Linux v4.11.12

Bring back /dev/port (rhbz 1471429 1451220)

0001-ACPI-LPSS-Only-call-pwm_add_table-for-the-first-PWM-.patch

@@ -0,0 +1,70 @@
+From 92fe05e58babf15d7ddadfccd8bc383ea7e46e55 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 5 Jul 2017 22:02:59 +0200
+Subject: [PATCH] ACPI / LPSS: Only call pwm_add_table for the first PWM
+ controller
+
+At least on the UP board SBC both PWMs are enabled leading to us
+trying to add the same pwm_lookup twice, which leads to the following:
+
+[    0.902224] list_add double add: new=ffffffffb8efd400,
+               prev=ffffffffb8efd400, next=ffffffffb8eeede0.
+[    0.912466] ------------[ cut here ]------------
+[    0.917624] kernel BUG at lib/list_debug.c:31!
+[    0.922588] invalid opcode: 0000 [#1] SMP
+...
+[    1.027450] Call Trace:
+[    1.030185]  pwm_add_table+0x4c/0x90
+[    1.034181]  bsw_pwm_setup+0x1a/0x20
+[    1.038175]  acpi_lpss_create_device+0xfe/0x420
+...
+
+This commit fixes this by only calling pwm_add_table for the first
+PWM controller (which is the one used for the backlight).
+
+Cc: stable@vger.kernel.org
+BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1458599
+Fixes: bf7696a12071 ("acpi: lpss: call pwm_add_table() for BSW...")
+Fixes: 04434ab5120a ("ACPI / LPSS: Call pwm_add_table() for Bay Trail...")
+[labbott@redhat.com: Rebase to 4.11]
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/acpi/acpi_lpss.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c
+index 5edfd9c..d973e56 100644
+--- a/drivers/acpi/acpi_lpss.c
++++ b/drivers/acpi/acpi_lpss.c
+@@ -85,6 +85,7 @@ static const struct lpss_device_desc lpss_dma_desc = {
+ };
+ 
+ struct lpss_private_data {
++	struct acpi_device *adev;
+ 	void __iomem *mmio_base;
+ 	resource_size_t mmio_size;
+ 	unsigned int fixed_clk_rate;
+@@ -164,6 +165,12 @@ static struct pwm_lookup bsw_pwm_lookup[] = {
+ 
+ static void bsw_pwm_setup(struct lpss_private_data *pdata)
+ {
++	struct acpi_device *adev = pdata->adev;
++
++	/* Only call pwm_add_table for the first PWM controller */
++	if (!adev->pnp.unique_id || strcmp(adev->pnp.unique_id, "1"))
++		return;
++
+ 	pwm_add_table(bsw_pwm_lookup, ARRAY_SIZE(bsw_pwm_lookup));
+ }
+ 
+@@ -439,6 +446,7 @@ static int acpi_lpss_create_device(struct acpi_device *adev,
+ 		goto err_out;
+ 	}
+ 
++	pdata->adev = adev;
+ 	pdata->dev_desc = dev_desc;
+ 
+ 	if (dev_desc->setup)
+-- 
+2.7.5
+

0001-SUNRPC-Refactor-svc_set_num_threads.patch

@@ -0,0 +1,156 @@
+From 9e0d87680d689f1758185851c3da6eafb16e71e1 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+Date: Wed, 26 Apr 2017 11:55:26 -0400
+Subject: [PATCH] SUNRPC: Refactor svc_set_num_threads()
+
+Refactor to separate out the functions of starting and stopping threads
+so that they can be used in other helpers.
+
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Tested-and-reviewed-by: Kinglong Mee <kinglongmee@gmail.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+---
+ net/sunrpc/svc.c | 96 ++++++++++++++++++++++++++++++++++----------------------
+ 1 file changed, 58 insertions(+), 38 deletions(-)
+
+diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
+index a08aeb5..98dc33a 100644
+--- a/net/sunrpc/svc.c
++++ b/net/sunrpc/svc.c
+@@ -702,59 +702,32 @@ choose_victim(struct svc_serv *serv, struct svc_pool *pool, unsigned int *state)
+ 	return task;
+ }
+
+-/*
+- * Create or destroy enough new threads to make the number
+- * of threads the given number.  If `pool' is non-NULL, applies
+- * only to threads in that pool, otherwise round-robins between
+- * all pools.  Caller must ensure that mutual exclusion between this and
+- * server startup or shutdown.
+- *
+- * Destroying threads relies on the service threads filling in
+- * rqstp->rq_task, which only the nfs ones do.  Assumes the serv
+- * has been created using svc_create_pooled().
+- *
+- * Based on code that used to be in nfsd_svc() but tweaked
+- * to be pool-aware.
+- */
+-int
+-svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
++/* create new threads */
++static int
++svc_start_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
+ {
+ 	struct svc_rqst	*rqstp;
+ 	struct task_struct *task;
+ 	struct svc_pool *chosen_pool;
+-	int error = 0;
+ 	unsigned int state = serv->sv_nrthreads-1;
+ 	int node;
+
+-	if (pool == NULL) {
+-		/* The -1 assumes caller has done a svc_get() */
+-		nrservs -= (serv->sv_nrthreads-1);
+-	} else {
+-		spin_lock_bh(&pool->sp_lock);
+-		nrservs -= pool->sp_nrthreads;
+-		spin_unlock_bh(&pool->sp_lock);
+-	}
+-
+-	/* create new threads */
+-	while (nrservs > 0) {
++	do {
+ 		nrservs--;
+ 		chosen_pool = choose_pool(serv, pool, &state);
+
+ 		node = svc_pool_map_get_node(chosen_pool->sp_id);
+ 		rqstp = svc_prepare_thread(serv, chosen_pool, node);
+-		if (IS_ERR(rqstp)) {
+-			error = PTR_ERR(rqstp);
+-			break;
+-		}
++		if (IS_ERR(rqstp))
++			return PTR_ERR(rqstp);
+
+ 		__module_get(serv->sv_ops->svo_module);
+ 		task = kthread_create_on_node(serv->sv_ops->svo_function, rqstp,
+ 					      node, "%s", serv->sv_name);
+ 		if (IS_ERR(task)) {
+-			error = PTR_ERR(task);
+ 			module_put(serv->sv_ops->svo_module);
+ 			svc_exit_thread(rqstp);
+-			break;
++			return PTR_ERR(task);
+ 		}
+
+ 		rqstp->rq_task = task;
+@@ -763,15 +736,62 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
+
+ 		svc_sock_update_bufs(serv);
+ 		wake_up_process(task);
+-	}
++	} while (nrservs > 0);
++
++	return 0;
++}
++
++
++/* destroy old threads */
++static int
++svc_signal_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
++{
++	struct task_struct *task;
++	unsigned int state = serv->sv_nrthreads-1;
++
+ 	/* destroy old threads */
+-	while (nrservs < 0 &&
+-	       (task = choose_victim(serv, pool, &state)) != NULL) {
++	do {
++		task = choose_victim(serv, pool, &state);
++		if (task == NULL)
++			break;
+ 		send_sig(SIGINT, task, 1);
+ 		nrservs++;
++	} while (nrservs < 0);
++
++	return 0;
++}
++
++/*
++ * Create or destroy enough new threads to make the number
++ * of threads the given number.  If `pool' is non-NULL, applies
++ * only to threads in that pool, otherwise round-robins between
++ * all pools.  Caller must ensure that mutual exclusion between this and
++ * server startup or shutdown.
++ *
++ * Destroying threads relies on the service threads filling in
++ * rqstp->rq_task, which only the nfs ones do.  Assumes the serv
++ * has been created using svc_create_pooled().
++ *
++ * Based on code that used to be in nfsd_svc() but tweaked
++ * to be pool-aware.
++ */
++int
++svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
++{
++	if (pool == NULL) {
++		/* The -1 assumes caller has done a svc_get() */
++		nrservs -= (serv->sv_nrthreads-1);
++	} else {
++		spin_lock_bh(&pool->sp_lock);
++		nrservs -= pool->sp_nrthreads;
++		spin_unlock_bh(&pool->sp_lock);
+ 	}
+
+-	return error;
++	if (nrservs > 0)
++		return svc_start_kthreads(serv, pool, nrservs);
++	if (nrservs < 0)
++		return svc_signal_kthreads(serv, pool, nrservs);
++	return 0;
+ }
+ EXPORT_SYMBOL_GPL(svc_set_num_threads);
+
+-- 
+2.9.4
+

0001-iio-Use-event-header-from-kernel-tree.patch

@@ -0,0 +1,64 @@
+From 0eadbb65c0026fb4eec89c54f6b48a0febd87f92 Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott@redhat.com>
+Date: Fri, 9 Sep 2016 08:19:17 -0700
+Subject: [PATCH] iio: Use type header from kernel tree
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+To: Jonathan Cameron <jic23@kernel.org>
+To: Hartmut Knaack <knaack.h@gmx.de>
+To: Lars-Peter Clausen <lars@metafoo.de>
+To: Peter Meerwald-Stadler <pmeerw@pmeerw.net>
+Cc: linux-iio@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+
+
+The iio tools have been updated as new event types have been added to
+the kernel. The tools currently use the standard system headers which
+means that the system may not have the newest defintitions. This leads
+to build failures when building newer tools on older hosts:
+
+gcc -Wall -g -D_GNU_SOURCE   -c -o iio_event_monitor.o
+iio_event_monitor.c
+iio_event_monitor.c:59:3: error: ‘IIO_UVINDEX’ undeclared here (not in a
+function)
+  [IIO_UVINDEX] = "uvindex",
+   ^~~~~~~~~~~
+iio_event_monitor.c:59:3: error: array index in initializer not of
+integer type
+iio_event_monitor.c:59:3: note: (near initialization for
+‘iio_chan_type_name_spec’)
+iio_event_monitor.c:97:3: error: ‘IIO_MOD_LIGHT_UV’ undeclared here (not
+in a function)
+  [IIO_MOD_LIGHT_UV] = "uv",
+   ^~~~~~~~~~~~~~~~
+iio_event_monitor.c:97:3: error: array index in initializer not of
+integer type
+iio_event_monitor.c:97:3: note: (near initialization for
+‘iio_modifier_names’)
+<builtin>: recipe for target 'iio_event_monitor.o' failed
+
+Switch to using the header from the kernel tree to ensure the newest
+defintions are always picked up.
+
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+---
+ tools/iio/iio_event_monitor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/iio/iio_event_monitor.c b/tools/iio/iio_event_monitor.c
+index d9b7e0f..f02523d 100644
+--- a/tools/iio/iio_event_monitor.c
++++ b/tools/iio/iio_event_monitor.c
+@@ -26,7 +26,7 @@
+ #include <sys/ioctl.h>
+ #include "iio_utils.h"
+ #include <linux/iio/events.h>
+-#include <linux/iio/types.h>
++#include "../../include/uapi/linux/iio/types.h"
+ 
+ static const char * const iio_chan_type_name_spec[] = {
+ 	[IIO_VOLTAGE] = "voltage",
+-- 
+2.7.4
+

0001-ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch

@@ -0,0 +1,54 @@
+From 6399f1fae4ec29fab5ec76070435555e256ca3a6 Mon Sep 17 00:00:00 2001
+From: Sabrina Dubroca <sd@queasysnail.net>
+Date: Wed, 19 Jul 2017 22:28:55 +0200
+Subject: [PATCH] ipv6: avoid overflow of offset in ip6_find_1stfragopt
+
+In some cases, offset can overflow and can cause an infinite loop in
+ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and
+cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.
+
+This problem has been here since before the beginning of git history.
+
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv6/output_core.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
+index e9065b8..abb2c30 100644
+--- a/net/ipv6/output_core.c
++++ b/net/ipv6/output_core.c
+@@ -78,7 +78,7 @@ EXPORT_SYMBOL(ipv6_select_ident);
+
+ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
+ {
+-	u16 offset = sizeof(struct ipv6hdr);
++	unsigned int offset = sizeof(struct ipv6hdr);
+ 	unsigned int packet_len = skb_tail_pointer(skb) -
+ 		skb_network_header(skb);
+ 	int found_rhdr = 0;
+@@ -86,6 +86,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
+
+ 	while (offset <= packet_len) {
+ 		struct ipv6_opt_hdr *exthdr;
++		unsigned int len;
+
+ 		switch (**nexthdr) {
+
+@@ -111,7 +112,10 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
+
+ 		exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
+ 						 offset);
+-		offset += ipv6_optlen(exthdr);
++		len = ipv6_optlen(exthdr);
++		if (len + offset >= IPV6_MAXPLEN)
++			return -EINVAL;
++		offset += len;
+ 		*nexthdr = &exthdr->nexthdr;
+ 	}
+
+-- 
+2.9.4
+

0001-mm-CONFIG_NR_ZONES_EXTENDED.patch

@@ -1,173 +0,0 @@
-From 8b368e8e961944105945fbe36f3f264252bfd19a Mon Sep 17 00:00:00 2001
-From: Dan Williams <dan.j.williams@intel.com>
-Date: Thu, 25 Feb 2016 01:02:30 +0000
-Subject: [PATCH] mm: CONFIG_NR_ZONES_EXTENDED
-
-ZONE_DEVICE (merged in 4.3) and ZONE_CMA (proposed) are examples of new mm
-zones that are bumping up against the current maximum limit of 4 zones,
-i.e.  2 bits in page->flags.  When adding a zone this equation still needs
-to be satisified:
-
-    SECTIONS_WIDTH + ZONES_WIDTH + NODES_SHIFT + LAST_CPUPID_SHIFT
-	  <= BITS_PER_LONG - NR_PAGEFLAGS
-
-ZONE_DEVICE currently tries to satisfy this equation by requiring that
-ZONE_DMA be disabled, but this is untenable given generic kernels want to
-support ZONE_DEVICE and ZONE_DMA simultaneously.  ZONE_CMA would like to
-increase the amount of memory covered per section, but that limits the
-minimum granularity at which consecutive memory ranges can be added via
-devm_memremap_pages().
-
-The trade-off of what is acceptable to sacrifice depends heavily on the
-platform.  For example, ZONE_CMA is targeted for 32-bit platforms where
-page->flags is constrained, but those platforms likely do not care about
-the minimum granularity of memory hotplug.  A big iron machine with 1024
-numa nodes can likely sacrifice ZONE_DMA where a general purpose
-distribution kernel can not.
-
-CONFIG_NR_ZONES_EXTENDED is a configuration symbol that gets selected when
-the number of configured zones exceeds 4.  It documents the configuration
-symbols and definitions that get modified when ZONES_WIDTH is greater than
-2.
-
-For now, it steals a bit from NODES_SHIFT.  Later on it can be used to
-document the definitions that get modified when a 32-bit configuration
-wants more zone bits.
-
-Note that GFP_ZONE_TABLE poses an interesting constraint since
-include/linux/gfp.h gets included by the 32-bit portion of a 64-bit build.
-We need to be careful to only build the table for zones that have a
-corresponding gfp_t flag.  GFP_ZONES_SHIFT is introduced for this purpose.
-This patch does not attempt to solve the problem of adding a new zone
-that also has a corresponding GFP_ flag.
-
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=110931
-Fixes: 033fbae988fc ("mm: ZONE_DEVICE for "device memory"")
-Signed-off-by: Dan Williams <dan.j.williams@intel.com>
-Reported-by: Mark <markk@clara.co.uk>
-Cc: Mel Gorman <mgorman@suse.de>
-Cc: Rik van Riel <riel@redhat.com>
-Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
-Cc: Dave Hansen <dave.hansen@linux.intel.com>
-Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
----
- arch/x86/Kconfig                  |  6 ++++--
- include/linux/gfp.h               | 33 ++++++++++++++++++++-------------
- include/linux/page-flags-layout.h |  2 ++
- mm/Kconfig                        |  7 +++++--
- 4 files changed, 31 insertions(+), 17 deletions(-)
-
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 3fef519..b94704a 100644
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -1409,8 +1409,10 @@ config NUMA_EMU
- 
- config NODES_SHIFT
- 	int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
--	range 1 10
--	default "10" if MAXSMP
-+	range 1 10 if !NR_ZONES_EXTENDED
-+	range 1 9 if NR_ZONES_EXTENDED
-+	default "10" if MAXSMP && !NR_ZONES_EXTENDED
-+	default "9" if MAXSMP && NR_ZONES_EXTENDED
- 	default "6" if X86_64
- 	default "3"
- 	depends on NEED_MULTIPLE_NODES
-diff --git a/include/linux/gfp.h b/include/linux/gfp.h
-index af1f2b2..d201d8a 100644
---- a/include/linux/gfp.h
-+++ b/include/linux/gfp.h
-@@ -329,22 +329,29 @@ static inline bool gfpflags_allow_blocking(const gfp_t gfp_flags)
-  *       0xe    => BAD (MOVABLE+DMA32+HIGHMEM)
-  *       0xf    => BAD (MOVABLE+DMA32+HIGHMEM+DMA)
-  *
-- * ZONES_SHIFT must be <= 2 on 32 bit platforms.
-+ * GFP_ZONES_SHIFT must be <= 2 on 32 bit platforms.
-  */
- 
--#if 16 * ZONES_SHIFT > BITS_PER_LONG
--#error ZONES_SHIFT too large to create GFP_ZONE_TABLE integer
-+#if defined(CONFIG_ZONE_DEVICE) && (MAX_NR_ZONES-1) <= 4
-+/* ZONE_DEVICE is not a valid GFP zone specifier */
-+#define GFP_ZONES_SHIFT 2
-+#else
-+#define GFP_ZONES_SHIFT ZONES_SHIFT
-+#endif
-+
-+#if 16 * GFP_ZONES_SHIFT > BITS_PER_LONG
-+#error GFP_ZONES_SHIFT too large to create GFP_ZONE_TABLE integer
- #endif
- 
- #define GFP_ZONE_TABLE ( \
--	(ZONE_NORMAL << 0 * ZONES_SHIFT)				      \
--	| (OPT_ZONE_DMA << ___GFP_DMA * ZONES_SHIFT)			      \
--	| (OPT_ZONE_HIGHMEM << ___GFP_HIGHMEM * ZONES_SHIFT)		      \
--	| (OPT_ZONE_DMA32 << ___GFP_DMA32 * ZONES_SHIFT)		      \
--	| (ZONE_NORMAL << ___GFP_MOVABLE * ZONES_SHIFT)			      \
--	| (OPT_ZONE_DMA << (___GFP_MOVABLE | ___GFP_DMA) * ZONES_SHIFT)	      \
--	| (ZONE_MOVABLE << (___GFP_MOVABLE | ___GFP_HIGHMEM) * ZONES_SHIFT)   \
--	| (OPT_ZONE_DMA32 << (___GFP_MOVABLE | ___GFP_DMA32) * ZONES_SHIFT)   \
-+	(ZONE_NORMAL << 0 * GFP_ZONES_SHIFT)					\
-+	| (OPT_ZONE_DMA << ___GFP_DMA * GFP_ZONES_SHIFT)			\
-+	| (OPT_ZONE_HIGHMEM << ___GFP_HIGHMEM * GFP_ZONES_SHIFT)		\
-+	| (OPT_ZONE_DMA32 << ___GFP_DMA32 * GFP_ZONES_SHIFT)		      	\
-+	| (ZONE_NORMAL << ___GFP_MOVABLE * GFP_ZONES_SHIFT)			\
-+	| (OPT_ZONE_DMA << (___GFP_MOVABLE | ___GFP_DMA) * GFP_ZONES_SHIFT)	\
-+	| (ZONE_MOVABLE << (___GFP_MOVABLE | ___GFP_HIGHMEM) * GFP_ZONES_SHIFT)	\
-+	| (OPT_ZONE_DMA32 << (___GFP_MOVABLE | ___GFP_DMA32) * GFP_ZONES_SHIFT)	\
- )
- 
- /*
-@@ -369,8 +376,8 @@ static inline enum zone_type gfp_zone(gfp_t flags)
- 	enum zone_type z;
- 	int bit = (__force int) (flags & GFP_ZONEMASK);
- 
--	z = (GFP_ZONE_TABLE >> (bit * ZONES_SHIFT)) &
--					 ((1 << ZONES_SHIFT) - 1);
-+	z = (GFP_ZONE_TABLE >> (bit * GFP_ZONES_SHIFT)) &
-+					 ((1 << GFP_ZONES_SHIFT) - 1);
- 	VM_BUG_ON((GFP_ZONE_BAD >> bit) & 1);
- 	return z;
- }
-diff --git a/include/linux/page-flags-layout.h b/include/linux/page-flags-layout.h
-index da52366..77b078c 100644
---- a/include/linux/page-flags-layout.h
-+++ b/include/linux/page-flags-layout.h
-@@ -17,6 +17,8 @@
- #define ZONES_SHIFT 1
- #elif MAX_NR_ZONES <= 4
- #define ZONES_SHIFT 2
-+#elif MAX_NR_ZONES <= 8
-+#define ZONES_SHIFT 3
- #else
- #error ZONES_SHIFT -- too many zones configured adjust calculation
- #endif
-diff --git a/mm/Kconfig b/mm/Kconfig
-index 031a329..7826216 100644
---- a/mm/Kconfig
-+++ b/mm/Kconfig
-@@ -652,8 +652,6 @@ config IDLE_PAGE_TRACKING
- 
- config ZONE_DEVICE
- 	bool "Device memory (pmem, etc...) hotplug support"
--	default !ZONE_DMA
--	depends on !ZONE_DMA
- 	depends on MEMORY_HOTPLUG
- 	depends on MEMORY_HOTREMOVE
- 	depends on X86_64 #arch_add_memory() comprehends device memory
-@@ -667,5 +665,10 @@ config ZONE_DEVICE
- 
- 	  If FS_DAX is enabled, then say Y.
- 
-+config NR_ZONES_EXTENDED
-+	bool
-+	default n if !64BIT
-+	default y if ZONE_DEVICE && ZONE_DMA && ZONE_DMA32
-+
- config FRAME_VECTOR
- 	bool
--- 
-2.5.0
-

0001-platform-x86-thinkpad_acpi-guard-generic-hotkey-case.patch

@@ -0,0 +1,71 @@
+From 6bb84c0f9da1144e0d443798a76d5769b7d554af Mon Sep 17 00:00:00 2001
+From: Christian Kellner <christian@kellner.me>
+Date: Tue, 28 Feb 2017 17:10:56 +0100
+Subject: [PATCH 1/2] platform/x86: thinkpad_acpi: guard generic hotkey case
+
+Currently when dispatching hotkeys we check if the scancode is in
+the range of 0 and TPACPI_HOTKEY_MAP_LEN, although the bottom 20
+entries in the hotkey keymap are already adaptive keycodes.
+Therefore we introduce a TP_ACPI_HOTKEYSCAN_ADAPTIVE_START and
+ensure that we are in the range 0 and ADAPTIVE_START for the generic
+keycode case.
+
+Signed-off-by: Christian Kellner <ckellner@redhat.com>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+Acked-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+---
+ drivers/platform/x86/thinkpad_acpi.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
+index 1d18b32..e2b962f 100644
+--- a/drivers/platform/x86/thinkpad_acpi.c
++++ b/drivers/platform/x86/thinkpad_acpi.c
+@@ -1922,7 +1922,9 @@ enum {	/* hot key scan codes (derived from ACPI DSDT) */
+ 	TP_ACPI_HOTKEYSCAN_UNK7,
+ 	TP_ACPI_HOTKEYSCAN_UNK8,
+ 
+-	TP_ACPI_HOTKEYSCAN_MUTE2,
++	/* Adaptive keyboard keycodes */
++	TP_ACPI_HOTKEYSCAN_ADAPTIVE_START,
++	TP_ACPI_HOTKEYSCAN_MUTE2        = TP_ACPI_HOTKEYSCAN_ADAPTIVE_START,
+ 	TP_ACPI_HOTKEYSCAN_BRIGHTNESS_ZERO,
+ 	TP_ACPI_HOTKEYSCAN_CLIPPING_TOOL,
+ 	TP_ACPI_HOTKEYSCAN_CLOUD,
+@@ -3656,7 +3658,6 @@ static const int adaptive_keyboard_modes[] = {
+ #define DFR_CHANGE_ROW			0x101
+ #define DFR_SHOW_QUICKVIEW_ROW		0x102
+ #define FIRST_ADAPTIVE_KEY		0x103
+-#define ADAPTIVE_KEY_OFFSET		0x020
+ 
+ /* press Fn key a while second, it will switch to Function Mode. Then
+  * release Fn key, previous mode be restored.
+@@ -3747,12 +3748,13 @@ static bool adaptive_keyboard_hotkey_notify_hotkey(unsigned int scancode)
+ 	default:
+ 		if (scancode < FIRST_ADAPTIVE_KEY ||
+ 		    scancode >= FIRST_ADAPTIVE_KEY + TPACPI_HOTKEY_MAP_LEN -
+-				ADAPTIVE_KEY_OFFSET) {
++				TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) {
+ 			pr_info("Unhandled adaptive keyboard key: 0x%x\n",
+ 					scancode);
+ 			return false;
+ 		}
+-		keycode = hotkey_keycode_map[scancode - FIRST_ADAPTIVE_KEY + ADAPTIVE_KEY_OFFSET];
++		keycode = hotkey_keycode_map[scancode - FIRST_ADAPTIVE_KEY +
++					     TP_ACPI_HOTKEYSCAN_ADAPTIVE_START];
+ 		if (keycode != KEY_RESERVED) {
+ 			mutex_lock(&tpacpi_inputdev_send_mutex);
+ 
+@@ -3778,7 +3780,7 @@ static bool hotkey_notify_hotkey(const u32 hkey,
+ 	*ignore_acpi_ev = false;
+ 
+ 	/* HKEY event 0x1001 is scancode 0x00 */
+-	if (scancode > 0 && scancode <= TPACPI_HOTKEY_MAP_LEN) {
++	if (scancode > 0 && scancode <= TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) {
+ 		scancode--;
+ 		if (!(hotkey_source_mask & (1 << scancode))) {
+ 			tpacpi_input_send_key_masked(scancode);
+-- 
+2.9.4
+

