From 208228cebd8a9b5af5da4e12e3d90e4a03679cf0 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 5 Jan 2015 16:09:49 -0500 Subject: [PATCH] Linux v3.19-rc2 - Temporarily disable aarch64patches - Happy New Year --- ARM-tegra-usb-no-reset.patch | 4 +- Add-EFI-signature-data-types.patch | 6 +- ...signature-blob-parser-and-key-loader.patch | 4 +- ...tomatically-enforce-module-signature.patch | 16 +- Add-secure_modules-call.patch | 10 +- ...q-option-to-disable-secure-boot-mode.patch | 6 +- ...port-for-MS-Surface-Pro-3-Type-Cover.patch | 84 --- ...add-driver-for-the-Goodix-touchpanel.patch | 479 ------------------ KEYS-Add-a-system-blacklist-keyring.patch | 4 +- Kbuild-Add-an-option-to-enable-GCC-VTA.patch | 6 +- ...t-certificates-from-UEFI-Secure-Boot.patch | 12 +- Makefile | 1 + Makefile.release | 2 +- ...R-access-when-module-security-is-ena.patch | 8 +- ...-and-dev-kmem-when-module-loading-is.patch | 6 +- ...PI-video-change-acpi-video-brightnes.patch | 6 +- ..._rsdp-kernel-parameter-when-module-l.patch | 2 +- ...am335x-boneblack-add-cpu0-opp-points.patch | 2 +- ...am335x-boneblack-lcdc-add-panel-info.patch | 5 +- arm-dts-sun7i-bananapi.patch | 213 -------- ...t-debugfs-interface-when-module-load.patch | 8 +- ath9k-rx-dma-stop-check.patch | 6 +- ...itialized-kobject-at-CPU-hotplugging.patch | 79 --- ...ARN-about-two-consecutive-Country-IE.patch | 41 -- config-arm-generic | 4 + config-arm64 | 10 + config-armv7 | 11 +- config-armv7-generic | 34 +- config-debug | 3 + config-generic | 59 ++- config-nodebug | 3 + config-powerpc-generic | 2 + config-powerpc64 | 4 + config-powerpc64p7 | 4 + config-s390x | 1 + config-x86-32-generic | 2 + config-x86-generic | 9 + config-x86_64-generic | 2 + crash-driver.patch | 6 +- criu-no-expert.patch | 6 +- disable-i8042-check-on-apple-mac.patch | 6 +- ...lag-was-mistakenly-being-cleared-whe.patch | 42 -- ...rious-cell_defer-when-dealing-with-p.patch | 40 -- ...e-overwrite-optimisation-for-promoti.patch | 32 -- drm-i915-hush-check-crtc-state.patch | 4 +- efi-Add-EFI_SECURE_BOOT-bit.patch | 8 +- ...ure-boot-if-shim-is-in-insecure-mode.patch | 2 +- ...ECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch | 4 +- ...date-the-setgroups-permission-checks.patch | 90 ---- ...able-in-a-signed-modules-environment.patch | 8 +- input-kill-stupid-messages.patch | 2 +- input-silence-i8042-noise.patch | 6 +- ...Fix-infinite-looping-over-CE-entries.patch | 54 -- kernel.spec | 111 +--- ...-runtime-if-the-kernel-enforces-modu.patch | 2 +- ...dd-MNT_NODEV-on-remount-when-it-was-.patch | 41 -- mnt-Update-unprivileged-remount-test.patch | 280 ---------- no-pcspkr-modalias.patch | 2 +- ...trl-single-must-be-initialized-early.patch | 4 +- ...owernv-force-all-CPUs-to-be-bootable.patch | 46 -- ...validate_disk-prevent-NULL-ptr-deref.patch | 4 +- silence-fbcon-logo.patch | 4 +- ...t_core_user.h-fix-headers_install.sh.patch | 36 -- ...nt-Disallow-unprivileged-mount-force.patch | 33 -- ...b-to-disable-setgroups-on-a-per-user.patch | 280 ---------- ...ting-gid_maps-without-privilege-when.patch | 40 -- ...d-no-fsuid-when-establishing-an-unpr.patch | 39 -- ...what-the-invariant-required-for-safe.patch | 48 -- ...ow-setgroups-until-a-gid-mapping-has.patch | 98 ---- ...ow-unprivileged-creation-of-gid-mapp.patch | 46 -- ...w-the-creator-of-the-userns-unprivil.patch | 54 -- ...e-id_map_mutex-to-userns_state_mutex.patch | 80 --- ...break-the-unprivileged-remount-tests.patch | 91 ---- ...-port-access-when-module-security-is.patch | 4 +- ...-access-when-module-loading-is-restr.patch | 6 +- ...ravirt_enabled-on-KVM-guests-for-esp.patch | 72 --- ...lidate-TLS-entries-to-protect-espfix.patch | 77 --- 77 files changed, 248 insertions(+), 2718 deletions(-) delete mode 100644 HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch delete mode 100644 Input-add-driver-for-the-Goodix-touchpanel.patch delete mode 100644 arm-dts-sun7i-bananapi.patch delete mode 100644 blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch delete mode 100644 cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch delete mode 100644 dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch delete mode 100644 dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch delete mode 100644 dm-cache-only-use-overwrite-optimisation-for-promoti.patch delete mode 100644 groups-Consolidate-the-setgroups-permission-checks.patch delete mode 100644 isofs-Fix-infinite-looping-over-CE-entries.patch delete mode 100644 mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch delete mode 100644 mnt-Update-unprivileged-remount-test.patch delete mode 100644 powerpc-powernv-force-all-CPUs-to-be-bootable.patch delete mode 100644 uapi-linux-target_core_user.h-fix-headers_install.sh.patch delete mode 100644 umount-Disallow-unprivileged-mount-force.patch delete mode 100644 userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch delete mode 100644 userns-Allow-setting-gid_maps-without-privilege-when.patch delete mode 100644 userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch delete mode 100644 userns-Document-what-the-invariant-required-for-safe.patch delete mode 100644 userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch delete mode 100644 userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch delete mode 100644 userns-Only-allow-the-creator-of-the-userns-unprivil.patch delete mode 100644 userns-Rename-id_map_mutex-to-userns_state_mutex.patch delete mode 100644 userns-Unbreak-the-unprivileged-remount-tests.patch delete mode 100644 x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch delete mode 100644 x86-tls-Validate-TLS-entries-to-protect-espfix.patch diff --git a/ARM-tegra-usb-no-reset.patch b/ARM-tegra-usb-no-reset.patch index 2b1058b26..c356aec66 100644 --- a/ARM-tegra-usb-no-reset.patch +++ b/ARM-tegra-usb-no-reset.patch @@ -9,10 +9,10 @@ Patch for disconnect issues with storage attached to a 1 file changed, 7 insertions(+) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index b649fef2e35d..fb89290710ad 100644 +index aeb50bb6ba9c..5859e12dd498 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c -@@ -5023,6 +5023,13 @@ static void hub_event(struct work_struct *work) +@@ -5021,6 +5021,13 @@ static void hub_event(struct work_struct *work) (u16) hub->change_bits[0], (u16) hub->event_bits[0]); diff --git a/Add-EFI-signature-data-types.patch b/Add-EFI-signature-data-types.patch index 8a9a9f5fb..c19381982 100644 --- a/Add-EFI-signature-data-types.patch +++ b/Add-EFI-signature-data-types.patch @@ -14,10 +14,10 @@ Signed-off-by: David Howells 1 file changed, 20 insertions(+) diff --git a/include/linux/efi.h b/include/linux/efi.h -index 130ba866a24a..58d7feadd149 100644 +index 16ec1c00919d..b7cb7dc5ebb4 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -586,6 +586,12 @@ void efi_native_runtime_setup(void); +@@ -589,6 +589,12 @@ void efi_native_runtime_setup(void); #define DEVICE_TREE_GUID \ EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 ) @@ -30,7 +30,7 @@ index 130ba866a24a..58d7feadd149 100644 typedef struct { efi_guid_t guid; u64 table; -@@ -801,6 +807,20 @@ typedef struct _efi_file_io_interface { +@@ -804,6 +810,20 @@ typedef struct _efi_file_io_interface { #define EFI_INVALID_TABLE_ADDR (~0UL) diff --git a/Add-an-EFI-signature-blob-parser-and-key-loader.patch b/Add-an-EFI-signature-blob-parser-and-key-loader.patch index 7c5c7e7cd..978a3fc72 100644 --- a/Add-an-EFI-signature-blob-parser-and-key-loader.patch +++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch @@ -159,10 +159,10 @@ index 000000000000..424896a0b169 + return 0; +} diff --git a/include/linux/efi.h b/include/linux/efi.h -index 58d7feadd149..b1d686e9175e 100644 +index b7cb7dc5ebb4..fb972b96959a 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -919,6 +919,10 @@ extern bool efi_poweroff_required(void); +@@ -923,6 +923,10 @@ extern bool efi_poweroff_required(void); char * __init efi_md_typeattr_format(char *buf, size_t size, const efi_memory_desc_t *md); diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch index a4ceb74e3..39c63fc02 100644 --- a/Add-option-to-automatically-enforce-module-signature.patch +++ b/Add-option-to-automatically-enforce-module-signature.patch @@ -33,10 +33,10 @@ index 199f453cb4de..ec38acf00b40 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 41a503c15862..7b8969db8398 100644 +index ba397bde7948..d4c55ee9f1ac 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1611,6 +1611,16 @@ config EFI_MIXED +@@ -1656,6 +1656,16 @@ config EFI_MIXED If unsure, say N. @@ -54,7 +54,7 @@ index 41a503c15862..7b8969db8398 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 1acf605a646d..6da2da7ac9c3 100644 +index 92b9a5f2aed6..2192da755e34 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -12,6 +12,7 @@ @@ -129,10 +129,10 @@ index 225b0988043a..90dbfb73e11f 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index ab08aa2276fb..f4eb99432db1 100644 +index ab4734e5411d..5d52d67d5097 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1150,6 +1150,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1152,6 +1152,12 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); @@ -146,7 +146,7 @@ index ab08aa2276fb..f4eb99432db1 100644 * Parse the ACPI tables for possible boot-time SMP configuration. */ diff --git a/include/linux/module.h b/include/linux/module.h -index 341a73ecea2e..cca08ac450e2 100644 +index 089de6be8062..6a586a83ba7e 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); @@ -163,10 +163,10 @@ index 341a73ecea2e..cca08ac450e2 100644 extern int modules_disabled; /* for sysctl */ diff --git a/kernel/module.c b/kernel/module.c -index 6507ffcb5445..cace4bd04956 100644 +index fd8c5495fdc6..5f8c11de61fe 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -3845,6 +3845,13 @@ void module_layout(struct module *mod, +@@ -3851,6 +3851,13 @@ void module_layout(struct module *mod, EXPORT_SYMBOL(module_layout); #endif diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch index d68a7e103..f517ccf02 100644 --- a/Add-secure_modules-call.patch +++ b/Add-secure_modules-call.patch @@ -16,10 +16,10 @@ Signed-off-by: Matthew Garrett 2 files changed, 17 insertions(+) diff --git a/include/linux/module.h b/include/linux/module.h -index 71f282a4e307..341a73ecea2e 100644 +index ebfb0e153c6a..089de6be8062 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb); +@@ -502,6 +502,8 @@ int unregister_module_notifier(struct notifier_block *nb); extern void print_modules(void); @@ -28,7 +28,7 @@ index 71f282a4e307..341a73ecea2e 100644 #else /* !CONFIG_MODULES... */ /* Given an address, look for it in the exception tables. */ -@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb) +@@ -612,6 +614,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb) static inline void print_modules(void) { } @@ -41,10 +41,10 @@ index 71f282a4e307..341a73ecea2e 100644 #ifdef CONFIG_SYSFS diff --git a/kernel/module.c b/kernel/module.c -index 88cec1ddb1e3..6507ffcb5445 100644 +index 3965511ae133..fd8c5495fdc6 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -3844,3 +3844,13 @@ void module_layout(struct module *mod, +@@ -3850,3 +3850,13 @@ void module_layout(struct module *mod, } EXPORT_SYMBOL(module_layout); #endif diff --git a/Add-sysrq-option-to-disable-secure-boot-mode.patch b/Add-sysrq-option-to-disable-secure-boot-mode.patch index e0c567d78..ef8827fda 100644 --- a/Add-sysrq-option-to-disable-secure-boot-mode.patch +++ b/Add-sysrq-option-to-disable-secure-boot-mode.patch @@ -15,7 +15,7 @@ Upstream-status: Fedora mustard 7 files changed, 65 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index bc31a43b31a0..5f80d12a55cb 100644 +index b40d6174242f..0ee7749bad74 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -70,6 +70,11 @@ @@ -228,10 +228,10 @@ index 