Refresh SB patchset to fix bisectability issue

ACPI-Limit-access-to-custom_method.patch

@@ -1,4 +1,4 @@
-From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
+From 36d02761fc952f8190fca75bb4b81c2c7b7ddf68 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
 Subject: [PATCH 04/20] ACPI: Limit access to custom_method
@@ -27,5 +27,5 @@ index c68e72414a67..4277938af700 100644
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
 -- 
-2.4.3
+2.9.3
 

Add-EFI-signature-data-types.patch

@@ -1,7 +1,7 @@
-From 5216de8394ff599e41c8540c0572368c18c51459 Mon Sep 17 00:00:00 2001
+From ba3f737b8521314b62edaa7d4cc4bdc9aeefe394 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:30:54 -0400
-Subject: [PATCH 4/9] Add EFI signature data types
+Subject: [PATCH 15/20] Add EFI signature data types
 
 Add the data types that are used for containing hashes, keys and certificates
 for cryptographic verification.
@@ -11,14 +11,14 @@ Upstream-status: Fedora mustard for now
 
 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- include/linux/efi.h | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
+ include/linux/efi.h | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
 
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 8cb38cfcba74..8c274b4ea8e6 100644
+index 5af91b58afae..190858d62fe3 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -647,6 +647,9 @@ void efi_native_runtime_setup(void);
+@@ -603,6 +603,9 @@ void efi_native_runtime_setup(void);
  #define LINUX_EFI_ARM_SCREEN_INFO_TABLE_GUID	EFI_GUID(0xe03fc20a, 0x85dc, 0x406e,  0xb9, 0x0e, 0x4a, 0xb5, 0x02, 0x37, 0x1d, 0x95)
  #define LINUX_EFI_LOADER_ENTRY_GUID		EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf,  0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
  
@@ -28,7 +28,7 @@ index 8cb38cfcba74..8c274b4ea8e6 100644
  typedef struct {
  	efi_guid_t guid;
  	u64 table;
-@@ -879,6 +885,20 @@ typedef struct {
+@@ -853,6 +856,20 @@ typedef struct {
  	efi_memory_desc_t entry[0];
  } efi_memory_attributes_table_t;
  
@@ -50,5 +50,5 @@ index 8cb38cfcba74..8c274b4ea8e6 100644
   * All runtime access to EFI goes through this structure:
   */
 -- 
-2.5.5
+2.9.3
 

Add-an-EFI-signature-blob-parser-and-key-loader.patch

@@ -1,7 +1,7 @@
-From e36a2d65e25fdf42b50aa5dc17583d7bfd09c4c4 Mon Sep 17 00:00:00 2001
+From 822b4b3eb76ca451a416a51f0a7bfedfa5c5ea39 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:36:28 -0400
-Subject: [PATCH 5/9] Add an EFI signature blob parser and key loader.
+Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
 
 X.509 certificates are loaded into the specified keyring as asymmetric type
 keys.
@@ -17,10 +17,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
  create mode 100644 crypto/asymmetric_keys/efi_parser.c
 
 diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
-index e28e912000a7..94024e8aedaa 100644
+index 331f6baf2df8..5f9002d3192e 100644
 --- a/crypto/asymmetric_keys/Kconfig
 +++ b/crypto/asymmetric_keys/Kconfig
-@@ -60,4 +60,12 @@ config SIGNED_PE_FILE_VERIFICATION
+@@ -61,4 +61,12 @@ config SIGNED_PE_FILE_VERIFICATION
  	  This option provides support for verifying the signature(s) on a
  	  signed PE binary.
  
@@ -160,10 +160,10 @@ index 000000000000..636feb18b733
 +	return 0;
 +}
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 8c274b4ea8e6..ff1877145aa4 100644
+index 190858d62fe3..668aa1244885 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -1044,6 +1044,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
+@@ -1025,6 +1025,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
  char * __init efi_md_typeattr_format(char *buf, size_t size,
  				     const efi_memory_desc_t *md);
  
@@ -175,5 +175,5 @@ index 8c274b4ea8e6..ff1877145aa4 100644
   * efi_range_is_wc - check the WC bit on an address range
   * @start: starting kvirt address
 -- 
-2.5.5
+2.9.3
 

