ngompa/kernel-rpm
1
0
Fork 0
forked from rpms/kernel
Code Pull Requests Activity

Linux v3.14-751-g683b6c6f82a6

Browse Source
This commit is contained in:
Josh Boyer 2014-04-01 15:44:09 -04:00
parent 48c16485fb
commit fbff9edd56
11 changed files with 128 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -55,6 +55,7 @@ debug:
@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/' config-nodebug @perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/' config-nodebug
@perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/' config-nodebug @perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/' config-nodebug
@perl -pi -e 's/# CONFIG_X86_PTDUMP is not set/CONFIG_X86_PTDUMP=y/' config-nodebug @perl -pi -e 's/# CONFIG_X86_PTDUMP is not set/CONFIG_X86_PTDUMP=y/' config-nodebug
@perl -pi -e 's/# CONFIG_EFI_PGT_PTDUMP is not set/CONFIG_EFI_PGT_PTDUMP=y/' config-nodebug
@perl -pi -e 's/# CONFIG_CAN_DEBUG_DEVICES is not set/CONFIG_CAN_DEBUG_DEVICES=y/' config-nodebug @perl -pi -e 's/# CONFIG_CAN_DEBUG_DEVICES is not set/CONFIG_CAN_DEBUG_DEVICES=y/' config-nodebug
@perl -pi -e 's/# CONFIG_MODULE_FORCE_UNLOAD is not set/CONFIG_MODULE_FORCE_UNLOAD=y/' config-nodebug @perl -pi -e 's/# CONFIG_MODULE_FORCE_UNLOAD is not set/CONFIG_MODULE_FORCE_UNLOAD=y/' config-nodebug
@perl -pi -e 's/# CONFIG_SYSCTL_SYSCALL_CHECK is not set/CONFIG_SYSCTL_SYSCALL_CHECK=y/' config-nodebug @perl -pi -e 's/# CONFIG_SYSCTL_SYSCALL_CHECK is not set/CONFIG_SYSCTL_SYSCALL_CHECK=y/' config-nodebug

1
Makefile.release
View File

@ -35,6 +35,7 @@ config-release:
@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/' config-nodebug @perl -pi -e 's/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/' config-nodebug
@perl -pi -e 's/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/' config-nodebug @perl -pi -e 's/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/' config-nodebug
@perl -pi -e 's/CONFIG_X86_PTDUMP=y/# CONFIG_X86_PTDUMP is not set/' config-nodebug @perl -pi -e 's/CONFIG_X86_PTDUMP=y/# CONFIG_X86_PTDUMP is not set/' config-nodebug
@perl -pi -e 's/CONFIG_EFI_PGT_PTDUMP=y/# CONFIG_EFI_PGT_PTDUMP is not set/' config-nodebug
@perl -pi -e 's/CONFIG_CAN_DEBUG_DEVICES=y/# CONFIG_CAN_DEBUG_DEVICES is not set/' config-nodebug @perl -pi -e 's/CONFIG_CAN_DEBUG_DEVICES=y/# CONFIG_CAN_DEBUG_DEVICES is not set/' config-nodebug
@perl -pi -e 's/CONFIG_MODULE_FORCE_UNLOAD=y/# CONFIG_MODULE_FORCE_UNLOAD is not set/' config-nodebug @perl -pi -e 's/CONFIG_MODULE_FORCE_UNLOAD=y/# CONFIG_MODULE_FORCE_UNLOAD is not set/' config-nodebug
@perl -pi -e 's/CONFIG_SYSCTL_SYSCALL_CHECK=y/# CONFIG_SYSCTL_SYSCALL_CHECK is not set/' config-nodebug @perl -pi -e 's/CONFIG_SYSCTL_SYSCALL_CHECK=y/# CONFIG_SYSCTL_SYSCALL_CHECK is not set/' config-nodebug

5
config-arm64
View File

@ -1,6 +1,9 @@
CONFIG_64BIT=y CONFIG_64BIT=y
CONFIG_ARM64=y CONFIG_ARM64=y
CONFIG_SCHED_MC=y
CONFIG_SCHED_SMT=y
# CONFIG_CPU_BIG_ENDIAN is not set # CONFIG_CPU_BIG_ENDIAN is not set
# arm64 only SoCs # arm64 only SoCs
@ -80,3 +83,5 @@ CONFIG_VM_EVENT_COUNTERS=y
# CONFIG_VGA_CONSOLE is not set # CONFIG_VGA_CONSOLE is not set
CONFIG_POWER_RESET_XGENE=y CONFIG_POWER_RESET_XGENE=y
CONFIG_COMMON_CLK_XGENE=y CONFIG_COMMON_CLK_XGENE=y
CONFIG_AHCI_XGENE=m

