rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Linux v3.17

This commit is contained in:
Josh Boyer 2014-10-06 13:00:30 -04:00
parent 15e63c946d
commit dbc4a9b8e8
95 changed files with 9406 additions and 12221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
View File

@ -1,138 +0,0 @@
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1021036
Upstream-status: Send upstream for 3.17
From 0ad19912cb324f0a356a212433ec0b2a31f61acc Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 20 Jun 2014 10:29:16 +0200
Subject: [PATCH] ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling
It seems that the same problems which lead to adding an rfkill blacklist and
putting the Lenovo Yoga 2 11 on it are also present on the Lenovo Yoga 2 13
and Lenovo Yoga 2 Pro too:
https://bugzilla.redhat.com/show_bug.cgi?id=1021036
https://forums.lenovo.com/t5/Linux-Discussion/Yoga-2-13-not-Pro-Linux-Warning/m-p/1517612
Testing has shown that the firmware rfkill settings are persistent over
reboots. So blacklisting the driver is not good enough, if the wifi is blocked
at the firmware level the wifi needs to be explictly unblocked through the
ideapad-laptop interface.
And at least on the Lenovo Yoga 2 13 the VPCCMD_RF register which on devices
with hardware kill switch reports the hardware switch state, needs to be
explictly set to 1 (radio enabled / not blocked).
So this patch does 3 things to get proper rfkill handling on these models:
1) Instead of blacklisting the rfkill functionality, which means that people
with a firmware blocked wifi get stuck in that situation, ignore the value
reported by the not present hardware rfkill switch, as this is what is causing
ideapad-laptop to wrongly report all radios as hardware blocks. But do register
the rfkill interfaces so that the user can soft [un]block them.
2) On models without a hardware rfkill switch, explictly set VPCCMD_RF to 1
3) Drop the " 11" postfix from the dmi match string, as the entire Yoga 2
series is affected.
Yoga 2 11:
Reported-and-tested-by: Vincent Gerris <vgerris@gmail.com>
Yoga 2 13:
Tested-by: madls05 <http://ubuntuforums.org/showthread.php?t=2215044>
Yoga 2 Pro:
Reported-and-tested-by: Peter F. Patel-Schneider <pfpschneider@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/ideapad-laptop.c | 41 +++++++++++++++++++++++------------
1 file changed, 27 insertions(+), 14 deletions(-)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index b4c495a..b0e3a2e 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -87,6 +87,7 @@ struct ideapad_private {
struct backlight_device *blightdev;
struct dentry *debug;
unsigned long cfg;
+ bool has_hw_rfkill_switch;
};
static bool no_bt_rfkill;
@@ -473,12 +474,14 @@ static struct rfkill_ops ideapad_rfk_ops = {
static void ideapad_sync_rfk_state(struct ideapad_private *priv)
{
- unsigned long hw_blocked;
+ unsigned long hw_blocked = 0;
int i;
- if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
- return;
- hw_blocked = !hw_blocked;
+ if (priv->has_hw_rfkill_switch) {
+ if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
+ return;
+ hw_blocked = !hw_blocked;
+ }
for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
if (priv->rfk[i])
@@ -821,14 +824,17 @@ static void ideapad_acpi_notify(acpi_handle handle, u32 event, void *data)
}
}
-/* Blacklist for devices where the ideapad rfkill interface does not work */
-static struct dmi_system_id rfkill_blacklist[] = {
- /* The Lenovo Yoga 2 11 always reports everything as blocked */
+/*
+ * Some ideapads don't have a hardware rfkill switch, reading VPCCMD_R_RF
+ * always results in 0 on these models, causing ideapad_laptop to wrongly
+ * report all radios as hardware-blocked.
+ */
+static struct dmi_system_id no_hw_rfkill_list[] = {
{
- .ident = "Lenovo Yoga 2 11",
+ .ident = "Lenovo Yoga 2 11 / 13 / Pro",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
- DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2 11"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2"),
},
},
{}
@@ -856,6 +862,7 @@ static int ideapad_acpi_add(struct platform_device *pdev)
priv->cfg = cfg;
priv->adev = adev;
priv->platform_device = pdev;
+ priv->has_hw_rfkill_switch = !dmi_check_system(no_hw_rfkill_list);
ret = ideapad_sysfs_init(priv);
if (ret)
@@ -869,11 +876,17 @@ static int ideapad_acpi_add(struct platform_device *pdev)
if (ret)
goto input_failed;
- if (!dmi_check_system(rfkill_blacklist)) {
- for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
- if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
- ideapad_register_rfkill(priv, i);
- }
+ /*
+ * On some models without a hw-switch (the yoga 2 13 at least)
+ * VPCCMD_W_RF must be explicitly set to 1 for the wifi to work.
+ */
+ if (!priv->has_hw_rfkill_switch)
+ write_ec_cmd(priv->adev->handle, VPCCMD_W_RF, 1);
+
+ for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
+ if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
+ ideapad_register_rfkill(priv, i);
+
ideapad_sync_rfk_state(priv);
ideapad_sync_touchpad_state(priv);
--
2.0.0

30
ACPI-Limit-access-to-custom_method.patch Normal file
View File

@ -0,0 +1,30 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH] ACPI: Limit access to custom_method
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if any such restrictions have been enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/acpi/custom_method.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index c68e72414a67..4277938af700 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
struct acpi_table_header table;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
if (!(*ppos)) {
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
--
1.9.3

31
ARM-tegra-usb-no-reset.patch Normal file
View File

@ -0,0 +1,31 @@
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 3 May 2012 20:27:11 +0100
Subject: [PATCH] ARM: tegra: usb no reset
Patch for disconnect issues with storage attached to a
tegra-ehci controller
---
drivers/usb/core/hub.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index d481c99a20d7..6050143ce7ec 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5036,6 +5036,13 @@ static void hub_events(void)
(u16) hub->change_bits[0],
(u16) hub->event_bits[0]);
+ /* Don't disconnect USB-SATA on TrimSlice */
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
+ (hub->event_bits[0] == 0x2))
+ hub->event_bits[0] = 0;
+ }
+
/* Lock the device, then check to see if we were
* disconnected while waiting for the lock to succeed. */
usb_lock_device(hdev);
--
1.9.3

56
Add-EFI-signature-data-types.patch Normal file
View File

@ -0,0 +1,56 @@
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH] Add EFI signature data types
Add the data types that are used for containing hashes, keys and certificates
for cryptographic verification.
Bugzilla: N/A
Upstream-status: Fedora mustard for now
Signed-off-by: David Howells <dhowells@redhat.com>
---
include/linux/efi.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index ebe6a24cc1e1..5ce40e215f15 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -581,6 +581,12 @@ void efi_native_runtime_setup(void);
#define DEVICE_TREE_GUID \
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
+#define EFI_CERT_SHA256_GUID \
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
+
+#define EFI_CERT_X509_GUID \
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+
typedef struct {
efi_guid_t guid;
u64 table;
@@ -796,6 +802,20 @@ typedef struct _efi_file_io_interface {
#define EFI_INVALID_TABLE_ADDR (~0UL)
+typedef struct {
+ efi_guid_t signature_owner;
+ u8 signature_data[];
+} efi_signature_data_t;
+
+typedef struct {
+ efi_guid_t signature_type;
+ u32 signature_list_size;
+ u32 signature_header_size;
+ u32 signature_size;
+ u8 signature_header[];
+ /* efi_signature_data_t signatures[][] */
+} efi_signature_list_t;
+
/*
* All runtime access to EFI goes through this structure:
*/
--
1.9.3

178
Add-an-EFI-signature-blob-parser-and-key-loader.patch Normal file
View File

@ -0,0 +1,178 @@
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH] Add an EFI signature blob parser and key loader.
X.509 certificates are loaded into the specified keyring as asymmetric type
keys.
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/Kconfig | 8 +++
crypto/asymmetric_keys/Makefile | 1 +
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
include/linux/efi.h | 4 ++
4 files changed, 122 insertions(+)
create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 4870f28403f5..4a1b50d73b80 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION
This option provides support for verifying the signature(s) on a
signed PE binary.
+config EFI_SIGNATURE_LIST_PARSER
+ bool "EFI signature list parser"
+ depends on EFI
+ select X509_CERTIFICATE_PARSER
+ help
+ This option provides support for parsing EFI signature lists for
+ X.509 certificates and turning them into keys.
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index e47fcd9ac5e8..6512f6596785 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
#
# X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
new file mode 100644
index 000000000000..424896a0b169
--- /dev/null
+++ b/crypto/asymmetric_keys/efi_parser.c
@@ -0,0 +1,109 @@
+/* EFI signature/key/certificate list parser
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "EFI: "fmt
+#include <linux/module.h>
+#include <linux/printk.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <keys/asymmetric-type.h>
+
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
+
+/**
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
+ * @data: The data blob to parse
+ * @size: The size of the data blob
+ * @keyring: The keyring to add extracted keys to
+ */
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
+{
+ unsigned offs = 0;
+ size_t lsize, esize, hsize, elsize;
+
+ pr_devel("-->%s(,%zu)\n", __func__, size);
+
+ while (size > 0) {
+ efi_signature_list_t list;
+ const efi_signature_data_t *elem;
+ key_ref_t key;
+
+ if (size < sizeof(list))
+ return -EBADMSG;
+
+ memcpy(&list, data, sizeof(list));
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
+ offs,
+ list.signature_type.b, list.signature_list_size,
+ list.signature_header_size, list.signature_size);
+
+ lsize = list.signature_list_size;
+ hsize = list.signature_header_size;
+ esize = list.signature_size;
+ elsize = lsize - sizeof(list) - hsize;
+
+ if (lsize > size) {
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
+ __func__, offs);
+ return -EBADMSG;
+ }
+ if (lsize < sizeof(list) ||
+ lsize - sizeof(list) < hsize ||
+ esize < sizeof(*elem) ||
+ elsize < esize ||
+ elsize % esize != 0) {
+ pr_devel("- bad size combo @%x\n", offs);
+ return -EBADMSG;
+ }
+
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
+ data += lsize;
+ size -= lsize;
+ offs += lsize;
+ continue;
+ }
+
+ data += sizeof(list) + hsize;
+ size -= sizeof(list) + hsize;
+ offs += sizeof(list) + hsize;
+
+ for (; elsize > 0; elsize -= esize) {
+ elem = data;
+
+ pr_devel("ELEM[%04x]\n", offs);
+
+ key = key_create_or_update(
+ make_key_ref(keyring, 1),
+ "asymmetric",
+ NULL,
+ &elem->signature_data,
+ esize - sizeof(*elem),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW,
+ KEY_ALLOC_NOT_IN_QUOTA |
+ KEY_ALLOC_TRUSTED);
+
+ if (IS_ERR(key))
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
+ PTR_ERR(key));
+ else
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
+ key_ref_to_ptr(key)->description,
+ keyring->description);
+
+ data += esize;
+ size -= esize;
+ offs += esize;
+ }
+ }
+
+ return 0;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 5ce40e215f15..41359e548bcb 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -906,6 +906,10 @@ extern bool efi_poweroff_required(void);
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
(md) = (void *)(md) + (m)->desc_size)
+struct key;
+extern int __init parse_efi_signature_list(const void *data, size_t size,
+ struct key *keyring);
+
/**
* efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address
--
1.9.3

185
Add-option-to-automatically-enforce-module-signature.patch Normal file
View File

@ -0,0 +1,185 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH] Add option to automatically enforce module signatures when in
Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that all kernel modules also be signed. Add a configuration option
that enforces this automatically when enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
Documentation/x86/zero-page.txt | 2 ++
arch/x86/Kconfig | 10 ++++++++++
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
arch/x86/kernel/setup.c | 6 ++++++
include/linux/module.h | 6 ++++++
kernel/module.c | 7 +++++++
7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 199f453cb4de..ec38acf00b40 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
(below)
+1EB/001 ALL kbd_status Numlock is enabled
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
1EF/001 ALL sentinel Used to detect broken bootloaders
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 36327438caf0..61542c282e70 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1566,6 +1566,16 @@ config EFI_MIXED
If unsure, say N.
+config EFI_SECURE_BOOT_SIG_ENFORCE
+ def_bool n
+ prompt "Force module signing when UEFI Secure Boot is enabled"
+ ---help---
+ UEFI Secure Boot provides a mechanism for ensuring that the
+ firmware will only load signed bootloaders and kernels. Certain
+ use cases may also require that all kernel modules also be signed.
+ Say Y here to automatically enable module signature enforcement
+ when a system boots with UEFI Secure Boot enabled.
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index de8eebd6f67c..975d11bfaf5b 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
#include <asm/efi.h>
#include <asm/setup.h>
#include <asm/desc.h>
+#include <asm/bootparam_utils.h>
#undef memcpy /* Use memcpy from misc.c */
@@ -814,6 +815,37 @@ out:
return status;
}
+static int get_secure_boot(void)
+{
+ u8 sb, setup;
+ unsigned long datasize = sizeof(sb);
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
+ efi_status_t status;
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (sb == 0)
+ return 0;
+
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SetupMode", &var_guid, NULL, &datasize,
+ &setup);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (setup == 1)
+ return 0;
+
+ return 1;
+}
+
+
/*
* See if we have Graphics Output Protocol
*/
@@ -1389,6 +1421,10 @@ struct boot_params *efi_main(struct efi_config *c,
else
setup_boot_services32(efi_early);
+ sanitize_boot_params(boot_params);
+
+ boot_params->secure_boot = get_secure_boot();
+
setup_graphics(boot_params);
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 225b0988043a..90dbfb73e11f 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -133,7 +133,8 @@ struct boot_params {
__u8 eddbuf_entries; /* 0x1e9 */
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
__u8 kbd_status; /* 0x1eb */
- __u8 _pad5[3]; /* 0x1ec */
+ __u8 secure_boot; /* 0x1ec */
+ __u8 _pad5[2]; /* 0x1ed */
/*
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 41ead8d3bc0b..5a5cf7395724 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
+ if (boot_params.secure_boot) {
+ enforce_signed_modules();
+ }
+#endif
+
/*
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index 341a73ecea2e..cca08ac450e2 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
struct notifier_block;
+#ifdef CONFIG_MODULE_SIG
+extern void enforce_signed_modules(void);
+#else
+static inline void enforce_signed_modules(void) {};
+#endif
+
#ifdef CONFIG_MODULES
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index 1f7b4664300e..866417ecc76a 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3843,6 +3843,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
+#ifdef CONFIG_MODULE_SIG
+void enforce_signed_modules(void)
+{
+ sig_enforce = true;
+}
+#endif
+
bool secure_modules(void)
{
#ifdef CONFIG_MODULE_SIG
--
1.9.3

63
Add-secure_modules-call.patch Normal file
View File

@ -0,0 +1,63 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH] Add secure_modules() call
Provide a single call to allow kernel code to determine whether the system
has been configured to either disable module loading entirely or to load
only modules signed with a trusted key.
Bugzilla: N/A
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
include/linux/module.h | 7 +++++++
kernel/module.c | 10 ++++++++++
2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 71f282a4e307..341a73ecea2e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb);
extern void print_modules(void);
+extern bool secure_modules(void);
+
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
static inline void print_modules(void)
{
}
+
+static inline bool secure_modules(void)
+{
+ return false;
+}
#endif /* CONFIG_MODULES */
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
index 03214bd288e9..1f7b4664300e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3842,3 +3842,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
+
+bool secure_modules(void)
+{
+#ifdef CONFIG_MODULE_SIG
+ return (sig_enforce || modules_disabled);
+#else
+ return modules_disabled;
+#endif
+}
+EXPORT_SYMBOL(secure_modules);
--
1.9.3

20
sysrq-secure-boot.patch → Add-sysrq-option-to-disable-secure-boot-mode.patch
View File

@ -1,11 +1,9 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From 603230771bdbca78e6530d29dbe8b239cdcc8473 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@redhat.com>
Date: Fri, 30 Aug 2013 09:28:51 -0400
Subject: [PATCH] Add sysrq option to disable secure boot mode
Bugzilla: N/A
Upstream-status: Fedora mustard
---
arch/x86/kernel/setup.c | 36 ++++++++++++++++++++++++++++++++++++
drivers/input/misc/uinput.c | 1 +
@ -17,7 +15,7 @@ Subject: [PATCH] Add sysrq option to disable secure boot mode
7 files changed, 65 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 5ce785fc9f05..2024cbb7169b 100644
index fb282ff6a802..d291d16ba257 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -70,6 +70,11 @@
@ -71,10 +69,10 @@ index 5ce785fc9f05..2024cbb7169b 100644
.notifier_call = dump_kernel_offset
};
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 856936247500..1e87a1ea704b 100644
index 421e29e4cd81..61c1eb97806c 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -353,6 +353,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
if (!udev->dev)
return -ENOMEM;
@ -83,7 +81,7 @@ index 856936247500..1e87a1ea704b 100644
input_set_drvdata(udev->dev, udev);
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index 454b65898e2c..19d67594a3b8 100644
index 42bad18c66c9..496e073b09d7 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -463,6 +463,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
@ -217,7 +215,7 @@ index 387fa7d05c98..4b07e30b3279 100644
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
struct sysrq_key_op *__sysrq_get_key_op(int key);
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 2f7c760305ca..abb29d9811af 100644
index 379650b984f8..070f29fefdc2 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1924,7 +1924,7 @@ static int kdb_sr(int argc, const char **argv)
@ -230,10 +228,10 @@ index 2f7c760305ca..abb29d9811af 100644
return 0;
diff --git a/kernel/module.c b/kernel/module.c
index 452079124fb7..37dabbc1e902 100644
index 866417ecc76a..d7ca95c5a349 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
@@ -108,9 +108,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
#ifdef CONFIG_MODULE_SIG
#ifdef CONFIG_MODULE_SIG_FORCE

76
HID-i2c-hid-call-the-hid-driver-s-suspend-and-resume.patch
View File

@ -1,76 +0,0 @@
From 109571cf3ec78a39477eedd6b11927f52cbcb1e8 Mon Sep 17 00:00:00 2001
From: Andrew Duggan <aduggan@synaptics.com>
Date: Fri, 11 Jul 2014 16:34:18 -0700
Subject: [PATCH] HID: i2c-hid: call the hid driver's suspend and resume
callbacks
Currently, the i2c-hid driver does not call the suspend, resume, and
reset_resume callbacks in the hid_driver struct when those events occur.
This means that HID drivers for i2c-hid devices will not be able to execute
commands which may be needed during suspend or resume. One example is when a
touchpad using the hid-multitouch driver gets reset by i2c-hid coming out of
resume. Since the reset_resume callback never gets called the device is never
put back into the correct input mode. This patch calls the suspend and resume
callbacks and tries to duplicate the functionality of the usb-hid driver.
Bugzilla: 1143812
Upstream-status: 3.17
Signed-off-by: Andrew Duggan <aduggan@synaptics.com>
Signed-off-by: Vincent Huang <vincent.huang@tw.synaptics.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
drivers/hid/i2c-hid/i2c-hid.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c
index 21aafc8f48c8..747d54421e73 100644
--- a/drivers/hid/i2c-hid/i2c-hid.c
+++ b/drivers/hid/i2c-hid/i2c-hid.c
@@ -1054,21 +1054,29 @@ static int i2c_hid_remove(struct i2c_client *client)
static int i2c_hid_suspend(struct device *dev)
{
struct i2c_client *client = to_i2c_client(dev);
+ struct i2c_hid *ihid = i2c_get_clientdata(client);
+ struct hid_device *hid = ihid->hid;
+ int ret = 0;
disable_irq(client->irq);
if (device_may_wakeup(&client->dev))
enable_irq_wake(client->irq);
+ if (hid->driver && hid->driver->suspend)
+ ret = hid->driver->suspend(hid, PMSG_SUSPEND);
+
/* Save some power */
i2c_hid_set_power(client, I2C_HID_PWR_SLEEP);
- return 0;
+ return ret;
}
static int i2c_hid_resume(struct device *dev)
{
int ret;
struct i2c_client *client = to_i2c_client(dev);
+ struct i2c_hid *ihid = i2c_get_clientdata(client);
+ struct hid_device *hid = ihid->hid;
enable_irq(client->irq);
ret = i2c_hid_hwreset(client);
@@ -1078,6 +1086,11 @@ static int i2c_hid_resume(struct device *dev)
if (device_may_wakeup(&client->dev))
disable_irq_wake(client->irq);
+ if (hid->driver && hid->driver->reset_resume) {
+ ret = hid->driver->reset_resume(hid);
+ return ret;
+ }
+
return 0;
}
#endif
--
2.1.0

51
HID-magicmouse-sanity-check-report-size-in-raw_event.patch
View File

@ -1,51 +0,0 @@
From c54def7bd64d7c0b6993336abcffb8444795bf38 Mon Sep 17 00:00:00 2001
From: Jiri Kosina <jkosina@suse.cz>
Date: Wed, 27 Aug 2014 09:12:24 +0200
Subject: [PATCH] HID: magicmouse: sanity check report size in raw_event()
callback
The report passed to us from transport driver could potentially be
arbitrarily large, therefore we better sanity-check it so that
magicmouse_emit_touch() gets only valid values of raw_id.
Bugzilla: 1141179
Upstream-status: 3.17 and CC'd stable
Cc: stable@vger.kernel.org
Reported-by: Steven Vittitoe <scvitti@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
drivers/hid/hid-magicmouse.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
index ecc2cbf300cc..29a74c1efcb8 100644
--- a/drivers/hid/hid-magicmouse.c
+++ b/drivers/hid/hid-magicmouse.c
@@ -290,6 +290,11 @@ static int magicmouse_raw_event(struct hid_device *hdev,
if (size < 4 || ((size - 4) % 9) != 0)
return 0;
npoints = (size - 4) / 9;
+ if (npoints > 15) {
+ hid_warn(hdev, "invalid size value (%d) for TRACKPAD_REPORT_ID\n",
+ size);
+ return 0;
+ }
msc->ntouches = 0;
for (ii = 0; ii < npoints; ii++)
magicmouse_emit_touch(msc, ii, data + ii * 9 + 4);
@@ -307,6 +312,11 @@ static int magicmouse_raw_event(struct hid_device *hdev,
if (size < 6 || ((size - 6) % 8) != 0)
return 0;
npoints = (size - 6) / 8;
+ if (npoints > 15) {
+ hid_warn(hdev, "invalid size value (%d) for MOUSE_REPORT_ID\n",
+ size);
+ return 0;
+ }
msc->ntouches = 0;
for (ii = 0; ii < npoints; ii++)
magicmouse_emit_touch(msc, ii, data + ii * 8 + 6);
--
2.1.0

41
HID-picolcd-sanity-check-report-size-in-raw_event-ca.patch
View File

@ -1,41 +0,0 @@
From 844817e47eef14141cf59b8d5ac08dd11c0a9189 Mon Sep 17 00:00:00 2001
From: Jiri Kosina <jkosina@suse.cz>
Date: Wed, 27 Aug 2014 09:13:15 +0200
Subject: [PATCH] HID: picolcd: sanity check report size in raw_event()
callback
The report passed to us from transport driver could potentially be
arbitrarily large, therefore we better sanity-check it so that raw_data
that we hold in picolcd_pending structure are always kept within proper
bounds.
Bugzilla: 1141410
Upstream-status: 3.17 and CC'd to stable
Cc: stable@vger.kernel.org
Reported-by: Steven Vittitoe <scvitti@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
drivers/hid/hid-picolcd_core.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
index acbb021065ec..020df3c2e8b4 100644
--- a/drivers/hid/hid-picolcd_core.c
+++ b/drivers/hid/hid-picolcd_core.c
@@ -350,6 +350,12 @@ static int picolcd_raw_event(struct hid_device *hdev,
if (!data)
return 1;
+ if (size > 64) {
+ hid_warn(hdev, "invalid size value (%d) for picolcd raw event\n",
+ size);
+ return 0;
+ }
+
if (report->id == REPORT_KEY_STATE) {
if (data->input_keys)
ret = picolcd_raw_keypad(data, report, raw_data+1, size-1);
--
2.1.0

46
HID-wacom-Add-support-for-the-Cintiq-Companion.patch Normal file
View File

@ -0,0 +1,46 @@
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Date: Wed, 3 Sep 2014 15:43:25 -0400
Subject: [PATCH] HID: wacom: Add support for the Cintiq Companion
The Wacom Cintiq Companion shares the same sensor than the Cintiq
Companion Hybrid, with the exception of the different PIDs.
Bugzilla: 1134969
Upstream-status: Queued for 3.18
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
---
drivers/hid/wacom_wac.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
index aa6a08eb7ad6..c3cbbfb5811f 100644
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2573,6 +2573,14 @@ static const struct wacom_features wacom_features_0x309 =
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10,
.check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
+static const struct wacom_features wacom_features_0x30A =
+ { "Wacom ISDv5 30A", 59352, 33648, 2047, 63,
+ CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
+static const struct wacom_features wacom_features_0x30C =
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30A, .touch_max = 10,
+ .check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
#define USB_DEVICE_WACOM(prod) \
HID_DEVICE(BUS_USB, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
@@ -2708,6 +2716,8 @@ const struct hid_device_id wacom_ids[] = {
{ USB_DEVICE_WACOM(0x304) },
{ USB_DEVICE_WACOM(0x307) },
{ USB_DEVICE_WACOM(0x309) },
+ { USB_DEVICE_WACOM(0x30A) },
+ { USB_DEVICE_WACOM(0x30C) },
{ USB_DEVICE_WACOM(0x30E) },
{ USB_DEVICE_WACOM(0x314) },
{ USB_DEVICE_WACOM(0x315) },
--
1.9.3

46
Input-wacom-Add-support-for-the-Cintiq-Companion.patch
View File

@ -1,46 +0,0 @@
From bdfffc320102278edac2db5a397ffbfd89faeab3 Mon Sep 17 00:00:00 2001
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Date: Wed, 3 Sep 2014 15:43:25 -0400
Subject: [PATCH] Input: wacom: Add support for the Cintiq Companion
The Wacom Cintiq Companion shares the same sensor than the Cintiq
Companion Hybrid, with the exception of the different PIDs.
Bugzilla: 1134969
Upstream-status: Queued for 3.18
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
---
drivers/input/tablet/wacom_wac.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/input/tablet/wacom_wac.c b/drivers/input/tablet/wacom_wac.c
index e73cf2c71f35..7f6caf8c85fb 100644
--- a/drivers/input/tablet/wacom_wac.c
+++ b/drivers/input/tablet/wacom_wac.c
@@ -2332,6 +2332,13 @@ static const struct wacom_features wacom_features_0x0307 =
static const struct wacom_features wacom_features_0x0309 =
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10 };
+static const struct wacom_features wacom_features_0x030A =
+ { "Wacom ISDv5 30A", WACOM_PKGLEN_INTUOS, 59352, 33648, 2047,
+ 63, CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
+static const struct wacom_features wacom_features_0x030C =
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x030A, .touch_max = 10 };
#define USB_DEVICE_WACOM(prod) \
USB_DEVICE(USB_VENDOR_ID_WACOM, prod), \
@@ -2478,6 +2485,8 @@ const struct usb_device_id wacom_ids[] = {
{ USB_DEVICE_WACOM(0xFA) },
{ USB_DEVICE_WACOM(0xFB) },
{ USB_DEVICE_WACOM(0x0307) },
+ { USB_DEVICE_WACOM(0x030A) },
+ { USB_DEVICE_DETAILED(0x030C, USB_CLASS_HID, 0, 0) },
{ USB_DEVICE_DETAILED(0x0309, USB_CLASS_HID, 0, 0) },
{ USB_DEVICE_LENOVO(0x6004) },
{ }
--
1.9.3

111
KEYS-Add-a-system-blacklist-keyring.patch Normal file
View File

@ -0,0 +1,111 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules
and if the module's certificate is found, it will refuse to load. This is
useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/keys/system_keyring.h | 4 ++++
init/Kconfig | 9 +++++++++
kernel/module_signing.c | 12 ++++++++++++
kernel/system_keyring.c | 17 +++++++++++++++++
4 files changed, 42 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 72665eb80692..2c7b80d31366 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
}
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 80a6907f91c5..dfdd7f738247 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1723,6 +1723,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fac4bd0..fed815fcdaf2 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
pr_debug("Look up: \"%s\"\n", id);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
+ &key_type_asymmetric, id);
+ if (!IS_ERR(key)) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key '%s' is in blacklist\n", id);
+ key_ref_put(key);
+ kfree(id);
+ return ERR_PTR(-EKEYREJECTED);
+ }
+#endif
+
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
&key_type_asymmetric, id);
if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 875f64e8935b..c15e93f5a418 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
EXPORT_SYMBOL_GPL(system_trusted_keyring);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+struct key *system_blacklist_keyring;
+#endif
extern __initconst const u8 system_certificate_list[];
extern __initconst const unsigned long system_certificate_list_size;
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
panic("Can't allocate system trusted keyring\n");
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ,
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ if (IS_ERR(system_blacklist_keyring))
+ panic("Can't allocate system blacklist keyring\n");
+
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
+#endif
+
return 0;
}
--
1.9.3

44
KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch Normal file
View File

@ -0,0 +1,44 @@
From: David Howells <dhowells@redhat.com>
Date: Tue, 16 Sep 2014 17:29:03 +0100
Subject: [PATCH] KEYS: Reinstate EPERM for a key type name beginning with a
'.'
Reinstate the generation of EPERM for a key type name beginning with a '.' in
a userspace call. Types whose name begins with a '.' are internal only.
The test was removed by:
commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d
Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Thu May 22 14:02:23 2014 -0400
Subject: KEYS: special dot prefixed keyring name bug fix
I think we want to keep the restriction on type name so that userspace can't
add keys of a special internal type.
Note that removal of the test causes several of the tests in the keyutils
testsuite to fail.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/keys/keyctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e26f860e5f2e..eff88a5f5d40 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type,
return ret;
if (ret == 0 || ret >= len)
return -EINVAL;
+ if (type[0] == '.')
+ return -EPERM;
type[len - 1] = '\0';
return 0;
}
--
1.9.3

185
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch Normal file
View File