379650b984f8..070f29fefdc2 100644 return 0; diff --git a/kernel/module.c b/kernel/module.c -index cace4bd04956..a33be993df25 100644 +index 5f8c11de61fe..13bed977f554 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -108,9 +108,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */ +@@ -107,9 +107,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */ #ifdef CONFIG_MODULE_SIG #ifdef CONFIG_MODULE_SIG_FORCE diff --git a/HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch b/HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch deleted file mode 100644 index 357ad1932..000000000 --- a/HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch +++ /dev/null @@ -1,84 +0,0 @@ -From: Alan Wu -Date: Mon, 3 Nov 2014 18:26:12 -0800 -Subject: [PATCH] HID: add support for MS Surface Pro 3 Type Cover - -Surface Pro 3 Type Cover that works with Ubuntu (and possibly Arch) from this thread. Both trackpad and keyboard work after compiling my own kernel. -http://ubuntuforums.org/showthread.php?t=2231207&page=2&s=44910e0c56047e4f93dfd9fea58121ef - -Also includes Jarrad Whitaker's message which sources -http://winaero.com/blog/how-to-install-linux-on-surface-pro-3/ -which he says is sourced from a Russian site - -Signed-off-by: Alan Wu -Signed-off-by: Jiri Kosina ---- - drivers/hid/hid-core.c | 6 ++++++ - drivers/hid/hid-ids.h | 1 + - drivers/hid/hid-microsoft.c | 2 ++ - drivers/hid/usbhid/hid-quirks.c | 1 + - 4 files changed, 10 insertions(+) - -diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 3402033fa52a..3d3820ecaa49 100644 ---- a/drivers/hid/hid-core.c -+++ b/drivers/hid/hid-core.c -@@ -702,6 +702,11 @@ static void hid_scan_collection(struct hid_parser *parser, unsigned type) - if (((parser->global.usage_page << 16) == HID_UP_SENSOR) && - type == HID_COLLECTION_PHYSICAL) - hid->group = HID_GROUP_SENSOR_HUB; -+ -+ if (hid->vendor == USB_VENDOR_ID_MICROSOFT && -+ hid->product == USB_DEVICE_ID_MS_TYPE_COVER_3 && -+ hid->group == HID_GROUP_MULTITOUCH) -+ hid->group = HID_GROUP_GENERIC; - } - - static int hid_scan_main(struct hid_parser *parser, struct hid_item *item) -@@ -1862,6 +1867,7 @@ static const struct hid_device_id hid_have_special_driver[] = { - { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_DIGITAL_MEDIA_3K) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_WIRELESS_OPTICAL_DESKTOP_3_0) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_OFFICE_KB) }, -+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_3) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MONTEREY, USB_DEVICE_ID_GENIUS_KB29E) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MSI, USB_DEVICE_ID_MSI_GT683R_LED_PANEL) }, - { HID_USB_DEVICE(USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_TOUCH_SCREEN) }, -diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h -index 7c863738e419..ab562f41c00c 100644 ---- a/drivers/hid/hid-ids.h -+++ b/drivers/hid/hid-ids.h -@@ -649,6 +649,7 @@ - #define USB_DEVICE_ID_MS_SURFACE_PRO_2 0x0799 - #define USB_DEVICE_ID_MS_TOUCH_COVER_2 0x07a7 - #define USB_DEVICE_ID_MS_TYPE_COVER_2 0x07a9 -+#define USB_DEVICE_ID_MS_TYPE_COVER_3 0x07dc - - #define USB_VENDOR_ID_MOJO 0x8282 - #define USB_DEVICE_ID_RETRO_ADAPTER 0x3201 -diff --git a/drivers/hid/hid-microsoft.c b/drivers/hid/hid-microsoft.c -index 8ba17a946f2a..cacda43f6a6f 100644 ---- a/drivers/hid/hid-microsoft.c -+++ b/drivers/hid/hid-microsoft.c -@@ -274,6 +274,8 @@ static const struct hid_device_id ms_devices[] = { - .driver_data = MS_NOGET }, - { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_COMFORT_MOUSE_4500), - .driver_data = MS_DUPLICATE_USAGES }, -+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_3), -+ .driver_data = MS_HIDINPUT }, - - { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_PRESENTER_8K_BT), - .driver_data = MS_PRESENTER }, -diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c -index 552671ee7c5d..41814fced1cc 100644 ---- a/drivers/hid/usbhid/hid-quirks.c -+++ b/drivers/hid/usbhid/hid-quirks.c -@@ -78,6 +78,7 @@ static const struct hid_blacklist { - { USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS }, - { USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET }, - { USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS, HID_QUIRK_NOGET }, -+ { USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_3, HID_QUIRK_NO_INIT_REPORTS }, - { USB_VENDOR_ID_MSI, USB_DEVICE_ID_MSI_GT683R_LED_PANEL, HID_QUIRK_NO_INIT_REPORTS }, - { USB_VENDOR_ID_NEXIO, USB_DEVICE_ID_NEXIO_MULTITOUCH_PTI0750, HID_QUIRK_NO_INIT_REPORTS }, - { USB_VENDOR_ID_NOVATEK, USB_DEVICE_ID_NOVATEK_MOUSE, HID_QUIRK_NO_INIT_REPORTS }, --- -2.1.0 - diff --git a/Input-add-driver-for-the-Goodix-touchpanel.patch b/Input-add-driver-for-the-Goodix-touchpanel.patch deleted file mode 100644 index 30004ff92..000000000 --- a/Input-add-driver-for-the-Goodix-touchpanel.patch +++ /dev/null @@ -1,479 +0,0 @@ -From: Bastien Nocera -Date: Fri, 31 Oct 2014 09:26:16 -0700 -Subject: [PATCH] Input: add driver for the Goodix touchpanel - -Add a driver for the Goodix touchscreen panel found in Onda v975w tablets. -The driver is based off the Android driver gt9xx.c found in some Android -code dumps, but now bears no resemblance to the original driver. - -The driver was tested on the aforementioned tablet. - -Signed-off-by: Bastien Nocera -Tested-by: Bastien Nocera -Signed-off-by: Benjamin Tissoires -Signed-off-by: Dmitry Torokhov ---- - MAINTAINERS | 6 + - drivers/input/touchscreen/Kconfig | 13 ++ - drivers/input/touchscreen/Makefile | 1 + - drivers/input/touchscreen/goodix.c | 395 +++++++++++++++++++++++++++++++++++++ - 4 files changed, 415 insertions(+) - create mode 100644 drivers/input/touchscreen/goodix.c - -diff --git a/MAINTAINERS b/MAINTAINERS -index c721042e7e45..738708f8b75f 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -4154,6 +4154,12 @@ L: linux-media@vger.kernel.org - S: Maintained - F: drivers/media/usb/go7007/ - -+GOODIX TOUCHSCREEN -+M: Bastien Nocera -+L: linux-input@vger.kernel.org -+S: Maintained -+F: drivers/input/touchscreen/goodix.c -+ - GPIO SUBSYSTEM - M: Linus Walleij - M: Alexandre Courbot -diff --git a/drivers/input/touchscreen/Kconfig b/drivers/input/touchscreen/Kconfig -index e1d8003d01f8..568a0200fbc2 100644 ---- a/drivers/input/touchscreen/Kconfig -+++ b/drivers/input/touchscreen/Kconfig -@@ -295,6 +295,19 @@ config TOUCHSCREEN_FUJITSU - To compile this driver as a module, choose M here: the - module will be called fujitsu-ts. - -+config TOUCHSCREEN_GOODIX -+ tristate "Goodix I2C touchscreen" -+ depends on I2C && ACPI -+ help -+ Say Y here if you have the Goodix touchscreen (such as one -+ installed in Onda v975w tablets) connected to your -+ system. -+ -+ If unsure, say N. -+ -+ To compile this driver as a module, choose M here: the -+ module will be called goodix. -+ - config TOUCHSCREEN_ILI210X - tristate "Ilitek ILI210X based touchscreen" - depends on I2C -diff --git a/drivers/input/touchscreen/Makefile b/drivers/input/touchscreen/Makefile -index 090e61cc9171..dab4a56ac98e 100644 ---- a/drivers/input/touchscreen/Makefile -+++ b/drivers/input/touchscreen/Makefile -@@ -34,6 +34,7 @@ obj-$(CONFIG_TOUCHSCREEN_EETI) += eeti_ts.o - obj-$(CONFIG_TOUCHSCREEN_ELO) += elo.o - obj-$(CONFIG_TOUCHSCREEN_EGALAX) += egalax_ts.o - obj-$(CONFIG_TOUCHSCREEN_FUJITSU) += fujitsu_ts.o -+obj-$(CONFIG_TOUCHSCREEN_GOODIX) += goodix.o - obj-$(CONFIG_TOUCHSCREEN_ILI210X) += ili210x.o - obj-$(CONFIG_TOUCHSCREEN_INEXIO) += inexio.o - obj-$(CONFIG_TOUCHSCREEN_INTEL_MID) += intel-mid-touch.o -diff --git a/drivers/input/touchscreen/goodix.c b/drivers/input/touchscreen/goodix.c -new file mode 100644 -index 000000000000..ca196689f025 ---- /dev/null -+++ b/drivers/input/touchscreen/goodix.c -@@ -0,0 +1,395 @@ -+/* -+ * Driver for Goodix Touchscreens -+ * -+ * Copyright (c) 2014 Red Hat Inc. -+ * -+ * This code is based on gt9xx.c authored by andrew@goodix.com: -+ * -+ * 2010 - 2012 Goodix Technology. -+ */ -+ -+/* -+ * This program is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License as published by the Free -+ * Software Foundation; version 2 of the License. -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+struct goodix_ts_data { -+ struct i2c_client *client; -+ struct input_dev *input_dev; -+ int abs_x_max; -+ int abs_y_max; -+ unsigned int max_touch_num; -+ unsigned int int_trigger_type; -+}; -+ -+#define GOODIX_MAX_HEIGHT 4096 -+#define GOODIX_MAX_WIDTH 4096 -+#define GOODIX_INT_TRIGGER 1 -+#define GOODIX_CONTACT_SIZE 8 -+#define GOODIX_MAX_CONTACTS 10 -+ -+#define GOODIX_CONFIG_MAX_LENGTH 240 -+ -+/* Register defines */ -+#define GOODIX_READ_COOR_ADDR 0x814E -+#define GOODIX_REG_CONFIG_DATA 0x8047 -+#define GOODIX_REG_VERSION 0x8140 -+ -+#define RESOLUTION_LOC 1 -+#define TRIGGER_LOC 6 -+ -+static const unsigned long goodix_irq_flags[] = { -+ IRQ_TYPE_EDGE_RISING, -+ IRQ_TYPE_EDGE_FALLING, -+ IRQ_TYPE_LEVEL_LOW, -+ IRQ_TYPE_LEVEL_HIGH, -+}; -+ -+/** -+ * goodix_i2c_read - read data from a register of the i2c slave device. -+ * -+ * @client: i2c device. -+ * @reg: the register to read from. -+ * @buf: raw write data buffer. -+ * @len: length of the buffer to write -+ */ -+static int goodix_i2c_read(struct i2c_client *client, -+ u16 reg, u8 *buf, int len) -+{ -+ struct i2c_msg msgs[2]; -+ u16 wbuf = cpu_to_be16(reg); -+ int ret; -+ -+ msgs[0].flags = 0; -+ msgs[0].addr = client->addr; -+ msgs[0].len = 2; -+ msgs[0].buf = (u8 *) &wbuf; -+ -+ msgs[1].flags = I2C_M_RD; -+ msgs[1].addr = client->addr; -+ msgs[1].len = len; -+ msgs[1].buf = buf; -+ -+ ret = i2c_transfer(client->adapter, msgs, 2); -+ return ret < 0 ? ret : (ret != ARRAY_SIZE(msgs) ? -EIO : 0); -+} -+ -+static int goodix_ts_read_input_report(struct goodix_ts_data *ts, u8 *data) -+{ -+ int touch_num; -+ int error; -+ -+ error = goodix_i2c_read(ts->client, GOODIX_READ_COOR_ADDR, data, -+ GOODIX_CONTACT_SIZE + 1); -+ if (error) { -+ dev_err(&ts->client->dev, "I2C transfer error: %d\n", error); -+ return error; -+ } -+ -+ touch_num = data[0] & 0x0f; -+ if (touch_num > GOODIX_MAX_CONTACTS) -+ return -EPROTO; -+ -+ if (touch_num > 1) { -+ data += 1 + GOODIX_CONTACT_SIZE; -+ error = goodix_i2c_read(ts->client, -+ GOODIX_READ_COOR_ADDR + -+ 1 + GOODIX_CONTACT_SIZE, -+ data, -+ GOODIX_CONTACT_SIZE * (touch_num - 1)); -+ if (error) -+ return error; -+ } -+ -+ return touch_num; -+} -+ -+static void goodix_ts_report_touch(struct goodix_ts_data *ts, u8 *coor_data) -+{ -+ int id = coor_data[0] & 0x0F; -+ int input_x = get_unaligned_le16(&coor_data[1]); -+ int input_y = get_unaligned_le16(&coor_data[3]); -+ int input_w = get_unaligned_le16(&coor_data[5]); -+ -+ input_mt_slot(ts->input_dev, id); -+ input_mt_report_slot_state(ts->input_dev, MT_TOOL_FINGER, true); -+ input_report_abs(ts->input_dev, ABS_MT_POSITION_X, input_x); -+ input_report_abs(ts->input_dev, ABS_MT_POSITION_Y, input_y); -+ input_report_abs(ts->input_dev, ABS_MT_TOUCH_MAJOR, input_w); -+ input_report_abs(ts->input_dev, ABS_MT_WIDTH_MAJOR, input_w); -+} -+ -+/** -+ * goodix_process_events - Process incoming events -+ * -+ * @ts: our goodix_ts_data pointer -+ * -+ * Called when the IRQ is triggered. Read the current device state, and push -+ * the input events to the user space. -+ */ -+static void goodix_process_events(struct goodix_ts_data *ts) -+{ -+ u8 point_data[1 + GOODIX_CONTACT_SIZE * GOODIX_MAX_CONTACTS]; -+ int touch_num; -+ int i; -+ -+ touch_num = goodix_ts_read_input_report(ts, point_data); -+ if (touch_num < 0) -+ return; -+ -+ for (i = 0; i < touch_num; i++) -+ goodix_ts_report_touch(ts, -+ &point_data[1 + GOODIX_CONTACT_SIZE * i]); -+ -+ input_mt_sync_frame(ts->input_dev); -+ input_sync(ts->input_dev); -+} -+ -+/** -+ * goodix_ts_irq_handler - The IRQ handler -+ * -+ * @irq: interrupt