1
config-armv7-generic
View File

@ -570,6 +570,7 @@ CONFIG_BPF_JIT=y
# CONFIG_DRM_TILCDC is not set # CONFIG_DRM_TILCDC is not set
# CONFIG_DRM_IMX is not set # CONFIG_DRM_IMX is not set
# CONFIG_AHCI_IMX is not set # CONFIG_AHCI_IMX is not set
CONFIG_AHCI_SUNXI=m
# CONFIG_CS89x0 is not set # CONFIG_CS89x0 is not set
# CONFIG_DM9000 is not set # CONFIG_DM9000 is not set
# CONFIG_HW_RANDOM_ATMEL is not set # CONFIG_HW_RANDOM_ATMEL is not set

1
config-debug
View File

@ -47,6 +47,7 @@ CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
CONFIG_X86_PTDUMP=y CONFIG_X86_PTDUMP=y
CONFIG_EFI_PGT_DUMP=y
CONFIG_CAN_DEBUG_DEVICES=y CONFIG_CAN_DEBUG_DEVICES=y

1
config-nodebug
View File

@ -47,6 +47,7 @@ CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
CONFIG_X86_PTDUMP=y CONFIG_X86_PTDUMP=y
CONFIG_EFI_PGT_DUMP=y
CONFIG_CAN_DEBUG_DEVICES=y CONFIG_CAN_DEBUG_DEVICES=y

1
config-x86-generic
View File

@ -34,6 +34,7 @@ CONFIG_X86_PM_TIMER=y
CONFIG_EFI=y CONFIG_EFI=y
CONFIG_EFI_STUB=y CONFIG_EFI_STUB=y
# CONFIG_EFI_MIXED is not set
CONFIG_EFI_VARS=y CONFIG_EFI_VARS=y
CONFIG_EFIVAR_FS=y CONFIG_EFIVAR_FS=y
CONFIG_EFI_VARS_PSTORE=y CONFIG_EFI_VARS_PSTORE=y

5
kernel.spec
View File

@ -61,7 +61,7 @@ Summary: The Linux kernel
# The rc snapshot level # The rc snapshot level
%define rcrev 0 %define rcrev 0
# The git snapshot level # The git snapshot level
%define gitrev 1 %define gitrev 2
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0 %define rpmversion 3.%{upstream_sublevel}.0
%endif %endif
@ -2074,6 +2074,9 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git2.1
- Linux v3.14-751-g683b6c6f82a6
* Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git1.1 * Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git1.1
- Linux v3.14-313-g918d80a13643 - Linux v3.14-313-g918d80a13643
- Reenable debugging options. - Reenable debugging options.