Add-option-to-automatically-enforce-module-signature.patch

@@ -1,8 +1,8 @@
-From 0000dc9edd5997cc49b8893a9d5407f89dfa1307 Mon Sep 17 00:00:00 2001
+From 6b6203b92cfb457a0669a9c87a29b360405bffc6 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
-Subject: [PATCH] Add option to automatically enforce module signatures when in
- Secure Boot mode
+Subject: [PATCH 10/20] Add option to automatically enforce module signatures
+ when in Secure Boot mode
 
 UEFI Secure Boot provides a mechanism for ensuring that the firmware will
 only load signed bootloaders and kernels. Certain use cases may also
@@ -34,10 +34,10 @@ index 95a4d34af3fd..b8527c6b7646 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 0a7b885964ba..29b8ba9ae713 100644
+index bada636d1065..d666ef8b616c 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1776,6 +1776,17 @@ config EFI_MIXED
+@@ -1786,6 +1786,17 @@ config EFI_MIXED
  
  	   If unsure, say N.
  
@@ -56,7 +56,7 @@ index 0a7b885964ba..29b8ba9ae713 100644
  	def_bool y
  	prompt "Enable seccomp to safely compute untrusted bytecode"
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 52fef606bc54..6b8b9a775b46 100644
+index cc69e37548db..ebc85c1eefd6 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -12,6 +12,7 @@
@@ -67,7 +67,7 @@ index 52fef606bc54..6b8b9a775b46 100644
  
  #include "../string.h"
  #include "eboot.h"
-@@ -571,6 +572,67 @@ free_handle:
+@@ -537,6 +538,67 @@ static void setup_efi_pci(struct boot_params *params)
  	efi_call_early(free_pool, pci_handle);
  }
  
@@ -135,7 +135,7 @@ index 52fef606bc54..6b8b9a775b46 100644
  static efi_status_t
  setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height)
  {
-@@ -1126,6 +1188,10 @@ struct boot_params *efi_main(struct efi_config *c,
+@@ -1094,6 +1156,10 @@ struct boot_params *efi_main(struct efi_config *c,
  	else
  		setup_boot_services32(efi_early);
  
@@ -161,10 +161,10 @@ index c18ce67495fa..2b3e5427097b 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index c4e7b3991b60..bdb9881c7afd 100644
+index bbfbca5fea0c..d40e961753c9 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1152,6 +1152,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
  
  	io_delay_init();
  
@@ -178,10 +178,10 @@ index c4e7b3991b60..bdb9881c7afd 100644
  	 * Parse the ACPI tables for possible boot-time SMP configuration.
  	 */
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 082298a09df1..38d0597f7615 100644
+index 05bd6c989a0c..32327704e18d 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
+@@ -260,6 +260,12 @@ extern const typeof(name) __mod_##type##__##name##_device_table		\
  
  struct notifier_block;
  
@@ -195,10 +195,10 @@ index 082298a09df1..38d0597f7615 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index 3c384968f553..ea484f3a35b2 100644
+index cb864505d020..cb1f1da69bf4 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4200,6 +4200,13 @@ void module_layout(struct module *mod,
+@@ -4285,6 +4285,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  
@@ -213,5 +213,5 @@ index 3c384968f553..ea484f3a35b2 100644
  {
  #ifdef CONFIG_MODULE_SIG
 -- 
-2.5.5
+2.9.3
 

Add-secure_modules-call.patch

@@ -1,7 +1,7 @@
-From 3213f1513a744fb21b6b9e4d4f2650a204855b3e Mon Sep 17 00:00:00 2001
+From 80d2d273b36b33d46820ab128c7a5b068389f643 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
-Subject: [PATCH] Add secure_modules() call
+Subject: [PATCH 01/20] Add secure_modules() call
 
 Provide a single call to allow kernel code to determine whether the system
 has been configured to either disable module loading entirely or to load
@@ -17,7 +17,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  2 files changed, 16 insertions(+)
 
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 0c3207d..05bd6c9 100644
+index 0c3207d26ac0..05bd6c989a0c 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
 @@ -641,6 +641,8 @@ static inline bool is_livepatch_module(struct module *mod)
@@ -41,10 +41,10 @@ index 0c3207d..05bd6c9 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 529efae..0332fdd 100644
+index f57dd63186e6..cb864505d020 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4279,3 +4279,13 @@ void module_layout(struct module *mod,
+@@ -4284,3 +4284,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
@@ -59,5 +59,5 @@ index 529efae..0332fdd 100644
 +}
 +EXPORT_SYMBOL(secure_modules);
 -- 
-2.9.2
+2.9.3
 

