diff --git a/0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch b/0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch new file mode 100644 index 000000000..41be051e9 --- /dev/null +++ b/0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch @@ -0,0 +1,35 @@ +From 0f3f5c5b4ca2eb1f41947c50bedb9b17aa1a1f80 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Mon, 11 Nov 2013 08:39:16 -0500 +Subject: [PATCH] lib/cpumask: Make CPUMASK_OFFSTACK usable without debug + dependency + +When CPUMASK_OFFSTACK was added in 2008, it was dependent upon +DEBUG_PER_CPU_MAPS being enabled, or an architecture could select it. +The debug dependency adds additional overhead that isn't required for +operation of the feature, and we need CPUMASK_OFFSTACK to increase the +NR_CPUS value beyond 512 on x86. We drop the current dependency and make +sure SMP is set. + +Signed-off-by: Josh Boyer +--- + lib/Kconfig | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/Kconfig b/lib/Kconfig +index b3c8be0..50b47cd 100644 +--- a/lib/Kconfig ++++ b/lib/Kconfig +@@ -342,7 +342,8 @@ config CHECK_SIGNATURE + bool + + config CPUMASK_OFFSTACK +- bool "Force CPU masks off stack" if DEBUG_PER_CPU_MAPS ++ bool "Force CPU masks off stack" ++ depends on SMP + help + Use dynamic allocation for cpumask_var_t, instead of putting + them on the stack. This is a bit more expensive, but avoids +-- +1.8.3.1 + diff --git a/PatchList.txt b/PatchList.txt index 3759a643d..46fa21cea 100644 --- a/PatchList.txt +++ b/PatchList.txt @@ -1,8 +1,5 @@ **** Backports and patches headed/already upsteram ***************************** -* net-flow_dissector-fail-on-evil-iph-ihl.patch (rhbz 1007939 1025647) - - Should hit upstream and stable soon - * rt2800usb-slow-down-TX-status-polling.patch (rhbz 984696) - Still pending upstream. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=62781 @@ -31,9 +28,6 @@ * elevator-acquire-q-sysfs_lock-in-elevator_change.patch (rhbz 902012) - I believe these are both queued for the next upstream release -* ntp-Make-periodic-RTC-update-more-reliable.patch (rhbz 985522) - - I believe this is queued in John Stultz's tree for 3.13 - * ansi_cprng-Fix-off-by-one-error-in-non-block-size-request.patch (rhbz 1007690 1009136) - Fixes CVE-2013-4345 diff --git a/config-arm-generic b/config-arm-generic index 969ba60c2..320da296f 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -20,6 +20,7 @@ CONFIG_BACKLIGHT_PWM=m CONFIG_INPUT_PWM_BEEPER=m CONFIG_ARM_SP805_WATCHDOG=m CONFIG_ARM_ARCH_TIMER=y +CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y # CONFIG_ARM_DT_BL_CPUFREQ is not set CONFIG_NR_CPUS=8 CONFIG_ARM_DMA_USE_IOMMU=y diff --git a/config-arm64 b/config-arm64 index 214a15267..3b7ac06af 100644 --- a/config-arm64 +++ b/config-arm64 @@ -82,3 +82,4 @@ CONFIG_VM_EVENT_COUNTERS=y # CONFIG_PARPORT_PC is not set # CONFIG_VGA_CONSOLE is not set CONFIG_POWER_RESET_XGENE=y +CONFIG_COMMON_CLK_XGENE=y diff --git a/config-armv7 b/config-armv7 index 0118a15a5..ec0233678 100644 --- a/config-armv7 +++ b/config-armv7 @@ -316,6 +316,7 @@ CONFIG_TI_CPTS=y CONFIG_TI_EMIF=m CONFIG_DRM_TILCDC=m CONFIG_SPI_DAVINCI=m +CONFIG_SND_DAVINCI_SOC=m CONFIG_REGULATOR_TI_ABB=y CONFIG_TI_PRIV_EDMA=y CONFIG_TI_EDMA=y @@ -325,6 +326,7 @@ CONFIG_CHARGER_BQ24190=m CONFIG_TI_ADC081C=m CONFIG_TI_AM335X_ADC=m CONFIG_PWM_TIPWMSS=y +CONFIG_SND_AM33XX_SOC_EVM=m # Allwinner a1x CONFIG_PINCTRL_SUNXI=y diff --git a/config-armv7-lpae b/config-armv7-lpae index f2cfb02f2..f107d4d21 100644 --- a/config-armv7-lpae +++ b/config-armv7-lpae @@ -10,6 +10,7 @@ CONFIG_ARCH_EXYNOS5=y # CONFIG_ARCH_OMAP4 is not set # CONFIG_SOC_OMAP5 is not set # CONFIG_SOC_AM33XX is not set +# CONFIG_SND_AM33XX_SOC_EVM is not set # CONFIG_SOC_AM43XX is not set # CONFIG_ARCH_ROCKCHIP is not set # CONFIG_ARCH_SOCFPGA is not set @@ -139,4 +140,5 @@ CONFIG_S3C_LOWLEVEL_UART_PORT=1 # CONFIG_TEGRA_HOST1X is not set # CONFIG_SPI_DAVINCI is not set # CONFIG_I2C_DAVINCI is not set +# CONFIG_SND_DAVINCI_SOC is not set # CONFIG_TI_SOC_THERMAL is not set diff --git a/config-generic b/config-generic index 756791c9d..0c2eb994a 100644 --- a/config-generic +++ b/config-generic @@ -3338,6 +3338,7 @@ CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m +CONFIG_SND_DICE=m # # Open Sound System @@ -4558,6 +4559,7 @@ CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_PWM is not set # CONFIG_LEDS_LP8501 is not set # CONFIG_LEDS_PCA963X is not set +# CONFIG_LEDS_PCA9685 is not set CONFIG_LEDS_TRIGGERS=y CONFIG_LEDS_TRIGGER_TIMER=m CONFIG_LEDS_TRIGGER_ONESHOT=m @@ -4974,6 +4976,8 @@ CONFIG_GPIO_VIPERBOARD=m # CONFIG_GPIO_BT8XX is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_GRGPIO is not set +# CONFIG_GPIO_PL061 is not set +# CONFIG_GPIO_BCM_KONA is not set # FIXME: Why? CONFIG_EVENT_POWER_TRACING_DEPRECATED=y @@ -5039,6 +5043,8 @@ CONFIG_FMC_CHARDEV=m # CONFIG_HSI is not set +# CONFIG_ARM_ARCH_TIMER_EVTSTREAM is not set + # CONFIG_PM_DEVFREQ is not set # CONFIG_MODULE_SIG is not set # CONFIG_SYSTEM_TRUSTED_KEYRING is not set diff --git a/config-powerpc64 b/config-powerpc64 index ae23e739b..27cdb2dfd 100644 --- a/config-powerpc64 +++ b/config-powerpc64 @@ -14,6 +14,8 @@ CONFIG_PPC_PMAC=y CONFIG_PPC_POWERNV=y CONFIG_POWERNV_MSI=y CONFIG_PPC_POWERNV_RTAS=y +CONFIG_HW_RANDOM_POWERNV=m +CONFIG_SCOM_DEBUGFS=y # CONFIG_PPC_PASEMI is not set # CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set # CONFIG_PPC_PS3 is not set diff --git a/config-powerpc64p7 b/config-powerpc64p7 index 93ee2b276..8bf0e4464 100644 --- a/config-powerpc64p7 +++ b/config-powerpc64p7 @@ -10,6 +10,8 @@ CONFIG_PPC_PSERIES=y CONFIG_PPC_POWERNV=y CONFIG_POWERNV_MSI=y CONFIG_PPC_POWERNV_RTAS=y +CONFIG_HW_RANDOM_POWERNV=m +CONFIG_SCOM_DEBUGFS=y # CONFIG_PPC_PASEMI is not set # CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set # CONFIG_PPC_PS3 is not set diff --git a/config-x86-generic b/config-x86-generic index d2926802e..d120a3ef5 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -40,6 +40,7 @@ CONFIG_EFI_VARS_PSTORE=y CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y CONFIG_EFI_PCDP=y CONFIG_FB_EFI=y +CONFIG_EARLY_PRINTK_EFI=y # needs FB_SIMPLE to work correctly # CONFIG_X86_SYSFB is not set @@ -95,6 +96,7 @@ CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_IPMI=m CONFIG_ACPI_CUSTOM_METHOD=m CONFIG_ACPI_BGRT=y +# CONFIG_ACPI_EXTLOG is not set CONFIG_X86_INTEL_PSTATE=y CONFIG_X86_ACPI_CPUFREQ=m @@ -382,6 +384,7 @@ CONFIG_F71808E_WDT=m CONFIG_HPWDT_NMI_DECODING=y # CONFIG_MFD_TPS6586X is not set # CONFIG_INTEL_MID_DMAC is not set +# CONFIG_GPIO_INTEL_MID is not set CONFIG_PCH_DMA=m CONFIG_INTEL_IPS=m # CONFIG_IBM_RTL is not set diff --git a/config-x86_64-generic b/config-x86_64-generic index e77695e0a..e48ef4503 100644 --- a/config-x86_64-generic +++ b/config-x86_64-generic @@ -30,6 +30,7 @@ CONFIG_AMD_IOMMU_V2=m # CONFIG_IOMMU_DEBUG is not set CONFIG_SWIOTLB=y # CONFIG_CALGARY_IOMMU is not set +# CONFIG_GART_IOMMU is not set CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_MEM_SOFT_DIRTY=y diff --git a/kernel.spec