0001-vsock-Fix-blocking-ops-call-in-prepare_to_wait.patch

@@ -1,170 +0,0 @@
-From b5671c331cc2e78c83fc826a69dff461903c0fd5 Mon Sep 17 00:00:00 2001
-From: Laura Abbott <labbott@fedoraproject.org>
-Date: Mon, 25 Jan 2016 15:10:02 -0800
-Subject: [PATCHv2] vsock: Fix blocking ops call in prepare_to_wait
-To: "David S. Miller" <davem@davemloft.net>
-Cc: netdev@vger.kernel.org
-Cc: linux-kernel@vger.kernel.org
-To: Aditya Asarwade <asarwade@vmware.com>
-To: Thomas Hellstrom <thellstrom@vmware.com>
-To: Jorgen Hansen <jhansen@vmware.com>
-
-We receoved a bug report from someone using vmware:
-
-WARNING: CPU: 3 PID: 660 at kernel/sched/core.c:7389
-__might_sleep+0x7d/0x90()
-do not call blocking ops when !TASK_RUNNING; state=1 set at
-[<ffffffff810fa68d>] prepare_to_wait+0x2d/0x90
-Modules linked in: vmw_vsock_vmci_transport vsock snd_seq_midi
-snd_seq_midi_event snd_ens1371 iosf_mbi gameport snd_rawmidi
-snd_ac97_codec ac97_bus snd_seq coretemp snd_seq_device snd_pcm
-snd_timer snd soundcore ppdev crct10dif_pclmul crc32_pclmul
-ghash_clmulni_intel vmw_vmci vmw_balloon i2c_piix4 shpchp parport_pc
-parport acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc btrfs
-xor raid6_pq 8021q garp stp llc mrp crc32c_intel serio_raw mptspi vmwgfx
-drm_kms_helper ttm drm scsi_transport_spi mptscsih e1000 ata_generic
-mptbase pata_acpi
-CPU: 3 PID: 660 Comm: vmtoolsd Not tainted
-4.2.0-0.rc1.git3.1.fc23.x86_64 #1
-Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop
-Reference Platform, BIOS 6.00 05/20/2014
- 0000000000000000 0000000049e617f3 ffff88006ac37ac8 ffffffff818641f5
- 0000000000000000 ffff88006ac37b20 ffff88006ac37b08 ffffffff810ab446
- ffff880068009f40 ffffffff81c63bc0 0000000000000061 0000000000000000
-Call Trace:
- [<ffffffff818641f5>] dump_stack+0x4c/0x65
- [<ffffffff810ab446>] warn_slowpath_common+0x86/0xc0
- [<ffffffff810ab4d5>] warn_slowpath_fmt+0x55/0x70
- [<ffffffff8112551d>] ? debug_lockdep_rcu_enabled+0x1d/0x20
- [<ffffffff810fa68d>] ? prepare_to_wait+0x2d/0x90
- [<ffffffff810fa68d>] ? prepare_to_wait+0x2d/0x90
- [<ffffffff810da2bd>] __might_sleep+0x7d/0x90
- [<ffffffff812163b3>] __might_fault+0x43/0xa0
- [<ffffffff81430477>] copy_from_iter+0x87/0x2a0
- [<ffffffffa039460a>] __qp_memcpy_to_queue+0x9a/0x1b0 [vmw_vmci]
- [<ffffffffa0394740>] ? qp_memcpy_to_queue+0x20/0x20 [vmw_vmci]
- [<ffffffffa0394757>] qp_memcpy_to_queue_iov+0x17/0x20 [vmw_vmci]
- [<ffffffffa0394d50>] qp_enqueue_locked+0xa0/0x140 [vmw_vmci]
- [<ffffffffa039593f>] vmci_qpair_enquev+0x4f/0xd0 [vmw_vmci]
- [<ffffffffa04847bb>] vmci_transport_stream_enqueue+0x1b/0x20
-[vmw_vsock_vmci_transport]
- [<ffffffffa047ae05>] vsock_stream_sendmsg+0x2c5/0x320 [vsock]
- [<ffffffff810fabd0>] ? wake_atomic_t_function+0x70/0x70
- [<ffffffff81702af8>] sock_sendmsg+0x38/0x50
- [<ffffffff81702ff4>] SYSC_sendto+0x104/0x190
- [<ffffffff8126e25a>] ? vfs_read+0x8a/0x140
- [<ffffffff817042ee>] SyS_sendto+0xe/0x10
- [<ffffffff8186d9ae>] entry_SYSCALL_64_fastpath+0x12/0x76
-
-transport->stream_enqueue may call copy_to_user so it should
-not be called inside a prepare_to_wait. Narrow the scope of
-the prepare_to_wait to avoid the bad call. This also applies
-to vsock_stream_recvmsg as well.
-
-Reported-by: Vinson Lee <vlee@freedesktop.org>
-Tested-by: Vinson Lee <vlee@freedesktop.org>
-Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
----
-v2: fix same issue in recvmsg path as well.
----
- net/vmw_vsock/af_vsock.c | 19 ++++++-------------
- 1 file changed, 6 insertions(+), 13 deletions(-)
-
-diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
-index 7fd1220..bbe65dc 100644
---- a/net/vmw_vsock/af_vsock.c
-+++ b/net/vmw_vsock/af_vsock.c
-@@ -1557,8 +1557,6 @@ static int vsock_stream_sendmsg(struct socket *sock, struct msghdr *msg,
- 	if (err < 0)
- 		goto out;
- 
--	prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
--
- 	while (total_written < len) {
- 		ssize_t written;
- 
-@@ -1578,7 +1576,9 @@ static int vsock_stream_sendmsg(struct socket *sock, struct msghdr *msg,
- 				goto out_wait;
- 
- 			release_sock(sk);
-+			prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
- 			timeout = schedule_timeout(timeout);
-+			finish_wait(sk_sleep(sk), &wait);
- 			lock_sock(sk);
- 			if (signal_pending(current)) {
- 				err = sock_intr_errno(timeout);
-@@ -1588,8 +1588,6 @@ static int vsock_stream_sendmsg(struct socket *sock, struct msghdr *msg,
- 				goto out_wait;
- 			}
- 
--			prepare_to_wait(sk_sleep(sk), &wait,
--					TASK_INTERRUPTIBLE);
- 		}
- 
- 		/* These checks occur both as part of and after the loop
-@@ -1635,7 +1633,6 @@ static int vsock_stream_sendmsg(struct socket *sock, struct msghdr *msg,
- out_wait:
- 	if (total_written > 0)
- 		err = total_written;
--	finish_wait(sk_sleep(sk), &wait);
- out:
- 	release_sock(sk);
- 	return err;
-@@ -1716,7 +1713,6 @@ vsock_stream_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
- 	if (err < 0)
- 		goto out;
- 
--	prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
- 
- 	while (1) {
- 		s64 ready = vsock_stream_has_data(vsk);
-@@ -1727,7 +1723,7 @@ vsock_stream_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
- 			 */
- 
- 			err = -ENOMEM;
--			goto out_wait;
-+			goto out;
- 		} else if (ready > 0) {
- 			ssize_t read;
- 
-@@ -1750,7 +1746,7 @@ vsock_stream_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
- 					vsk, target, read,
- 					!(flags & MSG_PEEK), &recv_data);
- 			if (err < 0)
--				goto out_wait;
-+				goto out;
- 
- 			if (read >= target || flags & MSG_PEEK)
- 				break;
-@@ -1773,7 +1769,9 @@ vsock_stream_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
- 				break;
- 
- 			release_sock(sk);
-+			prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
- 			timeout = schedule_timeout(timeout);
-+			finish_wait(sk_sleep(sk), &wait);
- 			lock_sock(sk);
- 
- 			if (signal_pending(current)) {
-@@ -1783,9 +1781,6 @@ vsock_stream_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
- 				err = -EAGAIN;
- 				break;
- 			}
--
--			prepare_to_wait(sk_sleep(sk), &wait,
--					TASK_INTERRUPTIBLE);
- 		}
- 	}
- 
-@@ -1816,8 +1811,6 @@ vsock_stream_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
- 		err = copied;
- 	}
- 
--out_wait:
--	finish_wait(sk_sleep(sk), &wait);
- out:
- 	release_sock(sk);
- 	return err;
--- 
-2.5.0
-

0002-NFSv4-Fix-callback-server-shutdown.patch

@@ -0,0 +1,155 @@
+From ed6473ddc704a2005b9900ca08e236ebb2d8540a Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+Date: Wed, 26 Apr 2017 11:55:27 -0400
+Subject: [PATCH] NFSv4: Fix callback server shutdown
+
+We want to use kthread_stop() in order to ensure the threads are
+shut down before we tear down the nfs_callback_info in nfs_callback_down.
+
+Tested-and-reviewed-by: Kinglong Mee <kinglongmee@gmail.com>
+Reported-by: Kinglong Mee <kinglongmee@gmail.com>
+Fixes: bb6aeba736ba9 ("NFSv4.x: Switch to using svc_set_num_threads()...")
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+---
+ fs/nfs/callback.c          | 24 ++++++++++++++++--------
+ include/linux/sunrpc/svc.h |  1 +
+ net/sunrpc/svc.c           | 38 ++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 55 insertions(+), 8 deletions(-)
+
+diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
+index c5e27eb..73a1f92 100644
+--- a/fs/nfs/callback.c
++++ b/fs/nfs/callback.c
+@@ -76,7 +76,10 @@ nfs4_callback_svc(void *vrqstp)
+
+ 	set_freezable();
+
+-	while (!kthread_should_stop()) {
++	while (!kthread_freezable_should_stop(NULL)) {
++
++		if (signal_pending(current))
++			flush_signals(current);
+ 		/*
+ 		 * Listen for a request on the socket
+ 		 */
+@@ -85,6 +88,8 @@ nfs4_callback_svc(void *vrqstp)
+ 			continue;
+ 		svc_process(rqstp);
+ 	}
++	svc_exit_thread(rqstp);
++	module_put_and_exit(0);
+ 	return 0;
+ }
+
+@@ -103,9 +108,10 @@ nfs41_callback_svc(void *vrqstp)
+
+ 	set_freezable();
+
+-	while (!kthread_should_stop()) {
+-		if (try_to_freeze())
+-			continue;
++	while (!kthread_freezable_should_stop(NULL)) {
++
++		if (signal_pending(current))
++			flush_signals(current);
+
+ 		prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
+ 		spin_lock_bh(&serv->sv_cb_lock);
+@@ -121,11 +127,13 @@ nfs41_callback_svc(void *vrqstp)
+ 				error);
+ 		} else {
+ 			spin_unlock_bh(&serv->sv_cb_lock);
+-			schedule();
++			if (!kthread_should_stop())
++				schedule();
+ 			finish_wait(&serv->sv_cb_waitq, &wq);
+ 		}
+-		flush_signals(current);
+ 	}
++	svc_exit_thread(rqstp);
++	module_put_and_exit(0);
+ 	return 0;
+ }
+
+@@ -221,14 +229,14 @@ static int nfs_callback_up_net(int minorversion, struct svc_serv *serv,
+ static struct svc_serv_ops nfs40_cb_sv_ops = {
+ 	.svo_function		= nfs4_callback_svc,
+ 	.svo_enqueue_xprt	= svc_xprt_do_enqueue,
+-	.svo_setup		= svc_set_num_threads,
++	.svo_setup		= svc_set_num_threads_sync,
+ 	.svo_module		= THIS_MODULE,
+ };
+ #if defined(CONFIG_NFS_V4_1)
+ static struct svc_serv_ops nfs41_cb_sv_ops = {
+ 	.svo_function		= nfs41_callback_svc,
+ 	.svo_enqueue_xprt	= svc_xprt_do_enqueue,
+-	.svo_setup		= svc_set_num_threads,
++	.svo_setup		= svc_set_num_threads_sync,
+ 	.svo_module		= THIS_MODULE,
+ };
+
+diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
+index 6ef19cf..9463102 100644
+--- a/include/linux/sunrpc/svc.h
++++ b/include/linux/sunrpc/svc.h
+@@ -473,6 +473,7 @@ void		   svc_pool_map_put(void);
+ struct svc_serv *  svc_create_pooled(struct svc_program *, unsigned int,
+ 			struct svc_serv_ops *);
+ int		   svc_set_num_threads(struct svc_serv *, struct svc_pool *, int);
++int		   svc_set_num_threads_sync(struct svc_serv *, struct svc_pool *, int);
+ int		   svc_pool_stats_open(struct svc_serv *serv, struct file *file);
+ void		   svc_destroy(struct svc_serv *);
+ void		   svc_shutdown_net(struct svc_serv *, struct net *);
+diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
+index 98dc33a..bc0f5a0 100644
+--- a/net/sunrpc/svc.c
++++ b/net/sunrpc/svc.c
+@@ -795,6 +795,44 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
+ }
+ EXPORT_SYMBOL_GPL(svc_set_num_threads);
+
++/* destroy old threads */
++static int
++svc_stop_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
++{
++	struct task_struct *task;
++	unsigned int state = serv->sv_nrthreads-1;
++
++	/* destroy old threads */
++	do {
++		task = choose_victim(serv, pool, &state);
++		if (task == NULL)
++			break;
++		kthread_stop(task);
++		nrservs++;
++	} while (nrservs < 0);
++	return 0;
++}
++
++int
++svc_set_num_threads_sync(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
++{
++	if (pool == NULL) {
++		/* The -1 assumes caller has done a svc_get() */
++		nrservs -= (serv->sv_nrthreads-1);
++	} else {
++		spin_lock_bh(&pool->sp_lock);
++		nrservs -= pool->sp_nrthreads;
++		spin_unlock_bh(&pool->sp_lock);
++	}
++
++	if (nrservs > 0)
++		return svc_start_kthreads(serv, pool, nrservs);
++	if (nrservs < 0)
++		return svc_stop_kthreads(serv, pool, nrservs);
++	return 0;
++}
++EXPORT_SYMBOL_GPL(svc_set_num_threads_sync);
++
+ /*
+  * Called from a server thread as it's exiting. Caller must hold the "service
+  * mutex" for the service.
+-- 
+2.9.4
+

0002-platform-x86-thinkpad_acpi-add-mapping-for-new-hotke.patch

@@ -0,0 +1,158 @@
+From 82e71b57b1b4347126b1ffd7b2beed2bc8b795bd Mon Sep 17 00:00:00 2001
+From: Christian Kellner <christian@kellner.me>
+Date: Tue, 28 Feb 2017 17:10:57 +0100
+Subject: [PATCH 2/2] platform/x86: thinkpad_acpi: add mapping for new hotkeys
+
+The T470, X270 emits new hkey events in the 0x1311 - 0x1315 range.
+According to the user manual they should launch a user selected
+favorite application (star icon, 0x1311), snipping tool (0x1312,
+currently ignored), enable/disable bluetooth (0x1314) and open they
+keyboard settings (0x1315).
+
+The third nibble (0xf00) is used to differentiate between the original
+hotkeys, the adaptive keyboard codes and the new, additional ones.
+
+Signed-off-by: Christian Kellner <ckellner@redhat.com>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+Acked-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+---
+ drivers/platform/x86/thinkpad_acpi.c | 91 +++++++++++++++++++++++++++++++-----
+ 1 file changed, 79 insertions(+), 12 deletions(-)
+
+diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
+index e2b962f..7b6cb0c 100644
+--- a/drivers/platform/x86/thinkpad_acpi.c
++++ b/drivers/platform/x86/thinkpad_acpi.c
+@@ -1945,6 +1945,15 @@ enum {	/* hot key scan codes (derived from ACPI DSDT) */
+ 	TP_ACPI_HOTKEYSCAN_CAMERA_MODE,
+ 	TP_ACPI_HOTKEYSCAN_ROTATE_DISPLAY,
+ 
++	/* Lenovo extended keymap, starting at 0x1300 */
++	TP_ACPI_HOTKEYSCAN_EXTENDED_START,
++	/* first new observed key (star, favorites) is 0x1311 */
++	TP_ACPI_HOTKEYSCAN_STAR = 69,
++	TP_ACPI_HOTKEYSCAN_CLIPPING_TOOL2,
++	TP_ACPI_HOTKEYSCAN_UNK25,
++	TP_ACPI_HOTKEYSCAN_BLUETOOTH,
++	TP_ACPI_HOTKEYSCAN_KEYBOARD,
++
+ 	/* Hotkey keymap size */
+ 	TPACPI_HOTKEY_MAP_LEN
+ };
+@@ -3252,6 +3261,15 @@ static int __init hotkey_init(struct ibm_init_struct *iibm)
+ 		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
+ 		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
+ 		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++
++		/* No assignment, used for newer Lenovo models */
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN
++
+ 		},
+ 
+ 	/* Generic keymap for Lenovo ThinkPads */
+@@ -3337,6 +3355,29 @@ static int __init hotkey_init(struct ibm_init_struct *iibm)
+ 		KEY_RESERVED,        /* Microphone cancellation */
+ 		KEY_RESERVED,        /* Camera mode */
+ 		KEY_RESERVED,        /* Rotate display, 0x116 */
++
++		/*
++		 * These are found in 2017 models (e.g. T470s, X270).
++		 * The lowest known value is 0x311, which according to
++		 * the manual should launch a user defined favorite
++		 * application.
++		 *
++		 * The offset for these is TP_ACPI_HOTKEYSCAN_EXTENDED_START,
++		 * corresponding to 0x34.
++		 */
++
++		/* (assignments unknown, please report if found) */
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN,
++		KEY_UNKNOWN,
++
++		KEY_FAVORITES,       /* Favorite app, 0x311 */
++		KEY_RESERVED,        /* Clipping tool */
++		KEY_RESERVED,
++		KEY_BLUETOOTH,       /* Bluetooth */
++		KEY_KEYBOARD         /* Keyboard, 0x315 */
+ 		},
+ 	};
+ 
+@@ -3747,8 +3788,9 @@ static bool adaptive_keyboard_hotkey_notify_hotkey(unsigned int scancode)
+ 
+ 	default:
+ 		if (scancode < FIRST_ADAPTIVE_KEY ||
+-		    scancode >= FIRST_ADAPTIVE_KEY + TPACPI_HOTKEY_MAP_LEN -
+-				TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) {
++		    scancode >= FIRST_ADAPTIVE_KEY +
++		    TP_ACPI_HOTKEYSCAN_EXTENDED_START -
++		    TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) {
+ 			pr_info("Unhandled adaptive keyboard key: 0x%x\n",
+ 					scancode);
+ 			return false;
+@@ -3779,19 +3821,44 @@ static bool hotkey_notify_hotkey(const u32 hkey,
+ 	*send_acpi_ev = true;
+ 	*ignore_acpi_ev = false;
+ 
+-	/* HKEY event 0x1001 is scancode 0x00 */
+-	if (scancode > 0 && scancode <= TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) {
+-		scancode--;
+-		if (!(hotkey_source_mask & (1 << scancode))) {
+-			tpacpi_input_send_key_masked(scancode);
+-			*send_acpi_ev = false;
+-		} else {
+-			*ignore_acpi_ev = true;
++	/*
++	 * Original events are in the 0x10XX range, the adaptive keyboard
++	 * found in 2014 X1 Carbon emits events are of 0x11XX. In 2017
++	 * models, additional keys are emitted through 0x13XX.
++	 */
++	switch ((hkey >> 8) & 0xf) {
++	case 0:
++		if (scancode > 0 &&
++		    scancode <= TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) {
++			/* HKEY event 0x1001 is scancode 0x00 */
++			scancode--;
++			if (!(hotkey_source_mask & (1 << scancode))) {
++				tpacpi_input_send_key_masked(scancode);
++				*send_acpi_ev = false;
++			} else {
++				*ignore_acpi_ev = true;
++			}
++			return true;
+ 		}
+-		return true;
+-	} else {
++		break;
++
++	case 1:
+ 		return adaptive_keyboard_hotkey_notify_hotkey(scancode);
++
++	case 3:
++		/* Extended keycodes start at 0x300 and our offset into the map
++		 * TP_ACPI_HOTKEYSCAN_EXTENDED_START. The calculated scancode
++		 * will be positive, but might not be in the correct range.
++		 */
++		scancode -= (0x300 - TP_ACPI_HOTKEYSCAN_EXTENDED_START);
++		if (scancode >= TP_ACPI_HOTKEYSCAN_EXTENDED_START &&
++		    scancode < TPACPI_HOTKEY_MAP_LEN) {
++			tpacpi_input_send_key(scancode);
++			return true;
++		}
++		break;
+ 	}
++
+ 	return false;
+ }
+ 
+-- 
+2.9.4
+

2-2-nvme-Quirk-APST-on-Intel-600P-P3100-devices.patch

@@ -0,0 +1,33 @@
+From 596bbd8d3752b0a922b7a5a059f47607a36ecc2e Mon Sep 17 00:00:00 2001
+From: Andrew Lutomirski <luto@kernel.org>
+Date: Wed, 24 May 2017 15:06:31 -0700
+Subject: [PATCH] nvme: Quirk APST on Intel 600P/P3100 devices
+
+They have known firmware bugs.  A fix is apparently in the works --
+once fixed firmware is available, someone from Intel (Hi, Keith!)
+can adjust the quirk accordingly.
+
+Cc: stable@vger.kernel.org # v4.11
+Cc: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Cc: Mario Limonciello <mario_limonciello@dell.com>
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+---
+ drivers/nvme/host/pci.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
+index d8a1707..993d16c 100644
+--- a/drivers/nvme/host/pci.c
++++ b/drivers/nvme/host/pci.c
+@@ -2171,6 +2171,8 @@ static const struct pci_device_id nvme_id_table[] = {
+ 	{ PCI_VDEVICE(INTEL, 0x0a54),
+ 		.driver_data = NVME_QUIRK_STRIPE_SIZE |
+ 				NVME_QUIRK_DISCARD_ZEROES, },
++	{ PCI_VDEVICE(INTEL, 0xf1a5),	/* Intel 600P/P3100 */
++		.driver_data = NVME_QUIRK_NO_DEEPEST_PS },
+ 	{ PCI_VDEVICE(INTEL, 0x5845),	/* Qemu emulated controller */
+ 		.driver_data = NVME_QUIRK_IDENTIFY_CNS, },
+ 	{ PCI_DEVICE(0x1c58, 0x0003),	/* HGST adapter */
+-- 
+2.7.5
+

ACPI-Limit-access-to-custom_method.patch

@@ -1,31 +0,0 @@
-From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Fri, 9 Mar 2012 08:39:37 -0500
-Subject: [PATCH 04/20] ACPI: Limit access to custom_method
-
-custom_method effectively allows arbitrary access to system memory, making
-it possible for an attacker to circumvent restrictions on module loading.
-Disable it if any such restrictions have been enabled.
-
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
----
- drivers/acpi/custom_method.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
-index c68e72414a67..4277938af700 100644
---- a/drivers/acpi/custom_method.c
-+++ b/drivers/acpi/custom_method.c
-@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
- 	struct acpi_table_header table;
- 	acpi_status status;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	if (!(*ppos)) {
- 		/* parse the table header to get the table length */
- 		if (count <= sizeof(struct acpi_table_header))
--- 
-2.4.3
-

Add-EFI-signature-data-types.patch

@@ -1,4 +1,4 @@
-From 47f6b5c281137394d627e275cb80980492d00d84 Mon Sep 17 00:00:00 2001
+From ba3f737b8521314b62edaa7d4cc4bdc9aeefe394 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:30:54 -0400
 Subject: [PATCH 15/20] Add EFI signature data types
@@ -11,29 +11,26 @@ Upstream-status: Fedora mustard for now
 
 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- include/linux/efi.h | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
+ include/linux/efi.h | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
 
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 4dc970e..82d6218 100644
+index 5af91b58afae..190858d62fe3 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -599,6 +599,12 @@ void efi_native_runtime_setup(void);
- #define EFI_PROPERTIES_TABLE_GUID \
-     EFI_GUID(  0x880aaca3, 0x4adc, 0x4a04, 0x90, 0x79, 0xb7, 0x47, 0x34, 0x08, 0x25, 0xe5 )
+@@ -603,6 +603,9 @@ void efi_native_runtime_setup(void);
+ #define LINUX_EFI_LOADER_ENTRY_GUID		EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf,  0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
+ #define LINUX_EFI_RANDOM_SEED_TABLE_GUID	EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2,  0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b)
  
-+#define EFI_CERT_SHA256_GUID \
-+    EFI_GUID(  0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
-+
-+#define EFI_CERT_X509_GUID \
-+    EFI_GUID(  0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
++#define EFI_CERT_SHA256_GUID			EFI_GUID(0xc1c41626, 0x504c, 0x4092,  0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
++#define EFI_CERT_X509_GUID			EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7,  0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
 +
  typedef struct {
  	efi_guid_t guid;
  	u64 table;
-@@ -823,6 +829,20 @@ typedef struct {
- 
- #define EFI_INVALID_TABLE_ADDR		(~0UL)
+@@ -853,6 +856,20 @@ typedef struct {
+ 	efi_memory_desc_t entry[0];
+ } efi_memory_attributes_table_t;
  
 +typedef struct  {
 +	efi_guid_t signature_owner;
@@ -53,5 +50,5 @@ index 4dc970e..82d6218 100644
   * All runtime access to EFI goes through this structure:
   */
 -- 
-2.5.0
+2.9.3
 

Add-an-EFI-signature-blob-parser-and-key-loader.patch

@@ -1,4 +1,4 @@
-From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
+From 822b4b3eb76ca451a416a51f0a7bfedfa5c5ea39 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:36:28 -0400
 Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
@@ -6,20 +6,21 @@ Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
 X.509 certificates are loaded into the specified keyring as asymmetric type
 keys.
 
+[labbott@fedoraproject.org: Drop KEY_ALLOC_TRUSTED]
 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
  crypto/asymmetric_keys/Kconfig      |   8 +++
  crypto/asymmetric_keys/Makefile     |   1 +
- crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
+ crypto/asymmetric_keys/efi_parser.c | 108 ++++++++++++++++++++++++++++++++++++
  include/linux/efi.h                 |   4 ++
- 4 files changed, 122 insertions(+)
+ 4 files changed, 121 insertions(+)
  create mode 100644 crypto/asymmetric_keys/efi_parser.c
 
 diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
-index 4870f28403f5..4a1b50d73b80 100644
+index 331f6baf2df8..5f9002d3192e 100644
 --- a/crypto/asymmetric_keys/Kconfig
 +++ b/crypto/asymmetric_keys/Kconfig
-@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION
+@@ -61,4 +61,12 @@ config SIGNED_PE_FILE_VERIFICATION
  	  This option provides support for verifying the signature(s) on a
  	  signed PE binary.
  