Add-sysrq-option-to-disable-secure-boot-mode.patch

@@ -1,7 +1,7 @@
-From e27a9a98dcf3ff95568593026da065a72ad21b92 Mon Sep 17 00:00:00 2001
+From d9e0379e8d3cb51efe4e2b1a5a60c52c2c40bdfb Mon Sep 17 00:00:00 2001
 From: Kyle McMartin <kyle@redhat.com>
 Date: Fri, 30 Aug 2013 09:28:51 -0400
-Subject: [PATCH 9/9] Add sysrq option to disable secure boot mode
+Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
 
 Bugzilla: N/A
 Upstream-status: Fedora mustard
@@ -16,7 +16,7 @@ Upstream-status: Fedora mustard
  7 files changed, 64 insertions(+), 9 deletions(-)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index a666b6c29c77..7732c769937b 100644
+index b93183336674..dab2882927c2 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
 @@ -70,6 +70,11 @@
@@ -70,7 +70,7 @@ index a666b6c29c77..7732c769937b 100644
  	.notifier_call = dump_kernel_offset
  };
 diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
-index abe1a927b332..f4126fcec10c 100644
+index 92595b98e7ed..894ed3f74f04 100644
 --- a/drivers/input/misc/uinput.c
 +++ b/drivers/input/misc/uinput.c
 @@ -379,6 +379,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
@@ -82,10 +82,10 @@ index abe1a927b332..f4126fcec10c 100644
  	input_set_drvdata(udev->dev, udev);
  
 diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index e5139402e7f8..5ef2e04a03ad 100644
+index 52bbd27e93ae..594bd731253a 100644
 --- a/drivers/tty/sysrq.c
 +++ b/drivers/tty/sysrq.c
-@@ -478,6 +478,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
+@@ -479,6 +479,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
  	/* x: May be registered on mips for TLB dump */
  	/* x: May be registered on ppc/powerpc for xmon */
  	/* x: May be registered on sparc64 for global PMU dump */
@@ -93,7 +93,7 @@ index e5139402e7f8..5ef2e04a03ad 100644
  	NULL,				/* x */
  	/* y: May be registered on sparc64 for global register dump */
  	NULL,				/* y */
-@@ -521,7 +522,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
+@@ -522,7 +523,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
                  sysrq_key_table[i] = op_p;
  }
  
@@ -102,7 +102,7 @@ index e5139402e7f8..5ef2e04a03ad 100644
  {
  	struct sysrq_key_op *op_p;
  	int orig_log_level;
-@@ -541,11 +542,15 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -542,11 +543,15 @@ void __handle_sysrq(int key, bool check_mask)
  
          op_p = __sysrq_get_key_op(key);
          if (op_p) {
@@ -119,7 +119,7 @@ index e5139402e7f8..5ef2e04a03ad 100644
  			pr_cont("%s\n", op_p->action_msg);
  			console_loglevel = orig_log_level;
  			op_p->handler(key);
-@@ -577,7 +582,7 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -578,7 +583,7 @@ void __handle_sysrq(int key, bool check_mask)
  void handle_sysrq(int key)
  {
  	if (sysrq_on())
@@ -128,7 +128,7 @@ index e5139402e7f8..5ef2e04a03ad 100644
  }
  EXPORT_SYMBOL(handle_sysrq);
  
-@@ -658,7 +663,7 @@ static void sysrq_do_reset(unsigned long _state)
+@@ -659,7 +664,7 @@ static void sysrq_do_reset(unsigned long _state)
  static void sysrq_handle_reset_request(struct sysrq_state *state)
  {
  	if (state->reset_requested)
@@ -137,7 +137,7 @@ index e5139402e7f8..5ef2e04a03ad 100644
  
  	if (sysrq_reset_downtime_ms)
  		mod_timer(&state->keyreset_timer,
-@@ -809,8 +814,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
+@@ -810,8 +815,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
  
  	default:
  		if (sysrq->active && value && value != 2) {
@@ -149,7 +149,7 @@ index e5139402e7f8..5ef2e04a03ad 100644
  		}
  		break;
  	}
-@@ -1094,7 +1101,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
+@@ -1095,7 +1102,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
  
