Merge 4.3.3 from stabilization branch
This commit is contained in:
parent
44ce1614d8
commit
48f65f65ce
|
@ -1,76 +0,0 @@
|
|||
From d856e14fb043b742f94170db36b812770a2591d0 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Thu, 15 Oct 2015 17:21:37 +0100
|
||||
Subject: [PATCH 1/2] KEYS: Fix crash when attempt to garbage collect an
|
||||
uninstantiated keyring
|
||||
|
||||
The following sequence of commands:
|
||||
|
||||
i=`keyctl add user a a @s`
|
||||
keyctl request2 keyring foo bar @t
|
||||
keyctl unlink $i @s
|
||||
|
||||
tries to invoke an upcall to instantiate a keyring if one doesn't already
|
||||
exist by that name within the user's keyring set. However, if the upcall
|
||||
fails, the code sets keyring->type_data.reject_error to -ENOKEY or some
|
||||
other error code. When the key is garbage collected, the key destroy
|
||||
function is called unconditionally and keyring_destroy() uses list_empty()
|
||||
on keyring->type_data.link - which is in a union with reject_error.
|
||||
Subsequently, the kernel tries to unlink the keyring from the keyring names
|
||||
list - which oopses like this:
|
||||
|
||||
BUG: unable to handle kernel paging request at 00000000ffffff8a
|
||||
IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88
|
||||
...
|
||||
Workqueue: events key_garbage_collector
|
||||
...
|
||||
RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88
|
||||
RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203
|
||||
RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000
|
||||
RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40
|
||||
RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000
|
||||
R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900
|
||||
R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000
|
||||
...
|
||||
CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0
|
||||
...
|
||||
Call Trace:
|
||||
[<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f
|
||||
[<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351
|
||||
[<ffffffff8105ec9b>] process_one_work+0x28e/0x547
|
||||
[<ffffffff8105fd17>] worker_thread+0x26e/0x361
|
||||
[<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8
|
||||
[<ffffffff810648ad>] kthread+0xf3/0xfb
|
||||
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
|
||||
[<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70
|
||||
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
|
||||
|
||||
Note the value in RAX. This is a 32-bit representation of -ENOKEY.
|
||||
|
||||
The solution is to only call ->destroy() if the key was successfully
|
||||
instantiated.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
security/keys/gc.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/security/keys/gc.c b/security/keys/gc.c
|
||||
index c7952375ac53..11c36627adbf 100644
|
||||
--- a/security/keys/gc.c
|
||||
+++ b/security/keys/gc.c
|
||||
@@ -149,7 +149,9 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
|
||||
atomic_dec(&key->user->nikeys);
|
||||
|
||||
/* now throw away the key memory */
|
||||
- if (key->type->destroy)
|
||||
+ if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
|
||||
+ !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
|
||||
+ key->type->destroy)
|
||||
key->type->destroy(key);
|
||||
|
||||
key_user_put(key->user);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,169 +0,0 @@
|
|||
From 1d8007bdee074fdffcf3539492d8a151a1fb3436 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Mon, 12 Oct 2015 13:38:32 +0200
|
||||
Subject: [PATCH] KVM: x86: build kvm_userspace_memory_region in
|
||||
x86_set_memory_region
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The next patch will make x86_set_memory_region fill the
|
||||
userspace_addr. Since the struct is not used untouched
|
||||
anymore, it makes sense to build it in x86_set_memory_region
|
||||
directly; it also simplifies the callers.
|
||||
|
||||
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
|
||||
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/include/asm/kvm_host.h | 6 ++----
|
||||
arch/x86/kvm/vmx.c | 26 ++++++--------------------
|
||||
arch/x86/kvm/x86.c | 31 +++++++++++++------------------
|
||||
3 files changed, 21 insertions(+), 42 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
|
||||
index 49ec903..4e7ad7e 100644
|
||||
--- a/arch/x86/include/asm/kvm_host.h
|
||||
+++ b/arch/x86/include/asm/kvm_host.h
|
||||
@@ -1199,9 +1199,7 @@ void kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err);
|
||||
|
||||
int kvm_is_in_guest(void);
|
||||
|
||||
-int __x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem);
|
||||
-int x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem);
|
||||
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
|
||||
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
|
||||
|
||||
#endif /* _ASM_X86_KVM_HOST_H */
|
||||
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
|
||||
index 18c30b4..8461e0c 100644
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -4105,17 +4105,13 @@ static void seg_setup(int seg)
|
||||
static int alloc_apic_access_page(struct kvm *kvm)
|
||||
{
|
||||
struct page *page;
|
||||
- struct kvm_userspace_memory_region kvm_userspace_mem;
|
||||
int r = 0;
|
||||
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
if (kvm->arch.apic_access_page_done)
|
||||
goto out;
|
||||
- kvm_userspace_mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
|
||||
- kvm_userspace_mem.flags = 0;
|
||||
- kvm_userspace_mem.guest_phys_addr = APIC_DEFAULT_PHYS_BASE;
|
||||
- kvm_userspace_mem.memory_size = PAGE_SIZE;
|
||||
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
|
||||
+ r = __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
|
||||
+ APIC_DEFAULT_PHYS_BASE, PAGE_SIZE);
|
||||
if (r)
|
||||
goto out;
|
||||
|
||||
@@ -4140,17 +4136,12 @@ static int alloc_identity_pagetable(struct kvm *kvm)
|
||||
{
|
||||
/* Called with kvm->slots_lock held. */
|
||||
|
||||
- struct kvm_userspace_memory_region kvm_userspace_mem;
|
||||
int r = 0;
|
||||
|
||||
BUG_ON(kvm->arch.ept_identity_pagetable_done);
|
||||
|
||||
- kvm_userspace_mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
|
||||
- kvm_userspace_mem.flags = 0;
|
||||
- kvm_userspace_mem.guest_phys_addr =
|
||||
- kvm->arch.ept_identity_map_addr;
|
||||
- kvm_userspace_mem.memory_size = PAGE_SIZE;
|
||||
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
|
||||
+ r = __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
|
||||
+ kvm->arch.ept_identity_map_addr, PAGE_SIZE);
|
||||
|
||||
return r;
|
||||
}
|
||||
@@ -4949,14 +4940,9 @@ static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
|
||||
static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
|
||||
{
|
||||
int ret;
|
||||
- struct kvm_userspace_memory_region tss_mem = {
|
||||
- .slot = TSS_PRIVATE_MEMSLOT,
|
||||
- .guest_phys_addr = addr,
|
||||
- .memory_size = PAGE_SIZE * 3,
|
||||
- .flags = 0,
|
||||
- };
|
||||
|
||||
- ret = x86_set_memory_region(kvm, &tss_mem);
|
||||
+ ret = x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr,
|
||||
+ PAGE_SIZE * 3);
|
||||
if (ret)
|
||||
return ret;
|
||||
kvm->arch.tss_addr = addr;
|
||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||
index 373328b..b12665b 100644
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -7721,18 +7721,21 @@ void kvm_arch_sync_events(struct kvm *kvm)
|
||||
kvm_free_pit(kvm);
|
||||
}
|
||||
|
||||
-int __x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem)
|
||||
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int i, r;
|
||||
|
||||
/* Called with kvm->slots_lock held. */
|
||||
- BUG_ON(mem->slot >= KVM_MEM_SLOTS_NUM);
|
||||
+ if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
|
||||
+ return -EINVAL;
|
||||
|
||||
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
|
||||
- struct kvm_userspace_memory_region m = *mem;
|
||||
+ struct kvm_userspace_memory_region m;
|
||||
|
||||
- m.slot |= i << 16;
|
||||
+ m.slot = id | (i << 16);
|
||||
+ m.flags = 0;
|
||||
+ m.guest_phys_addr = gpa;
|
||||
+ m.memory_size = size;
|
||||
r = __kvm_set_memory_region(kvm, &m);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@@ -7742,13 +7745,12 @@ int __x86_set_memory_region(struct kvm *kvm,
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
|
||||
|
||||
-int x86_set_memory_region(struct kvm *kvm,
|
||||
- const struct kvm_userspace_memory_region *mem)
|
||||
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int r;
|
||||
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
- r = __x86_set_memory_region(kvm, mem);
|
||||
+ r = __x86_set_memory_region(kvm, id, gpa, size);
|
||||
mutex_unlock(&kvm->slots_lock);
|
||||
|
||||
return r;
|
||||
@@ -7763,16 +7765,9 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
|
||||
* unless the the memory map has changed due to process exit
|
||||
* or fd copying.
|
||||
*/
|
||||
- struct kvm_userspace_memory_region mem;
|
||||
- memset(&mem, 0, sizeof(mem));
|
||||
- mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
|
||||
- x86_set_memory_region(kvm, &mem);
|
||||
-
|
||||
- mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
|
||||
- x86_set_memory_region(kvm, &mem);
|
||||
-
|
||||
- mem.slot = TSS_PRIVATE_MEMSLOT;
|
||||
- x86_set_memory_region(kvm, &mem);
|
||||
+ x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, 0, 0);
|
||||
+ x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT, 0, 0);
|
||||
+ x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0);
|
||||
}
|
||||
kvm_iommu_unmap_guest(kvm);
|
||||
kfree(kvm->arch.vpic);
|
|
@ -0,0 +1,91 @@
|
|||
From 0d3f6d297bfb7af24d0508460fdb3d1ec4903fa3 Mon Sep 17 00:00:00 2001
|
||||
From: Martin KaFai Lau <kafai@fb.com>
|
||||
Date: Wed, 11 Nov 2015 11:51:06 -0800
|
||||
Subject: [PATCH] ipv6: Avoid creating RTF_CACHE from a rt that is not managed
|
||||
by fib6 tree
|
||||
|
||||
The original bug report:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1272571
|
||||
|
||||
The setup has a IPv4 GRE tunnel running in a IPSec. The bug
|
||||
happens when ndisc starts sending router solicitation at the gre
|
||||
interface. The simplified oops stack is like:
|
||||
|
||||
__lock_acquire+0x1b2/0x1c30
|
||||
lock_acquire+0xb9/0x140
|
||||
_raw_write_lock_bh+0x3f/0x50
|
||||
__ip6_ins_rt+0x2e/0x60
|
||||
ip6_ins_rt+0x49/0x50
|
||||
~~~~~~~~
|
||||
__ip6_rt_update_pmtu.part.54+0x145/0x250
|
||||
ip6_rt_update_pmtu+0x2e/0x40
|
||||
~~~~~~~~
|
||||
ip_tunnel_xmit+0x1f1/0xf40
|
||||
__gre_xmit+0x7a/0x90
|
||||
ipgre_xmit+0x15a/0x220
|
||||
dev_hard_start_xmit+0x2bd/0x480
|
||||
__dev_queue_xmit+0x696/0x730
|
||||
dev_queue_xmit+0x10/0x20
|
||||
neigh_direct_output+0x11/0x20
|
||||
ip6_finish_output2+0x21f/0x770
|
||||
ip6_finish_output+0xa7/0x1d0
|
||||
ip6_output+0x56/0x190
|
||||
~~~~~~~~
|
||||
ndisc_send_skb+0x1d9/0x400
|
||||
ndisc_send_rs+0x88/0xc0
|
||||
~~~~~~~~
|
||||
|
||||
The rt passed to ip6_rt_update_pmtu() is created by
|
||||
icmp6_dst_alloc() and it is not managed by the fib6 tree,
|
||||
so its rt6i_table == NULL. When __ip6_rt_update_pmtu() creates
|
||||
a RTF_CACHE clone, the newly created clone also has rt6i_table == NULL
|
||||
and it causes the ip6_ins_rt() oops.
|
||||
|
||||
During pmtu update, we only want to create a RTF_CACHE clone
|
||||
from a rt which is currently managed (or owned) by the
|
||||
fib6 tree. It means either rt->rt6i_node != NULL or
|
||||
rt is a RTF_PCPU clone.
|
||||
|
||||
It is worth to note that rt6i_table may not be NULL even it is
|
||||
not (yet) managed by the fib6 tree (e.g. addrconf_dst_alloc()).
|
||||
Hence, rt6i_node is a better check instead of rt6i_table.
|
||||
|
||||
Fixes: 45e4fd26683c ("ipv6: Only create RTF_CACHE routes after encountering pmtu")
|
||||
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
|
||||
Reported-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
|
||||
Cc: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
|
||||
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/ipv6/route.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
|
||||
index c8bc9b4..74907c5 100644
|
||||
--- a/net/ipv6/route.c
|
||||
+++ b/net/ipv6/route.c
|
||||
@@ -1322,6 +1322,12 @@ static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
|
||||
rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
|
||||
}
|
||||
|
||||
+static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
|
||||
+{
|
||||
+ return !(rt->rt6i_flags & RTF_CACHE) &&
|
||||
+ (rt->rt6i_flags & RTF_PCPU || rt->rt6i_node);
|
||||
+}
|
||||
+
|
||||
static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
|
||||
const struct ipv6hdr *iph, u32 mtu)
|
||||
{
|
||||
@@ -1335,7 +1341,7 @@ static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
|
||||
if (mtu >= dst_mtu(dst))
|
||||
return;
|
||||
|
||||
- if (rt6->rt6i_flags & RTF_CACHE) {
|
||||
+ if (!rt6_cache_allowed_for_pmtu(rt6)) {
|
||||
rt6_do_update_pmtu(rt6, mtu);
|
||||
} else {
|
||||
const struct in6_addr *daddr, *saddr;
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Sun, 1 Nov 2015 23:54:08 +0000
|
||||
Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
|
||||
|
||||
Fix issue from two patches overlapping causing a kernel oops
|
||||
|
||||
[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
|
||||
[ 3569.306272] pgd = dc894000
|
||||
[ 3569.309287] [00000088] *pgd=00000000
|
||||
[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
|
||||
[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
|
||||
[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
|
||||
[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
|
||||
[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
|
||||
[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
|
||||
[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
|
||||
[ 3569.417902] pc : [<bf0ab138>] lr : [<c0739c54>] psr: 600f0013
|
||||
[ 3569.417902] sp : dbaadf18 ip : 00000003 fp : 7f5d3bbe
|
||||
[ 3569.430014] r10: 00000000 r9 : 00000003 r8 : bef21ab8
|
||||
[ 3569.435535] r7 : dbbc0f7c r6 : dbbc0f18 r5 : bef21ab8 r4 : 00000000
|
||||
[ 3569.442427] r3 : 00000000 r2 : 00000000 r1 : 8004570a r0 : dbbc0f18
|
||||
[ 3569.449323] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
|
||||
[ 3569.456858] Control: 10c5387d Table: 9c894019 DAC: 00000051
|
||||
[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
|
||||
[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
|
||||
[ 3569.473790] df00: bef21ab8 dbf60e38
|
||||
[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
|
||||
[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
|
||||
[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
|
||||
[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
|
||||
[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
|
||||
[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
|
||||
[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
|
||||
[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
|
||||
[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
|
||||
[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
|
||||
[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
|
||||
[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
|
||||
[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
|
||||
|
||||
Cc: <stable@vger.kernel.org> # v4.2+
|
||||
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
||||
---
|
||||
drivers/watchdog/omap_wdt.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
|
||||
index d96bee0..6f17c93 100644
|
||||
--- a/drivers/watchdog/omap_wdt.c
|
||||
+++ b/drivers/watchdog/omap_wdt.c
|
||||
@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
|
||||
|
||||
static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
|
||||
{
|
||||
- struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
|
||||
+ struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
|
||||
void __iomem *base = wdev->base;
|
||||
u32 value;
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
From 680ac028240f8747f31c03986fbcf18b2b521e93 Mon Sep 17 00:00:00 2001
|
||||
From: Borislav Petkov <bp@suse.de>
|
||||
Date: Mon, 27 Jul 2015 09:58:05 +0200
|
||||
Subject: [PATCH] x86/cpu/cacheinfo: Fix teardown path
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Philip Müller reported a hang when booting 32-bit 4.1 kernel on
|
||||
an AMD box. A fragment of the splat was enough to pinpoint the
|
||||
issue:
|
||||
|
||||
task: f58e0000 ti: f58e8000 task.ti: f58e800
|
||||
EIP: 0060:[<c135a903>] EFLAGS: 00010206 CPU: 0
|
||||
EIP is at free_cache_attributes+0x83/0xd0
|
||||
EAX: 00000001 EBX: f589d46c ECX: 00000090 EDX: 360c2000
|
||||
ESI: 00000000 EDI: c1724a80 EBP: f58e9ec0 ESP: f58e9ea0
|
||||
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
|
||||
CR0: 8005003b CR2: 000000ac CR3: 01731000 CR4: 000006d0
|
||||
|
||||
cache_shared_cpu_map_setup() did check sibling CPUs cacheinfo
|
||||
descriptor while the respective teardown path
|
||||
cache_shared_cpu_map_remove() didn't. Fix that.
|
||||
|
||||
From tglx's version: to be on the safe side, move the cacheinfo
|
||||
descriptor check to free_cache_attributes(), thus cleaning up
|
||||
the hotplug path a little and making this even more robust.
|
||||
|
||||
Reported-by: Philip Müller <philm@manjaro.org>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Cc: <stable@vger.kernel.org> # v4.1+
|
||||
Cc: Andre Przywara <andre.przywara@arm.com>
|
||||
Cc: Guenter Roeck <linux@roeck-us.net>
|
||||
Cc: H. Peter Anvin <hpa@zytor.com>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Sudeep Holla <sudeep.holla@arm.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: linux-kernel@vger.kernel.org
|
||||
Cc: manjaro-dev@manjaro.org
|
||||
Link: http://lkml.kernel.org/r/20150727075805.GA20416@nazgul.tnic
|
||||
Link: https://lkml.kernel.org/r/55B47BB8.6080202@manjaro.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
---
|
||||
drivers/base/cacheinfo.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c
|
||||
index 764280a91776..e9fd32e91668 100644
|
||||
--- a/drivers/base/cacheinfo.c
|
||||
+++ b/drivers/base/cacheinfo.c
|
||||
@@ -148,7 +148,11 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
|
||||
|
||||
if (sibling == cpu) /* skip itself */
|
||||
continue;
|
||||
+
|
||||
sib_cpu_ci = get_cpu_cacheinfo(sibling);
|
||||
+ if (!sib_cpu_ci->info_list)
|
||||
+ continue;
|
||||
+
|
||||
sib_leaf = sib_cpu_ci->info_list + index;
|
||||
cpumask_clear_cpu(cpu, &sib_leaf->shared_cpu_map);
|
||||
cpumask_clear_cpu(sibling, &this_leaf->shared_cpu_map);
|
||||
@@ -159,6 +163,9 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
|
||||
|
||||
static void free_cache_attributes(unsigned int cpu)
|
||||
{
|
||||
+ if (!per_cpu_cacheinfo(cpu))
|
||||
+ return;
|
||||
+
|
||||
cache_shared_cpu_map_remove(cpu);
|
||||
|
||||
kfree(per_cpu_cacheinfo(cpu));
|
||||
@@ -514,8 +521,7 @@ static int cacheinfo_cpu_callback(struct notifier_block *nfb,
|
||||
break;
|
||||
case CPU_DEAD:
|
||||
cache_remove_dev(cpu);
|
||||
- if (per_cpu_cacheinfo(cpu))
|
||||
- free_cache_attributes(cpu);
|
||||
+ free_cache_attributes(cpu);
|
||||
break;
|
||||
}
|
||||
return notifier_from_errno(rc);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
From 93f27344ac019135dd5ff31a518f1ef2d9e4e4a1 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 19 Oct 2015 11:33:38 +0100
|
||||
Subject: [PATCH 2/2] KEYS: Don't permit request_key() to construct a new
|
||||
keyring
|
||||
|
||||
If request_key() is used to find a keyring, only do the search part - don't
|
||||
do the construction part if the keyring was not found by the search. We
|
||||
don't really want keyrings in the negative instantiated state since the
|
||||
rejected/negative instantiation error value in the payload is unioned with
|
||||
keyring metadata.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
security/keys/request_key.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
|
||||
index 486ef6fa393b..0d6253124278 100644
|
||||
--- a/security/keys/request_key.c
|
||||
+++ b/security/keys/request_key.c
|
||||
@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
|
||||
|
||||
kenter("");
|
||||
|
||||
+ if (ctx->index_key.type == &key_type_keyring)
|
||||
+ return ERR_PTR(-EPERM);
|
||||
+
|
||||
user = key_user_lookup(current_fsuid());
|
||||
if (!user)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,134 +0,0 @@
|
|||
From f0d648bdf0a5bbc91da6099d5282f77996558ea4 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Mon, 12 Oct 2015 13:56:27 +0200
|
||||
Subject: [PATCH] KVM: x86: map/unmap private slots in __x86_set_memory_region
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Otherwise, two copies (one of them never populated and thus bogus)
|
||||
are allocated for the regular and SMM address spaces. This breaks
|
||||
SMM with EPT but without unrestricted guest support, because the
|
||||
SMM copy of the identity page map is all zeros.
|
||||
|
||||
By moving the allocation to the caller we also remove the last
|
||||
vestiges of kernel-allocated memory regions (not accessible anymore
|
||||
in userspace since commit b74a07beed0e, "KVM: Remove kernel-allocated
|
||||
memory regions", 2010-06-21); that is a nice bonus.