@@ -33,23 +34,23 @@ index 4870f28403f5..4a1b50d73b80 100644
 +
  endif # ASYMMETRIC_KEY_TYPE
 diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
-index cd1406f9b14a..d9db380bbe53 100644
+index 6516855bec18..c099fe15ed6d 100644
 --- a/crypto/asymmetric_keys/Makefile
 +++ b/crypto/asymmetric_keys/Makefile
-@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
+@@ -10,6 +10,7 @@ asymmetric_keys-y := \
+ 	signature.o
  
  obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
- obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
 +obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
  
  #
  # X.509 Certificate handling
 diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
 new file mode 100644
-index 000000000000..424896a0b169
+index 000000000000..636feb18b733
 --- /dev/null
 +++ b/crypto/asymmetric_keys/efi_parser.c
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,108 @@
 +/* EFI signature/key/certificate list parser
 + *
 + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
@@ -140,8 +141,7 @@ index 000000000000..424896a0b169
 +				esize - sizeof(*elem),
 +				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
 +				KEY_USR_VIEW,
-+				KEY_ALLOC_NOT_IN_QUOTA |
-+				KEY_ALLOC_TRUSTED);
++				KEY_ALLOC_NOT_IN_QUOTA);
 +
 +			if (IS_ERR(key))
 +				pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
@@ -160,10 +160,10 @@ index 000000000000..424896a0b169
 +	return 0;
 +}
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index fac43c611614..414c3c3d988d 100644
+index 190858d62fe3..668aa1244885 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -941,6 +941,10 @@ extern bool efi_poweroff_required(void);
+@@ -1025,6 +1025,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
  char * __init efi_md_typeattr_format(char *buf, size_t size,
  				     const efi_memory_desc_t *md);
  
@@ -175,5 +175,5 @@ index fac43c611614..414c3c3d988d 100644
   * efi_range_is_wc - check the WC bit on an address range
   * @start: starting kvirt address
 -- 
-2.4.3
+2.9.3
 

Add-option-to-automatically-enforce-module-signature.patch

@@ -1,186 +0,0 @@
-From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Fri, 9 Aug 2013 18:36:30 -0400
-Subject: [PATCH 10/20] Add option to automatically enforce module signatures
- when in Secure Boot mode
-
-UEFI Secure Boot provides a mechanism for ensuring that the firmware will
-only load signed bootloaders and kernels. Certain use cases may also
-require that all kernel modules also be signed. Add a configuration option
-that enforces this automatically when enabled.
-
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
----
- Documentation/x86/zero-page.txt       |  2 ++
- arch/x86/Kconfig                      | 10 ++++++++++
- arch/x86/boot/compressed/eboot.c      | 36 +++++++++++++++++++++++++++++++++++
- arch/x86/include/uapi/asm/bootparam.h |  3 ++-
- arch/x86/kernel/setup.c               |  6 ++++++
- include/linux/module.h                |  6 ++++++
- kernel/module.c                       |  7 +++++++
- 7 files changed, 69 insertions(+), 1 deletion(-)
-
-diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
-index 95a4d34af3fd..b8527c6b7646 100644
---- a/Documentation/x86/zero-page.txt
-+++ b/Documentation/x86/zero-page.txt
-@@ -31,6 +31,8 @@ Offset	Proto	Name		Meaning
- 1E9/001	ALL	eddbuf_entries	Number of entries in eddbuf (below)
- 1EA/001	ALL	edd_mbr_sig_buf_entries	Number of entries in edd_mbr_sig_buffer
- 				(below)
-+1EB/001	ALL     kbd_status      Numlock is enabled
-+1EC/001	ALL     secure_boot	Secure boot is enabled in the firmware
- 1EF/001	ALL	sentinel	Used to detect broken bootloaders
- 290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
- 2D0/A00	ALL	e820_map	E820 memory map table
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index cc0d73eac047..14db458f4774 100644
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -1734,6 +1734,16 @@ config EFI_MIXED
- 
- 	   If unsure, say N.
- 
-+config EFI_SECURE_BOOT_SIG_ENFORCE
-+        def_bool n
-+	prompt "Force module signing when UEFI Secure Boot is enabled"
-+	---help---
-+	  UEFI Secure Boot provides a mechanism for ensuring that the
-+	  firmware will only load signed bootloaders and kernels. Certain
-+	  use cases may also require that all kernel modules also be signed.
-+	  Say Y here to automatically enable module signature enforcement
-+	  when a system boots with UEFI Secure Boot enabled.
-+
- config SECCOMP
- 	def_bool y
- 	prompt "Enable seccomp to safely compute untrusted bytecode"
-diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index ee1b6d346b98..b4de3faa3f29 100644
---- a/arch/x86/boot/compressed/eboot.c
-+++ b/arch/x86/boot/compressed/eboot.c
-@@ -12,6 +12,7 @@
- #include <asm/efi.h>
- #include <asm/setup.h>
- #include <asm/desc.h>
-+#include <asm/bootparam_utils.h>
- 
- #include "../string.h"
- #include "eboot.h"
-@@ -827,6 +828,37 @@ out:
- 	return status;
- }
- 
-+static int get_secure_boot(void)
-+{
-+	u8 sb, setup;
-+	unsigned long datasize = sizeof(sb);
-+	efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
-+	efi_status_t status;
-+
-+	status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
-+				L"SecureBoot", &var_guid, NULL, &datasize, &sb);
-+
-+	if (status != EFI_SUCCESS)
-+		return 0;
-+
-+	if (sb == 0)
-+		return 0;
-+
-+
-+	status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
-+				L"SetupMode", &var_guid, NULL, &datasize,
-+				&setup);
-+
-+	if (status != EFI_SUCCESS)
-+		return 0;
-+
-+	if (setup == 1)
-+		return 0;
-+
-+	return 1;
-+}
-+
-+
- /*
-  * See if we have Graphics Output Protocol
-  */
-@@ -1412,6 +1444,10 @@ struct boot_params *efi_main(struct efi_config *c,
- 	else
- 		setup_boot_services32(efi_early);
- 
-+	sanitize_boot_params(boot_params);
-+
-+	boot_params->secure_boot = get_secure_boot();
-+
- 	setup_graphics(boot_params);
- 
- 	setup_efi_pci(boot_params);
-diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
-index 329254373479..b61f8533c0fd 100644
---- a/arch/x86/include/uapi/asm/bootparam.h
-+++ b/arch/x86/include/uapi/asm/bootparam.h
-@@ -134,7 +134,8 @@ struct boot_params {
- 	__u8  eddbuf_entries;				/* 0x1e9 */
- 	__u8  edd_mbr_sig_buf_entries;			/* 0x1ea */
- 	__u8  kbd_status;				/* 0x1eb */
--	__u8  _pad5[3];					/* 0x1ec */
-+	__u8  secure_boot;				/* 0x1ec */
-+	__u8  _pad5[2];					/* 0x1ed */
- 	/*
- 	 * The sentinel is set to a nonzero value (0xff) in header.S.
- 	 *
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index baadbf90a7c5..1ac118146e90 100644
---- a/arch/x86/kernel/setup.c
-+++ b/arch/x86/kernel/setup.c
-@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
- 
- 	io_delay_init();
- 
-+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
-+	if (boot_params.secure_boot) {
-+		enforce_signed_modules();
-+	}
-+#endif
-+
- 	/*
- 	 * Parse the ACPI tables for possible boot-time SMP configuration.
- 	 */
-diff --git a/include/linux/module.h b/include/linux/module.h
-index db386349cd01..4b8df91f03cd 100644
---- a/include/linux/module.h
-+++ b/include/linux/module.h
-@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
- 
- struct notifier_block;
- 
-+#ifdef CONFIG_MODULE_SIG
-+extern void enforce_signed_modules(void);
-+#else
-+static inline void enforce_signed_modules(void) {};
-+#endif
-+
- #ifdef CONFIG_MODULES
- 
- extern int modules_disabled; /* for sysctl */
-diff --git a/kernel/module.c b/kernel/module.c
-index 7f045246e123..2b403ab0ef29 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
- EXPORT_SYMBOL(module_layout);
- #endif
- 
-+#ifdef CONFIG_MODULE_SIG
-+void enforce_signed_modules(void)
-+{
-+	sig_enforce = true;
-+}
-+#endif
-+
- bool secure_modules(void)
- {
- #ifdef CONFIG_MODULE_SIG
--- 
-2.4.3
-

Add-secure_modules-call.patch

@@ -1,63 +0,0 @@
-From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Fri, 9 Aug 2013 17:58:15 -0400
-Subject: [PATCH 01/20] Add secure_modules() call
-
-Provide a single call to allow kernel code to determine whether the system
-has been configured to either disable module loading entirely or to load
-only modules signed with a trusted key.
-
-Bugzilla: N/A
-Upstream-status: Fedora mustard.  Replaced by securelevels, but that was nak'd
-
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
----
- include/linux/module.h |  6 ++++++
- kernel/module.c        | 10 ++++++++++
- 2 files changed, 16 insertions(+)
-
-diff --git a/include/linux/module.h b/include/linux/module.h
-index 3a19c79918e0..db386349cd01 100644
---- a/include/linux/module.h
-+++ b/include/linux/module.h
-@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
- 	return module && module->async_probe_requested;
- }
- 
-+extern bool secure_modules(void);
-+
- #else /* !CONFIG_MODULES... */
- 
- /* Given an address, look for it in the exception tables. */
-@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
- 	return false;
- }
- 
-+static inline bool secure_modules(void)
-+{
-+	return false;
-+}
- #endif /* CONFIG_MODULES */
- 
- #ifdef CONFIG_SYSFS
-diff --git a/kernel/module.c b/kernel/module.c
-index b86b7bf1be38..7f045246e123 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
- }
- EXPORT_SYMBOL(module_layout);
- #endif
-+
-+bool secure_modules(void)
-+{
-+#ifdef CONFIG_MODULE_SIG
-+	return (sig_enforce || modules_disabled);
-+#else
-+	return modules_disabled;
-+#endif
-+}
-+EXPORT_SYMBOL(secure_modules);
--- 
-2.4.3
-

Add-sysrq-option-to-disable-secure-boot-mode.patch

@@ -1,246 +0,0 @@
-From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
-From: Kyle McMartin <kyle@redhat.com>
-Date: Fri, 30 Aug 2013 09:28:51 -0400
-Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
-
-Bugzilla: N/A
-Upstream-status: Fedora mustard
----
- arch/x86/kernel/setup.c     | 36 ++++++++++++++++++++++++++++++++++++
- drivers/input/misc/uinput.c |  1 +
- drivers/tty/sysrq.c         | 19 +++++++++++++------
- include/linux/input.h       |  5 +++++
- include/linux/sysrq.h       |  8 +++++++-
- kernel/debug/kdb/kdb_main.c |  2 +-
- kernel/module.c             |  2 +-
- 7 files changed, 64 insertions(+), 9 deletions(-)
-
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index f93826b8522c..41679b1aca83 100644
---- a/arch/x86/kernel/setup.c
-+++ b/arch/x86/kernel/setup.c
-@@ -70,6 +70,11 @@
- #include <linux/tboot.h>
- #include <linux/jiffies.h>
- 
-+#include <linux/fips.h>
-+#include <linux/cred.h>
-+#include <linux/sysrq.h>
-+#include <linux/init_task.h>
-+
- #include <video/edid.h>
- 
- #include <asm/mtrr.h>
-@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
- 
- #endif /* CONFIG_X86_32 */
- 
-+#ifdef CONFIG_MAGIC_SYSRQ
-+#ifdef CONFIG_MODULE_SIG
-+extern bool sig_enforce;
-+#endif
-+
-+static void sysrq_handle_secure_boot(int key)
-+{
-+	if (!efi_enabled(EFI_SECURE_BOOT))
-+		return;
-+
-+	pr_info("Secure boot disabled\n");
-+#ifdef CONFIG_MODULE_SIG
-+	sig_enforce = fips_enabled;
-+#endif
-+}
-+static struct sysrq_key_op secure_boot_sysrq_op = {
-+	.handler	=	sysrq_handle_secure_boot,
-+	.help_msg	=	"unSB(x)",
-+	.action_msg	=	"Disabling Secure Boot restrictions",
-+	.enable_mask	=	SYSRQ_DISABLE_USERSPACE,
-+};
-+static int __init secure_boot_sysrq(void)
-+{
-+	if (efi_enabled(EFI_SECURE_BOOT))
-+		register_sysrq_key('x', &secure_boot_sysrq_op);
-+	return 0;
-+}
-+late_initcall(secure_boot_sysrq);
-+#endif /*CONFIG_MAGIC_SYSRQ*/
-+
-+
- static struct notifier_block kernel_offset_notifier = {
- 	.notifier_call = dump_kernel_offset
- };
-diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
-index 345df9b03aed..dea6a6c4a39b 100644
---- a/drivers/input/misc/uinput.c
-+++ b/drivers/input/misc/uinput.c
-@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
- 	if (!udev->dev)
- 		return -ENOMEM;
- 
-+	udev->dev->flags |= INPUTDEV_FLAGS_SYNTHETIC;
- 	udev->dev->event = uinput_dev_event;
- 	input_set_drvdata(udev->dev, udev);
- 
-diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index 95b330a9ea98..dfa3e154a719 100644
---- a/drivers/tty/sysrq.c
-+++ b/drivers/tty/sysrq.c
-@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
- 	/* x: May be registered on mips for TLB dump */
- 	/* x: May be registered on ppc/powerpc for xmon */
- 	/* x: May be registered on sparc64 for global PMU dump */
-+	/* x: May be registered on x86_64 for disabling secure boot */
- 	NULL,				/* x */
- 	/* y: May be registered on sparc64 for global register dump */
- 	NULL,				/* y */
-@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
-                 sysrq_key_table[i] = op_p;
- }
- 
--void __handle_sysrq(int key, bool check_mask)
-+void __handle_sysrq(int key, int from)
- {
- 	struct sysrq_key_op *op_p;
- 	int orig_log_level;
-@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
- 
-         op_p = __sysrq_get_key_op(key);
-         if (op_p) {
-+		/* Ban synthetic events from some sysrq functionality */
-+		if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
-+		    op_p->enable_mask & SYSRQ_DISABLE_USERSPACE)
-+			printk("This sysrq operation is disabled from userspace.\n");
- 		/*
- 		 * Should we check for enabled operations (/proc/sysrq-trigger
- 		 * should not) and is the invoked operation enabled?
- 		 */
--		if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
-+		if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
- 			pr_cont("%s\n", op_p->action_msg);
- 			console_loglevel = orig_log_level;
- 			op_p->handler(key);
-@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
- void handle_sysrq(int key)
- {
- 	if (sysrq_on())
--		__handle_sysrq(key, true);
-+		__handle_sysrq(key, SYSRQ_FROM_KERNEL);
- }
- EXPORT_SYMBOL(handle_sysrq);
- 
-@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
- static void sysrq_handle_reset_request(struct sysrq_state *state)
- {
- 	if (state->reset_requested)
--		__handle_sysrq(sysrq_xlate[KEY_B], false);
-+		__handle_sysrq(sysrq_xlate[KEY_B], SYSRQ_FROM_KERNEL);
- 
- 	if (sysrq_reset_downtime_ms)
- 		mod_timer(&state->keyreset_timer,
-@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
- 
- 	default:
- 		if (sysrq->active && value && value != 2) {
-+			int from = sysrq->handle.dev->flags & INPUTDEV_FLAGS_SYNTHETIC ?
-+					SYSRQ_FROM_SYNTHETIC : 0;
- 			sysrq->need_reinject = false;
--			__handle_sysrq(sysrq_xlate[code], true);
-+			__handle_sysrq(sysrq_xlate[code], from);
- 		}
- 		break;
- 	}
-@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
- 
- 		if (get_user(c, buf))
- 			return -EFAULT;
--		__handle_sysrq(c, false);
-+		__handle_sysrq(c, SYSRQ_FROM_PROC);
- 	}
- 
- 	return count;
-diff --git a/include/linux/input.h b/include/linux/input.h
-index 82ce323b9986..9e534f228945 100644
---- a/include/linux/input.h
-+++ b/include/linux/input.h
-@@ -42,6 +42,7 @@ struct input_value {
-  * @phys: physical path to the device in the system hierarchy
-  * @uniq: unique identification code for the device (if device has it)
-  * @id: id of the device (struct input_id)
-+ * @flags: input device flags (SYNTHETIC, etc.)
-  * @propbit: bitmap of device properties and quirks
-  * @evbit: bitmap of types of events supported by the device (EV_KEY,
-  *	EV_REL, etc.)
-@@ -124,6 +125,8 @@ struct input_dev {
- 	const char *uniq;
- 	struct input_id id;
- 
-+	unsigned int flags;
-+
- 	unsigned long propbit[BITS_TO_LONGS(INPUT_PROP_CNT)];
- 
- 	unsigned long evbit[BITS_TO_LONGS(EV_CNT)];
-@@ -190,6 +193,8 @@ struct input_dev {
- };
- #define to_input_dev(d) container_of(d, struct input_dev, dev)
- 
-+#define	INPUTDEV_FLAGS_SYNTHETIC	0x000000001
-+
- /*
-  * Verify that we are in sync with input_device_id mod_devicetable.h #defines
-  */
-diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
-index 387fa7d05c98..4b07e30b3279 100644
---- a/include/linux/sysrq.h
-+++ b/include/linux/sysrq.h
-@@ -28,6 +28,8 @@
- #define SYSRQ_ENABLE_BOOT	0x0080
- #define SYSRQ_ENABLE_RTNICE	0x0100
- 
-+#define SYSRQ_DISABLE_USERSPACE	0x00010000
-+
- struct sysrq_key_op {
- 	void (*handler)(int);
- 	char *help_msg;
-@@ -42,8 +44,12 @@ struct sysrq_key_op {
-  * are available -- else NULL's).
-  */
- 
-+#define SYSRQ_FROM_KERNEL	0x0001
-+#define SYSRQ_FROM_PROC		0x0002
-+#define SYSRQ_FROM_SYNTHETIC	0x0004
-+
- void handle_sysrq(int key);
--void __handle_sysrq(int key, bool check_mask);
-+void __handle_sysrq(int key, int from);
- int register_sysrq_key(int key, struct sysrq_key_op *op);
- int unregister_sysrq_key(int key, struct sysrq_key_op *op);
- struct sysrq_key_op *__sysrq_get_key_op(int key);
-diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index 4121345498e0..0ff3cef5df96 100644
---- a/kernel/debug/kdb/kdb_main.c
-+++ b/kernel/debug/kdb/kdb_main.c
-@@ -1968,7 +1968,7 @@ static int kdb_sr(int argc, const char **argv)
- 		return KDB_ARGCOUNT;
- 
- 	kdb_trap_printk++;
--	__handle_sysrq(*argv[1], check_mask);
-+	__handle_sysrq(*argv[1], check_mask & SYSRQ_FROM_KERNEL);
- 	kdb_trap_printk--;
- 
- 	return 0;
-diff --git a/kernel/module.c b/kernel/module.c
-index 2b403ab0ef29..7818c110e95c 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
- #endif
- }
- 
--static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
-+bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
- #ifndef CONFIG_MODULE_SIG_FORCE
- module_param(sig_enforce, bool_enable_only, 0644);
- #endif /* !CONFIG_MODULE_SIG_FORCE */
--- 
-2.4.3
-

CVE-2017-11473.patch

@@ -0,0 +1,48 @@
+From 70ac67826602edf8c0ccb413e5ba7eacf597a60c Mon Sep 17 00:00:00 2001
+From: Seunghun Han <kkamagui@gmail.com>
+Date: Tue, 18 Jul 2017 20:03:51 +0900
+Subject: x86/acpi: Prevent out of bound access caused by broken ACPI tables
+
+The bus_irq argument of mp_override_legacy_irq() is used as the index into
+the isa_irq_to_gsi[] array. The bus_irq argument originates from
+ACPI_MADT_TYPE_IO_APIC and ACPI_MADT_TYPE_INTERRUPT items in the ACPI
+tables, but is nowhere sanity checked.
+
+That allows broken or malicious ACPI tables to overwrite memory, which
+might cause malfunction, panic or arbitrary code execution.
+
+Add a sanity check and emit a warning when that triggers.
+
+[ tglx: Added warning and rewrote changelog ]
+
+Signed-off-by: Seunghun Han <kkamagui@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: security@kernel.org
+Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
+Cc: stable@vger.kernel.org
+---
+ arch/x86/kernel/acpi/boot.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
+index 6bb6806..7491e73 100644
+--- a/arch/x86/kernel/acpi/boot.c
++++ b/arch/x86/kernel/acpi/boot.c
+@@ -347,6 +347,14 @@ static void __init mp_override_legacy_irq(u8 bus_irq, u8 polarity, u8 trigger,
+ 	struct mpc_intsrc mp_irq;
+ 
+ 	/*
++	 * Check bus_irq boundary.
++	 */
++	if (bus_irq >= NR_IRQS_LEGACY) {
++		pr_warn("Invalid bus_irq %u for legacy override\n", bus_irq);
++		return;
++	}
++
++	/*
+ 	 * Convert 'gsi' to 'ioapic.pin'.
+ 	 */
+ 	ioapic = mp_find_ioapic(gsi);
+-- 
+cgit v1.1
+

CVE-2017-7184.patch

@@ -0,0 +1,154 @@
+From c282222a45cb9503cbfbebfdb60491f06ae84b49 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Wed, 8 Feb 2017 11:52:29 +0100
+Subject: xfrm: policy: init locks early
+
+From: Florian Westphal <fw@strlen.de>
+
+commit c282222a45cb9503cbfbebfdb60491f06ae84b49 upstream.
+
+Dmitry reports following splat:
+ INFO: trying to register non-static key.
+ the code is fine but needs lockdep annotation.
+ turning off the locking correctness validator.
+ CPU: 0 PID: 13059 Comm: syz-executor1 Not tainted 4.10.0-rc7-next-20170207 #1
+[..]
+ spin_lock_bh include/linux/spinlock.h:304 [inline]
+ xfrm_policy_flush+0x32/0x470 net/xfrm/xfrm_policy.c:963
+ xfrm_policy_fini+0xbf/0x560 net/xfrm/xfrm_policy.c:3041
+ xfrm_net_init+0x79f/0x9e0 net/xfrm/xfrm_policy.c:3091
+ ops_init+0x10a/0x530 net/core/net_namespace.c:115
+ setup_net+0x2ed/0x690 net/core/net_namespace.c:291
+ copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396
+ create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106
+ unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
+ SYSC_unshare kernel/fork.c:2281 [inline]
+
+Problem is that when we get error during xfrm_net_init we will call
+xfrm_policy_fini which will acquire xfrm_policy_lock before it was
+initialized.  Just move it around so locks get set up first.
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Fixes: 283bc9f35bbbcb0e9 ("xfrm: Namespacify xfrm state/policy locks")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/xfrm/xfrm_policy.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -3062,6 +3062,11 @@ static int __net_init xfrm_net_init(stru
+ {
+ 	int rv;
+ 
++	/* Initialize the per-net locks here */
++	spin_lock_init(&net->xfrm.xfrm_state_lock);
++	spin_lock_init(&net->xfrm.xfrm_policy_lock);
++	mutex_init(&net->xfrm.xfrm_cfg_mutex);
++
+ 	rv = xfrm_statistics_init(net);
+ 	if (rv < 0)
+ 		goto out_statistics;
+@@ -3078,11 +3083,6 @@ static int __net_init xfrm_net_init(stru
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	/* Initialize the per-net locks here */
+-	spin_lock_init(&net->xfrm.xfrm_state_lock);
+-	spin_lock_init(&net->xfrm.xfrm_policy_lock);
+-	mutex_init(&net->xfrm.xfrm_cfg_mutex);
+-
+ 	return 0;
+ 
+ out:
+From 677e806da4d916052585301785d847c3b3e6186a Mon Sep 17 00:00:00 2001
+From: Andy Whitcroft <apw@canonical.com>
+Date: Wed, 22 Mar 2017 07:29:31 +0000
+Subject: xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
+
+From: Andy Whitcroft <apw@canonical.com>
+
+commit 677e806da4d916052585301785d847c3b3e6186a upstream.
+
+When a new xfrm state is created during an XFRM_MSG_NEWSA call we
+validate the user supplied replay_esn to ensure that the size is valid
+and to ensure that the replay_window size is within the allocated
+buffer.  However later it is possible to update this replay_esn via a
+XFRM_MSG_NEWAE call.  There we again validate the size of the supplied
+buffer matches the existing state and if so inject the contents.  We do
+not at this point check that the replay_window is within the allocated
+memory.  This leads to out-of-bounds reads and writes triggered by
+netlink packets.  This leads to memory corruption and the potential for
+priviledge escalation.
+
+We already attempt to validate the incoming replay information in
+xfrm_new_ae() via xfrm_replay_verify_len().  This confirms that the user
+is not trying to change the size of the replay state buffer which
+includes the replay_esn.  It however does not check the replay_window
+remains within that buffer.  Add validation of the contained
+replay_window.
+
+CVE-2017-7184
+Signed-off-by: Andy Whitcroft <apw@canonical.com>
+Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/xfrm/xfrm_user.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/xfrm/xfrm_user.c
++++ b/net/xfrm/xfrm_user.c
+@@ -415,6 +415,9 @@ static inline int xfrm_replay_verify_len
+ 	if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
+ 		return -EINVAL;
+ 
++	if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)
++		return -EINVAL;
++
+ 	return 0;
+ }
+ 
+From f843ee6dd019bcece3e74e76ad9df0155655d0df Mon Sep 17 00:00:00 2001
+From: Andy Whitcroft <apw@canonical.com>
+Date: Thu, 23 Mar 2017 07:45:44 +0000
+Subject: xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
+
+From: Andy Whitcroft <apw@canonical.com>
+
+commit f843ee6dd019bcece3e74e76ad9df0155655d0df upstream.
+
+Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to
+wrapping issues.  To ensure we are correctly ensuring that the two ESN
+structures are the same size compare both the overall size as reported
+by xfrm_replay_state_esn_len() and the internal length are the same.
+
+CVE-2017-7184
+Signed-off-by: Andy Whitcroft <apw@canonical.com>
+Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/xfrm/xfrm_user.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/xfrm/xfrm_user.c
++++ b/net/xfrm/xfrm_user.c
+@@ -412,7 +412,11 @@ static inline int xfrm_replay_verify_len
+ 	up = nla_data(rp);
+ 	ulen = xfrm_replay_state_esn_len(up);
+ 
+-	if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
++	/* Check the overall length and the internal bitmap length to avoid
++	 * potential overflow. */
++	if (nla_len(rp) < ulen ||
++	    xfrm_replay_state_esn_len(replay_esn) != ulen ||
++	    replay_esn->bmp_len != up->bmp_len)
+ 		return -EINVAL;
+ 
+ 	if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)