  		if (get_user(c, buf))
  			return -EFAULT;
@@ -159,7 +159,7 @@ index e5139402e7f8..5ef2e04a03ad 100644
  
  	return count;
 diff --git a/include/linux/input.h b/include/linux/input.h
-index 1e967694e9a5..2b56c6f9673c 100644
+index a65e3b24fb18..8b0357175049 100644
 --- a/include/linux/input.h
 +++ b/include/linux/input.h
 @@ -42,6 +42,7 @@ struct input_value {
@@ -229,10 +229,10 @@ index 2a20c0dfdafc..3d17205dab77 100644
  
  	return 0;
 diff --git a/kernel/module.c b/kernel/module.c
-index ea484f3a35b2..84b00659b0ee 100644
+index cb1f1da69bf4..5933c27ba19e 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -269,7 +269,7 @@ static void module_assert_mutex_or_preempt(void)
+@@ -270,7 +270,7 @@ static void module_assert_mutex_or_preempt(void)
  #endif
  }
  
@@ -242,5 +242,5 @@ index ea484f3a35b2..84b00659b0ee 100644
  module_param(sig_enforce, bool_enable_only, 0644);
  #endif /* !CONFIG_MODULE_SIG_FORCE */
 -- 
-2.5.5
+2.9.3
 

KEYS-Add-a-system-blacklist-keyring.patch

@@ -1,7 +1,7 @@
-From 096da19de900a115ee3610b666ecb7e55926623d Mon Sep 17 00:00:00 2001
+From 2a54526850121cd0d7cf649a321488b4dab5731d Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:36:24 -0400
-Subject: [PATCH 6/9] KEYS: Add a system blacklist keyring
+Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
 
 This adds an additional keyring that is used to store certificates that
 are blacklisted.  This keyring is searched first when loading signed modules
@@ -78,10 +78,10 @@ index fbd4647767e9..5bc291a3d261 100644
  extern struct key *ima_blacklist_keyring;
  
 diff --git a/init/Kconfig b/init/Kconfig
-index a9c4aefd5436..e5449d5aeff9 100644
+index 34407f15e6d3..461ad575a608 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1829,6 +1829,15 @@ config SYSTEM_DATA_VERIFICATION
+@@ -1859,6 +1859,15 @@ config SYSTEM_DATA_VERIFICATION
  	  module verification, kexec image verification and firmware blob
  	  verification.
  
@@ -98,5 +98,5 @@ index a9c4aefd5436..e5449d5aeff9 100644
  	bool "Profiling support"
  	help
 -- 
-2.5.5
+2.9.3
 

MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch

@@ -1,7 +1,7 @@
-From ba2b209daf984514229626803472e0b055832345 Mon Sep 17 00:00:00 2001
+From 8a4535bcfe24d317be675e53cdc8c61d22fdc7f3 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:42:16 -0400
-Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
+Subject: [PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot
 
 Secure Boot stores a list of allowed certificates in the 'db' variable.
 This imports those certificates into the system trusted keyring.  This
@@ -20,11 +20,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
 ---
  certs/system_keyring.c        | 13 ++++++
  include/keys/system_keyring.h |  1 +
- include/linux/efi.h           |  6 +++
  init/Kconfig                  |  9 ++++
  kernel/Makefile               |  3 ++
  kernel/modsign_uefi.c         | 99 +++++++++++++++++++++++++++++++++++++++++++
- 6 files changed, 131 insertions(+)
+ 5 files changed, 125 insertions(+)
  create mode 100644 kernel/modsign_uefi.c
 
 diff --git a/certs/system_keyring.c b/certs/system_keyring.c
@@ -63,28 +62,11 @@ index 5bc291a3d261..56ff5715ab67 100644
  
  #ifdef CONFIG_IMA_BLACKLIST_KEYRING
  extern struct key *ima_blacklist_keyring;
-diff --git a/include/linux/efi.h b/include/linux/efi.h
-index ff1877145aa4..2483de19c719 100644
---- a/include/linux/efi.h
-+++ b/include/linux/efi.h
-@@ -658,6 +658,12 @@ typedef struct {
- 	u64 table;
- } efi_config_table_64_t;
- 
-+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
-+    EFI_GUID(  0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
-+
-+#define EFI_SHIM_LOCK_GUID \
-+    EFI_GUID(  0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
-+
- typedef struct {
- 	efi_guid_t guid;
- 	u32 table;
 diff --git a/init/Kconfig b/init/Kconfig
-index e5449d5aeff9..5408c96f6604 100644
+index 461ad575a608..93646fd7b1c8 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1979,6 +1979,15 @@ config MODULE_SIG_ALL
+@@ -2009,6 +2009,15 @@ config MODULE_SIG_ALL
  comment "Do not forget to sign required modules with scripts/sign-file"
  	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
  