@ -0,0 +1,185 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
Secure Boot stores a list of allowed certificates in the 'db' variable.
This imports those certificates into the system trusted keyring. This
allows for a third party signing certificate to be used in conjunction
with signed modules. By importing the public certificate into the 'db'
variable, a user can allow a module signed with that certificate to
load. The shim UEFI bootloader has a similar certificate list stored
in the 'MokListRT' variable. We import those as well.
In the opposite case, Secure Boot maintains a list of disallowed
certificates in the 'dbx' variable. We load those certificates into
the newly introduced system blacklist keyring and forbid any module
signed with those from loading.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/linux/efi.h | 6 ++++
init/Kconfig | 9 +++++
kernel/Makefile | 3 ++
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 110 insertions(+)
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 41359e548bcb..db9e6118575e 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -587,6 +587,12 @@ void efi_native_runtime_setup(void);
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
+
+#define EFI_SHIM_LOCK_GUID \
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
+
typedef struct {
efi_guid_t guid;
u64 table;
diff --git a/init/Kconfig b/init/Kconfig
index dfdd7f738247..3c866db603a7 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1877,6 +1877,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_UEFI
+ bool "Allow modules signed with certs stored in UEFI"
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
+ select EFI_SIGNATURE_LIST_PARSER
+ help
+ This will import certificates stored in UEFI and allow modules
+ signed with those to be loaded. It will also disallow loading
+ of modules stored in the UEFI dbx variable.
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index dc5c77544fd6..95bdf3398880 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -45,6 +45,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+
# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644
index 000000000000..94b0eb38a284
--- /dev/null
+++ b/kernel/modsign_uefi.c
@@ -0,0 +1,92 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/cred.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <linux/slab.h>
+#include <keys/asymmetric-type.h>
+#include <keys/system_keyring.h>
+#include "module-internal.h"
+
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+{
+ efi_status_t status;
+ unsigned long lsize = 4;
+ unsigned long tmpdb[4];
+ void *db = NULL;
+
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status != EFI_BUFFER_TOO_SMALL) {
+ pr_err("Couldn't get size: 0x%lx\n", status);
+ return NULL;
+ }
+
+ db = kmalloc(lsize, GFP_KERNEL);
+ if (!db) {
+ pr_err("Couldn't allocate memory for uefi cert list\n");
+ goto out;
+ }
+
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
+ if (status != EFI_SUCCESS) {
+ kfree(db);
+ db = NULL;
+ pr_err("Error reading db var: 0x%lx\n", status);
+ }
+out:
+ *size = lsize;
+ return db;
+}
+
+/*
+ * * Load the certs contained in the UEFI databases
+ * */
+static int __init load_uefi_certs(void)
+{
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
+ void *db = NULL, *dbx = NULL, *mok = NULL;
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
+ int rc = 0;
+
+ /* Check if SB is enabled and just return if not */
+ if (!efi_enabled(EFI_SECURE_BOOT))
+ return 0;
+
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
+ * an error if we can't get them.
+ */
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
+
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+ if (!mok) {
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+ } else {
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
+ kfree(mok);
+ }
+
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
+ if (!dbx) {
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+ } else {
+ rc = parse_efi_signature_list(dbx, dbxsize,
+ system_blacklist_keyring);
+ if (rc)
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
+ kfree(dbx);
+ }
+
+ return rc;
+}
+late_initcall(load_uefi_certs);
--
1.9.3

83
MODSIGN-Support-not-importing-certs-from-db.patch Normal file
View File

@ -0,0 +1,83 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH] MODSIGN: Support not importing certs from db
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
Have the uefi import code look for this and not import things from the db
variable.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
index 94b0eb38a284..ae28b974d49a 100644
--- a/kernel/modsign_uefi.c
+++ b/kernel/modsign_uefi.c
@@ -8,6 +8,23 @@
#include <keys/system_keyring.h>
#include "module-internal.h"
+static __init int check_ignore_db(void)
+{
+ efi_status_t status;
+ unsigned int db = 0;
+ unsigned long size = sizeof(db);
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
+
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
+ * then we don't ignore DB. If it succeeds, we do.
+ */
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ return 1;
+}
+
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
{
efi_status_t status;
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
void *db = NULL, *dbx = NULL, *mok = NULL;
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
- int rc = 0;
+ int ignore_db, rc = 0;
/* Check if SB is enabled and just return if not */
if (!efi_enabled(EFI_SECURE_BOOT))
return 0;
+ /* See if the user has setup Ignore DB mode */
+ ignore_db = check_ignore_db();
+
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
* an error if we can't get them.
*/
- db = get_cert_list(L"db", &secure_var, &dbsize);
- if (!db) {
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
- } else {
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
- if (rc)
- pr_err("Couldn't parse db signatures: %d\n", rc);
- kfree(db);
+ if (!ignore_db) {
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
}
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
1.9.3

116
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch Normal file
View File

@ -0,0 +1,116 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
kernel code, allowing them to circumvent disabled module loading or module
signing. Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/pci/pci-sysfs.c | 10 ++++++++++
drivers/pci/proc.c | 8 +++++++-
drivers/pci/syscall.c | 3 ++-
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 9ff0a901ecf7..8d0d5d92b8d9 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -30,6 +30,7 @@
#include <linux/vgaarb.h>
#include <linux/pm_runtime.h>
#include <linux/of.h>
+#include <linux/module.h>
#include "pci.h"
static int sysfs_initialized; /* = 0 */
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
loff_t init_off = off;
u8 *data = (u8 *) buf;
+ if (secure_modules())
+ return -EPERM;
+
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
resource_size_t start, end;
int i;
+ if (secure_modules())
+ return -EPERM;
+
for (i = 0; i < PCI_ROM_RESOURCE; i++)
if (res == &pdev->resource[i])
break;
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{
+ if (secure_modules())
+ return -EPERM;
+
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
}
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
index 3f155e78513f..4265ea07e3b0 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
int size = dev->cfg_size;
int cnt;
+ if (secure_modules())
+ return -EPERM;
+
if (pos >= size)
return 0;
if (nbytes >= size)
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
#endif /* HAVE_PCI_MMAP */
int ret = 0;
+ if (secure_modules())
+ return -EPERM;
+
switch (cmd) {
case PCIIOC_CONTROLLER:
ret = pci_domain_nr(dev->bus);
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
struct pci_filp_private *fpriv = file->private_data;
int i, ret;
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
/* Make sure the caller is mapping a real resource for this device */
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
index b91c4da68365..98f5637304d1 100644
--- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c
@@ -10,6 +10,7 @@
#include <linux/errno.h>
#include <linux/pci.h>
#include <linux/syscalls.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
#include "pci.h"
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
u32 dword;
int err = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
return -EPERM;
dev = pci_get_bus_and_slot(bus, dfn);
--
1.9.3

41
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch Normal file
View File

@ -0,0 +1,41 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
restricted
Allowing users to write to address space makes it possible for the kernel
to be subverted, avoiding module loading restrictions. Prevent this when
any restrictions have been imposed on loading modules.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/char/mem.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index cdf839f9defe..c63cf93b00eb 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
if (p != *ppos)
return -EFBIG;
+ if (secure_modules())
+ return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p);
--
1.9.3

15
Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
View File

@ -1,23 +1,24 @@
Bugzilla: N/A
Upstream-status: Sigh. We almost got to drop this.
From 20e3f1e1b9341d233a11734c07c076caac9936ef Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Mon, 28 Jul 2014 12:59:48 -0400
Subject: [PATCH] Revert "Revert "ACPI / video: change acpi-video
brightness_switch_enabled default to 0""
This reverts commit 2843768b701971ab10e62c77d5c75ad7c306f1bd.
Bugzilla: N/A
Upstream-status: Sigh. We almost got to drop this.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
Documentation/kernel-parameters.txt | 2 +-
drivers/acpi/video.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index b7fa2f599459..e8db409a7e3a 100644
index 10d51c2f10d7..5b6ebe8b519e 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -3532,7 +3532,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
@@ -3596,7 +3596,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the allocated input device; If set to 0, video driver
will only send out the event without touching backlight
brightness level.
@ -27,7 +28,7 @@ index b7fa2f599459..e8db409a7e3a 100644
virtio_mmio.device=
[VMMIO] Memory mapped virtio (platform) device.
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 350d52a8f781..44c89f705018 100644
index 8e7e18567ae6..a3d293806f96 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot");

38
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch Normal file
View File

@ -0,0 +1,38 @@
From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
is restricted
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules. Disable it in that case.
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
---
drivers/acpi/osl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 3abe9b223ba7..ee8f11cf65da 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@
#include <linux/list.h>
#include <linux/jiffies.h>
#include <linux/semaphore.h>
+#include <linux/module.h>
#include <asm/io.h>
#include <asm/uaccess.h>
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
- if (acpi_rsdp)
+ if (acpi_rsdp && !secure_modules())
return acpi_rsdp;
#endif
--
1.9.3

17
0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch → acpi-video-Add-4-new-models-to-the-use_native_backli.patch
View File

@ -1,8 +1,7 @@
From 5573624261ab5d54f2dea2a3e09a98729db9ecd9 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 30 Apr 2014 15:24:19 +0200
Subject: [PATCH 1/2] acpi-video: Add 4 new models to the use_native_backlight
dmi list
Subject: [PATCH] acpi-video: Add 4 new models to the use_native_backlight dmi
list
Acer Aspire V5-171
https://bugzilla.redhat.com/show_bug.cgi?id=983342
@ -21,10 +20,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
1 file changed, 32 insertions(+)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 8b6990e..48146fc 100644
index a3d293806f96..5c8ce8c699fc 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -488,6 +488,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -556,6 +556,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
},
{
@ -39,7 +38,7 @@ index 8b6990e..48146fc 100644
.callback = video_set_use_native_backlight,
.ident = "Thinkpad Helix",
.matches = {
@@ -513,6 +521,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -597,6 +605,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -54,7 +53,7 @@ index 8b6990e..48146fc 100644
.ident = "Acer Aspire V5-431",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Acer"),
@@ -520,6 +536,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -644,6 +660,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
},
{
@ -69,7 +68,7 @@ index 8b6990e..48146fc 100644
.callback = video_set_use_native_backlight,
.ident = "HP ProBook 4340s",
.matches = {
@@ -571,6 +595,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -720,6 +744,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -85,5 +84,5 @@ index 8b6990e..48146fc 100644
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
--
1.9.0
1.9.3

17
acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch
View File

@ -1,11 +1,7 @@
Bugzilla: 1093171
Upstream-status: Queued for 3.16
From 7ac976d0109433d1ad0812f4f6889a904d9a0c40 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:10 +0200
Subject: [PATCH 13/14] acpi-video: Add use native backlight quirk for the
ThinkPad W530
Subject: [PATCH] acpi-video: Add use native backlight quirk for the ThinkPad
W530
Like all of the other *30 ThinkPad models, the W530 has a broken acpi-video
backlight control. Note in order for this to actually fix things on the
@ -15,6 +11,9 @@ is also needed.
https://bugzilla.redhat.com/show_bug.cgi?id=1093171
Bugzilla: 1093171
Upstream-status: Queued for 3.16
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
@ -22,10 +21,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
1 file changed, 8 insertions(+)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index ab7cd65ce21e..dcb0ef4c22f6 100644
index 5c8ce8c699fc..d8a6ecb0b2b2 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -468,6 +468,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -469,6 +469,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -41,5 +40,5 @@ index ab7cd65ce21e..dcb0ef4c22f6 100644
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
--
1.9.0
1.9.3

17
acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
View File

@ -1,16 +1,15 @@
Bugzilla: 1025690
Upstream-status: Waiting for feedback from reporter
From dfe2c6722a6f6cb45f6b336b094b26a77acd8393 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:11 +0200
Subject: [PATCH 14/14] acpi-video: Add use_native_backlight quirk for HP
ProBook 4540s
Subject: [PATCH] acpi-video: Add use_native_backlight quirk for HP ProBook
4540s
As reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1025690
This is yet another model which needs this quirk.
Bugzilla: 1025690
Upstream-status: Waiting for feedback from reporter
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
@ -18,10 +17,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
1 file changed, 8 insertions(+)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index dcb0ef4c22f6..3db16753f88a 100644
index d8a6ecb0b2b2..8dbf009521c7 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -548,6 +548,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -693,6 +693,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -37,5 +36,5 @@ index dcb0ef4c22f6..3db16753f88a 100644
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
--
1.9.0
1.9.3

460
arm-beagle.patch
View File

@ -1,460 +0,0 @@
Bugzilla: 1012025
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
From b5a2528c89fc8049b2a6a750634c14983e33d00f Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:05:09 -0600
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 6b71ad9..09ffbd8 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -74,5 +74,18 @@
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
status = "okay";
+
+ panel-info {
+ bpp = <16>;
+ ac-bias = <255>;
+ ac-bias-intrpt = <0>;
+ dma-burst-sz = <16>;
+ fdd = <16>;
+ sync-edge = <1>;
+ sync-ctrl = <1>;
+ raster-order = <0>;
+ fifo-th = <0>;
+ invert-pxl-clk;
+ };
};
};
--
1.8.5.1
From 1da083a002581520dd358b8b8e097078000d12b9 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:14:19 -0600
Subject: [PATCH 2/2] arm: dts: am335x-boneblack: add cpu0 opp points
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 09ffbd8..f213ccd 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -67,6 +67,24 @@
};
/ {
+ cpus {
+ cpu@0 {
+ cpu0-supply = <&dcdc2_reg>;
+ /*
+ * To consider voltage drop between PMIC and SoC,
+ * tolerance value is reduced to 2% from 4% and
+ * voltage value is increased as a precaution.
+ */
+ operating-points = <
+ /* kHz uV */
+ 1000000 1325000
+ 800000 1300000
+ 600000 1112000
+ 300000 969000
+ >;
+ };
+ };
+
hdmi {
compatible = "ti,tilcdc,slave";
i2c = <&i2c0>;
--
1.8.5.1
From 8551d8aa7d3e002da2097e7e902fb96fceb8694e Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 11:17:45 -0600
Subject: [PATCH 3/3] arm: dts: am335x-bone-common: enable and use i2c2
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index e3f27ec..54366b6 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -84,6 +84,13 @@
>;
};
+ i2c2_pins: pinmux_i2c2_pins {
+ pinctrl-single,pins = <
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
+ >;
+ };
+
uart0_pins: pinmux_uart0_pins {
pinctrl-single,pins = <
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
@@ -220,6 +227,38 @@
reg = <0x24>;
};
+ baseboard_eeprom: baseboard_eeprom@50 {
+ compatible = "at,24c256";
+ reg = <0x50>;
+ };
+};
+
+&i2c2 {
+ status = "okay";
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c2_pins>;
+
+ clock-frequency = <100000>;
+
+ cape_eeprom0: cape_eeprom0@54 {
+ compatible = "at,24c256";
+ reg = <0x54>;
+ };
+
+ cape_eeprom1: cape_eeprom1@55 {
+ compatible = "at,24c256";
+ reg = <0x55>;
+ };
+
+ cape_eeprom2: cape_eeprom2@56 {
+ compatible = "at,24c256";
+ reg = <0x56>;
+ };
+
+ cape_eeprom3: cape_eeprom3@57 {
+ compatible = "at,24c256";
+ reg = <0x57>;
+ };
};
/include/ "tps65217.dtsi"
--
1.8.5.2
From a3099dc53a47d1694a5b575580ec3406dc429bf8 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 14:18:00 -0600
Subject: [PATCH 4/4] arm: dts: am335x-bone-common: setup default pinmux
http://elinux.org/Basic_Proto_Cape
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
1 file changed, 130 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index e4571af..f85cabc 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -98,6 +98,13 @@
>;
};
+ uart1_pins: pinmux_uart1_pins {
+ pinctrl-single,pins = <
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
@@ -178,6 +185,33 @@
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
>;
};
+
+ spi0_pins: pinmux_spi0_pins {
+ pinctrl-single,pins = <
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
+ pinctrl-single,pins = <
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
+ pinctrl-single,pins = <
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
+ >;
+ };
+
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
+ pinctrl-single,pins = <
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
+ >;
+ };
};
&uart0 {
@@ -187,6 +221,13 @@
status = "okay";
};
+&uart1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart1_pins>;
+
+ status = "okay";
+};
+
&usb {
status = "okay";
@@ -261,6 +302,56 @@
};
};
+&epwmss0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ status = "okay";
+
+ ecap@48300100 {
+ status = "okay";
+ };
+};
+
+&epwmss1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <
+ &ehrpwm1_pin_p9_14
+ &ehrpwm1_pin_p9_16
+ >;
+
+ status = "okay";
+
+ ehrpwm@48302200 {
+ status = "okay";
+ };
+};
+
+&spi0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&spi0_pins>;
+ status = "okay";
+
+ spidev0: spi@0 {
+ compatible = "spidev";
+ reg = <0>;
+ spi-max-frequency = <16000000>;
+ spi-cpha;
+ };
+
+ spidev1: spi@1 {
+ compatible = "spidev";
+ reg = <1>;
+ spi-max-frequency = <16000000>;
+ };
+};
+
+&tscadc {
+ status = "okay";
+ adc {
+ ti,adc-channels = <4 5 6>;
+ };
+};
+
/include/ "tps65217.dtsi"
&tps {
@@ -336,3 +427,42 @@
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
cd-inverted;
};
+
+/ {
+ ocp {
+ //FIXME: these pwm's still need work, this guild isn't working..
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
+ pwm_test_P9_14@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_14";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_16@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_16";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_42 {
+ compatible = "pwm_test";
+ pwms = <&ecap0 0 500000 1>;
+ pwm-names = "PWM_P9_42";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+ };
+};
--
1.8.5.2
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Thu, 13 Mar 2014 14:18:52 -0500
Subject: [PATCH] arm: dts: am335x-bone-common: add
uart2_pins/uart4_pins/uart5_pins
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index f85cabc..5270d18 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -105,6 +105,27 @@
>;
};
+ uart2_pins: pinmux_uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
+ >;
+ };
+
+ uart4_pins: pinmux_uart4_pins {
+ pinctrl-single,pins = <
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
+ >;
+ };
+
+ uart5_pins: pinmux_uart5_pins {
+ pinctrl-single,pins = <
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
--
1.9.0
From 72567452d5d6007010597158f6afd00e2bf07579 Mon Sep 17 00:00:00 2001
From: Pantelis Antoniou <panto@antoniou-consulting.com>
Date: Sat, 15 Sep 2012 12:00:41 +0300
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
When using pinctrl-single to handle i2c initialization, it has
to be done early. Whether this is the best way to do so, is an
exercise left to the reader.
---
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index 829b98c..5107dcf 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -2039,7 +2039,17 @@ static struct platform_driver pcs_driver = {
#endif
};
-module_platform_driver(pcs_driver);
+static int __init pcs_init(void)
+{
+ return platform_driver_register(&pcs_driver);
+}
+postcore_initcall(pcs_init);
+
+static void __exit pcs_exit(void)
+{
+ platform_driver_unregister(&pcs_driver);
+}
+module_exit(pcs_exit);
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
--
1.8.5.2
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Thu, 13 Mar 2014 14:18:52 -0500
Subject: [PATCH] arm: dts: am335x-bone-common: add
uart2_pins/uart4_pins/uart5_pins
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index f85cabc..5270d18 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -105,6 +105,27 @@
>;
};
+ uart2_pins: pinmux_uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
+ >;
+ };
+
+ uart4_pins: pinmux_uart4_pins {
+ pinctrl-single,pins = <
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
+ >;
+ };
+
+ uart5_pins: pinmux_uart5_pins {
+ pinctrl-single,pins = <
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
--
1.9.0

45
arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch Normal file
View File

@ -0,0 +1,45 @@
From: Robert Nelson <robertcnelson@gmail.com>
Date: Thu, 13 Mar 2014 14:18:52 -0500
Subject: [PATCH] arm: dts: am335x-bone-common: add
uart2_pins/uart4_pins/uart5_pins
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index 86cdb52dbf8a..db4518ef755d 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -105,6 +105,27 @@
>;
};
+ uart2_pins: pinmux_uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
+ >;
+ };
+
+ uart4_pins: pinmux_uart4_pins {
+ pinctrl-single,pins = <
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
+ >;
+ };
+
+ uart5_pins: pinmux_uart5_pins {
+ pinctrl-single,pins = <
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
--
1.9.3

69
arm-dts-am335x-bone-common-enable-and-use-i2c2.patch Normal file
View File

@ -0,0 +1,69 @@
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 11:17:45 -0600
Subject: [PATCH] arm: dts: am335x-bone-common: enable and use i2c2
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index bde1777b62be..c7357bcc7d5c 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -84,6 +84,13 @@
>;
};
+ i2c2_pins: pinmux_i2c2_pins {
+ pinctrl-single,pins = <
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
+ >;
+ };
+
uart0_pins: pinmux_uart0_pins {
pinctrl-single,pins = <
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
@@ -220,6 +227,38 @@
reg = <0x24>;
};
+ baseboard_eeprom: baseboard_eeprom@50 {
+ compatible = "at,24c256";
+ reg = <0x50>;
+ };
+};
+
+&i2c2 {
+ status = "okay";
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c2_pins>;
+
+ clock-frequency = <100000>;
+
+ cape_eeprom0: cape_eeprom0@54 {
+ compatible = "at,24c256";
+ reg = <0x54>;
+ };
+
+ cape_eeprom1: cape_eeprom1@55 {
+ compatible = "at,24c256";
+ reg = <0x55>;
+ };
+
+ cape_eeprom2: cape_eeprom2@56 {
+ compatible = "at,24c256";
+ reg = <0x56>;
+ };
+
+ cape_eeprom3: cape_eeprom3@57 {
+ compatible = "at,24c256";
+ reg = <0x57>;
+ };
};
/include/ "tps65217.dtsi"
--
1.9.3

179
arm-dts-am335x-bone-common-setup-default-pinmux-http.patch Normal file
View File

@ -0,0 +1,179 @@
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 14:18:00 -0600
Subject: [PATCH] arm: dts: am335x-bone-common: setup default pinmux
http://elinux.org/Basic_Proto_Cape
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
1 file changed, 130 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index c7357bcc7d5c..86cdb52dbf8a 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -98,6 +98,13 @@
>;
};
+ uart1_pins: pinmux_uart1_pins {
+ pinctrl-single,pins = <
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
@@ -178,6 +185,33 @@
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
>;
};
+
+ spi0_pins: pinmux_spi0_pins {
+ pinctrl-single,pins = <
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
+ pinctrl-single,pins = <
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
+ pinctrl-single,pins = <
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
+ >;
+ };
+
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
+ pinctrl-single,pins = <
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
+ >;
+ };
};
&uart0 {
@@ -187,6 +221,13 @@
status = "okay";
};
+&uart1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart1_pins>;
+
+ status = "okay";
+};
+
&usb {
status = "okay";
};
@@ -261,6 +302,56 @@
};
};
+&epwmss0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ status = "okay";
+
+ ecap@48300100 {
+ status = "okay";
+ };
+};
+
+&epwmss1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <
+ &ehrpwm1_pin_p9_14
+ &ehrpwm1_pin_p9_16
+ >;
+
+ status = "okay";
+
+ ehrpwm@48302200 {
+ status = "okay";
+ };
+};
+
+&spi0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&spi0_pins>;
+ status = "okay";
+
+ spidev0: spi@0 {
+ compatible = "spidev";
+ reg = <0>;
+ spi-max-frequency = <16000000>;
+ spi-cpha;
+ };
+
+ spidev1: spi@1 {
+ compatible = "spidev";
+ reg = <1>;
+ spi-max-frequency = <16000000>;
+ };
+};
+
+&tscadc {
+ status = "okay";
+ adc {
+ ti,adc-channels = <4 5 6>;
+ };
+};
+
/include/ "tps65217.dtsi"
&tps {
@@ -337,3 +428,42 @@
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
cd-inverted;
};
+
+/ {
+ ocp {
+ //FIXME: these pwm's still need work, this guild isn't working..
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
+ pwm_test_P9_14@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_14";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_16@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_16";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_42 {
+ compatible = "pwm_test";
+ pwms = <&ecap0 0 500000 1>;
+ pwm-names = "PWM_P9_42";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+ };
+};
--
1.9.3

41
arm-dts-am335x-boneblack-add-cpu0-opp-points.patch Normal file
View File

@ -0,0 +1,41 @@
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:14:19 -0600
Subject: [PATCH] arm: dts: am335x-boneblack: add cpu0 opp points
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index bf5349165542..acfff3befff5 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -66,6 +66,24 @@
};
/ {
+ cpus {
+ cpu@0 {
+ cpu0-supply = <&dcdc2_reg>;
+ /*
+ * To consider voltage drop between PMIC and SoC,
+ * tolerance value is reduced to 2% from 4% and
+ * voltage value is increased as a precaution.
+ */
+ operating-points = <
+ /* kHz uV */
+ 1000000 1325000
+ 800000 1300000
+ 600000 1112000
+ 300000 969000
+ >;
+ };
+ };
+
hdmi {
compatible = "ti,tilcdc,slave";
i2c = <&i2c0>;
--
1.9.3

38
arm-dts-am335x-boneblack-lcdc-add-panel-info.patch Normal file
View File

@ -0,0 +1,38 @@
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:05:09 -0600
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
Bugzilla: 1012025
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 305975d3f531..bf5349165542 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -73,5 +73,18 @@
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
status = "okay";
+
+ panel-info {
+ bpp = <16>;
+ ac-bias = <255>;
+ ac-bias-intrpt = <0>;
+ dma-burst-sz = <16>;
+ fdd = <16>;
+ sync-edge = <1>;
+ sync-ctrl = <1>;
+ raster-order = <0>;
+ fifo-th = <0>;
+ invert-pxl-clk;
+ };
};
};
--
1.9.3

213
arm-dts-sun7i-bananapi.patch Normal file
View File

@ -0,0 +1,213 @@
From: Hans de Goede <hdegoede@redhat.com>
Date: Tue, 30 Sep 2014 14:29:26 +0100
Subject: [PATCH] arm: dts sun7i bananapi
The Banana Pi is an A20 based development board using Raspberry Pi compatible
IO headers. It comes with 1 GB RAM, 1 Gb ethernet, 2x USB host, sata, hdmi
and stereo audio out + various expenansion headers:
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
---
arch/arm/boot/dts/Makefile | 1 +
arch/arm/boot/dts/sun7i-a20-bananapi.dts | 177 +++++++++++++++++++++++++++++++
2 files changed, 178 insertions(+)
create mode 100644 arch/arm/boot/dts/sun7i-a20-bananapi.dts
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
index b8c5cd3ddeb9..c3003a4460f5 100644
--- a/arch/arm/boot/dts/Makefile
+++ b/arch/arm/boot/dts/Makefile
@@ -414,6 +414,7 @@ dtb-$(CONFIG_MACH_SUN6I) += \
sun6i-a31-hummingbird.dtb \
sun6i-a31-m9.dtb
dtb-$(CONFIG_MACH_SUN7I) += \
+ sun7i-a20-bananapi.dtb \
sun7i-a20-cubieboard2.dtb \
sun7i-a20-cubietruck.dtb \
sun7i-a20-i12-tvbox.dtb \
diff --git a/arch/arm/boot/dts/sun7i-a20-bananapi.dts b/arch/arm/boot/dts/sun7i-a20-bananapi.dts
new file mode 100644
index 000000000000..7214475a3c36
--- /dev/null
+++ b/arch/arm/boot/dts/sun7i-a20-bananapi.dts
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2014 Hans de Goede <hdegoede@xxxxxxxxxx>
+ *
+ * The code contained herein is licensed under the GNU General Public
+ * License. You may obtain a copy of the GNU General Public License
+ * Version 2 or later at the following locations:
+ *
+ * http://www.opensource.org/licenses/gpl-license.html
+ * http://www.gnu.org/copyleft/gpl.html
+ */
+
+/dts-v1/;
+/include/ "sun7i-a20.dtsi"
+/include/ "sunxi-common-regulators.dtsi"
+
+/ {
+ model = "LeMaker Banana Pi";
+ compatible = "lemaker,bananapi", "allwinner,sun7i-a20";
+
+ soc@01c00000 {
+ mmc0: mmc@01c0f000 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bananapi>;
+ vmmc-supply = <&reg_vcc3v3>;
+ bus-width = <4>;
+ cd-gpios = <&pio 7 10 0>; /* PH10 */
+ cd-inverted;
+ status = "okay";
+ };
+
+ usbphy: phy@01c13400 {
+ usb1_vbus-supply = <&reg_usb1_vbus>;
+ usb2_vbus-supply = <&reg_usb2_vbus>;
+ status = "okay";
+ };
+
+ ehci0: usb@01c14000 {
+ status = "okay";
+ };
+
+ ohci0: usb@01c14400 {
+ status = "okay";
+ };
+
+ ahci: sata@01c18000 {
+ status = "okay";
+ };
+
+ ehci1: usb@01c1c000 {
+ status = "okay";
+ };
+
+ ohci1: usb@01c1c400 {
+ status = "okay";
+ };
+
+ pinctrl@01c20800 {
+ uart3_pins_bananapi: uart3_pin@0 {
+ allwinner,pins = "PH0", "PH1";
+ allwinner,function = "uart3";
+ allwinner,drive = <0>;
+ allwinner,pull = <0>;
+ };
+
+ mmc0_cd_pin_bananapi: mmc0_cd_pin@0 {
+ allwinner,pins = "PH10";
+ allwinner,function = "gpio_in";
+ allwinner,drive = <0>;
+ allwinner,pull = <1>;
+ };
+
+ gmac_power_pin_bananapi: gmac_power_pin@0 {
+ allwinner,pins = "PH23";
+ allwinner,function = "gpio_out";
+ allwinner,drive = <0>;
+ allwinner,pull = <0>;
+ };
+
+ led_pins_bananapi: led_pins@0 {
+ allwinner,pins = "PH24";
+ allwinner,function = "gpio_out";
+ allwinner,drive = <0>;
+ allwinner,pull = <0>;
+ };
+ };
+
+ ir0: ir@01c21800 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&ir0_pins_a>;
+ status = "okay";
+ };
+
+ uart0: serial@01c28000 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart0_pins_a>;
+ status = "okay";
+ };
+
+ uart3: serial@01c28c00 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart3_pins_bananapi>;
+ status = "okay";
+ };
+
+ uart7: serial@01c29c00 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart7_pins_a>;
+ status = "okay";
+ };
+
+ i2c0: i2c@01c2ac00 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c0_pins_a>;
+ status = "okay";
+
+ axp209: pmic@34 {
+ compatible = "x-powers,axp209";
+ reg = <0x34>;
+ interrupt-parent = <&nmi_intc>;
+ interrupts = <0 8>;
+
+ interrupt-controller;
+ #interrupt-cells = <1>;
+ };
+ };
+
+ i2c2: i2c@01c2b400 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c2_pins_a>;
+ status = "okay";
+ };
+
+ gmac: ethernet@01c50000 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&gmac_pins_rgmii_a>;
+ phy = <&phy1>;
+ phy-mode = "rgmii";
+ phy-supply = <&reg_gmac_3v3>;
+ status = "okay";
+
+ phy1: ethernet-phy@1 {
+ reg = <1>;
+ };
+ };
+ };
+
+ leds {
+ compatible = "gpio-leds";
+ pinctrl-names = "default";
+ pinctrl-0 = <&led_pins_bananapi>;
+
+ green {
+ label = "bananapi:green:usr";
+ gpios = <&pio 7 24 0>;
+ };
+ };
+
+ reg_usb1_vbus: usb1-vbus {
+ status = "okay";
+ };
+
+ reg_usb2_vbus: usb2-vbus {
+ status = "okay";
+ };
+
+ reg_gmac_3v3: gmac-3v3 {
+ compatible = "regulator-fixed";
+ pinctrl-names = "default";
+ pinctrl-0 = <&gmac_power_pin_bananapi>;
+ regulator-name = "gmac-3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ startup-delay-us = <50000>;
+ enable-active-high;
+ gpio = <&pio 7 23 0>;
+ };
+};
--
1.9.3