CVE-2017-7477.patch

@@ -0,0 +1,73 @@
+From 4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Fri, 21 Apr 2017 23:14:48 +0200
+Subject: macsec: avoid heap overflow in skb_to_sgvec
+
+While this may appear as a humdrum one line change, it's actually quite
+important. An sk_buff stores data in three places:
+
+1. A linear chunk of allocated memory in skb->data. This is the easiest
+   one to work with, but it precludes using scatterdata since the memory
+   must be linear.
+2. The array skb_shinfo(skb)->frags, which is of maximum length
+   MAX_SKB_FRAGS. This is nice for scattergather, since these fragments
+   can point to different pages.
+3. skb_shinfo(skb)->frag_list, which is a pointer to another sk_buff,
+   which in turn can have data in either (1) or (2).
+
+The first two are rather easy to deal with, since they're of a fixed
+maximum length, while the third one is not, since there can be
+potentially limitless chains of fragments. Fortunately dealing with
+frag_list is opt-in for drivers, so drivers don't actually have to deal
+with this mess. For whatever reason, macsec decided it wanted pain, and
+so it explicitly specified NETIF_F_FRAGLIST.
+
+Because dealing with (1), (2), and (3) is insane, most users of sk_buff
+doing any sort of crypto or paging operation calls a convenient function
+called skb_to_sgvec (which happens to be recursive if (3) is in use!).
+This takes a sk_buff as input, and writes into its output pointer an
+array of scattergather list items. Sometimes people like to declare a
+fixed size scattergather list on the stack; othertimes people like to
+allocate a fixed size scattergather list on the heap. However, if you're
+doing it in a fixed-size fashion, you really shouldn't be using
+NETIF_F_FRAGLIST too (unless you're also ensuring the sk_buff and its
+frag_list children arent't shared and then you check the number of
+fragments in total required.)
+
+Macsec specifically does this:
+
+        size += sizeof(struct scatterlist) * (MAX_SKB_FRAGS + 1);
+        tmp = kmalloc(size, GFP_ATOMIC);
+        *sg = (struct scatterlist *)(tmp + sg_offset);
+	...
+        sg_init_table(sg, MAX_SKB_FRAGS + 1);
+        skb_to_sgvec(skb, sg, 0, skb->len);
+
+Specifying MAX_SKB_FRAGS + 1 is the right answer usually, but not if you're
+using NETIF_F_FRAGLIST, in which case the call to skb_to_sgvec will
+overflow the heap, and disaster ensues.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Cc: stable@vger.kernel.org
+Cc: security@kernel.org
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ drivers/net/macsec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
+index ff0a5ed..dbab05a 100644
+--- a/drivers/net/macsec.c
++++ b/drivers/net/macsec.c
+@@ -2716,7 +2716,7 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
+ }
+ 
+ #define MACSEC_FEATURES \
+-	(NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST)
++	(NETIF_F_SG | NETIF_F_HIGHDMA)
+ static struct lock_class_key macsec_netdev_addr_lock_key;
+ 
+ static int macsec_dev_init(struct net_device *dev)
+-- 
+cgit v1.1
+

CVE-2017-7645.patch

@@ -0,0 +1,180 @@
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date:       2017-04-14 15:04:40
+Subject:    [PATCH] nfsd: check for oversized NFSv2/v3 arguments
+
+A client can append random data to the end of an NFSv2 or NFSv3 RPC call
+without our complaining; we'll just stop parsing at the end of the
+expected data and ignore the rest.
+
+Encoded arguments and replies are stored together in an array of pages,
+and if a call is too large it could leave inadequate space for the
+reply.  This is normally OK because NFS RPC's typically have either
+short arguments and long replies (like READ) or long arguments and short
+replies (like WRITE).  But a client that sends an incorrectly long reply
+can violate those assumptions.  This was observed to cause crashes.
+
+So, insist that the argument not be any longer than we expect.
+
+Also, several operations increment rq_next_page in the decode routine
+before checking the argument size, which can leave rq_next_page pointing
+well past the end of the page array, causing trouble later in
+svc_free_pages.
+
+As followup we may also want to rewrite the encoding routines to check
+more carefully that they aren't running off the end of the page array.
+
+Reported-by: Tuomas Haanpää <thaan@synopsys.com>
+Reported-by: Ari Kauppi <ari@synopsys.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+---
+ fs/nfsd/nfs3xdr.c          | 23 +++++++++++++++++------
+ fs/nfsd/nfsxdr.c           | 13 ++++++++++---
+ include/linux/sunrpc/svc.h |  3 +--
+ 3 files changed, 28 insertions(+), 11 deletions(-)
+
+diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
+index dba2ff8eaa68..be66bcadfaea 100644
+--- a/fs/nfsd/nfs3xdr.c
++++ b/fs/nfsd/nfs3xdr.c
+@@ -334,8 +334,11 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
+ 	if (!p)
+ 		return 0;
+ 	p = xdr_decode_hyper(p, &args->offset);
+-
+ 	args->count = ntohl(*p++);
++
++	if (!xdr_argsize_check(rqstp, p))
++		return 0;
++
+ 	len = min(args->count, max_blocksize);
+ 
+ 	/* set up the kvec */
+@@ -349,7 +352,7 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
+ 		v++;
+ 	}
+ 	args->vlen = v;
+-	return xdr_argsize_check(rqstp, p);
++	return 1;
+ }
+ 
+ int
+@@ -536,9 +539,11 @@ nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p,
+ 	p = decode_fh(p, &args->fh);
+ 	if (!p)
+ 		return 0;
++	if (!xdr_argsize_check(rqstp, p))
++		return 0;
+ 	args->buffer = page_address(*(rqstp->rq_next_page++));
+ 
+-	return xdr_argsize_check(rqstp, p);
++	return 1;
+ }
+ 
+ int
+@@ -564,10 +569,14 @@ nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
+ 	args->verf   = p; p += 2;
+ 	args->dircount = ~0;
+ 	args->count  = ntohl(*p++);
++
++	if (!xdr_argsize_check(rqstp, p))
++		return 0;
++
+ 	args->count  = min_t(u32, args->count, PAGE_SIZE);
+ 	args->buffer = page_address(*(rqstp->rq_next_page++));
+ 
+-	return xdr_argsize_check(rqstp, p);
++	return 1;
+ }
+ 
+ int
+@@ -585,6 +594,9 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
+ 	args->dircount = ntohl(*p++);
+ 	args->count    = ntohl(*p++);
+ 
++	if (!xdr_argsize_check(rqstp, p))
++		return 0;
++
+ 	len = args->count = min(args->count, max_blocksize);
+ 	while (len > 0) {
+ 		struct page *p = *(rqstp->rq_next_page++);
+@@ -592,8 +604,7 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
+ 			args->buffer = page_address(p);
+ 		len -= PAGE_SIZE;
+ 	}
+-
+-	return xdr_argsize_check(rqstp, p);
++	return 1;
+ }
+ 
+ int
+diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c
+index 41b468a6a90f..79268369f7b3 100644
+--- a/fs/nfsd/nfsxdr.c
++++ b/fs/nfsd/nfsxdr.c
+@@ -257,6 +257,9 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
+ 	len = args->count     = ntohl(*p++);
+ 	p++; /* totalcount - unused */
+ 
++	if (!xdr_argsize_check(rqstp, p))
++		return 0;
++
+ 	len = min_t(unsigned int, len, NFSSVC_MAXBLKSIZE_V2);
+ 
+ 	/* set up somewhere to store response.
+@@ -272,7 +275,7 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
+ 		v++;
+ 	}
+ 	args->vlen = v;
+-	return xdr_argsize_check(rqstp, p);
++	return 1;
+ }
+ 
+ int
+@@ -360,9 +363,11 @@ nfssvc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd_readli
+ 	p = decode_fh(p, &args->fh);
+ 	if (!p)
+ 		return 0;
++	if (!xdr_argsize_check(rqstp, p))
++		return 0;
+ 	args->buffer = page_address(*(rqstp->rq_next_page++));
+ 
+-	return xdr_argsize_check(rqstp, p);
++	return 1;
+ }
+ 
+ int
+@@ -400,9 +405,11 @@ nfssvc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
+ 	args->cookie = ntohl(*p++);
+ 	args->count  = ntohl(*p++);
+ 	args->count  = min_t(u32, args->count, PAGE_SIZE);
++	if (!xdr_argsize_check(rqstp, p))
++		return 0;
+ 	args->buffer = page_address(*(rqstp->rq_next_page++));
+ 
+-	return xdr_argsize_check(rqstp, p);
++	return 1;
+ }
+ 
+ /*
+diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
+index e770abeed32d..6ef19cf658b4 100644
+--- a/include/linux/sunrpc/svc.h
++++ b/include/linux/sunrpc/svc.h
+@@ -336,8 +336,7 @@ xdr_argsize_check(struct svc_rqst *rqstp, __be32 *p)
+ {
+ 	char *cp = (char *)p;
+ 	struct kvec *vec = &rqstp->rq_arg.head[0];
+-	return cp >= (char*)vec->iov_base
+-		&& cp <= (char*)vec->iov_base + vec->iov_len;
++	return cp == (char *)vec->iov_base + vec->iov_len;
+ }
+ 
+ static inline int
+-- 
+2.9.3
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html

HID-sony-do-not-bail-out-when-the-sixaxis-refuses-th.patch

@@ -1,49 +0,0 @@
-From 954d6154959c8c196fa4b89fc98a4fb377c6a38d Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Date: Fri, 8 Jan 2016 17:58:49 +0100
-Subject: [PATCH] HID: sony: do not bail out when the sixaxis refuses the
- output report
-
-When setting the operational mode, some third party (Speedlink Strike-FX)
-gamepads refuse the output report. Failing here means we refuse to
-initialize the gamepad while this should be harmless.
-
-The weird part is that the initial commit that added this: a7de9b8
-("HID: sony: Enable Gasia third-party PS3 controllers") mentions this
-very same controller as one requiring this output report.
-Anyway, it's broken for one user at least, so let's change it.
-We will report an error, but at least the controller should work.
-
-And no, these devices present themselves as legacy Sony controllers
-(VID:PID of 054C:0268, as in the official ones) so there are no ways
-of discriminating them from the official ones.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1255325
-
-Reported-and-tested-by: Max Fedotov <thesourcehim@gmail.com>
-Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
----
- drivers/hid/hid-sony.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c
-index 661f94f8ab8b..11f91c0c2458 100644
---- a/drivers/hid/hid-sony.c
-+++ b/drivers/hid/hid-sony.c
-@@ -1411,8 +1411,10 @@ static int sixaxis_set_operational_usb(struct hid_device *hdev)
- 	}
- 
- 	ret = hid_hw_output_report(hdev, buf, 1);
--	if (ret < 0)
--		hid_err(hdev, "can't set operational mode: step 3\n");
-+	if (ret < 0) {
-+		hid_info(hdev, "can't set operational mode: step 3, ignoring\n");
-+		ret = 0;
-+	}
- 
- out:
- 	kfree(buf);
--- 
-2.5.0
-

KEYS-Add-a-system-blacklist-keyring.patch

@@ -1,4 +1,4 @@
-From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
+From 2a54526850121cd0d7cf649a321488b4dab5731d Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:36:24 -0400
 Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
@@ -10,52 +10,48 @@ useful in cases where third party certificates are used for module signing.
 
 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
 ---
- certs/system_keyring.c        | 27 +++++++++++++++++++++++++++
+ certs/system_keyring.c        | 22 ++++++++++++++++++++++
  include/keys/system_keyring.h |  4 ++++
  init/Kconfig                  |  9 +++++++++
- 3 files changed, 40 insertions(+)
+ 3 files changed, 35 insertions(+)
 
 diff --git a/certs/system_keyring.c b/certs/system_keyring.c
-index 2570598b784d..53733822993f 100644
+index 50979d6dcecd..787eeead2f57 100644
 --- a/certs/system_keyring.c
 +++ b/certs/system_keyring.c
-@@ -20,6 +20,9 @@
- 
- struct key *system_trusted_keyring;
- EXPORT_SYMBOL_GPL(system_trusted_keyring);
+@@ -22,6 +22,9 @@ static struct key *builtin_trusted_keys;
+ #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
+ static struct key *secondary_trusted_keys;
+ #endif
 +#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
 +struct key *system_blacklist_keyring;
 +#endif
  
  extern __initconst const u8 system_certificate_list[];
  extern __initconst const unsigned long system_certificate_list_size;
-@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
- 		panic("Can't allocate system trusted keyring\n");
- 
- 	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
-+
-+	#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+@@ -99,6 +102,16 @@ static __init int system_trusted_keyring_init(void)
+ 	if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0)
+ 		panic("Can't link trusted keyrings\n");
+ #endif
++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
 +	system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
-+				    KUIDT_INIT(0), KGIDT_INIT(0),
-+				    current_cred(),
-+				    (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+				    KEY_USR_VIEW | KEY_USR_READ,
-+				    KEY_ALLOC_NOT_IN_QUOTA, NULL);
++			KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
++			((KEY_POS_ALL & ~KEY_POS_SETATTR) |
++			 KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
++			KEY_ALLOC_NOT_IN_QUOTA,
++			NULL, NULL);
 +	if (IS_ERR(system_blacklist_keyring))
 +		panic("Can't allocate system blacklist keyring\n");
-+
-+	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
 +#endif
-+
+ 
  	return 0;
  }
- 
-@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
- 	if (ret < 0)
- 		goto error;
- 
+@@ -214,6 +227,15 @@ int verify_pkcs7_signature(const void *data, size_t len,
+ 		trusted_keys = builtin_trusted_keys;
+ #endif
+ 	}
 +#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+	ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
++	ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring);
 +	if (!ret) {
 +		/* module is signed with a cert in the blacklist.  reject */
 +		pr_err("Module key is in the blacklist\n");
@@ -63,30 +59,29 @@ index 2570598b784d..53733822993f 100644
 +		goto error;
 +	}
 +#endif
-+
- 	ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
- 	if (ret < 0)
- 		goto error;
+ 	ret = pkcs7_validate_trust(pkcs7, trusted_keys);
+ 	if (ret < 0) {
+ 		if (ret == -ENOKEY)
 diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
-index b20cd885c1fd..51d8ddc60e0f 100644
+index fbd4647767e9..5bc291a3d261 100644
 --- a/include/keys/system_keyring.h
 +++ b/include/keys/system_keyring.h
-@@ -35,6 +35,10 @@ extern int system_verify_data(const void *data, unsigned long len,
- 			      enum key_being_used_for usage);
+@@ -33,6 +33,10 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
+ #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
  #endif
  
 +#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
 +extern struct key *system_blacklist_keyring;
 +#endif
 +
- #ifdef CONFIG_IMA_MOK_KEYRING
- extern struct key *ima_mok_keyring;
+ #ifdef CONFIG_IMA_BLACKLIST_KEYRING
  extern struct key *ima_blacklist_keyring;
+ 
 diff --git a/init/Kconfig b/init/Kconfig
-index 02da9f1fd9df..782d26f02885 100644
+index 34407f15e6d3..461ad575a608 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
+@@ -1859,6 +1859,15 @@ config SYSTEM_DATA_VERIFICATION
  	  module verification, kexec image verification and firmware blob
  	  verification.
  
@@ -103,5 +98,5 @@ index 02da9f1fd9df..782d26f02885 100644
  	bool "Profiling support"
  	help
 -- 
-2.4.3
+2.9.3
 

MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch

@@ -0,0 +1,32 @@
+From 71db1b222ecdf6cb4356f6f1e2bd45cd2f0e85e1 Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott@redhat.com>
+Date: Tue, 18 Oct 2016 13:58:44 -0700
+Subject: [PATCH] MODSIGN: Don't try secure boot if EFI runtime is disabled
+
+Secure boot depends on having EFI runtime variable access. The code
+does not handle a lack of runtime variables gracefully. Add a check
+to just bail out of EFI runtime is disabled.
+
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+---
+ kernel/modsign_uefi.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
+index a41da14..2bdaf76 100644
+--- a/kernel/modsign_uefi.c
++++ b/kernel/modsign_uefi.c
+@@ -71,6 +71,10 @@ static int __init load_uefi_certs(void)
+ 	if (!efi_enabled(EFI_SECURE_BOOT))
+ 		return 0;
+ 
++	/* Things blow up if efi runtime is disabled */
++	if (efi_runtime_disabled())
++		return 0;
++
+ 	keyring = get_system_keyring();
+ 	if (!keyring) {
+ 		pr_err("MODSIGN: Couldn't get system keyring\n");
+-- 
+2.7.4
+

MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch

@@ -1,7 +1,7 @@
-From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
+From 8a4535bcfe24d317be675e53cdc8c61d22fdc7f3 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:42:16 -0400
-Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
+Subject: [PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot
 
 Secure Boot stores a list of allowed certificates in the 'db' variable.
 This imports those certificates into the system trusted keyring.  This
@@ -18,35 +18,55 @@ signed with those from loading.
 
 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
 ---
- include/linux/efi.h   |  6 ++++
- init/Kconfig          |  9 +++++
- kernel/Makefile       |  3 ++
- kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 110 insertions(+)
+ certs/system_keyring.c        | 13 ++++++
+ include/keys/system_keyring.h |  1 +
+ init/Kconfig                  |  9 ++++
+ kernel/Makefile               |  3 ++
+ kernel/modsign_uefi.c         | 99 +++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 125 insertions(+)
  create mode 100644 kernel/modsign_uefi.c
 
-diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 85ef051ac6fb..a042b2ece788 100644
---- a/include/linux/efi.h
-+++ b/include/linux/efi.h
-@@ -600,6 +600,12 @@ typedef struct {
- 	u64 table;
- } efi_config_table_64_t;
+diff --git a/certs/system_keyring.c b/certs/system_keyring.c
+index 787eeead2f57..4d9123ed5c07 100644
+--- a/certs/system_keyring.c
++++ b/certs/system_keyring.c
+@@ -30,6 +30,19 @@ extern __initconst const u8 system_certificate_list[];
+ extern __initconst const unsigned long system_certificate_list_size;
  
-+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
-+    EFI_GUID(  0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
+ /**
++ * get_system_keyring - Return a pointer to the system keyring
++ *
++ */
++struct key *get_system_keyring(void)
++{
++	struct key *system_keyring = NULL;
 +
-+#define EFI_SHIM_LOCK_GUID \
-+    EFI_GUID(  0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
++	system_keyring = builtin_trusted_keys;
++	return system_keyring;
++}
++EXPORT_SYMBOL_GPL(get_system_keyring);
 +
- typedef struct {
- 	efi_guid_t guid;
- 	u32 table;
++/**
+  * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
+  *
+  * Restrict the addition of keys into a keyring based on the key-to-be-added
+diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
+index 5bc291a3d261..56ff5715ab67 100644
+--- a/include/keys/system_keyring.h
++++ b/include/keys/system_keyring.h
+@@ -36,6 +36,7 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ extern struct key *system_blacklist_keyring;
+ #endif
++extern struct key *get_system_keyring(void);
+ 
+ #ifdef CONFIG_IMA_BLACKLIST_KEYRING
+ extern struct key *ima_blacklist_keyring;
 diff --git a/init/Kconfig b/init/Kconfig
-index 02da9f1fd9df..90c73a0564b1 100644
+index 461ad575a608..93646fd7b1c8 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
+@@ -2009,6 +2009,15 @@ config MODULE_SIG_ALL
  comment "Do not forget to sign required modules with scripts/sign-file"
  	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
  
@@ -63,10 +83,10 @@ index 02da9f1fd9df..90c73a0564b1 100644
  	prompt "Which hash algorithm should modules be signed with?"
  	depends on MODULE_SIG
 diff --git a/kernel/Makefile b/kernel/Makefile
-index d4988410b410..55e886239e7e 100644
+index eb26e12c6c2a..e0c2268cb97e 100644
 --- a/kernel/Makefile
 +++ b/kernel/Makefile
-@@ -47,6 +47,7 @@ endif
+@@ -57,6 +57,7 @@ endif
  obj-$(CONFIG_UID16) += uid16.o
  obj-$(CONFIG_MODULES) += module.o
  obj-$(CONFIG_MODULE_SIG) += module_signing.o
@@ -74,7 +94,7 @@ index d4988410b410..55e886239e7e 100644
  obj-$(CONFIG_KALLSYMS) += kallsyms.o
  obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
  obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
-@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
+@@ -113,6 +114,8 @@ obj-$(CONFIG_MEMBARRIER) += membarrier.o
  
  obj-$(CONFIG_HAS_IOMEM) += memremap.o
  
@@ -82,13 +102,13 @@ index d4988410b410..55e886239e7e 100644
 +
  $(obj)/configs.o: $(obj)/config_data.h
  
- # config_data.h contains the same information as ikconfig.h but gzipped.
+ targets += config_data.gz
 diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
 new file mode 100644
-index 000000000000..94b0eb38a284
+index 000000000000..fe4a6f2bf10a
 --- /dev/null
 +++ b/kernel/modsign_uefi.c
-@@ -0,0 +1,92 @@
+@@ -0,0 +1,99 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/cred.h>
@@ -139,11 +159,18 @@ index 000000000000..94b0eb38a284
 +	void *db = NULL, *dbx = NULL, *mok = NULL;
 +	unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
 +	int rc = 0;
++	struct key *keyring = NULL;
 +
 +	/* Check if SB is enabled and just return if not */
 +	if (!efi_enabled(EFI_SECURE_BOOT))
 +		return 0;
 +
++	keyring = get_system_keyring();
++	if (!keyring) {
++		pr_err("MODSIGN: Couldn't get system keyring\n");
++		return -EINVAL;
++	}
++
 +	/* Get db, MokListRT, and dbx.  They might not exist, so it isn't
 +	 * an error if we can't get them.
 +	 */
@@ -151,7 +178,7 @@ index 000000000000..94b0eb38a284
 +	if (!db) {
 +		pr_err("MODSIGN: Couldn't get UEFI db list\n");
 +	} else {
-+		rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
++		rc = parse_efi_signature_list(db, dbsize, keyring);
 +		if (rc)
 +			pr_err("Couldn't parse db signatures: %d\n", rc);
 +		kfree(db);
@@ -161,7 +188,7 @@ index 000000000000..94b0eb38a284
 +	if (!mok) {
 +		pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
 +	} else {
-+		rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
++		rc = parse_efi_signature_list(mok, moksize, keyring);
 +		if (rc)
 +			pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
 +		kfree(mok);
@@ -182,5 +209,5 @@ index 000000000000..94b0eb38a284
 +}
 +late_initcall(load_uefi_certs);
 -- 
-2.4.3
+2.9.3
 

MODSIGN-Support-not-importing-certs-from-db.patch

@@ -1,4 +1,4 @@
-From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
+From 9d2e5c61d5adcf7911f67ed44a1b0ff881f175bb Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Thu, 3 Oct 2013 10:14:23 -0400
 Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 31 insertions(+), 9 deletions(-)
 
 diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
-index 94b0eb38a284..ae28b974d49a 100644
+index fe4a6f2bf10a..a41da14b1ffd 100644
 --- a/kernel/modsign_uefi.c
 +++ b/kernel/modsign_uefi.c
 @@ -8,6 +8,23 @@
@@ -41,16 +41,18 @@ index 94b0eb38a284..ae28b974d49a 100644
  static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
  {
  	efi_status_t status;
-@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
+@@ -47,7 +64,7 @@ static int __init load_uefi_certs(void)
  	efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
  	void *db = NULL, *dbx = NULL, *mok = NULL;
  	unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
 -	int rc = 0;
 +	int ignore_db, rc = 0;
+ 	struct key *keyring = NULL;
  
  	/* Check if SB is enabled and just return if not */
- 	if (!efi_enabled(EFI_SECURE_BOOT))
- 		return 0;
+@@ -60,17 +77,22 @@ static int __init load_uefi_certs(void)
+ 		return -EINVAL;
+ 	}
  
 +	/* See if the user has setup Ignore DB mode */
 +	ignore_db = check_ignore_db();
@@ -62,7 +64,7 @@ index 94b0eb38a284..ae28b974d49a 100644
 -	if (!db) {
 -		pr_err("MODSIGN: Couldn't get UEFI db list\n");
 -	} else {
--		rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+-		rc = parse_efi_signature_list(db, dbsize, keyring);
 -		if (rc)
 -			pr_err("Couldn't parse db signatures: %d\n", rc);
 -		kfree(db);
@@ -71,7 +73,7 @@ index 94b0eb38a284..ae28b974d49a 100644
 +		if (!db) {
 +			pr_err("MODSIGN: Couldn't get UEFI db list\n");
 +		} else {
-+			rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
++			rc = parse_efi_signature_list(db, dbsize, keyring);
 +			if (rc)
 +				pr_err("Couldn't parse db signatures: %d\n", rc);
 +			kfree(db);
@@ -80,5 +82,5 @@ index 94b0eb38a284..ae28b974d49a 100644
  
  	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
 -- 
-2.4.3
+2.9.3
 

Makefile

@@ -10,9 +10,7 @@ help:
 	@echo "Try fedpkg $@ or something like that"
 	@exit 1
 
-include Makefile.config
-
-prep:
+prep: config-files
 	fedpkg -v prep
 
 noarch:
@@ -25,94 +23,22 @@ local:
 extremedebug:
 	@perl -pi -e 's/# CONFIG_DEBUG_PAGEALLOC is not set/CONFIG_DEBUG_PAGEALLOC=y/' config-nodebug
 