|
||||
|
||||
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
|
||||
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/x86.c | 62 ++++++++++++++++++++++++++----------------------------
|
||||
1 file changed, 30 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||
index 7bf8096..3ac33f8 100644
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -7477,23 +7477,53 @@ void kvm_arch_sync_events(struct kvm *kvm)
|
||||
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int i, r;
|
||||
+ u64 hva;
|
||||
+ struct kvm_memslots *slots = kvm_memslots(kvm);
|
||||
+ struct kvm_memory_slot *slot, old;
|
||||
|
||||
/* Called with kvm->slots_lock held. */
|
||||
if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
|
||||
return -EINVAL;
|
||||
|
||||
+ slot = id_to_memslot(slots, id);
|
||||
+ if (size) {
|
||||
+ if (WARN_ON(slot->npages))
|
||||
+ return -EEXIST;
|
||||
+
|
||||
+ /*
|
||||
+ * MAP_SHARED to prevent internal slot pages from being moved
|
||||
+ * by fork()/COW.
|
||||
+ */
|
||||
+ hva = vm_mmap(NULL, 0, size, PROT_READ | PROT_WRITE,
|
||||
+ MAP_SHARED | MAP_ANONYMOUS, 0);
|
||||
+ if (IS_ERR((void *)hva))
|
||||
+ return PTR_ERR((void *)hva);
|
||||
+ } else {
|
||||
+ if (!slot->npages)
|
||||
+ return 0;
|
||||
+
|
||||
+ hva = 0;
|
||||
+ }
|
||||
+
|
||||
+ old = *slot;
|
||||
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
|
||||
struct kvm_userspace_memory_region m;
|
||||
|
||||
m.slot = id | (i << 16);
|
||||
m.flags = 0;
|
||||
m.guest_phys_addr = gpa;
|
||||
+ m.userspace_addr = hva;
|
||||
m.memory_size = size;
|
||||
r = __kvm_set_memory_region(kvm, &m);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
+ if (!size) {
|
||||
+ r = vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
|
||||
+ WARN_ON(r < 0);
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
|
||||
@@ -7623,27 +7653,6 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
|
||||
const struct kvm_userspace_memory_region *mem,
|
||||
enum kvm_mr_change change)
|
||||
{
|
||||
- /*
|
||||
- * Only private memory slots need to be mapped here since
|
||||
- * KVM_SET_MEMORY_REGION ioctl is no longer supported.
|
||||
- */
|
||||
- if ((memslot->id >= KVM_USER_MEM_SLOTS) && (change == KVM_MR_CREATE)) {
|
||||
- unsigned long userspace_addr;
|
||||
-
|
||||
- /*
|
||||
- * MAP_SHARED to prevent internal slot pages from being moved
|
||||
- * by fork()/COW.
|
||||
- */
|
||||
- userspace_addr = vm_mmap(NULL, 0, memslot->npages * PAGE_SIZE,
|
||||
- PROT_READ | PROT_WRITE,
|
||||
- MAP_SHARED | MAP_ANONYMOUS, 0);
|
||||
-
|
||||
- if (IS_ERR((void *)userspace_addr))
|
||||
- return PTR_ERR((void *)userspace_addr);
|
||||
-
|
||||
- memslot->userspace_addr = userspace_addr;
|
||||
- }
|
||||
-
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -7705,17 +7714,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
|
||||
{
|
||||
int nr_mmu_pages = 0;
|
||||
|
||||
- if (change == KVM_MR_DELETE && old->id >= KVM_USER_MEM_SLOTS) {
|
||||
- int ret;
|
||||
-
|
||||
- ret = vm_munmap(old->userspace_addr,
|
||||
- old->npages * PAGE_SIZE);
|
||||
- if (ret < 0)
|
||||
- printk(KERN_WARNING
|
||||
- "kvm_vm_ioctl_set_memory_region: "
|
||||
- "failed to munmap memory\n");
|
||||
- }
|
||||
-
|
||||
if (!kvm->arch.n_requested_mmu_pages)
|
||||
nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
From 25188b9986cf6b0cadcf1bc1d1693a2e9c50ed47 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 15:51:08 +0200
|
||||
Subject: [PATCH] KVM: x86: fix previous commit for 32-bit
|
||||
|
||||
Unfortunately I only noticed this after pushing.
|
||||
|
||||
Fixes: f0d648bdf0a5bbc91da6099d5282f77996558ea4
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/x86.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||
index 6e03546..9a9a198 100644
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -7482,7 +7482,7 @@ void kvm_arch_sync_events(struct kvm *kvm)
|
||||
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
||||
{
|
||||
int i, r;
|
||||
- u64 hva;
|
||||
+ unsigned long hva;
|
||||
struct kvm_memslots *slots = kvm_memslots(kvm);
|
||||
struct kvm_memory_slot *slot, old;
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH] ACPI: Limit access to custom_method
|
||||
Subject: [PATCH 04/20] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
|
@ -25,3 +26,6 @@ index c68e72414a67..4277938af700 100644
|
|||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 34e3e23e08fdccbf4637deab0cf03070d4f2226d Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||
Subject: [PATCH] Add EFI signature data types
|
||||
Subject: [PATCH 15/20] Add EFI signature data types
|
||||
|
||||
Add the data types that are used for containing hashes, keys and certificates
|
||||
for cryptographic verification.
|
||||
|
@ -51,3 +52,6 @@ index de3e45088d4a..fac43c611614 100644
|
|||
/*
|
||||
* All runtime access to EFI goes through this structure:
|
||||
*/
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH] Add an EFI signature blob parser and key loader.
|
||||
Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
|
@ -32,7 +33,7 @@ index 4870f28403f5..4a1b50d73b80 100644
|
|||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index e47fcd9ac5e8..6512f6596785 100644
|
||||
index cd1406f9b14a..d9db380bbe53 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
|
||||
|
@ -173,3 +174,6 @@ index fac43c611614..414c3c3d988d 100644
|
|||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
* @start: starting kvirt address
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
||||
Subject: [PATCH] Add option to automatically enforce module signatures when in
|
||||
Secure Boot mode
|
||||
Subject: [PATCH 10/20] Add option to automatically enforce module signatures
|
||||
when in Secure Boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
|
@ -20,10 +21,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
7 files changed, 69 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||
index 82fbdbc1e0b0..a811210ad486 100644
|
||||
index 95a4d34af3fd..b8527c6b7646 100644
|
||||
--- a/Documentation/x86/zero-page.txt
|
||||
+++ b/Documentation/x86/zero-page.txt
|
||||
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
|
||||
@@ -31,6 +31,8 @@ Offset Proto Name Meaning
|
||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||
(below)
|
||||
|
@ -33,10 +34,10 @@ index 82fbdbc1e0b0..a811210ad486 100644
|
|||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||
2D0/A00 ALL e820_map E820 memory map table
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 3dbb7e7909ca..4da6644b1fd0 100644
|
||||
index cc0d73eac047..14db458f4774 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1703,6 +1703,16 @@ config EFI_MIXED
|
||||
@@ -1734,6 +1734,16 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
|
@ -54,7 +55,7 @@ index 3dbb7e7909ca..4da6644b1fd0 100644
|
|||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 2c82bd150d43..1ef8ea7f8ed9 100644
|
||||
index ee1b6d346b98..b4de3faa3f29 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -12,6 +12,7 @@
|
||||
|
@ -115,7 +116,7 @@ index 2c82bd150d43..1ef8ea7f8ed9 100644
|
|||
|
||||
setup_efi_pci(boot_params);
|
||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
||||
index ab456dc233b5..74ba4083e7ce 100644
|
||||
index 329254373479..b61f8533c0fd 100644
|
||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
||||
@@ -134,7 +134,8 @@ struct boot_params {
|
||||
|
@ -129,10 +130,10 @@ index ab456dc233b5..74ba4083e7ce 100644
|
|||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
||||
*
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 80f874bf999e..c2e4f52cad30 100644
|
||||
index baadbf90a7c5..1ac118146e90 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
io_delay_init();
|
||||
|
||||
|
@ -146,10 +147,10 @@ index 80f874bf999e..c2e4f52cad30 100644
|
|||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
||||
*/
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 57474384b66b..b69d657c3700 100644
|
||||
index db386349cd01..4b8df91f03cd 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -189,6 +189,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
|
||||
struct notifier_block;
|
||||
|
||||
|
@ -163,10 +164,10 @@ index 57474384b66b..b69d657c3700 100644
|
|||
|
||||
extern int modules_disabled; /* for sysctl */
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index e9869c497175..87fa14fedc88 100644
|
||||
index 7f045246e123..2b403ab0ef29 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -4084,6 +4084,13 @@ void module_layout(struct module *mod,
|
||||
@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
||||
|
@ -180,3 +181,6 @@ index e9869c497175..87fa14fedc88 100644
|
|||
bool secure_modules(void)
|
||||
{
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH] Add secure_modules() call
|
||||
Subject: [PATCH 01/20] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
|
@ -16,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
2 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index d67b1932cc59..57474384b66b 100644
|
||||
index 3a19c79918e0..db386349cd01 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
return module && module->async_probe_requested;
|
||||
}
|
||||
|
||||
|
@ -28,7 +29,7 @@ index d67b1932cc59..57474384b66b 100644
|
|||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
/* Given an address, look for it in the exception tables. */
|
||||
@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -40,10 +41,10 @@ index d67b1932cc59..57474384b66b 100644
|
|||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 4d2b82e610e2..e9869c497175 100644
|
||||
index b86b7bf1be38..7f045246e123 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
|
||||
@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
@ -57,3 +58,6 @@ index 4d2b82e610e2..e9869c497175 100644
|
|||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@redhat.com>
|
||||
Date: Fri, 30 Aug 2013 09:28:51 -0400
|
||||
Subject: [PATCH] Add sysrq option to disable secure boot mode
|
||||
Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
@ -15,7 +16,7 @@ Upstream-status: Fedora mustard
|
|||
7 files changed, 64 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 5def6b4143fa..1eac9d22cb0b 100644
|
||||
index f93826b8522c..41679b1aca83 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -70,6 +70,11 @@
|
||||
|
@ -30,7 +31,7 @@ index 5def6b4143fa..1eac9d22cb0b 100644
|
|||
#include <video/edid.h>
|
||||
|
||||
#include <asm/mtrr.h>
|
||||
@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
|
||||
@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
|
||||
|
||||
#endif /* CONFIG_X86_32 */
|
||||
|
||||
|
@ -69,10 +70,10 @@ index 5def6b4143fa..1eac9d22cb0b 100644
|
|||
.notifier_call = dump_kernel_offset
|
||||
};
|
||||
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
|
||||
index 421e29e4cd81..61c1eb97806c 100644
|
||||
index 345df9b03aed..dea6a6c4a39b 100644
|
||||
--- a/drivers/input/misc/uinput.c
|
||||
+++ b/drivers/input/misc/uinput.c
|
||||
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
if (!udev->dev)
|
||||
return -ENOMEM;
|
||||
|
||||
|
@ -81,10 +82,10 @@ index 421e29e4cd81..61c1eb97806c 100644
|
|||
input_set_drvdata(udev->dev, udev);
|
||||
|
||||
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
|
||||
index b5b427888b24..289c7898a3b0 100644
|
||||
index 95b330a9ea98..dfa3e154a719 100644
|
||||
--- a/drivers/tty/sysrq.c
|
||||
+++ b/drivers/tty/sysrq.c
|
||||
@@ -465,6 +465,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
/* x: May be registered on mips for TLB dump */
|
||||
/* x: May be registered on ppc/powerpc for xmon */
|
||||
/* x: May be registered on sparc64 for global PMU dump */
|
||||
|
@ -92,7 +93,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
NULL, /* x */
|
||||
/* y: May be registered on sparc64 for global register dump */
|
||||
NULL, /* y */
|
||||
@@ -508,7 +509,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
sysrq_key_table[i] = op_p;
|
||||
}
|
||||
|
||||
|
@ -101,7 +102,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
{
|
||||
struct sysrq_key_op *op_p;
|
||||
int orig_log_level;
|
||||
@@ -528,11 +529,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
|
||||
op_p = __sysrq_get_key_op(key);
|
||||
if (op_p) {
|
||||
|
@ -118,7 +119,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
pr_cont("%s\n", op_p->action_msg);
|
||||
console_loglevel = orig_log_level;
|
||||
op_p->handler(key);
|
||||
@@ -564,7 +569,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
void handle_sysrq(int key)
|
||||
{
|
||||
if (sysrq_on())
|
||||
|
@ -127,7 +128,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
}
|
||||
EXPORT_SYMBOL(handle_sysrq);
|
||||
|
||||
@@ -645,7 +650,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
static void sysrq_handle_reset_request(struct sysrq_state *state)
|
||||
{
|
||||
if (state->reset_requested)
|
||||
|
@ -136,7 +137,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
|
||||
if (sysrq_reset_downtime_ms)
|
||||
mod_timer(&state->keyreset_timer,
|
||||
@@ -796,8 +801,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
|
||||
default:
|
||||
if (sysrq->active && value && value != 2) {
|
||||
|
@ -148,7 +149,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
}
|
||||
break;
|
||||
}
|
||||
@@ -1077,7 +1084,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
|
||||
if (get_user(c, buf))
|
||||
return -EFAULT;
|
||||
|
@ -228,7 +229,7 @@ index 4121345498e0..0ff3cef5df96 100644
|
|||
|
||||
return 0;
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 87fa14fedc88..61385e686d49 100644
|
||||
index 2b403ab0ef29..7818c110e95c 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
|
||||
|
@ -240,3 +241,6 @@ index 87fa14fedc88..61385e686d49 100644
|
|||
#ifndef CONFIG_MODULE_SIG_FORCE
|
||||
module_param(sig_enforce, bool_enable_only, 0644);
|
||||
#endif /* !CONFIG_MODULE_SIG_FORCE */
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
From 0621809e37936e7c2b3eac9165cf2aad7f9189eb Mon Sep 17 00:00:00 2001
|
||||
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
|
||||
Date: Mon, 3 Aug 2015 14:57:30 +0900
|
||||
Subject: [PATCH] HID: hid-input: Fix accessing freed memory during device
|
||||
disconnect
|
||||
|
||||
During unbinding the driver was dereferencing a pointer to memory
|
||||
already freed by power_supply_unregister().
|
||||
|
||||
Driver was freeing its internal description of battery through pointers
|
||||
stored in power_supply structure. However, because the core owns the
|
||||
power supply instance, after calling power_supply_unregister() this
|
||||
memory is freed and the driver cannot access these members.
|
||||
|
||||
Fix this by storing the pointer to internal description of battery in a
|
||||
local variable before calling power_supply_unregister(), so the pointer
|
||||
remains valid.
|
||||
|
||||
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
|
||||
Reported-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
Fixes: 297d716f6260 ("power_supply: Change ownership from driver to core")
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
|
||||
Signed-off-by: Jiri Kosina <jkosina@suse.com>
|
||||
---
|
||||
drivers/hid/hid-input.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
|
||||
index 3511bbab..e3c6364 100644
|
||||
--- a/drivers/hid/hid-input.c
|
||||
+++ b/drivers/hid/hid-input.c
|
||||
@@ -462,12 +462,15 @@ out:
|
||||
|
||||
static void hidinput_cleanup_battery(struct hid_device *dev)
|
||||
{
|
||||
+ const struct power_supply_desc *psy_desc;
|
||||
+
|
||||
if (!dev->battery)
|
||||
return;
|
||||
|
||||
+ psy_desc = dev->battery->desc;
|
||||
power_supply_unregister(dev->battery);
|
||||
- kfree(dev->battery->desc->name);
|
||||
- kfree(dev->battery->desc);
|
||||
+ kfree(psy_desc->name);
|
||||
+ kfree(psy_desc);
|
||||
dev->battery = NULL;
|
||||
}
|
||||
#else /* !CONFIG_HID_BATTERY_STRENGTH */
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,117 @@
|
|||
From b9a532277938798b53178d5a66af6e2915cb27cf Mon Sep 17 00:00:00 2001
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Wed, 30 Sep 2015 12:48:40 -0400
|
||||
Subject: [PATCH] Initialize msg/shm IPC objects before doing ipc_addid()
|
||||
|
||||
As reported by Dmitry Vyukov, we really shouldn't do ipc_addid() before
|
||||
having initialized the IPC object state. Yes, we initialize the IPC
|
||||
object in a locked state, but with all the lockless RCU lookup work,
|
||||
that IPC object lock no longer means that the state cannot be seen.
|
||||
|
||||
We already did this for the IPC semaphore code (see commit e8577d1f0329:
|
||||
"ipc/sem.c: fully initialize sem_array before making it visible") but we
|
||||
clearly forgot about msg and shm.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Cc: Manfred Spraul <manfred@colorfullife.com>
|
||||
Cc: Davidlohr Bueso <dbueso@suse.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
ipc/msg.c | 14 +++++++-------
|
||||
ipc/shm.c | 13 +++++++------
|
||||
ipc/util.c | 8 ++++----
|
||||
3 files changed, 18 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/ipc/msg.c b/ipc/msg.c
|
||||
index 66c4f567eb73..1471db9a7e61 100644
|
||||
--- a/ipc/msg.c
|
||||
+++ b/ipc/msg.c
|
||||
@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
return retval;
|
||||
}
|
||||
|
||||
- /* ipc_addid() locks msq upon success. */
|
||||
- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
|
||||
- if (id < 0) {
|
||||
- ipc_rcu_putref(msq, msg_rcu_free);
|
||||
- return id;
|
||||
- }
|
||||
-
|
||||
msq->q_stime = msq->q_rtime = 0;
|
||||
msq->q_ctime = get_seconds();
|
||||
msq->q_cbytes = msq->q_qnum = 0;
|
||||
@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
INIT_LIST_HEAD(&msq->q_receivers);
|
||||
INIT_LIST_HEAD(&msq->q_senders);
|
||||
|
||||
+ /* ipc_addid() locks msq upon success. */
|
||||
+ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
|
||||
+ if (id < 0) {
|
||||
+ ipc_rcu_putref(msq, msg_rcu_free);
|
||||
+ return id;
|
||||
+ }
|
||||
+
|
||||
ipc_unlock_object(&msq->q_perm);
|
||||
rcu_read_unlock();
|
||||
|
||||
diff --git a/ipc/shm.c b/ipc/shm.c
|
||||
index 222131e8e38f..41787276e141 100644
|
||||
--- a/ipc/shm.c
|
||||
+++ b/ipc/shm.c
|
||||
@@ -551,12 +551,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
if (IS_ERR(file))
|
||||
goto no_file;
|
||||
|
||||
- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
|
||||
- if (id < 0) {
|
||||
- error = id;
|
||||
- goto no_id;
|
||||
- }
|
||||
-
|
||||
shp->shm_cprid = task_tgid_vnr(current);
|
||||
shp->shm_lprid = 0;
|
||||
shp->shm_atim = shp->shm_dtim = 0;
|
||||
@@ -565,6 +559,13 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
shp->shm_nattch = 0;
|
||||
shp->shm_file = file;
|
||||
shp->shm_creator = current;
|
||||
+
|
||||
+ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
|
||||
+ if (id < 0) {
|
||||
+ error = id;
|
||||
+ goto no_id;
|
||||
+ }
|
||||
+
|
||||
list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist);
|
||||
|
||||
/*
|
||||
diff --git a/ipc/util.c b/ipc/util.c
|
||||
index be4230020a1f..0f401d94b7c6 100644
|
||||
--- a/ipc/util.c
|
||||
+++ b/ipc/util.c
|
||||
@@ -237,6 +237,10 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
|
||||
rcu_read_lock();
|
||||
spin_lock(&new->lock);
|
||||
|
||||
+ current_euid_egid(&euid, &egid);
|
||||
+ new->cuid = new->uid = euid;
|
||||
+ new->gid = new->cgid = egid;
|
||||
+
|
||||
id = idr_alloc(&ids->ipcs_idr, new,
|
||||
(next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
|
||||
GFP_NOWAIT);
|
||||
@@ -249,10 +253,6 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
|
||||
|
||||
ids->in_use++;
|
||||
|
||||
- current_euid_egid(&euid, &egid);
|
||||
- new->cuid = new->uid = euid;
|
||||
- new->gid = new->cgid = egid;
|
||||
-
|
||||
if (next_id < 0) {
|
||||
new->seq = ids->seq++;
|
||||
if (ids->seq > IPCID_SEQ_MAX)
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||
Subject: [PATCH] KEYS: Add a system blacklist keyring
|
||||
Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
|
||||
|
||||
This adds an additional keyring that is used to store certificates that
|
||||
are blacklisted. This keyring is searched first when loading signed modules
|
||||
|
@ -9,72 +10,15 @@ useful in cases where third party certificates are used for module signing.
