt_flags & MNT_NODEV)) {
- return -EPERM;
+ /* Was the nodev implicitly added in mount? */
+ if ((mnt->mnt_ns->user_ns != &init_user_ns) &&
+ !(sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) {
+ mnt_flags |= MNT_NODEV;
+ } else {
+ return -EPERM;
+ }
}
if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
!(mnt_flags & MNT_NOSUID)) {
--
2.1.0

280
mnt-Update-unprivileged-remount-test.patch
View File

@ -1,280 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 22 Aug 2014 16:39:03 -0500
Subject: [PATCH] mnt: Update unprivileged remount test
- MNT_NODEV should be irrelevant except when reading back mount flags,
no longer specify MNT_NODEV on remount.
- Test MNT_NODEV on devpts where it is meaningful even for unprivileged mounts.
- Add a test to verify that remount of a prexisting mount with the same flags
is allowed and does not change those flags.
- Cleanup up the definitions of MS_REC, MS_RELATIME, MS_STRICTATIME that are used
when the code is built in an environment without them.
- Correct the test error messages when tests fail. There were not 5 tests
that tested MS_RELATIME.
Cc: stable@vger.kernel.org
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
.../selftests/mount/unprivileged-remount-test.c | 172 +++++++++++++++++----
1 file changed, 142 insertions(+), 30 deletions(-)
diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
index 1b3ff2fda4d0..9669d375625a 100644
--- a/tools/testing/selftests/mount/unprivileged-remount-test.c
+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
@@ -6,6 +6,8 @@
#include <sys/types.h>
#include <sys/mount.h>
#include <sys/wait.h>
+#include <sys/vfs.h>
+#include <sys/statvfs.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
@@ -32,11 +34,14 @@
# define CLONE_NEWPID 0x20000000
#endif
+#ifndef MS_REC
+# define MS_REC 16384
+#endif
#ifndef MS_RELATIME
-#define MS_RELATIME (1 << 21)
+# define MS_RELATIME (1 << 21)
#endif
#ifndef MS_STRICTATIME
-#define MS_STRICTATIME (1 << 24)
+# define MS_STRICTATIME (1 << 24)
#endif
static void die(char *fmt, ...)
@@ -87,6 +92,45 @@ static void write_file(char *filename, char *fmt, ...)
}
}
+static int read_mnt_flags(const char *path)
+{
+ int ret;
+ struct statvfs stat;
+ int mnt_flags;
+
+ ret = statvfs(path, &stat);
+ if (ret != 0) {
+ die("statvfs of %s failed: %s\n",
+ path, strerror(errno));
+ }
+ if (stat.f_flag & ~(ST_RDONLY | ST_NOSUID | ST_NODEV | \
+ ST_NOEXEC | ST_NOATIME | ST_NODIRATIME | ST_RELATIME | \
+ ST_SYNCHRONOUS | ST_MANDLOCK)) {
+ die("Unrecognized mount flags\n");
+ }
+ mnt_flags = 0;
+ if (stat.f_flag & ST_RDONLY)
+ mnt_flags |= MS_RDONLY;
+ if (stat.f_flag & ST_NOSUID)
+ mnt_flags |= MS_NOSUID;
+ if (stat.f_flag & ST_NODEV)
+ mnt_flags |= MS_NODEV;
+ if (stat.f_flag & ST_NOEXEC)
+ mnt_flags |= MS_NOEXEC;
+ if (stat.f_flag & ST_NOATIME)
+ mnt_flags |= MS_NOATIME;
+ if (stat.f_flag & ST_NODIRATIME)
+ mnt_flags |= MS_NODIRATIME;
+ if (stat.f_flag & ST_RELATIME)
+ mnt_flags |= MS_RELATIME;
+ if (stat.f_flag & ST_SYNCHRONOUS)
+ mnt_flags |= MS_SYNCHRONOUS;
+ if (stat.f_flag & ST_MANDLOCK)
+ mnt_flags |= ST_MANDLOCK;
+
+ return mnt_flags;
+}
+
static void create_and_enter_userns(void)
{
uid_t uid;
@@ -118,7 +162,8 @@ static void create_and_enter_userns(void)
}
static
-bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
+bool test_unpriv_remount(const char *fstype, const char *mount_options,
+ int mount_flags, int remount_flags, int invalid_flags)
{
pid_t child;
@@ -151,9 +196,11 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
strerror(errno));
}
- if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) {
- die("mount of /tmp failed: %s\n",
- strerror(errno));
+ if (mount("testing", "/tmp", fstype, mount_flags, mount_options) != 0) {
+ die("mount of %s with options '%s' on /tmp failed: %s\n",
+ fstype,
+ mount_options? mount_options : "",
+ strerror(errno));
}
create_and_enter_userns();
@@ -181,62 +228,127 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
static bool test_unpriv_remount_simple(int mount_flags)
{
- return test_unpriv_remount(mount_flags, mount_flags, 0);