35
makefile-after_link.patch
View File

@ -1,7 +1,7 @@
Bugzilla: N/A Bugzilla: N/A
Upstream-status: ?? Upstream-status: ??
From b707aea6a4947c3806ced2c23e889943a0f36876 Mon Sep 17 00:00:00 2001 From fd4e7f06ecc891474dea3a93df083de5f8c50cdc Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@redhat.com> From: Roland McGrath <roland@redhat.com>
Date: Mon, 6 Oct 2008 23:03:03 -0700 Date: Mon, 6 Oct 2008 23:03:03 -0700
Subject: [PATCH] kbuild: AFTER_LINK Subject: [PATCH] kbuild: AFTER_LINK
@ -10,10 +10,18 @@ If the make variable AFTER_LINK is set, it is a command line to run
after each final link. This includes vmlinux itself and vDSO images. after each final link. This includes vmlinux itself and vDSO images.
Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Roland McGrath <roland@redhat.com>
---
arch/arm64/kernel/vdso/Makefile | 3 ++-
arch/powerpc/kernel/vdso32/Makefile | 3 ++-
arch/powerpc/kernel/vdso64/Makefile | 3 ++-
arch/s390/kernel/vdso32/Makefile | 3 ++-
arch/s390/kernel/vdso64/Makefile | 3 ++-
arch/x86/vdso/Makefile | 5 +++--
scripts/link-vmlinux.sh | 4 ++++
7 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
index 6d20b7d..863a01b 100644 index 6d20b7d162d8..863a01bde0bf 100644
--- a/arch/arm64/kernel/vdso/Makefile --- a/arch/arm64/kernel/vdso/Makefile
+++ b/arch/arm64/kernel/vdso/Makefile +++ b/arch/arm64/kernel/vdso/Makefile
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S @@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S
@ -27,7 +35,7 @@ index 6d20b7d..863a01b 100644
cmd_vdsoas = $(CC) $(a_flags) -c -o $@ $< cmd_vdsoas = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/powerpc/kernel/vdso32/Makefile b/arch/powerpc/kernel/vdso32/Makefile diff --git a/arch/powerpc/kernel/vdso32/Makefile b/arch/powerpc/kernel/vdso32/Makefile
index 53e6c9b..e427844 100644 index 53e6c9b979ec..e427844e9bb0 100644
--- a/arch/powerpc/kernel/vdso32/Makefile --- a/arch/powerpc/kernel/vdso32/Makefile
+++ b/arch/powerpc/kernel/vdso32/Makefile +++ b/arch/powerpc/kernel/vdso32/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S @@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@ -41,7 +49,7 @@ index 53e6c9b..e427844 100644
cmd_vdso32as = $(CROSS32CC) $(a_flags) -c -o $@ $< cmd_vdso32as = $(CROSS32CC) $(a_flags) -c -o $@ $<
diff --git a/arch/powerpc/kernel/vdso64/Makefile b/arch/powerpc/kernel/vdso64/Makefile diff --git a/arch/powerpc/kernel/vdso64/Makefile b/arch/powerpc/kernel/vdso64/Makefile
index effca94..713891a 100644 index effca9404b17..713891a92d23 100644
--- a/arch/powerpc/kernel/vdso64/Makefile --- a/arch/powerpc/kernel/vdso64/Makefile
+++ b/arch/powerpc/kernel/vdso64/Makefile +++ b/arch/powerpc/kernel/vdso64/Makefile
@@ -36,7 +36,8 @@ $(obj-vdso64): %.o: %.S @@ -36,7 +36,8 @@ $(obj-vdso64): %.o: %.S
@ -55,7 +63,7 @@ index effca94..713891a 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $< cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
index 8ad2b34..e153572 100644 index 8ad2b34ad151..e153572ab351 100644
--- a/arch/s390/kernel/vdso32/Makefile --- a/arch/s390/kernel/vdso32/Makefile
+++ b/arch/s390/kernel/vdso32/Makefile +++ b/arch/s390/kernel/vdso32/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S @@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@ -69,7 +77,7 @@ index 8ad2b34..e153572 100644
cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $< cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
index 2a8ddfd..452ca53 100644 index 2a8ddfd12a5b..452ca53561fe 100644
--- a/arch/s390/kernel/vdso64/Makefile --- a/arch/s390/kernel/vdso64/Makefile
+++ b/arch/s390/kernel/vdso64/Makefile +++ b/arch/s390/kernel/vdso64/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S @@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
@ -83,10 +91,10 @@ index 2a8ddfd..452ca53 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $< cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
index fd14be1..1f3eb19 100644 index 9206ac7961a5..3d7f533f6757 100644
--- a/arch/x86/vdso/Makefile --- a/arch/x86/vdso/Makefile
+++ b/arch/x86/vdso/Makefile +++ b/arch/x86/vdso/Makefile
@@ -178,8 +178,9 @@ $(obj)/vdso32-syms.lds: $(vdso32.so-y:%=$(obj)/vdso32-%-syms.lds) FORCE @@ -181,8 +181,9 @@ $(obj)/vdso32-syms.lds: $(vdso32.so-y:%=$(obj)/vdso32-%-syms.lds) FORCE
quiet_cmd_vdso = VDSO $@ quiet_cmd_vdso = VDSO $@
cmd_vdso = $(CC) -nostdlib -o $@ \ cmd_vdso = $(CC) -nostdlib -o $@ \
$(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \ $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
@ -96,10 +104,10 @@ index fd14be1..1f3eb19 100644
+ $(if $(AFTER_LINK),; $(AFTER_LINK)) && \ + $(if $(AFTER_LINK),; $(AFTER_LINK)) && \
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' + sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
GCOV_PROFILE := n $(LTO_CFLAGS)
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index 2dcb377..25e170e 100644 index 2dcb37736d84..25e170e92ef1 100644
--- a/scripts/link-vmlinux.sh --- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh
@@ -65,6 +65,10 @@ vmlinux_link() @@ -65,6 +65,10 @@ vmlinux_link()
@ -113,3 +121,6 @@ index 2dcb377..25e170e 100644
} }
--
1.8.5.3