60
arm-highbank-l2-reverts.patch Normal file
View File

@ -0,0 +1,60 @@
From: Kyle McMartin <kmcmartin@redhat.com>
Date: Tue, 30 Sep 2014 16:19:47 -0400
Subject: [PATCH] arm: highbank l2 reverts
Revert some v3.16 changes to mach-highbank which broke L2 cache enablement.
Will debug upstream separately, but we need F22/21 running there. (#1139762)
---
arch/arm/mach-highbank/highbank.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/arch/arm/mach-highbank/highbank.c b/arch/arm/mach-highbank/highbank.c
index 8c35ae4ff176..38e1dc3b4c6e 100644
--- a/arch/arm/mach-highbank/highbank.c
+++ b/arch/arm/mach-highbank/highbank.c
@@ -51,13 +51,11 @@ static void __init highbank_scu_map_io(void)
}
-static void highbank_l2c310_write_sec(unsigned long val, unsigned reg)
+static void highbank_l2x0_disable(void)
{
- if (reg == L2X0_CTRL)
- highbank_smc1(0x102, val);
- else
- WARN_ONCE(1, "Highbank L2C310: ignoring write to reg 0x%x\n",
- reg);
+ outer_flush_all();
+ /* Disable PL310 L2 Cache controller */
+ highbank_smc1(0x102, 0x0);
}
static void __init highbank_init_irq(void)
@@ -66,6 +64,14 @@ static void __init highbank_init_irq(void)
if (of_find_compatible_node(NULL, NULL, "arm,cortex-a9"))
highbank_scu_map_io();
+
+ /* Enable PL310 L2 Cache controller */
+ if (IS_ENABLED(CONFIG_CACHE_L2X0) &&
+ of_find_compatible_node(NULL, NULL, "arm,pl310-cache")) {
+ highbank_smc1(0x102, 0x1);
+ l2x0_of_init(0, ~0);
+ outer_cache.disable = highbank_l2x0_disable;
+ }
}
static void highbank_power_off(void)
@@ -179,9 +185,6 @@ DT_MACHINE_START(HIGHBANK, "Highbank")
#if defined(CONFIG_ZONE_DMA) && defined(CONFIG_ARM_LPAE)
.dma_zone_size = (4ULL * SZ_1G),
#endif
- .l2c_aux_val = 0,
- .l2c_aux_mask = ~0,
- .l2c_write_sec = highbank_l2c310_write_sec,
.init_irq = highbank_init_irq,
.init_machine = highbank_init,
.dt_compat = highbank_match,
--
1.9.3

13
arm-imx6-utilite.patch → arm-i.MX6-Utilite-device-dtb.patch
View File

@ -1,5 +1,13 @@
From: Peter Robinson <pbrobinson@gmail.com>
Date: Fri, 11 Jul 2014 00:10:56 +0100
Subject: [PATCH] arm: i.MX6 Utilite device dtb
---
arch/arm/boot/dts/imx6q-cm-fx6.dts | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/arch/arm/boot/dts/imx6q-cm-fx6.dts b/arch/arm/boot/dts/imx6q-cm-fx6.dts
index 99b46f8..8b6ddd1 100644
index 99b46f8030ad..8b6ddd16dcc5 100644
--- a/arch/arm/boot/dts/imx6q-cm-fx6.dts
+++ b/arch/arm/boot/dts/imx6q-cm-fx6.dts
@@ -97,11 +97,49 @@
@ -52,3 +60,6 @@ index 99b46f8..8b6ddd1 100644
+ pinctrl-0 = <&pinctrl_usdhc3>;
+ status = "okay";
+};
--
1.9.3

472
arm-qemu-fixdisplay.patch
View File

@ -1,472 +0,0 @@
commit d10715be03bd8bad59ddc50236cb140c3bd73c7b
Author: Pawel Moll <pawel.moll@arm.com>
Date: Tue Jun 24 12:55:11 2014 +0100
video: ARM CLCD: Add DT support
This patch adds basic DT bindings for the PL11x CLCD cells
and make their fbdev driver use them.
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
diff --git a/Documentation/devicetree/bindings/video/arm,pl11x.txt b/Documentation/devicetree/bindings/video/arm,pl11x.txt
new file mode 100644
index 0000000..3e3039a
--- /dev/null
+++ b/Documentation/devicetree/bindings/video/arm,pl11x.txt
@@ -0,0 +1,109 @@
+* ARM PrimeCell Color LCD Controller PL110/PL111
+
+See also Documentation/devicetree/bindings/arm/primecell.txt
+
+Required properties:
+
+- compatible: must be one of:
+ "arm,pl110", "arm,primecell"
+ "arm,pl111", "arm,primecell"
+
+- reg: base address and size of the control registers block
+
+- interrupt-names: either the single entry "combined" representing a
+ combined interrupt output (CLCDINTR), or the four entries
+ "mbe", "vcomp", "lnbu", "fuf" representing the individual
+ CLCDMBEINTR, CLCDVCOMPINTR, CLCDLNBUINTR, CLCDFUFINTR interrupts
+
+- interrupts: contains an interrupt specifier for each entry in
+ interrupt-names
+
+- clock-names: should contain "clcdclk" and "apb_pclk"
+
+- clocks: contains phandle and clock specifier pairs for the entries
+ in the clock-names property. See
+ Documentation/devicetree/binding/clock/clock-bindings.txt
+
+Optional properties:
+
+- memory-region: phandle to a node describing memory (see
+ Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt)
+ to be used for the framebuffer; if not present, the framebuffer
+ may be located anywhere in the memory
+
+- max-memory-bandwidth: maximum bandwidth in bytes per second that the
+ cell's memory interface can handle; if not present, the memory
+ interface is fast enough to handle all possible video modes
+
+Required sub-nodes:
+
+- port: describes LCD panel signals, following the common binding
+ for video transmitter interfaces; see
+ Documentation/devicetree/bindings/media/video-interfaces.txt;
+ when it is a TFT panel, the port's endpoint must define the
+ following property:
+
+ - arm,pl11x,tft-r0g0b0-pads: an array of three 32-bit values,
+ defining the way CLD pads are wired up; first value
+ contains index of the "CLD" external pin (pad) used
+ as R0 (first bit of the red component), second value
+ index of the pad used as G0, third value index of the
+ pad used as B0, see also "LCD panel signal multiplexing
+ details" paragraphs in the PL110/PL111 Technical
+ Reference Manuals; this implicitly defines available
+ color modes, for example:
+ - PL111 TFT 4:4:4 panel:
+ arm,pl11x,tft-r0g0b0-pads = <4 15 20>;
+ - PL110 TFT (1:)5:5:5 panel:
+ arm,pl11x,tft-r0g0b0-pads = <1 7 13>;
+ - PL111 TFT (1:)5:5:5 panel:
+ arm,pl11x,tft-r0g0b0-pads = <3 11 19>;
+ - PL111 TFT 5:6:5 panel:
+ arm,pl11x,tft-r0g0b0-pads = <3 10 19>;
+ - PL110 and PL111 TFT 8:8:8 panel:
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
+ - PL110 and PL111 TFT 8:8:8 panel, R & B components swapped:
+ arm,pl11x,tft-r0g0b0-pads = <16 8 0>;
+
+
+Example:
+
+ clcd@10020000 {
+ compatible = "arm,pl111", "arm,primecell";
+ reg = <0x10020000 0x1000>;
+ interrupt-names = "combined";
+ interrupts = <0 44 4>;
+ clocks = <&oscclk1>, <&oscclk2>;
+ clock-names = "clcdclk", "apb_pclk";
+ max-memory-bandwidth = <94371840>; /* Bps, 1024x768@60 16bpp */
+
+ port {
+ clcd_pads: endpoint {
+ remote-endpoint = <&clcd_panel>;
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
+ };
+ };
+
+ };
+
+ panel {
+ compatible = "panel-dpi";
+
+ port {
+ clcd_panel: endpoint {
+ remote-endpoint = <&clcd_pads>;
+ };
+ };
+
+ panel-timing {
+ clock-frequency = <25175000>;
+ hactive = <640>;
+ hback-porch = <40>;
+ hfront-porch = <24>;
+ hsync-len = <96>;
+ vactive = <480>;
+ vback-porch = <32>;
+ vfront-porch = <11>;
+ vsync-len = <2>;
+ };
+ };
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
index 4a7098f..6f451ad 100644
--- a/drivers/video/fbdev/Kconfig
+++ b/drivers/video/fbdev/Kconfig
@@ -280,6 +280,7 @@ config FB_ARMCLCD
select FB_CFB_FILLRECT
select FB_CFB_COPYAREA
select FB_CFB_IMAGEBLIT
+ select VIDEOMODE_HELPERS if OF
help
This framebuffer device driver is for the ARM PrimeCell PL110
Colour LCD controller. ARM PrimeCells provide the building
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
index 14d6b37..23b3519 100644
--- a/drivers/video/fbdev/amba-clcd.c
+++ b/drivers/video/fbdev/amba-clcd.c
@@ -26,6 +26,13 @@
#include <linux/amba/clcd.h>
#include <linux/clk.h>
#include <linux/hardirq.h>
+#include <linux/dma-mapping.h>
+#include <linux/of.h>
+#include <linux/of_address.h>
+#include <linux/of_graph.h>
+#include <video/display_timing.h>
+#include <video/of_display_timing.h>
+#include <video/videomode.h>
#include <asm/sizes.h>
@@ -543,6 +550,259 @@ static int clcdfb_register(struct clcd_fb *fb)
return ret;
}
+#ifdef CONFIG_OF
+static int clcdfb_of_get_dpi_panel_mode(struct device_node *node,
+ struct fb_videomode *mode)
+{
+ int err;
+ struct display_timing timing;
+ struct videomode video;
+
+ err = of_get_display_timing(node, "panel-timing", &timing);
+ if (err)
+ return err;
+
+ videomode_from_timing(&timing, &video);
+
+ err = fb_videomode_from_videomode(&video, mode);
+ if (err)
+ return err;
+
+ return 0;
+}
+
+static int clcdfb_snprintf_mode(char *buf, int size, struct fb_videomode *mode)
+{
+ return snprintf(buf, size, "%ux%u@%u", mode->xres, mode->yres,
+ mode->refresh);
+}
+
+static int clcdfb_of_get_mode(struct device *dev, struct device_node *endpoint,
+ struct fb_videomode *mode)
+{
+ int err;
+ struct device_node *panel;
+ char *name;
+ int len;
+
+ panel = of_graph_get_remote_port_parent(endpoint);
+ if (!panel)
+ return -ENODEV;
+
+ /* Only directly connected DPI panels supported for now */
+ if (of_device_is_compatible(panel, "panel-dpi"))
+ err = clcdfb_of_get_dpi_panel_mode(panel, mode);
+ else
+ err = -ENOENT;
+ if (err)
+ return err;
+
+ len = clcdfb_snprintf_mode(NULL, 0, mode);
+ name = devm_kzalloc(dev, len + 1, GFP_KERNEL);
+ clcdfb_snprintf_mode(name, len + 1, mode);
+ mode->name = name;
+
+ return 0;
+}
+
+static int clcdfb_of_init_tft_panel(struct clcd_fb *fb, u32 r0, u32 g0, u32 b0)
+{
+ static struct {
+ unsigned int part;
+ u32 r0, g0, b0;
+ u32 caps;
+ } panels[] = {
+ { 0x110, 1, 7, 13, CLCD_CAP_5551 },
+ { 0x110, 0, 8, 16, CLCD_CAP_888 },
+ { 0x111, 4, 14, 20, CLCD_CAP_444 },
+ { 0x111, 3, 11, 19, CLCD_CAP_444 | CLCD_CAP_5551 },
+ { 0x111, 3, 10, 19, CLCD_CAP_444 | CLCD_CAP_5551 |
+ CLCD_CAP_565 },
+ { 0x111, 0, 8, 16, CLCD_CAP_444 | CLCD_CAP_5551 |
+ CLCD_CAP_565 | CLCD_CAP_888 },
+ };
+ int i;
+
+ /* Bypass pixel clock divider, data output on the falling edge */
+ fb->panel->tim2 = TIM2_BCD | TIM2_IPC;
+
+ /* TFT display, vert. comp. interrupt at the start of the back porch */
+ fb->panel->cntl |= CNTL_LCDTFT | CNTL_LCDVCOMP(1);
+
+ fb->panel->caps = 0;
+
+ /* Match the setup with known variants */
+ for (i = 0; i < ARRAY_SIZE(panels) && !fb->panel->caps; i++) {
+ if (amba_part(fb->dev) != panels[i].part)
+ continue;
+ if (g0 != panels[i].g0)
+ continue;
+ if (r0 == panels[i].r0 && b0 == panels[i].b0)
+ fb->panel->caps = panels[i].caps & CLCD_CAP_RGB;
+ if (r0 == panels[i].b0 && b0 == panels[i].r0)
+ fb->panel->caps = panels[i].caps & CLCD_CAP_BGR;
+ }
+
+ return fb->panel->caps ? 0 : -EINVAL;
+}
+
+static int clcdfb_of_init_display(struct clcd_fb *fb)
+{
+ struct device_node *endpoint;
+ int err;
+ u32 max_bandwidth;
+ u32 tft_r0b0g0[3];
+
+ fb->panel = devm_kzalloc(&fb->dev->dev, sizeof(*fb->panel), GFP_KERNEL);
+ if (!fb->panel)
+ return -ENOMEM;
+
+ endpoint = of_graph_get_next_endpoint(fb->dev->dev.of_node, NULL);
+ if (!endpoint)
+ return -ENODEV;
+
+ err = clcdfb_of_get_mode(&fb->dev->dev, endpoint, &fb->panel->mode);
+ if (err)
+ return err;
+
+ err = of_property_read_u32(fb->dev->dev.of_node, "max-memory-bandwidth",
+ &max_bandwidth);
+ if (!err)
+ fb->panel->bpp = 8 * max_bandwidth / (fb->panel->mode.xres *
+ fb->panel->mode.yres * fb->panel->mode.refresh);
+ else
+ fb->panel->bpp = 32;
+
+#ifdef CONFIG_CPU_BIG_ENDIAN
+ fb->panel->cntl |= CNTL_BEBO;
+#endif
+ fb->panel->width = -1;
+ fb->panel->height = -1;
+
+ if (of_property_read_u32_array(endpoint,
+ "arm,pl11x,tft-r0g0b0-pads",
+ tft_r0b0g0, ARRAY_SIZE(tft_r0b0g0)) == 0)
+ return clcdfb_of_init_tft_panel(fb, tft_r0b0g0[0],
+ tft_r0b0g0[1], tft_r0b0g0[2]);
+
+ return -ENOENT;
+}
+
+static int clcdfb_of_vram_setup(struct clcd_fb *fb)
+{
+ int err;
+ struct device_node *memory;
+ u64 size;
+
+ err = clcdfb_of_init_display(fb);
+ if (err)
+ return err;
+
+ memory = of_parse_phandle(fb->dev->dev.of_node, "memory-region", 0);
+ if (!memory)
+ return -ENODEV;
+
+ fb->fb.screen_base = of_iomap(memory, 0);
+ if (!fb->fb.screen_base)
+ return -ENOMEM;
+
+ fb->fb.fix.smem_start = of_translate_address(memory,
+ of_get_address(memory, 0, &size, NULL));
+ fb->fb.fix.smem_len = size;
+
+ return 0;
+}
+
+static int clcdfb_of_vram_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
+{
+ unsigned long off, user_size, kernel_size;
+
+
+ off = vma->vm_pgoff << PAGE_SHIFT;
+ user_size = vma->vm_end - vma->vm_start;
+ kernel_size = fb->fb.fix.smem_len;
+
+ if (off >= kernel_size || user_size > (kernel_size - off))
+ return -ENXIO;
+
+ return remap_pfn_range(vma, vma->vm_start,
+ __phys_to_pfn(fb->fb.fix.smem_start) + vma->vm_pgoff,
+ user_size,
+ pgprot_writecombine(vma->vm_page_prot));
+}
+
+static void clcdfb_of_vram_remove(struct clcd_fb *fb)
+{
+ iounmap(fb->fb.screen_base);
+}
+
+static int clcdfb_of_dma_setup(struct clcd_fb *fb)
+{
+ unsigned long framesize;
+ dma_addr_t dma;
+ int err;
+
+ err = clcdfb_of_init_display(fb);
+ if (err)
+ return err;
+
+ framesize = fb->panel->mode.xres * fb->panel->mode.yres *
+ fb->panel->bpp / 8;
+ fb->fb.screen_base = dma_alloc_coherent(&fb->dev->dev, framesize,
+ &dma, GFP_KERNEL);
+ if (!fb->fb.screen_base)
+ return -ENOMEM;
+
+ fb->fb.fix.smem_start = dma;
+ fb->fb.fix.smem_len = framesize;
+
+ return 0;
+}
+
+static int clcdfb_of_dma_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
+{
+ return dma_mmap_writecombine(&fb->dev->dev, vma, fb->fb.screen_base,
+ fb->fb.fix.smem_start, fb->fb.fix.smem_len);
+}
+
+static void clcdfb_of_dma_remove(struct clcd_fb *fb)
+{
+ dma_free_coherent(&fb->dev->dev, fb->fb.fix.smem_len,
+ fb->fb.screen_base, fb->fb.fix.smem_start);
+}
+
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
+{
+ struct clcd_board *board = devm_kzalloc(&dev->dev, sizeof(*board),
+ GFP_KERNEL);
+ struct device_node *node = dev->dev.of_node;
+
+ if (!board)
+ return NULL;
+
+ board->name = of_node_full_name(node);
+ board->caps = CLCD_CAP_ALL;
+ board->check = clcdfb_check;
+ board->decode = clcdfb_decode;
+ if (of_find_property(node, "memory-region", NULL)) {
+ board->setup = clcdfb_of_vram_setup;
+ board->mmap = clcdfb_of_vram_mmap;
+ board->remove = clcdfb_of_vram_remove;
+ } else {
+ board->setup = clcdfb_of_dma_setup;
+ board->mmap = clcdfb_of_dma_mmap;
+ board->remove = clcdfb_of_dma_remove;
+ }
+
+ return board;
+}
+#else
+static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
+{
+ return NULL;
+}
+#endif
+
static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
{
struct clcd_board *board = dev_get_platdata(&dev->dev);
@@ -550,6 +810,9 @@ static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
int ret;
if (!board)
+ board = clcdfb_of_get_board(dev);
+
+ if (!board)
return -EINVAL;
ret = dma_set_mask_and_coherent(&dev->dev, DMA_BIT_MASK(32));
commit 1d5167b72ca05b2096760e1200fcd53b5f9a7562
Author: Pawel Moll <pawel.moll@arm.com>
Date: Fri Aug 1 15:43:34 2014 +0100
video: ARM CLCD: Fix DT-related build problems
This patch fixes the following error when !CONFIG_OF:
drivers/video/fbdev/amba-clcd.c:800:54: warning: struct amba_dev declared inside parameter list [enabled by default]
static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
^
and adds a missing Kconfig select causing this
when CONFIG_OF && !CONFIG_FB_MODE_HELPERS:
drivers/video/fbdev/amba-clcd.c:567: undefined reference to `fb_videomode_from_videomode'
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
index 6f451ad..ef94623 100644
--- a/drivers/video/fbdev/Kconfig
+++ b/drivers/video/fbdev/Kconfig
@@ -280,6 +280,7 @@ config FB_ARMCLCD
select FB_CFB_FILLRECT
select FB_CFB_COPYAREA
select FB_CFB_IMAGEBLIT
+ select FB_MODE_HELPERS if OF
select VIDEOMODE_HELPERS if OF
help
This framebuffer device driver is for the ARM PrimeCell PL110
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
index 23b3519..beadd3e 100644
--- a/drivers/video/fbdev/amba-clcd.c
+++ b/drivers/video/fbdev/amba-clcd.c
@@ -797,7 +797,7 @@ static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
return board;
}
#else
-static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
{
return NULL;
}

111
arm-tegra-drmdetection.patch
View File

@ -1,111 +0,0 @@
From: Stephen Warren <swarren@xxxxxxxxxx>
When tegra-drm.ko is built as a module, these MODULE_DEVICE_TABLEs allow
the module to be auto-loaded since the module will match the devices
instantiated from device tree.
(Notes for stable: in 3.14+, just git rm any conflicting file, since they
are added in later kernels. For 3.13 and below, manual merging will be
needed)
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Stephen Warren <swarren@xxxxxxxxxx>
---
v2: Remove change to drm.c, since the match table there isn't used for
probing.
---
drivers/gpu/drm/tegra/dc.c | 1 +
drivers/gpu/drm/tegra/dpaux.c | 1 +
drivers/gpu/drm/tegra/dsi.c | 1 +
drivers/gpu/drm/tegra/gr2d.c | 1 +
drivers/gpu/drm/tegra/gr3d.c | 1 +
drivers/gpu/drm/tegra/hdmi.c | 1 +
drivers/gpu/drm/tegra/sor.c | 1 +
7 files changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
index ef40381f3909..48c3bc460eef 100644
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -1303,6 +1303,7 @@ static const struct of_device_id tegra_dc_of_match[] = {
/* sentinel */
}
};
+MODULE_DEVICE_TABLE(of, tegra_dc_of_match);
static int tegra_dc_parse_dt(struct tegra_dc *dc)
{
diff --git a/drivers/gpu/drm/tegra/dpaux.c b/drivers/gpu/drm/tegra/dpaux.c
index 3f132e356e9c..708f783ead47 100644
--- a/drivers/gpu/drm/tegra/dpaux.c
+++ b/drivers/gpu/drm/tegra/dpaux.c
@@ -382,6 +382,7 @@ static const struct of_device_id tegra_dpaux_of_match[] = {
{ .compatible = "nvidia,tegra124-dpaux", },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_dpaux_of_match);
struct platform_driver tegra_dpaux_driver = {
.driver = {
diff --git a/drivers/gpu/drm/tegra/dsi.c b/drivers/gpu/drm/tegra/dsi.c
index bd56f2affa78..97c409f10456 100644
--- a/drivers/gpu/drm/tegra/dsi.c
+++ b/drivers/gpu/drm/tegra/dsi.c
@@ -982,6 +982,7 @@ static const struct of_device_id tegra_dsi_of_match[] = {
{ .compatible = "nvidia,tegra114-dsi", },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_dsi_of_match);
struct platform_driver tegra_dsi_driver = {
.driver = {
diff --git a/drivers/gpu/drm/tegra/gr2d.c b/drivers/gpu/drm/tegra/gr2d.c
index 7c53941f2a9e..02cd3e37a6ec 100644
--- a/drivers/gpu/drm/tegra/gr2d.c
+++ b/drivers/gpu/drm/tegra/gr2d.c
@@ -121,6 +121,7 @@ static const struct of_device_id gr2d_match[] = {
{ .compatible = "nvidia,tegra20-gr2d" },
{ },
};
+MODULE_DEVICE_TABLE(of, gr2d_match);
static const u32 gr2d_addr_regs[] = {
GR2D_UA_BASE_ADDR,
diff --git a/drivers/gpu/drm/tegra/gr3d.c b/drivers/gpu/drm/tegra/gr3d.c
index 30f5ba9bd6d0..2bea2b2d204e 100644
--- a/drivers/gpu/drm/tegra/gr3d.c
+++ b/drivers/gpu/drm/tegra/gr3d.c
@@ -130,6 +130,7 @@ static const struct of_device_id tegra_gr3d_match[] = {
{ .compatible = "nvidia,tegra20-gr3d" },
{ }
};
+MODULE_DEVICE_TABLE(of, tegra_gr3d_match);
static const u32 gr3d_addr_regs[] = {
GR3D_IDX_ATTRIBUTE( 0),
diff --git a/drivers/gpu/drm/tegra/hdmi.c b/drivers/gpu/drm/tegra/hdmi.c
index a0b8d8539d07..84ea0c8b47f7 100644
--- a/drivers/gpu/drm/tegra/hdmi.c
+++ b/drivers/gpu/drm/tegra/hdmi.c
@@ -1370,6 +1370,7 @@ static const struct of_device_id tegra_hdmi_of_match[] = {
{ .compatible = "nvidia,tegra20-hdmi", .data = &tegra20_hdmi_config },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_hdmi_of_match);
static int tegra_hdmi_probe(struct platform_device *pdev)
{
diff --git a/drivers/gpu/drm/tegra/sor.c b/drivers/gpu/drm/tegra/sor.c
index 27c979b50111..061a5c501124 100644
--- a/drivers/gpu/drm/tegra/sor.c
+++ b/drivers/gpu/drm/tegra/sor.c
@@ -1455,6 +1455,7 @@ static const struct of_device_id tegra_sor_of_match[] = {
{ .compatible = "nvidia,tegra124-sor", },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_sor_of_match);
struct platform_driver tegra_sor_driver = {
.driver = {
--
1.8.1.5

16
arm-tegra-usb-no-reset-linux33.patch
View File

@ -1,16 +0,0 @@
--- linux-3.3.4-3.fc17.x86_64_orig/drivers/usb/core/hub.c 2012-05-02 20:08:18.421685932 -0400
+++ linux-3.3.4-3.fc17.x86_64/drivers/usb/core/hub.c 2012-05-02 20:30:36.565865425 -0400
@@ -3484,6 +3484,13 @@ static void hub_events(void)
(u16) hub->change_bits[0],
(u16) hub->event_bits[0]);
+ /* Don't disconnect USB-SATA on TrimSlice */
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
+ (hub->event_bits[0] == 0x2))
+ hub->event_bits[0] = 0;
+ }
+
/* Lock the device, then check to see if we were
* disconnected while waiting for the lock to succeed. */
usb_lock_device(hdev);

69
asus-wmi-Add-a-no-backlight-quirk.patch
View File

@ -1,69 +0,0 @@
Bugzilla: 1097436
Upstream-status: Sent upstream for 3.16
From f6fad201a0e4584e9826a2deb8ebbfccdb8cb13b Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:01 +0200
Subject: [PATCH 04/14] asus-wmi: Add a no backlight quirk
Some Asus motherboards for desktop PC-s export an acpi-video and
an asus-wmi interface advertising backlight support. Add a quirk to allow
to blacklist these so that desktop environments such as gnome don't start
showing nonsense brightness controls.
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/asus-wmi.c | 8 ++++++--
drivers/platform/x86/asus-wmi.h | 1 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index c5e082fb82fa..6f73dc5125ca 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1272,6 +1272,9 @@ static int asus_wmi_backlight_init(struct asus_wmi *asus)
int max;
int power;
+ if (asus->driver->quirks->no_backlight)
+ return -ENODEV;
+
max = read_brightness_max(asus);
if (max == -ENODEV)
@@ -1370,7 +1373,7 @@ static void asus_wmi_notify(u32 value, void *context)
code = ASUS_WMI_BRN_DOWN;
if (code == ASUS_WMI_BRN_DOWN || code == ASUS_WMI_BRN_UP) {
- if (!acpi_video_backlight_support()) {
+ if (asus->backlight_device) {
asus_wmi_backlight_notify(asus, orig_code);
goto exit;
}
@@ -1773,7 +1776,8 @@ static int asus_wmi_add(struct platform_device *pdev)
if (err)
goto fail_rfkill;
- if (asus->driver->quirks->wmi_backlight_power)
+ if (asus->driver->quirks->wmi_backlight_power ||
+ asus->driver->quirks->no_backlight)
acpi_video_dmi_promote_vendor();
if (!acpi_video_backlight_support()) {
pr_info("Disabling ACPI video driver\n");
diff --git a/drivers/platform/x86/asus-wmi.h b/drivers/platform/x86/asus-wmi.h
index 4da4c8bafe70..cc47efe14974 100644
--- a/drivers/platform/x86/asus-wmi.h
+++ b/drivers/platform/x86/asus-wmi.h
@@ -42,6 +42,7 @@ struct quirk_entry {
bool scalar_panel_brightness;
bool store_backlight_power;
bool wmi_backlight_power;
+ bool no_backlight;
int wapf;
/*
* For machines with AMD graphic chips, it will send out WMI event
--
1.9.0

53
asus-wmi-Restrict-debugfs-interface-when-module-load.patch Normal file
View File

@ -0,0 +1,53 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
restricted
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
be manipulated in such a way that arbitrary code can be executed in the
kernel, circumventing module loading restrictions. Prevent that if any of
these features are enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/platform/x86/asus-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index 21fc932da3a1..c6d42ad95c08 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1590,6 +1590,9 @@ static int show_dsts(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0)
@@ -1606,6 +1609,9 @@ static int show_devs(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval);
@@ -1630,6 +1636,9 @@ static int show_call(struct seq_file *m, void *data)
union acpi_object *obj;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
1, asus->debug.method_id,
&input, &output);
--
1.9.3

17
ath9k_rx_dma_stop_check.patch → ath9k-rx-dma-stop-check.patch
View File

@ -1,6 +1,16 @@
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Wed, 6 Feb 2013 09:57:47 -0500
Subject: [PATCH] ath9k: rx dma stop check
---
drivers/net/wireless/ath/ath9k/mac.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c
index 275205ab5f15..bb842623bdf6 100644
--- a/drivers/net/wireless/ath/ath9k/mac.c
+++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -689,7 +689,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
@@ -700,7 +700,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
{
#define AH_RX_STOP_DMA_TIMEOUT 10000 /* usec */
struct ath_common *common = ath9k_hw_common(ah);
@ -9,7 +19,7 @@
int i;
/* Enable access to the DMA observation bus */
@@ -719,6 +719,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
@@ -730,6 +730,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
}
if (i == 0) {
@ -26,3 +36,6 @@
ath_err(common,
"DMA failed to stop in %d ms AR_CR=0x%08x AR_DIAG_SW=0x%08x DMADBG_7=0x%08x\n",
AH_RX_STOP_DMA_TIMEOUT / 1000,
--
1.9.3