+ return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, 0);
}
static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags)
{
- return test_unpriv_remount(mount_flags, mount_flags, invalid_flags);
+ return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags,
+ invalid_flags);
+}
+
+static bool test_priv_mount_unpriv_remount(void)
+{
+ pid_t child;
+ int ret;
+ const char *orig_path = "/dev";
+ const char *dest_path = "/tmp";
+ int orig_mnt_flags, remount_mnt_flags;
+
+ child = fork();
+ if (child == -1) {
+ die("fork failed: %s\n",
+ strerror(errno));
+ }
+ if (child != 0) { /* parent */
+ pid_t pid;
+ int status;
+ pid = waitpid(child, &status, 0);
+ if (pid == -1) {
+ die("waitpid failed: %s\n",
+ strerror(errno));
+ }
+ if (pid != child) {
+ die("waited for %d got %d\n",
+ child, pid);
+ }
+ if (!WIFEXITED(status)) {
+ die("child did not terminate cleanly\n");
+ }
+ return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
+ }
+
+ orig_mnt_flags = read_mnt_flags(orig_path);
+
+ create_and_enter_userns();
+ ret = unshare(CLONE_NEWNS);
+ if (ret != 0) {
+ die("unshare(CLONE_NEWNS) failed: %s\n",
+ strerror(errno));
+ }
+
+ ret = mount(orig_path, dest_path, "bind", MS_BIND | MS_REC, NULL);
+ if (ret != 0) {
+ die("recursive bind mount of %s onto %s failed: %s\n",
+ orig_path, dest_path, strerror(errno));
+ }
+
+ ret = mount(dest_path, dest_path, "none",
+ MS_REMOUNT | MS_BIND | orig_mnt_flags , NULL);
+ if (ret != 0) {
+ /* system("cat /proc/self/mounts"); */
+ die("remount of /tmp failed: %s\n",
+ strerror(errno));
+ }
+
+ remount_mnt_flags = read_mnt_flags(dest_path);
+ if (orig_mnt_flags != remount_mnt_flags) {
+ die("Mount flags unexpectedly changed during remount of %s originally mounted on %s\n",
+ dest_path, orig_path);
+ }
+ exit(EXIT_SUCCESS);
}
int main(int argc, char **argv)
{
- if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) {
+ if (!test_unpriv_remount_simple(MS_RDONLY)) {
die("MS_RDONLY malfunctions\n");
}
- if (!test_unpriv_remount_simple(MS_NODEV)) {
+ if (!test_unpriv_remount("devpts", "newinstance", MS_NODEV, MS_NODEV, 0)) {
die("MS_NODEV malfunctions\n");
}
- if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) {
+ if (!test_unpriv_remount_simple(MS_NOSUID)) {
die("MS_NOSUID malfunctions\n");
}
- if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) {
+ if (!test_unpriv_remount_simple(MS_NOEXEC)) {
die("MS_NOEXEC malfunctions\n");
}
- if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV,
- MS_NOATIME|MS_NODEV))
+ if (!test_unpriv_remount_atime(MS_RELATIME,
+ MS_NOATIME))
{
die("MS_RELATIME malfunctions\n");
}
- if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV,
- MS_NOATIME|MS_NODEV))
+ if (!test_unpriv_remount_atime(MS_STRICTATIME,
+ MS_NOATIME))
{
die("MS_STRICTATIME malfunctions\n");
}
- if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV,
- MS_STRICTATIME|MS_NODEV))
+ if (!test_unpriv_remount_atime(MS_NOATIME,
+ MS_STRICTATIME))
{
- die("MS_RELATIME malfunctions\n");
+ die("MS_NOATIME malfunctions\n");
}
- if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV,
- MS_NOATIME|MS_NODEV))
+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME,
+ MS_NOATIME))
{
- die("MS_RELATIME malfunctions\n");
+ die("MS_RELATIME|MS_NODIRATIME malfunctions\n");
}
- if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV,
- MS_NOATIME|MS_NODEV))
+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME,
+ MS_NOATIME))
{
- die("MS_RELATIME malfunctions\n");
+ die("MS_STRICTATIME|MS_NODIRATIME malfunctions\n");
}
- if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV,
- MS_STRICTATIME|MS_NODEV))
+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME,
+ MS_STRICTATIME))
{
- die("MS_RELATIME malfunctions\n");
+ die("MS_NOATIME|MS_DIRATIME malfunctions\n");
}
- if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV,
- MS_NOATIME|MS_NODEV))
+ if (!test_unpriv_remount("ramfs", NULL, MS_STRICTATIME, 0, MS_NOATIME))
{
die("Default atime malfunctions\n");
}
+ if (!test_priv_mount_unpriv_remount()) {
+ die("Mount flags unexpectedly changed after remount\n");
+ }
return EXIT_SUCCESS;
}
--
2.1.0