178
secure-modules.patch
View File

@ -1,7 +1,7 @@
Bugzilla: N/A Bugzilla: N/A
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
From f212a4d8b8638a3e15e4cd76874d4fab60726752 Mon Sep 17 00:00:00 2001 From 8c5bcdba1c1ff54913679e435e90f6084b15e8bf Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400 Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH 01/14] Add secure_modules() call Subject: [PATCH 01/14] Add secure_modules() call
@ -17,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 17 insertions(+) 2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h diff --git a/include/linux/module.h b/include/linux/module.h
index 15cd6b1..30702eb 100644 index eaf60ff9ba94..5ab9d81e3b96 100644
--- a/include/linux/module.h --- a/include/linux/module.h
+++ b/include/linux/module.h +++ b/include/linux/module.h
@@ -512,6 +512,8 @@ int unregister_module_notifier(struct notifier_block * nb); @@ -512,6 +512,8 @@ int unregister_module_notifier(struct notifier_block *nb);
extern void print_modules(void); extern void print_modules(void);
@ -29,7 +29,7 @@ index 15cd6b1..30702eb 100644
#else /* !CONFIG_MODULES... */ #else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */ /* Given an address, look for it in the exception tables. */
@@ -622,6 +624,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb) @@ -622,6 +624,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
static inline void print_modules(void) static inline void print_modules(void)
{ {
} }
@ -42,10 +42,10 @@ index 15cd6b1..30702eb 100644
#ifdef CONFIG_SYSFS #ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c diff --git a/kernel/module.c b/kernel/module.c
index f5a3b1e..644c33e 100644 index 8dc7f5e80dd8..62f9b72bf85e 100644
--- a/kernel/module.c --- a/kernel/module.c
+++ b/kernel/module.c +++ b/kernel/module.c
@@ -3831,3 +3831,13 @@ void module_layout(struct module *mod, @@ -3833,3 +3833,13 @@ void module_layout(struct module *mod,
} }
EXPORT_SYMBOL(module_layout); EXPORT_SYMBOL(module_layout);
#endif #endif
@ -60,10 +60,10 @@ index f5a3b1e..644c33e 100644
+} +}
+EXPORT_SYMBOL(secure_modules); +EXPORT_SYMBOL(secure_modules);
-- --
1.8.4.2 1.8.5.3
From 394a8259d0b457495dddda8704821ec9e56ea44a Mon Sep 17 00:00:00 2001 From 07a3bcd38cc1056dd6c58ba58316296c4df38fb0 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500 Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
@ -83,7 +83,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
3 files changed, 19 insertions(+), 2 deletions(-) 3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index c91e6c1..447742e 100644 index 276ef9c18802..acd1d61247c8 100644
--- a/drivers/pci/pci-sysfs.c --- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c
@@ -29,6 +29,7 @@ @@ -29,6 +29,7 @@
@ -94,7 +94,7 @@ index c91e6c1..447742e 100644
#include "pci.h" #include "pci.h"
static int sysfs_initialized; /* = 0 */ static int sysfs_initialized; /* = 0 */
@@ -668,6 +669,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, @@ -663,6 +664,9 @@ pci_write_config(struct file* filp, struct kobject *kobj,
loff_t init_off = off; loff_t init_off = off;
u8 *data = (u8*) buf; u8 *data = (u8*) buf;
@ -104,7 +104,7 @@ index c91e6c1..447742e 100644
if (off > dev->cfg_size) if (off > dev->cfg_size)
return 0; return 0;
if (off + count > dev->cfg_size) { if (off + count > dev->cfg_size) {
@@ -974,6 +978,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, @@ -969,6 +973,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
resource_size_t start, end; resource_size_t start, end;
int i; int i;
@ -114,7 +114,7 @@ index c91e6c1..447742e 100644
for (i = 0; i < PCI_ROM_RESOURCE; i++) for (i = 0; i < PCI_ROM_RESOURCE; i++)
if (res == &pdev->resource[i]) if (res == &pdev->resource[i])
break; break;
@@ -1081,6 +1088,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, @@ -1076,6 +1083,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf, struct bin_attribute *attr, char *buf,
loff_t off, size_t count) loff_t off, size_t count)
{ {
@ -125,7 +125,7 @@ index c91e6c1..447742e 100644
} }
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
index 46d1378..294fe7b 100644 index 46d1378f2e9e..294fe7b34af0 100644
--- a/drivers/pci/proc.c --- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c +++ b/drivers/pci/proc.c
@@ -117,6 +117,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof @@ -117,6 +117,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof
@ -158,7 +158,7 @@ index 46d1378..294fe7b 100644
/* Make sure the caller is mapping a real resource for this device */ /* Make sure the caller is mapping a real resource for this device */
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
index 24750a1..fa57896 100644 index 24750a1b39b6..fa57896b97dd 100644