|
|||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
certs/system_keyring.c | 27 +++++++++++++++++++++++++++
|
||||
include/keys/system_keyring.h | 4 ++++
|
||||
init/Kconfig | 9 +++++++++
|
||||
kernel/module_signing.c | 12 ++++++++++++
|
||||
kernel/system_keyring.c | 17 +++++++++++++++++
|
||||
4 files changed, 42 insertions(+)
|
||||
3 files changed, 40 insertions(+)
|
||||
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 72665eb80692..2c7b80d31366 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index af09b4fb43d2..62f6fd191e4f 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1752,6 +1752,15 @@ config SYSTEM_TRUSTED_KEYRING
|
||||
|
||||
Keys in this keyring are used by module signature checking.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
|
||||
index be5b8fac4bd0..fed815fcdaf2 100644
|
||||
--- a/kernel/module_signing.c
|
||||
+++ b/kernel/module_signing.c
|
||||
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
|
||||
|
||||
pr_debug("Look up: \"%s\"\n", id);
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
|
||||
+ &key_type_asymmetric, id);
|
||||
+ if (!IS_ERR(key)) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key '%s' is in blacklist\n", id);
|
||||
+ key_ref_put(key);
|
||||
+ kfree(id);
|
||||
+ return ERR_PTR(-EKEYREJECTED);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
|
||||
&key_type_asymmetric, id);
|
||||
if (IS_ERR(key))
|
||||
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
|
||||
index 875f64e8935b..c15e93f5a418 100644
|
||||
--- a/kernel/system_keyring.c
|
||||
+++ b/kernel/system_keyring.c
|
||||
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
|
||||
index 2570598b784d..53733822993f 100644
|
||||
--- a/certs/system_keyring.c
|
||||
+++ b/certs/system_keyring.c
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
struct key *system_trusted_keyring;
|
||||
|
@ -90,7 +34,7 @@ index 875f64e8935b..c15e93f5a418 100644
|
|||
|
||||
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
|
||||
+
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
|
||||
+ KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
+ current_cred(),
|
||||
|
@ -106,3 +50,56 @@ index 875f64e8935b..c15e93f5a418 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
|
||||
+ if (!ret) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key is in the blacklist\n");
|
||||
+ ret = -EKEYREJECTED;
|
||||
+ goto error;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index b20cd885c1fd..51d8ddc60e0f 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -35,4 +35,8 @@ extern int system_verify_data(const void *data, unsigned long len,
|
||||
enum key_being_used_for usage);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 02da9f1fd9df..782d26f02885 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
|
||||
module verification, kexec image verification and firmware blob
|
||||
verification.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,92 +0,0 @@
|
|||
From adceca1789584fe567828afb7246bd35a8549e94 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Northup <digitaleric@google.com>
|
||||
Date: Tue, 10 Nov 2015 13:22:52 +0100
|
||||
Subject: [PATCH 1/2] KVM: x86: work around infinite loop in microcode when #AC
|
||||
is delivered
|
||||
|
||||
It was found that a guest can DoS a host by triggering an infinite
|
||||
stream of "alignment check" (#AC) exceptions. This causes the
|
||||
microcode to enter an infinite loop where the core never receives
|
||||
another interrupt. The host kernel panics pretty quickly due to the
|
||||
effects (CVE-2015-5307).
|
||||
|
||||
Signed-off-by: Eric Northup <digitaleric@google.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/include/uapi/asm/svm.h | 1 +
|
||||
arch/x86/kvm/svm.c | 8 ++++++++
|
||||
arch/x86/kvm/vmx.c | 5 ++++-
|
||||
3 files changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
|
||||
index b5d7640abc5d..8a4add8e4639 100644
|
||||
--- a/arch/x86/include/uapi/asm/svm.h
|
||||
+++ b/arch/x86/include/uapi/asm/svm.h
|
||||
@@ -100,6 +100,7 @@
|
||||
{ SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \
|
||||
{ SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \
|
||||
{ SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \
|
||||
+ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \
|
||||
{ SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \
|
||||
{ SVM_EXIT_INTR, "interrupt" }, \
|
||||
{ SVM_EXIT_NMI, "nmi" }, \
|
||||
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
|
||||
index f2c8e4917688..7203b3cc71b5 100644
|
||||
--- a/arch/x86/kvm/svm.c
|
||||
+++ b/arch/x86/kvm/svm.c
|
||||
@@ -1110,6 +1110,7 @@ static void init_vmcb(struct vcpu_svm *svm)
|
||||
set_exception_intercept(svm, PF_VECTOR);
|
||||
set_exception_intercept(svm, UD_VECTOR);
|
||||
set_exception_intercept(svm, MC_VECTOR);
|
||||
+ set_exception_intercept(svm, AC_VECTOR);
|
||||
|
||||
set_intercept(svm, INTERCEPT_INTR);
|
||||
set_intercept(svm, INTERCEPT_NMI);
|
||||
@@ -1798,6 +1799,12 @@ static int ud_interception(struct vcpu_svm *svm)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static int ac_interception(struct vcpu_svm *svm)
|
||||
+{
|
||||
+ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static void svm_fpu_activate(struct kvm_vcpu *vcpu)
|
||||
{
|
||||
struct vcpu_svm *svm = to_svm(vcpu);
|
||||
@@ -3362,6 +3369,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
|
||||
[SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
|
||||
[SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
|
||||
[SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
|
||||
+ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
|
||||
[SVM_EXIT_INTR] = intr_interception,
|
||||
[SVM_EXIT_NMI] = nmi_interception,
|
||||
[SVM_EXIT_SMI] = nop_on_interception,
|
||||
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
|
||||
index 5eb56ed77c1f..106aa940d3c0 100644
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -1631,7 +1631,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
|
||||
u32 eb;
|
||||
|
||||
eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
|
||||
- (1u << NM_VECTOR) | (1u << DB_VECTOR);
|
||||
+ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
|
||||
if ((vcpu->guest_debug &
|
||||
(KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
|
||||
(KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
|
||||
@@ -5266,6 +5266,9 @@ static int handle_exception(struct kvm_vcpu *vcpu)
|
||||
return handle_rmode_exception(vcpu, ex_no, error_code);
|
||||
|
||||
switch (ex_no) {
|
||||
+ case AC_VECTOR:
|
||||
+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
|
||||
+ return 1;
|
||||
case DB_VECTOR:
|
||||
dr6 = vmcs_readl(EXIT_QUALIFICATION);
|
||||
if (!(vcpu->guest_debug &
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 414c3c3d988d..d920a6be6c8b 100644
|
||||
index 85ef051ac6fb..a042b2ece788 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
@@ -600,6 +600,12 @@ typedef struct {
|
||||
u64 table;
|
||||
} efi_config_table_64_t;
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
|
@ -40,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
|
|||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
u32 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 62f6fd191e4f..648bb79d6b73 100644
|
||||
index 02da9f1fd9df..90c73a0564b1 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1906,6 +1906,15 @@ config MODULE_SIG_ALL
|
||||
@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
|
@ -62,26 +63,26 @@ index 62f6fd191e4f..648bb79d6b73 100644
|
|||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index 43c4c920f30a..3193574387ac 100644
|
||||
index d4988410b410..55e886239e7e 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -48,6 +48,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
|
||||
@@ -47,6 +47,7 @@ endif
|
||||
obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
|
||||
@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
obj-$(CONFIG_HAS_IOMEM) += memremap.o
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
# config_data.h contains the same information as ikconfig.h but gzipped.
|
||||
# Info from config_data can be extracted from /proc/config*
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..94b0eb38a284
|
||||
|
@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284
|
|||
+ return rc;
|
||||
+}
|
||||
+late_initcall(load_uefi_certs);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH] MODSIGN: Support not importing certs from db
|
||||
Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
|
@ -78,3 +79,6 @@ index 94b0eb38a284..ae28b974d49a 100644
|
|||
}
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
|
||||
Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
|
||||
enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
|
@ -111,3 +113,6 @@ index b91c4da68365..98f5637304d1 100644
|
|||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
From 74e98eb085889b0d2d4908f59f6e00026063014f Mon Sep 17 00:00:00 2001
|
||||
From: Sasha Levin <sasha.levin@oracle.com>
|
||||
Date: Tue, 8 Sep 2015 10:53:40 -0400
|
||||
Subject: [PATCH] RDS: verify the underlying transport exists before creating a
|
||||
connection
|
||||
|
||||
There was no verification that an underlying transport exists when creating
|
||||
a connection, this would cause dereferencing a NULL ptr.
|
||||
|
||||
It might happen on sockets that weren't properly bound before attempting to
|
||||
send a message, which will cause a NULL ptr deref:
|
||||
|
||||
[135546.047719] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
|
||||
[135546.051270] Modules linked in:
|
||||
[135546.051781] CPU: 4 PID: 15650 Comm: trinity-c4 Not tainted 4.2.0-next-20150902-sasha-00041-gbaa1222-dirty #2527
|
||||
[135546.053217] task: ffff8800835bc000 ti: ffff8800bc708000 task.ti: ffff8800bc708000
|
||||
[135546.054291] RIP: __rds_conn_create (net/rds/connection.c:194)
|
||||
[135546.055666] RSP: 0018:ffff8800bc70fab0 EFLAGS: 00010202
|
||||
[135546.056457] RAX: dffffc0000000000 RBX: 0000000000000f2c RCX: ffff8800835bc000
|
||||
[135546.057494] RDX: 0000000000000007 RSI: ffff8800835bccd8 RDI: 0000000000000038
|
||||
[135546.058530] RBP: ffff8800bc70fb18 R08: 0000000000000001 R09: 0000000000000000
|
||||
[135546.059556] R10: ffffed014d7a3a23 R11: ffffed014d7a3a21 R12: 0000000000000000
|
||||
[135546.060614] R13: 0000000000000001 R14: ffff8801ec3d0000 R15: 0000000000000000
|
||||
[135546.061668] FS: 00007faad4ffb700(0000) GS:ffff880252000000(0000) knlGS:0000000000000000
|
||||
[135546.062836] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
|
||||
[135546.063682] CR2: 000000000000846a CR3: 000000009d137000 CR4: 00000000000006a0
|
||||
[135546.064723] Stack:
|
||||
[135546.065048] ffffffffafe2055c ffffffffafe23fc1 ffffed00493097bf ffff8801ec3d0008
|
||||
[135546.066247] 0000000000000000 00000000000000d0 0000000000000000 ac194a24c0586342
|
||||
[135546.067438] 1ffff100178e1f78 ffff880320581b00 ffff8800bc70fdd0 ffff880320581b00
|
||||
[135546.068629] Call Trace:
|
||||
[135546.069028] ? __rds_conn_create (include/linux/rcupdate.h:856 net/rds/connection.c:134)
|
||||
[135546.069989] ? rds_message_copy_from_user (net/rds/message.c:298)
|
||||
[135546.071021] rds_conn_create_outgoing (net/rds/connection.c:278)
|
||||
[135546.071981] rds_sendmsg (net/rds/send.c:1058)
|
||||
[135546.072858] ? perf_trace_lock (include/trace/events/lock.h:38)
|
||||
[135546.073744] ? lockdep_init (kernel/locking/lockdep.c:3298)
|
||||
[135546.074577] ? rds_send_drop_to (net/rds/send.c:976)
|
||||
[135546.075508] ? __might_fault (./arch/x86/include/asm/current.h:14 mm/memory.c:3795)
|
||||
[135546.076349] ? __might_fault (mm/memory.c:3795)
|
||||
[135546.077179] ? rds_send_drop_to (net/rds/send.c:976)
|
||||
[135546.078114] sock_sendmsg (net/socket.c:611 net/socket.c:620)
|
||||
[135546.078856] SYSC_sendto (net/socket.c:1657)
|
||||
[135546.079596] ? SYSC_connect (net/socket.c:1628)
|
||||
[135546.080510] ? trace_dump_stack (kernel/trace/trace.c:1926)
|
||||
[135546.081397] ? ring_buffer_unlock_commit (kernel/trace/ring_buffer.c:2479 kernel/trace/ring_buffer.c:2558 kernel/trace/ring_buffer.c:2674)
|
||||
[135546.082390] ? trace_buffer_unlock_commit (kernel/trace/trace.c:1749)
|
||||
[135546.083410] ? trace_event_raw_event_sys_enter (include/trace/events/syscalls.h:16)
|
||||
[135546.084481] ? do_audit_syscall_entry (include/trace/events/syscalls.h:16)
|
||||
[135546.085438] ? trace_buffer_unlock_commit (kernel/trace/trace.c:1749)
|
||||
[135546.085515] rds_ib_laddr_check(): addr 36.74.25.172 ret -99 node type -1
|
||||
|
||||
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
|
||||
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/rds/connection.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/net/rds/connection.c b/net/rds/connection.c
|
||||
index 9b2de5e67d79..49adeef8090c 100644
|
||||
--- a/net/rds/connection.c
|
||||
+++ b/net/rds/connection.c
|
||||
@@ -190,6 +190,12 @@ new_conn:
|
||||
}
|
||||
}
|
||||
|
||||
+ if (trans == NULL) {
|
||||
+ kmem_cache_free(rds_conn_slab, conn);
|
||||
+ conn = ERR_PTR(-ENODEV);
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
conn->c_trans = trans;
|
||||
|
||||
ret = trans->conn_alloc(conn, gfp);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
|
@ -36,3 +37,6 @@ index 53fe675f9bd7..b52c88860532 100644
|
|||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
From 10d98bced414c6fc1d09db123e7f762d91b5ebea Mon Sep 17 00:00:00 2001
|
||||
From: Johan Hovold <johan@kernel.org>
|
||||
Date: Wed, 23 Sep 2015 11:41:42 -0700
|
||||
Subject: [PATCH] USB: whiteheat: fix potential null-deref at probe
|
||||
|
||||
Fix potential null-pointer dereference at probe by making sure that the
|
||||
required endpoints are present.
|
||||
|
||||
The whiteheat driver assumes there are at least five pairs of bulk
|
||||
endpoints, of which the final pair is used for the "command port". An
|
||||
attempt to bind to an interface with fewer bulk endpoints would
|
||||
currently lead to an oops.
|
||||
|
||||
Fixes CVE-2015-5257.
|
||||
|
||||
Reported-by: Moein Ghasemzadeh <moein@istuary.com>
|
||||
Cc: stable <stable@vger.kernel.org>
|
||||
Signed-off-by: Johan Hovold <johan@kernel.org>
|
||||
---
|
||||
drivers/usb/serial/whiteheat.c | 31 +++++++++++++++++++++++++++++++
|
||||
1 file changed, 31 insertions(+)
|
||||
|
||||
diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
|
||||
index 6c3734d2b45a..d3ea90bef84d 100644
|
||||
--- a/drivers/usb/serial/whiteheat.c
|
||||
+++ b/drivers/usb/serial/whiteheat.c
|
||||
@@ -80,6 +80,8 @@ static int whiteheat_firmware_download(struct usb_serial *serial,
|
||||
static int whiteheat_firmware_attach(struct usb_serial *serial);
|
||||
|
||||
/* function prototypes for the Connect Tech WhiteHEAT serial converter */
|
||||
+static int whiteheat_probe(struct usb_serial *serial,
|
||||
+ const struct usb_device_id *id);
|
||||
static int whiteheat_attach(struct usb_serial *serial);
|
||||
static void whiteheat_release(struct usb_serial *serial);
|
||||
static int whiteheat_port_probe(struct usb_serial_port *port);
|
||||
@@ -116,6 +118,7 @@ static struct usb_serial_driver whiteheat_device = {
|
||||
.description = "Connect Tech - WhiteHEAT",
|
||||
.id_table = id_table_std,
|
||||
.num_ports = 4,
|
||||
+ .probe = whiteheat_probe,
|
||||
.attach = whiteheat_attach,
|
||||
.release = whiteheat_release,
|
||||
.port_probe = whiteheat_port_probe,
|
||||
@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial)
|
||||
/*****************************************************************************
|
||||
* Connect Tech's White Heat serial driver functions
|
||||
*****************************************************************************/
|
||||
+
|
||||
+static int whiteheat_probe(struct usb_serial *serial,
|
||||
+ const struct usb_device_id *id)
|
||||
+{
|
||||
+ struct usb_host_interface *iface_desc;
|
||||
+ struct usb_endpoint_descriptor *endpoint;
|
||||
+ size_t num_bulk_in = 0;
|
||||
+ size_t num_bulk_out = 0;
|
||||
+ size_t min_num_bulk;
|
||||
+ unsigned int i;
|
||||
+
|
||||
+ iface_desc = serial->interface->cur_altsetting;
|
||||
+
|
||||
+ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
|
||||
+ endpoint = &iface_desc->endpoint[i].desc;
|
||||
+ if (usb_endpoint_is_bulk_in(endpoint))
|
||||
+ ++num_bulk_in;
|
||||
+ if (usb_endpoint_is_bulk_out(endpoint))
|
||||
+ ++num_bulk_out;
|
||||
+ }
|
||||
+
|
||||
+ min_num_bulk = COMMAND_PORT + 1;
|
||||
+ if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int whiteheat_attach(struct usb_serial *serial)
|
||||
{
|
||||
struct usb_serial_port *command_port;
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,7 +1,8 @@
|
|||
From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
|
||||
is restricted
|
||||
Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
|
||||
loading is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
|
@ -13,10 +14,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
|||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index 3b8963f21b36..a5ae6a7fef5e 100644
|
||||
index 739a4a6b3b9b..9ef2a020a7a9 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -44,6 +44,7 @@
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
|
@ -24,7 +25,7 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
|
|||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -255,7 +256,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
|
@ -33,3 +34,6 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
|
|||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Tue, 3 Mar 2015 08:31:24 +0100
|
||||
Subject: [PATCH] acpi: video: Add force native backlight quirk for Lenovo
|
||||
Ideapad Z570
|
||||
|
||||
The Lenovo Ideapad Z570 (which is an Acer in disguise like some other Ideapads)
|
||||
has a broken acpi_video interface, this was fixed in commmit a11d342fb8
|
||||
("ACPI / video: force vendor backlight on Lenovo Ideapad Z570").
|
||||
|
||||
Which stops acpi_video from registering a backlight interface, but this is
|
||||
only a partial fix, because for people who have the ideapad-laptop module
|
||||
installed that module will now register a backlight interface, which also
|
||||
does not work, so we need to use the native intel_backlight interface.
|
||||
|
||||
The Lenovo Ideapad 570 is a pre-win8 laptop / too old for the acpi-video code
|
||||
to automatically prefer the native backlight interface, so add a quirk for it.
|
||||
|
||||
This commit also removes the previous incomplete fix.
|
||||
|
||||
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1187004
|
||||
Cc: Stepan Bujnak <stepanbujnak@fastmail.fm>
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/acpi/video.c | 17 +++++++++++++++++
|
||||
drivers/acpi/video_detect.c | 8 --------
|
||||
2 files changed, 17 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
|
||||
index 70ea37bea84f..d9bf8ba7d848 100644
|
||||
--- a/drivers/acpi/video.c
|
||||
+++ b/drivers/acpi/video.c
|
||||
@@ -425,6 +425,12 @@ static int __init video_disable_native_backlight(const struct dmi_system_id *d)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int __init video_enable_native_backlight(const struct dmi_system_id *d)
|
||||
+{
|
||||
+ use_native_backlight_dmi = NATIVE_BACKLIGHT_ON;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
/*
|
||||
* Broken _BQC workaround http://bugzilla.kernel.org/show_bug.cgi?id=13121
|
||||
@@ -566,6 +572,17 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
DMI_MATCH(DMI_PRODUCT_NAME, "XPS L521X"),
|
||||
},
|
||||
},
|
||||
+
|
||||
+ /* Non win8 machines which need native backlight nevertheless */
|
||||
+ {
|
||||
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1187004 */
|
||||
+ .callback = video_enable_native_backlight,
|
||||
+ .ident = "Lenovo Ideapad Z570",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_NAME, "102434U"),
|
||||
+ },
|
||||
+ },
|
||||
{}
|
||||
};
|
||||
|
||||
diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
|
||||
index 27c43499977a..c42feb2bacd0 100644
|
||||
--- a/drivers/acpi/video_detect.c
|
||||
+++ b/drivers/acpi/video_detect.c
|
||||
@@ -174,14 +174,6 @@ static struct dmi_system_id video_detect_dmi_table[] = {
|
||||
DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5737"),
|
||||
},
|
||||
},
|
||||
- {
|
||||
- .callback = video_detect_force_vendor,
|
||||
- .ident = "Lenovo IdeaPad Z570",
|
||||
- .matches = {
|
||||
- DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
- DMI_MATCH(DMI_PRODUCT_VERSION, "Ideapad Z570"),
|
||||
- },
|
||||
- },
|
||||
{ },
|
||||
};
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
From: Aaron Lu <aaron.lu@intel.com>
|
||||
Date: Wed, 11 Mar 2015 14:14:56 +0800
|
||||
Subject: [PATCH] acpi: video: Allow forcing native backlight on non win8
|
||||
machines
|
||||
|
||||
The native backlight behavior (so not registering both the acpi-video
|
||||
and the vendor backlight driver) can be useful on some non win8 machines
|
||||
too, so change the behavior of the video.use_native_backlight=1 or 0
|
||||
kernel cmdline option to be: if user has set video.use_native_backlight=1
|
||||
or 0, use that no matter if it is a win8 system or not. Also, we will
|
||||
put some known systems into the DMI table to make them either use native
|
||||
backlight interface or not, and the use_native_backlight_dmi is used to
|
||||
reflect that.