2
no-pcspkr-modalias.patch
View File

@ -9,7 +9,7 @@ Upstream-status: Fedora mustard
1 file changed, 1 deletion(-)
diff --git a/drivers/input/misc/pcspkr.c b/drivers/input/misc/pcspkr.c
index 674a2cfc3c0e..9a2807227c69 100644
index 72b1fc3ab910..86907eaa4883 100644
--- a/drivers/input/misc/pcspkr.c
+++ b/drivers/input/misc/pcspkr.c
@@ -23,7 +23,6 @@

4
pinctrl-pinctrl-single-must-be-initialized-early.patch
View File

@ -10,10 +10,10 @@ exercise left to the reader.
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index fb94b772ad62..99668ad01b54 100644
index 69e84427f913..f21cf4291476 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -2026,7 +2026,17 @@ static struct platform_driver pcs_driver = {
@@ -2025,7 +2025,17 @@ static struct platform_driver pcs_driver = {
#endif
};

46
powerpc-powernv-force-all-CPUs-to-be-bootable.patch
View File

@ -1,46 +0,0 @@
From: Greg Kurz <gkurz@linux.vnet.ibm.com>
Date: Fri, 12 Dec 2014 12:37:40 +0100
Subject: [PATCH] powerpc/powernv: force all CPUs to be bootable
The subcore logic needs all the CPUs declared in the DT to be bootable,
otherwise the kernel hangs at boot time. Since subcore support starts
with POWER8, we can keep the current behaviour for older CPUs.
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
---
arch/powerpc/platforms/powernv/smp.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/powernv/smp.c b/arch/powerpc/platforms/powernv/smp.c
index 4753958cd509..44ecd0925f56 100644
--- a/arch/powerpc/platforms/powernv/smp.c
+++ b/arch/powerpc/platforms/powernv/smp.c
@@ -185,13 +185,24 @@ static void pnv_smp_cpu_kill_self(void)
#endif /* CONFIG_HOTPLUG_CPU */
+static int pnv_cpu_bootable(unsigned int nr)
+{
+ /* Starting with POWER8, all CPUs need to be booted to avoid hangs
+ * during subcore init.
+ */
+ if (cpu_has_feature(CPU_FTR_ARCH_207S))
+ return 1;
+
+ return smp_generic_cpu_bootable(nr);
+}
+
static struct smp_ops_t pnv_smp_ops = {
.message_pass = smp_muxed_ipi_message_pass,
.cause_ipi = NULL, /* Filled at runtime by xics_smp_probe() */
.probe = xics_smp_probe,
.kick_cpu = pnv_smp_kick_cpu,
.setup_cpu = pnv_smp_setup_cpu,
- .cpu_bootable = smp_generic_cpu_bootable,
+ .cpu_bootable = pnv_cpu_bootable,
#ifdef CONFIG_HOTPLUG_CPU
.cpu_disable = pnv_smp_cpu_disable,
.cpu_die = generic_cpu_die,
--
2.1.0

4
scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
View File

@ -9,10 +9,10 @@ Upstream-status: Fedora mustard (might be worth dropping...)
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index cfba74cd8e8b..5127df3cc064 100644
index 399516925d80..2ac9a156da39 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2768,13 +2768,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
@@ -2750,13 +2750,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
static int sd_revalidate_disk(struct gendisk *disk)
{
struct scsi_disk *sdkp = scsi_disk(disk);

4
silence-fbcon-logo.patch
View File

@ -9,7 +9,7 @@ Upstream-status: Fedora mustard
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
index eb976ee3a02f..275f20a643f4 100644
index ea437245562e..eefa9c45d2e1 100644
--- a/drivers/video/console/fbcon.c
+++ b/drivers/video/console/fbcon.c
@@ -637,13 +637,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
@ -47,7 +47,7 @@ index eb976ee3a02f..275f20a643f4 100644
+
+early_param("quiet", quiet_logo);
+
module_init(fb_console_init);
fs_initcall(fb_console_init);
#ifdef MODULE
--

36
uapi-linux-target_core_user.h-fix-headers_install.sh.patch
View File

@ -1,36 +0,0 @@
From: Kyle McMartin <kyle@redhat.com>
Date: Thu, 18 Dec 2014 12:57:14 -0500
Subject: [PATCH] uapi/linux/target_core_user.h: fix headers_install.sh badness
scripts/headers_install.sh will transform __packed to
__attribute__((packed)), so the #ifndef is not necessary.
(and, in fact, it's problematic, because we'll end up with the header
containing:
#ifndef __attribute__((packed))
#define __attribu...
and so forth.)
Cc: stable@vger.kernel.org # 3.18
Signed-off-by: Kyle McMartin <kyle@redhat.com>
---
include/uapi/linux/target_core_user.h | 4 ----
1 file changed, 4 deletions(-)
diff --git a/include/uapi/linux/target_core_user.h b/include/uapi/linux/target_core_user.h
index 7dcfbe6771b1..b483d1909d3e 100644
--- a/include/uapi/linux/target_core_user.h
+++ b/include/uapi/linux/target_core_user.h
@@ -6,10 +6,6 @@
#include <linux/types.h>
#include <linux/uio.h>
-#ifndef __packed
-#define __packed __attribute__((packed))
-#endif
-
#define TCMU_VERSION "1.0"
/*
--
2.1.0

33
umount-Disallow-unprivileged-mount-force.patch
View File

@ -1,33 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Sat, 4 Oct 2014 14:44:03 -0700
Subject: [PATCH] umount: Disallow unprivileged mount force
Forced unmount affects not just the mount namespace but the underlying
superblock as well. Restrict forced unmount to the global root user
for now. Otherwise it becomes possible a user in a less privileged
mount namespace to force the shutdown of a superblock of a filesystem
in a more privileged mount namespace, allowing a DOS attack on root.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/namespace.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/namespace.c b/fs/namespace.c
index 3a1a87dc33df..43b16af8af30 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1544,6 +1544,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
goto dput_and_out;
if (mnt->mnt.mnt_flags & MNT_LOCKED)
goto dput_and_out;
+ retval = -EPERM;
+ if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
+ goto dput_and_out;
retval = do_umount(mnt, flags);
dput_and_out:
--
2.1.0