@@ -101,7 +83,7 @@ index e5449d5aeff9..5408c96f6604 100644
  	prompt "Which hash algorithm should modules be signed with?"
  	depends on MODULE_SIG
 diff --git a/kernel/Makefile b/kernel/Makefile
-index e2ec54e2b952..8dab549985d8 100644
+index eb26e12c6c2a..e0c2268cb97e 100644
 --- a/kernel/Makefile
 +++ b/kernel/Makefile
 @@ -57,6 +57,7 @@ endif
@@ -227,5 +209,5 @@ index 000000000000..fe4a6f2bf10a
 +}
 +late_initcall(load_uefi_certs);
 -- 
-2.5.5
+2.9.3
 

MODSIGN-Support-not-importing-certs-from-db.patch

@@ -1,7 +1,7 @@
-From 7ce860189df19a38176c1510f4e5615bf35495c1 Mon Sep 17 00:00:00 2001
+From 9d2e5c61d5adcf7911f67ed44a1b0ff881f175bb Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Thu, 3 Oct 2013 10:14:23 -0400
-Subject: [PATCH 2/2] MODSIGN: Support not importing certs from db
+Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
 
 If a user tells shim to not use the certs/hashes in the UEFI db variable
 for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 31 insertions(+), 9 deletions(-)
 
 diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
-index 03f601a0052c..321c79a3b282 100644
+index fe4a6f2bf10a..a41da14b1ffd 100644
 --- a/kernel/modsign_uefi.c
 +++ b/kernel/modsign_uefi.c
 @@ -8,6 +8,23 @@
@@ -82,5 +82,5 @@ index 03f601a0052c..321c79a3b282 100644
  
  	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
 -- 
-2.5.5
+2.9.3
 

PCI-Lock-down-BAR-access-when-module-security-is-ena.patch

@@ -1,7 +1,8 @@
-From 6f756b32a45b022428e33ce20181e874c73ca82e Mon Sep 17 00:00:00 2001
+From 03a4ad09f20944e1917abfd24d1d0e5f107a2861 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
-Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
+Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
+ enabled
 
 Any hardware that can potentially generate DMA has to be locked down from
 userspace in order to avoid it being possible for an attacker to modify
@@ -17,7 +18,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  3 files changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index bcd10c7..a950301 100644
+index bcd10c795284..a950301496f3 100644
 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
 @@ -30,6 +30,7 @@
@@ -59,7 +60,7 @@ index bcd10c7..a950301 100644
  }
  
 diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
-index 2408abe..59f321c 100644
+index 2408abe4ee8c..59f321c56c18 100644
 --- a/drivers/pci/proc.c
 +++ b/drivers/pci/proc.c
 @@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
@@ -92,7 +93,7 @@ index 2408abe..59f321c 100644
  
  	/* Make sure the caller is mapping a real resource for this device */
 diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
-index b91c4da..98f5637 100644
+index b91c4da68365..98f5637304d1 100644
 --- a/drivers/pci/syscall.c
 +++ b/drivers/pci/syscall.c
 @@ -10,6 +10,7 @@
@@ -113,5 +114,5 @@ index b91c4da..98f5637 100644
  
  	dev = pci_get_bus_and_slot(bus, dfn);
 -- 
-2.9.2
+2.9.3
 

Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch

@@ -1,7 +1,7 @@
-From 3dfb34906e9e57e70bd497ee21e8d59325c841d2 Mon Sep 17 00:00:00 2001
+From 9f31204f829da97f99f7aacf30f0ddc26e456df7 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
-Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
+Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
  restricted
 
 Allowing users to write to address space makes it possible for the kernel
@@ -14,10 +14,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 6 insertions(+)
 
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 5bb1985..74ee6a4 100644
+index 7f1a7ab5850d..d6a6f05fbc1c 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
-@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
+@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
  	if (p != *ppos)
  		return -EFBIG;
  
@@ -27,7 +27,7 @@ index 5bb1985..74ee6a4 100644
  	if (!valid_phys_addr_range(p, count))
  		return -EFAULT;
  