39
config-arm-generic
View File

@ -8,6 +8,7 @@ CONFIG_HW_PERF_EVENTS=y
CONFIG_NFS_FS=y
CONFIG_CRASH=m
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_PID_IN_CONTEXTIDR is not set
@ -42,6 +43,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y
# ARM AMBA generic HW
CONFIG_ARM_AMBA=y
CONFIG_ARM_CCI=y
CONFIG_ARM_CCN=y
CONFIG_ARM_DMA_USE_IOMMU=y
CONFIG_ARM_DMA_IOMMU_ALIGNMENT=8
CONFIG_ARM_GIC=y
@ -77,15 +79,12 @@ CONFIG_GENERIC_CPUFREQ_CPU0=m
# Device tree
CONFIG_DTC=y
CONFIG_DMA_OF=y
CONFIG_PROC_DEVICETREE=y
CONFIG_OF=y
CONFIG_OF_ADDRESS=y
CONFIG_OF_DEVICE=y
CONFIG_OF_DYNAMIC=y
CONFIG_OF_EARLY_FLATTREE=y
CONFIG_OF_FLATTREE=y
CONFIG_OF_GPIO=y
CONFIG_OF_I2C=m
CONFIG_OF_IOMMU=y
CONFIG_OF_IRQ=y
CONFIG_OF_MDIO=m
@ -101,14 +100,13 @@ CONFIG_THERMAL_OF=y
# External Connectors
CONFIG_EXTCON=m
CONFIG_OF_EXTCON=m
CONFIG_EXTCON_GPIO=m
CONFIG_EXTCON_ADC_JACK=m
# CONFIG_EXTCON_SM5502 is not set
# MTD
CONFIG_MTD_BLKDEVS=m
CONFIG_MTD_BLOCK=m
CONFIG_MTD_CHAR=m
CONFIG_MTD_CFI=m
CONFIG_MTD_CFI_INTELEXT=m
CONFIG_MTD_CFI_AMDSTD=m
@ -177,18 +175,27 @@ CONFIG_CMA_AREAS=7
# CONFIG_CRYPTO_TEST is not set
# CONFIG_TRANSPARENT_HUGEPAGE is not set
# CONFIG_XEN is not set
# CONFIG_MMC_DW_SOCFPGA is not set
# CONFIG_DRM_RCAR_DU is not set
# CONFIG_I2C_RCAR is not set
# CONFIG_DRM_SHMOBILE is not set
# CONFIG_I2C_SH_MOBILE is not set
# CONFIG_I2C_NOMADIK is not set
# CONFIG_LEDS_RENESAS_TPU is not set
# CONFIG_IRQ_DOMAIN_DEBUG is not set
# CONFIG_LOCK_STAT is not set
# CONFIG_DRM_ARMADA is not set
# CONFIG_DRM_TEGRA is not set
# CONFIG_SHMOBILE_IOMMU is not set
# CONFIG_COMMON_CLK_SI570 is not set
# CONFIG_COMMON_CLK_QCOM is not set
# CONFIG_IRQ_DOMAIN_DEBUG is not set
# CONFIG_ARM_PTDUMP is not set
### turn off things which make no sense on ARM
# CONFIG_PATA_PLATFORM is not set
# CONFIG_USB_ULPI is not set
### turn off things which make no sense on embedded SoC
# core
@ -201,8 +208,6 @@ CONFIG_CMA_AREAS=7
# CONFIG_ISDN is not set
# CONFIG_GAMEPORT is not set
# CONFIG_AGP is not set
# CONFIG_PATA_PLATFORM is not set
# CONFIG_USB_ULPI is not set
# netdrv
@ -220,7 +225,6 @@ CONFIG_CMA_AREAS=7
# CONFIG_NET_VENDOR_SUN is not set
# CONFIG_NET_VENDOR_WIZNET is not set
# CONFIG_NET_VENDOR_XIRCOM is not set
# CONFIG_NET_PCMCIA is not set
# scsi
@ -241,10 +245,17 @@ CONFIG_CMA_AREAS=7
# CONFIG_SCSI_MPT3SAS is not set
# serial
# CONFIG_SERIAL_SH_SCI is not set
# CONFIG_SERIAL_MAX3100 is not set
# CONFIG_SERIAL_MAX310X is not set
# CONFIG_SERIAL_IFX6X60 is not set
# drm
# CONFIG_DRM_VMWGFX is not set
# CONFIG_IMX_IPUV3_CORE is not set
# CONFIG_DEBUG_SET_MODULE_RONX is not set
# CONFIG_LATTICE_ECP3_CONFIG is not set
# CONFIG_BMP085_SPI is not set
# CONFIG_TI_DAC7512 is not set
# CONFIG_SPI_ROCKCHIP is not set

31
config-arm64
View File

@ -9,7 +9,6 @@ CONFIG_SCHED_SMT=y
# arm64 only SoCs
CONFIG_ARCH_XGENE=y
# CONFIG_ALWAYS_USE_PERSISTENT_CLOCK is not set
# CONFIG_AMBA_PL08X is not set
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
CONFIG_ARCH_REQUIRE_GPIOLIB=y
@ -26,11 +25,9 @@ CONFIG_CMDLINE="console=ttyAMA0"
# CONFIG_CMDLINE_FORCE is not set
CONFIG_CONSOLE_TRANSLATIONS=y
CONFIG_GENERIC_ACL=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
CONFIG_GENERIC_CSUM=y
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_GENERIC_IO=y
CONFIG_GENERIC_PCI_IOMAP=y
@ -81,6 +78,10 @@ CONFIG_CRYPTO_AES_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
# APM Xgene
CONFIG_POWER_RESET_XGENE=y
@ -111,3 +112,27 @@ CONFIG_PCI_XGENE=y
CONFIG_HOTPLUG_PCI=y
# CONFIG_HOTPLUG_PCI_CPCI is not set
# CONFIG_HOTPLUG_PCI_SHPC is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
# CONFIG_PNP_DEBUG_MESSAGES is not set
CONFIG_NET_SB1000=y
CONFIG_SBSAUART_TTY=y
CONFIG_I2C_SCMI=m
CONFIG_SENSORS_ACPI_POWER=m
CONFIG_IMX_THERMAL=m
CONFIG_PWM_LPSS=m
CONFIG_ACPI=y
CONFIG_ACPI_PROCFS_POWER=y
CONFIG_ACPI_EC_DEBUGFS=y
CONFIG_ACPI_BUTTON=m
CONFIG_ACPI_FAN=m
CONFIG_ACPI_DOCK=y
CONFIG_ACPI_IPMI=y
CONFIG_ACPI_CONTAINER=y
CONFIG_ACPI_HED=m
CONFIG_ACPI_CUSTOM_METHOD=m
CONFIG_AMD_XGBE=y
CONFIG_AMD_XGBE_PHY=y
# CONFIG_AMD_XGBE_DCB is not set

56
config-armv7
View File

@ -10,7 +10,6 @@ CONFIG_ARCH_OMAP4=y
CONFIG_ARCH_PICOXCELL=y
CONFIG_ARCH_QCOM=y
CONFIG_ARCH_ROCKCHIP=y
# CONFIG_ARCH_SOCFPGA is not set
CONFIG_ARCH_TEGRA=y
CONFIG_ARCH_U8500=y
# CONFIG_ARCH_VIRT is not set
@ -23,7 +22,6 @@ CONFIG_ARCH_ZYNQ=y
# CONFIG_VIRTUALIZATION is not set
# mvebu
CONFIG_MACH_ARMADA_370_XP=y
CONFIG_MACH_ARMADA_370=y
CONFIG_MACH_ARMADA_375=y
CONFIG_MACH_ARMADA_38X=y
@ -39,7 +37,7 @@ CONFIG_MV643XX_ETH=m
CONFIG_PINCTRL_MVEBU=y
CONFIG_PINCTRL_ARMADA_370=y
CONFIG_PINCTRL_ARMADA_XP=y
# CONFIG_ARM_ARMADA_370_XP_CPUIDLE is not set
# CONFIG_ARM_MVEBU_V7_CPUIDLE is not set
CONFIG_PINCTRL_DOVE=y
CONFIG_EDAC_MV64X60=m
CONFIG_RTC_DRV_S35390A=m
@ -50,7 +48,6 @@ CONFIG_MVNETA=m
CONFIG_GPIO_MVEBU=y
CONFIG_MVEBU_CLK_CORE=y
CONFIG_MVEBU_CLK_COREDIV=y
CONFIG_MVEBU_CLK_GATING=y
CONFIG_MMC_MVSDIO=m
CONFIG_MMC_SDHCI_DOVE=m
CONFIG_SPI_ORION=m
@ -81,15 +78,12 @@ CONFIG_SOC_TI81XX=y
# CONFIG_MACH_CM_T3517 is not set
# CONFIG_MACH_CRANEBOARD is not set
# CONFIG_MACH_DEVKIT8000 is not set
# CONFIG_MACH_IGEP0030 is not set
# CONFIG_MACH_NOKIA_RX51 is not set
# CONFIG_MACH_OMAP_3430SDP is not set
# CONFIG_MACH_OMAP_3630SDP is not set
# CONFIG_MACH_OMAP_LDP is not set
# CONFIG_MACH_OMAP3_BEAGLE is not set
# CONFIG_MACH_OMAP3517EVM is not set
# CONFIG_MACH_OMAP3530_LV_SOM is not set
# CONFIG_MACH_OMAP3EVM is not set
# CONFIG_MACH_OMAP3_PANDORA is not set
# CONFIG_MACH_OMAP3_TORPEDO is not set
# CONFIG_MACH_OVERO is not set
@ -103,19 +97,16 @@ CONFIG_OMAP_RESET_CLOCKS=y
CONFIG_OMAP_MUX=y
CONFIG_OMAP_MUX_WARNINGS=y
CONFIG_OMAP_32K_TIMER=y
CONFIG_OMAP_32K_TIMER_HZ=128
CONFIG_OMAP_PACKAGE_CBB=y
CONFIG_OMAP_PACKAGE_CUS=y
# CONFIG_OMAP3_L2_AUX_SECURE_SAVE_RESTORE is not set
CONFIG_OMAP_MCBSP=y
CONFIG_OMAP2PLUS_MBOX=m
CONFIG_OMAP_MBOX_KFIFO_SIZE=256
CONFIG_OMAP_DM_TIMER=y
CONFIG_OMAP_PM_NOOP=y
CONFIG_DMA_OMAP=y
CONFIG_OMAP_IOMMU=y
CONFIG_OMAP_IOVMM=m
CONFIG_HWSPINLOCK_OMAP=m
CONFIG_OMAP3_EMU=y
# CONFIG_OMAP3_SDRC_AC_TIMING is not set
@ -136,9 +127,9 @@ CONFIG_BATTERY_TWL4030_MADC=m
CONFIG_OMAP_USB2=m
CONFIG_OMAP_CONTROL_PHY=m
CONFIG_TI_PIPE3=m
CONFIG_PCI_DRA7XX=y
CONFIG_TWL4030_USB=m
CONFIG_TWL6030_USB=m
CONFIG_TWL6030_PWM=m
CONFIG_TWL6040_CORE=y
CONFIG_CLK_TWL6040=m
CONFIG_OMAP_INTERCONNECT=m
@ -151,7 +142,6 @@ CONFIG_USB_EHCI_HCD_OMAP=m
CONFIG_USB_OHCI_HCD_OMAP3=m
CONFIG_USB_MUSB_AM35X=m
CONFIG_USB_MUSB_OMAP2PLUS=m
CONFIG_OMAP_CONTROL_USB=m
CONFIG_MMC_OMAP=m
CONFIG_MMC_OMAP_HS=y
CONFIG_RTC_DRV_MAX8907=m
@ -173,6 +163,7 @@ CONFIG_REGULATOR_PBIAS=m
CONFIG_RTC_DRV_PALMAS=m
CONFIG_OMAP5_DSS_HDMI=y
CONFIG_OMAP5_DSS_HDMI_AUDIO=y
CONFIG_COMMON_CLK_PALMAS=m
CONFIG_WL_TI=y
CONFIG_WLCORE_SDIO=m
@ -186,7 +177,6 @@ CONFIG_MTD_ONENAND_OMAP2=m
CONFIG_MTD_NAND_OMAP2=m
CONFIG_MTD_NAND_OMAP_BCH=y
CONFIG_SPI_OMAP24XX=m
CONFIG_MFD_TI_SSP=m
CONFIG_SPI_TI_QSPI=m
CONFIG_INPUT_TWL4030_PWRBUTTON=m
@ -194,10 +184,8 @@ CONFIG_INPUT_TWL4030_VIBRA=m
CONFIG_INPUT_TWL6040_VIBRA=m
CONFIG_KEYBOARD_OMAP4=m
CONFIG_KEYBOARD_TWL4030=m
CONFIG_TOUCHSCREEN_TI_TSCADC=m
# OMAP thermal temp. Can likely be built as module but doesn't autoload so build in to ensure performance on PandaES
CONFIG_OMAP_BANDGAP=y
CONFIG_TI_SOC_THERMAL=y
CONFIG_TI_THERMAL=y
CONFIG_OMAP4_THERMAL=y
@ -224,13 +212,10 @@ CONFIG_HW_RANDOM_OMAP3_ROM=m
CONFIG_DRM_OMAP=m
CONFIG_DRM_OMAP_NUM_CRTCS=2
CONFIG_OMAP2_VRFB=y
# CONFIG_FB_OMAP_BOOTLOADER_INIT is not set
# CONFIG_FB_OMAP_LCD_VGA is not set
# CONFIG_FB_OMAP2 is not set
# CONFIG_FB_DA8XX is not set
CONFIG_OMAP2_DSS=m
# CONFIG_OMAP2_DSS_DEBUG_SUPPORT is not set
# CONFIG_OMAP2_DSS_COLLECT_IRQ_STATS is not set
CONFIG_OMAP2_DSS_DPI=y
CONFIG_OMAP2_DSS_RFBI=y
@ -238,9 +223,7 @@ CONFIG_OMAP2_DSS_VENC=y
CONFIG_OMAP4_DSS_HDMI=y
CONFIG_OMAP2_DSS_SDI=y
CONFIG_OMAP2_DSS_DSI=y
# CONFIG_OMAP2_DSS_FAKE_VSYNC is not set
CONFIG_OMAP2_DSS_MIN_FCK_PER_PCK=0
CONFIG_OMAP2_DSS_SLEEP_BEFORE_RESET=y
CONFIG_OMAP2_DSS_SLEEP_AFTER_VENC_RESET=y
CONFIG_DISPLAY_ENCODER_TFP410=m
@ -263,14 +246,9 @@ CONFIG_V4L_PLATFORM_DRIVERS=y
# CONFIG_VIDEO_OMAP2_VOUT is not set
CONFIG_VIDEO_OMAP3=m
# CONFIG_VIDEO_OMAP4 is not set
# CONFIG_VIDEO_OMAP4_DEBUG is not set
# The ones below are for TI Davinci
# CONFIG_VIDEO_VPFE_CAPTURE is not set
# CONFIG_VIDEO_VPSS_SYSTEM is not set
# CONFIG_VIDEO_DM6446_CCDC is not set
# CONFIG_VIDEO_DM644X_VPBE is not set
# CONFIG_VIDEO_DM355_CCDC is not set
# CONFIG_VIDEO_ISIF is not set
# Also enable vivi driver - useful for testing a full kernelspace V4L2 driver
CONFIG_V4L_TEST_DRIVERS=y
CONFIG_VIDEO_VIVI=m
@ -280,18 +258,13 @@ CONFIG_SND_SOC_I2C_AND_SPI=m
CONFIG_SND_OMAP_SOC_AM3517EVM=m
CONFIG_SND_OMAP_SOC_DMIC=m
CONFIG_SND_OMAP_SOC_HDMI=m
CONFIG_SND_OMAP_SOC_IGEP0020=m
CONFIG_SND_OMAP_SOC_MCBSP=m
CONFIG_SND_OMAP_SOC_MCPDM=m
CONFIG_SND_OMAP_SOC_OMAP_HDMI=m
CONFIG_SND_OMAP_SOC_OMAP_ABE_TWL6040=m
CONFIG_SND_OMAP_SOC_OMAP_TWL4030=m
CONFIG_SND_OMAP_SOC_OMAP3EVM=m
CONFIG_SND_OMAP_SOC_OMAP3_BEAGLE=m
CONFIG_SND_OMAP_SOC_OMAP3_PANDORA=m
CONFIG_SND_OMAP_SOC_OVERO=m
CONFIG_SND_OMAP_SOC_RX51=m
CONFIG_SND_OMAP_SOC_SDP4430=m
CONFIG_SND_SOC_TLV320AIC23=m
CONFIG_SND_SOC_TLV320AIC3X=m
CONFIG_SND_SOC_TWL4030=m
@ -301,7 +274,6 @@ CONFIG_RADIO_WL128X=m
CONFIG_OMAP_REMOTEPROC=m
# CONFIG_TIDSPBRIDGE is not set
# CONFIG_OMAP2_DSS_DEBUGFS is not set
# CONFIG_OMAP_IOMMU_DEBUG is not set
# CONFIG_OMAP_MUX_DEBUG is not set
@ -334,6 +306,7 @@ CONFIG_SND_DAVINCI_SOC_I2S=m
CONFIG_SND_DAVINCI_SOC_MCASP=m
CONFIG_SND_DAVINCI_SOC_VCIF=m
CONFIG_SND_DAVINCI_SOC_GENERIC_EVM=m
CONFIG_SND_EDMA_SOC=m
CONFIG_SND_AM33XX_SOC_EVM=m
CONFIG_REGULATOR_TI_ABB=m
CONFIG_TI_ADC081C=m
@ -351,7 +324,6 @@ CONFIG_SERIAL_MSM_CONSOLE=y
CONFIG_PINCTRL_APQ8064=m
CONFIG_PINCTRL_IPQ8064=m
CONFIG_PINCTRL_MSM8960=m
CONFIG_PINCTRL_MSM8960=m
CONFIG_COMMON_CLK_QCOM=m
CONFIG_APQ_GCC_8084=m
CONFIG_APQ_MMCC_8084=m
@ -370,6 +342,9 @@ CONFIG_USB_MSM_OTG=m
CONFIG_MMC_SDHCI_MSM=m
CONFIG_QCOM_BAM_DMA=m
CONFIG_QCOM_GSBI=m
CONFIG_PHY_QCOM_APQ8064_SATA=m
CONFIG_PHY_QCOM_IPQ806X_SATA=m
CONFIG_CRYPTO_DEV_QCE=m
CONFIG_MSM_IOMMU=y
CONFIG_DRM_MSM=m
CONFIG_DRM_MSM_FBDEV=y
@ -377,7 +352,6 @@ CONFIG_USB_EHCI_MSM=m
# CONFIG_DRM_MSM_REGISTER_LOGGING is not set
# i.MX
CONFIG_MXC_IRQ_PRIOR=y
# CONFIG_MXC_DEBUG_BOARD is not set
CONFIG_SOC_IMX50=y
CONFIG_SOC_IMX51=y
@ -386,7 +360,6 @@ CONFIG_SOC_IMX6Q=y
CONFIG_SOC_IMX6SL=y
CONFIG_SOC_IMX6SX=y
# CONFIG_SOC_VF610 is not set
CONFIG_MACH_IMX51_DT=y
CONFIG_ARM_IMX6Q_CPUFREQ=m
CONFIG_PCI_IMX6=y
CONFIG_IMX_THERMAL=m
@ -414,7 +387,6 @@ CONFIG_STMPE_I2C=y
CONFIG_SPI_IMX=m
CONFIG_SPI_FSL_QUADSPI=m
CONFIG_STMPE_SPI=y
CONFIG_MFD_MC13783=m
CONFIG_MFD_MC13XXX_SPI=m
CONFIG_MFD_STMPE=y
CONFIG_MTD_NAND_GPMI_NAND=m
@ -428,6 +400,7 @@ CONFIG_RTC_DRV_SNVS=m
# CONFIG_FB_IMX is not set
CONFIG_SND_IMX_SOC=m
CONFIG_SND_SOC_FSL_ASRC=m
CONFIG_SND_SOC_FSL_ESAI=m
CONFIG_SND_SOC_FSL_SAI=m
CONFIG_SND_SOC_FSL_SPDIF=m
@ -442,7 +415,6 @@ CONFIG_SND_SOC_IMX_WM8962=m
CONFIG_SND_SOC_IMX_MC13783=m
CONFIG_SND_SOC_IMX_SPDIF=m
CONFIG_SND_SOC_EUKREA_TLV320=m
CONFIG_SND_SOC_TVL320AIC32X4=m
CONFIG_SND_SOC_WM8731=m
CONFIG_USB_IMX21_HCD=m
@ -503,10 +475,17 @@ CONFIG_REGULATOR_DA9055=m
# picoxcell
# CONFIG_CRYPTO_DEV_PICOXCELL is not set
# CONFIG_HW_RANDOM_PICOXCELL is not set
# Exynos 4
CONFIG_ARCH_EXYNOS4=y
CONFIG_SOC_EXYNOS4212=y
CONFIG_SOC_EXYNOS4412=y
# Rockchips
CONFIG_I2C_RK3X=m
CONFIG_SPI_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP=m
CONFIG_PWM_ROCKCHIP=m
# ST Ericsson
CONFIG_MACH_HREFV60=y
@ -584,7 +563,6 @@ CONFIG_MFD_TPS80031=y
CONFIG_KEYBOARD_NVEC=y
CONFIG_SERIO_NVEC_PS2=y
CONFIG_NVEC_POWER=y
CONFIG_NVEC_LEDS=y
CONFIG_NVEC_PAZ00=y
CONFIG_MFD_TPS6586X=y
CONFIG_GPIO_TPS6586X=y
@ -605,6 +583,8 @@ CONFIG_LATTICE_ECP3_CONFIG=m
CONFIG_NET_VENDOR_XILINX=y
CONFIG_XILINX_EMACLITE=m
CONFIG_GPIO_XILINX=y
# Broken
# CONFIG_GPIO_ZYNQ is not set
CONFIG_I2C_XILINX=m
CONFIG_SPI_XILINX=m
CONFIG_SPI_CADENCE=m

52
config-armv7-generic
View File

@ -35,7 +35,6 @@ CONFIG_ZBOOT_ROM_TEXT=0x0
CONFIG_ZBOOT_ROM_BSS=0x0
CONFIG_XZ_DEC_ARMTHUMB=y
CONFIG_ARCH_HAS_TICK_BROADCAST=y
CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y
CONFIG_IRQ_CROSSBAR=y
# CONFIG_MCPM is not set
@ -60,9 +59,13 @@ CONFIG_ARCH_VEXPRESS_CORTEX_A5_A9_ERRATA=y
# CONFIG_ARCH_BCM is not set
# CONFIG_ARCH_BERLIN is not set
# CONFIG_ARCH_HI3xxx is not set
# CONFIG_ARCH_HISI is not set
# CONFIG_ARCH_MEDIATEK is not set
# CONFIG_ARCH_QCOM is not set
# CONFIG_ARCH_S5PV210 is not set
# CONFIG_ARCH_SHMOBILE_MULTI is not set
# CONFIG_ARCH_SIRF is not set
# CONFIG_ARCH_SOCFPGA is not set
# CONFIG_PLAT_SPEAR is not set
# CONFIG_ARCH_STI is not set
# CONFIG_ARCH_U8500 is not set
@ -122,7 +125,6 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768
CONFIG_XZ_DEC_ARM=y
CONFIG_UACCESS_WITH_MEMCPY=y
CONFIG_CC_STACKPROTECTOR=y
CONFIG_PCI_HOST_GENERIC=y
@ -165,11 +167,11 @@ CONFIG_ARM_HIGHBANK_CPUFREQ=m
# CONFIG_MACH_SUN5I is not set
CONFIG_MACH_SUN6I=y
CONFIG_MACH_SUN7I=y
CONFIG_PINCTRL_SUNXI=y
# CONFIG_MACH_SUN8I is not set
CONFIG_DMA_SUN6I=m
CONFIG_SUNXI_WATCHDOG=m
CONFIG_NET_VENDOR_ALLWINNER=y
CONFIG_STMMAC_PLATFORM=y
CONFIG_DWMAC_SOCFPGA=y
CONFIG_DWMAC_SUNXI=y
CONFIG_EEPROM_SUNXI_SID=m
CONFIG_RTC_DRV_SUNXI=m
@ -184,18 +186,15 @@ CONFIG_POWER_RESET_SUN6I=y
CONFIG_TOUCHSCREEN_SUN4I=m
CONFIG_MFD_AXP20X=y
CONFIG_REGULATOR_AXP20X=m
CONFIG_IR_SUNXI=m
CONFIG_MDIO_SUN4I=m
CONFIG_SUN4I_EMAC=m
CONFIG_MDIO_SUN4I=m
CONFIG_SUN4I_EMAC=m
# Exynos
CONFIG_ARCH_EXYNOS3=y
CONFIG_ARCH_EXYNOS4=y
# CONFIG_ARCH_EXYNOS4 is not set
CONFIG_ARCH_EXYNOS5=y
CONFIG_SOC_EXYNOS3250=y
CONFIG_SOC_EXYNOS4212=y
CONFIG_SOC_EXYNOS4412=y
CONFIG_SOC_EXYNOS5250=y
CONFIG_SOC_EXYNOS5420=y
CONFIG_SOC_EXYNOS5440=y
@ -304,8 +303,6 @@ CONFIG_TEGRA_IOMMU_SMMU=y
CONFIG_MMC_SDHCI_TEGRA=m
CONFIG_TEGRA_WATCHDOG=m
CONFIG_I2C_TEGRA=m
CONFIG_TEGRA_SYSTEM_DMA=y
CONFIG_TEGRA_EMC_SCALING_ENABLE=y
CONFIG_TEGRA_AHB=y
CONFIG_TEGRA20_APB_DMA=y
CONFIG_SPI_TEGRA114=m
@ -326,6 +323,9 @@ CONFIG_DRM_TEGRA_FBDEV=y
# CONFIG_DRM_TEGRA_DEBUG is not set
CONFIG_DRM_TEGRA_STAGING=y
CONFIG_NOUVEAU_PLATFORM_DRIVER=m
CONFIG_AD525X_DPOT=m
CONFIG_AD525X_DPOT_I2C=m
CONFIG_AD525X_DPOT_SPI=m
# Jetson TK1
CONFIG_PINCTRL_AS3722=y
@ -365,7 +365,6 @@ CONFIG_AX88796_93CX6=y
# usb gadget
CONFIG_USB_OTG=y
CONFIG_USB_GADGET=m
CONFIG_USB_GADGET_MUSB_HDRC=m
CONFIG_USB_GADGET_VBUS_DRAW=100
CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2
CONFIG_USB_MUSB_HDRC=m
@ -382,12 +381,10 @@ CONFIG_USB_CONFIGFS_NCM=y
CONFIG_USB_CONFIGFS_OBEX=y
# CONFIG_USB_CONFIGFS_RNDIS is not set
CONFIG_USB_CONFIGFS_SERIAL=y
CONFIG_USB_CONFIGFS_STORAGE=y
# CONFIG_USB_CONFIGFS_F_LB_SS is not set
# CONFIG_USB_CONFIGFS_F_FS is not set
# CONFIG_MUSB_PIO_ONLY is not set
# CONFIG_USB_MUSB_DEBUG is not set
# CONFIG_USB_GADGET_DEBUG is not set
# CONFIG_USB_GADGET_DEBUG_FILES is not set
# CONFIG_USB_GADGET_DEBUG_FS is not set
@ -427,6 +424,7 @@ CONFIG_MFD_TPS65912_SPI=y
# CONFIG_MFD_TPS80031 is not set
# CONFIG_TWL4030_CORE is not set
# CONFIG_TWL6040_CORE is not set
#
# Pin stuff
CONFIG_PINMUX=y
@ -435,11 +433,11 @@ CONFIG_PINCTRL=y
CONFIG_PINCTRL_SINGLE=y
CONFIG_GENERIC_PINCONF=y
# CONFIG_PINCTRL_SAMSUNG is not set
# CONFIG_PINCTRL_CAPRI is not set
# CONFIG_PINCTRL_MSM8X74 is not set
# CONFIG_PINCTRL_BCM281XX is not set
# CONFIG_PINCTRL_APQ8064 is not set
# CONFIG_PINCTRL_IPQ8064 is not set
# CONFIG_PINCTRL_MSM8960 is not set
# GPIO
# CONFIG_GPIO_EM is not set
@ -478,7 +476,6 @@ CONFIG_SPI_OC_TINY=m
CONFIG_SPI_SC18IS602=m
CONFIG_SPI_TLE62X0=m
CONFIG_SPI_XCOMM=m
CONFIG_SPI_XILINX=m
# CONFIG_SPI_FSL_SPI is not set
# CONFIG_SPI_CADENCE is not set
@ -493,6 +490,8 @@ CONFIG_I2C_MV64XXX=m
CONFIG_CRYPTO_SHA1_ARM=m
CONFIG_CRYPTO_AES_ARM=m
# CONFIG_CRYPTO_AES_ARM_BS is not set
CONFIG_CRYPTO_SHA1_ARM_NEON=m
CONFIG_CRYPTO_SHA512_ARM_NEON=m
# DMA
CONFIG_TI_PRIV_EDMA=y
@ -504,7 +503,6 @@ CONFIG_EDAC_MM_EDAC=m
CONFIG_EDAC_LEGACY_SYSFS=y
# Watchdog
CONFIG_MPCORE_WATCHDOG=m
# Thermal / powersaving
CONFIG_THERMAL=y
@ -550,7 +548,6 @@ CONFIG_MMC_DW_PLTFM=m
CONFIG_MMC_DW_PCI=m
CONFIG_SPI_DW_MMIO=m
CONFIG_SPI_DW_PCI=m
# CONFIG_MMC_DW_SOCFPGA is not set
# CONFIG_MMC_DW_IDMAC is not set
# CONFIG_MMC_DW_K3 is not set
CONFIG_USB_DWC2=y
@ -565,6 +562,7 @@ CONFIG_USB_DWC3_OMAP=m
CONFIG_USB_DWC3_PCI=m
# CONFIG_USB_DWC3_DEBUG is not set
# CONFIG_USB_DWC3_KEYSTONE is not set
# CONFIG_DWC3_HOST_USB3_LPM_ENABLE is not set
CONFIG_DW_WATCHDOG=m
CONFIG_PCIE_DW=y
@ -579,7 +577,6 @@ CONFIG_SND_DMAENGINE_PCM=m
CONFIG_SND_JACK=y
CONFIG_SND_SIMPLE_CARD=m
CONFIG_SND_SOC_ALL_CODECS=m
CONFIG_SND_SOC_CACHE_LZO=y
CONFIG_SND_SOC_DMIC=m
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
CONFIG_SND_SOC_HDMI_CODEC=m
@ -618,15 +615,21 @@ CONFIG_SND_SOC_SPDIF=m
# CONFIG_SND_SOC_WM8903 is not set
# CONFIG_SND_SOC_WM8962 is not set
# CONFIG_SND_SOC_TPA6130A2 is not set
# CONFIG_SND_SOC_FSL_SAI is not set
# CONFIG_SND_SOC_FSL_SSI is not set
# CONFIG_SND_SOC_FSL_SPDIF is not set
# CONFIG_SND_SOC_FSL_ASRC is not set
# CONFIG_SND_SOC_FSL_ESAI is not set
# CONFIG_SND_SOC_FSL_SAI is not set
# CONFIG_SND_SOC_FSL_SPDIF is not set
# CONFIG_SND_SOC_FSL_SSI is not set
# CONFIG_SND_SOC_IMX_AUDMUX is not set
# CONFIG_SND_SOC_ALC5623 is not set
# CONFIG_SND_SOC_CS42L56 is not set
# CONFIG_SND_SOC_STA350 is not set
# CONFIG_SND_ATMEL_SOC is not set
# CONFIG_SND_SOC_TLV320AIC31XX is not set
# CONFIG_SND_SOC_TAS2552 is not set
# CONFIG_SND_SOC_CS4265 is not set
# CONFIG_SND_EDMA_SOC is not set
# CONFIG_SND_SOC_ROCKCHIP is not set
# Displays
CONFIG_BACKLIGHT_TPS65217=m
@ -652,7 +655,6 @@ CONFIG_RTC_DRV_TPS80031=m
# Regulators
CONFIG_REGULATOR=y
CONFIG_RFKILL_REGULATOR=m
CONFIG_REGULATOR_DUMMY=y
CONFIG_REGULATOR_FIXED_VOLTAGE=y
CONFIG_REGULATOR_VIRTUAL_CONSUMER=m
CONFIG_REGULATOR_USERSPACE_CONSUMER=m
@ -685,6 +687,7 @@ CONFIG_REGULATOR_TPS65912=m
CONFIG_REGULATOR_TPS80031=m
CONFIG_REGULATOR_LTC3589=m
CONFIG_REGULATOR_ANATOP=m
CONFIG_REGULATOR_DA9211=m
CONFIG_CHARGER_MANAGER=y
CONFIG_CHARGER_BQ2415X=m
@ -771,7 +774,6 @@ CONFIG_UBIFS_FS=m
CONFIG_UBIFS_FS_ADVANCED_COMPR=y
CONFIG_UBIFS_FS_LZO=y
CONFIG_UBIFS_FS_ZLIB=y
# CONFIG_UBIFS_FS_DEBUG is not set
# Sensors
CONFIG_SENSORS_HTU21=m
@ -792,6 +794,7 @@ CONFIG_BPF_JIT=y
# HW Enabled in armv7 not lpae
# CONFIG_DRM_TILCDC is not set
# CONFIG_DRM_IMX is not set
# CONFIG_DRM_STI is not set
# CONFIG_AHCI_IMX is not set
# CONFIG_IMX_THERMAL is not set
# CONFIG_TI_DAC7512 is not set
@ -828,6 +831,7 @@ CONFIG_BPF_JIT=y
# CONFIG_MMC_TMIO is not set
# CONFIG_PINCTRL_IMX35 is not set
# CONFIG_DVB_USB_PCTV452E is not set
# CONFIG_DWMAC_SOCFPGA is not set
# CONFIG_MFD_LP8788 is not set
# CONFIG_MFD_MAX77693 is not set