--- a/drivers/pci/syscall.c --- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c +++ b/drivers/pci/syscall.c
@@ -10,6 +10,7 @@ @@ -10,6 +10,7 @@
@ -179,10 +179,10 @@ index 24750a1..fa57896 100644
dev = pci_get_bus_and_slot(bus, dfn); dev = pci_get_bus_and_slot(bus, dfn);
-- --
1.8.4.2 1.8.5.3
From 69532e626cece8a43c2528246e0421488b468102 Mon Sep 17 00:00:00 2001 From ec91151858b2610fab98eaee045718f83b95b182 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500 Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH 03/14] x86: Lock down IO port access when module security is Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
@ -200,7 +200,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 7 insertions(+), 2 deletions(-) 2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 4ddaf66..00b4403 100644 index 4ddaf66ea35f..00b440307419 100644
--- a/arch/x86/kernel/ioport.c --- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c
@@ -15,6 +15,7 @@ @@ -15,6 +15,7 @@
@ -230,10 +230,10 @@ index 4ddaf66..00b4403 100644
} }
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index f895a8c..1af8664 100644 index 92c5937f80c3..9d67b702bee5 100644
--- a/drivers/char/mem.c --- a/drivers/char/mem.c
+++ b/drivers/char/mem.c +++ b/drivers/char/mem.c
@@ -28,6 +28,7 @@ @@ -27,6 +27,7 @@
#include <linux/export.h> #include <linux/export.h>
#include <linux/io.h> #include <linux/io.h>
#include <linux/aio.h> #include <linux/aio.h>
@ -241,7 +241,7 @@ index f895a8c..1af8664 100644
#include <asm/uaccess.h> #include <asm/uaccess.h>
@@ -563,6 +564,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, @@ -562,6 +563,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
unsigned long i = *ppos; unsigned long i = *ppos;
const char __user *tmp = buf; const char __user *tmp = buf;
@ -252,10 +252,10 @@ index f895a8c..1af8664 100644
return -EFAULT; return -EFAULT;
while (count-- > 0 && i < 65536) { while (count-- > 0 && i < 65536) {
-- --
1.8.4.2 1.8.5.3
From 8771ff55273e964d707b174dd0dbe433783c0254 Mon Sep 17 00:00:00 2001 From 6a1ba9b8e21747505e3242edec5eb32b34151197 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500 Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH 04/14] ACPI: Limit access to custom_method Subject: [PATCH 04/14] ACPI: Limit access to custom_method
@ -270,7 +270,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 3 insertions(+) 1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index 12b62f2..50647b3 100644 index c68e72414a67..4277938af700 100644
--- a/drivers/acpi/custom_method.c --- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c +++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, @@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
@ -284,10 +284,10 @@ index 12b62f2..50647b3 100644
/* parse the table header to get the table length */ /* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header)) if (count <= sizeof(struct acpi_table_header))
-- --
1.8.4.2 1.8.5.3
From 7d3e3db90e1b4cf33ba4a46624ae4a68f787e5fc Mon Sep 17 00:00:00 2001 From 3b4277dc7a3dfefe3e27405e497eed0f90359141 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500 Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
@ -305,10 +305,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 9 insertions(+) 1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index 19c313b..db18ef66 100644 index c5e082fb82fa..03c57fc8de8a 100644
--- a/drivers/platform/x86/asus-wmi.c --- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c +++ b/drivers/platform/x86/asus-wmi.c
@@ -1618,6 +1618,9 @@ static int show_dsts(struct seq_file *m, void *data) @@ -1595,6 +1595,9 @@ static int show_dsts(struct seq_file *m, void *data)
int err; int err;
u32 retval = -1; u32 retval = -1;
@ -318,7 +318,7 @@ index 19c313b..db18ef66 100644
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0) if (err < 0)
@@ -1634,6 +1637,9 @@ static int show_devs(struct seq_file *m, void *data) @@ -1611,6 +1614,9 @@ static int show_devs(struct seq_file *m, void *data)
int err; int err;
u32 retval = -1; u32 retval = -1;
@ -328,7 +328,7 @@ index 19c313b..db18ef66 100644
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval); &retval);
@@ -1658,6 +1664,9 @@ static int show_call(struct seq_file *m, void *data) @@ -1635,6 +1641,9 @@ static int show_call(struct seq_file *m, void *data)
union acpi_object *obj; union acpi_object *obj;
acpi_status status; acpi_status status;
@ -339,10 +339,10 @@ index 19c313b..db18ef66 100644
1, asus->debug.method_id, 1, asus->debug.method_id,
&input, &output); &input, &output);
-- --
1.8.4.2 1.8.5.3