-@@ -515,6 +518,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
+@@ -516,6 +519,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
  	if (!pfn_valid(PFN_DOWN(p)))
  		return -EIO;
  
@@ -38,5 +38,5 @@ index 5bb1985..74ee6a4 100644
  		unsigned long to_write = min_t(unsigned long, count,
  					       (unsigned long)high_memory - p);
 -- 
-2.7.4
+2.9.3
 

acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch

@@ -1,4 +1,4 @@
-From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
+From ee880324686af8bb212fc088495ea528e3042cd6 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
 Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 739a4a6b3b9b..9ef2a020a7a9 100644
+index 416953a42510..4887e343c7fd 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
 @@ -40,6 +40,7 @@
@@ -25,7 +25,7 @@ index 739a4a6b3b9b..9ef2a020a7a9 100644
  
  #include <asm/io.h>
  #include <asm/uaccess.h>
-@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
+@@ -191,7 +192,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
  acpi_physical_address __init acpi_os_get_root_pointer(void)
  {
  #ifdef CONFIG_KEXEC
@@ -35,5 +35,5 @@ index 739a4a6b3b9b..9ef2a020a7a9 100644
  #endif
  
 -- 
-2.4.3
+2.9.3
 

asus-wmi-Restrict-debugfs-interface-when-module-load.patch

@@ -1,4 +1,4 @@
-From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
+From ebbd8d01acdf472594f7e43e9a4274745c402e8e Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
 Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
@@ -16,10 +16,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
-index efbc3f0c592b..071171be4b7f 100644
+index ce6ca31a2d09..55d23994d6a2 100644
 --- a/drivers/platform/x86/asus-wmi.c
 +++ b/drivers/platform/x86/asus-wmi.c
-@@ -1868,6 +1868,9 @@ static int show_dsts(struct seq_file *m, void *data)
+@@ -1872,6 +1872,9 @@ static int show_dsts(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -29,7 +29,7 @@ index efbc3f0c592b..071171be4b7f 100644
  	err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
  
  	if (err < 0)
-@@ -1884,6 +1887,9 @@ static int show_devs(struct seq_file *m, void *data)
+@@ -1888,6 +1891,9 @@ static int show_devs(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -39,7 +39,7 @@ index efbc3f0c592b..071171be4b7f 100644
  	err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
  				    &retval);
  
-@@ -1908,6 +1914,9 @@ static int show_call(struct seq_file *m, void *data)
+@@ -1912,6 +1918,9 @@ static int show_call(struct seq_file *m, void *data)
  	union acpi_object *obj;
  	acpi_status status;
  
@@ -50,5 +50,5 @@ index efbc3f0c592b..071171be4b7f 100644
  				     1, asus->debug.method_id,
  				     &input, &output);
 -- 
-2.4.3
+2.9.3
 

efi-Add-EFI_SECURE_BOOT-bit.patch

@@ -1,7 +1,7 @@
-From 04e65e01058ed6357b932e64b19e4bf762f04970 Mon Sep 17 00:00:00 2001
+From a8883aff32f1e15b65e210462804aa2a9ab9a0b6 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
-Subject: [PATCH 2/9] efi: Add EFI_SECURE_BOOT bit
+Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
 
 UEFI machines can be booted in Secure Boot mode.  Add a EFI_SECURE_BOOT bit
 for use with efi_enabled.
@@ -13,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index bdb9881c7afd..a666b6c29c77 100644
+index d40e961753c9..b93183336674 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1154,7 +1154,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
  
  #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
  	if (boot_params.secure_boot) {
@@ -27,10 +27,10 @@ index bdb9881c7afd..a666b6c29c77 100644
  #endif
  