+config-files:
+	@./build_configs.sh
+
 debug:
-	@perl -pi -e 's/# CONFIG_LOCK_STAT is not set/CONFIG_LOCK_STAT=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_STACK_USAGE is not set/CONFIG_DEBUG_STACK_USAGE=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_SLAB is not set/CONFIG_DEBUG_SLAB=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_MUTEXES is not set/CONFIG_DEBUG_MUTEXES=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_RT_MUTEXES is not set/CONFIG_DEBUG_RT_MUTEXES=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_LOCK_ALLOC is not set/CONFIG_DEBUG_LOCK_ALLOC=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_LOCK_TORTURE_TEST is not set/CONFIG_LOCK_TORTURE_TEST=m/' config-nodebug
-	@perl -pi -e 's/# CONFIG_PROVE_LOCKING is not set/CONFIG_PROVE_LOCKING=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_PROVE_RCU is not set/CONFIG_PROVE_RCU=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_SPINLOCK is not set/CONFIG_DEBUG_SPINLOCK=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_VM is not set/CONFIG_DEBUG_VM=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAULT_INJECTION is not set/CONFIG_FAULT_INJECTION=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAILSLAB is not set/CONFIG_FAILSLAB=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAIL_PAGE_ALLOC is not set/CONFIG_FAIL_PAGE_ALLOC=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAIL_IO_TIMEOUT is not set/CONFIG_FAIL_IO_TIMEOUT=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAIL_MAKE_REQUEST is not set/CONFIG_FAIL_MAKE_REQUEST=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAIL_MMC_REQUEST is not set/CONFIG_FAIL_MMC_REQUEST=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAULT_INJECTION_DEBUG_FS is not set/CONFIG_FAULT_INJECTION_DEBUG_FS=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set/CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_SG is not set/CONFIG_DEBUG_SG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_PI_LIST is not set/CONFIG_DEBUG_PI_LIST=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS is not set/CONFIG_DEBUG_OBJECTS=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_FREE is not set/CONFIG_DEBUG_OBJECTS_FREE=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_TIMERS is not set/CONFIG_DEBUG_OBJECTS_TIMERS=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_WORK is not set/CONFIG_DEBUG_OBJECTS_WORK=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_X86_PTDUMP is not set/CONFIG_X86_PTDUMP=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_ARM64_PTDUMP is not set/CONFIG_ARM64_PTDUMP=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_EFI_PGT_DUMP is not set/CONFIG_EFI_PGT_DUMP=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_CAN_DEBUG_DEVICES is not set/CONFIG_CAN_DEBUG_DEVICES=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_MODULE_FORCE_UNLOAD is not set/CONFIG_MODULE_FORCE_UNLOAD=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_NOTIFIERS is not set/CONFIG_DEBUG_NOTIFIERS=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DMA_API_DEBUG is not set/CONFIG_DMA_API_DEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_PM_TEST_SUSPEND is not set/CONFIG_PM_TEST_SUSPEND=y/' config-generic
-	@perl -pi -e 's/# CONFIG_PM_ADVANCED_DEBUG is not set/CONFIG_PM_ADVANCED_DEBUG=y/' config-generic
-	@perl -pi -e 's/# CONFIG_B43_DEBUG is not set/CONFIG_B43_DEBUG=y/' config-generic
-	@perl -pi -e 's/# CONFIG_B43LEGACY_DEBUG is not set/CONFIG_B43LEGACY_DEBUG=y/' config-generic
-	@perl -pi -e 's/# CONFIG_MMIOTRACE is not set/CONFIG_MMIOTRACE=y/' config-nodebug
-	@perl -pi -e 's/CONFIG_STRIP_ASM_SYMS=y/# CONFIG_STRIP_ASM_SYMS is not set/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_CREDENTIALS is not set/CONFIG_DEBUG_CREDENTIALS=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set/CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_ACPI_DEBUG is not set/CONFIG_ACPI_DEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_EXT4_DEBUG is not set/CONFIG_EXT4_DEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_PERF_USE_VMALLOC is not set/CONFIG_DEBUG_PERF_USE_VMALLOC=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_JBD2_DEBUG is not set/CONFIG_JBD2_DEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_NFSD_FAULT_INJECTION is not set/CONFIG_NFSD_FAULT_INJECTION=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_BLK_CGROUP is not set/CONFIG_DEBUG_BLK_CGROUP=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DRBD_FAULT_INJECTION is not set/CONFIG_DRBD_FAULT_INJECTION=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_ATH_DEBUG is not set/CONFIG_ATH_DEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_CARL9170_DEBUGFS is not set/CONFIG_CARL9170_DEBUGFS=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_IWLWIFI_DEVICE_TRACING is not set/CONFIG_IWLWIFI_DEVICE_TRACING=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DMADEVICES_DEBUG is not set/CONFIG_DMADEVICES_DEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_CEPH_LIB_PRETTYDEBUG is not set/CONFIG_CEPH_LIB_PRETTYDEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_QUOTA_DEBUG is not set/CONFIG_QUOTA_DEBUG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_KGDB_KDB is not set/CONFIG_KGDB_KDB=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_KDB_KEYBOARD is not set/CONFIG_KDB_KEYBOARD=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set/CONFIG_CPU_NOTIFIER_ERROR_INJECT=m/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_PER_CPU_MAPS is not set/CONFIG_DEBUG_PER_CPU_MAPS=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_TEST_LIST_SORT is not set/CONFIG_TEST_LIST_SORT=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_ATOMIC_SLEEP is not set/CONFIG_DEBUG_ATOMIC_SLEEP=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DETECT_HUNG_TASK is not set/CONFIG_DETECT_HUNG_TASK=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_WQ_WATCHDOG is not set/CONFIG_WQ_WATCHDOG=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set/CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_DEBUG_KMEMLEAK is not set/CONFIG_DEBUG_KMEMLEAK=y/' config-nodebug
-	@perl -pi -e 's/# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set/CONFIG_X86_DEBUG_STATIC_CPU_HAS=y/' config-nodebug
-
-	@# just in case we're going from extremedebug -> debug
-	@perl -pi -e 's/CONFIG_DEBUG_PAGEALLOC=y/# CONFIG_DEBUG_PAGEALLOC is not set/' config-nodebug
-
-	@perl -pi -e 's/# CONFIG_MAXSMP is not set/CONFIG_MAXSMP=y/' config-x86-generic
-
 	@perl -pi -e 's/^%define debugbuildsenabled 1/%define debugbuildsenabled 0/' kernel.spec
 	@rpmdev-bumpspec -c "Reenable debugging options." kernel.spec
 
-nodebuginfo:
-	@perl -pi -e 's/^%define with_debuginfo %\{\?_without_debuginfo: 0\} %\{\?\!_without_debuginfo: 1\}/%define with_debuginfo %\{\?_without_debuginfo: 0\} %\{\?\!_without_debuginfo: 0\}/' kernel.spec
-nodebug: release
-	@perl -pi -e 's/^%define debugbuildsenabled 1/%define debugbuildsenabled 0/' kernel.spec
-release: config-release
+release:
 	@perl -pi -e 's/^%define debugbuildsenabled 0/%define debugbuildsenabled 1/' kernel.spec
 	@rpmdev-bumpspec -c "Disable debugging options." kernel.spec
 
-include Makefile.release
+nodebuginfo:
+	@perl -pi -e 's/^%define with_debuginfo %\{\?_without_debuginfo: 0\} %\{\?\!_without_debuginfo: 1\}/%define with_debuginfo %\{\?_without_debuginfo: 0\} %\{\?\!_without_debuginfo: 0\}/' kernel.spec
 
-unused-kernel-patches:
-	@for f in *.patch; do if [ -e $$f ]; then (egrep -q "^Patch[[:digit:]]+:[[:space:]]+$$f" $(SPECFILE) || echo "Unused:    $$f") && egrep -q "^ApplyPatch[[:space:]]+$$f|^ApplyOptionalPatch[[:space:]]+$$f" $(SPECFILE) || echo "Unapplied: $$f"; fi; done
+nodebug: release
+	@perl -pi -e 's/^%define debugbuildsenabled 1/%define debugbuildsenabled 0/' kernel.spec
 
 ifeq ($(MAKECMDGOALS),me a sandwich)
 .PHONY: me a sandwich

Makefile.config

@@ -1,129 +0,0 @@
-# Make rules for configuration files.
-#
-# $Id$
-
-CFG		= kernel-$(VERSION)
-
-CONFIGFILES	= \
-	$(CFG)-i686.config $(CFG)-i686-debug.config \
-	$(CFG)-i686-PAE.config $(CFG)-i686-PAEdebug.config \
-	$(CFG)-x86_64.config $(CFG)-x86_64-debug.config \
-	$(CFG)-s390x.config \
-	$(CFG)-armv7hl.config $(CFG)-armv7hl-lpae.config \
-	$(CFG)-aarch64.config \
-	$(CFG)-ppc64.config $(CFG)-ppc64p7.config $(CFG)-ppc64-debug.config \
-	$(CFG)-ppc64le.config $(CFG)-ppc64le-debug.config
-
-PLATFORMS	= x86 x86_64 powerpc s390x arm arm64
-TEMPFILES	= $(addprefix temp-, $(addsuffix -generic, $(PLATFORMS)))
-
-configs: $(CONFIGFILES)
-	@rm -f kernel-*-config
-	@rm -f $(TEMPFILES)
-	@rm -f temp-generic temp-*-generic temp-*-generic-tmp
-
-# Augment the clean target to clean up our own cruft
-clean ::
-	@rm -fv $(CONFIGFILES) $(TEMPFILES) temp-generic kernel-$(VERSION)*config
-
-temp-generic: config-generic config-nodebug
-	cat $^ > temp-generic
-
-temp-debug-generic: config-generic config-debug
-	cat $^ > temp-debug-generic
-
-temp-no-extra-generic: config-no-extra temp-generic
-	perl merge.pl $^ > $@
-
-temp-arm-generic: config-arm-generic temp-no-extra-generic
-	perl merge.pl $^ > $@
-
-temp-armv7-generic: config-armv7-generic temp-arm-generic
-	perl merge.pl $^ > $@
-
-temp-armv7: config-armv7 temp-armv7-generic
-	perl merge.pl $^ > $@
-
-temp-armv7-lpae: config-armv7-lpae temp-armv7-generic
-	perl merge.pl $^ > $@
-
-temp-arm-debug-generic: temp-arm-generic temp-debug-generic
-	perl merge.pl $^ > $@
-
-temp-arm64: config-arm64 temp-arm-generic
-	perl merge.pl $^ > $@
-
-temp-arm64-debug: config-arm64 temp-arm-debug-generic
-	perl merge.pl $^ > $@
-
-temp-x86-32: config-x86-32-generic config-x86-generic
-	perl merge.pl $^  > $@
-
-temp-x86-32-generic: temp-x86-32 temp-generic
-	perl merge.pl $^  > $@
-
-temp-x86-debug-generic: temp-x86-32 temp-debug-generic
-	perl merge.pl $^  > $@
-
-temp-x86-64: config-x86_64-generic config-x86-generic
-	perl merge.pl $^  > $@
-
-temp-x86_64-generic: temp-x86-64 temp-generic
-	perl merge.pl $^  > $@
-
-temp-x86_64-debug-generic: temp-x86-64 temp-debug-generic
-	perl merge.pl $^  > $@
-
-temp-powerpc64-generic: config-powerpc64-generic temp-generic
-	perl merge.pl $^  > $@
-
-temp-powerpc64-debug-generic: config-powerpc64-generic temp-debug-generic
-	perl merge.pl $^  > $@
-
-temp-s390-generic: config-s390x temp-generic
-	perl merge.pl $^ > $@
-
-$(CFG)-i686-PAE.config: config-i686-PAE temp-x86-32-generic
-	perl merge.pl $^ i386 > $@
-
-$(CFG)-i686-PAEdebug.config: config-i686-PAE temp-x86-debug-generic
-	perl merge.pl $^ i386 > $@
-
-$(CFG)-i686.config: /dev/null temp-x86-32-generic
-	perl merge.pl $^ i386 > $@
-
-$(CFG)-i686-debug.config: /dev/null temp-x86-debug-generic
-	perl merge.pl $^ i386 > $@
-
-$(CFG)-x86_64.config: /dev/null temp-x86_64-generic
-	perl merge.pl $^ x86_64 > $@
-
-$(CFG)-x86_64-debug.config: /dev/null temp-x86_64-debug-generic
-	perl merge.pl $^ x86_64 > $@
-
-$(CFG)-ppc64.config: config-powerpc64 temp-powerpc64-generic
-	perl merge.pl $^ powerpc > $@
-
-$(CFG)-ppc64-debug.config: config-powerpc64 temp-powerpc64-debug-generic
-	perl merge.pl $^ powerpc > $@
-
-$(CFG)-ppc64p7.config: config-powerpc64p7 temp-powerpc64-generic
-	perl merge.pl $^ powerpc > $@
-
-$(CFG)-ppc64le.config: config-powerpc64le temp-powerpc64-generic
-	perl merge.pl $^ powerpc > $@
-
-$(CFG)-ppc64le-debug.config: config-powerpc64le temp-powerpc64-debug-generic
-	perl merge.pl $^ powerpc > $@
-
-$(CFG)-s390x.config: config-s390x temp-s390-generic
-	perl merge.pl $^ s390 > $@
-
-$(CFG)-armv7hl.config: /dev/null temp-armv7
-	perl merge.pl $^ arm > $@
-
-$(CFG)-armv7hl-lpae.config: /dev/null temp-armv7-lpae
-	perl merge.pl $^ arm > $@
-
-$(CFG)-aarch64.config: /dev/null temp-arm64
-	perl merge.pl $^ arm64 > $@

Makefile.release

@@ -1,84 +0,0 @@
-# Make rules for configuration files.
-#
-# $Id$
-
-# This file contains only entries that change the config files.
-# Anything that changes kernel.spec itself should go in the main Makefile.
-
-config-release:
-	@perl -pi -e 's/CONFIG_LOCK_STAT=y/# CONFIG_LOCK_STAT is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_STACK_USAGE=y/# CONFIG_DEBUG_STACK_USAGE is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_SLAB=y/# CONFIG_DEBUG_SLAB is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_MUTEXES=y/# CONFIG_DEBUG_MUTEXES is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_RT_MUTEXES=y/# CONFIG_DEBUG_RT_MUTEXES is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_LOCK_ALLOC=y/# CONFIG_DEBUG_LOCK_ALLOC is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_LOCK_TORTURE_TEST=m/# CONFIG_LOCK_TORTURE_TEST is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_PROVE_LOCKING=y/# CONFIG_PROVE_LOCKING is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_PROVE_RCU=y/# CONFIG_PROVE_RCU is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_SPINLOCK=y/# CONFIG_DEBUG_SPINLOCK is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_VM=y/# CONFIG_DEBUG_VM is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAULT_INJECTION=y/# CONFIG_FAULT_INJECTION is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAILSLAB=y/# CONFIG_FAILSLAB is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAIL_PAGE_ALLOC=y/# CONFIG_FAIL_PAGE_ALLOC is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAIL_IO_TIMEOUT=y/# CONFIG_FAIL_IO_TIMEOUT is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAIL_MAKE_REQUEST=y/# CONFIG_FAIL_MAKE_REQUEST is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAIL_MMC_REQUEST=y/# CONFIG_FAIL_MMC_REQUEST is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAULT_INJECTION_DEBUG_FS=y/# CONFIG_FAULT_INJECTION_DEBUG_FS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y/# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_SG=y/# CONFIG_DEBUG_SG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_PI_LIST=y/# CONFIG_DEBUG_PI_LIST is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_OBJECTS=y/# CONFIG_DEBUG_OBJECTS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_FREE=y/# CONFIG_DEBUG_OBJECTS_FREE is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_TIMERS=y/# CONFIG_DEBUG_OBJECTS_TIMERS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_WORK=y/# CONFIG_DEBUG_OBJECTS_WORK is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_ARM64_PTDUMP=y/# CONFIG_ARM64_PTDUMP is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_EFI_PGT_DUMP=y/# CONFIG_EFI_PGT_DUMP is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_CAN_DEBUG_DEVICES=y/# CONFIG_CAN_DEBUG_DEVICES is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_MODULE_FORCE_UNLOAD=y/# CONFIG_MODULE_FORCE_UNLOAD is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_NOTIFIERS=y/# CONFIG_DEBUG_NOTIFIERS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DMA_API_DEBUG=y/# CONFIG_DMA_API_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_PM_TEST_SUSPEND=y/# CONFIG_PM_TEST_SUSPEND is not set/' config-generic
-	@perl -pi -e 's/CONFIG_PM_ADVANCED_DEBUG=y/# CONFIG_PM_ADVANCED_DEBUG is not set/' config-generic
-	@perl -pi -e 's/CONFIG_B43_DEBUG=y/# CONFIG_B43_DEBUG is not set/' config-generic
-	@perl -pi -e 's/CONFIG_B43LEGACY_DEBUG=y/# CONFIG_B43LEGACY_DEBUG is not set/' config-generic
-	@perl -pi -e 's/CONFIG_MMIOTRACE=y/# CONFIG_MMIOTRACE is not set/' config-nodebug
-	@perl -pi -e 's/# CONFIG_STRIP_ASM_SYMS is not set/CONFIG_STRIP_ASM_SYMS=y/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_CREDENTIALS=y/# CONFIG_DEBUG_CREDENTIALS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y/# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_ACPI_DEBUG=y/# CONFIG_ACPI_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_EXT4_DEBUG=y/# CONFIG_EXT4_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_PERF_USE_VMALLOC=y/# CONFIG_DEBUG_PERF_USE_VMALLOC is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_JBD2_DEBUG=y/# CONFIG_JBD2_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_NFSD_FAULT_INJECTION=y/# CONFIG_NFSD_FAULT_INJECTION is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_BLK_CGROUP=y/# CONFIG_DEBUG_BLK_CGROUP is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DRBD_FAULT_INJECTION=y/# CONFIG_DRBD_FAULT_INJECTION is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_ATH_DEBUG=y/# CONFIG_ATH_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_CARL9170_DEBUGFS=y/# CONFIG_CARL9170_DEBUGFS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_IWLWIFI_DEVICE_TRACING=y/# CONFIG_IWLWIFI_DEVICE_TRACING is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DMADEVICES_DEBUG=y/# CONFIG_DMADEVICES_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_CEPH_LIB_PRETTYDEBUG=y/# CONFIG_CEPH_LIB_PRETTYDEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_QUOTA_DEBUG=y/# CONFIG_QUOTA_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_CPU_NOTIFIER_ERROR_INJECT=m/# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_PER_CPU_MAPS=y/# CONFIG_DEBUG_PER_CPU_MAPS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_PERCPU_TEST=m/# CONFIG_PERCPU_TEST is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_TEST_LIST_SORT=y/# CONFIG_TEST_LIST_SORT is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_TEST_STRING_HELPERS=m/# CONFIG_TEST_STRING_HELPERS is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_ATOMIC_SLEEP=y/# CONFIG_DEBUG_ATOMIC_SLEEP is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DETECT_HUNG_TASK=y/# CONFIG_DETECT_HUNG_TASK is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_WQ_WATCHDOG=y/# CONFIG_WQ_WATCHDOG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y/# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_DEBUG_KMEMLEAK=y/# CONFIG_DEBUG_KMEMLEAK is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_MAC80211_MESSAGE_TRACING=y/# CONFIG_MAC80211_MESSAGE_TRACING is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_XFS_WARN=y/# CONFIG_XFS_WARN is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_EDAC_DEBUG=y/# CONFIG_EDAC_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_RTLWIFI_DEBUG=y/# CONFIG_RTLWIFI_DEBUG is not set/' config-nodebug
-	@perl -pi -e 's/CONFIG_X86_DEBUG_STATIC_CPU_HAS=y/# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set/' config-nodebug
-
-	@# Undo anything that make extremedebug might have set
-	@perl -pi -e 's/CONFIG_DEBUG_PAGEALLOC=y/# CONFIG_DEBUG_PAGEALLOC is not set/' config-debug
-	@perl -pi -e 's/CONFIG_DEBUG_PAGEALLOC=y/# CONFIG_DEBUG_PAGEALLOC is not set/' config-nodebug
-
-	@# Change defaults back to sane things.
-	@perl -pi -e 's/CONFIG_MAXSMP=y/# CONFIG_MAXSMP is not set/' config-x86-generic

PCI-Lock-down-BAR-access-when-module-security-is-ena.patch

@@ -1,118 +0,0 @@
-From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Thu, 8 Mar 2012 10:10:38 -0500
-Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
- enabled
-
-Any hardware that can potentially generate DMA has to be locked down from
-userspace in order to avoid it being possible for an attacker to modify
-kernel code, allowing them to circumvent disabled module loading or module
-signing. Default to paranoid - in future we can potentially relax this for
-sufficiently IOMMU-isolated devices.
-
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
----
- drivers/pci/pci-sysfs.c | 10 ++++++++++
- drivers/pci/proc.c      |  8 +++++++-
- drivers/pci/syscall.c   |  3 ++-
- 3 files changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 312f23a8429c..93e6ac103dd0 100644
---- a/drivers/pci/pci-sysfs.c
-+++ b/drivers/pci/pci-sysfs.c
-@@ -30,6 +30,7 @@
- #include <linux/vgaarb.h>
- #include <linux/pm_runtime.h>
- #include <linux/of.h>
-+#include <linux/module.h>
- #include "pci.h"
- 
- static int sysfs_initialized;	/* = 0 */
-@@ -710,6 +711,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
- 	loff_t init_off = off;
- 	u8 *data = (u8 *) buf;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	if (off > dev->cfg_size)
- 		return 0;
- 	if (off + count > dev->cfg_size) {
-@@ -1004,6 +1008,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
- 	resource_size_t start, end;
- 	int i;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	for (i = 0; i < PCI_ROM_RESOURCE; i++)
- 		if (res == &pdev->resource[i])
- 			break;
-@@ -1105,6 +1112,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
- 				     struct bin_attribute *attr, char *buf,
- 				     loff_t off, size_t count)
- {
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	return pci_resource_io(filp, kobj, attr, buf, off, count, true);
- }
- 
-diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
-index 3f155e78513f..4265ea07e3b0 100644
---- a/drivers/pci/proc.c
-+++ b/drivers/pci/proc.c
-@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
- 	int size = dev->cfg_size;
- 	int cnt;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	if (pos >= size)
- 		return 0;
- 	if (nbytes >= size)
-@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
- #endif /* HAVE_PCI_MMAP */
- 	int ret = 0;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	switch (cmd) {
- 	case PCIIOC_CONTROLLER:
- 		ret = pci_domain_nr(dev->bus);
-@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
- 	struct pci_filp_private *fpriv = file->private_data;
- 	int i, ret;
- 
--	if (!capable(CAP_SYS_RAWIO))
-+	if (!capable(CAP_SYS_RAWIO) || secure_modules())
- 		return -EPERM;
- 
- 	/* Make sure the caller is mapping a real resource for this device */
-diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
-index b91c4da68365..98f5637304d1 100644
---- a/drivers/pci/syscall.c
-+++ b/drivers/pci/syscall.c
-@@ -10,6 +10,7 @@
- #include <linux/errno.h>
- #include <linux/pci.h>
- #include <linux/syscalls.h>
-+#include <linux/module.h>
- #include <asm/uaccess.h>
- #include "pci.h"
- 
-@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
- 	u32 dword;
- 	int err = 0;
- 
--	if (!capable(CAP_SYS_ADMIN))
-+	if (!capable(CAP_SYS_ADMIN) || secure_modules())
- 		return -EPERM;
- 
- 	dev = pci_get_bus_and_slot(bus, dfn);
--- 
-2.4.3
-

RFC-audit-fix-a-race-condition-with-the-auditd-tracking-code.patch

@@ -0,0 +1,156 @@
+From patchwork Thu Jun 15 15:28:58 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [RFC] audit: fix a race condition with the auditd tracking code
+From: Paul Moore <pmoore@redhat.com>
+X-Patchwork-Id: 9789009
+Message-Id: <149754053819.11365.5047864735077505545.stgit@sifl>
+To: linux-audit@redhat.com
+Cc: Dusty Mabe <dustymabe@redhat.com>
+Date: Thu, 15 Jun 2017 11:28:58 -0400
+
+From: Paul Moore <paul@paul-moore.com>
+
+Originally reported by Adam and Dusty, it appears we have a small
+race window in kauditd_thread(), as documented in the Fedora BZ:
+
+ * https://bugzilla.redhat.com/show_bug.cgi?id=1459326#c35
+
+ "This issue is partly due to the read-copy nature of RCU, and
+  partly due to how we sync the auditd_connection state across
+  kauditd_thread and the audit control channel.  The kauditd_thread
+  thread is always running so it can service the record queues and
+  emit the multicast messages, if it happens to be just past the
+  "main_queue" label, but before the "if (sk == NULL || ...)"
+  if-statement which calls auditd_reset() when the new auditd
+  connection is registered it could end up resetting the auditd
+  connection, regardless of if it is valid or not.  This is a rather
+  small window and the variable nature of multi-core scheduling
+  explains why this is proving rather difficult to reproduce."
+
+The fix is to have functions only call auditd_reset() when they
+believe that the kernel/auditd connection is still valid, e.g.
+non-NULL, and to have these callers pass their local copy of the
+auditd_connection pointer to auditd_reset() where it can be compared
+with the current connection state before resetting.  If the caller
+has a stale state tracking pointer then the reset is ignored.
+
+We also make a small change to kauditd_thread() so that if the
+kernel/auditd connection is dead we skip the retry queue and send the
+records straight to the hold queue.  This is necessary as we used to
+rely on auditd_reset() to occasionally purge the retry queue but we
+are going to be calling the reset function much less now and we want
+to make sure the retry queue doesn't grow unbounded.
+
+Reported-by: Adam Williamson <awilliam@redhat.com>
+Reported-by: Dusty Mabe <dustymabe@redhat.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
+---
+ kernel/audit.c |   36 +++++++++++++++++++++++-------------
+ 1 file changed, 23 insertions(+), 13 deletions(-)
+
+
+--
+Linux-audit mailing list
+Linux-audit@redhat.com
+https://www.redhat.com/mailman/listinfo/linux-audit
+
+diff --git a/kernel/audit.c b/kernel/audit.c
+index b2e877100242..e1e2b3abfb93 100644
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -575,12 +575,16 @@ static void kauditd_retry_skb(struct sk_buff *skb)
+ 
+ /**
+  * auditd_reset - Disconnect the auditd connection
++ * @ac: auditd connection state
+  *
+  * Description:
+  * Break the auditd/kauditd connection and move all the queued records into the
+- * hold queue in case auditd reconnects.
++ * hold queue in case auditd reconnects.  It is important to note that the @ac
++ * pointer should never be dereferenced inside this function as it may be NULL
++ * or invalid, you can only compare the memory address!  If @ac is NULL then
++ * the connection will always be reset.
+  */
+-static void auditd_reset(void)
++static void auditd_reset(const struct auditd_connection *ac)
+ {
+ 	unsigned long flags;
+ 	struct sk_buff *skb;
+@@ -590,6 +594,11 @@ static void auditd_reset(void)
+ 	spin_lock_irqsave(&auditd_conn_lock, flags);
+ 	ac_old = rcu_dereference_protected(auditd_conn,
+ 					   lockdep_is_held(&auditd_conn_lock));
++	if (ac && ac != ac_old) {
++		/* someone already registered a new auditd connection */
++		spin_unlock_irqrestore(&auditd_conn_lock, flags);
++		return;
++	}
+ 	rcu_assign_pointer(auditd_conn, NULL);
+ 	spin_unlock_irqrestore(&auditd_conn_lock, flags);
+ 
+@@ -649,8 +658,8 @@ static int auditd_send_unicast_skb(struct sk_buff *skb)
+ 	return rc;
+ 
+ err:
+-	if (rc == -ECONNREFUSED)
+-		auditd_reset();
++	if (ac && rc == -ECONNREFUSED)
++		auditd_reset(ac);
+ 	return rc;
+ }
+ 
+@@ -795,9 +804,9 @@ static int kauditd_thread(void *dummy)
+ 		rc = kauditd_send_queue(sk, portid,
+ 					&audit_hold_queue, UNICAST_RETRIES,
+ 					NULL, kauditd_rehold_skb);
+-		if (rc < 0) {
++		if (ac && rc < 0) {
+ 			sk = NULL;
+-			auditd_reset();
++			auditd_reset(ac);
+ 			goto main_queue;
+ 		}
+ 
+@@ -805,9 +814,9 @@ static int kauditd_thread(void *dummy)
+ 		rc = kauditd_send_queue(sk, portid,
+ 					&audit_retry_queue, UNICAST_RETRIES,
+ 					NULL, kauditd_hold_skb);
+-		if (rc < 0) {
++		if (ac && rc < 0) {
+ 			sk = NULL;
+-			auditd_reset();
++			auditd_reset(ac);
+ 			goto main_queue;
+ 		}
+ 
+@@ -815,12 +824,13 @@ static int kauditd_thread(void *dummy)
+ 		/* process the main queue - do the multicast send and attempt
+ 		 * unicast, dump failed record sends to the retry queue; if
+ 		 * sk == NULL due to previous failures we will just do the
+-		 * multicast send and move the record to the retry queue */
++		 * multicast send and move the record to the hold queue */
+ 		rc = kauditd_send_queue(sk, portid, &audit_queue, 1,
+ 					kauditd_send_multicast_skb,
+-					kauditd_retry_skb);
+-		if (sk == NULL || rc < 0)
+-			auditd_reset();
++					(sk ?
++					 kauditd_retry_skb : kauditd_hold_skb));
++		if (ac && rc < 0)
++			auditd_reset(ac);
+ 		sk = NULL;
+ 
+ 		/* drop our netns reference, no auditd sends past this line */
+@@ -1230,7 +1240,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+ 								auditd_pid, 1);
+ 
+ 				/* unregister the auditd connection */
+-				auditd_reset();
++				auditd_reset(NULL);
+ 			}
+ 		}
+ 		if (s.mask & AUDIT_STATUS_RATE_LIMIT) {

Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch

@@ -1,42 +0,0 @@
-From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Fri, 9 Mar 2012 09:28:15 -0500
-Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
- restricted
-
-Allowing users to write to address space makes it possible for the kernel
-to be subverted, avoiding module loading restrictions. Prevent this when
-any restrictions have been imposed on loading modules.
-
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
----
- drivers/char/mem.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 53fe675f9bd7..b52c88860532 100644
---- a/drivers/char/mem.c
-+++ b/drivers/char/mem.c
-@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
- 	if (p != *ppos)
- 		return -EFBIG;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	if (!valid_phys_addr_range(p, count))
- 		return -EFAULT;
- 
-@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
- 	char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
- 	int err = 0;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	if (p < (unsigned long) high_memory) {
- 		unsigned long to_write = min_t(unsigned long, count,
- 					       (unsigned long)high_memory - p);
--- 
-2.4.3
-

acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch

@@ -1,39 +0,0 @@
-From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
-From: Josh Boyer <jwboyer@redhat.com>
-Date: Mon, 25 Jun 2012 19:57:30 -0400
-Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
- loading is restricted
-
-This option allows userspace to pass the RSDP address to the kernel, which
-makes it possible for a user to circumvent any restrictions imposed on
-loading modules. Disable it in that case.
-
-Signed-off-by: Josh Boyer <jwboyer@redhat.com>
----
- drivers/acpi/osl.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 739a4a6b3b9b..9ef2a020a7a9 100644
---- a/drivers/acpi/osl.c
-+++ b/drivers/acpi/osl.c
-@@ -40,6 +40,7 @@
- #include <linux/list.h>
- #include <linux/jiffies.h>
- #include <linux/semaphore.h>
-+#include <linux/module.h>
- 
- #include <asm/io.h>
- #include <asm/uaccess.h>
-@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
- acpi_physical_address __init acpi_os_get_root_pointer(void)
- {
- #ifdef CONFIG_KEXEC
--	if (acpi_rsdp)
-+	if (acpi_rsdp && !secure_modules())
- 		return acpi_rsdp;
- #endif
- 
--- 
-2.4.3
-

arm-i.MX6-Utilite-device-dtb.patch

@@ -1,62 +0,0 @@
-From: Peter Robinson <pbrobinson@gmail.com>
-Date: Fri, 11 Jul 2014 00:10:56 +0100
-Subject: [PATCH] arm: i.MX6 Utilite device dtb
-
----
- arch/arm/boot/dts/imx6q-cm-fx6.dts | 38 ++++++++++++++++++++++++++++++++++++++
- 1 file changed, 38 insertions(+)
-
-diff --git a/arch/arm/boot/dts/imx6q-cm-fx6.dts b/arch/arm/boot/dts/imx6q-cm-fx6.dts
-index 99b46f8030ad..8b6ddd16dcc5 100644
---- a/arch/arm/boot/dts/imx6q-cm-fx6.dts
-+++ b/arch/arm/boot/dts/imx6q-cm-fx6.dts
-@@ -97,11 +97,49 @@
- 				MX6QDL_PAD_KEY_ROW0__UART4_RX_DATA	0x1b0b1
- 			>;
- 		};
-+
-+		pinctrl_usdhc1: usdhc1grp {
-+			fsl,pins = <
-+				MX6QDL_PAD_SD1_CMD__SD1_CMD             0x17059
-+				MX6QDL_PAD_SD1_CLK__SD1_CLK             0x10059
-+				MX6QDL_PAD_SD1_DAT0__SD1_DATA0          0x17059
-+				MX6QDL_PAD_SD1_DAT1__SD1_DATA1          0x17059
-+				MX6QDL_PAD_SD1_DAT2__SD1_DATA2          0x17059
-+				MX6QDL_PAD_SD1_DAT3__SD1_DATA3          0x17059
-+			>;
-+		};
-+
-+		pinctrl_usdhc3: usdhc3grp {
-+			fsl,pins = <
-+				MX6QDL_PAD_SD3_CMD__SD3_CMD             0x17059
-+				MX6QDL_PAD_SD3_CLK__SD3_CLK             0x10059
-+				MX6QDL_PAD_SD3_DAT0__SD3_DATA0          0x17059
-+				MX6QDL_PAD_SD3_DAT1__SD3_DATA1          0x17059
-+				MX6QDL_PAD_SD3_DAT2__SD3_DATA2          0x17059
-+				MX6QDL_PAD_SD3_DAT3__SD3_DATA3          0x17059
-+			>;
-+		};
- 	};
- };
- 
-+&sata {
-+	status = "okay";
-+};
-+
- &uart4 {
- 	pinctrl-names = "default";
- 	pinctrl-0 = <&pinctrl_uart4>;
- 	status = "okay";
- };
-+
-+&usdhc1 {
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&pinctrl_usdhc1>;
-+	status = "okay";
-+};
-+
-+&usdhc3 {
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&pinctrl_usdhc3>;
-+	status = "okay";
-+};

arm-imx6-hummingboard2.patch

@@ -0,0 +1,902 @@
+From e9e601215d294d473a593641b1ecfd1fa4586a90 Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Thu, 6 Apr 2017 13:52:54 +0100
+Subject: [PATCH 1/4] [RFC,v2,1/4] ARM: dts: imx6qdl: add HummingBoard2 boards
+
+From: Jon Nettleton <jon@solid-run.com>
+
+This adds support for the Hummingboard Gate and Edge devices from
+SolidRun.
+
+Signed-off-by: Jon Nettleton <jon@solid-run.com>
+Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+---
+ arch/arm/boot/dts/Makefile                   |   2 +
+ arch/arm/boot/dts/imx6dl-hummingboard2.dts   |  52 +++
+ arch/arm/boot/dts/imx6q-hummingboard2.dts    |  60 +++
+ arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi | 543 +++++++++++++++++++++++++++
+ 4 files changed, 657 insertions(+)
+ create mode 100644 arch/arm/boot/dts/imx6dl-hummingboard2.dts
+ create mode 100644 arch/arm/boot/dts/imx6q-hummingboard2.dts
+ create mode 100644 arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+
+diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
+index 011808490fed..ccdff6650541 100644
+--- a/arch/arm/boot/dts/Makefile
++++ b/arch/arm/boot/dts/Makefile
+@@ -353,6 +353,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
+ 	imx6dl-gw552x.dtb \
+ 	imx6dl-gw553x.dtb \
+ 	imx6dl-hummingboard.dtb \
++	imx6dl-hummingboard2.dtb \
+ 	imx6dl-icore.dtb \
+ 	imx6dl-icore-rqs.dtb \
+ 	imx6dl-nit6xlite.dtb \
+@@ -397,6 +398,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
+ 	imx6q-gw553x.dtb \
+ 	imx6q-h100.dtb \
+ 	imx6q-hummingboard.dtb \
++	imx6q-hummingboard2.dtb \
+ 	imx6q-icore.dtb \
+ 	imx6q-icore-rqs.dtb \
+ 	imx6q-marsboard.dtb \
+diff --git a/arch/arm/boot/dts/imx6dl-hummingboard2.dts b/arch/arm/boot/dts/imx6dl-hummingboard2.dts
+new file mode 100644
+index 000000000000..990b5050de5b
+--- /dev/null
++++ b/arch/arm/boot/dts/imx6dl-hummingboard2.dts
+@@ -0,0 +1,52 @@
++/*
++ * Device Tree file for SolidRun HummingBoard2
++ * Copyright (C) 2015 Rabeeh Khoury <rabeeh@solid-run.com>
++ * Based on work by Russell King
++ *
++ * This file is dual-licensed: you can use it either under the terms
++ * of the GPL or the X11 license, at your option. Note that this dual
++ * licensing only applies to this file, and not this project as a
++ * whole.
++ *
++ *  a) This file is free software; you can redistribute it and/or
++ *     modify it under the terms of the GNU General Public License as
++ *     published by the Free Software Foundation; either version 2 of the
++ *     License.
++ *
++ *     This file is distributed in the hope that it will be useful
++ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *     GNU General Public License for more details.
++ *
++ * Or, alternatively
++ *
++ *  b) Permission is hereby granted, free of charge, to any person
++ *     obtaining a copy of this software and associated documentation
++ *     files (the "Software"), to deal in the Software without
++ *     restriction, including without limitation the rights to use
++ *     copy, modify, merge, publish, distribute, sublicense, and/or
++ *     sell copies of the Software, and to permit persons to whom the
++ *     Software is furnished to do so, subject to the following
++ *     conditions:
++ *
++ *     The above copyright notice and this permission notice shall be
++ *     included in all copies or substantial portions of the Software.
++ *
++ *     THE SOFTWARE IS PROVIDED , WITHOUT WARRANTY OF ANY KIND
++ *     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
++ *     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ *     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
++ *     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY
++ *     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ *     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
++ *     OTHER DEALINGS IN THE SOFTWARE.
++ */
++/dts-v1/;
++
++#include "imx6dl.dtsi"
++#include "imx6qdl-hummingboard2.dtsi"
++
++/ {
++	model = "SolidRun HummingBoard2 Solo/DualLite";
++	compatible = "solidrun,hummingboard2/dl", "fsl,imx6dl";
++};
+diff --git a/arch/arm/boot/dts/imx6q-hummingboard2.dts b/arch/arm/boot/dts/imx6q-hummingboard2.dts
+new file mode 100644
+index 000000000000..f5eec9163bb8
+--- /dev/null
++++ b/arch/arm/boot/dts/imx6q-hummingboard2.dts
+@@ -0,0 +1,60 @@
++/*
++ * Device Tree file for SolidRun HummingBoard2
++ * Copyright (C) 2015 Rabeeh Khoury <rabeeh@solid-run.com>
++ * Based on work by Russell King
++ *
++ * This file is dual-licensed: you can use it either under the terms
++ * of the GPL or the X11 license, at your option. Note that this dual
++ * licensing only applies to this file, and not this project as a
++ * whole.
++ *
++ *  a) This file is free software; you can redistribute it and/or
++ *     modify it under the terms of the GNU General Public License as
++ *     published by the Free Software Foundation; either version 2 of the
++ *     License.
++ *
++ *     This file is distributed in the hope that it will be useful
++ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *     GNU General Public License for more details.
++ *
++ * Or, alternatively
++ *
++ *  b) Permission is hereby granted, free of charge, to any person
++ *     obtaining a copy of this software and associated documentation
++ *     files (the "Software"), to deal in the Software without
++ *     restriction, including without limitation the rights to use
++ *     copy, modify, merge, publish, distribute, sublicense, and/or
++ *     sell copies of the Software, and to permit persons to whom the
++ *     Software is furnished to do so, subject to the following
++ *     conditions:
++ *
++ *     The above copyright notice and this permission notice shall be
++ *     included in all copies or substantial portions of the Software.
++ *
++ *     THE SOFTWARE IS PROVIDED , WITHOUT WARRANTY OF ANY KIND
++ *     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
++ *     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ *     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
++ *     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY
++ *     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ *     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
++ *     OTHER DEALINGS IN THE SOFTWARE.
++ */
++/dts-v1/;
++
++#include "imx6q.dtsi"
++#include "imx6qdl-hummingboard2.dtsi"
++
++/ {
++	model = "SolidRun HummingBoard2 Dual/Quad";
++	compatible = "solidrun,hummingboard2/q", "fsl,imx6q";
++};
++
++&sata {
++	status = "okay";
++	fsl,transmit-level-mV = <1104>;
++	fsl,transmit-boost-mdB = <0>;
++	fsl,transmit-atten-16ths = <9>;
++	fsl,no-spread-spectrum;
++};
+diff --git a/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+new file mode 100644
+index 000000000000..11b63f6f2b89
+--- /dev/null
++++ b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+@@ -0,0 +1,543 @@
++/*
++ * Device Tree file for SolidRun HummingBoard2
++ * Copyright (C) 2015 Rabeeh Khoury <rabeeh@solid-run.com>
++ *
++ * This file is dual-licensed: you can use it either under the terms
++ * of the GPL or the X11 license, at your option. Note that this dual
++ * licensing only applies to this file, and not this project as a
++ * whole.
++ *
++ *  a) This file is free software; you can redistribute it and/or
++ *     modify it under the terms of the GNU General Public License as
++ *     published by the Free Software Foundation; either version 2 of the
++ *     License.
++ *
++ *     This file is distributed in the hope that it will be useful,
++ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *     GNU General Public License for more details.
++ *
++ * Or, alternatively,
++ *
++ *  b) Permission is hereby granted, free of charge, to any person
++ *     obtaining a copy of this software and associated documentation
++ *     files (the "Software"), to deal in the Software without
++ *     restriction, including without limitation the rights to use
++ *     copy, modify, merge, publish, distribute, sublicense, and/or
++ *     sell copies of the Software, and to permit persons to whom the
++ *     Software is furnished to do so, subject to the following
++ *     conditions:
++ *
++ *     The above copyright notice and this permission notice shall be
++ *     included in all copies or substantial portions of the Software.
++ *
++ *     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ *     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
++ *     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ *     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
++ *     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
++ *     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ *     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
++ *     OTHER DEALINGS IN THE SOFTWARE.
++ */
++#include "imx6qdl-microsom.dtsi"
++#include "imx6qdl-microsom-ar8035.dtsi"
++
++/ {
++	chosen {
++		stdout-path = &uart1;
++	};
++
++	ir_recv: ir-receiver {
++		compatible = "gpio-ir-receiver";
++		gpios = <&gpio7 9 1>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&pinctrl_hummingboard2_gpio7_9>;
++		linux,rc-map-name = "rc-rc6-mce";
++	};
++
++	usdhc2_pwrseq: usdhc2-pwrseq {
++		compatible = "mmc-pwrseq-simple";
++		reset-gpios = <&gpio4 30 GPIO_ACTIVE_HIGH>;
++	};
++
++	reg_3p3v: regulator-3p3v {
++		compatible = "regulator-fixed";
++		regulator-name = "3P3V";
++		regulator-min-microvolt = <3300000>;
++		regulator-max-microvolt = <3300000>;
++		regulator-always-on;
++	};
++
++	reg_1p8v: regulator-1p8v {
++		compatible = "regulator-fixed";
++		regulator-name = "1P8V";
++		regulator-min-microvolt = <1800000>;
++		regulator-max-microvolt = <1800000>;
++		regulator-always-on;
++	};
++
++	reg_usbh1_vbus: regulator-usb-h1-vbus {
++		compatible = "regulator-fixed";
++		enable-active-high;
++		gpio = <&gpio1 0 0>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&pinctrl_hummingboard2_usbh1_vbus>;
++		regulator-name = "usb_h1_vbus";
++		regulator-min-microvolt = <5000000>;
++		regulator-max-microvolt = <5000000>;
++	};
++
++	reg_usbotg_vbus: regulator-usb-otg-vbus {
++		compatible = "regulator-fixed";
++		enable-active-high;
++		gpio = <&gpio3 22 0>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&pinctrl_hummingboard2_usbotg_vbus>;
++		regulator-name = "usb_otg_vbus";
++		regulator-min-microvolt = <5000000>;
++		regulator-max-microvolt = <5000000>;
++	};
++
++	reg_usbh2_vbus: regulator-usb-h2-vbus {
++		compatible = "regulator-gpio";
++		enable-active-high;
++		enable-gpio = <&gpio2 13 0>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&pinctrl_hummingboard2_usbh2_vbus>;
++		regulator-name = "usb_h2_vbus";
++		regulator-min-microvolt = <5000000>;
++		regulator-max-microvolt = <5000000>;
++		regulator-boot-on;
++	};
++
++	reg_usbh3_vbus: regulator-usb-h3-vbus {
++		compatible = "regulator-gpio";
++		enable-active-high;
++		enable-gpio = <&gpio7 10 0>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&pinctrl_hummingboard2_usbh3_vbus>;
++		regulator-name = "usb_h3_vbus";
++		regulator-min-microvolt = <5000000>;
++		regulator-max-microvolt = <5000000>;
++		regulator-boot-on;
++	};
++
++	sound-sgtl5000 {
++		audio-codec = <&sgtl5000>;
++		audio-routing =
++			"MIC_IN", "Mic Jack",
++			"Mic Jack", "Mic Bias",
++			"Headphone Jack", "HP_OUT";
++		compatible = "fsl,imx-audio-sgtl5000";
++		model = "On-board Codec";
++		mux-ext-port = <5>;
++		mux-int-port = <1>;
++		ssi-controller = <&ssi1>;
++	};
++};
++
++&audmux {
++	status = "okay";
++};
++
++&ecspi2 {
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_ecspi2>;
++	cs-gpios = <&gpio2 26 0>;
++	status = "okay";
++};
++
++&hdmi {
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_hdmi>;
++	ddc-i2c-bus = <&i2c2>;
++	status = "okay";
++};
++
++&i2c1 {
++	clock-frequency = <100000>;
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_i2c1>;
++	status = "okay";
++
++	pcf8523: rtc@68 {
++		compatible = "nxp,pcf8523";
++		reg = <0x68>;
++		nxp,12p5_pf;
++	};
++
++	sgtl5000: codec@0a {
++		clocks = <&clks IMX6QDL_CLK_CKO>;
++		compatible = "fsl,sgtl5000";
++		pinctrl-names = "default";
++		pinctrl-0 = <&pinctrl_hummingboard2_sgtl5000>;
++		reg = <0x0a>;
++		VDDA-supply = <&reg_3p3v>;
++		VDDIO-supply = <&reg_3p3v>;
++	};
++};
++
++&i2c2 {
++	clock-frequency = <100000>;
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_i2c2>;
++	status = "okay";
++};
++
++&i2c3 {
++	clock-frequency = <100000>;
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_i2c3>;
++	status = "okay";
++};
++
++&iomuxc {
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hog>;
++
++	hummingboard2 {
++		pinctrl_hog: hoggrp {
++		fsl,pins = <
++				/*
++				 * 36 pin headers GPIO description. The pins
++				 * numbering as following -
++				 *
++				 * 	3.2v	5v	74	75
++				 *	73	72	71	70
++				 *	69	68	67	66
++				 *
++				 *	77	78	79	76
++				 *	65	64	61	60
++				 *	53	52	51	50
++				 *	49	48	166	132
++				 *	95	94	90	91
++				 *	GND	54	24	204
++				 *
++				 * The GPIO numbers can be extracted using
++				 * signal name from below.
++				 * Example -
++				 * MX6QDL_PAD_EIM_DA10__GPIO3_IO10 is
++				 * GPIO(3,10) which is (3-1)*32+10 = gpio 74
++				 *
++				 * i.e. The mapping of GPIO(X,Y) to Linux gpio
++				 * number is : gpio number = (X-1) * 32 + Y
++				 */
++				/* DI1_PIN15 */
++				MX6QDL_PAD_EIM_DA10__GPIO3_IO10 0x400130b1
++				/* DI1_PIN02 */
++				MX6QDL_PAD_EIM_DA11__GPIO3_IO11 0x400130b1
++				/* DISP1_DATA00 */
++				MX6QDL_PAD_EIM_DA9__GPIO3_IO09 0x400130b1
++				/* DISP1_DATA01 */
++				MX6QDL_PAD_EIM_DA8__GPIO3_IO08 0x400130b1
++				/* DISP1_DATA02 */
++				MX6QDL_PAD_EIM_DA7__GPIO3_IO07 0x400130b1
++				/* DISP1_DATA03 */
++				MX6QDL_PAD_EIM_DA6__GPIO3_IO06 0x400130b1
++				/* DISP1_DATA04 */
++				MX6QDL_PAD_EIM_DA5__GPIO3_IO05 0x400130b1
++				/* DISP1_DATA05 */
++				MX6QDL_PAD_EIM_DA4__GPIO3_IO04 0x400130b1
++				/* DISP1_DATA06 */
++				MX6QDL_PAD_EIM_DA3__GPIO3_IO03 0x400130b1
++				/* DISP1_DATA07 */
++				MX6QDL_PAD_EIM_DA2__GPIO3_IO02 0x400130b1
++				/* DI1_D0_CS */
++				MX6QDL_PAD_EIM_DA13__GPIO3_IO13 0x400130b1
++				/* DI1_D1_CS */
++				MX6QDL_PAD_EIM_DA14__GPIO3_IO14 0x400130b1
++				/* DI1_PIN01 */
++				MX6QDL_PAD_EIM_DA15__GPIO3_IO15 0x400130b1
++				/* DI1_PIN03 */
++				MX6QDL_PAD_EIM_DA12__GPIO3_IO12 0x400130b1
++				/* DISP1_DATA08 */
++				MX6QDL_PAD_EIM_DA1__GPIO3_IO01 0x400130b1
++				/* DISP1_DATA09 */
++				MX6QDL_PAD_EIM_DA0__GPIO3_IO00 0x400130b1
++				/* DISP1_DATA10 */
++				MX6QDL_PAD_EIM_EB1__GPIO2_IO29 0x400130b1
++				/* DISP1_DATA11 */
++				MX6QDL_PAD_EIM_EB0__GPIO2_IO28 0x400130b1
++				/* DISP1_DATA12 */
++				MX6QDL_PAD_EIM_A17__GPIO2_IO21 0x400130b1
++				/* DISP1_DATA13 */
++				MX6QDL_PAD_EIM_A18__GPIO2_IO20 0x400130b1
++				/* DISP1_DATA14 */
++				MX6QDL_PAD_EIM_A19__GPIO2_IO19 0x400130b1
++				/* DISP1_DATA15 */
++				MX6QDL_PAD_EIM_A20__GPIO2_IO18 0x400130b1
++				/* DISP1_DATA16 */
++				MX6QDL_PAD_EIM_A21__GPIO2_IO17 0x400130b1
++				/* DISP1_DATA17 */
++				MX6QDL_PAD_EIM_A22__GPIO2_IO16 0x400130b1
++				/* DISP1_DATA18 */
++				MX6QDL_PAD_EIM_A23__GPIO6_IO06 0x400130b1
++				/* DISP1_DATA19 */
++				MX6QDL_PAD_EIM_A24__GPIO5_IO04 0x400130b1
++				/* DISP1_DATA20 */
++				MX6QDL_PAD_EIM_D31__GPIO3_IO31 0x400130b1
++				/* DISP1_DATA21 */
++				MX6QDL_PAD_EIM_D30__GPIO3_IO30 0x400130b1
++				/* DISP1_DATA22 */
++				MX6QDL_PAD_EIM_D26__GPIO3_IO26 0x400130b1
++				/* DISP1_DATA23 */
++				MX6QDL_PAD_EIM_D27__GPIO3_IO27 0x400130b1
++				/* DI1_DISP_CLK */
++				MX6QDL_PAD_EIM_A16__GPIO2_IO22 0x400130b1
++				/* SPDIF_IN */
++				MX6QDL_PAD_ENET_RX_ER__GPIO1_IO24 0x400130b1
++				/* SPDIF_OUT */
++				MX6QDL_PAD_GPIO_17__GPIO7_IO12 0x400130b1
++
++				/* MikroBUS GPIO pin number 10 */
++				MX6QDL_PAD_EIM_LBA__GPIO2_IO27 0x400130b1
++			>;
++		};
++
++		pinctrl_hummingboard2_ecspi2: hummingboard2-ecspi2grp {
++			fsl,pins = <
++				MX6QDL_PAD_EIM_OE__ECSPI2_MISO	0x100b1
++				MX6QDL_PAD_EIM_CS1__ECSPI2_MOSI	0x100b1
++				MX6QDL_PAD_EIM_CS0__ECSPI2_SCLK	0x100b1
++				MX6QDL_PAD_EIM_RW__GPIO2_IO26	0x000b1 /* CS */
++			>;
++		};
++
++		pinctrl_hummingboard2_gpio7_9: hummingboard2-gpio7_9 {
++			fsl,pins = <
++				MX6QDL_PAD_SD4_CMD__GPIO7_IO09 0x80000000
++			>;
++		};
++
++		pinctrl_hummingboard2_hdmi: hummingboard2-hdmi {
++			fsl,pins = <
++				MX6QDL_PAD_KEY_ROW2__HDMI_TX_CEC_LINE 0x1f8b0
++			>;
++		};
++
++		pinctrl_hummingboard2_i2c1: hummingboard2-i2c1 {
++			fsl,pins = <
++				MX6QDL_PAD_EIM_D21__I2C1_SCL 0x4001b8b1
++				MX6QDL_PAD_EIM_D28__I2C1_SDA 0x4001b8b1
++			>;
++		};
++
++		pinctrl_hummingboard2_i2c2: hummingboard2-i2c2 {
++			fsl,pins = <
++				MX6QDL_PAD_KEY_COL3__I2C2_SCL 0x4001b8b1
++				MX6QDL_PAD_KEY_ROW3__I2C2_SDA 0x4001b8b1
++			>;
++		};
++
++		pinctrl_hummingboard2_i2c3: hummingboard2-i2c3 {
++			fsl,pins = <
++				MX6QDL_PAD_EIM_D17__I2C3_SCL 0x4001b8b1
++				MX6QDL_PAD_EIM_D18__I2C3_SDA 0x4001b8b1
++			>;
++		};
++
++		pinctrl_hummingboard2_mipi: hummingboard2_mipi {
++			fsl,pins = <
++				MX6QDL_PAD_SD4_DAT2__GPIO2_IO10 0x4001b8b1
++				MX6QDL_PAD_KEY_COL4__GPIO4_IO14 0x4001b8b1
++				MX6QDL_PAD_NANDF_CS2__CCM_CLKO2 0x130b0
++			>;
++		};
++
++		pinctrl_hummingboard2_pcie_reset: hummingboard2-pcie-reset {
++			fsl,pins = <
++				MX6QDL_PAD_SD4_DAT3__GPIO2_IO11 0x1b0b1
++			>;
++		};
++
++		pinctrl_hummingboard2_pwm1: pwm1grp {
++			fsl,pins = <
++				MX6QDL_PAD_DISP0_DAT8__PWM1_OUT 0x1b0b1
++			>;
++		};
++
++		pinctrl_hummingboard2_sgtl5000: hummingboard2-sgtl5000 {
++			fsl,pins = <
++				MX6QDL_PAD_DISP0_DAT19__AUD5_RXD 0x130b0
++				MX6QDL_PAD_KEY_COL0__AUD5_TXC 0x130b0
++				MX6QDL_PAD_KEY_ROW0__AUD5_TXD 0x110b0
++				MX6QDL_PAD_KEY_COL1__AUD5_TXFS 0x130b0
++				MX6QDL_PAD_GPIO_5__CCM_CLKO1 0x130b0
++			>;
++		};
++
++		pinctrl_hummingboard2_usbh1_vbus: hummingboard2-usbh1-vbus {
++			fsl,pins = <MX6QDL_PAD_GPIO_0__GPIO1_IO00 0x1b0b0>;
++		};
++
++		pinctrl_hummingboard2_usbh2_vbus: hummingboard2-usbh2-vbus {
++			fsl,pins = <MX6QDL_PAD_SD4_DAT5__GPIO2_IO13 0x1b0b0>;
++		};
++
++		pinctrl_hummingboard2_usbh3_vbus: hummingboard2-usbh3-vbus {
++			fsl,pins = <MX6QDL_PAD_SD4_CLK__GPIO7_IO10 0x1b0b0>;
++		};
++
++		pinctrl_hummingboard2_usbotg_id: hummingboard2-usbotg-id {
++			/*
++			 * Similar to pinctrl_usbotg_2, but we want it
++			 * pulled down for a fixed host connection.
++			 */
++			fsl,pins = <MX6QDL_PAD_GPIO_1__USB_OTG_ID 0x13059>;
++		};
++
++		pinctrl_hummingboard2_usbotg_vbus: hummingboard2-usbotg-vbus {
++			fsl,pins = <MX6QDL_PAD_EIM_D22__GPIO3_IO22 0x1b0b0>;
++		};
++
++		pinctrl_hummingboard2_usdhc2_aux: hummingboard2-usdhc2-aux {
++			fsl,pins = <
++				MX6QDL_PAD_GPIO_4__GPIO1_IO04    0x13071
++				MX6QDL_PAD_KEY_ROW1__SD2_VSELECT 0x1b071
++				MX6QDL_PAD_DISP0_DAT9__GPIO4_IO30 0x1b0b0
++			>;
++		};
++
++		pinctrl_hummingboard2_usdhc2: hummingboard2-usdhc2 {
++			fsl,pins = <
++				MX6QDL_PAD_SD2_CMD__SD2_CMD    0x17059
++				MX6QDL_PAD_SD2_CLK__SD2_CLK    0x10059
++				MX6QDL_PAD_SD2_DAT0__SD2_DATA0 0x17059
++				MX6QDL_PAD_SD2_DAT1__SD2_DATA1 0x17059
++				MX6QDL_PAD_SD2_DAT2__SD2_DATA2 0x17059
++				MX6QDL_PAD_SD2_DAT3__SD2_DATA3 0x13059
++			>;
++		};
++
++		pinctrl_hummingboard2_usdhc2_100mhz: hummingboard2-usdhc2-100mhz {
++			fsl,pins = <
++				MX6QDL_PAD_SD2_CMD__SD2_CMD    0x170b9
++				MX6QDL_PAD_SD2_CLK__SD2_CLK    0x100b9
++				MX6QDL_PAD_SD2_DAT0__SD2_DATA0 0x170b9
++				MX6QDL_PAD_SD2_DAT1__SD2_DATA1 0x170b9
++				MX6QDL_PAD_SD2_DAT2__SD2_DATA2 0x170b9
++				MX6QDL_PAD_SD2_DAT3__SD2_DATA3 0x130b9
++			>;
++		};
++
++		pinctrl_hummingboard2_usdhc2_200mhz: hummingboard2-usdhc2-200mhz {
++			fsl,pins = <
++				MX6QDL_PAD_SD2_CMD__SD2_CMD    0x170f9
++				MX6QDL_PAD_SD2_CLK__SD2_CLK    0x100f9
++				MX6QDL_PAD_SD2_DAT0__SD2_DATA0 0x170f9
++				MX6QDL_PAD_SD2_DAT1__SD2_DATA1 0x170f9
++				MX6QDL_PAD_SD2_DAT2__SD2_DATA2 0x170f9
++				MX6QDL_PAD_SD2_DAT3__SD2_DATA3 0x130f9
++			>;
++		};
++
++		pinctrl_hummingboard2_usdhc3: hummingboard2-usdhc3 {
++			fsl,pins = <
++				MX6QDL_PAD_SD3_CMD__SD3_CMD    0x17059
++				MX6QDL_PAD_SD3_CLK__SD3_CLK    0x10059
++				MX6QDL_PAD_SD3_DAT0__SD3_DATA0 0x17059
++				MX6QDL_PAD_SD3_DAT1__SD3_DATA1 0x17059
++				MX6QDL_PAD_SD3_DAT2__SD3_DATA2 0x17059
++				MX6QDL_PAD_SD3_DAT3__SD3_DATA3 0x17059
++				MX6QDL_PAD_SD3_DAT4__SD3_DATA4 0x17059
++				MX6QDL_PAD_SD3_DAT5__SD3_DATA5 0x17059
++				MX6QDL_PAD_SD3_DAT6__SD3_DATA6 0x17059
++				MX6QDL_PAD_SD3_DAT7__SD3_DATA7 0x17059
++				MX6QDL_PAD_SD3_RST__SD3_RESET  0x17059
++			>;
++		};
++
++		pinctrl_hummingboard2_uart3: hummingboard2-uart3 {
++			fsl,pins = <
++				MX6QDL_PAD_EIM_D25__UART3_TX_DATA	0x1b0b1
++				MX6QDL_PAD_EIM_D24__UART3_RX_DATA	0x40013000
++			>;
++		};
++	};
++};
++
++&ldb {
++	status = "disabled";
++
++	lvds-channel@0 {
++		fsl,data-mapping = "spwg";
++		fsl,data-width = <18>;
++	};
++};
++
++&pcie {
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_pcie_reset>;
++	reset-gpio = <&gpio2 11 0>;
++	status = "okay";
++};
++
++&pwm1 {
++        pinctrl-names = "default";
++        pinctrl-0 = <&pinctrl_hummingboard2_pwm1>;
++        status = "okay";
++};
++
++&pwm3 {
++	status = "disabled";
++};
++
++&pwm4 {
++	status = "disabled";
++};
++
++&ssi1 {
++	status = "okay";
++};
++
++&usbh1 {
++	disable-over-current;
++	vbus-supply = <&reg_usbh1_vbus>;
++	status = "okay";
++};
++
++&usbotg {
++	disable-over-current;
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_usbotg_id>;
++	vbus-supply = <&reg_usbotg_vbus>;
++	status = "okay";
++};
++
++&usdhc2 {
++	pinctrl-names = "default", "state_100mhz", "state_200mhz";
++	pinctrl-0 = <
++		&pinctrl_hummingboard2_usdhc2_aux
++		&pinctrl_hummingboard2_usdhc2
++	>;
++	pinctrl-1 = <
++		&pinctrl_hummingboard2_usdhc2_aux
++		&pinctrl_hummingboard2_usdhc2_100mhz
++	>;
++	pinctrl-2 = <
++		&pinctrl_hummingboard2_usdhc2_aux
++		&pinctrl_hummingboard2_usdhc2_200mhz
++	>;
++	mmc-pwrseq = <&usdhc2_pwrseq>;
++	cd-gpios = <&gpio1 4 0>;
++	status = "okay";
++};
++
++&usdhc3 {
++	pinctrl-names = "default";
++	pinctrl-0 = <
++		&pinctrl_hummingboard2_usdhc3
++	>;
++	vmmc-supply = <&reg_3p3v>;
++	vqmmc-supply = <&reg_3p3v>;
++	bus-width = <8>;
++	non-removable;
++	status = "okay";
++};
++
++&uart3 {
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_hummingboard2_uart3>;
++	status = "okay";
++};
+-- 
+2.12.2
+
+From 3da2a99c4a8f19e846b19071441d2c6b88e00c06 Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Fri, 13 Jan 2017 14:45:30 +0000
+Subject: [PATCH 2/4] ARM: dts: imx6*-hummingboard2: fix SD card detect
+
+Fix the SD card detect signal, which was missing the polarity
+specification, and the pull-up necessary for proper signalling.
+
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+---
+ arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+index 11b63f6f2b89..734487edf200 100644
+--- a/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
++++ b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+@@ -393,7 +393,7 @@
+ 
+ 		pinctrl_hummingboard2_usdhc2_aux: hummingboard2-usdhc2-aux {
+ 			fsl,pins = <
+-				MX6QDL_PAD_GPIO_4__GPIO1_IO04    0x13071
++				MX6QDL_PAD_GPIO_4__GPIO1_IO04    0x1f071
+ 				MX6QDL_PAD_KEY_ROW1__SD2_VSELECT 0x1b071
+ 				MX6QDL_PAD_DISP0_DAT9__GPIO4_IO30 0x1b0b0
+ 			>;
+@@ -520,7 +520,7 @@
+ 		&pinctrl_hummingboard2_usdhc2_200mhz
+ 	>;
+ 	mmc-pwrseq = <&usdhc2_pwrseq>;
+-	cd-gpios = <&gpio1 4 0>;
++	cd-gpios = <&gpio1 4 GPIO_ACTIVE_LOW>;
+ 	status = "okay";
+ };
+ 
+-- 
+2.12.2
+
+From 57b0103b600a535a35e5ff9714649519a0b3a77a Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Fri, 13 Jan 2017 14:45:35 +0000
+Subject: [PATCH 3/4] ARM: dts: imx6*-hummingboard2: use proper gpio flags
+ definitions
+
+Use proper gpio flag definitions for GPIOs rather than using opaque
+uninformative numbers.
+
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+---
+ arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+index 734487edf200..88aaed26dd77 100644
+--- a/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
++++ b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+@@ -50,7 +50,7 @@
+ 
+ 	ir_recv: ir-receiver {
+ 		compatible = "gpio-ir-receiver";
+-		gpios = <&gpio7 9 1>;
++		gpios = <&gpio7 9 GPIO_ACTIVE_LOW>;
+ 		pinctrl-names = "default";
+ 		pinctrl-0 = <&pinctrl_hummingboard2_gpio7_9>;
+ 		linux,rc-map-name = "rc-rc6-mce";
+@@ -80,7 +80,7 @@
+ 	reg_usbh1_vbus: regulator-usb-h1-vbus {
+ 		compatible = "regulator-fixed";
+ 		enable-active-high;
+-		gpio = <&gpio1 0 0>;
++		gpio = <&gpio1 0 GPIO_ACTIVE_HIGH>;
+ 		pinctrl-names = "default";
+ 		pinctrl-0 = <&pinctrl_hummingboard2_usbh1_vbus>;
+ 		regulator-name = "usb_h1_vbus";
+@@ -91,7 +91,7 @@
+ 	reg_usbotg_vbus: regulator-usb-otg-vbus {
+ 		compatible = "regulator-fixed";
+ 		enable-active-high;
+-		gpio = <&gpio3 22 0>;
++		gpio = <&gpio3 22 GPIO_ACTIVE_HIGH>;
+ 		pinctrl-names = "default";
+ 		pinctrl-0 = <&pinctrl_hummingboard2_usbotg_vbus>;
+ 		regulator-name = "usb_otg_vbus";
+@@ -102,7 +102,7 @@
+ 	reg_usbh2_vbus: regulator-usb-h2-vbus {
+ 		compatible = "regulator-gpio";
+ 		enable-active-high;
+-		enable-gpio = <&gpio2 13 0>;
++		enable-gpio = <&gpio2 13 GPIO_ACTIVE_HIGH>;
+ 		pinctrl-names = "default";
+ 		pinctrl-0 = <&pinctrl_hummingboard2_usbh2_vbus>;
+ 		regulator-name = "usb_h2_vbus";
+@@ -114,7 +114,7 @@
+ 	reg_usbh3_vbus: regulator-usb-h3-vbus {
+ 		compatible = "regulator-gpio";
+ 		enable-active-high;
+-		enable-gpio = <&gpio7 10 0>;
++		enable-gpio = <&gpio7 10 GPIO_ACTIVE_HIGH>;
+ 		pinctrl-names = "default";
+ 		pinctrl-0 = <&pinctrl_hummingboard2_usbh3_vbus>;
+ 		regulator-name = "usb_h3_vbus";
+-- 
+2.12.2
+
+From f931de70370ff576f381cb9745bc54225a1a8056 Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Fri, 13 Jan 2017 14:45:40 +0000
+Subject: [PATCH 4/4] ARM: dts: imx6*-hummingboard2: convert to more
+ conventional vmmc-supply
+
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+---
+ arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi | 26 +++++++++++++++++++-------
+ 1 file changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+index 88aaed26dd77..f19d30b34ac4 100644
+--- a/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
++++ b/arch/arm/boot/dts/imx6qdl-hummingboard2.dtsi
+@@ -56,11 +56,6 @@
+ 		linux,rc-map-name = "rc-rc6-mce";
+ 	};
+ 
+-	usdhc2_pwrseq: usdhc2-pwrseq {
+-		compatible = "mmc-pwrseq-simple";
+-		reset-gpios = <&gpio4 30 GPIO_ACTIVE_HIGH>;
+-	};
+-
+ 	reg_3p3v: regulator-3p3v {
+ 		compatible = "regulator-fixed";
+ 		regulator-name = "3P3V";
+@@ -123,6 +118,18 @@
+ 		regulator-boot-on;
+ 	};
+ 
++	reg_usdhc2_vmmc: reg-usdhc2-vmmc {
++		compatible = "regulator-fixed";
++		gpio = <&gpio4 30 GPIO_ACTIVE_HIGH>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&pinctrl_hummingboard2_vmmc>;
++		regulator-boot-on;
++		regulator-max-microvolt = <3300000>;
++		regulator-min-microvolt = <3300000>;
++		regulator-name = "usdhc2_vmmc";
++		startup-delay-us = <1000>;
++	};
++
+ 	sound-sgtl5000 {
+ 		audio-codec = <&sgtl5000>;
+ 		audio-routing =
+@@ -393,7 +400,6 @@
+ 
+ 		pinctrl_hummingboard2_usdhc2_aux: hummingboard2-usdhc2-aux {
+ 			fsl,pins = <
+-				MX6QDL_PAD_GPIO_4__GPIO1_IO04    0x1f071
+ 				MX6QDL_PAD_KEY_ROW1__SD2_VSELECT 0x1b071
+ 				MX6QDL_PAD_DISP0_DAT9__GPIO4_IO30 0x1b0b0
+ 			>;
+@@ -432,6 +438,12 @@
+ 			>;
+ 		};
+ 
++		pinctrl_hummingboard2_vmmc: hummingboard2-vmmc {
++			fsl,pins = <
++				MX6QDL_PAD_GPIO_4__GPIO1_IO04    0x1f071
++			>;
++		};
++
+ 		pinctrl_hummingboard2_usdhc3: hummingboard2-usdhc3 {
+ 			fsl,pins = <
+ 				MX6QDL_PAD_SD3_CMD__SD3_CMD    0x17059
+@@ -519,7 +531,7 @@
+ 		&pinctrl_hummingboard2_usdhc2_aux
+ 		&pinctrl_hummingboard2_usdhc2_200mhz
+ 	>;
+-	mmc-pwrseq = <&usdhc2_pwrseq>;
++	vmmc-supply = <&reg_usdhc2_vmmc>;
+ 	cd-gpios = <&gpio1 4 GPIO_ACTIVE_LOW>;
+ 	status = "okay";
+ };
+-- 
+2.12.2
+