2
config-armv7-lpae
View File

@ -11,7 +11,6 @@ CONFIG_ARCH_VIRT=y
# CONFIG_SOC_AM43XX is not set
# CONFIG_SOC_DRA7XX is not set
# CONFIG_ARCH_ROCKCHIP is not set
# CONFIG_ARCH_SOCFPGA is not set
# CONFIG_ARCH_ZYNQ is not set
# CONFIG_ARCH_AXXIA is not set
@ -62,6 +61,7 @@ CONFIG_TI_AEMIF=m
CONFIG_POWER_RESET_KEYSTONE=y
CONFIG_DAVINCI_WATCHDOG=m
CONFIG_SPI_DAVINCI=m
CONFIG_TI_DAVINCI_MDIO=m
# CONFIG_TI_SOC_THERMAL is not set
# Tegra (non A15 device options)

6
config-debug
View File

@ -31,14 +31,12 @@ CONFIG_LOCK_STAT=y
CONFIG_DEBUG_STACK_USAGE=y
CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
CONFIG_DEBUG_SG=y
CONFIG_DEBUG_PI_LIST=y
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_DEBUG_WRITECOUNT=y
CONFIG_DEBUG_OBJECTS=y
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
CONFIG_DEBUG_OBJECTS_FREE=y
@ -53,7 +51,6 @@ CONFIG_CAN_DEBUG_DEVICES=y
CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_SYSCTL_SYSCALL_CHECK=y
CONFIG_DEBUG_NOTIFIERS=y
@ -97,7 +94,6 @@ CONFIG_PM_ADVANCED_DEBUG=y
CONFIG_CEPH_LIB_PRETTYDEBUG=y
CONFIG_QUOTA_DEBUG=y
CONFIG_PCI_DEFAULT_USE_CRS=y
CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y
@ -123,6 +119,8 @@ CONFIG_MAC80211_MESSAGE_TRACING=y
CONFIG_EDAC_DEBUG=y
CONFIG_SPI_DEBUG=y
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
CONFIG_LATENCYTOP=y
CONFIG_SCHEDSTATS=y

368
config-generic
View File

File diff suppressed because it is too large Load Diff

1
config-i686-PAE
View File

@ -1,6 +1,5 @@
# CONFIG_HIGHMEM4G is not set
CONFIG_HIGHMEM64G=y
# CONFIG_OLPC_OPENFIRMWARE is not set
CONFIG_XEN_DEV_EVTCHN=m
CONFIG_XEN_SYS_HYPERVISOR=y

4
config-nodebug
View File

@ -31,14 +31,12 @@ CONFIG_CPUMASK_OFFSTACK=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_ACPI_DEBUG is not set
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_PI_LIST is not set
# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_WRITECOUNT is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
# CONFIG_DEBUG_OBJECTS_FREE is not set
@ -53,7 +51,6 @@ CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
# CONFIG_MODULE_FORCE_UNLOAD is not set
# CONFIG_SYSCTL_SYSCALL_CHECK is not set
# CONFIG_DEBUG_NOTIFIERS is not set
@ -97,7 +94,6 @@ CONFIG_PM_ADVANCED_DEBUG=y
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
# CONFIG_QUOTA_DEBUG is not set
CONFIG_PCI_DEFAULT_USE_CRS=y
CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y

15
config-powerpc-generic
View File

@ -14,7 +14,6 @@ CONFIG_TAU_AVERAGE=y
# CONFIG_GEN_RTC is not set
# CONFIG_GEN_RTC_X is not set
CONFIG_RTC_DRV_GENERIC=y
CONFIG_PROC_DEVICETREE=y
# CONFIG_CMDLINE_BOOL is not set
CONFIG_ADB=y
@ -61,21 +60,17 @@ CONFIG_CAPI_EICON=y
CONFIG_NVRAM=y
# CONFIG_PCMCIA_M8XX is not set
# CONFIG_SCSI_AHA1542 is not set
# CONFIG_SCSI_IN2000 is not set
# CONFIG_SCSI_IPS is not set
# CONFIG_NI52 is not set
# CONFIG_NI65 is not set
# CONFIG_LANCE is not set
# CONFIG_3C515 is not set
# CONFIG_ELPLUS is not set
CONFIG_MEMORY_HOTPLUG=y
# Stuff which wants bus_to_virt() or virt_to_bus()
# CONFIG_BLK_CPQ_DA is not set
# CONFIG_VIDEO_STRADIS is not set
# CONFIG_VIDEO_ZORAN is not set
# CONFIG_ATM_HORIZON is not set
# CONFIG_ATM_FIRESTREAM is not set
@ -97,7 +92,6 @@ CONFIG_PPC_MEDIA5200=y
# CONFIG_PPC_LITE5200 is not set
CONFIG_PPC_BESTCOMM=y
CONFIG_PMAC_RACKMETER=m
CONFIG_USB_OHCI_HCD_PPC_SOC=y
CONFIG_USB_OHCI_HCD_PCI=y
CONFIG_USB_OHCI_HCD_PPC_OF=y
CONFIG_USB_OHCI_HCD_PPC_OF_BE=y
@ -186,7 +180,6 @@ CONFIG_PATA_OF_PLATFORM=m
CONFIG_USB_EHCI_HCD_PPC_OF=y
# CONFIG_MPC5121_ADS is not set
# CONFIG_MPC5121_GENERIC is not set
CONFIG_MTD_OF_PARTS=y
# CONFIG_MTD_NAND_FSL_ELBC is not set
CONFIG_THERMAL=y
@ -227,7 +220,6 @@ CONFIG_NET_VENDOR_IBM=y
# CONFIG_QUICC_ENGINE is not set
# CONFIG_QE_GPIO is not set
# CONFIG_MPC8xxx_GPIO is not set
CONFIG_IDE_GD=y
CONFIG_IDE_GD_ATA=y
@ -278,7 +270,6 @@ CONFIG_MMC_SDHCI_OF=m
# CONFIG_CONSISTENT_SIZE_BOOL is not set
CONFIG_CAN_SJA1000_OF_PLATFORM=m
CONFIG_PPC_EMULATED_STATS=y
@ -292,7 +283,6 @@ CONFIG_PPC_DISABLE_WERROR=y
# CONFIG_XILINX_EMACLITE is not set
CONFIG_GPIO_WM831X=m
# CONFIG_GPIO_LANGWELL is not set
# CONFIG_GPIO_UCB1400 is not set
# CONFIG_EDAC_MPC85XX is not set
@ -305,7 +295,6 @@ CONFIG_SPARSE_IRQ=y
CONFIG_PATA_MACIO=y
CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
# CONFIG_PMIC_ADP5520 is not set
# CONFIG_MFD_88PM8607 is not set
# CONFIG_MFD_MAX8997 is not set
# CONFIG_MFD_TPS65910 is not set
# CONFIG_MFD_TPS65912_I2C is not set
@ -314,7 +303,6 @@ CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
# CONFIG_MMC_SDHCI_OF_ESDHC is not set
# CONFIG_MMC_SDHCI_OF_HLWD is not set
# CONFIG_MFD_TC35892 is not set
# CONFIG_MFD_AAT2870_CORE is not set
# CONFIG_GPIO_SCH is not set
@ -368,10 +356,7 @@ CONFIG_PPC_DENORMALISATION=y
# CONFIG_RTC_DRV_SNVS is not set
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
# CONFIG_OF_DISPLAY_TIMING is not set
# CONFIG_OF_VIDEOMODE is not set
# CONFIG_POWERNV_MSI is not set
# CONFIG_CPU_LITTLE_ENDIAN is not set
CONFIG_POWER_RESET_GPIO=y

16
config-powerpc64
View File

@ -8,11 +8,9 @@ CONFIG_PPC_PMAC64=y
CONFIG_PPC_MAPLE=y
# CONFIG_PPC_CELL is not set
# CONFIG_PPC_IBM_CELL_BLADE is not set
# CONFIG_PPC_ISERIES is not set
CONFIG_PPC_PSERIES=y
CONFIG_PPC_PMAC=y
CONFIG_PPC_POWERNV=y
CONFIG_POWERNV_MSI=y
CONFIG_PPC_POWERNV_RTAS=y
CONFIG_SENSORS_IBMPOWERNV=y
CONFIG_HW_RANDOM_POWERNV=m
@ -51,15 +49,10 @@ CONFIG_SCSI_IPR=m
CONFIG_SCSI_IPR_TRACE=y
CONFIG_SCSI_IPR_DUMP=y
CONFIG_HVC_RTAS=y
# CONFIG_HVC_ISERIES is not set
CONFIG_HVC_OPAL=y
# iSeries device drivers
#
# CONFIG_ISERIES_VETH is not set
CONFIG_VIODASD=m
CONFIG_VIOCD=m
CONFIG_VIOTAPE=m
CONFIG_PASEMI_MAC=m
CONFIG_SERIAL_OF_PLATFORM=m
@ -86,10 +79,8 @@ CONFIG_NR_CPUS=1024
# CONFIG_FB_ATY128 is not set
# CONFIG_FB_ATY is not set
# CONFIG_POWER4_ONLY is not set
CONFIG_RTAS_PROC=y
CONFIG_IOMMU_VMERGE=y
CONFIG_NUMA=y
CONFIG_NUMA_BALANCING=y
CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
@ -119,17 +110,14 @@ CONFIG_INFINIBAND_EHCA=m
CONFIG_XMON_DISASSEMBLY=y
CONFIG_SCSI_IBMVSCSIS=m
# CONFIG_TUNE_CELL is not set
# CONFIG_BLK_DEV_PLATFORM is not set
# CONFIG_VIRQ_DEBUG is not set
CONFIG_EDAC_CPC925=m
CONFIG_FRAME_WARN=2048
CONFIG_PHYP_DUMP=y
CONFIG_FORCE_MAX_ZONEORDER=9
CONFIG_VIRTUALIZATION=y
@ -140,12 +128,14 @@ CONFIG_SCSI_IBMVFC=m
CONFIG_IBM_BSR=m
CONFIG_CRASH_DUMP=y
CONFIG_FA_DUMP=y
CONFIG_RELOCATABLE=y
CONFIG_RCU_FANOUT=64
CONFIG_CMA=y
# CONFIG_CMA_DEBUG is not set
CONFIG_CMA_AREAS=7
CONFIG_KVM_BOOK3S_64=m
CONFIG_KVM_BOOK3S_64_HV=m
CONFIG_KVM_BOOK3S_64_PR=m
@ -189,3 +179,5 @@ CONFIG_BPF_JIT=y
# CONFIG_PPC_TRANSACTIONAL_MEM is not set
# CONFIG_SND_HDA_INTEL is not set
CONFIG_BLK_DEV_RSXX=m
# CONFIG_CARL9170 is not set

4
config-powerpc64le
View File

@ -1,5 +1 @@
# CONFIG_VIRTUALIZATION is not set
# CONFIG_BPF_JIT is not set
CONFIG_CPU_LITTLE_ENDIAN=y
# CONFIG_CARL9170 is not set

15
config-powerpc64p7
View File

@ -3,12 +3,9 @@ CONFIG_POWER7_CPU=y
# CONFIG_PPC_MAPLE is not set
# CONFIG_PPC_CELL is not set
# CONFIG_PPC_IBM_CELL_BLADE is not set
# CONFIG_PPC_ISERIES is not set
# CONFIG_POWER3 is not set
CONFIG_PPC_PSERIES=y
# CONFIG_PPC_PMAC is not set
CONFIG_PPC_POWERNV=y
CONFIG_POWERNV_MSI=y
CONFIG_PPC_POWERNV_RTAS=y
CONFIG_HW_RANDOM_POWERNV=m
CONFIG_SENSORS_IBMPOWERNV=y
@ -43,15 +40,10 @@ CONFIG_SCSI_IPR=m
CONFIG_SCSI_IPR_TRACE=y
CONFIG_SCSI_IPR_DUMP=y
CONFIG_HVC_RTAS=y
# CONFIG_HVC_ISERIES is not set
CONFIG_HVC_OPAL=y
# iSeries device drivers
#
# CONFIG_ISERIES_VETH is not set
CONFIG_VIODASD=m
CONFIG_VIOCD=m
CONFIG_VIOTAPE=m
CONFIG_SERIAL_OF_PLATFORM=m
@ -77,10 +69,8 @@ CONFIG_NR_CPUS=1024
# CONFIG_FB_ATY128 is not set
# CONFIG_FB_ATY is not set
# CONFIG_POWER4_ONLY is not set
CONFIG_RTAS_PROC=y
CONFIG_IOMMU_VMERGE=y
CONFIG_NUMA=y
CONFIG_NUMA_BALANCING=y
CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
@ -110,17 +100,14 @@ CONFIG_INFINIBAND_EHCA=m
CONFIG_XMON_DISASSEMBLY=y
CONFIG_SCSI_IBMVSCSIS=m
# CONFIG_TUNE_CELL is not set
# CONFIG_BLK_DEV_PLATFORM is not set
# CONFIG_VIRQ_DEBUG is not set
CONFIG_EDAC_CPC925=m
CONFIG_FRAME_WARN=2048
CONFIG_PHYP_DUMP=y
CONFIG_FORCE_MAX_ZONEORDER=9
CONFIG_VIRTUALIZATION=y
@ -131,12 +118,14 @@ CONFIG_SCSI_IBMVFC=m
CONFIG_IBM_BSR=m
CONFIG_CRASH_DUMP=y
CONFIG_FA_DUMP=y
CONFIG_RELOCATABLE=y
CONFIG_RCU_FANOUT=64
CONFIG_CMA=y
# CONFIG_CMA_DEBUG is not set
CONFIG_CMA_AREAS=7
CONFIG_KVM_BOOK3S_64=m
CONFIG_KVM_BOOK3S_64_HV=m
CONFIG_KVM_BOOK3S_64_PR=m

59
config-s390x
View File

@ -14,7 +14,6 @@ CONFIG_HZ_100=y
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_LOG_BUF_SHIFT=16
CONFIG_NO_IDLE_HZ=y
#
# I/O subsystem configuration
@ -25,13 +24,9 @@ CONFIG_QDIO=m
# Misc
#
CONFIG_IPL=y
# CONFIG_IPL_TAPE is not set
CONFIG_IPL_VM=y
# CONFIG_PROCESS_DEBUG is not set
CONFIG_PFAULT=y
CONFIG_SHARED_KERNEL=y
CONFIG_CMM=m
CONFIG_CMM_PROC=y
# CONFIG_NETIUCV is not set
CONFIG_SMSGIUCV=m
CONFIG_CRASH_DUMP=y
@ -40,7 +35,6 @@ CONFIG_CRASH_DUMP=y
# SCSI low-level drivers
#
CONFIG_ZFCP=m
CONFIG_ZFCPDUMP=y
CONFIG_CCW=y
#
@ -83,7 +77,6 @@ CONFIG_TN3270_FS=m
#
# S/390 tape interface support
#
CONFIG_S390_TAPE_BLOCK=y
#
# S/390 tape hardware support
@ -149,10 +142,7 @@ CONFIG_CRYPTO_AES_S390=m
#
CONFIG_PACK_STACK=y
CONFIG_CHECK_STACK=y
# CONFIG_WARN_STACK is not set
# CONFIG_SMALL_STACK is not set
CONFIG_ZVM_WATCHDOG=m
CONFIG_DIAG288_WATCHDOG=m
CONFIG_VMLOGRDR=m
CONFIG_MONREADER=m
@ -171,15 +161,12 @@ CONFIG_VIRT_CPU_ACCOUNTING=y
CONFIG_STACK_GUARD=256
CONFIG_CMM_IUCV=y
# CONFIG_DETECT_SOFTLOCKUP is not set
CONFIG_S390_HYPFS_FS=y
CONFIG_MONWRITER=m
CONFIG_ZCRYPT=m
CONFIG_ZCRYPT_MONOLITHIC=y
CONFIG_S390_EXEC_PROTECT=y
CONFIG_AFIUCV=m
CONFIG_S390_PRNG=m
@ -218,7 +205,6 @@ CONFIG_SMSGIUCV_EVENT=m
CONFIG_VMCP=y
CONFIG_ZFCP_DIF=y
CONFIG_SCHED_MC=y
CONFIG_SCHED_BOOK=y
@ -235,10 +221,30 @@ CONFIG_SCM_BLOCK=m
CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
# CONFIG_S390_PTDUMP is not set
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
# CONFIG_PCI is not set
CONFIG_PCI=y
CONFIG_PCI_NR_FUNCTIONS=64
CONFIG_PCI_NR_MSI=256
CONFIG_HOTPLUG_PCI=y
CONFIG_HOTPLUG_PCI_CPCI=y
CONFIG_HOTPLUG_PCI_SHPC=y
CONFIG_HOTPLUG_PCI_S390=y
# CONFIG_NEW_LEDS is not set
# CONFIG_HID is not set
# CONFIG_MTD is not set
# CONFIG_PARPORT is not set
# CONFIG_UWB is not set
# CONFIG_MMC is not set
# CONFIG_FB is not set
# CONFIG_MFD_CORE is not set
# CONFIG_TIFM_CORE is not set
# CONFIG_CB710_CORE is not set
# CONFIG_FCOE is not set
# CONFIG_FUSION is not set
# CONFIG_FIREWIRE is not set
# CONFIG_FIREWIRE_NOSY is not set
# CONFIG_INPUT is not set
# CONFIG_INPUT_JOYDEV is not set
@ -248,6 +254,8 @@ CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
# CONFIG_INPUT_TABLET is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
# CONFIG_INPUT_MISC is not set
# CONFIG_GAMEPORT_EMU10K1 is not set
# CONFIG_GAMEPORT_FM801 is not set
# CONFIG_SERIO is not set
# CONFIG_ACCESSIBILITY is not set
@ -269,6 +277,17 @@ CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
# CONFIG_I2C_NFORCE2 is not set
# CONFIG_PTP_1588_CLOCK is not set
# CONFIG_PPS is not set
# CONFIG_W1 is not set
# CONFIG_HWMON is not set
# CONFIG_SSB is not set
# CONFIG_BCMA is not set
# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
# CONFIG_LCD_CLASS_DEVICE is not set
# CONFIG_LCD_PLATFORM is not set
# CONFIG_BACKLIGHT_CLASS_DEVICE is not set
# CONFIG_MFD_RTSX_PCI is not set
# CONFIG_MFD_SM501 is not set
# CONFIG_MFD_VX855 is not set
# CONFIG_PHYLIB is not set
# CONFIG_ATM_DRIVERS is not set
@ -282,4 +301,14 @@ CONFIG_SCM_BLOCK_CLUSTER_WRITE=y
# CONFIG_FMC is not set
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_INFINIBAND=m
CONFIG_INFINIBAND_USER_ACCESS=m
CONFIG_MLX4_INFINIBAND=m
CONFIG_RDS=m
CONFIG_RDS_RDMA=m
CONFIG_RDS_TCP=m
CONFIG_IRQ_DOMAIN_DEBUG=y
CONFIG_CRASH=m

16
config-x86-32-generic
View File

@ -2,15 +2,9 @@
# CONFIG_X86_32_NON_STANDARD is not set
# CONFIG_X86_ELAN is not set
# CONFIG_X86_GOLDFISH is not set
# CONFIG_X86_NUMAQ is not set
# CONFIG_X86_SUMMIT is not set
CONFIG_X86_BIGSMP=y
# CONFIG_X86_VISWS is not set
# CONFIG_X86_RDC321X is not set
# CONFIG_X86_ES7000 is not set
# CONFIG_M386 is not set
# CONFIG_M486 is not set
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
@ -89,7 +83,6 @@ CONFIG_X86_LONGRUN=y
# CONFIG_X86_E_POWERSAVER is not set
CONFIG_X86_HT=y
CONFIG_X86_TRAMPOLINE=y
# CONFIG_4KSTACKS is not set
@ -113,7 +106,6 @@ CONFIG_SCx200_ACB=m
CONFIG_PC8736x_GPIO=m
# CONFIG_NSC_GPIO is not set
CONFIG_CS5535_GPIO=m
CONFIG_GPIO_SCH=m
CONFIG_HW_RANDOM_GEODE=m
@ -143,7 +135,6 @@ CONFIG_LBDAF=y
CONFIG_OLPC=y
CONFIG_OLPC_OPENFIRMWARE=y
CONFIG_BATTERY_OLPC=y
CONFIG_MOUSE_PS2_OLPC=y
CONFIG_OLPC_XO1_PM=y
@ -160,10 +151,8 @@ CONFIG_RCU_FANOUT=32
# CONFIG_X86_ANCIENT_MCE is not set
# CONFIG_X86_MRST is not set
CONFIG_I2C_PXA=m
# CONFIG_GPIO_LANGWELL is not set
# CONFIG_INTEL_TXT is not set
@ -184,7 +173,6 @@ CONFIG_POWER_RESET_GPIO=y
CONFIG_MTD_OF_PARTS=y
CONFIG_MTD_PHYSMAP_OF=m
CONFIG_PROC_DEVICETREE=y
CONFIG_SERIAL_OF_PLATFORM=m
CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
# CONFIG_MMC_SDHCI_OF is not set
@ -209,7 +197,6 @@ CONFIG_BACKLIGHT_PWM=m
# CONFIG_EDAC_SBRIDGE is not set
# CONFIG_X86_WANT_INTEL_MID is not set
# CONFIG_OF_SELFTEST is not set
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
# CONFIG_INPUT_GP2A is not set
@ -223,12 +210,9 @@ CONFIG_BACKLIGHT_PWM=m
# CONFIG_BACKLIGHT_OT200 is not set
# CONFIG_RTC_DRV_SNVS is not set
# CONFIG_RTC_DRV_HYM8563 is not set
# CONFIG_OF_DISPLAY_TIMING is not set
# CONFIG_OF_VIDEOMODE is not set
# CONFIG_MLX5_INFINIBAND is not set
# CONFIG_PINCTRL_SINGLE is not set
# CONFIG_PINCTRL_CAPRI is not set
# CONFIG_PINCTRL_MSM8X74 is not set
# CONFIG_PINCTRL_BCM281XX is not set
# CONFIG_PINCTRL_APQ8064 is not set

46
config-x86-generic
View File

@ -52,7 +52,6 @@ CONFIG_EFI_RUNTIME_MAP=y
# CONFIG_FB_N411 is not set
CONFIG_INTEL_IOMMU=y
CONFIG_DMAR_BROKEN_GFX_WA=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
CONFIG_SCSI_ADVANSYS=m
@ -71,7 +70,6 @@ CONFIG_DEBUG_STACKOVERFLOW=y
CONFIG_ACPI=y
CONFIG_ACPI_AC=y
# CONFIG_ACPI_ASUS is not set
CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_CONTAINER=y
@ -88,7 +86,6 @@ CONFIG_ACPI_VIDEO=m
CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y
# FIXME: Next two are deprecated. Remove them when they disappear upstream
# CONFIG_ACPI_PROCFS_POWER is not set
# CONFIG_ACPI_PROC_EVENT is not set
CONFIG_PNPACPI=y
CONFIG_ACPI_PROCESSOR_AGGREGATOR=m
CONFIG_ACPI_HED=m
@ -121,6 +118,7 @@ CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
CONFIG_GENERIC_ISA_DMA=y
@ -144,6 +142,9 @@ CONFIG_IPW2200_QOS=y
CONFIG_BLK_DEV_AMD74XX=y
# I2C_ACPI casues I2C to be built in. This should probably be fixed.
CONFIG_I2C=y
CONFIG_ACPI_I2C_OPREGION=y
CONFIG_I2C_AMD756=m
CONFIG_I2C_AMD756_S4882=m
CONFIG_I2C_AMD8111=m
@ -185,6 +186,7 @@ CONFIG_EDAC_X38=m
CONFIG_EDAC_MCE_INJ=m
CONFIG_EDAC_DECODE_MCE=m
CONFIG_EDAC_LEGACY_SYSFS=y
CONFIG_EDAC_IE31200=m
CONFIG_SCHED_MC=y
@ -240,7 +242,6 @@ CONFIG_PVPANIC=m
# CONFIG_TOUCHSCREEN_INTEL_MID is not set
# CONFIG_SMSC37B787_WDT is not set
CONFIG_W83697HF_WDT=m
CONFIG_VIA_WDT=m
CONFIG_IE6XX_WDT=m
@ -264,7 +265,6 @@ CONFIG_PARAVIRT_TIME_ACCOUNTING=y
# PARAVIRT_SPINLOCKS has a 5% perf hit on native hw (see kconfig)
# CONFIG_PARAVIRT_SPINLOCKS is not set
CONFIG_KVM_CLOCK=y
CONFIG_KVM_GUEST=y
CONFIG_KVM_MMU_AUDIT=y # default $x would be nice...
# CONFIG_KVM_DEBUG_FS is not set
@ -288,7 +288,6 @@ CONFIG_XEN_COMPAT_XENFS=y
CONFIG_XEN_BACKEND=y
CONFIG_XEN_BLKDEV_BACKEND=m
CONFIG_XEN_DEBUG_FS=y
CONFIG_XEN_PLATFORM_PCI=y
CONFIG_XEN_GNTDEV=m
CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m
CONFIG_XEN_SELFBALLOONING=y
@ -369,6 +368,7 @@ CONFIG_X86_DECODER_SELFTEST=y
CONFIG_ACPI_CMPC=m
CONFIG_MSI_WMI=m
CONFIG_TOSHIBA_BT_RFKILL=m
CONFIG_TOSHIBA_HAPS=m
CONFIG_VGA_SWITCHEROO=y
CONFIG_LPC_SCH=m
@ -379,12 +379,38 @@ CONFIG_GPIO_ICH=m
# CONFIG_GPIO_MCP23S08 is not set
# CONFIG_GPIO_F7188X is not set
# These should all go away with IC2_ACPI is fixed
# CONFIG_MFD_AS3711 is not set
# CONFIG_PMIC_ADP5520 is not set
# CONFIG_MFD_AAT2870_CORE is not set
# CONFIG_MFD_AXP20X is not set
# CONFIG_PMIC_DA903X is not set
# CONFIG_MFD_DA9052_I2C is not set
# CONFIG_MFD_DA9055 is not set
# CONFIG_MFD_88PM800 is not set
# CONFIG_MFD_88PM805 is not set
# CONFIG_MFD_MAX14577 is not set
# CONFIG_MFD_MAX77686 is not set
# CONFIG_MFD_MAX77693 is not set
# CONFIG_MFD_MAX8907 is not set
# CONFIG_MFD_MAX8997 is not set
# CONFIG_MFD_RC5T583 is not set
# CONFIG_MFD_SEC_CORE is not set
# CONFIG_MFD_SMSC is not set
# CONFIG_MFD_LP8788 is not set
# CONFIG_MFD_PALMAS is not set
# CONFIG_MFD_TPS65090 is not set
# CONFIG_MFD_TPS65910 is not set
# CONFIG_MFD_TPS65912_I2C is not set
# CONFIG_MFD_TPS80031 is not set
# CONFIG_TWL4030_CORE is not set
# CONFIG_TWL6040_CORE is not set
CONFIG_PCI_CNB20LE_QUIRK=y
CONFIG_ACPI_EC_DEBUGFS=m
# CONFIG_ACPI_APEI_ERST_DEBUG is not set
# CONFIG_ACPI_QUICKSTART is not set
CONFIG_INTEL_IDLE=y
@ -469,6 +495,9 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_XZ_DEC_X86=y
CONFIG_MPILIB=y
CONFIG_PKCS7_MESSAGE_PARSER=y
# CONFIG_PKCS7_TEST_KEY is not set
CONFIG_SIGNED_PE_FILE_VERIFICATION=y
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_MODULE_SIG=y
@ -479,6 +508,9 @@ CONFIG_MODULE_SIG_SHA256=y
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
# CONFIG_KEXEC_FILE is not set
# CONFIG_KEXEC_VERIFY_SIG is not set
CONFIG_MODULE_SIG_UEFI=y
CONFIG_VMXNET3=m