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index c2db3ca22217..8cb38cfcba74 100644
+index ce943d5accfd..5af91b58afae 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -1062,6 +1062,7 @@ extern int __init efi_setup_pcdp_console(char *);
+@@ -1046,6 +1046,7 @@ extern int __init efi_setup_pcdp_console(char *);
  #define EFI_ARCH_1		7	/* First arch-specific bit */
  #define EFI_DBG			8	/* Print additional debug info at runtime */
  #define EFI_NX_PE_DATA		9	/* Can runtime data regions be mapped non-executable? */
@@ -39,5 +39,5 @@ index c2db3ca22217..8cb38cfcba74 100644
  #ifdef CONFIG_EFI
  /*
 -- 
-2.5.5
+2.9.3
 

efi-Add-SHIM-and-image-security-database-GUID-defini.patch

@@ -0,0 +1,31 @@
+From 3a9fe1504e08824d894bb3a804c6a313f5d1be8a Mon Sep 17 00:00:00 2001
+From: Josh Boyer <jwboyer@fedoraproject.org>
+Date: Tue, 25 Oct 2016 12:54:11 -0400
+Subject: [PATCH 11/20] efi: Add SHIM and image security database GUID
+ definitions
+
+Add the definitions for shim and image security database, both of which
+are used widely in various Linux distros.
+
+Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
+---
+ include/linux/efi.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/include/linux/efi.h b/include/linux/efi.h
+index 2d089487d2da..ce943d5accfd 100644
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -592,6 +592,9 @@ void efi_native_runtime_setup(void);
+ #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID	EFI_GUID(0xdcfa911d, 0x26eb, 0x469f,  0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20)
+ #define EFI_CONSOLE_OUT_DEVICE_GUID		EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4,  0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d)
+ 
++#define EFI_IMAGE_SECURITY_DATABASE_GUID	EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
++#define EFI_SHIM_LOCK_GUID				EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
++
+ /*
+  * This GUID is used to pass to the kernel proper the struct screen_info
+  * structure that was populated by the stub based on the GOP protocol instance
+-- 
+2.9.3
+

efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch

@@ -1,7 +1,7 @@
-From 0a5c52b9eb4918fb2bee43bacc3521b574334cff Mon Sep 17 00:00:00 2001
+From d687d79620ea20511b2dbf77e74fdcf4d94981f9 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 5 Feb 2013 19:25:05 -0500
-Subject: [PATCH 1/9] efi: Disable secure boot if shim is in insecure mode
+Subject: [PATCH 12/20] efi: Disable secure boot if shim is in insecure mode
 
 A user can manually tell the shim boot loader to disable validation of
 images it loads.  When a user does this, it creates a UEFI variable called
@@ -15,10 +15,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 19 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 6b8b9a775b46..b3a5364d31c6 100644
+index ebc85c1eefd6..50e027f388d8 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
-@@ -574,8 +574,9 @@ free_handle:
+@@ -540,8 +540,9 @@ static void setup_efi_pci(struct boot_params *params)
  
  static int get_secure_boot(void)
  {
@@ -29,7 +29,7 @@ index 6b8b9a775b46..b3a5364d31c6 100644
  	efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
  	efi_status_t status;
  
-@@ -599,6 +600,23 @@ static int get_secure_boot(void)
+@@ -565,6 +566,23 @@ static int get_secure_boot(void)
  	if (setup == 1)
  		return 0;
  
@@ -54,5 +54,5 @@ index 6b8b9a775b46..b3a5364d31c6 100644
  }
  
 -- 
-2.5.5
+2.9.3
 

hibernate-Disable-in-a-signed-modules-environment.patch

@@ -1,7 +1,7 @@
-From e07815cf02eadb245fa60359133b122f9ffe9045 Mon Sep 17 00:00:00 2001
+From 6c56c15ec618a508b0eca98571780a8b7114cb92 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
-Subject: [PATCH 3/9] hibernate: Disable in a signed modules environment
+Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
 
 There is currently no way to verify the resume image when returning
 from hibernate.  This might compromise the signed modules trust model,
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index fca9254280ee..ffd8644078b2 100644
+index b26dbc48c75b..ab187ad3fc61 100644
 --- a/kernel/power/hibernate.c
 +++ b/kernel/power/hibernate.c
 @@ -29,6 +29,7 @@
@@ -25,7 +25,7 @@ index fca9254280ee..ffd8644078b2 100644
  #include <trace/events/power.h>
  
  #include "power.h"
-@@ -66,7 +67,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
+@@ -67,7 +68,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
  
  bool hibernation_available(void)
  {
@@ -35,5 +35,5 @@ index fca9254280ee..ffd8644078b2 100644
  
  /**
 -- 
-2.5.5
+2.9.3
 

kernel.spec

@@ -549,7 +549,9 @@ Patch481: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
 
 Patch482: Add-option-to-automatically-enforce-module-signature.patch
 
-Patch483: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
+Patch483: efi-Add-SHIM-and-image-security-database-GUID-defini.patch
+
+Patch484: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
 