From 98ebe083d75333e269730fe374cca42ac7f08a07 Mon Sep 17 00:00:00 2001 From a04a8ae989b90585a242eb19a8567e70419be27b Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500 Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
@ -358,10 +358,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 6 insertions(+) 1 file changed, 6 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 1af8664..61406c8 100644 index 9d67b702bee5..9116f10eec5e 100644
--- a/drivers/char/mem.c --- a/drivers/char/mem.c
+++ b/drivers/char/mem.c +++ b/drivers/char/mem.c
@@ -159,6 +159,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, @@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
unsigned long copied; unsigned long copied;
void *ptr; void *ptr;
@ -371,7 +371,7 @@ index 1af8664..61406c8 100644
if (!valid_phys_addr_range(p, count)) if (!valid_phys_addr_range(p, count))
return -EFAULT; return -EFAULT;
@@ -497,6 +500,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, @@ -496,6 +499,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0; int err = 0;
@ -382,10 +382,10 @@ index 1af8664..61406c8 100644
unsigned long to_write = min_t(unsigned long, count, unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p); (unsigned long)high_memory - p);
-- --
1.8.4.2 1.8.5.3
From 71353d491c70b303a07b4e79c896e729a4f74978 Mon Sep 17 00:00:00 2001 From 9aac939b874fc53c4021baf88914292448dcb0f6 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com> From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400 Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
@ -401,10 +401,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 54a20ff..d21d269 100644 index fc1aa7909690..ee9f123db960 100644
--- a/drivers/acpi/osl.c --- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c
@@ -45,6 +45,7 @@ @@ -44,6 +44,7 @@
#include <linux/list.h> #include <linux/list.h>
#include <linux/jiffies.h> #include <linux/jiffies.h>
#include <linux/semaphore.h> #include <linux/semaphore.h>
@ -412,7 +412,7 @@ index 54a20ff..d21d269 100644
#include <asm/io.h> #include <asm/io.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
@@ -248,7 +249,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); @@ -244,7 +245,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void) acpi_physical_address __init acpi_os_get_root_pointer(void)
{ {
#ifdef CONFIG_KEXEC #ifdef CONFIG_KEXEC
@ -422,10 +422,10 @@ index 54a20ff..d21d269 100644
#endif #endif
-- --
1.8.4.2 1.8.5.3
From e0a6b0dd91460123d71784d531b9df26449940ae Mon Sep 17 00:00:00 2001 From 7105897db69bf40f7a860d962d6364f44b184a99 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400 Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
@ -441,7 +441,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 8 insertions(+) 1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c diff --git a/kernel/kexec.c b/kernel/kexec.c
index 9c97016..8ad0d38 100644 index 45601cf41bee..d5819bb45bec 100644
--- a/kernel/kexec.c --- a/kernel/kexec.c
+++ b/kernel/kexec.c +++ b/kernel/kexec.c
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
@ -452,7 +452,7 @@ index 9c97016..8ad0d38 100644
#include <asm/page.h> #include <asm/page.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
@@ -946,6 +947,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, @@ -947,6 +948,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM; return -EPERM;
/* /*
@ -467,10 +467,10 @@ index 9c97016..8ad0d38 100644
* This leaves us room for future extensions. * This leaves us room for future extensions.
*/ */
-- --
1.8.4.2 1.8.5.3
From c340630e68e5ed4d731d60d05ef9e2ae27080b66 Mon Sep 17 00:00:00 2001 From 396802aea251e2b6d73b8af6107bf5b15319c5d9 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Tue, 3 Sep 2013 11:23:29 -0400 Date: Tue, 3 Sep 2013 11:23:29 -0400
Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted
@ -485,7 +485,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 4 insertions(+) 1 file changed, 4 insertions(+)
diff --git a/kernel/power/user.c b/kernel/power/user.c diff --git a/kernel/power/user.c b/kernel/power/user.c
index 98d3575..efe99de 100644 index 98d357584cd6..efe99dee9510 100644
--- a/kernel/power/user.c --- a/kernel/power/user.c
+++ b/kernel/power/user.c +++ b/kernel/power/user.c
@@ -24,6 +24,7 @@ @@ -24,6 +24,7 @@
@ -507,10 +507,10 @@ index 98d3575..efe99de 100644
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
-- --
1.8.4.2 1.8.5.3
From 273deda4ddec360ce67ac256b8cbdabdc5e8c51d Mon Sep 17 00:00:00 2001 From a35665548d4a0a2e56692f6d8e1a85097f8a1d78 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800 Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is
@ -527,7 +527,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 7 insertions(+) 1 file changed, 7 insertions(+)