b/kernel.spec index 93d2f9822..6493b07d8 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 3 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -95,7 +95,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -625,7 +625,7 @@ Patch470: die-floppy-die.patch Patch510: silence-noise.patch Patch530: silence-fbcon-logo.patch -Patch600: x86-allow-1024-cpus.patch +Patch600: 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch Patch800: crash-driver.patch @@ -704,9 +704,6 @@ Patch25047: drm-radeon-Disable-writeback-by-default-on-ppc.patch #CVE-2013-4345 rhbz 1007690 1009136 Patch25104: ansi_cprng-Fix-off-by-one-error-in-non-block-size-request.patch -#rhbz 985522 -Patch25107: ntp-Make-periodic-RTC-update-more-reliable.patch - #rhbz 902012 Patch25114: elevator-Fix-a-race-in-elevator-switching-and-md.patch Patch25115: elevator-acquire-q-sysfs_lock-in-elevator_change.patch @@ -1281,7 +1278,7 @@ ApplyOptionalPatch upstream-reverts.patch -R # Architecture patches # x86(-64) -ApplyPatch x86-allow-1024-cpus.patch +ApplyPatch 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch # ARM64 @@ -1411,9 +1408,6 @@ ApplyPatch drm-radeon-Disable-writeback-by-default-on-ppc.patch #CVE-2013-4345 rhbz 1007690 1009136 ApplyPatch ansi_cprng-Fix-off-by-one-error-in-non-block-size-request.patch -#rhbz 985522 -ApplyPatch ntp-Make-periodic-RTC-update-more-reliable.patch - #rhbz 902012 ApplyPatch elevator-Fix-a-race-in-elevator-switching-and-md.patch ApplyPatch elevator-acquire-q-sysfs_lock-in-elevator_change.patch @@ -1944,6 +1938,8 @@ find $RPM_BUILD_ROOT/usr/include \ %if %{with_perf} # perf tool binary and supporting scripts/binaries %{perf_make} DESTDIR=$RPM_BUILD_ROOT install +# remove the 'trace' symlink. +rm -f %{buildroot}%{_bindir}/trace # python-perf extension %{perf_make} DESTDIR=$RPM_BUILD_ROOT install-python_ext @@ -2249,6 +2245,9 @@ fi # ||----w | # || || %changelog +* Tue Nov 12 2013 Josh Boyer - 3.13.0-0.rc0.git2.1 +- Linux v3.12-4849-g10d0c97 + * Mon Nov 11 2013 Josh Boyer - 3.13.0-0.rc0.git1.3 - Linux v3.12-2839-gedae583 - Reenable debugging options. diff --git a/ntp-Make-periodic-RTC-update-more-reliable.patch b/ntp-Make-periodic-RTC-update-more-reliable.patch deleted file mode 100644 index 59179e719..000000000 --- a/ntp-Make-periodic-RTC-update-more-reliable.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a97ad0c4b447a132a322cedc3a5f7fa4cab4b304 Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar -Date: Thu, 1 Aug 2013 19:31:35 +0200 -Subject: [PATCH] ntp: Make periodic RTC update more reliable - -The current code requires that the scheduled update of the RTC happens -in the closest tick to the half of the second. This seems to be -difficult to achieve reliably. The scheduled work may be missing the -target time by a tick or two and be constantly rescheduled every second. - -Relax the limit to 10 ticks. As a typical RTC drifts in the 11-minute -update interval by several milliseconds, this shouldn't affect the -overall accuracy of the RTC much. - -Signed-off-by: Miroslav Lichvar -Signed-off-by: John Stultz ---- - kernel/time/ntp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c -index 8f5b3b9..ab1fa7c 100644 ---- a/kernel/time/ntp.c -+++ b/kernel/time/ntp.c -@@ -475,6 +475,7 @@ static void sync_cmos_clock(struct work_struct *work) - * called as close as possible to 500 ms before the new second starts. - * This code is run on a timer. If the clock is set, that timer - * may not expire at the correct time. Thus, we adjust... -+ * We want the clock