 Patch485: efi-Add-EFI_SECURE_BOOT-bit.patch
 
@@ -2147,6 +2149,9 @@ fi
 #
 #
 %changelog
+* Thu Oct 27 2016 Josh Boyer <jwboyer@fedoraproject.org>
+- Refresh SB patchset to fix bisectability issue
+
 * Thu Oct 27 2016 Justin M. Forbes <jforbes@fedoraproject.org>
 - CVE-2016-9083 CVE-2016-9084 vfio multiple flaws (rhbz 1389258 1389259 1389285)
 

kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch

@@ -1,7 +1,7 @@
-From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
+From 85968a9f0b3f05c56d4ac4002748f3412a9baab0 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 03:33:56 -0400
-Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
+Subject: [PATCH 08/20] kexec: Disable at runtime if the kernel enforces module
  loading restrictions
 
 kexec permits the loading and execution of arbitrary code in ring 0, which
@@ -14,10 +14,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 8 insertions(+)
 
 diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 4c5edc357923..db431971dbd4 100644
+index 980936a90ee6..fce28bf7d5d7 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
-@@ -10,6 +10,7 @@
+@@ -12,6 +12,7 @@
  #include <linux/mm.h>
  #include <linux/file.h>
  #include <linux/kexec.h>
@@ -25,7 +25,7 @@ index 4c5edc357923..db431971dbd4 100644
  #include <linux/mutex.h>
  #include <linux/list.h>
  #include <linux/syscalls.h>
-@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+@@ -194,6 +195,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
  		return -EPERM;
  
  	/*
@@ -40,5 +40,5 @@ index 4c5edc357923..db431971dbd4 100644
  	 * This leaves us room for future extensions.
  	 */
 -- 
-2.4.3
+2.9.3
 

x86-Lock-down-IO-port-access-when-module-security-is.patch

@@ -1,7 +1,8 @@
-From 8010b5eb4680df797575e6306d4d891200e303ab Mon Sep 17 00:00:00 2001
+From e7817a96c7ef1b502dba6f70b75f9e8993a8750b Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
-Subject: [PATCH] x86: Lock down IO port access when module security is enabled
+Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
+ enabled
 
 IO port access would permit users to gain access to PCI configuration
 registers, which in turn (on a lot of hardware) give access to MMIO register
@@ -45,10 +46,10 @@ index 589b3193f102..ab8372443efb 100644
  	}
  	regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 71025c2f6bbb..86e5bfa91563 100644
+index 5bb1985ec484..7f1a7ab5850d 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
-@@ -27,6 +27,7 @@
+@@ -28,6 +28,7 @@
  #include <linux/export.h>
  #include <linux/io.h>
  #include <linux/uio.h>
@@ -56,7 +57,7 @@ index 71025c2f6bbb..86e5bfa91563 100644
  
  #include <linux/uaccess.h>
  
-@@ -577,6 +578,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
+@@ -580,6 +581,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
  	unsigned long i = *ppos;
  	const char __user *tmp = buf;
  
@@ -67,5 +68,5 @@ index 71025c2f6bbb..86e5bfa91563 100644
  		return -EFAULT;
  	while (count-- > 0 && i < 65536) {
 -- 
-2.5.5
+2.9.3
 

x86-Restrict-MSR-access-when-module-loading-is-restr.patch

@@ -1,4 +1,4 @@
-From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
+From 85539b332c79fbce1b9f371ff1a2a8d489e65110 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
 Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
@@ -15,10 +15,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 7 insertions(+)
 
 diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 113e70784854..26c2f83fc470 100644
+index 7f3550acde1b..963ba4011923 100644
 --- a/arch/x86/kernel/msr.c
 +++ b/arch/x86/kernel/msr.c
-@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
+@@ -83,6 +83,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
  	int err = 0;
  	ssize_t bytes = 0;
  
@@ -28,7 +28,7 @@ index 113e70784854..26c2f83fc470 100644
  	if (count % 8)
  		return -EINVAL;	/* Invalid chunk size */
  
-@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
+@@ -130,6 +133,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
  			err = -EBADF;
  			break;
  		}
@@ -40,5 +40,5 @@ index 113e70784854..26c2f83fc470 100644
  			err = -EFAULT;
  			break;
 -- 
-2.4.3
+2.9.3