280
userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch
View File

@ -1,280 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 2 Dec 2014 12:27:26 -0600
Subject: [PATCH] userns: Add a knob to disable setgroups on a per user
namespace basis
- Expose the knob to user space through a proc file /proc/<pid>/setgroups
A value of "deny" means the setgroups system call is disabled in the
current processes user namespace and can not be enabled in the
future in this user namespace.
A value of "allow" means the segtoups system call is enabled.
- Descendant user namespaces inherit the value of setgroups from
their parents.
- A proc file is used (instead of a sysctl) as sysctls currently do
not allow checking the permissions at open time.
- Writing to the proc file is restricted to before the gid_map
for the user namespace is set.
This ensures that disabling setgroups at a user namespace
level will never remove the ability to call setgroups
from a process that already has that ability.
A process may opt in to the setgroups disable for itself by
creating, entering and configuring a user namespace or by calling
setns on an existing user namespace with setgroups disabled.
Processes without privileges already can not call setgroups so this
is a noop. Prodcess with privilege become processes without
privilege when entering a user namespace and as with any other path
to dropping privilege they would not have the ability to call
setgroups. So this remains within the bounds of what is possible
without a knob to disable setgroups permanently in a user namespace.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/proc/base.c | 53 ++++++++++++++++++++++++++
include/linux/user_namespace.h | 7 ++++
kernel/user.c | 1 +
kernel/user_namespace.c | 85 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 146 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 772efa45a452..7dc3ea89ef1a 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2464,6 +2464,57 @@ static const struct file_operations proc_projid_map_operations = {
.llseek = seq_lseek,
.release = proc_id_map_release,
};
+
+static int proc_setgroups_open(struct inode *inode, struct file *file)
+{
+ struct user_namespace *ns = NULL;
+ struct task_struct *task;
+ int ret;
+
+ ret = -ESRCH;
+ task = get_proc_task(inode);
+ if (task) {
+ rcu_read_lock();
+ ns = get_user_ns(task_cred_xxx(task, user_ns));
+ rcu_read_unlock();
+ put_task_struct(task);
+ }
+ if (!ns)
+ goto err;
+
+ if (file->f_mode & FMODE_WRITE) {
+ ret = -EACCES;
+ if (!ns_capable(ns, CAP_SYS_ADMIN))
+ goto err_put_ns;
+ }
+
+ ret = single_open(file, &proc_setgroups_show, ns);
+ if (ret)
+ goto err_put_ns;
+
+ return 0;
+err_put_ns:
+ put_user_ns(ns);
+err:
+ return ret;
+}
+
+static int proc_setgroups_release(struct inode *inode, struct file *file)
+{
+ struct seq_file *seq = file->private_data;
+ struct user_namespace *ns = seq->private;
+ int ret = single_release(inode, file);
+ put_user_ns(ns);
+ return ret;
+}
+
+static const struct file_operations proc_setgroups_operations = {
+ .open = proc_setgroups_open,
+ .write = proc_setgroups_write,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = proc_setgroups_release,
+};
#endif /* CONFIG_USER_NS */
static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns,
@@ -2572,6 +2623,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations),
+ REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations),
#endif
#ifdef CONFIG_CHECKPOINT_RESTORE
REG("timers", S_IRUGO, proc_timers_operations),
@@ -2913,6 +2965,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations),
+ REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations),
#endif
};
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 8d493083486a..9f3579ff543d 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -17,6 +17,10 @@ struct uid_gid_map { /* 64 bytes -- 1 cache line */
} extent[UID_GID_MAP_MAX_EXTENTS];
};
+#define USERNS_SETGROUPS_ALLOWED 1UL
+
+#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
+
struct user_namespace {
struct uid_gid_map uid_map;
struct uid_gid_map gid_map;
@@ -27,6 +31,7 @@ struct user_namespace {
kuid_t owner;
kgid_t group;
unsigned int proc_inum;
+ unsigned long flags;
/* Register of per-UID persistent keyrings for this namespace */
#ifdef CONFIG_PERSISTENT_KEYRINGS
@@ -63,6 +68,8 @@ extern const struct seq_operations proc_projid_seq_operations;
extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
+extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
+extern int proc_setgroups_show(struct seq_file *m, void *v);
extern bool userns_may_setgroups(const struct user_namespace *ns);
#else
diff --git a/kernel/user.c b/kernel/user.c
index 4efa39350e44..2d09940c9632 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -51,6 +51,7 @@ struct user_namespace init_user_ns = {
.owner = GLOBAL_ROOT_UID,
.group = GLOBAL_ROOT_GID,
.proc_inum = PROC_USER_INIT_INO,
+ .flags = USERNS_INIT_FLAGS,
#ifdef CONFIG_PERSISTENT_KEYRINGS
.persistent_keyring_register_sem =
__RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem),
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 44a555ac6104..6e80f4c1322b 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -100,6 +100,11 @@ int create_user_ns(struct cred *new)
ns->owner = owner;
ns->group = group;
+ /* Inherit USERNS_SETGROUPS_ALLOWED from our parent */
+ mutex_lock(&userns_state_mutex);
+ ns->flags = parent_ns->flags;
+ mutex_unlock(&userns_state_mutex);
+
set_cred_user_ns(new, ns);
#ifdef CONFIG_PERSISTENT_KEYRINGS
@@ -839,6 +844,84 @@ static bool new_idmap_permitted(const struct file *file,
return false;
}
+int proc_setgroups_show(struct seq_file *seq, void *v)
+{
+ struct user_namespace *ns = seq->private;
+ unsigned long userns_flags = ACCESS_ONCE(ns->flags);
+
+ seq_printf(seq, "%s\n",
+ (userns_flags & USERNS_SETGROUPS_ALLOWED) ?
+ "allow" : "deny");
+ return 0;
+}
+
+ssize_t proc_setgroups_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ struct seq_file *seq = file->private_data;
+ struct user_namespace *ns = seq->private;
+ char kbuf[8], *pos;
+ bool setgroups_allowed;
+ ssize_t ret;
+
+ /* Only allow a very narrow range of strings to be written */
+ ret = -EINVAL;
+ if ((*ppos != 0) || (count >= sizeof(kbuf)))
+ goto out;
+
+ /* What was written? */
+ ret = -EFAULT;
+ if (copy_from_user(kbuf, buf, count))
+ goto out;
+ kbuf[count] = '\0';
+ pos = kbuf;
+
+ /* What is being requested? */
+ ret = -EINVAL;
+ if (strncmp(pos, "allow", 5) == 0) {
+ pos += 5;
+ setgroups_allowed = true;
+ }
+ else if (strncmp(pos, "deny", 4) == 0) {
+ pos += 4;
+ setgroups_allowed = false;
+ }
+ else
+ goto out;
+
+ /* Verify there is not trailing junk on the line */
+ pos = skip_spaces(pos);
+ if (*pos != '\0')
+ goto out;
+
+ ret = -EPERM;
+ mutex_lock(&userns_state_mutex);
+ if (setgroups_allowed) {
+ /* Enabling setgroups after setgroups has been disabled
+ * is not allowed.
+ */
+ if (!(ns->flags & USERNS_SETGROUPS_ALLOWED))
+ goto out_unlock;
+ } else {
+ /* Permanently disabling setgroups after setgroups has
+ * been enabled by writing the gid_map is not allowed.
+ */
+ if (ns->gid_map.nr_extents != 0)
+ goto out_unlock;
+ ns->flags &= ~USERNS_SETGROUPS_ALLOWED;
+ }
+ mutex_unlock(&userns_state_mutex);
+
+ /* Report a successful write */
+ *ppos = count;
+ ret = count;
+out:
+ return ret;
+out_unlock:
+ mutex_unlock(&userns_state_mutex);
+ goto out;
+}
+
bool userns_may_setgroups(const struct user_namespace *ns)
{
bool allowed;
@@ -848,6 +931,8 @@ bool userns_may_setgroups(const struct user_namespace *ns)
* the user namespace has been established.
*/
allowed = ns->gid_map.nr_extents != 0;
+ /* Is setgroups allowed? */
+ allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED);
mutex_unlock(&userns_state_mutex);
return allowed;
--
2.1.0