to be within a couple of ticks from the target. - */ - if (!ntp_synced()) { - /* -@@ -485,7 +486,7 @@ static void sync_cmos_clock(struct work_struct *work) - } - - getnstimeofday(&now); -- if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2) { -+ if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec * 5) { - struct timespec adjust = now; - - fail = -ENODEV; --- -1.7.9.5 - diff --git a/secure-modules.patch b/secure-modules.patch index 9d01b9356..025bf4fb6 100644 --- a/secure-modules.patch +++ b/secure-modules.patch @@ -1,4 +1,4 @@ -From 8dea807503a1ba88d9e27595daae7f86ec968711 Mon Sep 17 00:00:00 2001 +From 0fc411ee00c81b8a18b1417d31f2736fad155d89 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 17:58:15 -0400 Subject: [PATCH 01/14] Add secure_modules() call @@ -14,10 +14,10 @@ Signed-off-by: Matthew Garrett 2 files changed, 17 insertions(+) diff --git a/include/linux/module.h b/include/linux/module.h -index 46f1ea0..0c266b2 100644 +index 05f2447..de97e77 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -509,6 +509,8 @@ int unregister_module_notifier(struct notifier_block * nb); +@@ -515,6 +515,8 @@ int unregister_module_notifier(struct notifier_block * nb); extern void print_modules(void); @@ -26,7 +26,7 @@ index 46f1ea0..0c266b2 100644 #else /* !CONFIG_MODULES... */ /* Given an address, look for it in the exception tables. */ -@@ -619,6 +621,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb) +@@ -625,6 +627,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb) static inline void print_modules(void) { } @@ -39,10 +39,10 @@ index 46f1ea0..0c266b2 100644 #ifdef CONFIG_SYSFS diff --git a/kernel/module.c b/kernel/module.c -index 2069158..0e94acf 100644 +index dc58274..81206c1 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -3852,3 +3852,13 @@ void module_layout(struct module *mod, +@@ -3860,3 +3860,13 @@ void module_layout(struct module *mod, } EXPORT_SYMBOL(module_layout); #endif @@ -60,7 +60,7 @@ index 2069158..0e94acf 100644 1.8.3.1 -From 9b7b3f6283bf784e4ea1c34e52646b12971b2823 Mon Sep 17 00:00:00 2001 +From b94942e55b519e70366e970cea3665c464d1b7da Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 8 Mar 2012 10:10:38 -0500 Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is @@ -80,7 +80,7 @@ Signed-off-by: Matthew Garrett 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index c0dbe1f..cd4e35f 100644 +index d8eb880..a851ad6 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -29,6 +29,7 @@ @@ -91,7 +91,7 @@ index c0dbe1f..cd4e35f 100644 #include "pci.h" static int sysfs_initialized; /* = 0 */ -@@ -624,6 +625,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, +@@ -644,6 +645,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, loff_t init_off = off; u8 *data = (u8*) buf; @@ -101,7 +101,7 @@ index c0dbe1f..cd4e35f 100644 if (off > dev->cfg_size) return 0; if (off + count > dev->cfg_size) { -@@ -930,6 +934,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, +@@ -950,6 +954,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, resource_size_t start, end; int i; @@ -111,7 +111,7 @@ index c0dbe1f..cd4e35f 100644 for (i = 0; i < PCI_ROM_RESOURCE; i++) if (res == &pdev->resource[i]) break; -@@ -1037,6 +1044,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, +@@ -1057,6 +1064,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { @@ -179,7 +179,7 @@ index e1c1ec5..bffbf71 100644 1.8.3.1 -From aac2425a2664c09c2a369e1eec6e7a5bc2713cb1 Mon Sep 17 00:00:00 2001 +From 36f34509fe52cc49e1b1f6815a3f235040f64a03 