arm-revert-mmc-omap_hsmmc-Use-dma_request_chan-for-reque.patch

@@ -0,0 +1,100 @@
+From bb3e08008c0e48fd4f51a0f0957eecae61a24d69 Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Tue, 1 Nov 2016 09:35:30 +0000
+Subject: [PATCH] Revert "mmc: omap_hsmmc: Use dma_request_chan() for
+ requesting DMA channel"
+
+This reverts commit 81eef6ca92014845d40e3f1310e42b7010303acc.
+---
+ drivers/mmc/host/omap_hsmmc.c | 50 ++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 40 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c
+index 24ebc9a..3563321 100644
+--- a/drivers/mmc/host/omap_hsmmc.c
++++ b/drivers/mmc/host/omap_hsmmc.c
+@@ -32,6 +32,7 @@
+ #include <linux/of_irq.h>
+ #include <linux/of_gpio.h>
+ #include <linux/of_device.h>
++#include <linux/omap-dmaengine.h>
+ #include <linux/mmc/host.h>
+ #include <linux/mmc/core.h>
+ #include <linux/mmc/mmc.h>
+@@ -1992,6 +1993,8 @@ static int omap_hsmmc_probe(struct platform_device *pdev)
+ 	struct resource *res;
+ 	int ret, irq;
+ 	const struct of_device_id *match;
++	dma_cap_mask_t mask;
++	unsigned tx_req, rx_req;
+ 	const struct omap_mmc_of_data *data;
+ 	void __iomem *base;
+ 
+@@ -2121,17 +2124,44 @@ static int omap_hsmmc_probe(struct platform_device *pdev)
+ 
+ 	omap_hsmmc_conf_bus_power(host);
+ 
+-	host->rx_chan = dma_request_chan(&pdev->dev, "rx");
+-	if (IS_ERR(host->rx_chan)) {
+-		dev_err(mmc_dev(host->mmc), "RX DMA channel request failed\n");
+-		ret = PTR_ERR(host->rx_chan);
++	if (!pdev->dev.of_node) {
++		res = platform_get_resource_byname(pdev, IORESOURCE_DMA, "tx");
++		if (!res) {
++			dev_err(mmc_dev(host->mmc), "cannot get DMA TX channel\n");
++			ret = -ENXIO;
++			goto err_irq;
++		}
++		tx_req = res->start;
++
++		res = platform_get_resource_byname(pdev, IORESOURCE_DMA, "rx");
++		if (!res) {
++			dev_err(mmc_dev(host->mmc), "cannot get DMA RX channel\n");
++			ret = -ENXIO;
++			goto err_irq;
++		}
++		rx_req = res->start;
++	}
++
++	dma_cap_zero(mask);
++	dma_cap_set(DMA_SLAVE, mask);
++
++	host->rx_chan =
++		dma_request_slave_channel_compat(mask, omap_dma_filter_fn,
++						 &rx_req, &pdev->dev, "rx");
++
++	if (!host->rx_chan) {
++		dev_err(mmc_dev(host->mmc), "unable to obtain RX DMA engine channel\n");
++		ret = -ENXIO;
+ 		goto err_irq;
+ 	}
+ 
+-	host->tx_chan = dma_request_chan(&pdev->dev, "tx");
+-	if (IS_ERR(host->tx_chan)) {
+-		dev_err(mmc_dev(host->mmc), "TX DMA channel request failed\n");
+-		ret = PTR_ERR(host->tx_chan);
++	host->tx_chan =
++		dma_request_slave_channel_compat(mask, omap_dma_filter_fn,
++						 &tx_req, &pdev->dev, "tx");
++
++	if (!host->tx_chan) {
++		dev_err(mmc_dev(host->mmc), "unable to obtain TX DMA engine channel\n");
++		ret = -ENXIO;
+ 		goto err_irq;
+ 	}
+ 
+@@ -2189,9 +2219,9 @@ err_slot_name:
+ 	mmc_remove_host(mmc);
+ err_irq:
+ 	device_init_wakeup(&pdev->dev, false);
+-	if (!IS_ERR_OR_NULL(host->tx_chan))
++	if (host->tx_chan)
+ 		dma_release_channel(host->tx_chan);
+-	if (!IS_ERR_OR_NULL(host->rx_chan))
++	if (host->rx_chan)
+ 		dma_release_channel(host->rx_chan);
+ 	pm_runtime_dont_use_autosuspend(host->dev);
+ 	pm_runtime_put_sync(host->dev);
+-- 
+2.9.3
+