|
||||
|
||||
Original-by: Hans de Goede <hdegoede@redhat.com>
|
||||
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
|
||||
Acked-by: Hans de Goede <hdegoede@redhat.com>
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/acpi/video.c | 19 +++++++++++++------
|
||||
1 file changed, 13 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
|
||||
index db70d550f526..70ea37bea84f 100644
|
||||
--- a/drivers/acpi/video.c
|
||||
+++ b/drivers/acpi/video.c
|
||||
@@ -82,9 +82,15 @@ module_param(allow_duplicates, bool, 0644);
|
||||
* For Windows 8 systems: used to decide if video module
|
||||
* should skip registering backlight interface of its own.
|
||||
*/
|
||||
-static int use_native_backlight_param = -1;
|
||||
+enum {
|
||||
+ NATIVE_BACKLIGHT_NOT_SET = -1,
|
||||
+ NATIVE_BACKLIGHT_OFF,
|
||||
+ NATIVE_BACKLIGHT_ON,
|
||||
+};
|
||||
+
|
||||
+static int use_native_backlight_param = NATIVE_BACKLIGHT_NOT_SET;
|
||||
module_param_named(use_native_backlight, use_native_backlight_param, int, 0444);
|
||||
-static bool use_native_backlight_dmi = true;
|
||||
+static int use_native_backlight_dmi = NATIVE_BACKLIGHT_NOT_SET;
|
||||
|
||||
static int register_count;
|
||||
static struct mutex video_list_lock;
|
||||
@@ -237,15 +243,16 @@ static void acpi_video_switch_brightness(struct work_struct *work);
|
||||
|
||||
static bool acpi_video_use_native_backlight(void)
|
||||
{
|
||||
- if (use_native_backlight_param != -1)
|
||||
+ if (use_native_backlight_param != NATIVE_BACKLIGHT_NOT_SET)
|
||||
return use_native_backlight_param;
|
||||
- else
|
||||
+ else if (use_native_backlight_dmi != NATIVE_BACKLIGHT_NOT_SET)
|
||||
return use_native_backlight_dmi;
|
||||
+ return acpi_osi_is_win8();
|
||||
}
|
||||
|
||||
bool acpi_video_verify_backlight_support(void)
|
||||
{
|
||||
- if (acpi_osi_is_win8() && acpi_video_use_native_backlight() &&
|
||||
+ if (acpi_video_use_native_backlight() &&
|
||||
backlight_device_registered(BACKLIGHT_RAW))
|
||||
return false;
|
||||
return acpi_video_backlight_support();
|
||||
@@ -414,7 +421,7 @@ static int __init video_set_bqc_offset(const struct dmi_system_id *d)
|
||||
|
||||
static int __init video_disable_native_backlight(const struct dmi_system_id *d)
|
||||
{
|
||||
- use_native_backlight_dmi = false;
|
||||
+ use_native_backlight_dmi = NATIVE_BACKLIGHT_OFF;
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From 221255aee67ec1c752001080aafec0c4e9390d95 Mon Sep 17 00:00:00 2001
|
||||
From: Hannes Reinecke <hare@suse.de>
|
||||
Date: Tue, 1 Dec 2015 10:16:42 +0100
|
||||
Subject: scsi: ignore errors from scsi_dh_add_device()
|
||||
|
||||
device handler initialisation might fail due to a number of
|
||||
reasons. But as device_handlers are optional this shouldn't
|
||||
cause us to disable the device entirely.
|
||||
So just ignore errors from scsi_dh_add_device().
|
||||
|
||||
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com>
|
||||
Reviewed-by: Christoph Hellwig <hch@lst.de>
|
||||
Signed-off-by: Hannes Reinecke <hare@suse.de>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/scsi_sysfs.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
|
||||
index fc3cd26..d015374 100644
|
||||
--- a/drivers/scsi/scsi_sysfs.c
|
||||
+++ b/drivers/scsi/scsi_sysfs.c
|
||||
@@ -1120,11 +1120,12 @@ int scsi_sysfs_add_sdev(struct scsi_device *sdev)
|
||||
}
|
||||
|
||||
error = scsi_dh_add_device(sdev);
|
||||
- if (error) {
|
||||
+ if (error)
|
||||
+ /*
|
||||
+ * device_handler is optional, so any error can be ignored
|
||||
+ */
|
||||
sdev_printk(KERN_INFO, sdev,
|
||||
"failed to add device handler: %d\n", error);
|
||||
- return error;
|
||||
- }
|
||||
|
||||
device_enable_async_suspend(&sdev->sdev_dev);
|
||||
error = device_add(&sdev->sdev_dev);
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
|
@ -1,7 +1,8 @@
|
|||
From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
|
||||
restricted
|
||||
Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
|
||||
loading is restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
|
@ -48,3 +49,6 @@ index efbc3f0c592b..071171be4b7f 100644
|
|||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
From a08748fb2221ef03d54071e5ddfcc1b0cee6961c Mon Sep 17 00:00:00 2001
|
||||
From: Tejun Heo <tj@kernel.org>
|
||||
Date: Sat, 5 Sep 2015 15:47:36 -0400
|
||||
Subject: [PATCH] block: blkg_destroy_all() should clear q->root_blkg and
|
||||
->root_rl.blkg
|
||||
|
||||
While making the root blkg unconditional, ec13b1d6f0a0 ("blkcg: always
|
||||
create the blkcg_gq for the root blkcg") removed the part which clears
|
||||
q->root_blkg and ->root_rl.blkg during q exit. This leaves the two
|
||||
pointers dangling after blkg_destroy_all(). blk-throttle exit path
|
||||
performs blkg traversals and dereferences ->root_blkg and can lead to
|
||||
the following oops.
|
||||
|
||||
BUG: unable to handle kernel NULL pointer dereference at 0000000000000558
|
||||
IP: [<ffffffff81389746>] __blkg_lookup+0x26/0x70
|
||||
...
|
||||
task: ffff88001b4e2580 ti: ffff88001ac0c000 task.ti: ffff88001ac0c000
|
||||
RIP: 0010:[<ffffffff81389746>] [<ffffffff81389746>] __blkg_lookup+0x26/0x70
|
||||
...
|
||||
Call Trace:
|
||||
[<ffffffff8138d14a>] blk_throtl_drain+0x5a/0x110
|
||||
[<ffffffff8138a108>] blkcg_drain_queue+0x18/0x20
|
||||
[<ffffffff81369a70>] __blk_drain_queue+0xc0/0x170
|
||||
[<ffffffff8136a101>] blk_queue_bypass_start+0x61/0x80
|
||||
[<ffffffff81388c59>] blkcg_deactivate_policy+0x39/0x100
|
||||
[<ffffffff8138d328>] blk_throtl_exit+0x38/0x50
|
||||
[<ffffffff8138a14e>] blkcg_exit_queue+0x3e/0x50
|
||||
[<ffffffff8137016e>] blk_release_queue+0x1e/0xc0
|
||||
...
|
||||
|
||||
While the bug is a straigh-forward use-after-free bug, it is tricky to
|
||||
reproduce because blkg release is RCU protected and the rest of exit
|
||||
path usually finishes before RCU grace period.
|
||||
|
||||
This patch fixes the bug by updating blkg_destro_all() to clear
|
||||
q->root_blkg and ->root_rl.blkg.
|
||||
|
||||
Signed-off-by: Tejun Heo <tj@kernel.org>
|
||||
Reported-by: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Link: http://lkml.kernel.org/g/CA+5PVA5rzQ0s4723n5rHBcxQa9t0cW8BPPBekr_9aMRoWt2aYg@mail.gmail.com
|
||||
Fixes: ec13b1d6f0a0 ("blkcg: always create the blkcg_gq for the root blkcg")
|
||||
Cc: stable@vger.kernel.org # v4.2+
|
||||
---
|
||||
block/blk-cgroup.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
|
||||
index d6283b3f5db5..9cc48d1d7abb 100644
|
||||
--- a/block/blk-cgroup.c
|
||||
+++ b/block/blk-cgroup.c
|
||||
@@ -387,6 +387,9 @@ static void blkg_destroy_all(struct request_queue *q)
|
||||
blkg_destroy(blkg);
|
||||
spin_unlock(&blkcg->lock);
|
||||
}
|
||||
+
|
||||
+ q->root_blkg = NULL;
|
||||
+ q->root_rl.blkg = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -40,6 +40,8 @@ CONFIG_FB_SIMPLE=y
|
|||
CONFIG_HAVE_PERF_REGS=y
|
||||
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
|
||||
|
||||
CONFIG_ARM_PMU=y
|
||||
|
||||
# ARM AMBA generic HW
|
||||
CONFIG_ARM_AMBA=y
|
||||
CONFIG_KERNEL_MODE_NEON=y
|
||||
|
@ -64,6 +66,17 @@ CONFIG_RTC_DRV_PL031=y
|
|||
CONFIG_PL330_DMA=m
|
||||
CONFIG_GPIO_PL061=y
|
||||
CONFIG_USB_ISP1760=m
|
||||
CONFIG_ARM_PL172_MPMC=m
|
||||
|
||||
# HW crypto and rng
|
||||
CONFIG_ARM_CRYPTO=y
|
||||
CONFIG_CRYPTO_AES_ARM=y
|
||||
CONFIG_CRYPTO_AES_ARM_BS=y
|
||||
CONFIG_CRYPTO_SHA1_ARM=y
|
||||
CONFIG_CRYPTO_SHA256_ARM=y
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=y
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=y
|
||||
CONFIG_CRYPTO_SHA512_ARM=y
|
||||
|
||||
# ARM VExpress
|
||||
CONFIG_ARCH_VEXPRESS=y
|
||||
|
@ -106,6 +119,8 @@ CONFIG_OF_NET=y
|
|||
CONFIG_OF_OVERLAY=y
|
||||
CONFIG_OF_PCI_IRQ=m
|
||||
CONFIG_OF_PCI=m
|
||||
# CONFIG_PCI_HOST_GENERIC is not set
|
||||
# CONFIG_PCIE_IPROC is not set
|
||||
CONFIG_OF_RESERVED_MEM=y
|
||||
CONFIG_OF_RESOLVE=y
|
||||
CONFIG_PM_GENERIC_DOMAINS_OF=y
|
||||
|
@ -122,15 +137,6 @@ CONFIG_MAILBOX=y
|
|||
CONFIG_ARM_MHU=m
|
||||
# CONFIG_PL320_MBOX is not set
|
||||
|
||||
# HW crypto and rng
|
||||
CONFIG_ARM_CRYPTO=y
|
||||
CONFIG_CRYPTO_AES_ARM=m
|
||||
# CONFIG_CRYPTO_AES_ARM_BS is not set
|
||||
CONFIG_CRYPTO_SHA1_ARM=m
|
||||
CONFIG_CRYPTO_SHA256_ARM=m
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM=m
|
||||
# USB
|
||||
CONFIG_USB_OHCI_HCD_PLATFORM=m
|
||||
CONFIG_USB_EHCI_HCD_PLATFORM=m
|
||||
|
@ -213,6 +219,7 @@ CONFIG_I2C_MUX_GPIO=m
|
|||
CONFIG_I2C_MUX_PINCTRL=m
|
||||
CONFIG_I2C_MUX_PCA9541=m
|
||||
CONFIG_I2C_MUX_PCA954x=m
|
||||
CONFIG_I2C_MUX_REG=m
|
||||
|
||||
# spi
|
||||
CONFIG_SPI_PL022=m
|
||||
|
@ -280,6 +287,7 @@ CONFIG_VFIO_AMBA=m
|
|||
# CONFIG_KEYBOARD_OMAP4 is not set
|
||||
# CONFIG_KEYBOARD_BCM is not set
|
||||
# CONFIG_PHY_SAMSUNG_USB2 is not set
|
||||
# CONFIG_OMAP_GPMC_DEBUG is not set
|
||||
|
||||
### turn off things which make no sense on embedded SoC
|
||||
|
||||
|
@ -349,3 +357,6 @@ CONFIG_VFIO_AMBA=m
|
|||
# CONFIG_BMP085_SPI is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
# CONFIG_SPI_ROCKCHIP is not set
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
|
|
26
config-arm64
26
config-arm64
|
@ -18,6 +18,10 @@ CONFIG_ARCH_XGENE=y
|
|||
# CONFIG_ARCH_QCOM is not set
|
||||
# CONFIG_ARCH_SPRD is not set
|
||||
# CONFIG_ARCH_ZYNQMP is not set
|
||||
# CONFIG_ARCH_BCM_IPROC is not set
|
||||
# CONFIG_ARCH_BERLIN is not set
|
||||
# CONFIG_ARCH_ROCKCHIP is not set
|
||||
|
||||
|
||||
# Erratum
|
||||
CONFIG_ARM64_ERRATUM_826319=y
|
||||
|
@ -36,7 +40,10 @@ CONFIG_ARM_SMMU_V3=y
|
|||
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
|
||||
CONFIG_ARCH_REQUIRE_GPIOLIB=y
|
||||
CONFIG_ARM64_64K_PAGES=y
|
||||
# CONFIG_COMPAT is not set
|
||||
|
||||
CONFIG_ARM64_HW_AFDBM=y
|
||||
CONFIG_ARM64_PAN=y
|
||||
CONFIG_ARM64_LSE_ATOMICS=y
|
||||
|
||||
CONFIG_BCMA_POSSIBLE=y
|
||||
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
|
||||
|
@ -83,13 +90,13 @@ CONFIG_ACPI_NFIT=m
|
|||
CONFIG_PCC=y
|
||||
|
||||
CONFIG_ARM64_CRYPTO=y
|
||||
CONFIG_CRYPTO_SHA1_ARM64_CE=m
|
||||
CONFIG_CRYPTO_SHA2_ARM64_CE=m
|
||||
CONFIG_CRYPTO_SHA1_ARM64_CE=y
|
||||
CONFIG_CRYPTO_SHA2_ARM64_CE=y
|
||||
CONFIG_CRYPTO_GHASH_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE=y
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y
|
||||
CONFIG_CRYPTO_CRC32_ARM64=m
|
||||
CONFIG_CRYPTO_DEV_CCP=y
|
||||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
|
@ -138,6 +145,10 @@ CONFIG_AMD_XGBE_PHY=m
|
|||
# HiSilicon
|
||||
CONFIG_POWER_RESET_HISI=y
|
||||
CONFIG_HISI_THERMAL=m
|
||||
CONFIG_STUB_CLK_HI6220=y
|
||||
|
||||
# ThunderX
|
||||
# CONFIG_MDIO_OCTEON is not set
|
||||
|
||||
CONFIG_NET_VENDOR_MELLANOX=y
|
||||
CONFIG_MLX4_EN=m
|
||||
|
@ -165,3 +176,4 @@ CONFIG_ND_BLK=m
|
|||
CONFIG_DEBUG_SECTION_MISMATCH=y
|
||||
|
||||
# CONFIG_FSL_MC_BUS is not set
|
||||
# CONFIG_FUJITSU_ES is not set
|
||||
|
|
16
config-armv7
16
config-armv7
|
@ -25,8 +25,6 @@ CONFIG_SOC_OMAP3430=y
|
|||
CONFIG_SOC_TI81XX=y
|
||||
# CONFIG_MACH_NOKIA_RX51 is not set
|
||||
# CONFIG_MACH_OMAP_LDP is not set
|
||||
# CONFIG_MACH_OMAP3530_LV_SOM is not set
|
||||
# CONFIG_MACH_OMAP3_TORPEDO is not set
|
||||
# CONFIG_MACH_OMAP3517EVM is not set
|
||||
# CONFIG_MACH_OMAP3_PANDORA is not set
|
||||
|
||||
|
@ -284,6 +282,7 @@ CONFIG_PINCTRL_MSM8960=m
|
|||
CONFIG_PINCTRL_MSM8X74=m
|
||||
CONFIG_PINCTRL_MSM8916=m
|
||||
CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
|
||||
CONFIG_PINCTRL_QCOM_SSBI_PMIC=m
|
||||
CONFIG_COMMON_CLK_QCOM=m
|
||||
# CONFIG_MSM_GCC_8916 is not set
|
||||
# CONFIG_IPQ_LCC_806X is not set
|
||||
|
@ -339,6 +338,13 @@ CONFIG_SND_SOC_LPASS_PLATFORM=m
|
|||
CONFIG_SND_SOC_STORM=m
|
||||
CONFIG_PHY_QCOM_UFS=m
|
||||
CONFIG_HWSPINLOCK_QCOM=m
|
||||
CONFIG_QCOM_COINCELL=m
|
||||
CONFIG_USB_QCOM_8X16_PHY=m
|
||||
CONFIG_QCOM_SMD=m
|
||||
CONFIG_QCOM_SMD_RPM=m
|
||||
CONFIG_QCOM_SMEM=m
|
||||
CONFIG_REGULATOR_QCOM_SMD_RPM=m
|
||||
# CONFIG_QCOM_SMEM is not set
|
||||
|
||||
# i.MX
|
||||
# CONFIG_MXC_DEBUG_BOARD is not set
|
||||
|
@ -348,6 +354,7 @@ CONFIG_SOC_IMX53=y
|
|||
CONFIG_SOC_IMX6Q=y
|
||||
CONFIG_SOC_IMX6SL=y
|
||||
CONFIG_SOC_IMX6SX=y
|
||||
CONFIG_SOC_IMX6UL=y
|
||||
CONFIG_SOC_IMX7D=y
|
||||
# CONFIG_SOC_LS1021A is not set
|
||||
# CONFIG_SOC_VF610 is not set
|
||||
|
@ -371,6 +378,7 @@ CONFIG_NET_VENDOR_FREESCALE=y
|
|||
CONFIG_FEC=m
|
||||
# CONFIG_FSL_PQ_MDIO is not set
|
||||
# CONFIG_FSL_XGMAC_MDIO is not set
|
||||
CONFIG_KEYBOARD_SNVS_PWRKEY=m
|
||||
CONFIG_KEYBOARD_IMX=m
|
||||
CONFIG_KEYBOARD_STMPE=m
|
||||
CONFIG_TOUCHSCREEN_STMPE=m
|
||||
|
@ -404,6 +412,7 @@ CONFIG_RTC_DRV_SNVS=m
|
|||
CONFIG_FB_MXS=m
|
||||
# CONFIG_FB_MX3 is not set
|
||||
# CONFIG_FB_IMX is not set
|
||||
CONFIG_TOUCHSCREEN_IMX6UL_TSC=m
|
||||
|
||||
CONFIG_SND_IMX_SOC=m
|
||||
CONFIG_SND_SOC_FSL_ASOC_CARD=m
|
||||
|
@ -493,8 +502,6 @@ CONFIG_ARCH_EXYNOS4=y
|
|||
CONFIG_SOC_EXYNOS4212=y
|
||||
CONFIG_SOC_EXYNOS4412=y
|
||||
CONFIG_SOC_EXYNOS4415=y
|
||||
CONFIG_ARM_EXYNOS4210_CPUFREQ=y
|
||||
CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
|
||||
CONFIG_AK8975=m
|
||||
CONFIG_CM36651=m
|
||||
CONFIG_KEYBOARD_SAMSUNG=m