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 05266b5..e2bd647 100644 index 05266b5aae22..e2bd647f676e 100644
--- a/arch/x86/kernel/msr.c --- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, @@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
@ -552,10 +552,10 @@ index 05266b5..e2bd647 100644
err = -EFAULT; err = -EFAULT;
break; break;
-- --
1.8.4.2 1.8.5.3
From 089166c0d42f1b82988aad4f23607deb6ee531e7 Mon Sep 17 00:00:00 2001 From e6666519c5267410c85d8271c69a421eb735f58e Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400 Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH 11/14] Add option to automatically enforce module signatures Subject: [PATCH 11/14] Add option to automatically enforce module signatures
@ -578,7 +578,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
7 files changed, 69 insertions(+), 1 deletion(-) 7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 199f453..ec38acf 100644 index 199f453cb4de..ec38acf00b40 100644
--- a/Documentation/x86/zero-page.txt --- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt +++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning @@ -30,6 +30,8 @@ Offset Proto Name Meaning
@ -591,12 +591,12 @@ index 199f453..ec38acf 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table 2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 5216e28..2a147a3 100644 index 8453fe1342ea..ba517988f087 100644
--- a/arch/x86/Kconfig --- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig +++ b/arch/x86/Kconfig
@@ -1582,6 +1582,16 @@ config EFI_STUB @@ -1599,6 +1599,16 @@ config EFI_MIXED
See Documentation/efi-stub.txt for more information. If unsure, say N.
+config EFI_SECURE_BOOT_SIG_ENFORCE +config EFI_SECURE_BOOT_SIG_ENFORCE
+ def_bool n + def_bool n
@ -612,7 +612,7 @@ index 5216e28..2a147a3 100644
def_bool y def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode" prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index a7677ba..4e172e9 100644 index 1e6146137f8e..b00745ff398a 100644
--- a/arch/x86/boot/compressed/eboot.c --- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@ @@ -12,6 +12,7 @@
@ -623,10 +623,10 @@ index a7677ba..4e172e9 100644
#undef memcpy /* Use memcpy from misc.c */ #undef memcpy /* Use memcpy from misc.c */
@@ -741,6 +742,37 @@ free_mem_map: @@ -809,6 +810,37 @@ out:
return status;
} }
+static int get_secure_boot(void) +static int get_secure_boot(void)
+{ +{
+ u8 sb, setup; + u8 sb, setup;
@ -659,11 +659,11 @@ index a7677ba..4e172e9 100644
+ +
+ +
/* /*
* On success we return a pointer to a boot_params structure, and NULL * See if we have Graphics Output Protocol
* on failure. */
@@ -760,6 +792,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, @@ -1372,6 +1404,10 @@ struct boot_params *efi_main(struct efi_config *c,
if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) else
goto fail; setup_boot_services32(efi_early);
+ sanitize_boot_params(boot_params); + sanitize_boot_params(boot_params);
+ +
@ -673,7 +673,7 @@ index a7677ba..4e172e9 100644
setup_efi_pci(boot_params); setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 225b098..90dbfb7 100644 index 225b0988043a..90dbfb73e11f 100644
--- a/arch/x86/include/uapi/asm/bootparam.h --- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -133,7 +133,8 @@ struct boot_params { @@ -133,7 +133,8 @@ struct boot_params {
@ -687,10 +687,10 @@ index 225b098..90dbfb7 100644
* The sentinel is set to a nonzero value (0xff) in header.S. * The sentinel is set to a nonzero value (0xff) in header.S.
* *
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 182b3f9..ab6cc9e 100644 index fa511acff7e6..aa227f68687c 100644
--- a/arch/x86/kernel/setup.c --- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c
@@ -1129,6 +1129,12 @@ void __init setup_arch(char **cmdline_p) @@ -1143,6 +1143,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init(); io_delay_init();
@ -704,10 +704,10 @@ index 182b3f9..ab6cc9e 100644
* Parse the ACPI tables for possible boot-time SMP configuration. * Parse the ACPI tables for possible boot-time SMP configuration.
*/ */
diff --git a/include/linux/module.h b/include/linux/module.h diff --git a/include/linux/module.h b/include/linux/module.h
index 30702eb..3eb0f52 100644 index 5ab9d81e3b96..83144dd56ff0 100644
--- a/include/linux/module.h --- a/include/linux/module.h
+++ b/include/linux/module.h +++ b/include/linux/module.h
@@ -190,6 +190,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); @@ -191,6 +191,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
struct notifier_block; struct notifier_block;
@ -721,10 +721,10 @@ index 30702eb..3eb0f52 100644
extern int modules_disabled; /* for sysctl */ extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c diff --git a/kernel/module.c b/kernel/module.c