19
config-x86_64-generic
View File

@ -9,7 +9,6 @@ CONFIG_GENERIC_CPU=y
CONFIG_X86_UV=y
CONFIG_UV_MMTIMER=m
CONFIG_NUMA=y
CONFIG_K8_NUMA=y
CONFIG_AMD_NUMA=y
CONFIG_X86_64_ACPI_NUMA=y
# CONFIG_NUMA_EMU is not set
@ -42,6 +41,9 @@ CONFIG_CGROUP_HUGETLB=y
CONFIG_MEM_SOFT_DIRTY=y
CONFIG_KEXEC_JUMP=y
CONFIG_KEXEC_FILE=y
CONFIG_KEXEC_VERIFY_SIG=y
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
CONFIG_ACPI_HOTPLUG_MEMORY=y
@ -49,6 +51,8 @@ CONFIG_ACPI_HOTPLUG_MEMORY=y
CONFIG_INTEL_MIC_HOST=m
CONFIG_INTEL_MIC_CARD=m
CONFIG_INTEL_MIC_BUS=m
CONFIG_INTEL_MIC_X100_DMA=m
# SHPC has half-arsed PCI probing, which makes it load on too many systems
CONFIG_HOTPLUG_PCI_SHPC=m
@ -62,7 +66,6 @@ CONFIG_CRYPTO_SHA1_SSSE3=m
CONFIG_CRYPTO_SHA256_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=m
CONFIG_CRYPTO_BLOWFISH_X86_64=m
CONFIG_CRYPTO_BLOWFISH_AVX2_X86_64=m
CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m
CONFIG_CRYPTO_CAMELLIA_X86_64=m
CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
@ -73,7 +76,7 @@ CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
CONFIG_CRYPTO_TWOFISH_AVX2_X86_64=m
CONFIG_CRYPTO_DES3_EDE_X86_64=m
# staging crypto
# CONFIG_CRYPTO_SKEIN is not set
# CONFIG_CRYPTO_THREEFISH is not set
@ -144,7 +147,6 @@ CONFIG_RCU_FANOUT=64
CONFIG_INTEL_TXT=y
CONFIG_GPIO_LANGWELL=y
CONFIG_FUNCTION_GRAPH_TRACER=y
@ -158,6 +160,8 @@ CONFIG_CHECKPOINT_RESTORE=y
# Should be 32bit only, but lacks KConfig depends
# CONFIG_XO15_EBOOK is not set
CONFIG_THUNDERBOLT=m
CONFIG_NTB=m
CONFIG_NTB_NETDEV=m
@ -170,9 +174,12 @@ CONFIG_MLX4_EN_DCB=y
CONFIG_SFC=m
CONFIG_SFC_MCDI_MON=y
CONFIG_SFC_SRIOV=y
CONFIG_SFC_PTP=y
CONFIG_SFC_MTD=y
# Override MTD stuff because SFC_MTD needs it
CONFIG_MTD_CHAR=m
CONFIG_MTD_BLOCK=m
CONFIG_NO_HZ_FULL=y
# CONFIG_NO_HZ_IDLE is not set
# CONFIG_NO_HZ_FULL_ALL is not set
# CONFIG_NO_HZ_FULL_SYSIDLE is not set
# CONFIG_CONTEXT_TRACKING_FORCE is not set

120
crash-driver.patch
View File

@ -1,69 +1,67 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From 1786bc697d34af944e29437ce44337b0eb8b6799 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@dreadnought.bos.jkkm.org>
From: Dave Anderson <anderson@redhat.com>
Date: Tue, 26 Nov 2013 12:42:46 -0500
Subject: [PATCH] crash-driver
Bugzilla: N/A
Upstream-status: Fedora mustard
---
arch/arm/include/asm/crash.h | 6 ++
arch/arm64/include/asm/crash.h | 6 ++
arch/ia64/include/asm/crash.h | 90 +++++++++++++++++++++++++++
arch/ia64/kernel/ia64_ksyms.c | 3 +
arch/powerpc/include/asm/crash.h | 6 ++
arch/s390/include/asm/crash.h | 60 ++++++++++++++++++
arch/s390/mm/maccess.c | 2 +
arch/x86/include/asm/crash.h | 6 ++
drivers/char/Kconfig | 3 +
drivers/char/Makefile | 2 +
drivers/char/crash.c | 128 +++++++++++++++++++++++++++++++++++++++
include/asm-generic/crash.h | 72 ++++++++++++++++++++++
arch/arm/include/asm/crash-driver.h | 6 ++
arch/arm64/include/asm/crash-driver.h | 6 ++
arch/ia64/include/asm/crash-driver.h | 90 ++++++++++++++++++++++
arch/ia64/kernel/ia64_ksyms.c | 3 +
arch/powerpc/include/asm/crash-driver.h | 6 ++
arch/s390/include/asm/crash-driver.h | 60 +++++++++++++++
arch/s390/mm/maccess.c | 2 +
arch/x86/include/asm/crash-driver.h | 6 ++
drivers/char/Kconfig | 3 +
drivers/char/Makefile | 2 +
drivers/char/crash.c | 128 ++++++++++++++++++++++++++++++++
include/asm-generic/crash-driver.h | 72 ++++++++++++++++++
12 files changed, 384 insertions(+)
create mode 100644 arch/arm/include/asm/crash.h
create mode 100644 arch/arm64/include/asm/crash.h
create mode 100644 arch/ia64/include/asm/crash.h
create mode 100644 arch/powerpc/include/asm/crash.h
create mode 100644 arch/s390/include/asm/crash.h
create mode 100644 arch/x86/include/asm/crash.h
create mode 100644 arch/arm/include/asm/crash-driver.h
create mode 100644 arch/arm64/include/asm/crash-driver.h
create mode 100644 arch/ia64/include/asm/crash-driver.h
create mode 100644 arch/powerpc/include/asm/crash-driver.h
create mode 100644 arch/s390/include/asm/crash-driver.h
create mode 100644 arch/x86/include/asm/crash-driver.h
create mode 100644 drivers/char/crash.c
create mode 100644 include/asm-generic/crash.h
create mode 100644 include/asm-generic/crash-driver.h
diff --git a/arch/arm/include/asm/crash.h b/arch/arm/include/asm/crash.h
diff --git a/arch/arm/include/asm/crash-driver.h b/arch/arm/include/asm/crash-driver.h
new file mode 100644
index 0000000..1d2e537
index 000000000000..06e7ae916601
--- /dev/null
+++ b/arch/arm/include/asm/crash.h
+++ b/arch/arm/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _ARM_CRASH_H
+#define _ARM_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _ARM_CRASH_H */
diff --git a/arch/arm64/include/asm/crash.h b/arch/arm64/include/asm/crash.h
diff --git a/arch/arm64/include/asm/crash-driver.h b/arch/arm64/include/asm/crash-driver.h
new file mode 100644
index 0000000..a7fcc28
index 000000000000..43b26da0c5d6
--- /dev/null
+++ b/arch/arm64/include/asm/crash.h
+++ b/arch/arm64/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _ARM64_CRASH_H
+#define _ARM64_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _ARM64_CRASH_H */
diff --git a/arch/ia64/include/asm/crash.h b/arch/ia64/include/asm/crash.h
diff --git a/arch/ia64/include/asm/crash-driver.h b/arch/ia64/include/asm/crash-driver.h
new file mode 100644
index 0000000..28bd955
index 000000000000..404bcb93c112
--- /dev/null
+++ b/arch/ia64/include/asm/crash.h
+++ b/arch/ia64/include/asm/crash-driver.h
@@ -0,0 +1,90 @@
+#ifndef _ASM_IA64_CRASH_H
+#define _ASM_IA64_CRASH_H
+
+/*
+ * linux/include/asm-ia64/crash.h
+ * linux/include/asm-ia64/crash-driver.h
+ *
+ * Copyright (c) 2004 Red Hat, Inc. All rights reserved.
+ *
@ -150,7 +148,7 @@ index 0000000..28bd955
+
+#endif /* _ASM_IA64_CRASH_H */
diff --git a/arch/ia64/kernel/ia64_ksyms.c b/arch/ia64/kernel/ia64_ksyms.c
index 5b7791d..aee4b87 100644
index 5b7791dd3965..aee4b870c763 100644
--- a/arch/ia64/kernel/ia64_ksyms.c
+++ b/arch/ia64/kernel/ia64_ksyms.c
@@ -84,6 +84,9 @@ EXPORT_SYMBOL(ia64_save_scratch_fpregs);
@ -163,23 +161,23 @@ index 5b7791d..aee4b87 100644
#if defined(CONFIG_IA64_ESI) || defined(CONFIG_IA64_ESI_MODULE)
extern void esi_call_phys (void);
EXPORT_SYMBOL_GPL(esi_call_phys);
diff --git a/arch/powerpc/include/asm/crash.h b/arch/powerpc/include/asm/crash.h
diff --git a/arch/powerpc/include/asm/crash-driver.h b/arch/powerpc/include/asm/crash-driver.h
new file mode 100644
index 0000000..daa8c4d
index 000000000000..50092d965dc5
--- /dev/null
+++ b/arch/powerpc/include/asm/crash.h
+++ b/arch/powerpc/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _PPC64_CRASH_H
+#define _PPC64_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _PPC64_CRASH_H */
diff --git a/arch/s390/include/asm/crash.h b/arch/s390/include/asm/crash.h
diff --git a/arch/s390/include/asm/crash-driver.h b/arch/s390/include/asm/crash-driver.h
new file mode 100644
index 0000000..552be5e
index 000000000000..552be5e2c571
--- /dev/null
+++ b/arch/s390/include/asm/crash.h
+++ b/arch/s390/include/asm/crash-driver.h
@@ -0,0 +1,60 @@
+#ifndef _S390_CRASH_H
+#define _S390_CRASH_H
@ -242,10 +240,10 @@ index 0000000..552be5e
+
+#endif /* _S390_CRASH_H */
diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c
index d1e0e0c..a2be459 100644
index 2a2e35416d2f..a529181429bb 100644
--- a/arch/s390/mm/maccess.c
+++ b/arch/s390/mm/maccess.c
@@ -219,6 +219,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
put_online_cpus();
return bounce;
}
@ -253,25 +251,25 @@ index d1e0e0c..a2be459 100644
/*
* Free converted buffer for /dev/mem access (if necessary)
@@ -228,3 +229,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
if ((void *) addr != buf)
free_page((unsigned long) buf);
}
+EXPORT_SYMBOL_GPL(unxlate_dev_mem_ptr);
diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h
diff --git a/arch/x86/include/asm/crash-driver.h b/arch/x86/include/asm/crash-driver.h
new file mode 100644
index 0000000..27a4156
index 000000000000..fd4736ec99f5
--- /dev/null
+++ b/arch/x86/include/asm/crash.h
+++ b/arch/x86/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _X86_CRASH_H
+#define _X86_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _X86_CRASH_H */
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index fa3243d..83643e5b 100644
index 6e9f74a5c095..ee6bae16b04c 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -4,6 +4,9 @@
@ -285,10 +283,10 @@ index fa3243d..83643e5b 100644
config DEVKMEM
diff --git a/drivers/char/Makefile b/drivers/char/Makefile
index 7ff1d0d..3ed67af 100644
index a324f9303e36..33ce2fb1d0a3 100644
--- a/drivers/char/Makefile
+++ b/drivers/char/Makefile
@@ -62,3 +62,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
@@ -61,3 +61,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
js-rtc-y = rtc.o
obj-$(CONFIG_TILE_SROM) += tile-srom.o
@ -296,7 +294,7 @@ index 7ff1d0d..3ed67af 100644
+obj-$(CONFIG_CRASH) += crash.o
diff --git a/drivers/char/crash.c b/drivers/char/crash.c
new file mode 100644
index 0000000..a142bb3
index 000000000000..085378a1d539
--- /dev/null
+++ b/drivers/char/crash.c
@@ -0,0 +1,128 @@
@ -332,7 +330,7 @@ index 0000000..a142bb3
+#include <asm/io.h>
+#include <asm/uaccess.h>
+#include <asm/types.h>
+#include <asm/crash.h>
+#include <asm/crash-driver.h>
+
+#define CRASH_VERSION "1.0"
+
@ -428,17 +426,17 @@ index 0000000..a142bb3
+module_exit(crash_cleanup_module);
+
+MODULE_LICENSE("GPL");
diff --git a/include/asm-generic/crash.h b/include/asm-generic/crash.h
diff --git a/include/asm-generic/crash-driver.h b/include/asm-generic/crash-driver.h
new file mode 100644
index 0000000..8a0a69a
index 000000000000..25ab9869d566
--- /dev/null
+++ b/include/asm-generic/crash.h
+++ b/include/asm-generic/crash-driver.h
@@ -0,0 +1,72 @@
+#ifndef __CRASH_H__
+#define __CRASH_H__
+
+/*
+ * include/linux/crash.h
+ * include/linux/crash-driver.h
+ *
+ * Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+ *
@ -507,5 +505,5 @@ index 0000000..8a0a69a
+
+#endif /* __CRASH_H__ */
--
1.8.3.1
1.9.3

16
criu-no-expert.patch
View File

@ -1,11 +1,18 @@
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Wed, 30 Jan 2013 10:55:31 -0500
Subject: [PATCH] criu: no expert
Bugzilla: N/A
Upstream-status: Fedora mustard
---
init/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index be8b7f5..7461760 100644
index 3c866db603a7..bfb3c54d5286 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -989,7 +989,7 @@ config DEBUG_BLK_CGROUP
@@ -1149,7 +1149,7 @@ config DEBUG_BLK_CGROUP
endif # CGROUPS
config CHECKPOINT_RESTORE
@ -14,7 +21,7 @@ index be8b7f5..7461760 100644
default n
help
Enables additional kernel features in a sake of checkpoint/restore.
@@ -1000,7 +1000,7 @@ config CHECKPOINT_RESTORE
@@ -1160,7 +1160,7 @@ config CHECKPOINT_RESTORE
If unsure, say N here.
menuconfig NAMESPACES
@ -23,3 +30,6 @@ index be8b7f5..7461760 100644
default !EXPERT
help
Provides the way to make tasks work with different objects using
--
1.9.3

19
die-floppy-die.patch
View File

@ -1,24 +1,23 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From 4ff58b642f80dedb20533978123d89b5ac9b1ed5 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@phobos.i.jkkm.org>
Date: Tue, 30 Mar 2010 00:04:29 -0400
Subject: die-floppy-die
Subject: [PATCH] die-floppy-die
Kill the floppy.ko pnp modalias. We were surviving just fine without
autoloading floppy drivers, tyvm.
Please feel free to register all complaints in the wastepaper bin.
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/block/floppy.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
drivers/block/floppy.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index 90c4038..f4a0b90 100644
index 56d46ffb08e1..1c8db250df88 100644
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -4619,8 +4619,7 @@ static const struct pnp_device_id floppy_pnpids[] = {
@@ -4634,8 +4634,7 @@ static const struct pnp_device_id floppy_pnpids[] = {
{"PNP0700", 0},
{}
};
@ -29,5 +28,5 @@ index 90c4038..f4a0b90 100644
#else
--
1.7.0.1
1.9.3

21
disable-i8042-check-on-apple-mac.patch
View File

@ -1,10 +1,6 @@
Bugzilla: N/A
Upstream-status: http://lkml.indiana.edu/hypermail/linux/kernel/1005.0/00938.html (and pinged on Dec 17, 2013)
From 2a79554c864ac58fa2ad982f0fcee2cc2aa33eb5 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 20 May 2010 10:30:31 -0400
Subject: Disable i8042 checks on Intel Apple Macs
Subject: [PATCH] disable i8042 check on apple mac
As those computers never had any i8042 controllers, and the
current lookup code could potentially lock up/hang/wait for
@ -12,16 +8,19 @@ timeout for long periods of time.
Fixes intermittent hangs on boot on a MacbookAir1,1
Bugzilla: N/A
Upstream-status: http://lkml.indiana.edu/hypermail/linux/kernel/1005.0/00938.html (and pinged on Dec 17, 2013)
Signed-off-by: Bastien Nocera <hadess@hadess.net>
---
drivers/input/serio/i8042.c | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
drivers/input/serio/i8042.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index 6440a8f..4d7cf98 100644
index 9bb95eab6926..4b5015f27f9e 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1451,6 +1451,22 @@ static struct platform_driver i8042_driver = {
@@ -1471,6 +1471,22 @@ static struct platform_driver i8042_driver = {
.shutdown = i8042_shutdown,
};
@ -44,7 +43,7 @@ index 6440a8f..4d7cf98 100644
static int __init i8042_init(void)
{
struct platform_device *pdev;
@@ -1458,6 +1474,12 @@ static int __init i8042_init(void)
@@ -1478,6 +1494,12 @@ static int __init i8042_init(void)
dbg_init();
@ -58,5 +57,5 @@ index 6440a8f..4d7cf98 100644
if (err)
return err;
--
1.7.0.1
1.9.3

19
disable-libdw-unwind-on-non-x86.patch
View File

@ -1,9 +1,19 @@
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Fri, 18 Apr 2014 06:58:29 -0400
Subject: [PATCH] disable libdw unwind on non-x86
Bugzilla: 1025603
Upstream-status: ??
---
tools/perf/config/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
index ee21fa9..19ee413 100644
index 1f67aa02d240..86c21a24da46 100644
--- a/tools/perf/config/Makefile
+++ b/tools/perf/config/Makefile
@@ -34,6 +34,10 @@ ifeq ($(ARCH),arm)
LIBUNWIND_LIBS = -lunwind -lunwind-arm
@@ -52,6 +52,10 @@ ifeq ($(ARCH),powerpc)
CFLAGS += -DHAVE_SKIP_CALLCHAIN_IDX
endif
+ifneq ($(ARCH),x86)
@ -13,3 +23,6 @@ index ee21fa9..19ee413 100644
ifeq ($(LIBUNWIND_LIBS),)
NO_LIBUNWIND := 1
else
--
1.9.3

23
drm-i915-hush-check-crtc-state.patch
View File

@ -1,15 +1,23 @@
Bugzilla: 1027037 1028785
Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/035948.html
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 13 Nov 2013 10:17:24 -0500
Subject: [PATCH] drm/i915: hush check crtc state
This is _by far_ the most common backtrace for i915 on retrace.fp.o, and
it's mostly useless noise. There's not enough context when it's generated
to know if something actually went wrong. Downgrade the message to
KMS debugging so we can still get it if we want it.
diff -up linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c.jx linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c
--- linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c.jx 2013-11-03 18:41:51.000000000 -0500
+++ linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c 2013-11-13 10:12:05.781301624 -0500
@@ -8803,7 +8803,7 @@ check_crtc_state(struct drm_device *dev)
Bugzilla: 1027037 1028785
Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/035948.html
---
drivers/gpu/drm/i915/intel_display.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index d8324c69fa86..ee0ca36930f8 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -10656,7 +10656,7 @@ check_crtc_state(struct drm_device *dev)
if (active &&
!intel_pipe_config_compare(dev, &crtc->config, &pipe_config)) {
@ -18,3 +26,6 @@ diff -up linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_displa
intel_dump_pipe_config(crtc, &pipe_config,
"[hw state]");
intel_dump_pipe_config(crtc, &crtc->config,
--
1.9.3

34
drm-vmwgfx-Fix-drm.h-include.patch Normal file
View File

@ -0,0 +1,34 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 5 Sep 2014 13:19:59 -0400
Subject: [PATCH] drm/vmwgfx: Fix drm.h include
The userspace drm.h include doesn't prefix the drm directory. This can lead
to compile failures as /usr/include/drm/ isn't in the standard gcc include
paths. Fix it to be <drm/drm.h>, which matches the rest of the driver drm
header files that get installed into /usr/include/drm.
Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1138759
Fixes: 1d7a5cbf8f74e
Reported-by: Jeffrey Bastian <jbastian@redhat.com>
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/uapi/drm/vmwgfx_drm.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/drm/vmwgfx_drm.h b/include/uapi/drm/vmwgfx_drm.h
index 4fc66f6b12ce..c472bedbe38e 100644
--- a/include/uapi/drm/vmwgfx_drm.h
+++ b/include/uapi/drm/vmwgfx_drm.h
@@ -29,7 +29,7 @@
#define __VMWGFX_DRM_H__
#ifndef __KERNEL__
-#include <drm.h>
+#include <drm/drm.h>
#endif
#define DRM_VMW_MAX_SURFACE_FACES 6
--
1.9.3

50
eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
View File

@ -1,50 +0,0 @@
Bugzilla: 1097463
Upstream-status: Sent for 3.16
From 7ad066ecd4dfb4c36fb00f9f9eb1a5d6099db834 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:02 +0200
Subject: [PATCH 05/14] eeepc-wmi: Add no backlight quirk for Asus H87I-PLUS
Motherboard
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/eeepc-wmi.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/platform/x86/eeepc-wmi.c b/drivers/platform/x86/eeepc-wmi.c
index 6112933f6278..a7286bbfe28e 100644
--- a/drivers/platform/x86/eeepc-wmi.c
+++ b/drivers/platform/x86/eeepc-wmi.c
@@ -114,6 +114,10 @@ static struct quirk_entry quirk_asus_x101ch = {
.wmi_backlight_power = true,
};
+static struct quirk_entry quirk_asus_no_backlight = {
+ .no_backlight = true,
+};
+
static struct quirk_entry *quirks;
static void et2012_quirks(void)
@@ -182,6 +186,15 @@ static struct dmi_system_id asus_quirks[] = {
},
.driver_data = &quirk_asus_x101ch,
},
+ {
+ .callback = dmi_matched,
+ .ident = "ASUSTeK Computer INC. H87I-PLUS",
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_BOARD_NAME, "H87I-PLUS"),
+ },
+ .driver_data = &quirk_asus_no_backlight,
+ },
{},
};
--
1.9.0

42
efi-Add-EFI_SECURE_BOOT-bit.patch Normal file
View File

@ -0,0 +1,42 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/kernel/setup.c | 2 ++
include/linux/efi.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 5a5cf7395724..fb282ff6a802 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
enforce_signed_modules();
+ pr_info("Secure boot enabled\n");
}
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 45cb4ffdea62..ebe6a24cc1e1 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -923,6 +923,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
#define EFI_PARAVIRT 6 /* Access is via a paravirt interface */
#define EFI_ARCH_1 7 /* First arch-specific bit */
+#define EFI_SECURE_BOOT 8 /* Are we in Secure Boot mode? */
#ifdef CONFIG_EFI
/*
--
1.9.3

57
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch Normal file
View File

@ -0,0 +1,57 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
MokSBState that does not have the runtime attribute set. Given that the
user explicitly disabled validation, we can honor that and not enable
secure boot mode if that variable is set.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 975d11bfaf5b..94bf7819857a 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -817,8 +817,9 @@ out:
static int get_secure_boot(void)
{
- u8 sb, setup;
+ u8 sb, setup, moksbstate;
unsigned long datasize = sizeof(sb);
+ u32 attr;
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
efi_status_t status;
@@ -842,6 +843,23 @@ static int get_secure_boot(void)
if (setup == 1)
return 0;
+ /* See if a user has put shim into insecure_mode. If so, and the variable
+ * doesn't have the runtime attribute set, we might as well honor that.
+ */
+ var_guid = EFI_SHIM_LOCK_GUID;
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"MokSBState", &var_guid, &attr, &datasize,
+ &moksbstate);
+
+ /* If it fails, we don't care why. Default to secure */
+ if (status != EFI_SUCCESS)
+ return 1;
+
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
+ if (moksbstate == 1)
+ return 0;
+ }
+
return 1;
}
--
1.9.3

29
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch Normal file
View File

@ -0,0 +1,29 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
The functionality of the config option is dependent upon the platform being
UEFI based. Reflect this in the config deps.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 61542c282e70..e5ee669e87b6 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1567,7 +1567,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE
- def_bool n
+ def_bool n
+ depends on EFI
prompt "Force module signing when UEFI Secure Boot is enabled"
---help---
UEFI Secure Boot provides a mechanism for ensuring that the
--
1.9.3

38
hibernate-Disable-in-a-signed-modules-environment.patch Normal file
View File

@ -0,0 +1,38 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/power/hibernate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index a9dfa79b6bab..14c7356ff53a 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -28,6 +28,7 @@
#include <linux/syscore_ops.h>
#include <linux/ctype.h>
#include <linux/genhd.h>
+#include <linux/module.h>
#include <trace/events/power.h>
#include "power.h"
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
bool hibernation_available(void)
{
- return (nohibernate == 0);
+ return ((nohibernate == 0) && !secure_modules());
}
/**
--
1.9.3

32
i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
View File

@ -1,32 +0,0 @@
From ef15224bce9875f9a5fbc93a2823219df6936a18 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 30 Jul 2014 17:56:05 +0200
Subject: [PATCH 1/3] i8042: Also store the aux firmware id in multi-plexed aux
ports
So that firmware-id matching can be used with multiplexed aux ports too.
Bugzilla: 1110011
Upstream-status: sent for 3.17/3.18
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/input/serio/i8042.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index f1aeb0240d6e..4b5015f27f9e 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1253,6 +1253,8 @@ static int __init i8042_create_aux_port(int idx)
} else {
snprintf(serio->name, sizeof(serio->name), "i8042 AUX%d port", idx);
snprintf(serio->phys, sizeof(serio->phys), I8042_MUX_PHYS_DESC, idx + 1);
+ strlcpy(serio->firmware_id, i8042_aux_firmware_id,
+ sizeof(serio->firmware_id));
}
port->serio = serio;
--
1.9.3

14
input-kill-stupid-messages.patch
View File

@ -1,11 +1,18 @@
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Thu, 29 Jul 2010 16:46:31 -0700
Subject: [PATCH] input: kill stupid messages
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/input/keyboard/atkbd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c
index add5ffd..5eb2f03 100644
index 6f5d79569136..95469f6ecfa5 100644
--- a/drivers/input/keyboard/atkbd.c
+++ b/drivers/input/keyboard/atkbd.c
@@ -430,11 +430,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,
@@ -436,11 +436,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,
goto out;
case ATKBD_RET_ACK:
case ATKBD_RET_NAK:
@ -21,3 +28,6 @@ index add5ffd..5eb2f03 100644
goto out;
case ATKBD_RET_ERR:
atkbd->err_count++;
--
1.9.3

65
input-silence-i8042-noise.patch Normal file
View File

@ -0,0 +1,65 @@
From: Peter Jones <pjones@redhat.com>
Date: Thu, 25 Sep 2008 16:23:33 -0400
Subject: [PATCH] input: silence i8042 noise
Don't print an error message just because there's no i8042 chip.
Some systems, such as EFI-based Apple systems, won't necessarily have an
i8042 to initialize. We shouldn't be printing an error message in this
case, since not detecting the chip is the correct behavior.
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/base/power/main.c | 2 --
drivers/input/serio/i8042.c | 1 -
net/can/af_can.c | 8 ++------
3 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
index b67d9aef9fe4..dd58b0fdaafd 100644
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -122,8 +122,6 @@ void device_pm_unlock(void)
*/
void device_pm_add(struct device *dev)
{
- pr_debug("PM: Adding info for %s:%s\n",
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
mutex_lock(&dpm_list_mtx);
if (dev->parent && dev->parent->power.is_prepared)
dev_warn(dev, "parent %s should not be sleeping\n",
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index f5a98af3b325..9bb95eab6926 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -857,7 +857,6 @@ static int __init i8042_check_aux(void)
static int i8042_controller_check(void)
{
if (i8042_flush()) {
- pr_err("No controller found\n");
return -ENODEV;
}
diff --git a/net/can/af_can.c b/net/can/af_can.c
index ce82337521f6..a3fee4becc93 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -158,13 +158,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
err = request_module("can-proto-%d", protocol);
/*
- * In case of error we only print a message but don't
- * return the error code immediately. Below we will
- * return -EPROTONOSUPPORT
+ * In case of error we but don't return the error code immediately.
+ * Below we will return -EPROTONOSUPPORT
*/
- if (err)
- printk_ratelimited(KERN_ERR "can: request_module "
- "(can-proto-%d) failed.\n", protocol);
cp = can_get_proto(protocol);
}
--
1.9.3