|
||||
|
@ -620,6 +627,7 @@ CONFIG_CADENCE_WATCHDOG=m
|
|||
CONFIG_REGULATOR_ISL9305=m
|
||||
CONFIG_EDAC_SYNOPSYS=m
|
||||
CONFIG_PINCTRL_ZYNQ=y
|
||||
CONFIG_AXI_DMAC=m
|
||||
|
||||
# Multi function devices
|
||||
CONFIG_MFD_88PM800=m
|
||||
|
|
|
@ -33,6 +33,7 @@ CONFIG_XZ_DEC_ARMTHUMB=y
|
|||
CONFIG_ARCH_HAS_TICK_BROADCAST=y
|
||||
CONFIG_IRQ_CROSSBAR=y
|
||||
CONFIG_IOMMU_IO_PGTABLE_LPAE=y
|
||||
CONFIG_CPU_SW_DOMAIN_PAN=y
|
||||
|
||||
# CONFIG_MCPM is not set
|
||||
# CONFIG_OABI_COMPAT is not set
|
||||
|
@ -141,7 +142,6 @@ CONFIG_XZ_DEC_ARM=y
|
|||
|
||||
CONFIG_PCI_HOST_GENERIC=y
|
||||
# CONFIG_PCI_LAYERSCAPE is not set
|
||||
# CONFIG_PCIE_IPROC is not set
|
||||
# Do NOT enable this, it breaks stuff and makes things go slow
|
||||
# CONFIG_UACCESS_WITH_MEMCPY is not set
|
||||
|
||||
|
@ -183,6 +183,7 @@ CONFIG_MACH_SUN7I=y
|
|||
CONFIG_MACH_SUN8I=y
|
||||
# CONFIG_MACH_SUN9I is not set
|
||||
CONFIG_SUNXI_SRAM=y
|
||||
CONFIG_DMA_SUN4I=m
|
||||
CONFIG_DMA_SUN6I=m
|
||||
CONFIG_SUNXI_WATCHDOG=m
|
||||
CONFIG_NET_VENDOR_ALLWINNER=y
|
||||
|
@ -215,6 +216,8 @@ CONFIG_MTD_NAND_SUNXI=m
|
|||
CONFIG_SERIO_SUN4I_PS2=m
|
||||
CONFIG_KEYBOARD_SUN4I_LRADC=m
|
||||
CONFIG_PWM_SUN4I=m
|
||||
CONFIG_USB_MUSB_SUNXI=m
|
||||
CONFIG_CRYPTO_DEV_SUN4I_SS=m
|
||||
|
||||
# Exynos
|
||||
CONFIG_ARCH_EXYNOS3=y
|
||||
|
@ -229,8 +232,6 @@ CONFIG_SOC_EXYNOS5410=y
|
|||
CONFIG_SOC_EXYNOS5800=y
|
||||
CONFIG_SERIAL_SAMSUNG=y
|
||||
CONFIG_SERIAL_SAMSUNG_CONSOLE=y
|
||||
CONFIG_ARM_EXYNOS_CPUFREQ=m
|
||||
CONFIG_ARM_EXYNOS5250_CPUFREQ=y
|
||||
CONFIG_ARM_EXYNOS5440_CPUFREQ=m
|
||||
CONFIG_ARM_EXYNOS_CPU_FREQ_BOOST_SW=y
|
||||
# CONFIG_ARM_EXYNOS_CPUIDLE is not set
|
||||
|
@ -352,6 +353,9 @@ CONFIG_DRM_ROCKCHIP=m
|
|||
CONFIG_ROCKCHIP_DW_HDMI=m
|
||||
CONFIG_PHY_ROCKCHIP_USB=m
|
||||
CONFIG_DWMAC_ROCKCHIP=m
|
||||
CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
|
||||
CONFIG_SND_SOC_ROCKCHIP_RT5645=m
|
||||
CONFIG_REGULATOR_ACT8865=m
|
||||
|
||||
# Tegra
|
||||
CONFIG_ARCH_TEGRA_114_SOC=y
|
||||
|
@ -393,6 +397,8 @@ CONFIG_TEGRA_SOCTHERM=m
|
|||
CONFIG_TEGRA_MC=y
|
||||
CONFIG_TEGRA124_EMC=y
|
||||
CONFIG_ARM_TEGRA_DEVFREQ=m
|
||||
# CONFIG_ARM_TEGRA20_CPUFREQ is not set
|
||||
CONFIG_ARM_TEGRA124_CPUFREQ=m
|
||||
|
||||
# Jetson TK1
|
||||
CONFIG_PINCTRL_AS3722=y
|
||||
|
@ -457,6 +463,7 @@ CONFIG_COMMON_CLK_SI5351=m
|
|||
CONFIG_RTC_DRV_ARMADA38X=m
|
||||
# CONFIG_CACHE_FEROCEON_L2 is not set
|
||||
# CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
|
||||
CONFIG_LEDS_NS2=m
|
||||
|
||||
# DRM panels
|
||||
CONFIG_DRM_PANEL=y
|
||||
|
@ -464,6 +471,9 @@ CONFIG_DRM_PANEL_SIMPLE=m
|
|||
CONFIG_DRM_PANEL_LD9040=m
|
||||
CONFIG_DRM_PANEL_S6E8AA0=m
|
||||
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
|
||||
CONFIG_DRM_PANEL_LG_LG4573=m
|
||||
CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
|
||||
CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
|
||||
CONFIG_DRM_DW_HDMI=m
|
||||
|
||||
# regmap
|
||||
|
@ -718,6 +728,7 @@ CONFIG_REGULATOR_DA9211=m
|
|||
CONFIG_REGULATOR_ISL9305=m
|
||||
CONFIG_REGULATOR_MAX77802=m
|
||||
CONFIG_REGULATOR_PWM=m
|
||||
# CONFIG_REGULATOR_MT6311 is not set
|
||||
CONFIG_SENSORS_LTC2978_REGULATOR=y
|
||||
|
||||
CONFIG_POWER_AVS=y
|
||||
|
@ -748,6 +759,7 @@ CONFIG_SENSORS_ISL29028=m
|
|||
CONFIG_SENSORS_LIS3_SPI=m
|
||||
CONFIG_SENSORS_LM70=m
|
||||
CONFIG_SENSORS_MAX1111=m
|
||||
CONFIG_MPL3115=m
|
||||
CONFIG_SI7005=m
|
||||
CONFIG_SI7020=m
|
||||
|
||||
|
@ -856,6 +868,7 @@ CONFIG_R8188EU=m
|
|||
# CONFIG_DRM_TILCDC is not set
|
||||
# CONFIG_DRM_IMX is not set
|
||||
# CONFIG_DRM_STI is not set
|
||||
# CONFIG_DRM_FSL_DCU is not set
|
||||
# CONFIG_AHCI_IMX is not set
|
||||
# CONFIG_IMX_THERMAL is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
|
|
|
@ -12,6 +12,7 @@ CONFIG_ARCH_KEYSTONE=y
|
|||
# CONFIG_ARCH_AXXIA is not set
|
||||
|
||||
CONFIG_ARM_LPAE=y
|
||||
# CONFIG_CPU_SW_DOMAIN_PAN is not set
|
||||
CONFIG_SYS_SUPPORTS_HUGETLBFS=y
|
||||
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
|
||||
CONFIG_ARM_VIRT_EXT=y
|
||||
|
|
|
@ -90,7 +90,7 @@ CONFIG_RTLWIFI_DEBUG=y
|
|||
CONFIG_DEBUG_OBJECTS_WORK=y
|
||||
|
||||
CONFIG_DMADEVICES_DEBUG=y
|
||||
CONFIG_DMADEVICES_VDEBUG=y
|
||||
# CONFIG_DMADEVICES_VDEBUG is not set
|
||||
|
||||
CONFIG_PM_ADVANCED_DEBUG=y
|
||||
|
||||
|
|
|
@ -51,8 +51,10 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
|
|||
CONFIG_KALLSYMS=y
|
||||
CONFIG_KALLSYMS_ALL=y
|
||||
CONFIG_FUTEX=y
|
||||
# CONFIG_FAIL_FUTEX is not set
|
||||
CONFIG_EPOLL=y
|
||||
CONFIG_BPF_SYSCALL=y
|
||||
CONFIG_USERFAULTFD=y
|
||||
CONFIG_IOSCHED_NOOP=y
|
||||
CONFIG_IOSCHED_DEADLINE=y
|
||||
CONFIG_IOSCHED_CFQ=y
|
||||
|
@ -67,6 +69,7 @@ CONFIG_NET_NS=y
|
|||
CONFIG_USER_NS=y
|
||||
|
||||
CONFIG_POSIX_MQUEUE=y
|
||||
CONFIG_KDBUS=m
|
||||
# CONFIG_PREEMPT_NONE is not set
|
||||
CONFIG_PREEMPT_VOLUNTARY=y
|
||||
# CONFIG_PREEMPT is not set
|
||||
|
@ -143,6 +146,8 @@ CONFIG_MMC_TIFM_SD=m
|
|||
CONFIG_MMC_WBSD=m
|
||||
CONFIG_MMC_VIA_SDMMC=m
|
||||
CONFIG_MMC_SDHCI_PLTFM=m
|
||||
# CONFIG_MMC_SDHCI_OF is not set
|
||||
# CONFIG_MMC_SDHCI_OF_AT91 is not set
|
||||
CONFIG_MMC_CB710=m
|
||||
CONFIG_MMC_RICOH_MMC=y
|
||||
CONFIG_MMC_USHC=m
|
||||
|
@ -172,10 +177,12 @@ CONFIG_INFINIBAND_SRPT=m
|
|||
CONFIG_INFINIBAND_USER_MAD=m
|
||||
CONFIG_INFINIBAND_USER_ACCESS=m
|
||||
CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
|
||||
CONFIG_INFINIBAND_IPATH=m
|
||||
# Deprecated and moved to staging
|
||||
# CONFIG_INFINIBAND_IPATH is not set
|
||||
CONFIG_INFINIBAND_ISER=m
|
||||
CONFIG_INFINIBAND_ISERT=m
|
||||
CONFIG_INFINIBAND_AMSO1100=m
|
||||
# Deprecated and moved to staging
|
||||
# CONFIG_INFINIBAND_AMSO1100 is not set
|
||||
# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
|
||||
CONFIG_INFINIBAND_CXGB3=m
|
||||
CONFIG_INFINIBAND_CXGB4=m
|
||||
|
@ -320,6 +327,8 @@ CONFIG_MTD_CFI_I2=y
|
|||
# CONFIG_MTD_NAND_ECC_BCH is not set
|
||||
# CONFIG_MTD_NAND_DISKONCHIP is not set
|
||||
# CONFIG_MTD_NAND_HISI504 is not set
|
||||
# CONFIG_MTD_NAND_DENALI_PCI is not set
|
||||
# CONFIG_MTD_NAND_DENALI_DT is not set
|
||||
# CONFIG_MTD_LPDDR is not set
|
||||
CONFIG_MTD_UBI=m
|
||||
CONFIG_MTD_UBI_WL_THRESHOLD=4096
|
||||
|
@ -349,6 +358,7 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
|
|||
# CONFIG_ND_BLK is not set
|
||||
# CONFIG_BTT is not set
|
||||
|
||||
# CONFIG_NVMEM is not set
|
||||
|
||||
#
|
||||
# Block devices
|
||||
|
@ -382,6 +392,7 @@ CONFIG_BLK_DEV_RAM_SIZE=16384
|
|||
CONFIG_BLK_DEV_PMEM=m
|
||||
CONFIG_BLK_DEV_INITRD=y
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
CONFIG_BLK_DEV_RAM_DAX=y
|
||||
|
||||
CONFIG_BLK_DEV_BSG=y
|
||||
CONFIG_BLK_DEV_BSGLIB=y
|
||||
|
@ -818,6 +829,7 @@ CONFIG_IP_VS_PROTO_ESP=y
|
|||
CONFIG_IP_VS_PROTO_AH=y
|
||||
CONFIG_IP_VS_PROTO_SCTP=y
|
||||
CONFIG_IP_VS_FO=m
|
||||
CONFIG_IP_VS_OVF=m
|
||||
CONFIG_IP_VS_IPV6=y
|
||||
CONFIG_IP_VS_RR=m
|
||||
CONFIG_IP_VS_WRR=m
|
||||
|
@ -846,6 +858,7 @@ CONFIG_INET6_AH=m
|
|||
CONFIG_INET6_ESP=m
|
||||
CONFIG_INET6_IPCOMP=m
|
||||
CONFIG_IPV6_MIP6=y
|
||||
CONFIG_IPV6_ILA=m
|
||||
CONFIG_IPV6_VTI=m
|
||||
CONFIG_IPV6_SIT=m
|
||||
CONFIG_IPV6_SIT_6RD=y
|
||||
|
@ -1073,8 +1086,12 @@ CONFIG_NFT_REJECT=m
|
|||
CONFIG_NFT_COMPAT=m
|
||||
|
||||
CONFIG_NF_TABLES_IPV4=m
|
||||
CONFIG_NF_DUP_IPV4=m
|
||||
CONFIG_NF_DUP_IPV6=m
|
||||
CONFIG_NF_REJECT_IPV6=m
|
||||
CONFIG_NFT_REJECT_IPV4=m
|
||||
CONFIG_NFT_DUP_IPV4=m
|
||||
CONFIG_NFT_DUP_IPV6=m
|
||||
CONFIG_NFT_CHAIN_ROUTE_IPV4=m
|
||||
CONFIG_NFT_CHAIN_NAT_IPV4=m
|
||||
CONFIG_NF_TABLES_ARP=m
|
||||
|
@ -1262,6 +1279,7 @@ CONFIG_BATMAN_ADV_MCAST=y
|
|||
|
||||
# CONFIG_BATMAN_ADV_DEBUG is not set
|
||||
CONFIG_OPENVSWITCH=m
|
||||
CONFIG_OPENVSWITCH_CONNTRACK=y
|
||||
CONFIG_OPENVSWITCH_GRE=y
|
||||
CONFIG_OPENVSWITCH_VXLAN=y
|
||||
CONFIG_OPENVSWITCH_GENEVE=y
|
||||
|
@ -1300,6 +1318,7 @@ CONFIG_TUN=m
|
|||
# CONFIG_TUN_VNET_CROSS_LE is not set
|
||||
CONFIG_VETH=m
|
||||
CONFIG_NLMON=m
|
||||
CONFIG_NET_VRF=m
|
||||
|
||||
#
|
||||
# ATM
|
||||
|
@ -1353,6 +1372,8 @@ CONFIG_L2TP_ETH=m
|
|||
|
||||
# CONFIG_CAIF is not set
|
||||
|
||||
CONFIG_LWTUNNEL=y
|
||||
|
||||
CONFIG_RFKILL=m
|
||||
CONFIG_RFKILL_GPIO=m
|
||||
CONFIG_RFKILL_INPUT=y
|
||||
|
@ -1574,6 +1595,9 @@ CONFIG_SUNGEM=m
|
|||
CONFIG_CASSINI=m
|
||||
CONFIG_NIU=m
|
||||
|
||||
# CONFIG_NET_VENDOR_SYNOPSYS is not set
|
||||
# CONFIG_SYNOPSYS_DWC_ETH_QOS is not set
|
||||
|
||||
CONFIG_NET_VENDOR_TEHUTI=y
|
||||
CONFIG_TEHUTI=m
|
||||
|
||||
|
@ -1600,6 +1624,7 @@ CONFIG_BCM87XX_PHY=m
|
|||
CONFIG_CICADA_PHY=m
|
||||
CONFIG_DAVICOM_PHY=m
|
||||
CONFIG_DP83640_PHY=m
|
||||
CONFIG_MICROCHIP_PHY=m
|
||||
CONFIG_FIXED_PHY=y
|
||||
CONFIG_MDIO_BITBANG=m
|
||||
CONFIG_MDIO_BCM_UNIMAC=m
|
||||
|
@ -1617,7 +1642,10 @@ CONFIG_STE10XP=m
|
|||
CONFIG_VITESSE_PHY=m
|
||||
CONFIG_MICREL_PHY=m
|
||||
CONFIG_DP83867_PHY=m
|
||||
CONFIG_DP83848_PHY=m
|
||||
# CONFIG_MICREL_KS8995MA is not set
|
||||
CONFIG_AQUANTIA_PHY=m
|
||||
CONFIG_TERANETICS_PHY=m
|
||||
|
||||
CONFIG_MII=m
|
||||
CONFIG_NET_CORE=y
|
||||
|
@ -1632,6 +1660,7 @@ CONFIG_BCMGENET=m
|
|||
CONFIG_BNX2=m
|
||||
CONFIG_BNX2X=m
|
||||
CONFIG_BNX2X_SRIOV=y
|
||||
CONFIG_BNX2X_VXLAN=y
|
||||
CONFIG_CNIC=m
|
||||
CONFIG_FEALNX=m
|
||||
CONFIG_ETHOC=m
|
||||
|
@ -1649,6 +1678,7 @@ CONFIG_JME=m
|
|||
# CONFIG_MLX4_EN is not set
|
||||
# CONFIG_MLX4_EN_VXLAN is not set
|
||||
# CONFIG_MLX5_CORE is not set
|
||||
# CONFIG_MLXSW_CORE is not set
|
||||
# CONFIG_SFC is not set
|
||||
|
||||
# CONFIG_FDDI is not set
|
||||
|
@ -1861,6 +1891,7 @@ CONFIG_USB_NET_RNDIS_WLAN=m
|
|||
CONFIG_USB_NET_KALMIA=m
|
||||
CONFIG_USB_NET_QMI_WWAN=m
|
||||
CONFIG_USB_NET_SMSC75XX=m
|
||||
CONFIG_USB_NET_CH9200=m
|
||||
# CONFIG_WL_TI is not set
|
||||
CONFIG_ZD1211RW=m
|
||||
# CONFIG_ZD1211RW_DEBUG is not set
|
||||
|
@ -1893,14 +1924,15 @@ CONFIG_IEEE802154_SOCKET=m
|
|||
CONFIG_IEEE802154_6LOWPAN=m
|
||||
CONFIG_IEEE802154_DRIVERS=m
|
||||
CONFIG_IEEE802154_FAKELB=m
|
||||
CONFIG_IEEE802154_ATUSB=m
|
||||
CONFIG_IEEE802154_CC2520=m
|
||||
# CONFIG_IEEE802154_AT86RF230 is not set
|
||||
# CONFIG_IEEE802154_MRF24J40 is not set
|
||||
CONFIG_IEEE802154_ATUSB=m
|
||||
|
||||
CONFIG_MAC802154=m
|
||||
CONFIG_NET_MPLS_GSO=m
|
||||
CONFIG_MPLS_ROUTING=m
|
||||
CONFIG_MPLS_IPTUNNEL=m
|
||||
|
||||
CONFIG_NET_SWITCHDEV=y
|
||||
|
||||
|
@ -2017,6 +2049,7 @@ CONFIG_NFC_ST21NFCA_I2C=m
|
|||
# CONFIG_NFC_NCI_SPI is not set
|
||||
# CONFIG_NFC_NCI_UART is not set
|
||||
# CONFIG_NFC_ST_NCI is not set
|
||||
# CONFIG_NFC_S3FWRN5_I2C is not set
|
||||
|
||||
|
||||
#
|
||||
|
@ -2062,6 +2095,7 @@ CONFIG_WINBOND_FIR=m
|
|||
#
|
||||
CONFIG_BT=m
|
||||
CONFIG_BT_BREDR=y
|
||||
CONFIG_BT_HS=y
|
||||
CONFIG_BT_LE=y
|
||||
CONFIG_BT_6LOWPAN=m
|
||||
# CONFIG_BT_SELFTEST is not set
|
||||
|
@ -2090,6 +2124,7 @@ CONFIG_BT_HCIUART_ATH3K=y
|
|||
CONFIG_BT_HCIUART_3WIRE=y
|
||||
CONFIG_BT_HCIUART_INTEL=y
|
||||
CONFIG_BT_HCIUART_BCM=y
|
||||
CONFIG_BT_HCIUART_QCA=y
|
||||
CONFIG_BT_HCIDTL1=m
|
||||
CONFIG_BT_HCIBT3C=m
|
||||
CONFIG_BT_HCIBLUECARD=m
|
||||
|
@ -2103,6 +2138,7 @@ CONFIG_BT_HCIUART_LL=y
|
|||
CONFIG_BT_MRVL=m
|
||||
CONFIG_BT_MRVL_SDIO=m
|
||||
CONFIG_BT_ATH3K=m
|
||||
CONFIG_BT_QCA=m
|
||||
CONFIG_BT_WILINK=m
|
||||
|
||||
#
|
||||
|
@ -2420,6 +2456,7 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
|
|||
# CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set
|
||||
# CONFIG_TOUCHSCREEN_SX8654 is not set
|
||||
# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
|
||||
# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
|
||||
|
||||
CONFIG_INPUT_MISC=y
|
||||
CONFIG_INPUT_E3X0_BUTTON=m
|
||||
|
@ -2503,6 +2540,7 @@ CONFIG_SERIAL_JSM=m
|
|||
|
||||
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
|
||||
# CONFIG_SERIAL_ALTERA_UART is not set
|
||||
# CONFIG_SERIAL_UARTLITE is not set
|
||||
|
||||
#
|
||||
# Non-8250 serial port support
|
||||
|
@ -2542,6 +2580,7 @@ CONFIG_I2C_CHARDEV=m
|
|||
# CONFIG_I2C_MUX_GPIO is not set
|
||||
# CONFIG_I2C_MUX_PCA9541 is not set
|
||||
# CONFIG_I2C_MUX_PINCTRL is not set
|
||||
# CONFIG_I2C_MUX_REG is not set
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2570,6 +2609,7 @@ CONFIG_I2C_ALGOPCA=m
|
|||
# CONFIG_I2C_NFORCE2_S4985 is not set
|
||||
# CONFIG_I2C_EG20T is not set
|
||||
# CONFIG_I2C_CBUS_GPIO is not set
|
||||
# CONFIG_I2C_EMEV2 is not set
|
||||
CONFIG_I2C_VIPERBOARD=m
|
||||
|
||||
CONFIG_EEPROM_AT24=m
|
||||
|
@ -2761,6 +2801,7 @@ CONFIG_SENSORS_AD7314=m
|
|||
CONFIG_PMBUS=m
|
||||
CONFIG_SENSORS_PMBUS=m
|
||||
CONFIG_SENSORS_MAX16064=m
|
||||
CONFIG_SENSORS_MAX20751=m
|
||||
CONFIG_SENSORS_LM25066=m
|
||||
CONFIG_SENSORS_LTC2978=m
|
||||
CONFIG_SENSORS_MAX34440=m
|
||||
|
@ -2788,7 +2829,7 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m
|
|||
# CONFIG_AD5380 is not set
|
||||
# CONFIG_AD5064 is not set
|
||||
# CONFIG_BMA180 is not set
|
||||
# CONFIG_BMC150_ACCEL is not set
|
||||
CONFIG_BMC150_ACCEL=m
|
||||
# CONFIG_MAX1363 is not set
|
||||
# CONFIG_MAX517 is not set
|
||||
# CONFIG_MAX5821 is not set
|
||||
|
@ -2882,6 +2923,9 @@ CONFIG_ACPI_ALS=m