arm-rk3288-tinker.patch

@@ -0,0 +1,573 @@
+From 223599514133293bb9afe7b82937140c3b275877 Mon Sep 17 00:00:00 2001
+From: Eddie Cai <eddie.cai.linux@gmail.com>
+Date: Tue, 14 Feb 2017 18:07:31 +0800
+Subject: ARM: dts: rockchip: add dts for RK3288-Tinker board
+
+This patch add basic support for RK3288-Tinker board. We can boot in to rootfs
+with this patch.
+
+Signed-off-by: Eddie Cai <eddie.cai.linux@gmail.com>
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+---
+ arch/arm/boot/dts/Makefile          |   1 +
+ arch/arm/boot/dts/rk3288-tinker.dts | 536 ++++++++++++++++++++++++++++++++++++
+ 2 files changed, 537 insertions(+)
+ create mode 100644 arch/arm/boot/dts/rk3288-tinker.dts
+
+diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
+index 0118084..fb46849 100644
+--- a/arch/arm/boot/dts/Makefile
++++ b/arch/arm/boot/dts/Makefile
+@@ -695,6 +695,7 @@ dtb-$(CONFIG_ARCH_ROCKCHIP) += \
+ 	rk3288-popmetal.dtb \
+ 	rk3288-r89.dtb \
+ 	rk3288-rock2-square.dtb \
++	rk3288-tinker.dtb \
+ 	rk3288-veyron-brain.dtb \
+ 	rk3288-veyron-jaq.dtb \
+ 	rk3288-veyron-jerry.dtb \
+diff --git a/arch/arm/boot/dts/rk3288-tinker.dts b/arch/arm/boot/dts/rk3288-tinker.dts
+new file mode 100644
+index 0000000..f601c78
+--- /dev/null
++++ b/arch/arm/boot/dts/rk3288-tinker.dts
+@@ -0,0 +1,536 @@
++/*
++ * Copyright (c) 2017 Fuzhou Rockchip Electronics Co., Ltd.
++ *
++ * This file is dual-licensed: you can use it either under the terms
++ * of the GPL or the X11 license, at your option. Note that this dual
++ * licensing only applies to this file, and not this project as a
++ * whole.
++ *
++ *  a) This file is free software; you can redistribute it and/or
++ *     modify it under the terms of the GNU General Public License as
++ *     published by the Free Software Foundation; either version 2 of the
++ *     License, or (at your option) any later version.
++ *
++ *     This file is distributed in the hope that it will be useful,
++ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *     GNU General Public License for more details.
++ *
++ * Or, alternatively,
++ *
++ *  b) Permission is hereby granted, free of charge, to any person
++ *     obtaining a copy of this software and associated documentation
++ *     files (the "Software"), to deal in the Software without
++ *     restriction, including without limitation the rights to use,
++ *     copy, modify, merge, publish, distribute, sublicense, and/or
++ *     sell copies of the Software, and to permit persons to whom the
++ *     Software is furnished to do so, subject to the following
++ *     conditions:
++ *
++ *     The above copyright notice and this permission notice shall be
++ *     included in all copies or substantial portions of the Software.
++ *
++ *     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ *     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
++ *     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ *     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
++ *     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
++ *     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ *     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
++ *     OTHER DEALINGS IN THE SOFTWARE.
++ */
++
++/dts-v1/;
++
++#include "rk3288.dtsi"
++#include <dt-bindings/input/input.h>
++
++/ {
++	model = "Rockchip RK3288 Tinker Board";
++	compatible = "asus,rk3288-tinker", "rockchip,rk3288";
++
++	memory {
++		reg = <0x0 0x80000000>;
++		device_type = "memory";
++	};
++
++	ext_gmac: external-gmac-clock {
++		compatible = "fixed-clock";
++		#clock-cells = <0>;
++		clock-frequency = <125000000>;
++		clock-output-names = "ext_gmac";
++	};
++
++	gpio-keys {
++		compatible = "gpio-keys";
++		#address-cells = <1>;
++		#size-cells = <0>;
++		autorepeat;
++
++		pinctrl-names = "default";
++		pinctrl-0 = <&pwrbtn>;
++
++		button@0 {
++			gpios = <&gpio0 RK_PA5 GPIO_ACTIVE_LOW>;
++			linux,code = <KEY_POWER>;
++			label = "GPIO Key Power";
++			linux,input-type = <1>;
++			wakeup-source;
++			debounce-interval = <100>;
++		};
++	};
++
++	gpio-leds {
++		compatible = "gpio-leds";
++
++		act-led {
++			gpios=<&gpio1 RK_PD0 GPIO_ACTIVE_HIGH>;
++			linux,default-trigger="mmc0";
++		};
++
++		heartbeat-led {
++			gpios=<&gpio1 RK_PD1 GPIO_ACTIVE_HIGH>;
++			linux,default-trigger="heartbeat";
++		};
++
++		pwr-led {
++			gpios = <&gpio0 RK_PA3 GPIO_ACTIVE_HIGH>;
++			linux,default-trigger = "default-on";
++		};
++	};
++
++	sound {
++		compatible = "simple-audio-card";
++		simple-audio-card,format = "i2s";
++		simple-audio-card,name = "rockchip,tinker-codec";
++		simple-audio-card,mclk-fs = <512>;
++
++		simple-audio-card,codec {
++			sound-dai = <&hdmi>;
++		};
++
++		simple-audio-card,cpu {
++			sound-dai = <&i2s>;
++		};
++	};
++
++	vcc_sys: vsys-regulator {
++		compatible = "regulator-fixed";
++		regulator-name = "vcc_sys";
++		regulator-min-microvolt = <5000000>;
++		regulator-max-microvolt = <5000000>;
++		regulator-always-on;
++		regulator-boot-on;
++	};
++
++	vcc_sd: sdmmc-regulator {
++		compatible = "regulator-fixed";
++		gpio = <&gpio7 11 GPIO_ACTIVE_LOW>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&sdmmc_pwr>;
++		regulator-name = "vcc_sd";
++		regulator-min-microvolt = <3300000>;
++		regulator-max-microvolt = <3300000>;
++		startup-delay-us = <100000>;
++		vin-supply = <&vcc_io>;
++	};
++};
++
++&cpu0 {
++	cpu0-supply = <&vdd_cpu>;
++};
++
++&gmac {
++	assigned-clocks = <&cru SCLK_MAC>;
++	assigned-clock-parents = <&ext_gmac>;
++	clock_in_out = "input";
++	phy-mode = "rgmii";
++	phy-supply = <&vcc33_lan>;
++	pinctrl-names = "default";
++	pinctrl-0 = <&rgmii_pins>;
++	snps,reset-gpio = <&gpio4 7 0>;
++	snps,reset-active-low;
++	snps,reset-delays-us = <0 10000 1000000>;
++	tx_delay = <0x30>;
++	rx_delay = <0x10>;
++	status = "ok";
++};
++
++&hdmi {
++	ddc-i2c-bus = <&i2c5>;
++	status = "okay";
++};
++
++&i2c0 {
++	clock-frequency = <400000>;
++	status = "okay";
++
++	rk808: pmic@1b {
++		compatible = "rockchip,rk808";
++		reg = <0x1b>;
++		interrupt-parent = <&gpio0>;
++		interrupts = <4 IRQ_TYPE_LEVEL_LOW>;
++		#clock-cells = <1>;
++		clock-output-names = "xin32k", "rk808-clkout2";
++		dvs-gpios = <&gpio0 11 GPIO_ACTIVE_HIGH>,
++				<&gpio0 12 GPIO_ACTIVE_HIGH>;
++		pinctrl-names = "default";
++		pinctrl-0 = <&pmic_int &global_pwroff &dvs_1 &dvs_2>;
++		rockchip,system-power-controller;
++		wakeup-source;
++
++		vcc1-supply = <&vcc_sys>;
++		vcc2-supply = <&vcc_sys>;
++		vcc3-supply = <&vcc_sys>;
++		vcc4-supply = <&vcc_sys>;
++		vcc6-supply = <&vcc_sys>;
++		vcc7-supply = <&vcc_sys>;
++		vcc8-supply = <&vcc_io>;
++		vcc9-supply = <&vcc_io>;
++		vcc10-supply = <&vcc_io>;
++		vcc11-supply = <&vcc_sys>;
++		vcc12-supply = <&vcc_io>;
++		vddio-supply = <&vcc_io>;
++
++		regulators {
++			vdd_cpu: DCDC_REG1 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <750000>;
++				regulator-max-microvolt = <1350000>;
++				regulator-name = "vdd_arm";
++				regulator-ramp-delay = <6000>;
++				regulator-state-mem {
++					regulator-off-in-suspend;
++				};
++			};
++
++			vdd_gpu: DCDC_REG2 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <850000>;
++				regulator-max-microvolt = <1250000>;
++				regulator-name = "vdd_gpu";
++				regulator-ramp-delay = <6000>;
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <1000000>;
++				};
++			};
++
++			vcc_ddr: DCDC_REG3 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-name = "vcc_ddr";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++				};
++			};
++
++			vcc_io: DCDC_REG4 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <3300000>;
++				regulator-max-microvolt = <3300000>;
++				regulator-name = "vcc_io";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <3300000>;
++				};
++			};
++
++			vcc18_ldo1: LDO_REG1 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <1800000>;
++				regulator-max-microvolt = <1800000>;
++				regulator-name = "vcc18_ldo1";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <1800000>;
++				};
++			};
++
++			vcc33_mipi: LDO_REG2 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <3300000>;
++				regulator-max-microvolt = <3300000>;
++				regulator-name = "vcc33_mipi";
++				regulator-state-mem {
++					regulator-off-in-suspend;
++				};
++			};
++
++			vdd_10: LDO_REG3 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <1000000>;
++				regulator-max-microvolt = <1000000>;
++				regulator-name = "vdd_10";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <1000000>;
++				};
++			};
++
++			vcc18_codec: LDO_REG4 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <1800000>;
++				regulator-max-microvolt = <1800000>;
++				regulator-name = "vcc18_codec";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <1800000>;
++				};
++			};
++
++			vccio_sd: LDO_REG5 {
++				regulator-min-microvolt = <1800000>;
++				regulator-max-microvolt = <3300000>;
++				regulator-name = "vccio_sd";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <3300000>;
++				};
++			};
++
++			vdd10_lcd: LDO_REG6 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <1000000>;
++				regulator-max-microvolt = <1000000>;
++				regulator-name = "vdd10_lcd";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <1000000>;
++				};
++			};
++
++			vcc_18: LDO_REG7 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <1800000>;
++				regulator-max-microvolt = <1800000>;
++				regulator-name = "vcc_18";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <1800000>;
++				};
++			};
++
++			vcc18_lcd: LDO_REG8 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-min-microvolt = <1800000>;
++				regulator-max-microvolt = <1800000>;
++				regulator-name = "vcc18_lcd";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++					regulator-suspend-microvolt = <1800000>;
++				};
++			};
++
++			vcc33_sd: SWITCH_REG1 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-name = "vcc33_sd";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++				};
++			};
++
++			vcc33_lan: SWITCH_REG2 {
++				regulator-always-on;
++				regulator-boot-on;
++				regulator-name = "vcc33_lan";
++				regulator-state-mem {
++					regulator-on-in-suspend;
++				};
++			};
++		};
++	};
++};
++
++&i2c2 {
++	status = "okay";
++};
++
++&i2c5 {
++	status = "okay";
++};
++
++&i2s {
++	#sound-dai-cells = <0>;
++	status = "okay";
++};
++
++&io_domains {
++	status = "okay";
++
++	sdcard-supply = <&vccio_sd>;
++};
++
++&pinctrl {
++	pcfg_pull_none_drv_8ma: pcfg-pull-none-drv-8ma {
++		drive-strength = <8>;
++	};
++
++	pcfg_pull_up_drv_8ma: pcfg-pull-up-drv-8ma {
++		bias-pull-up;
++		drive-strength = <8>;
++	};
++
++	backlight {
++		bl_en: bl-en {
++			rockchip,pins = <7 2 RK_FUNC_GPIO &pcfg_pull_none>;
++		};
++	};
++
++	buttons {
++		pwrbtn: pwrbtn {
++			rockchip,pins = <0 5 RK_FUNC_GPIO &pcfg_pull_up>;
++		};
++	};
++
++	eth_phy {
++		eth_phy_pwr: eth-phy-pwr {
++			rockchip,pins = <0 6 RK_FUNC_GPIO &pcfg_pull_none>;
++		};
++	};
++
++	pmic {
++		pmic_int: pmic-int {
++			rockchip,pins = <RK_GPIO0 4 RK_FUNC_GPIO \
++					&pcfg_pull_up>;
++		};
++
++		dvs_1: dvs-1 {
++			rockchip,pins = <RK_GPIO0 11 RK_FUNC_GPIO \
++					&pcfg_pull_down>;
++		};
++
++		dvs_2: dvs-2 {
++			rockchip,pins = <RK_GPIO0 12 RK_FUNC_GPIO \
++					&pcfg_pull_down>;
++		};
++	};
++
++	sdmmc {
++		sdmmc_bus4: sdmmc-bus4 {
++			rockchip,pins = <6 16 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
++					<6 17 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
++					<6 18 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
++					<6 19 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
++		};
++
++		sdmmc_clk: sdmmc-clk {
++			rockchip,pins = <6 20 RK_FUNC_1 \
++					&pcfg_pull_none_drv_8ma>;
++		};
++
++		sdmmc_cmd: sdmmc-cmd {
++			rockchip,pins = <6 21 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
++		};
++
++		sdmmc_pwr: sdmmc-pwr {
++			rockchip,pins = <7 11 RK_FUNC_GPIO &pcfg_pull_none>;
++		};
++	};
++
++	usb {
++		host_vbus_drv: host-vbus-drv {
++			rockchip,pins = <0 14 RK_FUNC_GPIO &pcfg_pull_none>;
++		};
++
++		pwr_3g: pwr-3g {
++			rockchip,pins = <7 8 RK_FUNC_GPIO &pcfg_pull_none>;
++		};
++	};
++};
++
++&pwm0 {
++	status = "okay";
++};
++
++&saradc {
++	vref-supply = <&vcc18_ldo1>;
++	status ="okay";
++};
++
++&sdmmc {
++	bus-width = <4>;
++	cap-mmc-highspeed;
++	cap-sd-highspeed;
++	card-detect-delay = <200>;
++	disable-wp;			/* wp not hooked up */
++	num-slots = <1>;
++	pinctrl-names = "default";
++	pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>;
++	status = "okay";
++	vmmc-supply = <&vcc33_sd>;
++	vqmmc-supply = <&vccio_sd>;
++};
++
++&tsadc {
++	rockchip,hw-tshut-mode = <1>; /* tshut mode 0:CRU 1:GPIO */
++	rockchip,hw-tshut-polarity = <1>; /* tshut polarity 0:LOW 1:HIGH */
++	status = "okay";
++};
++
++&uart0 {
++	status = "okay";
++};
++
++&uart1 {
++	status = "okay";
++};
++
++&uart2 {
++	status = "okay";
++};
++
++&uart3 {
++	status = "okay";
++};
++
++&uart4 {
++	status = "okay";
++};
++
++&usbphy {
++	status = "okay";
++};
++
++&usb_host0_ehci {
++	status = "okay";
++};
++
++&usb_host1 {
++	status = "okay";
++};
++
++&usb_otg {
++	status= "okay";
++};
++
++&vopb {
++	status = "okay";
++};
++
++&vopb_mmu {
++	status = "okay";
++};
++
++&vopl {
++	status = "okay";
++};
++
++&vopl_mmu {
++	status = "okay";
++};
++
++&wdt {
++	status = "okay";
++};
+-- 
+cgit v1.1
+

arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch

@@ -0,0 +1,29 @@
+From 487ff7b0e537506057960a0c2d9482d19f2acf4a Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Wed, 26 Apr 2017 11:12:54 +0100
+Subject: [PATCH] Add option of 13 for FORCE_MAX_ZONEORDER
+
+This is a hack, but it's what the other distros currently use
+for aarch64 with 4K pages so we'll do the same while upstream
+decides what the best outcome is (which isn't this).
+
+Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
+---
+ arch/arm64/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
+index 3741859765cf..deec9511f1d3 100644
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -751,6 +751,7 @@ config XEN
+ config FORCE_MAX_ZONEORDER
+ 	int
+ 	default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE)
++	default "13" if (ARCH_THUNDER && !ARM64_64K_PAGES)
+ 	default "12" if (ARM64_16K_PAGES && TRANSPARENT_HUGEPAGE)
+ 	default "11"
+ 	help
+-- 
+2.12.2
+

arm64-acpi-drop-expert-patch.patch

@@ -1,21 +0,0 @@
-From: Peter Robinson <pbrobinson@gmail.com>
-Date: Sun, 3 May 2015 18:35:23 +0100
-Subject: [PATCH] arm64: acpi drop expert patch
-
----
- drivers/acpi/Kconfig | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
-index 114cf48085ab..70ba3ef9a37b 100644
---- a/drivers/acpi/Kconfig
-+++ b/drivers/acpi/Kconfig
-@@ -5,7 +5,7 @@
- menuconfig ACPI
- 	bool "ACPI (Advanced Configuration and Power Interface) Support"
- 	depends on !IA64_HP_SIM
--	depends on IA64 || X86 || (ARM64 && EXPERT)
-+	depends on IA64 || X86 || ARM64
- 	depends on PCI
- 	select PNP
- 	default y

arm64-avoid-needing-console-to-enable-serial-console.patch

@@ -1,46 +0,0 @@
-From ede02df9a481ba07348e6fd4393ba2e273ef16d8 Mon Sep 17 00:00:00 2001
-From: Mark Salter <msalter@redhat.com>
-Date: Wed, 25 Mar 2015 14:17:50 -0400
-Subject: [PATCH] arm64: avoid needing console= to enable serial console
-
-Tell kernel to prefer one of the serial ports for console on
-platforms currently supported (pl011 or 8250). console= on
-command line will override these assumed preferences. This is
-just a hack to get the behavior we want from DT provided by
-firmware.
-
-Signed-off-by: Mark Salter <msalter@redhat.com>
----
- arch/arm64/kernel/setup.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
-index 8119479..ea9ff80 100644
---- a/arch/arm64/kernel/setup.c
-+++ b/arch/arm64/kernel/setup.c
-@@ -381,3 +381,22 @@ static int __init topology_init(void)
- 	return 0;
- }
- subsys_initcall(topology_init);
-+
-+/*
-+ * Temporary hack to avoid need for console= on command line
-+ */
-+static int __init arm64_console_setup(void)
-+{
-+	/* Allow cmdline to override our assumed preferences */
-+	if (console_set_on_cmdline)
-+		return 0;
-+
-+	if (IS_ENABLED(CONFIG_SERIAL_AMBA_PL011))
-+		add_preferred_console("ttyAMA", 0, "115200");
-+
-+	if (IS_ENABLED(CONFIG_SERIAL_8250))
-+		add_preferred_console("ttyS", 0, "115200");
-+
-+	return 0;
-+}
-+early_initcall(arm64_console_setup);
--- 
-2.5.0
-

arm64-hikey-fixes.patch

@@ -0,0 +1,77 @@
+From patchwork Sat Apr  8 07:18:40 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: reset: hi6220: Set module license so that it can be loaded
+From: Jeremy Linton <lintonrjeremy@gmail.com>
+X-Patchwork-Id: 9670985
+Message-Id: <20170408071840.29380-1-lintonrjeremy@gmail.com>
+To: linux-kernel@vger.kernel.org
+Cc: p.zabel@pengutronix.de, saberlily.xia@hisilicon.com,
+ puck.chen@hisilicon.com, xinliang.liu@linaro.org,
+ Jeremy Linton <lintonrjeremy@gmail.com>
+Date: Sat,  8 Apr 2017 02:18:40 -0500
+
+The hi6220_reset driver can be built as a standalone module
+yet it cannot be loaded because it depends on GPL exported symbols.
+
+Lets set the module license so that the module loads, and things like
+the on-board kirin drm starts working.
+
+Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
+reviewed-by: Xinliang Liu <xinliang.liu@linaro.org>
+---
+ drivers/reset/hisilicon/hi6220_reset.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c
+index 35ce53e..d5e5229 100644
+--- a/drivers/reset/hisilicon/hi6220_reset.c
++++ b/drivers/reset/hisilicon/hi6220_reset.c
+@@ -155,3 +155,5 @@ static int __init hi6220_reset_init(void)
+ }
+ 
+ postcore_initcall(hi6220_reset_init);
++
++MODULE_LICENSE("GPL v2");
+From patchwork Mon Apr  3 05:28:42 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [v2,1/2] regulator: hi655x: Describe consumed platform device
+From: Jeremy Linton <lintonrjeremy@gmail.com>
+X-Patchwork-Id: 9658793
+Message-Id: <20170403052843.12711-2-lintonrjeremy@gmail.com>
+To: linux-kernel@vger.kernel.org
+Cc: broonie@kernel.org, lgirdwood@gmail.com, puck.chen@hisilicon.com,
+ lee.jones@linaro.org, Jeremy Linton <lintonrjeremy@gmail.com>
+Date: Mon,  3 Apr 2017 00:28:42 -0500
+
+The hi655x-regulator driver consumes a similarly named platform device.
+Adding that to the module device table, allows modprobe to locate this
+driver once the device is created.
+
+Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
+---
+ drivers/regulator/hi655x-regulator.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/regulator/hi655x-regulator.c b/drivers/regulator/hi655x-regulator.c
+index 065c100..36ae54b 100644
+--- a/drivers/regulator/hi655x-regulator.c
++++ b/drivers/regulator/hi655x-regulator.c
+@@ -214,7 +214,14 @@ static int hi655x_regulator_probe(struct platform_device *pdev)
+ 	return 0;
+ }
+ 
++static const struct platform_device_id hi655x_regulator_table[] = {
++	{ .name = "hi655x-regulator" },
++	{},
++};
++MODULE_DEVICE_TABLE(platform, hi655x_regulator_table);
++
+ static struct platform_driver hi655x_regulator_driver = {
++	.id_table = hi655x_regulator_table,
+ 	.driver = {
+ 		.name	= "hi655x-regulator",
+ 	},

asus-wmi-Restrict-debugfs-interface-when-module-load.patch

@@ -1,54 +0,0 @@
-From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Fri, 9 Mar 2012 08:46:50 -0500
-Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
- loading is restricted
-
-We have no way of validating what all of the Asus WMI methods do on a
-given machine, and there's a risk that some will allow hardware state to
-be manipulated in such a way that arbitrary code can be executed in the
-kernel, circumventing module loading restrictions. Prevent that if any of
-these features are enabled.
-
-Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
----
- drivers/platform/x86/asus-wmi.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
-index efbc3f0c592b..071171be4b7f 100644
---- a/drivers/platform/x86/asus-wmi.c
-+++ b/drivers/platform/x86/asus-wmi.c
-@@ -1868,6 +1868,9 @@ static int show_dsts(struct seq_file *m, void *data)
- 	int err;
- 	u32 retval = -1;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
- 
- 	if (err < 0)
-@@ -1884,6 +1887,9 @@ static int show_devs(struct seq_file *m, void *data)
- 	int err;
- 	u32 retval = -1;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
- 				    &retval);
- 
-@@ -1908,6 +1914,9 @@ static int show_call(struct seq_file *m, void *data)
- 	union acpi_object *obj;
- 	acpi_status status;
- 
-+	if (secure_modules())
-+		return -EPERM;
-+
- 	status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
- 				     1, asus->debug.method_id,
- 				     &input, &output);
--- 
-2.4.3
-

baseconfig/CONFIG_60XX_WDT

@@ -0,0 +1 @@
+# CONFIG_60XX_WDT is not set

baseconfig/CONFIG_6LOWPAN

@@ -0,0 +1 @@
+CONFIG_6LOWPAN=m

baseconfig/CONFIG_6LOWPAN_DEBUGFS

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_DEBUGFS=y

baseconfig/CONFIG_6LOWPAN_GHC_EXT_HDR_DEST

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_GHC_EXT_HDR_DEST=m

baseconfig/CONFIG_6LOWPAN_GHC_EXT_HDR_FRAG

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_GHC_EXT_HDR_FRAG=m

baseconfig/CONFIG_6LOWPAN_GHC_EXT_HDR_HOP

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_GHC_EXT_HDR_HOP=m

baseconfig/CONFIG_6LOWPAN_GHC_EXT_HDR_ROUTE

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_GHC_EXT_HDR_ROUTE=m

baseconfig/CONFIG_6LOWPAN_GHC_ICMPV6

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_GHC_ICMPV6=m

baseconfig/CONFIG_6LOWPAN_GHC_UDP

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_GHC_UDP=m

baseconfig/CONFIG_6LOWPAN_NHC

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC=m

baseconfig/CONFIG_6LOWPAN_NHC_DEST

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC_DEST=m

baseconfig/CONFIG_6LOWPAN_NHC_FRAGMENT

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC_FRAGMENT=m

baseconfig/CONFIG_6LOWPAN_NHC_HOP

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC_HOP=m

baseconfig/CONFIG_6LOWPAN_NHC_IPV6

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC_IPV6=m

baseconfig/CONFIG_6LOWPAN_NHC_MOBILITY

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC_MOBILITY=m

baseconfig/CONFIG_6LOWPAN_NHC_ROUTING

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC_ROUTING=m

baseconfig/CONFIG_6LOWPAN_NHC_UDP

@@ -0,0 +1 @@
+CONFIG_6LOWPAN_NHC_UDP=m

baseconfig/CONFIG_6PACK

@@ -0,0 +1 @@
+CONFIG_6PACK=m

baseconfig/CONFIG_8139CP

@@ -0,0 +1 @@
+CONFIG_8139CP=m

baseconfig/CONFIG_8139TOO

@@ -0,0 +1 @@
+CONFIG_8139TOO=m

baseconfig/CONFIG_8139TOO_8129

@@ -0,0 +1 @@
+CONFIG_8139TOO_8129=y

baseconfig/CONFIG_8139TOO_PIO

@@ -0,0 +1 @@
+# CONFIG_8139TOO_PIO is not set

baseconfig/CONFIG_8139TOO_TUNE_TWISTER

@@ -0,0 +1 @@
+# CONFIG_8139TOO_TUNE_TWISTER is not set

baseconfig/CONFIG_8139_OLD_RX_RESET

@@ -0,0 +1 @@
+# CONFIG_8139_OLD_RX_RESET is not set

baseconfig/CONFIG_8723AU_AP_MODE

@@ -0,0 +1 @@
+# CONFIG_8723AU_AP_MODE is not set

baseconfig/CONFIG_8723AU_BT_COEXIST

@@ -0,0 +1 @@
+# CONFIG_8723AU_BT_COEXIST is not set

baseconfig/CONFIG_9P_FS

@@ -0,0 +1 @@
+CONFIG_9P_FS=m

baseconfig/CONFIG_9P_FSCACHE

@@ -0,0 +1 @@
+CONFIG_9P_FSCACHE=y

baseconfig/CONFIG_9P_FS_POSIX_ACL

@@ -0,0 +1 @@
+CONFIG_9P_FS_POSIX_ACL=y

baseconfig/CONFIG_9P_FS_SECURITY

@@ -0,0 +1 @@
+CONFIG_9P_FS_SECURITY=y

baseconfig/CONFIG_A11Y_BRAILLE_CONSOLE

@@ -0,0 +1 @@
+CONFIG_A11Y_BRAILLE_CONSOLE=y

baseconfig/CONFIG_AB3100_CORE

@@ -0,0 +1 @@
+# CONFIG_AB3100_CORE is not set

baseconfig/CONFIG_AB3100_OTP

@@ -0,0 +1 @@
+# CONFIG_AB3100_OTP is not set

baseconfig/CONFIG_ABP060MG

@@ -0,0 +1 @@
+CONFIG_ABP060MG=m

baseconfig/CONFIG_ABX500_CORE

@@ -0,0 +1 @@
+# CONFIG_ABX500_CORE is not set

baseconfig/CONFIG_ACCESSIBILITY

@@ -0,0 +1 @@
+CONFIG_ACCESSIBILITY=y

baseconfig/CONFIG_ACENIC

@@ -0,0 +1 @@
+CONFIG_ACENIC=m

baseconfig/CONFIG_ACENIC_OMIT_TIGON_I

@@ -0,0 +1 @@
+# CONFIG_ACENIC_OMIT_TIGON_I is not set

baseconfig/CONFIG_ACORN_PARTITION

@@ -0,0 +1 @@
+# CONFIG_ACORN_PARTITION is not set

baseconfig/CONFIG_ACPI_ALS

@@ -0,0 +1 @@
+CONFIG_ACPI_ALS=m

baseconfig/CONFIG_ACPI_DEBUG

@@ -0,0 +1 @@
+# CONFIG_ACPI_DEBUG is not set

baseconfig/CONFIG_ACPI_DEBUGGER

@@ -0,0 +1 @@
+# CONFIG_ACPI_DEBUGGER is not set

baseconfig/CONFIG_ACPI_NFIT

@@ -0,0 +1 @@
+# CONFIG_ACPI_NFIT is not set

baseconfig/CONFIG_ACPI_PCI_SLOT

@@ -0,0 +1 @@
+CONFIG_ACPI_PCI_SLOT=y

baseconfig/CONFIG_ACQUIRE_WDT

@@ -0,0 +1 @@
+# CONFIG_ACQUIRE_WDT is not set

baseconfig/CONFIG_ACT200L_DONGLE

@@ -0,0 +1 @@
+CONFIG_ACT200L_DONGLE=m

baseconfig/CONFIG_ACTISYS_DONGLE

@@ -0,0 +1 @@
+CONFIG_ACTISYS_DONGLE=m

baseconfig/CONFIG_AD2S1200

@@ -0,0 +1 @@
+# CONFIG_AD2S1200 is not set

baseconfig/CONFIG_AD2S1210

@@ -0,0 +1 @@
+# CONFIG_AD2S1210 is not set

baseconfig/CONFIG_AD2S90

@@ -0,0 +1 @@
+# CONFIG_AD2S90 is not set

baseconfig/CONFIG_AD5064

@@ -0,0 +1 @@
+# CONFIG_AD5064 is not set

baseconfig/CONFIG_AD525X_DPOT

@@ -0,0 +1 @@
+# CONFIG_AD525X_DPOT is not set

baseconfig/CONFIG_AD5360

@@ -0,0 +1 @@
+# CONFIG_AD5360 is not set

baseconfig/CONFIG_AD5380

@@ -0,0 +1 @@
+# CONFIG_AD5380 is not set

baseconfig/CONFIG_AD5421

@@ -0,0 +1 @@
+# CONFIG_AD5421 is not set

baseconfig/CONFIG_AD5446

@@ -0,0 +1 @@
+# CONFIG_AD5446 is not set

baseconfig/CONFIG_AD5449

@@ -0,0 +1 @@
+# CONFIG_AD5449 is not set