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 8 Mar 2012 10:35:59 -0500 Subject: [PATCH 03/14] x86: Lock down IO port access when module security is @@ -252,7 +252,7 @@ index f895a8c..1af8664 100644 1.8.3.1 -From e7f9789c7eedf291972666befee726ff8e7126f6 Mon Sep 17 00:00:00 2001 +From 67d9800dcf60467e076587b0aac67bcdc516cfe2 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 08:39:37 -0500 Subject: [PATCH 04/14] ACPI: Limit access to custom_method @@ -284,7 +284,7 @@ index 12b62f2..50647b3 100644 1.8.3.1 -From d81cd6628c821d47bd086354cbc57b1474f3c1a8 Mon Sep 17 00:00:00 2001 +From bdf3761573167c20c72b151c1088b24fd24869ac Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 08:46:50 -0500 Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module @@ -339,7 +339,7 @@ index 19c313b..db18ef66 100644 1.8.3.1 -From df75e984729ef50bb691b4d15472529fcd81580b Mon Sep 17 00:00:00 2001 +From 65d88af5a2c6bb6d01da17819d8ba782bd208837 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 09:28:15 -0500 Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is @@ -382,7 +382,7 @@ index 1af8664..61406c8 100644 1.8.3.1 -From 78955913cc46cc5e5c7f2c71c1b07a5c18e06456 Mon Sep 17 00:00:00 2001 +From 4aa42b7fa5d7f79eb1d179e728ffa561fd9cf354 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 25 Jun 2012 19:57:30 -0400 Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module @@ -398,7 +398,7 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index 6ab2c35..e4c4410 100644 +index e5f416c..9311c00 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -45,6 +45,7 @@ @@ -409,7 +409,7 @@ index 6ab2c35..e4c4410 100644 #include #include -@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); +@@ -249,7 +250,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); acpi_physical_address __init acpi_os_get_root_pointer(void) { #ifdef CONFIG_KEXEC @@ -422,7 +422,7 @@ index 6ab2c35..e4c4410 100644 1.8.3.1 -From 23aae9143fbece326b3a26bf5ba48956c99cabe4 Mon Sep 17 00:00:00 2001 +From c9e62c2ce588d98a774a3853e56d95e48b9df98c Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 03:33:56 -0400 Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module @@ -438,7 +438,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 8 insertions(+) diff --git a/kernel/kexec.c b/kernel/kexec.c -index 59f7b55..3e2b63a 100644 +index 2a74f30..13601e3 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -32,6 +32,7 @@ @@ -467,7 +467,7 @@ index 59f7b55..3e2b63a 100644 1.8.3.1 -From 218cd49aa2d6a085c5c4edc0396200864f0b54ad Mon Sep 17 00:00:00 2001 +From d0e3cb2c13dc9634849ddacf75b6f0d94147516a Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 3 Sep 2013 11:23:29 -0400 Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted @@ -482,7 +482,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 4 insertions(+) diff --git a/kernel/power/user.c b/kernel/power/user.c -index 4ed81e7..15cb72f 100644 +index 957f061..e570609d 100644 --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -24,6 +24,7 @@ @@ -493,7 +493,7 @@ index 4ed81e7..15cb72f 100644 #include -@@ -48,6 +49,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) +@@ -49,6 +50,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) struct snapshot_data *data; int error; @@ -507,7 +507,7 @@ index 4ed81e7..15cb72f 100644 1.8.3.1 -From beeaac053d4ae57dc65be1da8b46e5d4bc6542b8 Mon Sep 17 00:00:00 2001 +From b238417ed3c5a0b21bbfcac84f6c70011b8977c0 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 8 Feb 2013 11:12:13 -0800 Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is @@ -524,7 +524,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index 88458fa..d08f7e3 100644 +index 05266b5..e2bd647 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, @@ -552,7 +552,7 @@ index 88458fa..d08f7e3 100644 1.8.3.1 -From b4331711c52aff0a6a9cef0f4b52fe261874d6f2 Mon Sep 17 00:00:00 2001 +From c3a9afb3b580b4f721d245fc5d13e378b99b9cd8 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 18:36:30 -0400 Subject: [PATCH 11/14] Add option to automatically enforce module signatures @@ -588,12 +588,12 @@ index 199f453..ec38acf 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index b32ebf9..6a6c19b 100644 +index 725e157..fe212ef 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1581,6 +1581,16 @@ config EFI_STUB +@@ -1604,6 +1604,16 @@ config EFI_STUB - See Documentation/x86/efi-stub.txt for more information. + See Documentation/efi-stub.txt for more information. +config EFI_SECURE_BOOT_SIG_ENFORCE + def_bool n @@ -609,7 +609,7 @@ index b32ebf9..6a6c19b 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index b7388a4..53bfe4f 100644 +index a7677ba..4e172e9 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -12,6 +12,7 @@ @@ -620,10 +620,10 @@ index b7388a4..53bfe4f 100644 #undef memcpy /* Use memcpy from misc.c */ -@@ -861,6 +862,37 @@ fail: - return status; +@@ -741,6 +742,37 @@ free_mem_map: } + +static int get_secure_boot(void) +{ + u8 sb, setup; @@ -656,9 +656,9 @@ index b7388a4..53bfe4f 100644 + + /* - * Because the x86 boot code expects to be passed a boot_params we - * need to create one ourselves (usually the bootloader would create -@@ -1169,6 +1201,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, + * On success we return a pointer to a boot_params structure, and NULL + * on failure. +@@ -760,6 +792,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) goto fail; @@ -670,7 +670,7 @@ index b7388a4..53bfe4f 100644 setup_efi_pci(boot_params); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h -index c15ddaf..85d7685 100644 +index 9c3733c..a7ba210 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h @@ -131,7 +131,8 @@ struct boot_params { @@ -684,10 +684,10 @@ index c15ddaf..85d7685 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index f8ec578..deeb7bc 100644 +index 918d489..fe429c1 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1129,6 +1129,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1127,6 +1127,12 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); @@ -701,10 +701,10 @@ index f8ec578..deeb7bc 100644 * Parse the ACPI tables for possible boot-time SMP configuration. */ diff --git a/include/linux/module.h b/include/linux/module.h -index 0c266b2..5a6374a 100644 +index de97e77..d69fe19 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -184,6 +184,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); +@@ -190,6 +190,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); struct notifier_block; @@ -718,10 +718,10 @@ index 0c266b2..5a6374a 100644 extern int modules_disabled; /* for sysctl */ diff --git a/kernel/module.c b/kernel/module.c -index 0e94acf..974139b 100644 +index 81206c1..e1428f0 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -3853,6 +3853,13 @@ void module_layout(struct module *mod, +@@ -3861,6 +3861,13 @@ void module_layout(struct module *mod, EXPORT_SYMBOL(module_layout); #endif @@ -739,7 +739,7 @@ index 0e94acf..974139b 100644 1.8.3.1 -From bb28516d346e6511f1e012321c48eb142763e539 Mon Sep 17 00:00:00 2001 +From 27a1aa77c7fbaaae8c6a776190a38dcbf3c3d6d2 