|
|||
CONFIG_KXCJK1013=m
|
||||
# CONFIG_ISL29125 is not set
|
||||
# CONFIG_JSA1212 is not set
|
||||
CONFIG_RPR0521=m
|
||||
CONFIG_OPT3001=m
|
||||
CONFIG_PA12203001=m
|
||||
# CONFIG_TCS3414 is not set
|
||||
# CONFIG_AK09911 is not set
|
||||
# CONFIG_T5403 is not set
|
||||
|
@ -3106,6 +3150,7 @@ CONFIG_RTC_DRV_PCF85063=m
|
|||
# CONFIG_RTC_DRV_ISL12057 is not set
|
||||
# CONFIG_RTC_DRV_XGENE is not set
|
||||
# CONFIG_RTC_DRV_ABB5ZES3 is not set
|
||||
# CONFIG_RTC_DRV_ZYNQMP is not set
|
||||
|
||||
CONFIG_R3964=m
|
||||
# CONFIG_APPLICOM is not set
|
||||
|
@ -3131,6 +3176,7 @@ CONFIG_VGA_ARB_MAX_GPUS=16
|
|||
|
||||
|
||||
CONFIG_DRM=m
|
||||
CONFIG_DRM_FBDEV_EMULATION=y
|
||||
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
|
||||
CONFIG_DRM_AST=m # do not enable on f17 or older
|
||||
CONFIG_DRM_CIRRUS_QEMU=m # do not enable on f17 or older
|
||||
|
@ -3159,6 +3205,8 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
|
|||
CONFIG_DRM_I2C_ADV7511=m
|
||||
CONFIG_DRM_I2C_CH7006=m
|
||||
CONFIG_DRM_I2C_SIL164=m
|
||||
# CONFIG_DRM_NXP_PTN3460 is not set
|
||||
# CONFIG_DRM_PARADE_PS8622 is not set
|
||||
CONFIG_DRM_I2C_NXP_TDA998X=m
|
||||
CONFIG_DRM_UDL=m
|
||||
CONFIG_DRM_VMWGFX=m
|
||||
|
@ -3171,6 +3219,7 @@ CONFIG_DRM_PS8622=m
|
|||
# CONFIG_DRM_PANEL is not set
|
||||
# CONFIG_DRM_PANEL_SIMPLE is not set
|
||||
# CONFIG_DRM_PANEL_S6E8AA0 is not set
|
||||
# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set
|
||||
CONFIG_DRM_VGEM=m
|
||||
|
||||
#
|
||||
|
@ -3342,6 +3391,7 @@ CONFIG_DVB_FIREDTV=m
|
|||
CONFIG_DVB_NGENE=m
|
||||
CONFIG_DVB_DDBRIDGE=m
|
||||
CONFIG_DVB_SMIPCIE=m
|
||||
CONFIG_DVB_NETUP_UNIDVB=m
|
||||
CONFIG_DVB_USB_TECHNISAT_USB2=m
|
||||
CONFIG_DVB_USB_V2=m
|
||||
|
||||
|
@ -3443,6 +3493,7 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
|
|||
# CONFIG_VIDEO_SH_VEU is not set
|
||||
# CONFIG_VIDEO_RENESAS_VSP1 is not set
|
||||
# CONFIG_V4L_TEST_DRIVERS is not set
|
||||
# CONFIG_DVB_PLATFORM_DRIVERS is not set
|
||||
|
||||
#
|
||||
# Broadcom Crystal HD video decoder driver
|
||||
|
@ -3525,6 +3576,7 @@ CONFIG_FB_EFI=y
|
|||
# CONFIG_FB_UDL is not set
|
||||
# CONFIG_FB_GOLDFISH is not set
|
||||
# CONFIG_FB_OPENCORES is not set
|
||||
# CONFIG_FB_SM712 is not set
|
||||
|
||||
# CONFIG_FIRMWARE_EDID is not set
|
||||
|
||||
|
@ -3765,6 +3817,7 @@ CONFIG_USB_SL811_HCD_ISO=y
|
|||
# CONFIG_USB_SL811_CS is not set
|
||||
# CONFIG_USB_R8A66597_HCD is not set
|
||||
CONFIG_USB_XHCI_HCD=y
|
||||
# CONFIG_USB_XHCI_PLATFORM is not set
|
||||
# CONFIG_USB_MAX3421_HCD is not set
|
||||
|
||||
#
|
||||
|
@ -3873,6 +3926,7 @@ CONFIG_HID_EMS_FF=m
|
|||
CONFIG_HID_ELECOM=m
|
||||
CONFIG_HID_ELO=m
|
||||
CONFIG_HID_EZKEY=m
|
||||
CONFIG_HID_GEMBIRD=m
|
||||
CONFIG_HID_UCLOGIC=m
|
||||
CONFIG_HID_WALTOP=m
|
||||
CONFIG_HID_ACRUX=m
|
||||
|
@ -3976,6 +4030,7 @@ CONFIG_USB_KAWETH=m
|
|||
CONFIG_USB_PEGASUS=m
|
||||
CONFIG_USB_RTL8150=m
|
||||
CONFIG_USB_RTL8152=m
|
||||
CONFIG_USB_LAN78XX=m
|
||||
CONFIG_USB_USBNET=m
|
||||
CONFIG_USB_SPEEDTOUCH=m
|
||||
CONFIG_USB_NET_AX8817X=m
|
||||
|
@ -4260,6 +4315,7 @@ CONFIG_MFD_VIPERBOARD=m
|
|||
# CONFIG_MFD_RT5033 is not set
|
||||
# CONFIG_MFD_SKY81452 is not set
|
||||
# CONFIG_MFD_MAX77843 is not set
|
||||
# CONFIG_MFD_DA9062 is not set
|
||||
# CONFIG_EZX_PCAP is not set
|
||||
# CONFIG_INTEL_SOC_PMIC is not set
|
||||
|
||||
|
@ -4273,7 +4329,7 @@ CONFIG_MISC_FILESYSTEMS=y
|
|||
# CONFIG_EXT2_FS is not set
|
||||
# CONFIG_EXT3_FS is not set
|
||||
CONFIG_EXT4_FS=y
|
||||
CONFIG_EXT4_USE_FOR_EXT23=y
|
||||
CONFIG_EXT4_USE_FOR_EXT2=y
|
||||
CONFIG_EXT4_FS_POSIX_ACL=y
|
||||
CONFIG_EXT4_FS_SECURITY=y
|
||||
# CONFIG_EXT4_ENCRYPTION is not set
|
||||
|
@ -4310,7 +4366,7 @@ CONFIG_AUTOFS4_FS=y
|
|||
# CONFIG_EXOFS_FS is not set
|
||||
# CONFIG_EXOFS_DEBUG is not set
|
||||
CONFIG_NILFS2_FS=m
|
||||
# CONFIG_FS_DAX is not set
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_LOGFS is not set
|
||||
CONFIG_CEPH_FS=m
|
||||
CONFIG_CEPH_FSCACHE=y
|
||||
|
@ -4609,6 +4665,7 @@ CONFIG_HEADERS_CHECK=y
|
|||
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
|
||||
# CONFIG_DEBUG_LOCKDEP is not set
|
||||
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
|
||||
# CONFIG_STATIC_KEYS_SELFTEST is not set
|
||||
|
||||
# DEBUG options that don't get enabled/disabled with 'make debug/release'
|
||||
|
||||
|
@ -4846,6 +4903,7 @@ CONFIG_BACKLIGHT_LP855X=m
|
|||
# CONFIG_BACKLIGHT_GPIO is not set
|
||||
# CONFIG_BACKLIGHT_LV5207LP is not set
|
||||
# CONFIG_BACKLIGHT_BD6107 is not set
|
||||
# CONFIG_BACKLIGHT_PM8941_WLED is not set
|
||||
|
||||
CONFIG_LCD_CLASS_DEVICE=m
|
||||
CONFIG_LCD_PLATFORM=m
|
||||
|
@ -4879,6 +4937,7 @@ CONFIG_CGROUPS=y
|
|||
CONFIG_CGROUP_CPUACCT=y
|
||||
CONFIG_CGROUP_DEVICE=y
|
||||
CONFIG_CGROUP_FREEZER=y
|
||||
CONFIG_CGROUP_PIDS=y
|
||||
CONFIG_CGROUP_SCHED=y
|
||||
CONFIG_MEMCG=y
|
||||
CONFIG_MEMCG_SWAP=y
|
||||
|
@ -5065,6 +5124,10 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
|
|||
# CONFIG_SND_SOC_TS3A227E is not set
|
||||
# CONFIG_SND_SOC_XTFPGA_I2S is not set
|
||||
# CONFIG_SND_SOC_STA32X is not set
|
||||
# CONFIG_SND_SOC_CS4349 is not set
|
||||
# CONFIG_SND_SOC_GTM601 is not set
|
||||
# CONFIG_SND_SOC_STI_SAS is not set
|
||||
#
|
||||
|
||||
CONFIG_BALLOON_COMPACTION=y
|
||||
CONFIG_COMPACTION=y
|
||||
|
@ -5128,6 +5191,7 @@ CONFIG_DMA_ENGINE=y
|
|||
CONFIG_DW_DMAC_CORE=m
|
||||
CONFIG_DW_DMAC=m
|
||||
CONFIG_DW_DMAC_PCI=m
|
||||
# CONFIG_IDMA64 is not set
|
||||
# CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set
|
||||
# CONFIG_TIMB_DMA is not set
|
||||
# CONFIG_DMATEST is not set
|
||||
|
@ -5353,6 +5417,7 @@ CONFIG_STAGING_MEDIA=y
|
|||
# CONFIG_I2C_BCM2048 is not set
|
||||
# CONFIG_DT3155 is not set
|
||||
# CONFIG_PRISM2_USB is not set
|
||||
# CONFIG_MOST is not set
|
||||
CONFIG_USB_ATMEL=m
|
||||
# CONFIG_COMEDI is not set
|
||||
# CONFIG_PANEL is not set
|
||||
|
@ -5404,6 +5469,7 @@ CONFIG_USBIP_HOST=m
|
|||
# CONFIG_FB_SM7XX is not set
|
||||
# CONFIG_FB_TFT is not set
|
||||
# CONFIG_FB_SM750 is not set
|
||||
# CONFIG_STAGING_RDMA is not set
|
||||
# END OF STAGING
|
||||
|
||||
#
|
||||
|
@ -5481,6 +5547,8 @@ CONFIG_ZSMALLOC=y
|
|||
# CONFIG_ZSMALLOC_STAT is not set
|
||||
# CONFIG_PGTABLE_MAPPING is not set
|
||||
|
||||
# CONFIG_IDLE_PAGE_TRACKING is not set
|
||||
|
||||
# CONFIG_MDIO_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO_POLLED is not set
|
||||
|
@ -5528,6 +5596,7 @@ CONFIG_GPIO_VIPERBOARD=m
|
|||
# CONFIG_GPIO_MCP23S08 is not set
|
||||
# CONFIG_GPIO_XILINX is not set
|
||||
# CONFIG_GPIO_ALTERA is not set
|
||||
# CONFIG_GPIO_ZX is not set
|
||||
|
||||
# FIXME: Why?
|
||||
|
||||
|
@ -5568,6 +5637,7 @@ CONFIG_PSTORE_RAM=m
|
|||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_TEST_HEXDUMP is not set
|
||||
# CONFIG_TEST_RHASHTABLE is not set
|
||||
# CONFIG_TEST_STATIC_KEYS is not set
|
||||
|
||||
# CONFIG_AVERAGE is not set
|
||||
# CONFIG_VMXNET3 is not set
|
||||
|
|
|
@ -14,6 +14,7 @@ CONFIG_PPC_PSERIES=y
|
|||
# CONFIG_PPC_PMAC is not set
|
||||
# CONFIG_PPC_PMAC64 is not set
|
||||
# CONFIG_PPC_PS3 is not set
|
||||
CONFIG_HIBERNATION=n
|
||||
|
||||
CONFIG_EXTRA_TARGETS=""
|
||||
|
||||
|
@ -127,6 +128,7 @@ CONFIG_MTD_POWERNV_FLASH=m
|
|||
CONFIG_PPC_TRANSACTIONAL_MEM=y
|
||||
CONFIG_BLK_DEV_RSXX=m
|
||||
CONFIG_CXL=m
|
||||
CONFIG_CXLFLASH=m
|
||||
CONFIG_IBMEBUS=y
|
||||
CONFIG_EHEA=m
|
||||
CONFIG_INFINIBAND_EHCA=m
|
||||
|
@ -209,6 +211,7 @@ CONFIG_CAPI_EICON=y
|
|||
CONFIG_LEDS_TRIGGER_TIMER=m
|
||||
CONFIG_LEDS_TRIGGER_HEARTBEAT=m
|
||||
CONFIG_LEDS_TRIGGER_GPIO=m
|
||||
CONFIG_LEDS_POWERNV=m
|
||||
|
||||
CONFIG_USB_EHCI_HCD_PPC_OF=y
|
||||
CONFIG_USB_OHCI_HCD_PCI=y
|
||||
|
@ -358,6 +361,8 @@ CONFIG_I2C_MPC=m
|
|||
# CONFIG_NET_VENDOR_PASEMI is not set
|
||||
# CONFIG_NET_VENDOR_TOSHIBA is not set
|
||||
|
||||
CONFIG_MDIO_OCTEON=m
|
||||
|
||||
# CONFIG_OF_UNITTEST is not set
|
||||
# CONFIG_OF_OVERLAY is not set
|
||||
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
CONFIG_CPU_LITTLE_ENDIAN=y
|
||||
|
||||
CONFIG_POWER7_CPU=y
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
|
|
|
@ -201,6 +201,7 @@ CONFIG_VMCP=y
|
|||
CONFIG_SCHED_MC=y
|
||||
CONFIG_SCHED_BOOK=y
|
||||
CONFIG_SCHED_TOPOLOGY=y
|
||||
# CONFIG_NUMA is not set
|
||||
|
||||
# CONFIG_WARN_DYNAMIC_STACK is not set
|
||||
|
||||
|
@ -290,6 +291,7 @@ CONFIG_HOTPLUG_PCI_S390=y
|
|||
# CONFIG_SH_ETH is not set
|
||||
# CONFIG_NET_VENDOR_VIA is not set
|
||||
# CONFIG_IEEE802154_DRIVERS is not set
|
||||
# CONFIG_MDIO_OCTEON is not set
|
||||
|
||||
# CONFIG_FMC is not set
|
||||
|
||||
|
|
|
@ -4,6 +4,8 @@ CONFIG_X86_EXTENDED_PLATFORM=y
|
|||
|
||||
CONFIG_X86_GENERIC=y
|
||||
|
||||
# CONFIG_X86_LEGACY_VM86 is not set
|
||||
|
||||
CONFIG_HPET=y
|
||||
CONFIG_HPET_TIMER=y
|
||||
# CONFIG_HPET_MMAP is not set
|
||||
|
@ -34,9 +36,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
|
|||
CONFIG_X86_PAT=y
|
||||
CONFIG_X86_PM_TIMER=y
|
||||
|
||||
# This requires changes to binutils and the compiler. Plus you can't actually
|
||||
# buy hardware with MPX yet. So... leave it off until all of that seems set.
|
||||
# CONFIG_X86_INTEL_MPX is not set
|
||||
CONFIG_X86_INTEL_MPX=y
|
||||
|
||||
CONFIG_EFI=y
|
||||
CONFIG_EFI_STUB=y
|
||||
|
@ -111,6 +111,7 @@ CONFIG_XPOWER_PMIC_OPREGION=y
|
|||
CONFIG_GPIO_CRYSTAL_COVE=y
|
||||
CONFIG_AXP288_ADC=y
|
||||
CONFIG_AXP288_FUEL_GAUGE=y
|
||||
# CONFIG_PWM_CRC is not set
|
||||
|
||||
|
||||
CONFIG_X86_INTEL_PSTATE=y
|
||||
|
@ -133,6 +134,7 @@ CONFIG_CRYPTO_DEV_CCP=y
|
|||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
|
||||
|
||||
CONFIG_GENERIC_ISA_DMA=y
|
||||
|
||||
|
@ -310,6 +312,9 @@ CONFIG_XEN_PCIDEV_BACKEND=m
|
|||
CONFIG_XEN_ACPI_PROCESSOR=m
|
||||
# CONFIG_XEN_SCSI_FRONTEND is not set
|
||||
# CONFIG_XEN_SCSI_BACKEND is not set
|
||||
CONFIG_XEN_SYMS=y
|
||||
|
||||
CONFIG_SPI_PXA2XX=m
|
||||
|
||||
CONFIG_MTD_ESB2ROM=m
|
||||
CONFIG_MTD_CK804XROM=m
|
||||
|
@ -457,6 +462,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
|
|||
|
||||
CONFIG_HP_ACCEL=m
|
||||
|
||||
CONFIG_SURFACE_PRO3_BUTTON=m
|
||||
|
||||
# CONFIG_RAPIDIO is not set
|
||||
|
||||
CONFIG_SCHED_SMT=y
|
||||
|
@ -498,10 +505,14 @@ CONFIG_NFC_MICROREAD_MEI=m
|
|||
# CONFIG_X86_GOLDFISH is not set
|
||||
|
||||
CONFIG_X86_INTEL_LPSS=y
|
||||
CONFIG_IDMA64=m
|
||||
|
||||
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
|
||||
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
|
||||
|
||||
CONFIG_MFD_INTEL_LPSS_ACPI=m
|
||||
CONFIG_MFD_INTEL_LPSS_PCI=m
|
||||
|
||||
CONFIG_IOSF_MBI=m
|
||||
# CONFIG_IOSF_MBI_DEBUG is not set
|
||||
CONFIG_PWM_LPSS=m
|
||||
|
@ -536,6 +547,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
|
|||
CONFIG_INTEL_SOC_DTS_THERMAL=m
|
||||
CONFIG_INT340X_THERMAL=m
|
||||
CONFIG_INTEL_RAPL=m
|
||||
CONFIG_INTEL_PCH_THERMAL=m
|
||||
|
||||
CONFIG_VMWARE_VMCI=m
|
||||
CONFIG_VMWARE_VMCI_VSOCKETS=m
|
||||
|
@ -554,6 +566,8 @@ CONFIG_MODULE_SIG_ALL=y
|
|||
# CONFIG_MODULE_SIG_SHA1 is not set
|
||||
CONFIG_MODULE_SIG_SHA256=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
|
||||
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
||||
|
||||
|
@ -563,9 +577,11 @@ CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
|||
CONFIG_MODULE_SIG_UEFI=y
|
||||
|
||||
CONFIG_VMXNET3=m
|
||||
CONFIG_FUJITSU_ES=m
|
||||
CONFIG_VFIO_PCI_VGA=y
|
||||
|
||||
CONFIG_PCH_CAN=m
|
||||
|
||||
# CONFIG_X86_DEBUG_FPU is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_AMD_MCE_INJ is not set
|
||||
|
|
|
@ -86,6 +86,8 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
|
|||
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_DES3_EDE_X86_64=m
|
||||
CONFIG_CRYPTO_POLY1305_X86_64=m
|
||||
CONFIG_CRYPTO_CHACHA20_X86_64=m
|
||||
# staging crypto
|
||||
# CONFIG_CRYPTO_SKEIN is not set
|
||||
|
||||
|
@ -134,6 +136,7 @@ CONFIG_XEN_SYS_HYPERVISOR=y
|
|||
# CONFIG_XEN_MCE_LOG is not set
|
||||
# CONFIG_XEN_STUB is not set
|
||||
# CONFIG_XEN_PVH is not set
|
||||
CONFIG_XEN_512GB=y
|
||||
|
||||
CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
|
||||
|
||||
|
@ -199,6 +202,8 @@ CONFIG_BTT=y
|
|||
CONFIG_ND_BTT=m
|
||||
CONFIG_ND_BLK=m
|
||||
|
||||
CONFIG_MDIO_OCTEON=m
|
||||
|
||||
CONFIG_NO_HZ_FULL=y
|
||||
# CONFIG_NO_HZ_IDLE is not set
|
||||
# CONFIG_NO_HZ_FULL_ALL is not set
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
From c0ea161a6e7158281f64bc6d41126da43cb08f14 Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Sat, 15 Aug 2015 13:36:12 -0500
|
||||
Subject: [PATCH 1/2] dcache: Handle escaped paths in prepend_path
|
||||
|
||||
commit cde93be45a8a90d8c264c776fab63487b5038a65 upstream.
|
||||
|
||||
A rename can result in a dentry that by walking up d_parent
|
||||
will never reach it's mnt_root. For lack of a better term
|
||||
I call this an escaped path.
|
||||
|
||||
prepend_path is called by four different functions __d_path,
|
||||
d_absolute_path, d_path, and getcwd.
|
||||
|
||||
__d_path only wants to see paths are connected to the root it passes
|
||||
in. So __d_path needs prepend_path to return an error.