40
userns-Allow-setting-gid_maps-without-privilege-when.patch
View File

@ -1,40 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 5 Dec 2014 19:36:04 -0600
Subject: [PATCH] userns: Allow setting gid_maps without privilege when
setgroups is disabled
Now that setgroups can be disabled and not reenabled, setting gid_map
without privielge can now be enabled when setgroups is disabled.
This restores most of the functionality that was lost when unprivileged
setting of gid_map was removed. Applications that use this functionality
will need to check to see if they use setgroups or init_groups, and if they
don't they can be fixed by simply disabling setgroups before writing to
gid_map.
Cc: stable@vger.kernel.org
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
kernel/user_namespace.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 6e80f4c1322b..a2e37c5d2f63 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -826,6 +826,11 @@ static bool new_idmap_permitted(const struct file *file,
kuid_t uid = make_kuid(ns->parent, id);
if (uid_eq(uid, cred->euid))
return true;
+ } else if (cap_setid == CAP_SETGID) {
+ kgid_t gid = make_kgid(ns->parent, id);
+ if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) &&
+ gid_eq(gid, cred->egid))
+ return true;
}
}
--
2.1.0

39
userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch
View File

@ -1,39 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 5 Dec 2014 18:26:30 -0600
Subject: [PATCH] userns: Check euid no fsuid when establishing an unprivileged
uid mapping
setresuid allows the euid to be set to any of uid, euid, suid, and
fsuid. Therefor it is safe to allow an unprivileged user to map
their euid and use CAP_SETUID privileged with exactly that uid,
as no new credentials can be obtained.
I can not find a combination of existing system calls that allows setting
uid, euid, suid, and fsuid from the fsuid making the previous use
of fsuid for allowing unprivileged mappings a bug.
This is part of a fix for CVE-2014-8989.
Cc: stable@vger.kernel.org
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
kernel/user_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 1ce6d67c07b7..9451b12a9b6c 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -819,7 +819,7 @@ static bool new_idmap_permitted(const struct file *file,
u32 id = new_map->extent[0].lower_first;
if (cap_setid == CAP_SETUID) {
kuid_t uid = make_kuid(ns->parent, id);
- if (uid_eq(uid, file->f_cred->fsuid))
+ if (uid_eq(uid, file->f_cred->euid))
return true;
}
}
--
2.1.0