index 644c33e..92b73b1 100644 index 62f9b72bf85e..dcfb07ae5e4e 100644
--- a/kernel/module.c --- a/kernel/module.c
+++ b/kernel/module.c +++ b/kernel/module.c
@@ -3832,6 +3832,13 @@ void module_layout(struct module *mod, @@ -3834,6 +3834,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout); EXPORT_SYMBOL(module_layout);
#endif #endif
@ -739,10 +739,10 @@ index 644c33e..92b73b1 100644
{ {
#ifdef CONFIG_MODULE_SIG #ifdef CONFIG_MODULE_SIG
-- --
1.8.4.2 1.8.5.3
From e9ad6bd405fa01b7dd52d8c75b9dc91ae52e131d Mon Sep 17 00:00:00 2001 From 00f0cb47385ccf3b3dab4d94a1a286c9d2327cf3 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com> From: Josh Boyer <jwboyer@redhat.com>
Date: Tue, 5 Feb 2013 19:25:05 -0500 Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode
@ -759,10 +759,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 19 insertions(+), 1 deletion(-) 1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 4e172e9..4905f4d 100644 index b00745ff398a..bf42cc5f083d 100644
--- a/arch/x86/boot/compressed/eboot.c --- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c
@@ -744,8 +744,9 @@ free_mem_map: @@ -812,8 +812,9 @@ out:
static int get_secure_boot(void) static int get_secure_boot(void)
{ {
@ -773,7 +773,7 @@ index 4e172e9..4905f4d 100644
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
efi_status_t status; efi_status_t status;
@@ -769,6 +770,23 @@ static int get_secure_boot(void) @@ -837,6 +838,23 @@ static int get_secure_boot(void)
if (setup == 1) if (setup == 1)
return 0; return 0;
@ -798,10 +798,10 @@ index 4e172e9..4905f4d 100644
} }
-- --
1.8.4.2 1.8.5.3
From f9f355d5e58c1503bb7c03d92c9e89267e0f46ad Mon Sep 17 00:00:00 2001 From e058a830573fcf283ae17b412d10313140f489a4 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400 Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
@ -815,11 +815,11 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 2a147a3..9e644d5 100644 index ba517988f087..34144e88208e 100644
--- a/arch/x86/Kconfig --- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig +++ b/arch/x86/Kconfig
@@ -1583,7 +1583,8 @@ config EFI_STUB @@ -1600,7 +1600,8 @@ config EFI_MIXED
See Documentation/efi-stub.txt for more information. If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE config EFI_SECURE_BOOT_SIG_ENFORCE
- def_bool n - def_bool n
@ -829,10 +829,10 @@ index 2a147a3..9e644d5 100644
---help--- ---help---
UEFI Secure Boot provides a mechanism for ensuring that the UEFI Secure Boot provides a mechanism for ensuring that the
-- --
1.8.4.2 1.8.5.3
From a30576a9db583213474b74360c5869e8882e6ed7 Mon Sep 17 00:00:00 2001 From a523b1823cbde3933269ccf10c147f7f1961a7cc Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400 Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit
@ -847,31 +847,31 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+) 2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index ab6cc9e..99933cd 100644 index aa227f68687c..9991a533f3e1 100644
--- a/arch/x86/kernel/setup.c --- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c
@@ -1131,7 +1131,9 @@ void __init setup_arch(char **cmdline_p) @@ -1145,7 +1145,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) { if (boot_params.secure_boot) {
+ set_bit(EFI_SECURE_BOOT, &x86_efi_facility); + set_bit(EFI_SECURE_BOOT, &efi.flags);
enforce_signed_modules(); enforce_signed_modules();
+ pr_info("Secure boot enabled\n"); + pr_info("Secure boot enabled\n");
} }
#endif #endif
diff --git a/include/linux/efi.h b/include/linux/efi.h diff --git a/include/linux/efi.h b/include/linux/efi.h
index 0a819e7..0c1d367 100644 index 6c100ff0cae4..3a77a70fff27 100644
--- a/include/linux/efi.h --- a/include/linux/efi.h
+++ b/include/linux/efi.h +++ b/include/linux/efi.h
@@ -657,6 +657,7 @@ extern int __init efi_setup_pcdp_console(char *); @@ -899,6 +899,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_MEMMAP 4 /* Can we use EFI memory map? */ #define EFI_MEMMAP 4 /* Can we use EFI memory map? */
#define EFI_64BIT 5 /* Is the firmware 64-bit? */ #define EFI_64BIT 5 /* Is the firmware 64-bit? */
#define EFI_ARCH_1 6 /* First arch-specific bit */ #define EFI_ARCH_1 6 /* First arch-specific bit */
+#define EFI_SECURE_BOOT 7 /* Are we in Secure Boot mode? */ +#define EFI_SECURE_BOOT 7 /* Are we in Secure Boot mode? */
#ifdef CONFIG_EFI #ifdef CONFIG_EFI
# ifdef CONFIG_X86 /*
-- --
1.8.4.2 1.8.5.3

2
sources
View File

@ -1,3 +1,3 @@
b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
d36baf2d62de5aa61f10a976d00d2d2a perf-man-3.14.tar.gz d36baf2d62de5aa61f10a976d00d2d2a perf-man-3.14.tar.gz
39ee6dd9933116c9281479e17f7ffea0 patch-3.14-git1.xz d3007f1995961ff098f7a60c1897d2a7 patch-3.14-git2.xz