|
||||
|
||||
d_absolute_path similarly wants to see paths that are connected to
|
||||
some root. Escaped paths are not connected to any mnt_root so
|
||||
d_absolute_path needs prepend_path to return an error greater
|
||||
than 1. So escaped paths will be treated like paths on lazily
|
||||
unmounted mounts.
|
||||
|
||||
getcwd needs to prepend "(unreachable)" so getcwd also needs
|
||||
prepend_path to return an error.
|
||||
|
||||
d_path is the interesting hold out. d_path just wants to print
|
||||
something, and does not care about the weird cases. Which raises
|
||||
the question what should be printed?
|
||||
|
||||
Given that <escaped_path>/<anything> should result in -ENOENT I
|
||||
believe it is desirable for escaped paths to be printed as empty
|
||||
paths. As there are not really any meaninful path components when
|
||||
considered from the perspective of a mount tree.
|
||||
|
||||
So tweak prepend_path to return an empty path with an new error
|
||||
code of 3 when it encounters an escaped path.
|
||||
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
fs/dcache.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/fs/dcache.c b/fs/dcache.c
|
||||
index 9b5fe503f6cb..e3b44ca75a1b 100644
|
||||
--- a/fs/dcache.c
|
||||
+++ b/fs/dcache.c
|
||||
@@ -2926,6 +2926,13 @@ restart:
|
||||
|
||||
if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
|
||||
struct mount *parent = ACCESS_ONCE(mnt->mnt_parent);
|
||||
+ /* Escaped? */
|
||||
+ if (dentry != vfsmnt->mnt_root) {
|
||||
+ bptr = *buffer;
|
||||
+ blen = *buflen;
|
||||
+ error = 3;
|
||||
+ break;
|
||||
+ }
|
||||
/* Global root? */
|
||||
if (mnt != parent) {
|
||||
dentry = ACCESS_ONCE(mnt->mnt_mountpoint);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
From 31e64826785b5bafef7a6361516c060be2bca253 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Thu, 20 May 2010 10:30:31 -0400
|
||||
Subject: [PATCH] disable i8042 check on apple mac
|
||||
|
@ -17,11 +18,11 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
|
|||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index 4022b75eaad7..1aaf06aa7b0f 100644
|
||||
index c9c98f0ab284..5137185e14a9 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -1506,6 +1506,22 @@ static struct platform_driver i8042_driver = {
|
||||
.shutdown = i8042_shutdown,
|
||||
@@ -1540,6 +1540,22 @@ static struct notifier_block i8042_kbd_bind_notifier_block = {
|
||||
.notifier_call = i8042_kbd_bind_notifier,
|
||||
};
|
||||
|
||||
+#ifdef CONFIG_DMI
|
||||
|
@ -43,7 +44,7 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
|
|||
static int __init i8042_init(void)
|
||||
{
|
||||
struct platform_device *pdev;
|
||||
@@ -1513,6 +1529,12 @@ static int __init i8042_init(void)
|
||||
@@ -1547,6 +1563,12 @@ static int __init i8042_init(void)
|
||||
|
||||
dbg_init();
|
||||
|
||||
|
@ -56,3 +57,6 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
|
|||
err = i8042_platform_init();
|
||||
if (err)
|
||||
return err;
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Jackson <ajax@redhat.com>
|
||||
Date: Wed, 13 Nov 2013 10:17:24 -0500
|
||||
Subject: [PATCH] drm/i915: hush check crtc state
|
||||
|
@ -14,15 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
|
||||
index 647b1404c441..e102a06f26e0 100644
|
||||
index ca9278be49f7..308ac0539a87 100644
|
||||
--- a/drivers/gpu/drm/i915/intel_display.c
|
||||
+++ b/drivers/gpu/drm/i915/intel_display.c
|
||||
@@ -12322,7 +12322,7 @@ check_crtc_state(struct drm_device *dev)
|
||||
|
||||
if (active &&
|
||||
!intel_pipe_config_compare(dev, crtc->config, &pipe_config)) {
|
||||
@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
|
||||
sw_config = to_intel_crtc_state(crtc->state);
|
||||
if (!intel_pipe_config_compare(dev, sw_config,
|
||||
pipe_config, false)) {
|
||||
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
|
||||
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
|
||||
intel_dump_pipe_config(crtc, &pipe_config,
|
||||
intel_dump_pipe_config(intel_crtc, pipe_config,
|
||||
"[hw state]");
|
||||
intel_dump_pipe_config(crtc, crtc->config,
|
||||
intel_dump_pipe_config(intel_crtc, sw_config,
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:33:03 -0400
|
||||
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
|
||||
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
for use with efi_enabled.
|
||||
|
@ -12,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index c2e4f52cad30..5def6b4143fa 100644
|
||||
index 1ac118146e90..f93826b8522c 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
if (boot_params.secure_boot) {
|
||||
|
@ -37,3 +38,6 @@ index 85ef051ac6fb..de3e45088d4a 100644
|
|||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
|
||||
Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
|
||||
|
||||
A user can manually tell the shim boot loader to disable validation of
|
||||
images it loads. When a user does this, it creates a UEFI variable called
|
||||
|
@ -14,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 1ef8ea7f8ed9..d82dc9c1c19e 100644
|
||||
index b4de3faa3f29..5cc2ef570390 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -830,8 +830,9 @@ out:
|
||||
|
@ -52,3 +53,6 @@ index 1ef8ea7f8ed9..d82dc9c1c19e 100644
|
|||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 0081083434db41c15b72eced975da0bd9b80566b Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:28:43 -0400
|
||||
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
Subject: [PATCH 12/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
|
||||
The functionality of the config option is dependent upon the platform being
|
||||
UEFI based. Reflect this in the config deps.
|
||||
|
@ -11,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 4da6644b1fd0..341a1457f7c7 100644
|
||||
index 14db458f4774..f6ff0a86d841 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1704,7 +1704,8 @@ config EFI_MIXED
|
||||
@@ -1735,7 +1735,8 @@ config EFI_MIXED
|
||||
If unsure, say N.
|
||||
|
||||
config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
|
@ -24,3 +25,6 @@ index 4da6644b1fd0..341a1457f7c7 100644
|
|||
prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
---help---
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 20 Jun 2014 08:53:24 -0400
|
||||
Subject: [PATCH] hibernate: Disable in a signed modules environment
|
||||
Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
|
@ -33,3 +34,6 @@ index 690f78f210f2..037303a1cba9 100644
|
|||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
From 72695420d48c264b3ca0dacccda1a4789a52c2f6 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 24 Jul 2015 11:45:28 +0200
|
||||
Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 3 14 to no_hw_rfkill dmi list
|
||||
|
||||
Like some of the other Yoga models the Lenovo Yoga 3 14 does not have a
|
||||
hw rfkill switch, and trying to read the hw rfkill switch through the
|
||||
ideapad module causes it to always reported blocking breaking wifi.
|
||||
|
||||
This commit adds the Lenovo Yoga 3 14 to the no_hw_rfkill dmi list, fixing
|
||||
the wifi breakage.
|
||||
|
||||
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1239050
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
|
||||
index 76b57388d01b..81c3e582309a 100644
|
||||
--- a/drivers/platform/x86/ideapad-laptop.c
|
||||
+++ b/drivers/platform/x86/ideapad-laptop.c
|
||||
@@ -853,6 +853,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
|
||||
},
|
||||
},
|
||||
{
|
||||
+ .ident = "Lenovo Yoga 3 14",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 3 14"),
|
||||
+ },
|
||||
+ },
|
||||
+ {
|
||||
.ident = "Lenovo Yoga 3 Pro 1370",
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -16,10 +16,10 @@ Upstream-status: Fedora mustard
|
|||
3 files changed, 2 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
|
||||
index 30b7bbfdc558..95863902627f 100644
|
||||
index 9717d5f20139..a3101d2fd936 100644
|
||||
--- a/drivers/base/power/main.c
|
||||
+++ b/drivers/base/power/main.c
|
||||
@@ -123,8 +123,6 @@ void device_pm_unlock(void)
|
||||
@@ -122,8 +122,6 @@ void device_pm_unlock(void)
|
||||
*/
|
||||
void device_pm_add(struct device *dev)
|
||||
{
|
||||
|
@ -29,7 +29,7 @@ index 30b7bbfdc558..95863902627f 100644
|
|||
if (dev->parent && dev->parent->power.is_prepared)
|
||||
dev_warn(dev, "parent %s should not be sleeping\n",
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index cb5ece77fd7d..4022b75eaad7 100644
|
||||
index 986a71c614b0..bfb0b2280df0 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -871,7 +871,6 @@ static int __init i8042_check_aux(void)
|
||||
|
@ -41,7 +41,7 @@ index cb5ece77fd7d..4022b75eaad7 100644
|
|||
}
|
||||
|
||||
diff --git a/net/can/af_can.c b/net/can/af_can.c
|
||||
index 7933e62a7318..96a911003af7 100644
|
||||
index 32d710eaf1fc..af4a20b86ee7 100644
|
||||
--- a/net/can/af_can.c
|
||||
+++ b/net/can/af_can.c
|
||||
@@ -155,13 +155,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
|
||||
From: Roland McGrath <roland@redhat.com>
|
||||
Date: Mon, 6 Oct 2008 23:03:03 -0700
|
||||
Subject: [PATCH] kbuild: AFTER_LINK
|
||||
|
@ -62,7 +63,7 @@ index effca9404b17..713891a92d23 100644
|
|||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
|
||||
index 8ad2b34ad151..e153572ab351 100644
|
||||
index ee8a18e50a25..63e33fa049f8 100644
|
||||
--- a/arch/s390/kernel/vdso32/Makefile
|
||||
+++ b/arch/s390/kernel/vdso32/Makefile
|
||||
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
|
||||
|
@ -76,7 +77,7 @@ index 8ad2b34ad151..e153572ab351 100644
|
|||
cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
|
||||
index 2a8ddfd12a5b..452ca53561fe 100644
|
||||
index c4b03f9ed228..550450fc2f95 100644
|
||||
--- a/arch/s390/kernel/vdso64/Makefile
|
||||
+++ b/arch/s390/kernel/vdso64/Makefile
|
||||
@@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
|
||||
|
@ -90,7 +91,7 @@ index 2a8ddfd12a5b..452ca53561fe 100644
|
|||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
|
||||
index e97032069f88..9ea82f444dea 100644
|
||||
index a3d0767a6b29..078c9be1db8f 100644
|
||||
--- a/arch/x86/entry/vdso/Makefile
|
||||
+++ b/arch/x86/entry/vdso/Makefile
|
||||
@@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
|
||||
|
@ -103,7 +104,7 @@ index e97032069f88..9ea82f444dea 100644
|
|||
+ $(if $(AFTER_LINK),; $(AFTER_LINK)) && \
|
||||
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
|
||||
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
|
||||
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
|
||||
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
|
||||
index 1a10d8ac8162..092d0c0cf72c 100755
|
||||
|
@ -120,3 +121,6 @@ index 1a10d8ac8162..092d0c0cf72c 100755
|
|||
}
|
||||
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
93
kernel.spec
93
kernel.spec
|
@ -46,13 +46,13 @@ Summary: The Linux kernel
|
|||
# base_sublevel is the kernel version we're starting with and patching
|
||||
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
|
||||
# which yields a base_sublevel of 0.
|
||||
%define base_sublevel 2
|
||||
%define base_sublevel 3
|
||||
|
||||
## If this is a released kernel ##
|
||||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 8
|
||||
%define stable_update 3
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -388,8 +388,12 @@ BuildRequires: rpm-build, elfutils
|
|||
%define debuginfo_args --strict-build-id -r
|
||||
%endif
|
||||
|
||||
%ifarch %{ix86} x86_64
|
||||
# MODULE_SIG is enabled in config-x86-generic and needs these:
|
||||
BuildRequires: openssl openssl-devel
|
||||
%endif
|
||||
|
||||
%if %{signmodules}
|
||||
BuildRequires: openssl
|
||||
BuildRequires: pesign >= 0.10-4
|
||||
%endif
|
||||
|
||||
|
@ -502,15 +506,13 @@ Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
|
|||
|
||||
Patch456: arm64-acpi-drop-expert-patch.patch
|
||||
|
||||
Patch457: showmem-cma-correct-reserved-memory-calculation.patch
|
||||
Patch457: ARM-tegra-usb-no-reset.patch
|
||||
|
||||
Patch458: ARM-tegra-usb-no-reset.patch
|
||||
Patch458: ARM-dts-Add-am335x-bonegreen.patch
|
||||
|
||||
Patch459: regulator-axp20x-module-alias.patch
|
||||
Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
|
||||
|
||||
Patch460: regulator-anatop-module-alias.patch
|
||||
|
||||
Patch461: ARM-dts-Add-am335x-bonegreen.patch
|
||||
Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
|
||||
|
||||
Patch463: arm-i.MX6-Utilite-device-dtb.patch
|
||||
|
||||
|
@ -520,8 +522,6 @@ Patch467: die-floppy-die.patch
|
|||
|
||||
Patch468: no-pcspkr-modalias.patch
|
||||
|
||||
Patch469: input-silence-i8042-noise.patch
|
||||
|
||||
Patch470: silence-fbcon-logo.patch
|
||||
|
||||
Patch471: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
|
||||
|
@ -590,31 +590,11 @@ Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
|
|||
|
||||
Patch503: drm-i915-turn-off-wc-mmaps.patch
|
||||
|
||||
#rhbz 1244511
|
||||
Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
|
||||
|
||||
Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
|
||||
|
||||
#rhbz 1239050
|
||||
Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
|
||||
|
||||
#rhbz 1253789
|
||||
Patch510: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
|
||||
|
||||
#rhbz 1257534
|
||||
Patch513: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
|
||||
|
||||
#rhbz 1257500
|
||||
Patch517: vmwgfx-Rework-device-initialization.patch
|
||||
Patch518: drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
|
||||
|
||||
#rhbz 1272172
|
||||
Patch540: 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
|
||||
Patch541: 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
|
||||
|
||||
#CVE-2015-7799 rhbz 1271134 1271135
|
||||
Patch543: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
Patch544: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
|
||||
Patch512: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
Patch513: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
|
||||
|
||||
#CVE-2015-8104 rhbz 1278496 1279691
|
||||
Patch551: KVM-svm-unconditionally-intercept-DB.patch
|
||||
|
@ -630,11 +610,6 @@ Patch556: netfilter-ipset-Fix-extension-alignment.patch
|
|||
Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
|
||||
Patch558: netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
|
||||
|
||||
#rhbz 1278688
|
||||
Patch560: 0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
|
||||
Patch561: 0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
|
||||
Patch562: 0003-KVM-x86-fix-previous-commit-for-32-bit.patch
|
||||
|
||||
#rhbz 1284059
|
||||
Patch566: KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
|
||||
|
||||
|
@ -650,6 +625,9 @@ Patch570: HID-multitouch-enable-palm-rejection-if-device-imple.patch
|
|||
#rhbz 1286293
|
||||
Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
|
||||
|
||||
#rhbz 1288687
|
||||
Patch572: alua_fix.patch
|
||||
|
||||
#CVE-XXXX-XXXX rhbz 1291329 1291332
|
||||
Patch574: ovl-fix-permission-checking-for-setattr.patch
|
||||
|
||||
|
@ -662,8 +640,10 @@ Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
|
|||
#CVE-2015-8569 rhbz 1292045 1292047
|
||||
Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||
|
||||
Patch601: vrf-fix-memory-leak-on-registration.patch
|
||||
|
||||
#CVE-2015-8575 rhbz 1292840 1292841
|
||||
Patch601: bluetooth-Validate-socket-address-length-in-sco_sock.patch
|
||||
Patch602: bluetooth-Validate-socket-address-length-in-sco_sock.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
|
@ -1368,11 +1348,9 @@ BuildKernel() {
|
|||
cp configs/$Config .config
|
||||
|
||||
%if %{signmodules}
|
||||
cp %{SOURCE11} .
|
||||
cp %{SOURCE11} certs/.
|
||||
%endif
|
||||
|
||||
chmod +x scripts/sign-file
|
||||
|
||||
Arch=`head -1 .config | cut -b 3-`
|
||||
echo USING ARCH=$Arch
|
||||
|
||||
|
@ -1614,8 +1592,8 @@ BuildKernel() {
|
|||
|
||||
%if %{signmodules}
|
||||
# Save the signing keys so we can sign the modules in __modsign_install_post
|
||||
cp signing_key.priv signing_key.priv.sign${Flav}
|
||||
cp signing_key.x509 signing_key.x509.sign${Flav}
|
||||
cp certs/signing_key.pem certs/signing_key.pem.sign${Flav}
|
||||
cp certs/signing_key.x509 certs/signing_key.x509.sign${Flav}
|
||||
%endif
|
||||
|
||||
# Move the devel headers out of the root file system
|
||||
|
@ -1710,16 +1688,16 @@ popd
|
|||
%define __modsign_install_post \
|
||||
if [ "%{signmodules}" -eq "1" ]; then \
|
||||
if [ "%{with_pae}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+%{pae} signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+%{pae} certs/signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
|
||||
fi \
|
||||
if [ "%{with_debug}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+debug signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+debug certs/signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
|
||||
fi \
|
||||
if [ "%{with_pae_debug}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+%{pae}debug signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+%{pae}debug certs/signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
|
||||
fi \
|
||||
if [ "%{with_up}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||
fi \
|
||||
fi \
|
||||
if [ "%{zipmodules}" -eq "1" ]; then \
|
||||
|
@ -1980,6 +1958,7 @@ fi
|
|||
%{_libdir}/traceevent/plugins/*
|
||||
%dir %{_libexecdir}/perf-core
|
||||
%{_libexecdir}/perf-core/*
|
||||
%{_datadir}/perf-core/*
|
||||
%{_mandir}/man[1-8]/perf*
|
||||
%{_sysconfdir}/bash_completion.d/perf
|
||||
%doc linux-%{KVERREL}/tools/perf/Documentation/examples.txt
|
||||
|
@ -2109,9 +2088,15 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Jan 05 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Merge 4.3.3 from stabilization branch
|
||||
|
||||
* Fri Dec 18 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)
|
||||
|
||||
* Thu Dec 17 2015 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- Fix for memory leak in vrf
|
||||
|
||||
* Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
|
||||
|
||||
|
@ -2128,6 +2113,9 @@ fi
|
|||
* Fri Dec 11 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2013-7446 unix sockects use after free (rhbz 1282688 1282712)
|
||||
|
||||
* Thu Dec 10 2015 Laura Abbott <labbott@redhat.com>
|
||||
- Ignore errors from scsi_dh_add_device (rhbz 1288687)
|
||||
|
||||
* Thu Dec 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix rfkill issues on ideapad Y700-17ISK (rhbz 1286293)
|
||||
|
||||
|
@ -2138,6 +2126,9 @@ fi
|
|||
- Add patch to fix palm rejection on certain touchpads (rhbz 1287819)
|
||||
- Add new PCI ids for wireless, including Lenovo Yoga (rhbz 1275490)
|
||||
|
||||
* Tue Dec 01 2015 Laura Abbott <labbott@redhat.com>
|
||||
- Enable CONFIG_X86_INTEL_MPX (rhbz 1287279)
|
||||
|
||||
* Tue Dec 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-7515 aiptek: crash on invalid device descriptors (rhbz 1285326 1285331)
|
||||
- CVE-2015-7833 usbvision: crash on invalid device descriptors (rhbz 1270158 1270160)
|
||||
|
@ -2146,6 +2137,9 @@ fi
|
|||
- Fix crash in add_key (rhbz 1284059)
|
||||
- CVE-2015-8374 btrfs: info leak when truncating compressed/inlined extents (rhbz 1286261 1286262)
|
||||
|
||||
* Sun Nov 22 2015 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Fix sound issue on some ARM devices (tested on Arndale)
|
||||
|
||||
* Fri Nov 20 2015 Justin M. Forbes <jmforbes@fedoraproject.org> - 4.2.6-301
|
||||
- Fix for GRE tunnel running in IPSec (rhbz 1272571)
|
||||
- Fix KVM on specific hardware (rhbz 1278688)
|
||||
|
@ -2153,6 +2147,9 @@ fi
|
|||
* Mon Nov 16 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix ipset netfilter issues (rhbz 1279189)
|
||||
|
||||
* Thu Nov 12 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-5327 x509 time validation
|
||||
|
||||
* Tue Nov 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix Yoga 900 rfkill switch issues (rhbz 1275490)
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
|
||||
|
@ -13,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index a785c1015e25..81d6b404f33c 100644
|
||||
index 4c5edc357923..db431971dbd4 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/mm.h>
|
||||
#include <linux/file.h>
|
||||
#include <linux/kexec.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
#include <linux/mutex.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/syscalls.h>
|
||||
@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
|
@ -38,3 +39,6 @@ index a785c1015e25..81d6b404f33c 100644
|
|||
* Verify we have a legal set of flags
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
From 567a18f57213647e2c31bbdc7f6b8f9991d22fad Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Fri, 13 Nov 2015 19:03:29 +0000
|
||||
Subject: [PATCH] mfd: wm8994: Ensure that the whole MFD is built into a single
|
||||
module
|
||||
|
||||
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
|
||||
---
|
||||
drivers/mfd/Makefile | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/mfd/Makefile b/drivers/mfd/Makefile
|
||||
index a59e3fc..4a767ef 100644
|
||||
--- a/drivers/mfd/Makefile
|
||||
+++ b/drivers/mfd/Makefile
|
||||
@@ -61,7 +61,8 @@ wm8350-objs := wm8350-core.o wm8350-regmap.o wm8350-gpio.o
|
||||
wm8350-objs += wm8350-irq.o
|
||||
obj-$(CONFIG_MFD_WM8350) += wm8350.o
|
||||
obj-$(CONFIG_MFD_WM8350_I2C) += wm8350-i2c.o
|
||||
-obj-$(CONFIG_MFD_WM8994) += wm8994-core.o wm8994-irq.o wm8994-regmap.o
|
||||
+wm8994-objs := wm8994-core.o wm8994-irq.o wm8994-regmap.o
|
||||
+obj-$(CONFIG_MFD_WM8994) += wm8994.o
|
||||
|
||||
obj-$(CONFIG_TPS6105X) += tps6105x.o
|
||||
obj-$(CONFIG_TPS65010) += tps65010.o
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,76 @@
|
|||
From patchwork Thu Oct 1 12:39:26 2015
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: [net] inet: fix race in reqsk_queue_unlink()
|
||||
From: Eric Dumazet <eric.dumazet@gmail.com>
|
||||
X-Patchwork-Id: 524966
|
||||
Message-Id: <1443703166.32531.47.camel@edumazet-glaptop2.roam.corp.google.com>
|
||||
To: David Miller <davem@davemloft.net>
|
||||
Cc: netdev <netdev@vger.kernel.org>, Yuchung Cheng <ycheng@google.com>
|
||||
Date: Thu, 01 Oct 2015 05:39:26 -0700
|
||||
|
||||
From: Eric Dumazet <edumazet@google.com>
|
||||
|
||||
reqsk_timer_handler() tests if icsk_accept_queue.listen_opt
|
||||
is NULL at its beginning.