48
userns-Document-what-the-invariant-required-for-safe.patch
View File

@ -1,48 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 5 Dec 2014 17:51:47 -0600
Subject: [PATCH] userns: Document what the invariant required for safe
unprivileged mappings.
The rule is simple. Don't allow anything that wouldn't be allowed
without unprivileged mappings.
It was previously overlooked that establishing gid mappings would
allow dropping groups and potentially gaining permission to files and
directories that had lesser permissions for a specific group than for
all other users.
This is the rule needed to fix CVE-2014-8989 and prevent any other
security issues with new_idmap_permitted.
The reason for this rule is that the unix permission model is old and
there are programs out there somewhere that take advantage of every
little corner of it. So allowing a uid or gid mapping to be
established without privielge that would allow anything that would not
be allowed without that mapping will result in expectations from some
code somewhere being violated. Violated expectations about the
behavior of the OS is a long way to say a security issue.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
kernel/user_namespace.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index aa312b0dc3ec..b99c862a2e3f 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -812,7 +812,9 @@ static bool new_idmap_permitted(const struct file *file,
struct user_namespace *ns, int cap_setid,
struct uid_gid_map *new_map)
{
- /* Allow mapping to your own filesystem ids */
+ /* Don't allow mappings that would allow anything that wouldn't
+ * be allowed without the establishment of unprivileged mappings.
+ */
if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) {
u32 id = new_map->extent[0].lower_first;
if (cap_setid == CAP_SETUID) {
--
2.1.0

98
userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch
View File

@ -1,98 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 5 Dec 2014 18:01:11 -0600
Subject: [PATCH] userns: Don't allow setgroups until a gid mapping has been
setablished
setgroups is unique in not needing a valid mapping before it can be called,
in the case of setgroups(0, NULL) which drops all supplemental groups.
The design of the user namespace assumes that CAP_SETGID can not actually
be used until a gid mapping is established. Therefore add a helper function
to see if the user namespace gid mapping has been established and call
that function in the setgroups permission check.
This is part of the fix for CVE-2014-8989, being able to drop groups
without privilege using user namespaces.
Cc: stable@vger.kernel.org
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
include/linux/user_namespace.h | 5 +++++
kernel/groups.c | 4 +++-
kernel/user_namespace.c | 14 ++++++++++++++
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index e95372654f09..8d493083486a 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -63,6 +63,7 @@ extern const struct seq_operations proc_projid_seq_operations;
extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
+extern bool userns_may_setgroups(const struct user_namespace *ns);
#else
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
@@ -87,6 +88,10 @@ static inline void put_user_ns(struct user_namespace *ns)
{
}
+static inline bool userns_may_setgroups(const struct user_namespace *ns)
+{
+ return true;
+}
#endif
#endif /* _LINUX_USER_H */
diff --git a/kernel/groups.c b/kernel/groups.c
index 02d8a251c476..664411f171b5 100644
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -6,6 +6,7 @@
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+#include <linux/user_namespace.h>
#include <asm/uaccess.h>
/* init to 2 - one for init_task, one to ensure it is never freed */
@@ -217,7 +218,8 @@ bool may_setgroups(void)
{
struct user_namespace *user_ns = current_user_ns();
- return ns_capable(user_ns, CAP_SETGID);
+ return ns_capable(user_ns, CAP_SETGID) &&
+ userns_may_setgroups(user_ns);
}
/*
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index b99c862a2e3f..27c8dab48c07 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -843,6 +843,20 @@ static bool new_idmap_permitted(const struct file *file,
return false;
}
+bool userns_may_setgroups(const struct user_namespace *ns)
+{
+ bool allowed;
+
+ mutex_lock(&id_map_mutex);
+ /* It is not safe to use setgroups until a gid mapping in
+ * the user namespace has been established.
+ */
+ allowed = ns->gid_map.nr_extents != 0;
+ mutex_unlock(&id_map_mutex);
+
+ return allowed;
+}
+
static void *userns_get(struct task_struct *task)
{
struct user_namespace *user_ns;
--
2.1.0

46
userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch
View File

@ -1,46 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 5 Dec 2014 18:14:19 -0600
Subject: [PATCH] userns: Don't allow unprivileged creation of gid mappings
As any gid mapping will allow and must allow for backwards
compatibility dropping groups don't allow any gid mappings to be
established without CAP_SETGID in the parent user namespace.
For a small class of applications this change breaks userspace
and removes useful functionality. This small class of applications
includes tools/testing/selftests/mount/unprivilged-remount-test.c
Most of the removed functionality will be added back with the addition
of a one way knob to disable setgroups. Once setgroups is disabled
setting the gid_map becomes as safe as setting the uid_map.
For more common applications that set the uid_map and the gid_map
with privilege this change will have no affect.
This is part of a fix for CVE-2014-8989.
Cc: stable@vger.kernel.org
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
kernel/user_namespace.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 27c8dab48c07..1ce6d67c07b7 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -821,10 +821,6 @@ static bool new_idmap_permitted(const struct file *file,
kuid_t uid = make_kuid(ns->parent, id);
if (uid_eq(uid, file->f_cred->fsuid))
return true;
- } else if (cap_setid == CAP_SETGID) {
- kgid_t gid = make_kgid(ns->parent, id);
- if (gid_eq(gid, file->f_cred->fsgid))
- return true;
}
}
--
2.1.0