27
makefile-after_link.patch → kbuild-AFTER_LINK.patch
View File

@ -1,7 +1,3 @@
Bugzilla: N/A
Upstream-status: ??
From fd4e7f06ecc891474dea3a93df083de5f8c50cdc Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@redhat.com>
Date: Mon, 6 Oct 2008 23:03:03 -0700
Subject: [PATCH] kbuild: AFTER_LINK
@ -9,6 +5,9 @@ Subject: [PATCH] kbuild: AFTER_LINK
If the make variable AFTER_LINK is set, it is a command line to run
after each final link. This includes vmlinux itself and vDSO images.
Bugzilla: N/A
Upstream-status: ??
Signed-off-by: Roland McGrath <roland@redhat.com>
---
arch/arm64/kernel/vdso/Makefile | 3 ++-
@ -21,17 +20,17 @@ Signed-off-by: Roland McGrath <roland@redhat.com>
7 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
index 6d20b7d162d8..863a01bde0bf 100644
index ff3bddea482d..d8a439dd6351 100644
--- a/arch/arm64/kernel/vdso/Makefile
+++ b/arch/arm64/kernel/vdso/Makefile
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S FORCE
# Actual build commands
quiet_cmd_vdsold = VDSOL $@
quiet_cmd_vdsold = VDSOL $@
- cmd_vdsold = $(CC) $(c_flags) -Wl,-n -Wl,-T $^ -o $@
+ cmd_vdsold = $(CC) $(c_flags) -Wl,-n -Wl,-T $^ -o $@ \
+ $(if $(AFTER_LINK),;$(AFTER_LINK))
quiet_cmd_vdsoas = VDSOA $@
+ $(if $(AFTER_LINK),;$(AFTER_LINK))
quiet_cmd_vdsoas = VDSOA $@
cmd_vdsoas = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/powerpc/kernel/vdso32/Makefile b/arch/powerpc/kernel/vdso32/Makefile
@ -91,10 +90,10 @@ index 2a8ddfd12a5b..452ca53561fe 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
index 9206ac7961a5..3d7f533f6757 100644
index 5a4affe025e8..8ff38ce94c8e 100644
--- a/arch/x86/vdso/Makefile
+++ b/arch/x86/vdso/Makefile
@@ -181,8 +181,9 @@ $(obj)/vdso32-syms.lds: $(vdso32.so-y:%=$(obj)/vdso32-%-syms.lds) FORCE
@@ -171,8 +171,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
quiet_cmd_vdso = VDSO $@
cmd_vdso = $(CC) -nostdlib -o $@ \
$(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
@ -105,9 +104,9 @@ index 9206ac7961a5..3d7f533f6757 100644
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
$(LTO_CFLAGS)
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index 2dcb37736d84..25e170e92ef1 100644
index 86a4fe75f453..161637ed5611 100644
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -65,6 +65,10 @@ vmlinux_link()
@ -122,5 +121,5 @@ index 2dcb37736d84..25e170e92ef1 100644
--
1.8.5.3
1.9.3

14531
kernel-arm64.patch
View File

File diff suppressed because it is too large Load Diff

186
kernel.spec
View File

@ -42,19 +42,19 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 302
%global baserelease 300
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
# which yields a base_sublevel of 0.
%define base_sublevel 16
%define base_sublevel 17
## If this is a released kernel ##
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 3
%define stable_update 0
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -493,7 +493,7 @@ Patch00: patch-3.%{base_sublevel}-git%{gitrev}.xz
Patch04: compile-fixes.patch
# build tweak for build ID magic, even for -vanilla
Patch05: makefile-after_link.patch
Patch05: kbuild-AFTER_LINK.patch
%if !%{nopatches}
@ -511,20 +511,38 @@ Patch470: die-floppy-die.patch
Patch500: Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
Patch510: silence-noise.patch
Patch510: input-silence-i8042-noise.patch
Patch530: silence-fbcon-logo.patch
Patch600: 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
Patch600: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
Patch800: crash-driver.patch
# crypto/
# secure boot
Patch1000: secure-modules.patch
Patch1001: modsign-uefi.patch
# atch1002: sb-hibernate.patch
Patch1003: sysrq-secure-boot.patch
Patch1000: Add-secure_modules-call.patch
Patch1001: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
Patch1002: x86-Lock-down-IO-port-access-when-module-security-is.patch
Patch1003: ACPI-Limit-access-to-custom_method.patch
Patch1004: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
Patch1005: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
Patch1006: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
Patch1007: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
Patch1008: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
Patch1009: Add-option-to-automatically-enforce-module-signature.patch
Patch1010: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
Patch1011: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
Patch1012: efi-Add-EFI_SECURE_BOOT-bit.patch
Patch1013: hibernate-Disable-in-a-signed-modules-environment.patch
Patch1014: Add-EFI-signature-data-types.patch
Patch1015: Add-an-EFI-signature-blob-parser-and-key-loader.patch
Patch1016: KEYS-Add-a-system-blacklist-keyring.patch
Patch1017: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
Patch1018: MODSIGN-Support-not-importing-certs-from-db.patch
Patch1019: Add-sysrq-option-to-disable-secure-boot-mode.patch
# virt + ksm patches
@ -547,17 +565,25 @@ Patch14000: hibernate-freeze-filesystems.patch
Patch14010: lis3-improve-handling-of-null-rate.patch
Patch15000: nowatchdog-on-virt.patch
Patch15000: watchdog-Disable-watchdog-on-virtual-machines.patch
# PPC
Patch18000: ppc64-fixtools.patch
# ARM64
# ARMv7
Patch21020: arm-tegra-usb-no-reset-linux33.patch
Patch21021: arm-beagle.patch
Patch21022: arm-imx6-utilite.patch
# http://www.spinics.net/lists/linux-tegra/msg17948.html
Patch21023: arm-tegra-drmdetection.patch
Patch21024: arm-qemu-fixdisplay.patch
Patch21020: ARM-tegra-usb-no-reset.patch
Patch21021: arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
Patch21022: arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
Patch21023: arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
Patch21024: arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
Patch21025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
Patch21026: pinctrl-pinctrl-single-must-be-initialized-early.patch
Patch21028: arm-i.MX6-Utilite-device-dtb.patch
Patch21029: arm-dts-sun7i-bananapi.patch
Patch21100: arm-highbank-l2-reverts.patch
#rhbz 754518
Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
@ -566,7 +592,7 @@ Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
Patch21242: criu-no-expert.patch
#rhbz 892811
Patch21247: ath9k_rx_dma_stop_check.patch
Patch21247: ath9k-rx-dma-stop-check.patch
Patch22000: weird-root-dentry-name-debug.patch
@ -574,45 +600,31 @@ Patch22000: weird-root-dentry-name-debug.patch
Patch25063: disable-libdw-unwind-on-non-x86.patch
#rhbz 983342 1093120
Patch25069: 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
Patch25069: acpi-video-Add-4-new-models-to-the-use_native_backli.patch
Patch26000: perf-lib64.patch
Patch26000: perf-install-trace-event-plugins.patch
# Patch series from Hans for various backlight and platform driver fixes
Patch26002: samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
Patch26004: asus-wmi-Add-a-no-backlight-quirk.patch
Patch26005: eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
Patch26013: acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch
Patch26014: acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
Patch25109: revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
#rhbz 1021036, submitted upstream
Patch25110: 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
#rhbz 1134969
Patch26019: Input-wacom-Add-support-for-the-Cintiq-Companion.patch
Patch26016: HID-wacom-Add-support-for-the-Cintiq-Companion.patch
#rhbz 1110011
Patch26021: i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
Patch26022: psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
Patch26023: psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
Patch26019: psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
Patch26020: psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
#CVE-2014-3181 rhbz 1141179 1141173
Patch26024: HID-magicmouse-sanity-check-report-size-in-raw_event.patch
#CVE-2014-3186 rhbz 1141407 1141410
Patch26025: HID-picolcd-sanity-check-report-size-in-raw_event-ca.patch
#CVE-2014-6410 rhbz 1141809 1141810
Patch26026: udf-Avoid-infinite-loop-when-processing-indirect-ICB.patch
#rhbz 1143812
Patch26027: HID-i2c-hid-call-the-hid-driver-s-suspend-and-resume.patch
#rhbz 1138759
Patch26021: drm-vmwgfx-Fix-drm.h-include.patch
#rhbz 1123584
Patch26028: HID-rmi-check-sanity-of-incoming-report.patch
#rhbz 1145318
Patch26029: KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch
@ -1169,7 +1181,7 @@ do
done
%endif
ApplyPatch makefile-after_link.patch
ApplyPatch kbuild-AFTER_LINK.patch
#
# misc small stuff to make things compile
@ -1183,18 +1195,29 @@ ApplyOptionalPatch upstream-reverts.patch -R
# Architecture patches
# x86(-64)
ApplyPatch 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
ApplyPatch lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
# PPC
ApplyPatch ppc64-fixtools.patch
# ARM64
#
# ARM
#
ApplyPatch arm-tegra-usb-no-reset-linux33.patch
ApplyPatch arm-beagle.patch
ApplyPatch arm-imx6-utilite.patch
ApplyPatch arm-tegra-drmdetection.patch
ApplyPatch arm-qemu-fixdisplay.patch
ApplyPatch ARM-tegra-usb-no-reset.patch
ApplyPatch arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
ApplyPatch arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
ApplyPatch arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
ApplyPatch arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
ApplyPatch arm-dts-sun7i-bananapi.patch
ApplyPatch arm-highbank-l2-reverts.patch
#
# bugfixes to drivers and filesystems
@ -1242,7 +1265,7 @@ ApplyPatch die-floppy-die.patch
ApplyPatch no-pcspkr-modalias.patch
# Silence some useless messages that still get printed with 'quiet'
ApplyPatch silence-noise.patch
ApplyPatch input-silence-i8042-noise.patch
# Make fbcon not show the penguins with 'quiet'
ApplyPatch silence-fbcon-logo.patch
@ -1255,10 +1278,28 @@ ApplyPatch crash-driver.patch
# crypto/
# secure boot
ApplyPatch secure-modules.patch
ApplyPatch modsign-uefi.patch
# pplyPatch sb-hibernate.patch
ApplyPatch sysrq-secure-boot.patch
ApplyPatch Add-secure_modules-call.patch
ApplyPatch PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
ApplyPatch x86-Lock-down-IO-port-access-when-module-security-is.patch
ApplyPatch ACPI-Limit-access-to-custom_method.patch
ApplyPatch asus-wmi-Restrict-debugfs-interface-when-module-load.patch
ApplyPatch Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
ApplyPatch acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
ApplyPatch kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
ApplyPatch x86-Restrict-MSR-access-when-module-loading-is-restr.patch
ApplyPatch Add-option-to-automatically-enforce-module-signature.patch
ApplyPatch efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
ApplyPatch efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
ApplyPatch efi-Add-EFI_SECURE_BOOT-bit.patch
ApplyPatch hibernate-Disable-in-a-signed-modules-environment.patch
ApplyPatch Add-EFI-signature-data-types.patch
ApplyPatch Add-an-EFI-signature-blob-parser-and-key-loader.patch
ApplyPatch KEYS-Add-a-system-blacklist-keyring.patch
ApplyPatch MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
ApplyPatch MODSIGN-Support-not-importing-certs-from-db.patch
ApplyPatch Add-sysrq-option-to-disable-secure-boot-mode.patch
# Assorted Virt Fixes
@ -1280,7 +1321,7 @@ ApplyPatch disable-i8042-check-on-apple-mac.patch
ApplyPatch lis3-improve-handling-of-null-rate.patch
# Disable watchdog on virtual machines.
ApplyPatch nowatchdog-on-virt.patch
ApplyPatch watchdog-Disable-watchdog-on-virtual-machines.patch
#rhbz 754518
ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
@ -1291,51 +1332,37 @@ ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
ApplyPatch criu-no-expert.patch
#rhbz 892811
ApplyPatch ath9k_rx_dma_stop_check.patch
ApplyPatch ath9k-rx-dma-stop-check.patch
#rhbz 1025603
ApplyPatch disable-libdw-unwind-on-non-x86.patch
#rhbz 983342 1093120
ApplyPatch 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
ApplyPatch acpi-video-Add-4-new-models-to-the-use_native_backli.patch
ApplyPatch perf-lib64.patch
ApplyPatch perf-install-trace-event-plugins.patch
# Patch series from Hans for various backlight and platform driver fixes
ApplyPatch samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
ApplyPatch asus-wmi-Add-a-no-backlight-quirk.patch
ApplyPatch eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
ApplyPatch acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch
ApplyPatch acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
ApplyPatch revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
#rhbz 1021036, submitted upstream
ApplyPatch 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
#rhbz 1134969
ApplyPatch Input-wacom-Add-support-for-the-Cintiq-Companion.patch
ApplyPatch HID-wacom-Add-support-for-the-Cintiq-Companion.patch
#rhbz 1110011
ApplyPatch i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
ApplyPatch psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
ApplyPatch psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
#CVE-2014-3181 rhbz 1141179 1141173
ApplyPatch HID-magicmouse-sanity-check-report-size-in-raw_event.patch
#CVE-2014-3186 rhbz 1141407 1141410
ApplyPatch HID-picolcd-sanity-check-report-size-in-raw_event-ca.patch
#CVE-2014-6410 rhbz 1141809 1141810
ApplyPatch udf-Avoid-infinite-loop-when-processing-indirect-ICB.patch
#rhbz 1143812
ApplyPatch HID-i2c-hid-call-the-hid-driver-s-suspend-and-resume.patch
#rhbz 1138759
ApplyPatch drm-vmwgfx-Fix-drm.h-include.patch
#rhbz 1123584
ApplyPatch HID-rmi-check-sanity-of-incoming-report.patch
#rhbz 1145318
ApplyPatch KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch
%if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@ -2204,6 +2231,9 @@ fi
# ||----w |
# || ||
%changelog
* Mon Oct 06 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-300
- Linux v3.17
* Thu Sep 25 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.3-302
- Enable early microcode loading (rhbz 1083716)
- Bump prereq on dracut that defaults to early microcode

43
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch Normal file
View File

@ -0,0 +1,43 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
loading restrictions
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that module signing enforcement is meant to prevent. It makes
sense to disable kexec in this situation.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
kernel/kexec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 2bee072268d9..891477dbfee0 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -36,6 +36,7 @@
#include <linux/syscore_ops.h>
#include <linux/compiler.h>
#include <linux/hugetlb.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -1251,6 +1252,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
+ if (secure_modules())
+ return -EPERM;
+
+ /*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
1.9.3

37
lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch Normal file
View File

@ -0,0 +1,37 @@
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Mon, 11 Nov 2013 08:39:16 -0500
Subject: [PATCH] lib/cpumask: Make CPUMASK_OFFSTACK usable without debug
dependency
When CPUMASK_OFFSTACK was added in 2008, it was dependent upon
DEBUG_PER_CPU_MAPS being enabled, or an architecture could select it.
The debug dependency adds additional overhead that isn't required for
operation of the feature, and we need CPUMASK_OFFSTACK to increase the
NR_CPUS value beyond 512 on x86. We drop the current dependency and make
sure SMP is set.
Bugzilla: N/A
Upstream-status: Nak'd, supposedly replacement coming to auto-select
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
lib/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 54cf309a92a5..64f8bb4882fb 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -382,7 +382,8 @@ config CHECK_SIGNATURE
bool
config CPUMASK_OFFSTACK
- bool "Force CPU masks off stack" if DEBUG_PER_CPU_MAPS
+ bool "Force CPU masks off stack"
+ depends on SMP
help
Use dynamic allocation for cpumask_var_t, instead of putting
them on the stack. This is a bit more expensive, but avoids
--
1.9.3

32
lis3-improve-handling-of-null-rate.patch
View File

@ -1,13 +1,6 @@
Bugzilla: 785814
Upstream-status: ??
>From 56fb161a9ca0129f8e266e4dbe79346552ff8089 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Piel?= <eric.piel@tremplin-utc.net>
Date: Thu, 3 Nov 2011 16:22:40 +0100
Subject: [PATCH] lis3: Improve handling of null rate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [PATCH] lis3: improve handling of null rate
When obtaining a rate of 0, we would disable the device supposely
because it seems to behave incorectly. It actually only comes from the
@ -15,16 +8,19 @@ fact that the device is off and on lis3dc it's reflected in the rate.
So handle this nicely by just waiting a safe time, and then using the
device as normally.
Bugzilla: 785814
Upstream-status: ??
Signed-off-by: ??ric Piel <eric.piel@tremplin-utc.net>
---
drivers/misc/lis3lv02d/lis3lv02d.c | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
drivers/misc/lis3lv02d/lis3lv02d.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
index 35c67e0..42dce2a 100644
index 3ef4627f9cb1..2b2d2e8e5eeb 100644
--- a/drivers/misc/lis3lv02d/lis3lv02d.c
+++ b/drivers/misc/lis3lv02d/lis3lv02d.c
@@ -188,7 +188,8 @@ static void lis3lv02d_get_xyz(struct lis3lv02d *lis3, int *x, int *y, int *z)
@@ -216,7 +216,8 @@ static void lis3lv02d_get_xyz(struct lis3lv02d *lis3, int *x, int *y, int *z)
/* conversion btw sampling rate and the register values */
static int lis3_12_rates[4] = {40, 160, 640, 2560};
static int lis3_8_rates[2] = {100, 400};
@ -34,7 +30,7 @@ index 35c67e0..42dce2a 100644
static int lis3_3dlh_rates[4] = {50, 100, 400, 1000};
/* ODR is Output Data Rate */
@@ -202,12 +203,11 @@ static int lis3lv02d_get_odr(struct lis3lv02d *lis3)
@@ -231,12 +232,11 @@ static int lis3lv02d_get_odr(struct lis3lv02d *lis3)
return lis3->odrs[(ctrl >> shift)];
}
@ -50,7 +46,7 @@ index 35c67e0..42dce2a 100644
/* LIS3 power on delay is quite long */
msleep(lis3->pwron_delay / div);
@@ -274,7 +274,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
@@ -303,7 +303,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
lis3->read(lis3, ctlreg, &reg);
lis3->write(lis3, ctlreg, (reg | selftest));
@ -59,7 +55,7 @@ index 35c67e0..42dce2a 100644
if (ret)
goto fail;
@@ -285,7 +285,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
@@ -314,7 +314,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
/* back to normal settings */
lis3->write(lis3, ctlreg, reg);
@ -68,8 +64,8 @@ index 35c67e0..42dce2a 100644
if (ret)
goto fail;
@@ -397,7 +397,7 @@ int lis3lv02d_poweron(struct lis3lv02d *lis3)
lis3->write(lis3, CTRL_REG2, reg);
@@ -434,7 +434,7 @@ int lis3lv02d_poweron(struct lis3lv02d *lis3)
}
}
- err = lis3lv02d_get_pwron_wait(lis3);
@ -78,5 +74,5 @@ index 35c67e0..42dce2a 100644
return err;
--
1.7.7.1
1.9.3

624
modsign-uefi.patch
View File

@ -1,624 +0,0 @@
Bugzilla: N/A
Upstream-status: Fedora mustard for now
From fa2bfe718da40bf24f92c85846577e9bc788882c Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH 1/5] Add EFI signature data types
Add the data types that are used for containing hashes, keys and certificates
for cryptographic verification.
Signed-off-by: David Howells <dhowells@redhat.com>
---
include/linux/efi.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index e73f391fd3c8..3d66a61bbbca 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -578,6 +578,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define DEVICE_TREE_GUID \
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
+#define EFI_CERT_SHA256_GUID \
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
+
+#define EFI_CERT_X509_GUID \
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+
typedef struct {
efi_guid_t guid;
u64 table;
@@ -793,6 +799,20 @@ typedef struct _efi_file_io_interface {
#define EFI_INVALID_TABLE_ADDR (~0UL)
+typedef struct {
+ efi_guid_t signature_owner;
+ u8 signature_data[];
+} efi_signature_data_t;
+
+typedef struct {
+ efi_guid_t signature_type;
+ u32 signature_list_size;
+ u32 signature_header_size;
+ u32 signature_size;
+ u8 signature_header[];
+ /* efi_signature_data_t signatures[][] */
+} efi_signature_list_t;
+
/*
* All runtime access to EFI goes through this structure:
*/
--
1.9.3
From 922e0512ce70101b596558d5bb075cd40a450322 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH 2/5] Add an EFI signature blob parser and key loader.
X.509 certificates are loaded into the specified keyring as asymmetric type
keys.
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/Kconfig | 8 +++
crypto/asymmetric_keys/Makefile | 1 +
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
include/linux/efi.h | 4 ++
4 files changed, 122 insertions(+)
create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 03a6eb95ab50..6306ffc2a7fe 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -37,4 +37,12 @@ config X509_CERTIFICATE_PARSER
data and provides the ability to instantiate a crypto key from a
public key packet found inside the certificate.
+config EFI_SIGNATURE_LIST_PARSER
+ bool "EFI signature list parser"
+ depends on EFI
+ select X509_CERTIFICATE_PARSER
+ help
+ This option provides support for parsing EFI signature lists for
+ X.509 certificates and turning them into keys.
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 0727204aab68..cd8388e5f2f1 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
#
# X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
new file mode 100644
index 000000000000..424896a0b169
--- /dev/null
+++ b/crypto/asymmetric_keys/efi_parser.c
@@ -0,0 +1,109 @@
+/* EFI signature/key/certificate list parser
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "EFI: "fmt
+#include <linux/module.h>
+#include <linux/printk.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <keys/asymmetric-type.h>
+
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
+
+/**
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
+ * @data: The data blob to parse
+ * @size: The size of the data blob
+ * @keyring: The keyring to add extracted keys to
+ */
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
+{
+ unsigned offs = 0;
+ size_t lsize, esize, hsize, elsize;
+
+ pr_devel("-->%s(,%zu)\n", __func__, size);
+
+ while (size > 0) {
+ efi_signature_list_t list;
+ const efi_signature_data_t *elem;
+ key_ref_t key;
+
+ if (size < sizeof(list))
+ return -EBADMSG;
+
+ memcpy(&list, data, sizeof(list));
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
+ offs,
+ list.signature_type.b, list.signature_list_size,
+ list.signature_header_size, list.signature_size);
+
+ lsize = list.signature_list_size;
+ hsize = list.signature_header_size;
+ esize = list.signature_size;
+ elsize = lsize - sizeof(list) - hsize;
+
+ if (lsize > size) {
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
+ __func__, offs);
+ return -EBADMSG;
+ }
+ if (lsize < sizeof(list) ||
+ lsize - sizeof(list) < hsize ||
+ esize < sizeof(*elem) ||
+ elsize < esize ||
+ elsize % esize != 0) {
+ pr_devel("- bad size combo @%x\n", offs);
+ return -EBADMSG;
+ }
+
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
+ data += lsize;
+ size -= lsize;
+ offs += lsize;
+ continue;
+ }
+
+ data += sizeof(list) + hsize;
+ size -= sizeof(list) + hsize;
+ offs += sizeof(list) + hsize;
+
+ for (; elsize > 0; elsize -= esize) {
+ elem = data;
+
+ pr_devel("ELEM[%04x]\n", offs);
+
+ key = key_create_or_update(
+ make_key_ref(keyring, 1),
+ "asymmetric",
+ NULL,
+ &elem->signature_data,
+ esize - sizeof(*elem),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW,
+ KEY_ALLOC_NOT_IN_QUOTA |
+ KEY_ALLOC_TRUSTED);
+
+ if (IS_ERR(key))
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
+ PTR_ERR(key));
+ else
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
+ key_ref_to_ptr(key)->description,
+ keyring->description);
+
+ data += esize;
+ size -= esize;
+ offs += esize;
+ }
+ }
+
+ return 0;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 3d66a61bbbca..7854ff3c0f11 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -901,6 +901,10 @@ extern struct efi_memory_map memmap;
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
(md) = (void *)(md) + (m)->desc_size)
+struct key;
+extern int __init parse_efi_signature_list(const void *data, size_t size,
+ struct key *keyring);
+
/**
* efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address
--
1.9.3
From 2534dedee545507c00973279d5db515e122b5104 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH 3/5] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules
and if the module's certificate is found, it will refuse to load. This is
useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/keys/system_keyring.h | 4 ++++
init/Kconfig | 9 +++++++++
kernel/module_signing.c | 12 ++++++++++++
kernel/system_keyring.c | 17 +++++++++++++++++
4 files changed, 42 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 8dabc399bd1d..e466de10ceec 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -18,6 +18,10 @@
extern struct key *system_trusted_keyring;
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 9d76b99af1b9..ac5f580437a0 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1677,6 +1677,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fac4bd0..fed815fcdaf2 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
pr_debug("Look up: \"%s\"\n", id);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
+ &key_type_asymmetric, id);
+ if (!IS_ERR(key)) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key '%s' is in blacklist\n", id);
+ key_ref_put(key);
+ kfree(id);
+ return ERR_PTR(-EKEYREJECTED);
+ }
+#endif
+
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
&key_type_asymmetric, id);
if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 52ebc70263f4..478c4f8ec908 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
EXPORT_SYMBOL_GPL(system_trusted_keyring);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+struct key *system_blacklist_keyring;
+#endif
extern __initconst const u8 system_certificate_list[];
extern __initconst const unsigned long system_certificate_list_size;
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
panic("Can't allocate system trusted keyring\n");
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ,
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ if (IS_ERR(system_blacklist_keyring))
+ panic("Can't allocate system blacklist keyring\n");
+
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
+#endif
+
return 0;
}
--
1.9.3
From a72ed58241f0d62b7f9fbf4e1fbbcc1e02145098 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH 4/5] MODSIGN: Import certificates from UEFI Secure Boot
Secure Boot stores a list of allowed certificates in the 'db' variable.
This imports those certificates into the system trusted keyring. This
allows for a third party signing certificate to be used in conjunction
with signed modules. By importing the public certificate into the 'db'
variable, a user can allow a module signed with that certificate to
load. The shim UEFI bootloader has a similar certificate list stored
in the 'MokListRT' variable. We import those as well.
In the opposite case, Secure Boot maintains a list of disallowed
certificates in the 'dbx' variable. We load those certificates into
the newly introduced system blacklist keyring and forbid any module
signed with those from loading.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/linux/efi.h | 6 ++++
init/Kconfig | 9 +++++
kernel/Makefile | 3 ++
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 110 insertions(+)
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 7854ff3c0f11..31fd75e7230b 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -584,6 +584,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
+
+#define EFI_SHIM_LOCK_GUID \
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
+
typedef struct {
efi_guid_t guid;
u64 table;
diff --git a/init/Kconfig b/init/Kconfig
index ac5f580437a0..ca7268b594aa 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1831,6 +1831,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_UEFI
+ bool "Allow modules signed with certs stored in UEFI"
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
+ select EFI_SIGNATURE_LIST_PARSER
+ help
+ This will import certificates stored in UEFI and allow modules
+ signed with those to be loaded. It will also disallow loading
+ of modules stored in the UEFI dbx variable.
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index f2a8b6246ce9..706e7952bde5 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+
# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644
index 000000000000..94b0eb38a284
--- /dev/null
+++ b/kernel/modsign_uefi.c
@@ -0,0 +1,92 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/cred.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <linux/slab.h>
+#include <keys/asymmetric-type.h>
+#include <keys/system_keyring.h>
+#include "module-internal.h"
+
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+{
+ efi_status_t status;
+ unsigned long lsize = 4;
+ unsigned long tmpdb[4];
+ void *db = NULL;
+
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status != EFI_BUFFER_TOO_SMALL) {
+ pr_err("Couldn't get size: 0x%lx\n", status);
+ return NULL;
+ }
+
+ db = kmalloc(lsize, GFP_KERNEL);
+ if (!db) {
+ pr_err("Couldn't allocate memory for uefi cert list\n");
+ goto out;
+ }
+
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
+ if (status != EFI_SUCCESS) {
+ kfree(db);
+ db = NULL;
+ pr_err("Error reading db var: 0x%lx\n", status);
+ }
+out:
+ *size = lsize;
+ return db;
+}
+
+/*
+ * * Load the certs contained in the UEFI databases
+ * */
+static int __init load_uefi_certs(void)
+{
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
+ void *db = NULL, *dbx = NULL, *mok = NULL;
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
+ int rc = 0;
+
+ /* Check if SB is enabled and just return if not */
+ if (!efi_enabled(EFI_SECURE_BOOT))
+ return 0;
+
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
+ * an error if we can't get them.
+ */
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
+
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+ if (!mok) {
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+ } else {
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
+ kfree(mok);
+ }
+
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
+ if (!dbx) {
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+ } else {
+ rc = parse_efi_signature_list(dbx, dbxsize,
+ system_blacklist_keyring);
+ if (rc)
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
+ kfree(dbx);
+ }
+
+ return rc;
+}
+late_initcall(load_uefi_certs);
--
1.9.3
From 11bb98e3a62de77fc66a3e2197578dd9d891b998 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH 5/5] MODSIGN: Support not importing certs from db
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
Have the uefi import code look for this and not import things from the db
variable.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
index 94b0eb38a284..ae28b974d49a 100644
--- a/kernel/modsign_uefi.c
+++ b/kernel/modsign_uefi.c
@@ -8,6 +8,23 @@
#include <keys/system_keyring.h>
#include "module-internal.h"
+static __init int check_ignore_db(void)
+{
+ efi_status_t status;
+ unsigned int db = 0;
+ unsigned long size = sizeof(db);
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
+
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
+ * then we don't ignore DB. If it succeeds, we do.
+ */
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ return 1;
+}
+
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
{
efi_status_t status;
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
void *db = NULL, *dbx = NULL, *mok = NULL;
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
- int rc = 0;
+ int ignore_db, rc = 0;
/* Check if SB is enabled and just return if not */
if (!efi_enabled(EFI_SECURE_BOOT))
return 0;
+ /* See if the user has setup Ignore DB mode */
+ ignore_db = check_ignore_db();
+
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
* an error if we can't get them.
*/
- db = get_cert_list(L"db", &secure_var, &dbsize);
- if (!db) {
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
- } else {
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
- if (rc)
- pr_err("Couldn't parse db signatures: %d\n", rc);
- kfree(db);
+ if (!ignore_db) {
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
}
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
1.9.3

14
no-pcspkr-modalias.patch
View File

@ -1,11 +1,18 @@
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Thu, 29 Jul 2010 16:46:31 -0700
Subject: [PATCH] no pcspkr modalias
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/input/misc/pcspkr.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/input/misc/pcspkr.c b/drivers/input/misc/pcspkr.c
index 34f4d2e..3e40c70 100644
index 674a2cfc3c0e..9a2807227c69 100644
--- a/drivers/input/misc/pcspkr.c
+++ b/drivers/input/misc/pcspkr.c
@@ -24,7 +24,6 @@
@@ -23,7 +23,6 @@
MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
MODULE_DESCRIPTION("PC Speaker beeper driver");
MODULE_LICENSE("GPL");
@ -13,3 +20,6 @@ index 34f4d2e..3e40c70 100644
static int pcspkr_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
{
--
1.9.3