number. -+ * @dev_id: private data pointer. -+ */ -+static irqreturn_t goodix_ts_irq_handler(int irq, void *dev_id) -+{ -+ static const u8 end_cmd[] = { -+ GOODIX_READ_COOR_ADDR >> 8, -+ GOODIX_READ_COOR_ADDR & 0xff, -+ 0 -+ }; -+ struct goodix_ts_data *ts = dev_id; -+ -+ goodix_process_events(ts); -+ -+ if (i2c_master_send(ts->client, end_cmd, sizeof(end_cmd)) < 0) -+ dev_err(&ts->client->dev, "I2C write end_cmd error\n"); -+ -+ return IRQ_HANDLED; -+} -+ -+/** -+ * goodix_read_config - Read the embedded configuration of the panel -+ * -+ * @ts: our goodix_ts_data pointer -+ * -+ * Must be called during probe -+ */ -+static void goodix_read_config(struct goodix_ts_data *ts) -+{ -+ u8 config[GOODIX_CONFIG_MAX_LENGTH]; -+ int error; -+ -+ error = goodix_i2c_read(ts->client, GOODIX_REG_CONFIG_DATA, -+ config, -+ GOODIX_CONFIG_MAX_LENGTH); -+ if (error) { -+ dev_warn(&ts->client->dev, -+ "Error reading config (%d), using defaults\n", -+ error); -+ ts->abs_x_max = GOODIX_MAX_WIDTH; -+ ts->abs_y_max = GOODIX_MAX_HEIGHT; -+ ts->int_trigger_type = GOODIX_INT_TRIGGER; -+ return; -+ } -+ -+ ts->abs_x_max = get_unaligned_le16(&config[RESOLUTION_LOC]); -+ ts->abs_y_max = get_unaligned_le16(&config[RESOLUTION_LOC + 2]); -+ ts->int_trigger_type = (config[TRIGGER_LOC]) & 0x03; -+ if (!ts->abs_x_max || !ts->abs_y_max) { -+ dev_err(&ts->client->dev, -+ "Invalid config, using defaults\n"); -+ ts->abs_x_max = GOODIX_MAX_WIDTH; -+ ts->abs_y_max = GOODIX_MAX_HEIGHT; -+ } -+} -+ -+ -+/** -+ * goodix_read_version - Read goodix touchscreen version -+ * -+ * @client: the i2c client -+ * @version: output buffer containing the version on success -+ */ -+static int goodix_read_version(struct i2c_client *client, u16 *version) -+{ -+ int error; -+ u8 buf[6]; -+ -+ error = goodix_i2c_read(client, GOODIX_REG_VERSION, buf, sizeof(buf)); -+ if (error) { -+ dev_err(&client->dev, "read version failed: %d\n", error); -+ return error; -+ } -+ -+ if (version) -+ *version = get_unaligned_le16(&buf[4]); -+ -+ dev_info(&client->dev, "IC VERSION: %6ph\n", buf); -+ -+ return 0; -+} -+ -+/** -+ * goodix_i2c_test - I2C test function to check if the device answers. -+ * -+ * @client: the i2c client -+ */ -+static int goodix_i2c_test(struct i2c_client *client) -+{ -+ int retry = 0; -+ int error; -+ u8 test; -+ -+ while (retry++ < 2) { -+ error = goodix_i2c_read(client, GOODIX_REG_CONFIG_DATA, -+ &test, 1); -+ if (!error) -+ return 0; -+ -+ dev_err(&client->dev, "i2c test failed attempt %d: %d\n", -+ retry, error); -+ msleep(20); -+ } -+ -+ return error; -+} -+ -+/** -+ * goodix_request_input_dev - Allocate, populate and register the input device -+ * -+ * @ts: our goodix_ts_data pointer -+ * -+ * Must be called during probe -+ */ -+static int goodix_request_input_dev(struct goodix_ts_data *ts) -+{ -+ int error; -+ -+ ts->input_dev = devm_input_allocate_device(&ts->client->dev); -+ if (!ts->input_dev) { -+ dev_err(&ts->client->dev, "Failed to allocate input device."); -+ return -ENOMEM; -+ } -+ -+ ts->input_dev->evbit[0] = BIT_MASK(EV_SYN) | -+ BIT_MASK(EV_KEY) | -+ BIT_MASK(EV_ABS); -+ -+ input_set_abs_params(ts->input_dev, ABS_MT_POSITION_X, 0, -+ ts->abs_x_max, 0, 0); -+ input_set_abs_params(ts->input_dev, ABS_MT_POSITION_Y, 0, -+ ts->abs_y_max, 0, 0); -+ input_set_abs_params(ts->input_dev, ABS_MT_WIDTH_MAJOR, 0, 255, 0, 0); -+ input_set_abs_params(ts->input_dev, ABS_MT_TOUCH_MAJOR, 0, 255, 0, 0); -+ -+ input_mt_init_slots(ts->input_dev, GOODIX_MAX_CONTACTS, -+ INPUT_MT_DIRECT | INPUT_MT_DROP_UNUSED); -+ -+ ts->input_dev->name = "Goodix Capacitive TouchScreen"; -+ ts->input_dev->phys = "input/ts"; -+ ts->input_dev->id.bustype = BUS_I2C; -+ ts->input_dev->id.vendor = 0x0416; -+ ts->input_dev->id.product = 0x1001; -+ ts->input_dev->id.version = 10427; -+ -+ error = input_register_device(ts->input_dev); -+ if (error) { -+ dev_err(&ts->client->dev, -+ "Failed to register input device: %d", error); -+ return error; -+ } -+ -+ return 0; -+} -+ -+static int goodix_ts_probe(struct i2c_client *client, -+ const struct i2c_device_id *id) -+{ -+ struct goodix_ts_data *ts; -+ unsigned long irq_flags; -+ int error; -+ u16 version_info; -+ -+ dev_dbg(&client->dev, "I2C Address: 0x%02x\n", client->addr); -+ -+ if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { -+ dev_err(&client->dev, "I2C check functionality failed.\n"); -+ return -ENXIO; -+ } -+ -+ ts = devm_kzalloc(&client->dev, sizeof(*ts), GFP_KERNEL); -+ if (!ts) -+ return -ENOMEM; -+ -+ ts->client = client; -+ i2c_set_clientdata(client, ts); -+ -+ error = goodix_i2c_test(client); -+ if (error) { -+ dev_err(&client->dev, "I2C communication failure: %d\n", error); -+ return error; -+ } -+ -+ error = goodix_read_version(client, &version_info); -+ if (error) { -+ dev_err(&client->dev, "Read version failed.\n"); -+ return error; -+ } -+ -+ goodix_read_config(ts); -+ -+ error = goodix_request_input_dev(ts); -+ if (error) -+ return error; -+ -+ irq_flags = goodix_irq_flags[ts->int_trigger_type] | IRQF_ONESHOT; -+ error = devm_request_threaded_irq(&ts->client->dev, client->irq, -+ NULL, goodix_ts_irq_handler, -+ irq_flags, client->name, ts); -+ if (error) { -+ dev_err(&client->dev, "request IRQ failed: %d\n", error); -+ return error; -+ } -+ -+ return 0; -+} -+ -+static const struct i2c_device_id goodix_ts_id[] = { -+ { "GDIX1001:00", 0 }, -+ { } -+}; -+ -+static const struct acpi_device_id goodix_acpi_match[] = { -+ { "GDIX1001", 0 }, -+ { } -+}; -+MODULE_DEVICE_TABLE(acpi, goodix_acpi_match); -+ -+static struct i2c_driver goodix_ts_driver = { -+ .probe = goodix_ts_probe, -+ .id_table = goodix_ts_id, -+ .driver = { -+ .name = "Goodix-TS", -+ .owner = THIS_MODULE, -+ .acpi_match_table = goodix_acpi_match, -+ }, -+}; -+module_i2c_driver(goodix_ts_driver); -+ -+MODULE_AUTHOR("Benjamin Tissoires "); -+MODULE_AUTHOR("Bastien Nocera "); -+MODULE_DESCRIPTION("Goodix touchscreen driver"); -+MODULE_LICENSE("GPL v2"); --- -2.1.0 - diff --git a/KEYS-Add-a-system-blacklist-keyring.patch b/KEYS-Add-a-system-blacklist-keyring.patch index 6e518e0cf..d1a77cfc8 100644 --- a/KEYS-Add-a-system-blacklist-keyring.patch +++ b/KEYS-Add-a-system-blacklist-keyring.patch @@ -29,10 +29,10 @@ index 72665eb80692..2c7b80d31366 100644 + #endif /* _KEYS_SYSTEM_KEYRING_H */ diff --git a/init/Kconfig b/init/Kconfig -index 2081a4d3d917..d99a519bb9ae 100644 +index 9afb971497f4..ea0dbdf29b75 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1747,6 +1747,15 @@ config SYSTEM_TRUSTED_KEYRING +@@ -1742,6 +1742,15 @@ config SYSTEM_TRUSTED_KEYRING Keys in this keyring are used by module signature checking. diff --git a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch index 7149ec3ac..fbbb55c29 100644 --- a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch +++ b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch @@ -43,10 +43,10 @@ Signed-off-by: Josh Stone 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 3f84029f2b31..46a182f02ac4 100644 +index ef748e17702f..1d3e1d1fa376 100644 --- a/Makefile +++ b/Makefile -@@ -704,7 +704,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer +@@ -705,7 +705,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer endif endif @@ -59,7 +59,7 @@ index 3f84029f2b31..46a182f02ac4 100644 ifdef CONFIG_DEBUG_INFO ifdef CONFIG_DEBUG_INFO_SPLIT diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 4e35a5d767ed..27410417de1d 100644 +index 5f2ce616c046..6525e2a5619a 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -165,7 +165,23 @@ config DEBUG_INFO_DWARF4 diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch index 672e711f7..3789cd79c 100644 --- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch +++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch @@ -25,10 +25,10 @@ Signed-off-by: Josh Boyer create mode 100644 kernel/modsign_uefi.c diff --git a/include/linux/efi.h b/include/linux/efi.h -index b1d686e9175e..4d41f4532127 100644 +index fb972b96959a..581878071c85 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -592,6 +592,12 @@ void efi_native_runtime_setup(void); +@@ -595,6 +595,12 @@ void efi_native_runtime_setup(void); #define EFI_CERT_X509_GUID \ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) @@ -42,10 +42,10 @@ index b1d686e9175e..4d41f4532127 100644 efi_guid_t guid; u64 table; diff --git a/init/Kconfig b/init/Kconfig -index d99a519bb9ae..9ef459bb44b2 100644 +index ea0dbdf29b75..dac9ed0f01f7 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1901,6 +1901,15 @@ config MODULE_SIG_ALL +@@ -1896,6 +1896,15 @@ config MODULE_SIG_ALL comment "Do not forget to sign required modules with scripts/sign-file" depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL @@ -62,7 +62,7 @@ index d99a519bb9ae..9ef459bb44b2 100644 prompt "Which hash algorithm should modules be signed with?" depends on MODULE_SIG diff --git a/kernel/Makefile b/kernel/Makefile -index 17ea6d4a9a24..381fe2d56ed1 100644 +index a59481a3fa6c..04b4ba9e0c9d 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -45,6 +45,7 @@ obj-$(CONFIG_UID16) += uid16.o @@ -73,7 +73,7 @@ index 17ea6d4a9a24..381fe2d56ed1 100644 obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_KEXEC) += kexec.o -@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o +@@ -98,6 +99,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o $(obj)/configs.o: $(obj)/config_data.h diff --git a/Makefile b/Makefile index 0cdc9beeb..4f11a034b 100644 --- a/Makefile +++ b/Makefile @@ -54,6 +54,7 @@ debug: @perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/' config-nodebug @perl -pi -e 's/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/' config-nodebug @perl -pi -e 's/# CONFIG_X86_PTDUMP is not set/CONFIG_X86_PTDUMP=y/' config-nodebug + @perl -pi -e 's/# CONFIG_ARM64_PTDUMP is not set/CONFIG_ARM64_PTDUMP=y/' config-nodebug @perl -pi -e 's/# CONFIG_EFI_PGT_DUMP is not set/CONFIG_EFI_PGT_DUMP=y/' config-nodebug @perl -pi -e 's/# CONFIG_CAN_DEBUG_DEVICES is not set/CONFIG_CAN_DEBUG_DEVICES=y/' config-nodebug @perl -pi -e 's/# CONFIG_MODULE_FORCE_UNLOAD is not set/CONFIG_MODULE_FORCE_UNLOAD=y/' config-nodebug diff --git a/Makefile.release b/Makefile.release index 6343073f9..f7b704237 100644 --- a/Makefile.release +++ b/Makefile.release @@ -33,7 +33,7 @@ config-release: @perl -pi -e 's/CONFIG_DEBUG_OBJECTS_WORK=y/# CONFIG_DEBUG_OBJECTS_WORK is not set/' config-nodebug @perl -pi -e 's/CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y/# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set/' config-nodebug @perl -pi -e 's/CONFIG_DEBUG_OBJECTS_RCU_HEAD=y/# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set/' config-nodebug - @perl -pi -e 's/CONFIG_X86_PTDUMP=y/# CONFIG_X86_PTDUMP is not set/' config-nodebug + @perl -pi -e 's/CONFIG_ARM64_PTDUMP=y/# CONFIG_ARM64_PTDUMP is not set/' config-nodebug @perl -pi -e 's/CONFIG_EFI_PGT_DUMP=y/# CONFIG_EFI_PGT_DUMP is not set/' config-nodebug @perl -pi -e 's/CONFIG_CAN_DEBUG_DEVICES=y/# CONFIG_CAN_DEBUG_DEVICES is not set/' config-nodebug @perl -pi -e 's/CONFIG_MODULE_FORCE_UNLOAD=y/# CONFIG_MODULE_FORCE_UNLOAD is not set/' config-nodebug diff --git a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch index a337a4a4c..9a234bcfc 100644 --- a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch +++ b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch @@ -16,7 +16,7 @@ Signed-off-by: Matthew Garrett 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 2c6643fdc0cf..56333630ab77 100644 +index aa012fb3834b..35cb5e9ff9a1 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -30,6 +30,7 @@ @@ -27,7 +27,7 @@ index 2c6643fdc0cf..56333630ab77 100644 #include "pci.h" static int sysfs_initialized; /* = 0 */ -@@ -703,6 +704,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, +@@ -709,6 +710,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, loff_t init_off = off; u8 *data = (u8 *) buf; @@ -37,7 +37,7 @@ index 2c6643fdc0cf..56333630ab77 100644 if (off > dev->cfg_size) return 0; if (off + count > dev->cfg_size) { -@@ -997,6 +1001,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, +@@ -1003,6 +1007,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, resource_size_t start, end; int i; @@ -47,7 +47,7 @@ index 2c6643fdc0cf..56333630ab77 100644 for (i = 0; i < PCI_ROM_RESOURCE; i++) if (res == &pdev->resource[i]) break; -@@ -1098,6 +1105,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, +@@ -1104,6 +1111,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { diff --git a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch index 0b8b5cc4c..dd42dbdf2 100644 --- a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch +++ b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch @@ -13,10 +13,10 @@ Signed-off-by: Matthew Garrett 1 file changed, 6 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index c268e2581ed6..fb9ea1172ba8 100644 +index fc9637812d78..dde50e5bf527 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c -@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, +@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, if (p != *ppos) return -EFBIG; @@ -26,7 +26,7 @@ index c268e2581ed6..fb9ea1172ba8 100644 if (!valid_phys_addr_range(p, count)) return -EFAULT; -@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, +@@ -505,6 +508,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ int err = 0; diff --git a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch index 94c8e9d63..cb163d4d5 100644 --- a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch +++ b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch @@ -15,10 +15,10 @@ Signed-off-by: Josh Boyer 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 479f33204a37..e362ef82dcc1 100644 +index 4df73da11adc..25ba093a98f1 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -3719,7 +3719,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -3792,7 +3792,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the allocated input device; If set to 0, video driver will only send out the event without touching backlight brightness level. @@ -28,7 +28,7 @@ index 479f33204a37..e362ef82dcc1 100644 virtio_mmio.device= [VMMIO] Memory mapped virtio (platform) device. diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c -index 9d75ead2a1f9..d7a0142cae8d 100644 +index c72e79d2c5ad..d621997f2ed6 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c @@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot"); diff --git a/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch index 077582bb2..7afe23d42 100644 --- a/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch +++ b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch @@ -13,7 +13,7 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index 9964f70be98d..d95d258f606c 100644 +index f9eeae871593..aa1dcf3d0216 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -44,6 +44,7 @@ diff --git a/arm-dts-am335x-boneblack-add-cpu0-opp-points.patch b/arm-dts-am335x-boneblack-add-cpu0-opp-points.patch index feaa82e3c..f212c3efb 100644 --- a/arm-dts-am335x-boneblack-add-cpu0-opp-points.patch +++ b/arm-dts-am335x-boneblack-add-cpu0-opp-points.patch @@ -8,7 +8,7 @@ Signed-off-by: Robert Nelson 1 file changed, 18 insertions(+) diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts -index 5dcdcd173572..38439e097b26 100644 +index 0fd89c38cf02..20660917a06f 100644 --- a/arch/arm/boot/dts/am335x-boneblack.dts +++ b/arch/arm/boot/dts/am335x-boneblack.dts @@ -71,6 +71,24 @@ diff --git a/arm-dts-am335x-boneblack-lcdc-add-panel-info.patch b/arm-dts-am335x-boneblack-lcdc-add-panel-info.patch index 55450814b..46a151a9f 100644 --- a/arm-dts-am335x-boneblack-lcdc-add-panel-info.patch +++ b/arm-dts-am335x-boneblack-lcdc-add-panel-info.patch @@ -11,10 +11,10 @@ Signed-off-by: Robert Nelson 1 file changed, 13 insertions(+) diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts -index 901739fcb85a..5dcdcd173572 100644 +index 5c42d259fa68..0fd89c38cf02 100644 --- a/arch/arm/boot/dts/am335x-boneblack.dts +++ b/arch/arm/boot/dts/am335x-boneblack.dts -@@ -78,5 +78,18 @@ +@@ -78,6 +78,19 @@ pinctrl-0 = <&nxp_hdmi_bonelt_pins>; pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>; status = "okay"; @@ -33,6 +33,7 @@ index 901739fcb85a..5dcdcd173572 100644 + }; }; }; + -- 2.1.0 diff --git a/arm-dts-sun7i-bananapi.patch b/arm-dts-sun7i-bananapi.patch deleted file mode 100644 index 52b019709..000000000 --- a/arm-dts-sun7i-bananapi.patch +++ /dev/null @@ -1,213 +0,0 @@ -From: Hans de Goede -Date: Tue, 30 Sep 2014 14:29:26 +0100 -Subject: [PATCH] arm: dts sun7i bananapi - -The Banana Pi is an A20 based development board using Raspberry Pi compatible -IO headers. It comes with 1 GB RAM, 1 Gb ethernet, 2x USB host, sata, hdmi -and stereo audio out + various expenansion headers: - -Signed-off-by: Hans de Goede ---- - arch/arm/boot/dts/Makefile | 1 + - arch/arm/boot/dts/sun7i-a20-bananapi.dts | 177 +++++++++++++++++++++++++++++++ - 2 files changed, 178 insertions(+) - create mode 100644 arch/arm/boot/dts/sun7i-a20-bananapi.dts - -diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile -index 38c89cafa1ab..63422bde3a46 100644 ---- a/arch/arm/boot/dts/Makefile -+++ b/arch/arm/boot/dts/Makefile -@@ -435,6 +435,7 @@ dtb-$(CONFIG_MACH_SUN6I) += \ - sun6i-a31-hummingbird.dtb \ - sun6i-a31-m9.dtb - dtb-$(CONFIG_MACH_SUN7I) += \ -+ sun7i-a20-bananapi.dtb \ - sun7i-a20-cubieboard2.dtb \ - sun7i-a20-cubietruck.dtb \ - sun7i-a20-hummingbird.dtb \ -diff --git a/arch/arm/boot/dts/sun7i-a20-bananapi.dts b/arch/arm/boot/dts/sun7i-a20-bananapi.dts -new file mode 100644 -index 000000000000..7214475a3c36 ---- /dev/null -+++ b/arch/arm/boot/dts/sun7i-a20-bananapi.dts -@@ -0,0 +1,177 @@ -+/* -+ * Copyright 2014 Hans de Goede -+ * -+ * The code contained herein is licensed under the GNU General Public -+ * License. You may obtain a copy of the GNU General Public License -+ * Version 2 or later at the following locations: -+ * -+ * http://www.opensource.org/licenses/gpl-license.html -+ * http://www.gnu.org/copyleft/gpl.html -+ */ -+ -+/dts-v1/; -+/include/ "sun7i-a20.dtsi" -+/include/ "sunxi-common-regulators.dtsi" -+ -+/ { -+ model = "LeMaker Banana Pi"; -+ compatible = "lemaker,bananapi", "allwinner,sun7i-a20"; -+ -+ soc@01c00000 { -+ mmc0: mmc@01c0f000 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bananapi>; -+ vmmc-supply = <®_vcc3v3>; -+ bus-width = <4>; -+ cd-gpios = <&pio 7 10 0>; /* PH10 */ -+ cd-inverted; -+ status = "okay"; -+ }; -+ -+ usbphy: phy@01c13400 { -+ usb1_vbus-supply = <®_usb1_vbus>; -+ usb2_vbus-supply = <®_usb2_vbus>; -+ status = "okay"; -+ }; -+ -+ ehci0: usb@01c14000 { -+ status = "okay"; -+ }; -+ -+ ohci0: usb@01c14400 { -+ status = "okay"; -+ }; -+ -+ ahci: sata@01c18000 { -+ status = "okay"; -+ }; -+ -+ ehci1: usb@01c1c000 { -+ status = "okay"; -+ }; -+ -+ ohci1: usb@01c1c400 { -+ status = "okay"; -+ }; -+ -+ pinctrl@01c20800 { -+ uart3_pins_bananapi: uart3_pin@0 { -+ allwinner,pins = "PH0", "PH1"; -+ allwinner,function = "uart3"; -+ allwinner,drive = <0>; -+ allwinner,pull = <0>; -+ }; -+ -+ mmc0_cd_pin_bananapi: mmc0_cd_pin@0 { -+ allwinner,pins = "PH10"; -+ allwinner,function = "gpio_in"; -+ allwinner,drive = <0>; -+ allwinner,pull = <1>; -+ }; -+ -+ gmac_power_pin_bananapi: gmac_power_pin@0 { -+ allwinner,pins = "PH23"; -+ allwinner,function = "gpio_out"; -+ allwinner,drive = <0>; -+ allwinner,pull = <0>; -+ }; -+ -+ led_pins_bananapi: led_pins@0 { -+ allwinner,pins = "PH24"; -+ allwinner,function = "gpio_out"; -+ allwinner,drive = <0>; -+ allwinner,pull = <0>; -+ }; -+ }; -+ -+ ir0: ir@01c21800 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&ir0_pins_a>; -+ status = "okay"; -+ }; -+ -+ uart0: serial@01c28000 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&uart0_pins_a>; -+ status = "okay"; -+ }; -+ -+ uart3: serial@01c28c00 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&uart3_pins_bananapi>; -+ status = "okay"; -+ }; -+ -+ uart7: serial@01c29c00 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&uart7_pins_a>; -+ status = "okay"; -+ }; -+ -+ i2c0: i2c@01c2ac00 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&i2c0_pins_a>; -+ status = "okay"; -+ -+ axp209: pmic@34 { -+ compatible = "x-powers,axp209"; -+ reg = <0x34>; -+ interrupt-parent = <&nmi_intc>; -+ interrupts = <0 8>; -+ -+ interrupt-controller; -+ #interrupt-cells = <1>; -+ }; -+ }; -+ -+ i2c2: i2c@01c2b400 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&i2c2_pins_a>; -+ status = "okay"; -+ }; -+ -+ gmac: ethernet@01c50000 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&gmac_pins_rgmii_a>; -+ phy = <&phy1>; -+ phy-mode = "rgmii"; -+ phy-supply = <®_gmac_3v3>; -+ status = "okay"; -+ -+ phy1: ethernet-phy@1 { -+ reg = <1>; -+ }; -+ }; -+ }; -+ -+ leds { -+ compatible = "gpio-leds"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&led_pins_bananapi>; -+ -+ green { -+ label = "bananapi:green:usr"; -+ gpios = <&pio 7 24 0>; -+ }; -+ }; -+ -+ reg_usb1_vbus: usb1-vbus { -+ status = "okay"; -+ }; -+ -+ reg_usb2_vbus: usb2-vbus { -+ status = "okay"; -+ }; -+ -+ reg_gmac_3v3: gmac-3v3 { -+ compatible = "regulator-fixed"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&gmac_power_pin_bananapi>; -+ regulator-name = "gmac-3v3"; -+ regulator-min-microvolt = <3300000>; -+ regulator-max-microvolt = <3300000>; -+ startup-delay-us = <50000>; -+ enable-active-high; -+ gpio = <&pio 7 23 0>; -+ }; -+}; --- -2.1.0 - diff --git a/asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/asus-wmi-Restrict-debugfs-interface-when-module-load.patch index 01d2c9386..6dd8b8342 100644 --- a/asus-wmi-Restrict-debugfs-interface-when-module-load.patch +++ b/asus-wmi-Restrict-debugfs-interface-when-module-load.patch @@ -15,10 +15,10 @@ Signed-off-by: Matthew Garrett 1 file changed, 9 insertions(+) diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c -index 21fc932da3a1..c6d42ad95c08 100644 +index 7543a56e0f45..93b5a6998371 100644 --- a/drivers/platform/x86/asus-wmi.c +++ b/drivers/platform/x86/asus-wmi.c -@@ -1590,6 +1590,9 @@ static int show_dsts(struct seq_file *m, void *data) +@@ -1589,6 +1589,9 @@ static int show_dsts(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -28,7 +28,7 @@ index 21fc932da3a1..c6d42ad95c08 100644 err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); if (err < 0) -@@ -1606,6 +1609,9 @@ static int show_devs(struct seq_file *m, void *data) +@@ -1605,6 +1608,9 @@ static int show_devs(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -38,7 +38,7 @@ index 21fc932da3a1..c6d42ad95c08 100644 err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, &retval); -@@ -1630,6 +1636,9 @@ static int show_call(struct seq_file *m, void *data) +@@ -1629,6 +1635,9 @@ static int show_call(struct seq_file *m, void *data) union acpi_object *obj; acpi_status status; diff --git a/ath9k-rx-dma-stop-check.patch b/ath9k-rx-dma-stop-check.patch index c1034a057..7613691bb 100644 --- a/ath9k-rx-dma-stop-check.patch +++ b/ath9k-rx-dma-stop-check.patch @@ -7,10 +7,10 @@ Subject: [PATCH] ath9k: rx dma stop check 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c -index 275205ab5f15..bb842623bdf6 100644 +index 3e58bfa0c1fd..406eea47256e 100644 --- a/drivers/net/wireless/ath/ath9k/mac.c +++ b/drivers/net/wireless/ath/ath9k/mac.c -@@ -700,7 +700,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset) +@@ -693,7 +693,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset) { #define AH_RX_STOP_DMA_TIMEOUT 10000 /* usec */ struct ath_common *common = ath9k_hw_common(ah); @@ -19,7 +19,7 @@ index 275205ab5f15..bb842623bdf6 