54
userns-Only-allow-the-creator-of-the-userns-unprivil.patch
View File

@ -1,54 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 26 Nov 2014 23:22:14 -0600
Subject: [PATCH] userns: Only allow the creator of the userns unprivileged
mappings
If you did not create the user namespace and are allowed
to write to uid_map or gid_map you should already have the necessary
privilege in the parent user namespace to establish any mapping
you want so this will not affect userspace in practice.
Limiting unprivileged uid mapping establishment to the creator of the
user namespace makes it easier to verify all credentials obtained with
the uid mapping can be obtained without the uid mapping without
privilege.
Limiting unprivileged gid mapping establishment (which is temporarily
absent) to the creator of the user namespace also ensures that the
combination of uid and gid can already be obtained without privilege.
This is part of the fix for CVE-2014-8989.
Cc: stable@vger.kernel.org
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
kernel/user_namespace.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 9451b12a9b6c..1e34de2fbd60 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -812,14 +812,16 @@ static bool new_idmap_permitted(const struct file *file,
struct user_namespace *ns, int cap_setid,
struct uid_gid_map *new_map)
{
+ const struct cred *cred = file->f_cred;
/* Don't allow mappings that would allow anything that wouldn't
* be allowed without the establishment of unprivileged mappings.
*/
- if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) {
+ if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1) &&
+ uid_eq(ns->owner, cred->euid)) {
u32 id = new_map->extent[0].lower_first;
if (cap_setid == CAP_SETUID) {
kuid_t uid = make_kuid(ns->parent, id);
- if (uid_eq(uid, file->f_cred->euid))
+ if (uid_eq(uid, cred->euid))
return true;
}
}
--
2.1.0

80
userns-Rename-id_map_mutex-to-userns_state_mutex.patch
View File

@ -1,80 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 9 Dec 2014 14:03:14 -0600
Subject: [PATCH] userns: Rename id_map_mutex to userns_state_mutex
Generalize id_map_mutex so it can be used for more state of a user namespace.
Cc: stable@vger.kernel.org
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
kernel/user_namespace.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 1e34de2fbd60..44a555ac6104 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -24,6 +24,7 @@
#include <linux/fs_struct.h>
static struct kmem_cache *user_ns_cachep __read_mostly;
+static DEFINE_MUTEX(userns_state_mutex);
static bool new_idmap_permitted(const struct file *file,
struct user_namespace *ns, int cap_setid,
@@ -583,9 +584,6 @@ static bool mappings_overlap(struct uid_gid_map *new_map,
return false;
}
-
-static DEFINE_MUTEX(id_map_mutex);
-
static ssize_t map_write(struct file *file, const char __user *buf,
size_t count, loff_t *ppos,
int cap_setid,
@@ -602,7 +600,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
ssize_t ret = -EINVAL;
/*
- * The id_map_mutex serializes all writes to any given map.
+ * The userns_state_mutex serializes all writes to any given map.
*
* Any map is only ever written once.
*
@@ -620,7 +618,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
* order and smp_rmb() is guaranteed that we don't have crazy
* architectures returning stale data.
*/
- mutex_lock(&id_map_mutex);
+ mutex_lock(&userns_state_mutex);
ret = -EPERM;
/* Only allow one successful write to the map */
@@ -750,7 +748,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
*ppos = count;
ret = count;
out:
- mutex_unlock(&id_map_mutex);
+ mutex_unlock(&userns_state_mutex);
if (page)
free_page(page);
return ret;
@@ -845,12 +843,12 @@ bool userns_may_setgroups(const struct user_namespace *ns)
{
bool allowed;
- mutex_lock(&id_map_mutex);
+ mutex_lock(&userns_state_mutex);
/* It is not safe to use setgroups until a gid mapping in
* the user namespace has been established.
*/
allowed = ns->gid_map.nr_extents != 0;
- mutex_unlock(&id_map_mutex);
+ mutex_unlock(&userns_state_mutex);
return allowed;
}
--
2.1.0

91
userns-Unbreak-the-unprivileged-remount-tests.patch
View File

@ -1,91 +0,0 @@
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 2 Dec 2014 13:56:30 -0600
Subject: [PATCH] userns: Unbreak the unprivileged remount tests
A security fix in caused the way the unprivileged remount tests were
using user namespaces to break. Tweak the way user namespaces are
being used so the test works again.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
.../selftests/mount/unprivileged-remount-test.c | 32 ++++++++++++++++------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
index 9669d375625a..517785052f1c 100644
--- a/tools/testing/selftests/mount/unprivileged-remount-test.c
+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
@@ -53,17 +53,14 @@ static void die(char *fmt, ...)
exit(EXIT_FAILURE);
}
-static void write_file(char *filename, char *fmt, ...)
+static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap)
{
char buf[4096];
int fd;
ssize_t written;
int buf_len;
- va_list ap;
- va_start(ap, fmt);
buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
- va_end(ap);
if (buf_len < 0) {
die("vsnprintf failed: %s\n",
strerror(errno));
@@ -74,6 +71,8 @@ static void write_file(char *filename, char *fmt, ...)
fd = open(filename, O_WRONLY);
if (fd < 0) {
+ if ((errno == ENOENT) && enoent_ok)
+ return;
die("open of %s failed: %s\n",
filename, strerror(errno));
}
@@ -92,6 +91,26 @@ static void write_file(char *filename, char *fmt, ...)
}
}
+static void maybe_write_file(char *filename, char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ vmaybe_write_file(true, filename, fmt, ap);
+ va_end(ap);
+
+}
+
+static void write_file(char *filename, char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ vmaybe_write_file(false, filename, fmt, ap);
+ va_end(ap);
+
+}
+
static int read_mnt_flags(const char *path)
{
int ret;
@@ -144,13 +163,10 @@ static void create_and_enter_userns(void)
strerror(errno));
}
+ maybe_write_file("/proc/self/setgroups", "deny");
write_file("/proc/self/uid_map", "0 %d 1", uid);
write_file("/proc/self/gid_map", "0 %d 1", gid);
- if (setgroups(0, NULL) != 0) {
- die("setgroups failed: %s\n",
- strerror(errno));
- }
if (setgid(0) != 0) {
die ("setgid(0) failed %s\n",
strerror(errno));
--
2.1.0