30
perf-install-trace-event-plugins.patch Normal file
View File

@ -0,0 +1,30 @@
From: Kyle McMartin <kmcmarti@redhat.com>
Date: Mon, 2 Jun 2014 15:11:01 -0400
Subject: [PATCH] perf: install trace-event plugins
perf hardcodes $libdir to be lib for all but x86_64, so kludge around it
until upstream gets their act together.
---
tools/perf/config/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
index 86c21a24da46..bf0fe97bd358 100644
--- a/tools/perf/config/Makefile
+++ b/tools/perf/config/Makefile
@@ -642,8 +642,12 @@ endif
ifeq ($(IS_X86_64),1)
lib = lib64
else
+ifdef MULTILIBDIR
+lib = $(MULTILIBDIR)
+else
lib = lib
endif
+endif
libdir = $(prefix)/$(lib)
# Shell quote (do not use $(call) to accommodate ancient setups);
--
1.9.3

17
perf-lib64.patch
View File

@ -1,17 +0,0 @@
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
index 802cf54..7f30bfa 100644
--- a/tools/perf/config/Makefile
+++ b/tools/perf/config/Makefile
@@ -621,8 +621,12 @@ endif
ifeq ($(IS_X86_64),1)
lib = lib64
else
+ifdef MULTILIBDIR
+lib = $(MULTILIBDIR)
+else
lib = lib
endif
+endif
libdir = $(prefix)/$(lib)
# Shell quote (do not use $(call) to accommodate ancient setups);

37
pinctrl-pinctrl-single-must-be-initialized-early.patch Normal file
View File

@ -0,0 +1,37 @@
From: Pantelis Antoniou <panto@antoniou-consulting.com>
Date: Sat, 15 Sep 2012 12:00:41 +0300
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
When using pinctrl-single to handle i2c initialization, it has
to be done early. Whether this is the best way to do so, is an
exercise left to the reader.
---
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index 95dd9cf55cb3..800fc34d7ea9 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -2012,7 +2012,17 @@ static struct platform_driver pcs_driver = {
#endif
};
-module_platform_driver(pcs_driver);
+static int __init pcs_init(void)
+{
+ return platform_driver_register(&pcs_driver);
+}
+postcore_initcall(pcs_init);
+
+static void __exit pcs_exit(void)
+{
+ platform_driver_unregister(&pcs_driver);
+}
+module_exit(pcs_exit);
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
--
1.9.3

12
ppc64-fixtools.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/tools/perf/arch/powerpc/util/skip-callchain-idx.c b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
index a7c23a4..d73ef8b 100644
--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c
+++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
@@ -15,6 +15,7 @@
#include "util/thread.h"
#include "util/callchain.h"
+#include "util/debug.h"
/*
* When saving the callchain on Power, the kernel conservatively saves

9
psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
View File

@ -1,7 +1,6 @@
From d0d1fbdb2d34a669ffbec814893696909381ac0e Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 27 Jun 2014 18:46:42 +0200
Subject: [PATCH 2/3] psmouse: Add psmouse_matches_pnp_id helper function
Subject: [PATCH] psmouse: Add psmouse_matches_pnp_id helper function
The matches_pnp_id function from the synaptics driver is useful for other
drivers too. Make it a generic psmouse helper function.
@ -17,7 +16,7 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
3 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
index cff065f6261c..bc1bc2653f15 100644
index b4e1f014ddc2..02e68c3008a3 100644
--- a/drivers/input/mouse/psmouse-base.c
+++ b/drivers/input/mouse/psmouse-base.c
@@ -462,6 +462,20 @@ static int psmouse_poll(struct psmouse *psmouse)
@ -54,7 +53,7 @@ index 2f0b39d59a9b..f4cf664c7db3 100644
struct psmouse_attribute {
struct device_attribute dattr;
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
index e8573c68f77e..854caca6e86e 100644
index fd23181c1fb7..6394d9b5bfd3 100644
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -185,18 +185,6 @@ static const char * const topbuttonpad_pnp_ids[] = {
@ -86,7 +85,7 @@ index e8573c68f77e..854caca6e86e 100644
priv->x_min = min_max_pnpid_table[i].x_min;
priv->x_max = min_max_pnpid_table[i].x_max;
priv->y_min = min_max_pnpid_table[i].y_min;
@@ -1456,7 +1445,7 @@ static void set_input_params(struct psmouse *psmouse,
@@ -1492,7 +1481,7 @@ static void set_input_params(struct psmouse *psmouse,
if (SYN_CAP_CLICKPAD(priv->ext_cap_0c)) {
__set_bit(INPUT_PROP_BUTTONPAD, dev->propbit);

10
psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
View File

@ -1,8 +1,6 @@
From 4ab16f30317966f892342e8821a6dc26070d1a06 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 27 Jun 2014 18:50:33 +0200
Subject: [PATCH 3/3] psmouse: Add support for detecting FocalTech PS/2
touchpads
Subject: [PATCH] psmouse: Add support for detecting FocalTech PS/2 touchpads
The Asus X450 and X550 laptops use a PS/2 touchpad from a new manufacturer
called FocalTech:
@ -120,7 +118,7 @@ index 000000000000..0d0fc49451fe
+
+#endif
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
index bc1bc2653f15..0730209cddb0 100644
index 02e68c3008a3..2c8c8e2172a2 100644
--- a/drivers/input/mouse/psmouse-base.c
+++ b/drivers/input/mouse/psmouse-base.c
@@ -35,6 +35,7 @@
@ -131,7 +129,7 @@ index bc1bc2653f15..0730209cddb0 100644
#define DRIVER_DESC "PS/2 mouse driver"
@@ -720,6 +721,13 @@ static int psmouse_extensions(struct psmouse *psmouse,
@@ -722,6 +723,13 @@ static int psmouse_extensions(struct psmouse *psmouse,
{
bool synaptics_hardware = false;
@ -145,7 +143,7 @@ index bc1bc2653f15..0730209cddb0 100644
/*
* We always check for lifebook because it does not disturb mouse
* (it only checks DMI information).
@@ -871,6 +879,8 @@ static int psmouse_extensions(struct psmouse *psmouse,
@@ -873,6 +881,8 @@ static int psmouse_extensions(struct psmouse *psmouse,
}
}

40
revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
View File

@ -1,40 +0,0 @@
Bugzilla: N/A
Upstream-status: Sent upstream
This reverts commit 1b2faaf7e219fc2905d75afcd4c815e5d39eda80.
The Intuos4 series presents a bug in which it hangs if it receives
a set feature command while switching to the enhanced mode.
This bug is triggered when plugging an Intuos 4 while having
a gnome user session up and running.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>
---
Hi Aris,
actually, you bisected the bug, so can I consider that I have your signed-off-by?
Cheers,
Benjamin
drivers/input/tablet/wacom_sys.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/input/tablet/wacom_sys.c b/drivers/input/tablet/wacom_sys.c
index 7087b33..319a3ff 100644
--- a/drivers/input/tablet/wacom_sys.c
+++ b/drivers/input/tablet/wacom_sys.c
@@ -536,6 +536,9 @@ static int wacom_set_device_mode(struct usb_interface *intf, int report_id, int
error = wacom_set_report(intf, WAC_HID_FEATURE_REPORT,
report_id, rep_data, length, 1);
+ if (error >= 0)
+ error = wacom_get_report(intf, WAC_HID_FEATURE_REPORT,
+ report_id, rep_data, length, 1);
} while ((error < 0 || rep_data[1] != mode) && limit++ < WAC_MSG_RETRIES);
kfree(rep_data);
--
1.9.0

14
samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
View File

@ -1,21 +1,18 @@
Bugzilla: 861573
Upstream-status: Waiting for feedback from reporter
From 2fa2078cdd4198b49c02cb03087158d398476463 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:40:59 +0200
Subject: [PATCH 02/14] samsung-laptop: Add broken-acpi-video quirk for
NC210/NC110
Subject: [PATCH] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110
Reported (and tested) here:
https://bugzilla.redhat.com/show_bug.cgi?id=861573
Bugzilla: 861573
Upstream-status: Waiting for feedback from reporter
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/samsung-laptop.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c
index 5a5966512277..0d7954e0fc74 100644
--- a/drivers/platform/x86/samsung-laptop.c
@ -37,3 +34,6 @@ index 5a5966512277..0d7954e0fc74 100644
{ },
};
MODULE_DEVICE_TABLE(dmi, samsung_dmi_table);
--
1.9.3

20
scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
View File

@ -1,16 +1,25 @@
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Fri, 10 Feb 2012 14:56:13 -0500
Subject: [PATCH] scsi: sd_revalidate_disk prevent NULL ptr deref
Bugzilla: 754518
Upstream-status: Fedora mustard (might be worth dropping...)
---
drivers/scsi/sd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/scsi/sd.c
+++ a/drivers/scsi/sd.c
@@ -2362,13 +2362,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 2c2041ca4b70..e10812d985af 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2749,13 +2749,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
static int sd_revalidate_disk(struct gendisk *disk)
{
struct scsi_disk *sdkp = scsi_disk(disk);
- struct scsi_device *sdp = sdkp->device;
+ struct scsi_device *sdp;
unsigned char *buffer;
unsigned flush = 0;
unsigned int max_xfer;
SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
"sd_revalidate_disk\n"));
@ -23,3 +32,6 @@ Upstream-status: Fedora mustard (might be worth dropping...)
/*
* If the device is offline, don't try and read capacity or any
* of the other niceties.
--
1.9.3

877
secure-modules.patch
View File

@ -1,877 +0,0 @@
Bugzilla: N/A
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
From 952dbcbea4cffb1a05773af3b5f41e8ed477c5fe Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH 01/14] Add secure_modules() call
Provide a single call to allow kernel code to determine whether the system
has been configured to either disable module loading entirely or to load
only modules signed with a trusted key.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
include/linux/module.h | 7 +++++++
kernel/module.c | 10 ++++++++++
2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index f520a767c86c..fc9b54eb779e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -509,6 +509,8 @@ int unregister_module_notifier(struct notifier_block *nb);
extern void print_modules(void);
+extern bool secure_modules(void);
+
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
@@ -619,6 +621,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
static inline void print_modules(void)
{
}
+
+static inline bool secure_modules(void)
+{
+ return false;
+}
#endif /* CONFIG_MODULES */
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
index 81e727cf6df9..fc14f48915dd 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3843,3 +3843,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
+
+bool secure_modules(void)
+{
+#ifdef CONFIG_MODULE_SIG
+ return (sig_enforce || modules_disabled);
+#else
+ return modules_disabled;
+#endif
+}
+EXPORT_SYMBOL(secure_modules);
--
1.9.3
From 3b451a12e60a47d152ecce1c02634c4d7320b024 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
enabled
Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
kernel code, allowing them to circumvent disabled module loading or module
signing. Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/pci/pci-sysfs.c | 10 ++++++++++
drivers/pci/proc.c | 8 +++++++-
drivers/pci/syscall.c | 3 ++-
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 9ff0a901ecf7..8d0d5d92b8d9 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -30,6 +30,7 @@
#include <linux/vgaarb.h>
#include <linux/pm_runtime.h>
#include <linux/of.h>
+#include <linux/module.h>
#include "pci.h"
static int sysfs_initialized; /* = 0 */
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
loff_t init_off = off;
u8 *data = (u8 *) buf;
+ if (secure_modules())
+ return -EPERM;
+
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
resource_size_t start, end;
int i;
+ if (secure_modules())
+ return -EPERM;
+
for (i = 0; i < PCI_ROM_RESOURCE; i++)
if (res == &pdev->resource[i])
break;
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{
+ if (secure_modules())
+ return -EPERM;
+
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
}
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
index 3f155e78513f..4265ea07e3b0 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
int size = dev->cfg_size;
int cnt;
+ if (secure_modules())
+ return -EPERM;
+
if (pos >= size)
return 0;
if (nbytes >= size)
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
#endif /* HAVE_PCI_MMAP */
int ret = 0;
+ if (secure_modules())
+ return -EPERM;
+
switch (cmd) {
case PCIIOC_CONTROLLER:
ret = pci_domain_nr(dev->bus);
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
struct pci_filp_private *fpriv = file->private_data;
int i, ret;
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
/* Make sure the caller is mapping a real resource for this device */
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
index b91c4da68365..98f5637304d1 100644
--- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c
@@ -10,6 +10,7 @@
#include <linux/errno.h>
#include <linux/pci.h>
#include <linux/syscalls.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
#include "pci.h"
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
u32 dword;
int err = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
return -EPERM;
dev = pci_get_bus_and_slot(bus, dfn);
--
1.9.3
From 42a620055ac873fb378ec69731c7a2200f6779cc Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
enabled
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO register
space. This would potentially permit root to trigger arbitrary DMA, so lock
it down by default.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/ioport.c | 5 +++--
drivers/char/mem.c | 4 ++++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 4ddaf66ea35f..00b440307419 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -15,6 +15,7 @@
#include <linux/thread_info.h>
#include <linux/syscalls.h>
#include <linux/bitmap.h>
+#include <linux/module.h>
#include <asm/syscalls.h>
/*
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
return -EINVAL;
- if (turn_on && !capable(CAP_SYS_RAWIO))
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
return -EPERM;
/*
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 917403fe10da..cdf839f9defe 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -27,6 +27,7 @@
#include <linux/export.h>
#include <linux/io.h>
#include <linux/aio.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
unsigned long i = *ppos;
const char __user *tmp = buf;
+ if (secure_modules())
+ return -EPERM;
+
if (!access_ok(VERIFY_READ, buf, count))
return -EFAULT;
while (count-- > 0 && i < 65536) {
--
1.9.3
From 8019fb7c7b5f18b19f7c980987953680ee218c9f Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH 04/14] ACPI: Limit access to custom_method
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if any such restrictions have been enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/acpi/custom_method.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index c68e72414a67..4277938af700 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
struct acpi_table_header table;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
if (!(*ppos)) {
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
--
1.9.3
From bf84e9e1022b2d3d0c97ae48fb8b61e5336c50f8 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
loading is restricted
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
be manipulated in such a way that arbitrary code can be executed in the
kernel, circumventing module loading restrictions. Prevent that if any of
these features are enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/platform/x86/asus-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index 3c6ccedc82b6..960c46536c65 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1592,6 +1592,9 @@ static int show_dsts(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0)
@@ -1608,6 +1611,9 @@ static int show_devs(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval);
@@ -1632,6 +1638,9 @@ static int show_call(struct seq_file *m, void *data)
union acpi_object *obj;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
1, asus->debug.method_id,
&input, &output);
--
1.9.3
From 9a56e8715d3b6dc84989997f34b6b5d407cabad2 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
restricted
Allowing users to write to address space makes it possible for the kernel
to be subverted, avoiding module loading restrictions. Prevent this when
any restrictions have been imposed on loading modules.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/char/mem.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index cdf839f9defe..c63cf93b00eb 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
if (p != *ppos)
return -EFBIG;
+ if (secure_modules())
+ return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p);
--
1.9.3
From 8d6faa19bbbaa4df411becda7e40c4ea0684c134 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
loading is restricted
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules. Disable it in that case.
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
---
drivers/acpi/osl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index bad25b070fe0..0606585e8b93 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@
#include <linux/list.h>
#include <linux/jiffies.h>
#include <linux/semaphore.h>
+#include <linux/module.h>
#include <asm/io.h>
#include <asm/uaccess.h>
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
- if (acpi_rsdp)
+ if (acpi_rsdp && !secure_modules())
return acpi_rsdp;
#endif
--
1.9.3
From 1ff86ddea019f543f6668b56889f86811028f303 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
loading restrictions
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that module signing enforcement is meant to prevent. It makes
sense to disable kexec in this situation.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
kernel/kexec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 4b8f0c925884..df14daa323a9 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -34,6 +34,7 @@
#include <linux/syscore_ops.h>
#include <linux/compiler.h>
#include <linux/hugetlb.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -947,6 +948,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
+ if (secure_modules())
+ return -EPERM;
+
+ /*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
1.9.3
From 4d56368f1364b45c18067bab1d6abc5ce0f67183 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH 09/14] x86: Restrict MSR access when module loading is
restricted
Writing to MSRs should not be allowed if module loading is restricted,
since it could lead to execution of arbitrary code in kernel mode. Based
on a patch by Kees Cook.
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/msr.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index c9603ac80de5..8bef43fc3f40 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
ssize_t bytes = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (count % 8)
return -EINVAL; /* Invalid chunk size */
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
err = -EBADF;
break;
}
+ if (secure_modules()) {
+ err = -EPERM;
+ break;
+ }
if (copy_from_user(&regs, uregs, sizeof regs)) {
err = -EFAULT;
break;
--
1.9.3
From aab8ba85241a85a0b2ed622edd7874c74cafa496 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH 10/14] Add option to automatically enforce module signatures
when in Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that all kernel modules also be signed. Add a configuration option
that enforces this automatically when enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
Documentation/x86/zero-page.txt | 2 ++
arch/x86/Kconfig | 10 ++++++++++
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
arch/x86/kernel/setup.c | 6 ++++++
include/linux/module.h | 6 ++++++
kernel/module.c | 7 +++++++
7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 199f453cb4de..ec38acf00b40 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
(below)
+1EB/001 ALL kbd_status Numlock is enabled
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
1EF/001 ALL sentinel Used to detect broken bootloaders
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index d24887b645dc..870aac9520b3 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1557,6 +1557,16 @@ config EFI_MIXED
If unsure, say N.
+config EFI_SECURE_BOOT_SIG_ENFORCE
+ def_bool n
+ prompt "Force module signing when UEFI Secure Boot is enabled"
+ ---help---
+ UEFI Secure Boot provides a mechanism for ensuring that the
+ firmware will only load signed bootloaders and kernels. Certain
+ use cases may also require that all kernel modules also be signed.
+ Say Y here to automatically enable module signature enforcement
+ when a system boots with UEFI Secure Boot enabled.
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 0331d765c2bb..85defaf5a27c 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
#include <asm/efi.h>
#include <asm/setup.h>
#include <asm/desc.h>
+#include <asm/bootparam_utils.h>
#undef memcpy /* Use memcpy from misc.c */
@@ -809,6 +810,37 @@ out:
return status;
}
+static int get_secure_boot(void)
+{
+ u8 sb, setup;
+ unsigned long datasize = sizeof(sb);
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
+ efi_status_t status;
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (sb == 0)
+ return 0;
+
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SetupMode", &var_guid, NULL, &datasize,
+ &setup);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (setup == 1)
+ return 0;
+
+ return 1;
+}
+
+
/*
* See if we have Graphics Output Protocol
*/
@@ -1372,6 +1404,10 @@ struct boot_params *efi_main(struct efi_config *c,
else
setup_boot_services32(efi_early);
+ sanitize_boot_params(boot_params);
+
+ boot_params->secure_boot = get_secure_boot();
+
setup_graphics(boot_params);
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 225b0988043a..90dbfb73e11f 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -133,7 +133,8 @@ struct boot_params {
__u8 eddbuf_entries; /* 0x1e9 */
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
__u8 kbd_status; /* 0x1eb */
- __u8 _pad5[3]; /* 0x1ec */
+ __u8 secure_boot; /* 0x1ec */
+ __u8 _pad5[2]; /* 0x1ed */
/*
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 78a0e6298922..8ecfec85e527 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
+ if (boot_params.secure_boot) {
+ enforce_signed_modules();
+ }
+#endif
+
/*
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index fc9b54eb779e..7377bc851461 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
struct notifier_block;
+#ifdef CONFIG_MODULE_SIG
+extern void enforce_signed_modules(void);
+#else
+static inline void enforce_signed_modules(void) {};
+#endif
+
#ifdef CONFIG_MODULES
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index fc14f48915dd..2d68d276f3b6 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3844,6 +3844,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
+#ifdef CONFIG_MODULE_SIG
+void enforce_signed_modules(void)
+{
+ sig_enforce = true;
+}
+#endif
+
bool secure_modules(void)
{
#ifdef CONFIG_MODULE_SIG
--
1.9.3
From eae8a80ddc185b3f233e2620dbfc6454b6f0c3a6 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH 11/14] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
MokSBState that does not have the runtime attribute set. Given that the
user explicitly disabled validation, we can honor that and not enable
secure boot mode if that variable is set.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 85defaf5a27c..b4013a4ba005 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -812,8 +812,9 @@ out:
static int get_secure_boot(void)
{
- u8 sb, setup;
+ u8 sb, setup, moksbstate;
unsigned long datasize = sizeof(sb);
+ u32 attr;
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
efi_status_t status;
@@ -837,6 +838,23 @@ static int get_secure_boot(void)
if (setup == 1)
return 0;
+ /* See if a user has put shim into insecure_mode. If so, and the variable
+ * doesn't have the runtime attribute set, we might as well honor that.
+ */
+ var_guid = EFI_SHIM_LOCK_GUID;
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"MokSBState", &var_guid, &attr, &datasize,
+ &moksbstate);
+
+ /* If it fails, we don't care why. Default to secure */
+ if (status != EFI_SUCCESS)
+ return 1;
+
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
+ if (moksbstate == 1)
+ return 0;
+ }
+
return 1;
}
--
1.9.3
From 9728a4f49b284b7354876e1d77174d5838306e21 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH 12/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
The functionality of the config option is dependent upon the platform being
UEFI based. Reflect this in the config deps.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 870aac9520b3..7aecd3f9f8ee 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1558,7 +1558,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE
- def_bool n
+ def_bool n
+ depends on EFI
prompt "Force module signing when UEFI Secure Boot is enabled"
---help---
UEFI Secure Boot provides a mechanism for ensuring that the
--
1.9.3
From 4211b4919b8ccecc4f4cdc0a46ead7294478b687 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 13/14] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/kernel/setup.c | 2 ++
include/linux/efi.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 8ecfec85e527..5ce785fc9f05 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
enforce_signed_modules();
+ pr_info("Secure boot enabled\n");
}
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 41bbf8ba4ba8..e73f391fd3c8 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -917,6 +917,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_MEMMAP 4 /* Can we use EFI memory map? */
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
#define EFI_ARCH_1 6 /* First arch-specific bit */
+#define EFI_SECURE_BOOT 7 /* Are we in Secure Boot mode? */
#ifdef CONFIG_EFI
/*
--
1.9.3
From 18b50c6f0597b606cb03cbd8a9fdef7478cb2b21 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH 14/14] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/power/hibernate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index fcc2611d3f14..61711801a9c4 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -28,6 +28,7 @@
#include <linux/syscore_ops.h>
#include <linux/ctype.h>
#include <linux/genhd.h>
+#include <linux/module.h>
#include <trace/events/power.h>
#include "power.h"
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
bool hibernation_available(void)
{
- return (nohibernate == 0);
+ return ((nohibernate == 0) && !secure_modules());
}
/**
--
1.9.3

16
silence-fbcon-logo.patch
View File

@ -1,11 +1,18 @@
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Thu, 29 Jul 2010 16:46:31 -0700
Subject: [PATCH] silence fbcon logo
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/video/console/fbcon.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
index 1657b96..4c5c2be 100644
index 57b1d44acbfe..31048a85713d 100644
--- a/drivers/video/console/fbcon.c
+++ b/drivers/video/console/fbcon.c
@@ -631,13 +631,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
@@ -638,13 +638,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
kfree(save);
}
@ -28,7 +35,7 @@ index 1657b96..4c5c2be 100644
}
}
#endif /* MODULE */
@@ -3489,6 +3491,14 @@ static int __init fb_console_init(void)
@@ -3625,6 +3627,14 @@ static int __init fb_console_init(void)
return 0;
}
@ -43,3 +50,6 @@ index 1657b96..4c5c2be 100644
module_init(fb_console_init);
#ifdef MODULE
--
1.9.3

5
sources
View File

@ -1,3 +1,2 @@
5c569ed649a0c9711879f333e90c5386 linux-3.16.tar.xz
49868ce6467b35cd9ffea1120d129462 perf-man-3.16.tar.gz
387a93e4833df73217c6b9b92153aa7c patch-3.16.3.xz
fb30d0f29214d75cddd2faa94f73d5cf linux-3.17.tar.xz
159e969cbc27201d8e2fa0f609dc722f perf-man-3.17.tar.gz

92
udf-Avoid-infinite-loop-when-processing-indirect-ICB.patch
View File

@ -1,92 +0,0 @@
From a45318b5ff8c505afcbf04a1c5fa7dbe426d9588 Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@suse.cz>
Date: Thu, 4 Sep 2014 14:06:55 +0200
Subject: [PATCH] udf: Avoid infinite loop when processing indirect ICBs
We did not implement any bound on number of indirect ICBs we follow when
loading inode. Thus corrupted medium could cause kernel to go into an
infinite loop, possibly causing a stack overflow.
Fix the possible stack overflow by removing recursion from
__udf_read_inode() and limit number of indirect ICBs we follow to avoid
infinite loops.
Bugzilla: 1141810
Upstream-status: 3.17
Signed-off-by: Jan Kara <jack@suse.cz>
---
fs/udf/inode.c | 35 +++++++++++++++++++++--------------
1 file changed, 21 insertions(+), 14 deletions(-)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 236cd48184c2..a932f7740b51 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -1271,13 +1271,22 @@ update_time:
return 0;
}
+/*
+ * Maximum length of linked list formed by ICB hierarchy. The chosen number is
+ * arbitrary - just that we hopefully don't limit any real use of rewritten
+ * inode on write-once media but avoid looping for too long on corrupted media.
+ */
+#define UDF_MAX_ICB_NESTING 1024
+
static void __udf_read_inode(struct inode *inode)
{
struct buffer_head *bh = NULL;
struct fileEntry *fe;
uint16_t ident;
struct udf_inode_info *iinfo = UDF_I(inode);
+ unsigned int indirections = 0;
+reread:
/*
* Set defaults, but the inode is still incomplete!
* Note: get_new_inode() sets the following on a new inode:
@@ -1314,28 +1323,26 @@ static void __udf_read_inode(struct inode *inode)
ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1,
&ident);
if (ident == TAG_IDENT_IE && ibh) {
- struct buffer_head *nbh = NULL;
struct kernel_lb_addr loc;
struct indirectEntry *ie;
ie = (struct indirectEntry *)ibh->b_data;
loc = lelb_to_cpu(ie->indirectICB.extLocation);
- if (ie->indirectICB.extLength &&
- (nbh = udf_read_ptagged(inode->i_sb, &loc, 0,
- &ident))) {
- if (ident == TAG_IDENT_FE ||
- ident == TAG_IDENT_EFE) {
- memcpy(&iinfo->i_location,
- &loc,
- sizeof(struct kernel_lb_addr));
- brelse(bh);
- brelse(ibh);
- brelse(nbh);
- __udf_read_inode(inode);
+ if (ie->indirectICB.extLength) {
+ brelse(bh);
+ brelse(ibh);
+ memcpy(&iinfo->i_location, &loc,
+ sizeof(struct kernel_lb_addr));
+ if (++indirections > UDF_MAX_ICB_NESTING) {
+ udf_err(inode->i_sb,
+ "too many ICBs in ICB hierarchy"
+ " (max %d supported)\n",
+ UDF_MAX_ICB_NESTING);
+ make_bad_inode(inode);
return;
}
- brelse(nbh);
+ goto reread;
}
}
brelse(ibh);
--
2.1.0

13
nowatchdog-on-virt.patch → watchdog-Disable-watchdog-on-virtual-machines.patch
View File

@ -1,10 +1,6 @@
Bugzilla: 971139
Upstream-status: Fedora mustard for now
From 17109685bfce322c73a816e097b137458fbd55ae Mon Sep 17 00:00:00 2001
From: Dave Jones <davej@redhat.com>
Date: Tue, 24 Jun 2014 08:43:34 -0400
Subject: [PATCH] Disable watchdog on virtual machines.
Subject: [PATCH] watchdog: Disable watchdog on virtual machines.
For various reasons, VMs seem to trigger the soft lockup detector a lot,
in cases where it's just not possible for a lockup to occur.
@ -15,13 +11,16 @@ the VM for a very long time (Could be the host was under heavy load).
Just disable the detector on VMs.
Bugzilla: 971139
Upstream-status: Fedora mustard for now
Signed-off-by: Dave Jones <davej@redhat.com>
---
kernel/watchdog.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index c3319bd1b040..0e3687675aaa 100644
index a8d6914030fe..d0a8c308170d 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -24,6 +24,7 @@
@ -65,7 +64,7 @@ index c3319bd1b040..0e3687675aaa 100644
/*
* Hard-lockup warnings should be triggered after just a few seconds. Soft-
* lockups can have false positives under extreme conditions. So we generally
@@ -641,6 +668,8 @@ out:
@@ -644,6 +671,8 @@ out:
void __init lockup_detector_init(void)
{

70
x86-Lock-down-IO-port-access-when-module-security-is.patch Normal file
View File

@ -0,0 +1,70 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO register
space. This would potentially permit root to trigger arbitrary DMA, so lock
it down by default.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/ioport.c | 5 +++--
drivers/char/mem.c | 4 ++++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 4ddaf66ea35f..00b440307419 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -15,6 +15,7 @@
#include <linux/thread_info.h>
#include <linux/syscalls.h>
#include <linux/bitmap.h>
+#include <linux/module.h>
#include <asm/syscalls.h>
/*
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
return -EINVAL;
- if (turn_on && !capable(CAP_SYS_RAWIO))
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
return -EPERM;
/*
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 917403fe10da..cdf839f9defe 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -27,6 +27,7 @@
#include <linux/export.h>
#include <linux/io.h>
#include <linux/aio.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
unsigned long i = *ppos;
const char __user *tmp = buf;
+ if (secure_modules())
+ return -EPERM;
+
if (!access_ok(VERIFY_READ, buf, count))
return -EFAULT;
while (count-- > 0 && i < 65536) {
--
1.9.3

42
x86-Restrict-MSR-access-when-module-loading-is-restr.patch Normal file
View File

@ -0,0 +1,42 @@
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
Writing to MSRs should not be allowed if module loading is restricted,
since it could lead to execution of arbitrary code in kernel mode. Based
on a patch by Kees Cook.
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/msr.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index c9603ac80de5..8bef43fc3f40 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
ssize_t bytes = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (count % 8)
return -EINVAL; /* Invalid chunk size */
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
err = -EBADF;
break;
}
+ if (secure_modules()) {
+ err = -EPERM;
+ break;
+ }
if (copy_from_user(&regs, uregs, sizeof regs)) {
err = -EFAULT;
break;
--
1.9.3