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 5 Feb 2013 19:25:05 -0500 Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode @@ -756,10 +756,10 @@ Signed-off-by: Josh Boyer 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 53bfe4f..946028b 100644 +index 4e172e9..4905f4d 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -864,8 +864,9 @@ fail: +@@ -744,8 +744,9 @@ free_mem_map: static int get_secure_boot(void) { @@ -770,7 +770,7 @@ index 53bfe4f..946028b 100644 efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; efi_status_t status; -@@ -889,6 +890,23 @@ static int get_secure_boot(void) +@@ -769,6 +770,23 @@ static int get_secure_boot(void) if (setup == 1) return 0; @@ -798,7 +798,7 @@ index 53bfe4f..946028b 100644 1.8.3.1 -From 4c8824bac8d4284e66c39c365ba84151f2d78e87 Mon Sep 17 00:00:00 2001 +From 2a445ca2c187da4497ef5f68f111574fd2b0d419 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 27 Aug 2013 13:28:43 -0400 Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI @@ -812,11 +812,11 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 6a6c19b..10498ec 100644 +index fe212ef..bf83fd3 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1582,7 +1582,8 @@ config EFI_STUB - See Documentation/x86/efi-stub.txt for more information. +@@ -1605,7 +1605,8 @@ config EFI_STUB + See Documentation/efi-stub.txt for more information. config EFI_SECURE_BOOT_SIG_ENFORCE - def_bool n @@ -829,7 +829,7 @@ index 6a6c19b..10498ec 100644 1.8.3.1 -From 871b0ed1847c3c5413a4ca72ecf18735858f7708 Mon Sep 17 00:00:00 2001 +From b1c533cc1d1ca7a03497cc4f2e1b029bde95633c Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 27 Aug 2013 13:33:03 -0400 Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit @@ -844,10 +844,10 @@ Signed-off-by: Josh Boyer 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index deeb7bc..08dc16e 100644 +index fe429c1..469fbf0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1131,7 +1131,9 @@ void __init setup_arch(char **cmdline_p) +@@ -1129,7 +1129,9 @@ void __init setup_arch(char **cmdline_p) #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE if (boot_params.secure_boot) { @@ -858,10 +858,10 @@ index deeb7bc..08dc16e 100644 #endif diff --git a/include/linux/efi.h b/include/linux/efi.h -index 5f8f176..eed2202 100644 +index bc5687d..b010a2e 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -634,6 +634,7 @@ extern int __init efi_setup_pcdp_console(char *); +@@ -653,6 +653,7 @@ extern int __init efi_setup_pcdp_console(char *); #define EFI_RUNTIME_SERVICES 3 /* Can we use runtime services? */ #define EFI_MEMMAP 4 /* Can we use EFI memory map? */ #define EFI_64BIT 5 /* Is the firmware 64-bit? */ diff --git a/sources b/sources index acdca4b59..fd4184c50 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz 47eda935b7156e21ef3d424ba8797863 patch-3.12-git1.xz +6de5ff06cc215c8aba4f411d397e4b47 patch-3.12-git2.xz diff --git a/x86-allow-1024-cpus.patch b/x86-allow-1024-cpus.patch deleted file mode 100644 index decafd6ef..000000000 --- a/x86-allow-1024-cpus.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index f67e839..d726b2d 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -825,7 +825,7 @@ config MAXSMP - config NR_CPUS - int "Maximum number of CPUs" if SMP && !MAXSMP - range 2 8 if SMP && X86_32 && !X86_BIGSMP -- range 2 512 if SMP && !MAXSMP -+ range 2 1024 if SMP && !MAXSMP - default "1" if !SMP - default "4096" if MAXSMP - default "32" if SMP && (X86_NUMAQ || X86_SUMMIT || X86_BIGSMP || X86_ES7000)