|
||||
|
||||
By the time it calls inet_csk_reqsk_queue_drop() and
|
||||
reqsk_queue_unlink(), listener might have been closed and
|
||||
inet_csk_listen_stop() had called reqsk_queue_yank_acceptq()
|
||||
which sets icsk_accept_queue.listen_opt to NULL
|
||||
|
||||
We therefore need to correctly check listen_opt being NULL
|
||||
after holding syn_wait_lock for proper synchronization.
|
||||
|
||||
Fixes: fa76ce7328b2 ("inet: get rid of central tcp/dccp listener timer")
|
||||
Fixes: b357a364c57c ("inet: fix possible panic in reqsk_queue_unlink()")
|
||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
||||
Cc: Yuchung Cheng <ycheng@google.com>
|
||||
---
|
||||
net/ipv4/inet_connection_sock.c | 19 ++++++++++---------
|
||||
1 file changed, 10 insertions(+), 9 deletions(-)
|
||||
|
||||
|
||||
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe netdev" in
|
||||
the body of a message to majordomo@vger.kernel.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
||||
|
||||
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
|
||||
index 7bb9c39e0a4d..61b45a17fc73 100644
|
||||
--- a/net/ipv4/inet_connection_sock.c
|
||||
+++ b/net/ipv4/inet_connection_sock.c
|
||||
@@ -577,21 +577,22 @@ EXPORT_SYMBOL(inet_rtx_syn_ack);
|
||||
static bool reqsk_queue_unlink(struct request_sock_queue *queue,
|
||||
struct request_sock *req)
|
||||
{
|
||||
- struct listen_sock *lopt = queue->listen_opt;
|
||||
struct request_sock **prev;
|
||||
+ struct listen_sock *lopt;
|
||||
bool found = false;
|
||||
|
||||
spin_lock(&queue->syn_wait_lock);
|
||||
-
|
||||
- for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
|
||||
- prev = &(*prev)->dl_next) {
|
||||
- if (*prev == req) {
|
||||
- *prev = req->dl_next;
|
||||
- found = true;
|
||||
- break;
|
||||
+ lopt = queue->listen_opt;
|
||||
+ if (lopt) {
|
||||
+ for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
|
||||
+ prev = &(*prev)->dl_next) {
|
||||
+ if (*prev == req) {
|
||||
+ *prev = req->dl_next;
|
||||
+ found = true;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
-
|
||||
spin_unlock(&queue->syn_wait_lock);
|
||||
if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer))
|
||||
reqsk_put(req);
|
|
@ -0,0 +1,34 @@
|
|||
From: Pantelis Antoniou <panto@antoniou-consulting.com>
|
||||
Date: Sat, 15 Sep 2012 12:00:41 +0300
|
||||
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
|
||||
|
||||
When using pinctrl-single to handle i2c initialization, it has
|
||||
to be done early. Whether this is the best way to do so, is an
|
||||
exercise left to the reader.
|
||||
---
|
||||
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
|
||||
index 69e84427f913..f21cf4291476 100644
|
||||
--- a/drivers/pinctrl/pinctrl-single.c
|
||||
+++ b/drivers/pinctrl/pinctrl-single.c
|
||||
@@ -2025,7 +2025,17 @@ static struct platform_driver pcs_driver = {
|
||||
#endif
|
||||
};
|
||||
|
||||
-module_platform_driver(pcs_driver);
|
||||
+static int __init pcs_init(void)
|
||||
+{
|
||||
+ return platform_driver_register(&pcs_driver);
|
||||
+}
|
||||
+postcore_initcall(pcs_init);
|
||||
+
|
||||
+static void __exit pcs_exit(void)
|
||||
+{
|
||||
+ platform_driver_unregister(&pcs_driver);
|
||||
+}
|
||||
+module_exit(pcs_exit);
|
||||
|
||||
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
|
||||
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
|
|
@ -1,24 +0,0 @@
|
|||
From d702ffd4d1df73b9c620af1654af42ff5b8d5c09 Fri Sep 18 19:09:07 2015
|
||||
From: Luis de Bethencourt <luis@debethencourt.com>
|
||||
Date: Fri Sep 18 19:09:07 2015 +0200
|
||||
|
||||
regulator: anatop: Fix module autoload for OF platform driver
|
||||
|
||||
This platform driver has a OF device ID table but the OF module
|
||||
alias information is not created so module autoloading won't work.
|
||||
|
||||
Signed-off-by: Luis de Bethencourt <luisbg@osg.samsung.com>
|
||||
Signed-off-by: Mark Brown <broonie@kernel.org>
|
||||
|
||||
diff --git a/drivers/regulator/anatop-regulator.c b/drivers/regulator/anatop-regulator.c
|
||||
index 738adfa..52ea605 100644
|
||||
--- a/drivers/regulator/anatop-regulator.c
|
||||
+++ b/drivers/regulator/anatop-regulator.c
|
||||
@@ -318,6 +318,7 @@ static const struct of_device_id of_anatop_regulator_match_tbl[] = {
|
||||
{ .compatible = "fsl,anatop-regulator", },
|
||||
{ /* end */ }
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, of_anatop_regulator_match_tbl);
|
||||
|
||||
static struct platform_driver anatop_regulator_driver = {
|
||||
.driver = {
|
|
@ -1,61 +0,0 @@
|
|||
From 3a83eda52f34b97168b70098ef0e34dbcaeaaf8f Mon Sep 17 00:00:00 2001
|
||||
From: Vishnu Pratap Singh <vishnu.ps@samsung.com>
|
||||
Date: Tue, 25 Aug 2015 00:04:44 +0000
|
||||
Subject: lib/show_mem.c: correct reserved memory calculation
|
||||
|
||||
CMA reserved memory is not part of total reserved memory.
|
||||
Currently when we print the total reserve memory it considers
|
||||
cma as part of reserve memory and do minus of totalcma_pages
|
||||
from reserved, which is wrong. In cases where total reserved
|
||||
is less than cma reserved we will get negative values & while
|
||||
printing we print as unsigned and we will get a very large value.
|
||||
|
||||
Below is the show mem output on X86 ubuntu based system where
|
||||
CMA reserved is 100MB (25600 pages) & total reserved is ~40MB(10316 pages).
|
||||
And reserve memory shows a large value because of this bug.
|
||||
|
||||
Before:
|
||||
[ 127.066430] 898908 pages RAM
|
||||
[ 127.066432] 671682 pages HighMem/MovableOnly
|
||||
[ 127.066434] 4294952012 pages reserved
|
||||
[ 127.066436] 25600 pages cma reserved
|
||||
|
||||
After:
|
||||
[ 44.663129] 898908 pages RAM
|
||||
[ 44.663130] 671682 pages HighMem/MovableOnly
|
||||
[ 44.663130] 10316 pages reserved
|
||||
[ 44.663131] 25600 pages cma reserved
|
||||
|
||||
Signed-off-by: Vishnu Pratap Singh <vishnu.ps@samsung.com>
|
||||
Cc: Michal Nazarewicz <mina86@mina86.com>
|
||||
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
|
||||
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
|
||||
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
|
||||
Cc: Sasha Levin <sasha.levin@oracle.com>
|
||||
Cc: Danesh Petigara <dpetigara@broadcom.com>
|
||||
Cc: Laura Abbott <lauraa@codeaurora.org>
|
||||
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
||||
---
|
||||
lib/show_mem.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/show_mem.c b/lib/show_mem.c
|
||||
index adc98e18..1feed6a 100644
|
||||
--- a/lib/show_mem.c
|
||||
+++ b/lib/show_mem.c
|
||||
@@ -38,11 +38,9 @@ void show_mem(unsigned int filter)
|
||||
|
||||
printk("%lu pages RAM\n", total);
|
||||
printk("%lu pages HighMem/MovableOnly\n", highmem);
|
||||
+ printk("%lu pages reserved\n", reserved);
|
||||
#ifdef CONFIG_CMA
|
||||
- printk("%lu pages reserved\n", (reserved - totalcma_pages));
|
||||
printk("%lu pages cma reserved\n", totalcma_pages);
|
||||
-#else
|
||||
- printk("%lu pages reserved\n", reserved);
|
||||
#endif
|
||||
#ifdef CONFIG_QUICKLIST
|
||||
printk("%lu pages in pagetable cache\n",
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
From 526fbce5b0e44c67a97c57656b3be9911f0a9b9b Mon Sep 17 00:00:00 2001
|
||||
From: Laura Abbott <labbott@fedoraproject.org>
|
||||
Date: Tue, 29 Sep 2015 16:59:20 -0700
|
||||
Subject: [PATCH 2/2] si2157: Bounds check firmware
|
||||
To: Antti Palosaari <crope@iki.fi>
|
||||
To: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
|
||||
Cc: Olli Salonen <olli.salonen@iki.fi>
|
||||
Cc: linux-media@vger.kernel.org
|
||||
Cc: linux-kernel@vger.kernel.org
|
||||
|
||||
When reading the firmware and sending commands, the length
|
||||
must be bounds checked to avoid overrunning the size of the command
|
||||
buffer and smashing the stack if the firmware is not in the
|
||||
expected format. Add the proper check.
|
||||
|
||||
Cc: stable@kernel.org
|
||||
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
|
||||
---
|
||||
drivers/media/tuners/si2157.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c
|
||||
index 5073821..ce157ed 100644
|
||||
--- a/drivers/media/tuners/si2157.c
|
||||
+++ b/drivers/media/tuners/si2157.c
|
||||
@@ -166,6 +166,10 @@ static int si2157_init(struct dvb_frontend *fe)
|
||||
|
||||
for (remaining = fw->size; remaining > 0; remaining -= 17) {
|
||||
len = fw->data[fw->size - remaining];
|
||||
+ if (len > SI2157_ARGLEN) {
|
||||
+ dev_err(&client->dev, "Bad firmware length\n");
|
||||
+ goto err_release_firmware;
|
||||
+ }
|
||||
memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len);
|
||||
cmd.wlen = len;
|
||||
cmd.rlen = 1;
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
From 43018528944fa4965a4048fee91d76b47dcaf60e Mon Sep 17 00:00:00 2001
|
||||
From: Laura Abbott <labbott@fedoraproject.org>
|
||||
Date: Mon, 28 Sep 2015 14:10:34 -0700
|
||||
Subject: [PATCH 1/2] si2168: Bounds check firmware
|
||||
To: Antti Palosaari <crope@iki.fi>
|
||||
To: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
|
||||
Cc: Olli Salonen <olli.salonen@iki.fi>
|
||||
Cc: linux-media@vger.kernel.org
|
||||
Cc: linux-kernel@vger.kernel.org
|
||||
Cc: Stuart Auchterlonie <sauchter@redhat.com>
|
||||
|
||||
|
||||
When reading the firmware and sending commands, the length must
|
||||
be bounds checked to avoid overrunning the size of the command
|
||||
buffer and smashing the stack if the firmware is not in the expected
|
||||
format:
|
||||
|
||||
si2168 11-0064: found a 'Silicon Labs Si2168-B40'
|
||||
si2168 11-0064: downloading firmware from file 'dvb-demod-si2168-b40-01.fw'
|
||||
si2168 11-0064: firmware download failed -95
|
||||
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa085708f
|
||||
|
||||
Add the proper check.
|
||||
|
||||
Cc: stable@kernel.org
|
||||
Reported-by: Stuart Auchterlonie <sauchter@redhat.com>
|
||||
Reviewed-by: Antti Palosaari <crope@iki.fi>
|
||||
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
|
||||
---
|
||||
drivers/media/dvb-frontends/si2168.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/drivers/media/dvb-frontends/si2168.c b/drivers/media/dvb-frontends/si2168.c
|
||||
index 81788c5..821a8f4 100644
|
||||
--- a/drivers/media/dvb-frontends/si2168.c
|
||||
+++ b/drivers/media/dvb-frontends/si2168.c
|
||||
@@ -502,6 +502,10 @@ static int si2168_init(struct dvb_frontend *fe)
|
||||
/* firmware is in the new format */
|
||||
for (remaining = fw->size; remaining > 0; remaining -= 17) {
|
||||
len = fw->data[fw->size - remaining];
|
||||
+ if (len > SI2168_ARGLEN) {
|
||||
+ ret = -EINVAL;
|
||||
+ break;
|
||||
+ }
|
||||
memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len);
|
||||
cmd.wlen = len;
|
||||
cmd.rlen = 1;
|
||||
--
|
||||
2.4.3
|
||||
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
|||
3d5ea06d767e2f35c999eeadafc76523 linux-4.2.tar.xz
|
||||
4c964bfba54d65b5b54cc898baddecad perf-man-4.2.tar.gz
|
||||
c000fd7de765fc8cd60942aa52a996ed patch-4.2.8.xz
|
||||
58b35794eee3b6d52ce7be39357801e7 linux-4.3.tar.xz
|
||||
7c516c9528b9f9aac0136944b0200b7e perf-man-4.3.tar.gz
|
||||
d3235b3640ae6ac1ab579171943fda4b patch-4.3.3.xz
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
From 14588dfe2e411056df5ba85ef88ad51730a2fa0a Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Sat, 15 Aug 2015 20:27:13 -0500
|
||||
Subject: [PATCH 2/2] vfs: Test for and handle paths that are unreachable from
|
||||
their mnt_root
|
||||
|
||||
commit 397d425dc26da728396e66d392d5dcb8dac30c37 upstream.
|
||||
|
||||
In rare cases a directory can be renamed out from under a bind mount.
|
||||
In those cases without special handling it becomes possible to walk up
|
||||
the directory tree to the root dentry of the filesystem and down
|
||||
from the root dentry to every other file or directory on the filesystem.
|
||||
|
||||
Like division by zero .. from an unconnected path can not be given
|
||||
a useful semantic as there is no predicting at which path component
|
||||
the code will realize it is unconnected. We certainly can not match
|
||||
the current behavior as the current behavior is a security hole.
|
||||
|
||||
Therefore when encounting .. when following an unconnected path
|
||||
return -ENOENT.
|
||||
|
||||
- Add a function path_connected to verify path->dentry is reachable
|
||||
from path->mnt.mnt_root. AKA to validate that rename did not do
|
||||
something nasty to the bind mount.
|
||||
|
||||
To avoid races path_connected must be called after following a path
|
||||
component to it's next path component.
|
||||
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
fs/namei.c | 27 +++++++++++++++++++++++++--
|
||||
1 file changed, 25 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fs/namei.c b/fs/namei.c
|
||||
index 1c2105ed20c5..29b927938b8c 100644
|
||||
--- a/fs/namei.c
|
||||
+++ b/fs/namei.c
|
||||
@@ -560,6 +560,24 @@ static int __nd_alloc_stack(struct nameidata *nd)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
|
||||
+ * @path: nameidate to verify
|
||||
+ *
|
||||
+ * Rename can sometimes move a file or directory outside of a bind
|
||||
+ * mount, path_connected allows those cases to be detected.
|
||||
+ */
|
||||
+static bool path_connected(const struct path *path)
|
||||
+{
|
||||
+ struct vfsmount *mnt = path->mnt;
|
||||
+
|
||||
+ /* Only bind mounts can have disconnected paths */
|
||||
+ if (mnt->mnt_root == mnt->mnt_sb->s_root)
|
||||
+ return true;
|
||||
+
|
||||
+ return is_subdir(path->dentry, mnt->mnt_root);
|
||||
+}
|
||||
+
|
||||
static inline int nd_alloc_stack(struct nameidata *nd)
|
||||
{
|
||||
if (likely(nd->depth != EMBEDDED_LEVELS))
|
||||
@@ -1296,6 +1314,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
|
||||
return -ECHILD;
|
||||
nd->path.dentry = parent;
|
||||
nd->seq = seq;
|
||||
+ if (unlikely(!path_connected(&nd->path)))
|
||||
+ return -ENOENT;
|
||||
break;
|
||||
} else {
|
||||
struct mount *mnt = real_mount(nd->path.mnt);
|
||||
@@ -1396,7 +1416,7 @@ static void follow_mount(struct path *path)
|
||||
}
|
||||
}
|
||||
|
||||
-static void follow_dotdot(struct nameidata *nd)
|
||||
+static int follow_dotdot(struct nameidata *nd)
|
||||
{
|
||||
if (!nd->root.mnt)
|
||||
set_root(nd);
|
||||
@@ -1412,6 +1432,8 @@ static void follow_dotdot(struct nameidata *nd)
|
||||
/* rare case of legitimate dget_parent()... */
|
||||
nd->path.dentry = dget_parent(nd->path.dentry);
|
||||
dput(old);
|
||||
+ if (unlikely(!path_connected(&nd->path)))
|
||||
+ return -ENOENT;
|
||||
break;
|
||||
}
|
||||
if (!follow_up(&nd->path))
|
||||
@@ -1419,6 +1441,7 @@ static void follow_dotdot(struct nameidata *nd)
|
||||
}
|
||||
follow_mount(&nd->path);
|
||||
nd->inode = nd->path.dentry->d_inode;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1634,7 +1657,7 @@ static inline int handle_dots(struct nameidata *nd, int type)
|
||||
if (nd->flags & LOOKUP_RCU) {
|
||||
return follow_dotdot_rcu(nd);
|
||||
} else
|
||||
- follow_dotdot(nd);
|
||||
+ return follow_dotdot(nd);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
|
||||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Tue, 15 Dec 2015 15:12:43 +0000
|
||||
Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
|
||||
|
||||
The backported version of commit 7f109f7cc371 ("vrf: fix double free
|
||||
and memory corruption on register_netdevice failure") incorrectly
|
||||
removed a kfree() from the failure path as well as the free_netdev().
|
||||
Add that back.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
drivers/net/vrf.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
|
||||
index c9e309c..6c25fd0 100644
|
||||
--- a/drivers/net/vrf.c
|
||||
+++ b/drivers/net/vrf.c
|
||||
@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
|
||||
{
|
||||
struct net_vrf *vrf = netdev_priv(dev);
|
||||
struct net_vrf_dev *vrf_ptr;
|
||||
+ int err;
|
||||
|
||||
if (!data || !data[IFLA_VRF_TABLE])
|
||||
return -EINVAL;
|
||||
@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
|
||||
|
||||
rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
|
||||
|
||||
- return register_netdev(dev);
|
||||
+ err = register_netdev(dev);
|
||||
+ if (err)
|
||||
+ kfree(vrf_ptr);
|
||||
+ return err;
|
||||
}
|
||||
|
||||
static size_t vrf_nl_getsize(const struct net_device *dev)
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,8 @@
|
|||
From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
||||
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
|
||||
Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
|
||||
enabled
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO register
|
||||
|
@ -65,3 +67,6 @@ index 6b1721f978c2..53fe675f9bd7 100644
|
|||
if (!access_ok(VERIFY_READ, buf, count))
|
||||
return -EFAULT;
|
||||
while (count-- > 0 && i < 65536) {
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
|
||||
Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
|
||||
restricted
|
||||
|
||||
Writing to MSRs should not be allowed if module loading is restricted,
|
||||
since it could lead to execution of arbitrary code in kernel mode. Based
|
||||
|
@ -37,3 +39,6 @@ index 113e70784854..26c2f83fc470 100644
|
|||
if (copy_from_user(®s, uregs, sizeof regs)) {
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
Loading…
Reference in New Issue