4
x86-Lock-down-IO-port-access-when-module-security-is.patch
View File

@ -44,7 +44,7 @@ index 4ddaf66ea35f..00b440307419 100644
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 524b707894ef..c268e2581ed6 100644
index 4c58333b4257..fc9637812d78 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -27,6 +27,7 @@
@ -55,7 +55,7 @@ index 524b707894ef..c268e2581ed6 100644
#include <asm/uaccess.h>
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
@@ -571,6 +572,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
unsigned long i = *ppos;
const char __user *tmp = buf;

6
x86-Restrict-MSR-access-when-module-loading-is-restr.patch
View File

@ -13,10 +13,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 7 insertions(+)
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index c9603ac80de5..8bef43fc3f40 100644
index 113e70784854..26c2f83fc470 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
ssize_t bytes = 0;
@ -26,7 +26,7 @@ index c9603ac80de5..8bef43fc3f40 100644
if (count % 8)
return -EINVAL; /* Invalid chunk size */
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
err = -EBADF;
break;
}

72
x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch
View File

@ -1,72 +0,0 @@
From: Andy Lutomirski <luto@amacapital.net>
Date: Fri, 5 Dec 2014 19:03:28 -0800
Subject: [PATCH] x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's
benefit
paravirt_enabled has the following effects:
- Disables the F00F bug workaround warning. There is no F00F bug
workaround any more because Linux's standard IDT handling already
works around the F00F bug, but the warning still exists. This
is only cosmetic, and, in any event, there is no such thing as
KVM on a CPU with the F00F bug.
- Disables 32-bit APM BIOS detection. On a KVM paravirt system,
there should be no APM BIOS anyway.
- Disables tboot. I think that the tboot code should check the
CPUID hypervisor bit directly if it matters.
- paravirt_enabled disables espfix32. espfix32 should *not* be
disabled under KVM paravirt.
The last point is the purpose of this patch. It fixes a leak of the
high 16 bits of the kernel stack address on 32-bit KVM paravirt
guests.
While I'm at it, this removes pv_info setup from kvmclock. That
code seems to serve no purpose.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
---
arch/x86/kernel/kvm.c | 9 ++++++++-
arch/x86/kernel/kvmclock.c | 2 --
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index f6945bef2cd1..94f643484300 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -283,7 +283,14 @@ NOKPROBE_SYMBOL(do_async_page_fault);
static void __init paravirt_ops_setup(void)
{
pv_info.name = "KVM";
- pv_info.paravirt_enabled = 1;
+
+ /*
+ * KVM isn't paravirt in the sense of paravirt_enabled. A KVM
+ * guest kernel works like a bare metal kernel with additional
+ * features, and paravirt_enabled is about features that are
+ * missing.
+ */
+ pv_info.paravirt_enabled = 0;
if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY))
pv_cpu_ops.io_delay = kvm_io_delay;
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index d9156ceecdff..d4d9a8ad7893 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -263,8 +263,6 @@ void __init kvmclock_init(void)
#endif
kvm_get_preset_lpj();
clocksource_register_hz(&kvm_clock, NSEC_PER_SEC);
- pv_info.paravirt_enabled = 1;
- pv_info.name = "KVM";
if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT))
pvclock_set_flags(PVCLOCK_TSC_STABLE_BIT);
--
2.1.0

77
x86-tls-Validate-TLS-entries-to-protect-espfix.patch
View File

@ -1,77 +0,0 @@
From: Andy Lutomirski <luto@amacapital.net>
Date: Thu, 4 Dec 2014 16:48:16 -0800
Subject: [PATCH] x86/tls: Validate TLS entries to protect espfix
Installing a 16-bit RW data segment into the GDT defeats espfix.
AFAICT this will not affect glibc, Wine, or dosemu at all.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: H. Peter Anvin <hpa@zytor.com>
Cc: stable@vger.kernel.org
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: security@kernel.org <security@kernel.org>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/kernel/tls.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
index f7fec09e3e3a..e7650bd71109 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
@@ -27,6 +27,21 @@ static int get_free_idx(void)
return -ESRCH;
}
+static bool tls_desc_okay(const struct user_desc *info)
+{
+ if (LDT_empty(info))
+ return true;
+
+ /*
+ * espfix is required for 16-bit data segments, but espfix
+ * only works for LDT segments.
+ */
+ if (!info->seg_32bit)
+ return false;
+
+ return true;
+}
+
static void set_tls_desc(struct task_struct *p, int idx,
const struct user_desc *info, int n)
{
@@ -66,6 +81,9 @@ int do_set_thread_area(struct task_struct *p, int idx,
if (copy_from_user(&info, u_info, sizeof(info)))
return -EFAULT;
+ if (!tls_desc_okay(&info))
+ return -EINVAL;
+
if (idx == -1)
idx = info.entry_number;
@@ -192,6 +210,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
{
struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES];
const struct user_desc *info;
+ int i;
if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
(pos % sizeof(struct user_desc)) != 0 ||
@@ -205,6 +224,10 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
else
info = infobuf;
+ for (i = 0; i < count / sizeof(struct user_desc); i++)
+ if (!tls_desc_okay(info + i))
+ return -EINVAL;
+
set_tls_desc(target,
GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)),
info, count / sizeof(struct user_desc));
--
2.1.0