100644 int i; /* Enable access to the DMA observation bus */ -@@ -730,6 +730,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset) +@@ -723,6 +723,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset) } if (i == 0) { diff --git a/blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch b/blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch deleted file mode 100644 index 9042e1bee..000000000 --- a/blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch +++ /dev/null @@ -1,79 +0,0 @@ -From: Takashi Iwai -Date: Wed, 10 Dec 2014 16:38:30 +0100 -Subject: [PATCH] blk-mq: Fix uninitialized kobject at CPU hotplugging - -When a CPU is hotplugged, the current blk-mq spews a warning like: - - kobject '(null)' (ffffe8ffffc8b5d8): tried to add an uninitialized object, something is seriously wrong. - CPU: 1 PID: 1386 Comm: systemd-udevd Not tainted 3.18.0-rc7-2.g088d59b-default #1 - Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_171129-lamiak 04/01/2014 - 0000000000000000 0000000000000002 ffffffff81605f07 ffffe8ffffc8b5d8 - ffffffff8132c7a0 ffff88023341d370 0000000000000020 ffff8800bb05bd58 - ffff8800bb05bd08 000000000000a0a0 000000003f441940 0000000000000007 - Call Trace: - [] dump_trace+0x86/0x330 - [] show_stack_log_lvl+0x94/0x170 - [] show_stack+0x21/0x50 - [] dump_stack+0x41/0x51 - [] kobject_add+0xa0/0xb0 - [] blk_mq_register_hctx+0x91/0xb0 - [] blk_mq_sysfs_register+0x3e/0x60 - [] blk_mq_queue_reinit_notify+0xf8/0x190 - [] notifier_call_chain+0x4c/0x70 - [] cpu_notify+0x23/0x50 - [] _cpu_up+0x157/0x170 - [] cpu_up+0x89/0xb0 - [] cpu_subsys_online+0x35/0x80 - [] device_online+0x5d/0xa0 - [] online_store+0x75/0x80 - [] kernfs_fop_write+0xda/0x150 - [] vfs_write+0xb2/0x1f0 - [] SyS_write+0x42/0xb0 - [] system_call_fastpath+0x16/0x1b - [<00007f0132fb24e0>] 0x7f0132fb24e0 - -This is indeed because of an uninitialized kobject for blk_mq_ctx. -The blk_mq_ctx kobjects are initialized in blk_mq_sysfs_init(), but it -goes loop over hctx_for_each_ctx(), i.e. it initializes only for -online CPUs. Thus, when a CPU is hotplugged, the ctx for the newly -onlined CPU is registered without initialization. - -This patch fixes the issue by initializing the all ctx kobjects -belonging to each queue. - -Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=908794 -Cc: -Signed-off-by: Takashi Iwai -Signed-off-by: Jens Axboe ---- - block/blk-mq-sysfs.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c -index 371d8800b48a..1630a20d5dcf 100644 ---- a/block/blk-mq-sysfs.c -+++ b/block/blk-mq-sysfs.c -@@ -390,16 +390,15 @@ static void blk_mq_sysfs_init(struct request_queue *q) - { - struct blk_mq_hw_ctx *hctx; - struct blk_mq_ctx *ctx; -- int i, j; -+ int i; - - kobject_init(&q->mq_kobj, &blk_mq_ktype); - -- queue_for_each_hw_ctx(q, hctx, i) { -+ queue_for_each_hw_ctx(q, hctx, i) - kobject_init(&hctx->kobj, &blk_mq_hw_ktype); - -- hctx_for_each_ctx(hctx, ctx, j) -- kobject_init(&ctx->kobj, &blk_mq_ctx_ktype); -- } -+ queue_for_each_ctx(q, ctx, i) -+ kobject_init(&ctx->kobj, &blk_mq_ctx_ktype); - } - - /* see blk_register_queue() */ --- -2.1.0 - diff --git a/cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch b/cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch deleted file mode 100644 index 097be41cf..000000000 --- a/cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Emmanuel Grumbach -Date: Tue, 2 Dec 2014 09:53:25 +0200 -Subject: [PATCH] cfg80211: don't WARN about two consecutive Country IE hint - -This can happen and there is no point in added more -detection code lower in the stack. Catching these in one -single point (cfg80211) is enough. Stop WARNING about this -case. - -This fixes: -https://bugzilla.kernel.org/show_bug.cgi?id=89001 - -Cc: -Fixes: 2f1c6c572d7b ("cfg80211: process non country IE conflicting first") -Signed-off-by: Emmanuel Grumbach -Acked-by: Luis R. Rodriguez ---- - net/wireless/reg.c | 7 ++----- - 1 file changed, 2 insertions(+), 5 deletions(-) - -diff --git a/net/wireless/reg.c b/net/wireless/reg.c -index b725a31a4751..695f12b2c176 100644 ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -1839,11 +1839,8 @@ __reg_process_hint_country_ie(struct wiphy *wiphy, - return REG_REQ_IGNORE; - return REG_REQ_ALREADY_SET; - } -- /* -- * Two consecutive Country IE hints on the same wiphy. -- * This should be picked up early by the driver/stack -- */ -- if (WARN_ON(regdom_changes(country_ie_request->alpha2))) -+ -+ if (regdom_changes(country_ie_request->alpha2)) - return REG_REQ_OK; - return REG_REQ_ALREADY_SET; - } --- -2.1.0 - diff --git a/config-arm-generic b/config-arm-generic index c0fa94ddd..d7df33b2f 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -40,6 +40,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y # ARM AMBA generic HW CONFIG_ARM_AMBA=y +# CONFIG_TEGRA_AHB is not set CONFIG_ARM_CCI=y CONFIG_ARM_CCN=y CONFIG_ARM_DMA_USE_IOMMU=y @@ -79,6 +80,7 @@ CONFIG_POWER_RESET_VERSATILE=y CONFIG_DTC=y CONFIG_DMA_OF=y CONFIG_OF=y +# CONFIG_OF_UNITTEST is not set CONFIG_OF_ADDRESS=y CONFIG_OF_DYNAMIC=y CONFIG_OF_EARLY_FLATTREE=y @@ -134,6 +136,7 @@ CONFIG_BACKLIGHT_GPIO=m CONFIG_POWER_RESET_GPIO=y CONFIG_POWER_RESET_GPIO_RESTART=y CONFIG_POWER_RESET_RESTART=y +# CONFIG_GPIO_74XX_MMIO is not set #i2c CONFIG_I2C_ARB_GPIO_CHALLENGE=m @@ -260,6 +263,7 @@ CONFIG_CMA_AREAS=7 # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_DEBUG_SET_MODULE_RONX is not set +# CONFIG_CORESIGHT is not set # CONFIG_LATTICE_ECP3_CONFIG is not set # CONFIG_BMP085_SPI is not set diff --git a/config-arm64 b/config-arm64 index 9fd40b9fd..60aabbfae 100644 --- a/config-arm64 +++ b/config-arm64 @@ -8,8 +8,16 @@ CONFIG_SCHED_SMT=y # arm64 only SoCs CONFIG_ARCH_XGENE=y +CONFIG_ARCH_SEATTLE=y # CONFIG_ARCH_THUNDER is not set +# Erratum +CONFIG_ARM64_ERRATUM_826319=y +CONFIG_ARM64_ERRATUM_827319=y +CONFIG_ARM64_ERRATUM_824069=y +CONFIG_ARM64_ERRATUM_819472=y +CONFIG_ARM64_ERRATUM_832075=y + # CONFIG_AMBA_PL08X is not set CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y CONFIG_ARCH_REQUIRE_GPIOLIB=y @@ -78,6 +86,7 @@ CONFIG_CRYPTO_AES_ARM64_CE=m CONFIG_CRYPTO_AES_ARM64_CE_CCM=m CONFIG_CRYPTO_AES_ARM64_CE_BLK=m CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m +CONFIG_CRYPTO_CRC32_ARM64=m CONFIG_CRYPTO_DEV_CCP=y CONFIG_CRYPTO_DEV_CCP_DD=m CONFIG_CRYPTO_DEV_CCP_CRYPTO=m @@ -133,6 +142,7 @@ CONFIG_AMD_XGBE_PHY=m # CONFIG_AMD_XGBE_DCB is not set # CONFIG_IMX_THERMAL is not set +# CONFIG_MMC_DW is not set # still? 2014-11-11 # CONFIG_BPF_JIT is not set diff --git a/config-armv7 b/config-armv7 index 652d2248f..223684aef 100644 --- a/config-armv7 +++ b/config-armv7 @@ -114,6 +114,7 @@ CONFIG_OMAP3_EMU=y CONFIG_SERIAL_OMAP=y CONFIG_SERIAL_OMAP_CONSOLE=y +CONFIG_SERIAL_8250_OMAP=m CONFIG_GPIO_TWL4030=m CONFIG_GPIO_TWL6040=m @@ -258,7 +259,7 @@ CONFIG_SND_OMAP_SOC_DMIC=m CONFIG_SND_OMAP_SOC_HDMI=m CONFIG_SND_OMAP_SOC_MCBSP=m CONFIG_SND_OMAP_SOC_MCPDM=m -CONFIG_SND_OMAP_SOC_OMAP_HDMI=m +CONFIG_SND_OMAP_SOC_HDMI_AUDIO=m CONFIG_SND_OMAP_SOC_OMAP_ABE_TWL6040=m CONFIG_SND_OMAP_SOC_OMAP_TWL4030=m CONFIG_SND_OMAP_SOC_OMAP3_PANDORA=m @@ -372,6 +373,7 @@ CONFIG_SOC_IMX53=y CONFIG_SOC_IMX6Q=y CONFIG_SOC_IMX6SL=y CONFIG_SOC_IMX6SX=y +# CONFIG_SOC_LS1021A is not set # CONFIG_SOC_VF610 is not set CONFIG_ARM_IMX6Q_CPUFREQ=m CONFIG_PCI_IMX6=y @@ -411,6 +413,8 @@ CONFIG_CRYPTO_DEV_SAHARA=m CONFIG_RTC_DRV_SNVS=m # CONFIG_FB_MX3 is not set # CONFIG_FB_IMX is not set +# CONFIG_FB_MXS is not set +# CONFIG_POWER_RESET_IMX is not set CONFIG_SND_IMX_SOC=m CONFIG_SND_SOC_FSL_ASOC_CARD=m @@ -501,6 +505,7 @@ CONFIG_REGULATOR_DA9055=m CONFIG_ARCH_EXYNOS4=y CONFIG_SOC_EXYNOS4212=y CONFIG_SOC_EXYNOS4412=y +# CONFIG_SOC_EXYNOS4415 is not set CONFIG_ARM_EXYNOS4210_CPUFREQ=y CONFIG_ARM_EXYNOS4X12_CPUFREQ=y CONFIG_AK8975=m @@ -521,6 +526,10 @@ CONFIG_COMMON_CLK_RK808=m CONFIG_REGULATOR_RK808=m CONFIG_RTC_DRV_HYM8563=m CONFIG_ROCKCHIP_SARADC=m +CONFIG_ROCKCHIP_IOMMU=y +CONFIG_SND_SOC_ROCKCHIP_I2S=m +CONFIG_ROCKCHIP_THERMAL=m +CONFIG_DRM_ROCKCHIP=m # ST Ericsson CONFIG_MACH_HREFV60=y diff --git a/config-armv7-generic b/config-armv7-generic index cd5f89b33..f50ce2cba 100644 --- a/config-armv7-generic +++ b/config-armv7-generic @@ -123,6 +123,7 @@ CONFIG_PM_OPP=y CONFIG_ARM_CPU_SUSPEND=y CONFIG_ARM_PSCI=y CONFIG_THERMAL=y +CONFIG_CLOCK_THERMAL=y CONFIG_CPUFREQ_DT=y # CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set @@ -134,6 +135,7 @@ CONFIG_XZ_DEC_ARM=y CONFIG_UACCESS_WITH_MEMCPY=y CONFIG_PCI_HOST_GENERIC=y +# CONFIG_PCI_LAYERSCAPE is not set CONFIG_LBDAF=y @@ -174,6 +176,7 @@ CONFIG_ARM_HIGHBANK_CPUFREQ=m CONFIG_MACH_SUN6I=y CONFIG_MACH_SUN7I=y # CONFIG_MACH_SUN8I is not set +# CONFIG_MACH_SUN9I is not set CONFIG_DMA_SUN6I=m CONFIG_SUNXI_WATCHDOG=m CONFIG_NET_VENDOR_ALLWINNER=y @@ -196,6 +199,8 @@ CONFIG_IR_SUNXI=m CONFIG_MDIO_SUN4I=m CONFIG_SUN4I_EMAC=m CONFIG_RTC_DRV_SUN6I=m +CONFIG_AXP288_ADC=m +CONFIG_MTD_NAND_SUNXI=m # Exynos CONFIG_ARCH_EXYNOS3=y @@ -311,6 +316,7 @@ CONFIG_EXTCON_MAX8997=m # Tegra CONFIG_ARCH_TEGRA_114_SOC=y CONFIG_ARCH_TEGRA_124_SOC=y +CONFIG_TEGRA_AHB=y CONFIG_ARM_TEGRA_CPUFREQ=y CONFIG_TRUSTED_FOUNDATIONS=y CONFIG_SERIAL_TEGRA=y @@ -344,6 +350,8 @@ CONFIG_NOUVEAU_PLATFORM_DRIVER=m CONFIG_AD525X_DPOT=m CONFIG_AD525X_DPOT_I2C=m CONFIG_AD525X_DPOT_SPI=m +CONFIG_TEGRA_SOCTHERM=m +CONFIG_TEGRA_MC=y # Jetson TK1 CONFIG_PINCTRL_AS3722=y @@ -361,6 +369,7 @@ CONFIG_DRM_PANEL=y CONFIG_DRM_PANEL_SIMPLE=m CONFIG_DRM_PANEL_LD9040=m CONFIG_DRM_PANEL_S6E8AA0=m +CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m # regmap CONFIG_REGMAP=y @@ -370,10 +379,6 @@ CONFIG_REGMAP_SPMI=m CONFIG_REGMAP_MMIO=m CONFIG_REGMAP_IRQ=y -# Power management -CONFIG_PM_OPP=y -CONFIG_ARM_CPU_SUSPEND=y - # usb CONFIG_USB_OHCI_HCD_PLATFORM=m CONFIG_USB_EHCI_HCD_PLATFORM=m @@ -391,6 +396,8 @@ CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2 CONFIG_USB_MUSB_HDRC=m CONFIG_USB_MUSB_DUAL_ROLE=y CONFIG_USB_MUSB_DSPS=m +# CONFIG_USB_MUSB_TUSB6010 is not set +# CONFIG_USB_MUSB_UX500 is not set CONFIG_USB_GPIO_VBUS=m CONFIG_USB_CONFIGFS=m CONFIG_USB_CONFIGFS_ACM=y @@ -404,6 +411,10 @@ CONFIG_USB_CONFIGFS_OBEX=y CONFIG_USB_CONFIGFS_SERIAL=y # CONFIG_USB_CONFIGFS_F_LB_SS is not set # CONFIG_USB_CONFIGFS_F_FS is not set +# CONFIG_USB_CONFIGFS_F_UAC1 is not set +# CONFIG_USB_CONFIGFS_F_UAC2 is not set +# CONFIG_USB_CONFIGFS_F_MIDI is not set +# CONFIG_USB_CONFIGFS_F_HID is not set # CONFIG_MUSB_PIO_ONLY is not set # CONFIG_USB_GADGET_DEBUG is not set @@ -416,6 +427,7 @@ CONFIG_USB_CONFIGFS_SERIAL=y # CONFIG_USB_PXA27X is not set # CONFIG_USB_MV_UDC is not set # CONFIG_USB_MV_U3D is not set +# CONFIG_USB_BDC_UDC is not set # CONFIG_USB_M66592 is not set # CONFIG_USB_AMD5536UDC is not set # CONFIG_USB_NET2272 is not set @@ -572,7 +584,7 @@ CONFIG_SPI_DW_PCI=m # CONFIG_MMC_QCOM_DML is not set # CONFIG_MMC_DW_ROCKCHIP is not set CONFIG_USB_DWC2=y -CONFIG_USB_DWC2_HOST=m +CONFIG_USB_DWC2_HOST=y CONFIG_USB_DWC2_PLATFORM=y CONFIG_USB_DWC2_PCI=y # CONFIG_USB_DWC2_PERIPHERAL is not set @@ -660,6 +672,15 @@ CONFIG_SND_SOC_SPDIF=m # CONFIG_SND_SOC_FSL_ASOC_CARD is not set # CONFIG_SND_EDMA_SOC is not set # CONFIG_SND_SOC_ROCKCHIP is not set +# CONFIG_SND_SOC_ARNDALE_RT5631_ALC5631 is not set +# CONFIG_SND_SOC_CS42L51_I2C is not set +# CONFIG_SND_SOC_CS4271_I2C is not set +# CONFIG_SND_SOC_CS4271_SPI is not set +# CONFIG_SND_SOC_RT5631 is not set +# CONFIG_SND_SOC_TFA9879 is not set +# CONFIG_SND_SOC_TLV320AIC23_I2C is not set +# CONFIG_SND_SOC_TLV320AIC23_SPI is not set +# CONFIG_SND_SOC_TS3A227E is not set # Displays CONFIG_BACKLIGHT_TPS65217=m @@ -721,6 +742,7 @@ CONFIG_REGULATOR_DA9211=m CONFIG_REGULATOR_ISL9305=m CONFIG_REGULATOR_MAX77802=m CONFIG_REGULATOR_PWM=m +CONFIG_SENSORS_LTC2978_REGULATOR=y CONFIG_POWER_AVS=y CONFIG_CHARGER_MANAGER=y @@ -853,6 +875,7 @@ CONFIG_I2C_CROS_EC_TUNNEL=m # CONFIG_SERIAL_MAX3100 is not set # CONFIG_SERIAL_MAX310X is not set # CONFIG_SERIAL_IFX6X60 is not set +# CONFIG_SERIAL_BCM63XX is not set # CONFIG_FB_XILINX is not set # CONFIG_BRCMSTB_GISB_ARB is not set # CONFIG_SUNGEM is not set @@ -888,3 +911,4 @@ CONFIG_I2C_CROS_EC_TUNNEL=m # CONFIG_OMAP2_DSS_DEBUG is not set # CONFIG_CRYPTO_DEV_UX500_DEBUG is not set # CONFIG_AB8500_DEBUG is not set +# CONFIG_ARM_KERNMEM_PERMS is not set diff --git a/config-debug b/config-debug index 467f33a19..28297d87e 100644 --- a/config-debug +++ b/config-debug @@ -35,6 +35,8 @@ CONFIG_ACPI_DEBUG=y CONFIG_DEBUG_SG=y CONFIG_DEBUG_PI_LIST=y +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_PAGE_OWNER is not set # CONFIG_DEBUG_PAGEALLOC is not set CONFIG_DEBUG_OBJECTS=y @@ -45,6 +47,7 @@ CONFIG_DEBUG_OBJECTS_RCU_HEAD=y CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_X86_PTDUMP=y +CONFIG_ARM64_PTDUMP=y CONFIG_EFI_PGT_DUMP=y CONFIG_CAN_DEBUG_DEVICES=y diff --git a/config-generic b/config-generic index 74539dc30..596118f62 100644 --- a/config-generic +++ b/config-generic @@ -145,6 +145,7 @@ CONFIG_MMC_USHC=m CONFIG_MMC_REALTEK_PCI=m CONFIG_MMC_REALTEK_USB=m CONFIG_MMC_VUB300=m +CONFIG_MMC_TOSHIBA_PCI=m # CONFIG_MMC_SPI is not set # CONFIG_MMC_SDHCI_PXAV2 is not set # CONFIG_MMC_SDHCI_PXAV3 is not set @@ -166,6 +167,7 @@ CONFIG_INFINIBAND_SRP=m CONFIG_INFINIBAND_SRPT=m CONFIG_INFINIBAND_USER_MAD=m CONFIG_INFINIBAND_USER_ACCESS=m +CONFIG_INFINIBAND_ON_DEMAND_PAGING=y CONFIG_INFINIBAND_IPATH=m CONFIG_INFINIBAND_ISER=m CONFIG_INFINIBAND_ISERT=m @@ -504,6 +506,7 @@ CONFIG_SCSI_BUSLOGIC=m CONFIG_SCSI_INITIO=m CONFIG_SCSI_FLASHPOINT=y CONFIG_SCSI_DMX3191D=m +CONFIG_SCSI_AM53C974=m # CONFIG_SCSI_EATA is not set # CONFIG_SCSI_EATA_PIO is not set # CONFIG_SCSI_FUTURE_DOMAIN is not set @@ -524,6 +527,7 @@ CONFIG_SCSI_SYM53C8XX_MMIO=y CONFIG_SCSI_QLOGIC_1280=m CONFIG_SCSI_DC395x=m # CONFIG_SCSI_NSP32 is not set +CONFIG_SCSI_WD719X=m CONFIG_SCSI_DEBUG=m CONFIG_SCSI_DC390T=m CONFIG_SCSI_QLA_FC=m @@ -761,6 +765,7 @@ CONFIG_IP_PIMSM_V2=y CONFIG_SYN_COOKIES=y CONFIG_NET_IPVTI=m CONFIG_NET_FOU=m +CONFIG_NET_FOU_IP_TUNNELS=y CONFIG_GENEVE=m CONFIG_INET_AH=m CONFIG_INET_ESP=m @@ -1027,6 +1032,9 @@ CONFIG_NFT_MASQ_IPV4=m CONFIG_NFT_MASQ_IPV6=m CONFIG_NFT_NAT=m CONFIG_NFT_QUEUE=m +CONFIG_NFT_REDIR=m +CONFIG_NFT_REDIR_IPV4=m +CONFIG_NFT_REDIR_IPV6=m CONFIG_NFT_REJECT=m CONFIG_NFT_COMPAT=m @@ -1204,6 +1212,7 @@ CONFIG_NET_ACT_PEDIT=m CONFIG_NET_ACT_POLICE=m CONFIG_NET_ACT_SIMP=m CONFIG_NET_ACT_SKBEDIT=m +CONFIG_NET_ACT_VLAN=m CONFIG_DCB=y CONFIG_DNS_RESOLVER=m @@ -1246,6 +1255,7 @@ CONFIG_DUMMY=m CONFIG_BONDING=m CONFIG_MACVLAN=m CONFIG_MACVTAP=m +CONFIG_IPVLAN=m CONFIG_VXLAN=m CONFIG_EQUALIZER=m CONFIG_TUN=m @@ -1486,6 +1496,9 @@ CONFIG_SH_ETH=m CONFIG_NET_VENDOR_RDC=y CONFIG_R6040=m +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_ROCKER=m + # CONFIG_NET_VENDOR_SEEQ is not set # CONFIG_NET_VENDOR_SAMSUNG is not set @@ -1840,6 +1853,8 @@ CONFIG_IEEE802154_FAKELB=m CONFIG_MAC802154=m CONFIG_NET_MPLS_GSO=m +CONFIG_NET_SWITCHDEV=y + CONFIG_6LOWPAN=m # @@ -1949,6 +1964,8 @@ CONFIG_WINBOND_FIR=m # Bluetooth support # CONFIG_BT=m +CONFIG_BT_BREDR=y +CONFIG_BT_LE=y CONFIG_BT_6LOWPAN=m CONFIG_BT_SCO=y CONFIG_BT_CMTP=m @@ -2197,7 +2214,7 @@ CONFIG_KEYBOARD_ATKBD=y # CONFIG_KEYBOARD_TCA6416 is not set # CONFIG_KEYBOARD_TCA8418 is not set # CONFIG_KEYBOARD_OMAP4 is not set -# CONFIG_KEYBOARD_CAP1106 is not set +# CONFIG_KEYBOARD_CAP11XX is not set CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=y # CONFIG_MOUSE_PS2_TOUCHKIT is not set @@ -2210,6 +2227,9 @@ CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_SYNAPTICS_I2C=m CONFIG_MOUSE_SYNAPTICS_USB=m CONFIG_MOUSE_CYAPA=m +CONFIG_MOUSE_ELAN_I2C=m +CONFIG_MOUSE_ELAN_I2C_I2C=y +CONFIG_MOUSE_ELAN_I2C_SMBUS=y CONFIG_INPUT_JOYSTICK=y CONFIG_JOYSTICK_ANALOG=m CONFIG_JOYSTICK_A3D=m @@ -2252,6 +2272,7 @@ CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_EDT_FT5X06=m CONFIG_TOUCHSCREEN_EETI=m CONFIG_TOUCHSCREEN_EGALAX=m +CONFIG_TOUCHSCREEN_ELAN=m CONFIG_TOUCHSCREEN_ELO=m CONFIG_TOUCHSCREEN_FUJITSU=m CONFIG_TOUCHSCREEN_GUNZE=m @@ -2460,6 +2481,8 @@ CONFIG_I2C_PCA_PLATFORM=m # CONFIG_I2C_SIS96X is not set CONFIG_I2C_SIMTEC=m CONFIG_I2C_STUB=m +CONFIG_I2C_SLAVE=y +CONFIG_I2C_SLAVE_EEPROM=m CONFIG_I2C_TINY_USB=m # CONFIG_I2C_TAOS_EVM is not set # CONFIG_I2C_VIA is not set @@ -2542,6 +2565,7 @@ CONFIG_SENSORS_MAX6697=m CONFIG_SENSORS_MCP3021=m CONFIG_SENSORS_NCT6775=m CONFIG_SENSORS_NCT6683=m +CONFIG_SENSORS_NCT7802=m CONFIG_SENSORS_NTC_THERMISTOR=m CONFIG_SENSORS_PC87360=m CONFIG_SENSORS_PC87427=m @@ -2682,6 +2706,7 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m # CONFIG_MAG3110 is not set # CONFIG_TMP006 is not set # CONFIG_MLX90614 is not set +# CONFIG_BMP280 is not set # CONFIG_HID_SENSOR_PRESS is not set # CONFIG_IIO_ST_PRESS is not set # CONFIG_KXSD9 is not set @@ -2720,6 +2745,7 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m # CONFIG_MPL3115 is not set # CONFIG_MPL115 is not set # CONFIG_SI7005 is not set +# CONFIG_SI7020 is not set # CONFIG_AS3935 is not set CONFIG_KXCJK1013=m # CONFIG_ISL29125 is not set @@ -2815,6 +2841,7 @@ CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_SI=m # CONFIG_IPMI_SI_PROBE_DEFAULTS is not set +CONFIG_IPMI_SSIF=m CONFIG_IPMI_POWEROFF=m # @@ -2885,6 +2912,7 @@ CONFIG_RTC_DRV_DS1553=m CONFIG_RTC_DRV_DS1672=m CONFIG_RTC_DRV_DS1742=m CONFIG_RTC_DRV_DS1374=m +CONFIG_RTC_DRV_DS1374_WDT=y # CONFIG_RTC_DRV_EP93XX is not set CONFIG_RTC_DRV_FM3130=m # CONFIG_RTC_DRV_HYM8563 is not set @@ -2987,6 +3015,7 @@ CONFIG_DRM_NOUVEAU=m CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y +CONFIG_DRM_I2C_ADV7511=m CONFIG_DRM_I2C_CH7006=m CONFIG_DRM_I2C_SIL164=m CONFIG_DRM_I2C_NXP_TDA998X=m @@ -3169,6 +3198,7 @@ CONFIG_DVB_DM1105=m CONFIG_DVB_FIREDTV=m CONFIG_DVB_NGENE=m CONFIG_DVB_DDBRIDGE=m +CONFIG_DVB_SMIPCIE=m CONFIG_DVB_USB_TECHNISAT_USB2=m CONFIG_DVB_USB_V2=m @@ -3259,6 +3289,7 @@ CONFIG_IR_REDRAT3=m CONFIG_IR_ENE=m CONFIG_IR_STREAMZAP=m CONFIG_IR_WINBOND_CIR=m +CONFIG_IR_IGORPLUGUSB=m CONFIG_IR_IGUANA=m CONFIG_IR_TTUSBIR=m CONFIG_IR_GPIO_CIR=m @@ -3534,6 +3565,7 @@ CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m CONFIG_SND_DICE=m +CONFIG_SND_OXFW=m CONFIG_SND_FIREWORKS=m # CONFIG_SND_BEBOB is not set @@ -3631,6 +3663,7 @@ CONFIG_UHID=m CONFIG_HID_PID=y CONFIG_LOGITECH_FF=y CONFIG_HID_LOGITECH_DJ=m +CONFIG_HID_LOGITECH_HIDPP=m CONFIG_LOGIRUMBLEPAD2_FF=y CONFIG_PANTHERLORD_FF=y CONFIG_THRUSTMASTER_FF=y @@ -3646,6 +3679,7 @@ CONFIG_LOGIWHEELS_FF=y CONFIG_HID_MAGICMOUSE=y CONFIG_HID_MULTITOUCH=m CONFIG_HID_NTRIG=y +CONFIG_HID_PLANTRONICS=m CONFIG_HID_PRIMAX=m CONFIG_HID_PRODIKEYS=m CONFIG_HID_DRAGONRISE=m @@ -4039,7 +4073,9 @@ CONFIG_MFD_VIPERBOARD=m # CONFIG_MFD_TPS65912 is not set # CONFIG_MFD_SYSCON is not set # CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DLN2 is not set # CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_ATMEL_HLCDC is not set # CONFIG_MFD_BCM590XX is not set # CONFIG_MFD_TPS65218 is not set # CONFIG_MFD_WM831X_SPI is not set @@ -4169,6 +4205,7 @@ CONFIG_CRAMFS=m CONFIG_SQUASHFS=m CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_LZO=y +CONFIG_SQUASHFS_LZ4=y CONFIG_SQUASHFS_XZ=y CONFIG_SQUASHFS_ZLIB=y # CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set @@ -4578,6 +4615,19 @@ CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=m CONFIG_INITRAMFS_SOURCE="" + +# These were all enabled by default before 3.19 made them individually +# selectable. Possibly look at enabling only the one(s) Fedora actually +# uses. +CONFIG_RD_GZIP=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZMA=y +CONFIG_RD_XZ=y +CONFIG_RD_LZO=y +CONFIG_RD_LZ4=y + +CONFIG_INIT_FALLBACK=y + CONFIG_KEYS=y CONFIG_PERSISTENT_KEYRINGS=y CONFIG_BIG_KEYS=y @@ -4766,6 +4816,7 @@ CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_OT200 is not set # CONFIG_LEDS_PWM is not set # CONFIG_LEDS_LP8501 is not set +# CONFIG_LEDS_LP8860 is not set # CONFIG_LEDS_PCA963X is not set # CONFIG_LEDS_SYSCON is not set CONFIG_LEDS_TRIGGERS=y @@ -4963,10 +5014,12 @@ CONFIG_GPIOLIB=y # CONFIG_PINCONF is not set CONFIG_NET_DSA=m +CONFIG_NET_DSA_HWMON=y CONFIG_NET_DSA_MV88E6060=m CONFIG_NET_DSA_MV88E6131=m CONFIG_NET_DSA_MV88E6123_61_65=m CONFIG_NET_DSA_MV88E6171=m +CONFIG_NET_DSA_MV88E6352=m CONFIG_NET_DSA_BCM_SF2=m # Used by Maemo, we don't care. @@ -5061,6 +5114,10 @@ CONFIG_USBIP_HOST=m # CONFIG_GS_FPGABOOT is not set # CONFIG_UNISYSSPAR is not set # CONFIG_MEDIA_TUNER_MSI001 is not set +# CONFIG_COMMON_CLK_XLNX_CLKWZRD is not set +# CONFIG_VIDEO_SAA7191 is not set +# CONFIG_DVB_MN88472 is not set +# CONFIG_DVB_MN88473 is not set # END OF STAGING # diff --git a/config-nodebug b/config-nodebug index ed6913376..7318cff41 100644 --- a/config-nodebug +++ b/config-nodebug @@ -35,6 +35,8 @@ CONFIG_CPUMASK_OFFSTACK=y # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_PI_LIST is not set +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_PAGE_OWNER is not set # CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set @@ -45,6 +47,7 @@ CONFIG_CPUMASK_OFFSTACK=y CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 # CONFIG_X86_PTDUMP is not set +# CONFIG_ARM64_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set # CONFIG_CAN_DEBUG_DEVICES is not set diff --git a/config-powerpc-generic b/config-powerpc-generic index ce4da577f..30b071898 100644 --- a/config-powerpc-generic +++ b/config-powerpc-generic @@ -306,6 +306,7 @@ CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m # CONFIG_MFD_AAT2870_CORE is not set # CONFIG_GPIO_SCH is not set +# CONFIG_GPIO_74XX_MMIO is not set # CONFIG_PPC_MPC512x is not set # CONFIG_RTC_DRV_MPC5121 is not set @@ -330,6 +331,7 @@ CONFIG_I2C_MPC=m # CONFIG_NET_VENDOR_TOSHIBA is not set # CONFIG_CPU_IDLE is not set +# CONFIG_OF_UNITTEST is not set # CONFIG_OF_SELFTEST is not set # CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set # CONFIG_INPUT_GP2A is not set diff --git a/config-powerpc64 b/config-powerpc64 index 49b4f2e70..5d9d29b22 100644 --- a/config-powerpc64 +++ b/config-powerpc64 @@ -15,6 +15,7 @@ CONFIG_PPC_POWERNV_RTAS=y CONFIG_SENSORS_IBMPOWERNV=y CONFIG_HW_RANDOM_POWERNV=m CONFIG_POWERNV_CPUFREQ=m +CONFIG_IPMI_POWERNV=m CONFIG_SCOM_DEBUGFS=y # CONFIG_PPC_PASEMI is not set # CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set @@ -165,6 +166,9 @@ CONFIG_HW_RANDOM_AMD=m CONFIG_UIO_PDRV=m +CONFIG_I2C_OPAL=m +CONFIG_RTC_DRV_OPAL=m + CONFIG_HW_RANDOM_PSERIES=m CONFIG_CRYPTO_DEV_NX=y CONFIG_CRYPTO_842=m diff --git a/config-powerpc64p7 b/config-powerpc64p7 index 6a5e1c6d9..eabb28c6e 100644 --- a/config-powerpc64p7 +++ b/config-powerpc64p7 @@ -10,6 +10,7 @@ CONFIG_PPC_POWERNV_RTAS=y CONFIG_HW_RANDOM_POWERNV=m CONFIG_SENSORS_IBMPOWERNV=y CONFIG_POWERNV_CPUFREQ=m +CONFIG_IPMI_POWERNV=m CONFIG_SCOM_DEBUGFS=y # CONFIG_PPC_PASEMI is not set # CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set @@ -155,6 +156,9 @@ CONFIG_HW_RANDOM_AMD=m CONFIG_UIO_PDRV=m +CONFIG_I2C_OPAL=m +CONFIG_RTC_DRV_OPAL=m + CONFIG_HW_RANDOM_PSERIES=m CONFIG_CRYPTO_DEV_NX=y CONFIG_CRYPTO_842=m diff --git a/config-s390x b/config-s390x index 9534f51be..cc9fd0e38 100644 --- a/config-s390x +++ b/config-s390x @@ -63,6 +63,7 @@ CONFIG_SCLP_VT220_TTY=y CONFIG_SCLP_VT220_CONSOLE=y CONFIG_SCLP_CPI=m CONFIG_SCLP_ASYNC=m +CONFIG_SCLP_ASYNC_ID="000000000" CONFIG_S390_TAPE=m CONFIG_S390_TAPE_3590=m diff --git a/config-x86-32-generic b/config-x86-32-generic index 5daa9b8a3..bdf1b753a 100644 --- a/config-x86-32-generic +++ b/config-x86-32-generic @@ -197,6 +197,7 @@ CONFIG_BACKLIGHT_PWM=m # CONFIG_EDAC_SBRIDGE is not set +# CONFIG_OF_UNITTEST is not set # CONFIG_OF_SELFTEST is not set # CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set # CONFIG_INPUT_GP2A is not set @@ -206,6 +207,7 @@ CONFIG_BACKLIGHT_PWM=m # CONFIG_MDIO_BUS_MUX_GPIO is not set # CONFIG_MDIO_BUS_MUX_MMIOREG is not set # CONFIG_GPIO_SODAVILLE is not set +# CONFIG_GPIO_74XX_MMIO is not set # CONFIG_BACKLIGHT_OT200 is not set # CONFIG_MLX5_INFINIBAND is not set diff --git a/config-x86-generic b/config-x86-generic index 88347fede..9a69726d1 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -34,6 +34,10 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 CONFIG_X86_PAT=y CONFIG_X86_PM_TIMER=y +# This requires changes to binutils and the compiler. Plus you can't actually +# buy hardware with MPX yet. So... leave it off until all of that seems set. +# CONFIG_X86_INTEL_MPX is not set + CONFIG_EFI=y CONFIG_EFI_STUB=y # CONFIG_EFI_MIXED is not set @@ -99,6 +103,8 @@ CONFIG_ACPI_CUSTOM_METHOD=m CONFIG_ACPI_BGRT=y # CONFIG_ACPI_EXTLOG is not set +# CONFIG_PMIC_OPREGION is not set + CONFIG_X86_INTEL_PSTATE=y CONFIG_X86_ACPI_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ_CPB=y @@ -166,6 +172,8 @@ CONFIG_DCDBAS=m CONFIG_EDAC=y CONFIG_EDAC_MM_EDAC=m +# CONFIG_EDAC_AMD64_ERROR_INJECTION is not set +CONFIG_EDAC_AMD64=m CONFIG_EDAC_AMD76X=m CONFIG_EDAC_AMD8111=m CONFIG_EDAC_AMD8131=m @@ -488,6 +496,7 @@ CONFIG_PWM_LPSS_PCI=m CONFIG_PWM_LPSS_PLATFORM=m CONFIG_PINCTRL=y CONFIG_PINCTRL_BAYTRAIL=y +CONFIG_PINCTRL_CHERRYVIEW=m # CONFIG_INTEL_POWERCLAMP is not set CONFIG_X86_PKG_TEMP_THERMAL=m diff --git a/config-x86_64-generic b/config-x86_64-generic index 89b7070ef..3a2ef08b2 100644 --- a/config-x86_64-generic +++ b/config-x86_64-generic @@ -177,6 +177,8 @@ CONFIG_SFC_MTD=y # Override MTD stuff because SFC_MTD needs it CONFIG_MTD_BLOCK=m +CONFIG_HSA_AMD=m + CONFIG_NO_HZ_FULL=y # CONFIG_NO_HZ_IDLE is not set # CONFIG_NO_HZ_FULL_ALL is not set diff --git a/crash-driver.patch b/crash-driver.patch index 5a8fa876f..c9a99b8e2 100644 --- a/crash-driver.patch +++ b/crash-driver.patch @@ -240,10 +240,10 @@ index 000000000000..552be5e2c571 + +#endif /* _S390_CRASH_H */ diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c -index 2a2e35416d2f..a529181429bb 100644 +index 2eb34bdfc613..11ce5c98462c 100644 --- a/arch/s390/mm/maccess.c +++ b/arch/s390/mm/maccess.c -@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(unsigned long addr) +@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(phys_addr_t addr) put_online_cpus(); return bounce; } @@ -251,7 +251,7 @@ index 2a2e35416d2f..a529181429bb 100644 /* * Free converted buffer for /dev/mem access (if necessary) -@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf) +@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(phys_addr_t addr, void *buf) if ((void *) addr != buf) free_page((unsigned long) buf); } diff --git a/criu-no-expert.patch b/criu-no-expert.patch index 11d3c87d5..2e7ca9138 100644 --- a/criu-no-expert.patch +++ b/criu-no-expert.patch @@ -9,10 +9,10 @@ Upstream-status: Fedora mustard 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/init/Kconfig b/init/Kconfig -index 9ef459bb44b2..cc096e258a4a 100644 +index dac9ed0f01f7..31a29fe7c555 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1149,7 +1149,7 @@ config DEBUG_BLK_CGROUP +@@ -1128,7 +1128,7 @@ config DEBUG_BLK_CGROUP endif # CGROUPS config CHECKPOINT_RESTORE @@ -21,7 +21,7 @@ index 9ef459bb44b2..cc096e258a4a 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1160,7 +1160,7 @@ config CHECKPOINT_RESTORE +@@ -1139,7 +1139,7 @@ config CHECKPOINT_RESTORE If unsure, say N here. menuconfig NAMESPACES diff --git a/disable-i8042-check-on-apple-mac.patch b/disable-i8042-check-on-apple-mac.patch index 8516532a8..0ada396a4 100644 --- a/disable-i8042-check-on-apple-mac.patch +++ b/disable-i8042-check-on-apple-mac.patch @@ -17,10 +17,10 @@ Signed-off-by: Bastien Nocera 1 file changed, 22 insertions(+) diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c -index 9bb95eab6926..4b5015f27f9e 100644 +index f91ed715b604..d64498a0d473 100644 --- a/drivers/input/serio/i8042.c +++ b/drivers/input/serio/i8042.c -@@ -1471,6 +1471,22 @@ static struct platform_driver i8042_driver = { +@@ -1470,6 +1470,22 @@ static struct platform_driver i8042_driver = { .shutdown = i8042_shutdown, }; @@ -43,7 +43,7 @@ index 9bb95eab6926..4b5015f27f9e 100644 static int __init i8042_init(void) { struct platform_device *pdev; -@@ -1478,6 +1494,12 @@ static int __init i8042_init(void) +@@ -1477,6 +1493,12 @@ static int __init i8042_init(void) dbg_init(); diff --git a/dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch b/dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch deleted file mode 100644 index e64136a27..000000000 --- a/dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Joe Thornber -Date: Thu, 27 Nov 2014 12:26:46 +0000 -Subject: [PATCH] dm cache: dirty flag was mistakenly being cleared when - promoting via overwrite - -If the incoming bio is a WRITE and completely covers a block then we -don't bother to do any copying for a promotion operation. Once this is -done the cache block and origin block will be different, so we need to -set it to 'dirty'. - -Signed-off-by: Joe Thornber -Signed-off-by: Mike Snitzer -Cc: stable@vger.kernel.org ---- - drivers/md/dm-cache-target.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c -index 6f7086355691..387b93d81138 100644 ---- a/drivers/md/dm-cache-target.c -+++ b/drivers/md/dm-cache-target.c -@@ -951,10 +951,14 @@ static void migration_success_post_commit(struct dm_cache_migration *mg) - } - - } else { -- clear_dirty(cache, mg->new_oblock, mg->cblock); -- if (mg->requeue_holder) -+ if (mg->requeue_holder) { -+ clear_dirty(cache, mg->new_oblock, mg->cblock); - cell_defer(cache, mg->new_ocell, true); -- else { -+ } else { -+ /* -+ * The block was promoted via an overwrite, so it's dirty. -+ */ -+ set_dirty(cache, mg->new_oblock, mg->cblock); - bio_endio(mg->new_ocell->holder, 0); - cell_defer(cache, mg->new_ocell, false); - } --- -2.1.0 - diff --git a/dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch b/dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch deleted file mode 100644 index 05a6ebdca..000000000 --- a/dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Joe Thornber -Date: Fri, 28 Nov 2014 09:48:25 +0000 -Subject: [PATCH] dm cache: fix spurious cell_defer when dealing with partial - block at end of device - -We never bother caching a partial block that is at the back end of the -origin device. No cell ever gets locked, but the calling code was -assuming it was and trying to release it. - -Now the code only releases if the cell has been set to a non NULL -value. - -Signed-off-by: Joe Thornber -Signed-off-by: Mike Snitzer -Cc: stable@vger.kernel.org ---- - drivers/md/dm-cache-target.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c -index 387b93d81138..da496cfb458d 100644 ---- a/drivers/md/dm-cache-target.c -+++ b/drivers/md/dm-cache-target.c -@@ -2554,11 +2554,11 @@ static int __cache_map(struct cache *cache, struct bio *bio, struct dm_bio_priso - static int cache_map(struct dm_target *ti, struct bio *bio) - { - int r; -- struct dm_bio_prison_cell *cell; -+ struct dm_bio_prison_cell *cell = NULL; - struct cache *cache = ti->private; - - r = __cache_map(cache, bio, &cell); -- if (r == DM_MAPIO_REMAPPED) { -+ if (r == DM_MAPIO_REMAPPED && cell) { - inc_ds(cache, bio, cell); - cell_defer(cache, cell, false); - } --- -2.1.0 - diff --git a/dm-cache-only-use-overwrite-optimisation-for-promoti.patch b/dm-cache-only-use-overwrite-optimisation-for-promoti.patch deleted file mode 100644 index 12a79113d..000000000 --- a/dm-cache-only-use-overwrite-optimisation-for-promoti.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Joe Thornber -Date: Thu, 27 Nov 2014 12:21:08 +0000 -Subject: [PATCH] dm cache: only use overwrite optimisation for promotion when - in writeback mode - -Overwrite causes the cache block and origin blocks to diverge, which -is only allowed in writeback mode. - -Signed-off-by: Joe Thornber -Signed-off-by: Mike Snitzer -Cc: stable@vger.kernel.org ---- - drivers/md/dm-cache-target.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c -index 7130505c2425..6f7086355691 100644 ---- a/drivers/md/dm-cache-target.c -+++ b/drivers/md/dm-cache-target.c -@@ -1070,7 +1070,8 @@ static void issue_copy(struct dm_cache_migration *mg) - - avoid = is_discarded_oblock(cache, mg->new_oblock); - -- if (!avoid && bio_writes_complete_block(cache, bio)) { -+ if (writeback_mode(&cache->features) && -+ !avoid && bio_writes_complete_block(cache, bio)) { - issue_overwrite(mg, bio); - return; - } --- -2.1.0 - diff --git a/drm-i915-hush-check-crtc-state.patch b/drm-i915-hush-check-crtc-state.patch index 0a76d10c1..329b59843 100644 --- a/drm-i915-hush-check-crtc-state.patch +++ b/drm-i915-hush-check-crtc-state.patch @@ -14,10 +14,10 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 9cb5c95d5898..edf0d4b78d68 100644 +index fb3e3d429191..49e5d5f9fbe5 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -10965,7 +10965,7 @@ check_crtc_state(struct drm_device *dev) +@@ -10869,7 +10869,7 @@ check_crtc_state(struct drm_device *dev) if (active && !intel_pipe_config_compare(dev, &crtc->config, &pipe_config)) { diff --git a/efi-Add-EFI_SECURE_BOOT-bit.patch b/efi-Add-EFI_SECURE_BOOT-bit.patch index f6cc658f7..ef1733bb3 100644 --- a/efi-Add-EFI_SECURE_BOOT-bit.patch +++ b/efi-Add-EFI_SECURE_BOOT-bit.patch @@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index f4eb99432db1..bc31a43b31a0 100644 +index 5d52d67d5097..b40d6174242f 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1152,7 +1152,9 @@ void __init setup_arch(char **cmdline_p) +@@ -1154,7 +1154,9 @@ void __init setup_arch(char **cmdline_p) #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE if (boot_params.secure_boot) { @@ -26,10 +26,10 @@ index f4eb99432db1..bc31a43b31a0 100644 #endif diff --git a/include/linux/efi.h b/include/linux/efi.h -index 0949f9c7e872..130ba866a24a 100644 +index 0238d612750e..16ec1c00919d 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -936,6 +936,7 @@ extern int __init efi_setup_pcdp_console(char *); +@@ -940,6 +940,7 @@ extern int __init efi_setup_pcdp_console(char *); #define EFI_64BIT 5 /* Is the firmware 64-bit? */ #define EFI_PARAVIRT 6 /* Access is via a paravirt interface */ #define EFI_ARCH_1 7 /* First arch-specific bit */ diff --git a/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch b/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch index c9e629d62..2238eeda3 100644 --- a/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch +++ b/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch @@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 6da2da7ac9c3..ba3cf70c7d5a 100644 +index 2192da755e34..4b03911a502d 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -831,8 +831,9 @@ out: diff --git a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch index 4d61ce91d..da1b53676 100644 --- a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch +++ b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch @@ -11,10 +11,10 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 7b8969db8398..d1f4a3d88dfc 100644 +index d4c55ee9f1ac..88533b717d59 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1612,7 +1612,8 @@ config EFI_MIXED +@@ -1657,7 +1657,8 @@ config EFI_MIXED If unsure, say N. config EFI_SECURE_BOOT_SIG_ENFORCE diff --git a/groups-Consolidate-the-setgroups-permission-checks.patch b/groups-Consolidate-the-setgroups-permission-checks.patch deleted file mode 100644 index e65ea2641..000000000 --- a/groups-Consolidate-the-setgroups-permission-checks.patch +++ /dev/null @@ -1,90 +0,0 @@ -From: "Eric W. Biederman" -Date: Fri, 5 Dec 2014 17:19:27 -0600 -Subject: [PATCH] groups: Consolidate the setgroups permission checks - -Today there are 3 instances of setgroups and due to an oversight their -permission checking has diverged. Add a common function so that -they may all share the same permission checking code. - -This corrects the current oversight in the current permission checks -and adds a helper to avoid this in the future. - -A user namespace security fix will update this new helper, shortly. - -Cc: stable@vger.kernel.org -Signed-off-by: "Eric W. Biederman" ---- - arch/s390/kernel/compat_linux.c | 2 +- - include/linux/cred.h | 1 + - kernel/groups.c | 9 ++++++++- - kernel/uid16.c | 2 +- - 4 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c -index ca38139423ae..437e61159279 100644 ---- a/arch/s390/kernel/compat_linux.c -+++ b/arch/s390/kernel/compat_linux.c -@@ -249,7 +249,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16, int, gidsetsize, u16 __user *, grouplis - struct group_info *group_info; - int retval; - -- if (!capable(CAP_SETGID)) -+ if (!may_setgroups()) - return -EPERM; - if ((unsigned)gidsetsize > NGROUPS_MAX) - return -EINVAL; -diff --git a/include/linux/cred.h b/include/linux/cred.h -index b2d0820837c4..2fb2ca2127ed 100644 ---- a/include/linux/cred.h -+++ b/include/linux/cred.h -@@ -68,6 +68,7 @@ extern void groups_free(struct group_info *); - extern int set_current_groups(struct group_info *); - extern void set_groups(struct cred *, struct group_info *); - extern int groups_search(const struct group_info *, kgid_t); -+extern bool may_setgroups(void); - - /* access the groups "array" with this macro */ - #define GROUP_AT(gi, i) \ -diff --git a/kernel/groups.c b/kernel/groups.c -index 451698f86cfa..02d8a251c476 100644 ---- a/kernel/groups.c -+++ b/kernel/groups.c -@@ -213,6 +213,13 @@ out: - return i; - } - -+bool may_setgroups(void) -+{ -+ struct user_namespace *user_ns = current_user_ns(); -+ -+ return ns_capable(user_ns, CAP_SETGID); -+} -+ - /* - * SMP: Our groups are copy-on-write. We can set them safely - * without another task interfering. -@@ -223,7 +230,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist) - struct group_info *group_info; - int retval; - -- if (!ns_capable(current_user_ns(), CAP_SETGID)) -+ if (!may_setgroups()) - return -EPERM; - if ((unsigned)gidsetsize > NGROUPS_MAX) - return -EINVAL; -diff --git a/kernel/uid16.c b/kernel/uid16.c -index 602e5bbbceff..d58cc4d8f0d1 100644 ---- a/kernel/uid16.c -+++ b/kernel/uid16.c -@@ -176,7 +176,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist) - struct group_info *group_info; - int retval; - -- if (!ns_capable(current_user_ns(), CAP_SETGID)) -+ if (!may_setgroups()) - return -EPERM; - if ((unsigned)gidsetsize > NGROUPS_MAX) - return -EINVAL; --- -2.1.0 - diff --git a/hibernate-Disable-in-a-signed-modules-environment.patch b/hibernate-Disable-in-a-signed-modules-environment.patch index fa1d53a51..f1cc67935 100644 --- a/hibernate-Disable-in-a-signed-modules-environment.patch +++ b/hibernate-Disable-in-a-signed-modules-environment.patch @@ -13,18 +13,18 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c -index 1f35a3478f3c..5e2472fc3dda 100644 +index 2329daae5255..48a8e82c7e2e 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c -@@ -28,6 +28,7 @@ - #include +@@ -29,6 +29,7 @@ #include #include + #include +#include #include #include "power.h" -@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops; +@@ -66,7 +67,7 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { diff --git a/input-kill-stupid-messages.patch b/input-kill-stupid-messages.patch index 5b9c3d923..fe01d3a75 100644 --- a/input-kill-stupid-messages.patch +++ b/input-kill-stupid-messages.patch @@ -9,7 +9,7 @@ Upstream-status: Fedora mustard 1 file changed, 4 insertions(+) diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c -index 6f5d79569136..95469f6ecfa5 100644 +index e27a25892db4..9ab0a86cc03d 100644 --- a/drivers/input/keyboard/atkbd.c +++ b/drivers/input/keyboard/atkbd.c @@ -436,11 +436,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data, diff --git a/input-silence-i8042-noise.patch b/input-silence-i8042-noise.patch index dcfee1e6d..fa40d1b88 100644 --- a/input-silence-i8042-noise.patch +++ b/input-silence-i8042-noise.patch @@ -29,7 +29,7 @@ index 9717d5f20139..a3101d2fd936 100644 if (dev->parent && dev->parent->power.is_prepared) dev_warn(dev, "parent %s should not be sleeping\n", diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c -index f5a98af3b325..9bb95eab6926 100644 +index 924e4bf357fb..f91ed715b604 100644 --- a/drivers/input/serio/i8042.c +++ b/drivers/input/serio/i8042.c @@ -857,7 +857,6 @@ static int __init i8042_check_aux(void) @@ -41,10 +41,10 @@ index f5a98af3b325..9bb95eab6926 100644 } diff --git a/net/can/af_can.c b/net/can/af_can.c -index ce82337521f6..a3fee4becc93 100644 +index 66e08040ced7..5268a601f406 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c -@@ -158,13 +158,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol, +@@ -155,13 +155,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol, err = request_module("can-proto-%d", protocol); /* diff --git a/isofs-Fix-infinite-looping-over-CE-entries.patch b/isofs-Fix-infinite-looping-over-CE-entries.patch deleted file mode 100644 index bff25ac27..000000000 --- a/isofs-Fix-infinite-looping-over-CE-entries.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Jan Kara -Date: Mon, 15 Dec 2014 14:22:46 +0100 -Subject: [PATCH] isofs: Fix infinite looping over CE entries - -Rock Ridge extensions define so called Continuation Entries (CE) which -define where is further space with Rock Ridge data. Corrupted isofs -image can contain arbitrarily long chain of these, including a one -containing loop and thus causing kernel to end in an infinite loop when -traversing these entries. - -Limit the traversal to 32 entries which should be more than enough space -to store all the Rock Ridge data. - -Reported-by: P J P -CC: stable@vger.kernel.org -Signed-off-by: Jan Kara ---- - fs/isofs/rock.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c -index f488bbae541a..bb63254ed848 100644 ---- a/fs/isofs/rock.c -+++ b/fs/isofs/rock.c -@@ -30,6 +30,7 @@ struct rock_state { - int cont_size; - int cont_extent; - int cont_offset; -+ int cont_loops; - struct inode *inode; - }; - -@@ -73,6 +74,9 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode) - rs->inode = inode; - } - -+/* Maximum number of Rock Ridge continuation entries */ -+#define RR_MAX_CE_ENTRIES 32 -+ - /* - * Returns 0 if the caller should continue scanning, 1 if the scan must end - * and -ve on error. -@@ -105,6 +109,8 @@ static int rock_continue(struct rock_state *rs) - goto out; - } - ret = -EIO; -+ if (++rs->cont_loops >= RR_MAX_CE_ENTRIES) -+ goto out; - bh = sb_bread(rs->inode->i_sb, rs->cont_extent); - if (bh) { - memcpy(rs->buffer, bh->b_data + rs->cont_offset, --- -2.1.0 - diff --git a/kernel.spec b/kernel.spec index aaf648611..ff2c5f2fc 100644 --- a/kernel.spec +++ b/kernel.spec @@ -6,9 +6,9 @@ Summary: The Linux kernel # For a stable, released kernel, released_kernel should be 1. For rawhide # and/or a kernel built from an rc or git snapshot, released_kernel should # be 0. -%global released_kernel 1 +%global released_kernel 0 -%global aarch64patches 1 +%global aarch64patches 0 # Sign modules on x86. Make sure the config files match this setting if more # architectures are added. @@ -42,7 +42,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 3 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 1 +%define stable_update 0 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -67,7 +67,7 @@ Summary: The Linux kernel # The next upstream release sublevel (base_sublevel+1) %define upstream_sublevel %(echo $((%{base_sublevel} + 1))) # The rc snapshot level -%define rcrev 0 +%define rcrev 2 # The git snapshot level %define gitrev 0 # Set rpm version accordingly @@ -587,7 +587,6 @@ Patch21025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch Patch21026: pinctrl-pinctrl-single-must-be-initialized-early.patch Patch21028: arm-i.MX6-Utilite-device-dtb.patch -Patch21029: arm-dts-sun7i-bananapi.patch Patch21100: arm-highbank-l2-reverts.patch @@ -610,58 +609,11 @@ Patch26058: asus-nb-wmi-Add-wapf4-quirk-for-the-X550VB.patch #rhbz 1111138 Patch26059: i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch -Patch26064: Input-add-driver-for-the-Goodix-touchpanel.patch - -#rhbz 1135338 -Patch26070: HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch - -#CVE-2014-8134 rhbz 1172765 1172769 -Patch26091: x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch - #rhbz 1164945 Patch26092: xhci-Add-broken-streams-quirk-for-Fresco-Logic-FL100.patch Patch26093: uas-Add-US_FL_NO_ATA_1X-for-Seagate-devices-with-usb.patch Patch26094: uas-Add-US_FL_NO_REPORT_OPCODES-for-JMicron-JMS566-w.patch -#rhbz 1172543 -Patch26096: cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch - -#CVE-2014-8133 rhbz 1172797 1174374 -Patch26100: x86-tls-Validate-TLS-entries-to-protect-espfix.patch - -#rhbz 1173806 -Patch26101: powerpc-powernv-force-all-CPUs-to-be-bootable.patch - -#CVE-2014-XXXX rhbz 1175235 1175250 -Patch26102: isofs-Fix-infinite-looping-over-CE-entries.patch - -#rhbz 1175261 -Patch26103: blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch - -#rhbz 1168434 -Patch26104: dm-cache-only-use-overwrite-optimisation-for-promoti.patch -Patch26105: dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch -Patch26106: dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch - -Patch26107: uapi-linux-target_core_user.h-fix-headers_install.sh.patch - -#mount fixes for stable -Patch26108: mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch -Patch26109: mnt-Update-unprivileged-remount-test.patch -Patch26110: umount-Disallow-unprivileged-mount-force.patch - -#CVE-2014-8989 rhbz 1170684 1170688 -Patch26111: groups-Consolidate-the-setgroups-permission-checks.patch -Patch26112: userns-Document-what-the-invariant-required-for-safe.patch -Patch26113: userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch -Patch26114: userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch -Patch26115: userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch -Patch26116: userns-Only-allow-the-creator-of-the-userns-unprivil.patch -Patch26117: userns-Rename-id_map_mutex-to-userns_state_mutex.patch -Patch26118: userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch -Patch26119: userns-Allow-setting-gid_maps-without-privilege-when.patch -Patch26120: userns-Unbreak-the-unprivileged-remount-tests.patch - # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel Patch30000: kernel-arm64.patch @@ -1251,7 +1203,6 @@ ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch ApplyPatch arm-i.MX6-Utilite-device-dtb.patch -ApplyPatch arm-dts-sun7i-bananapi.patch ApplyPatch arm-highbank-l2-reverts.patch @@ -1380,58 +1331,11 @@ ApplyPatch asus-nb-wmi-Add-wapf4-quirk-for-the-X550VB.patch #rhbz 1111138 ApplyPatch i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch -ApplyPatch Input-add-driver-for-the-Goodix-touchpanel.patch - -#rhbz 1135338 -ApplyPatch HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch - -#CVE-2014-8134 rhbz 1172765 1172769 -ApplyPatch x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch - #rhbz 1164945 ApplyPatch xhci-Add-broken-streams-quirk-for-Fresco-Logic-FL100.patch ApplyPatch uas-Add-US_FL_NO_ATA_1X-for-Seagate-devices-with-usb.patch ApplyPatch uas-Add-US_FL_NO_REPORT_OPCODES-for-JMicron-JMS566-w.patch -#rhbz 1172543 -ApplyPatch cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch - -#CVE-2014-8133 rhbz 1172797 1174374 -ApplyPatch x86-tls-Validate-TLS-entries-to-protect-espfix.patch - -#rhbz 1173806 -ApplyPatch powerpc-powernv-force-all-CPUs-to-be-bootable.patch - -#CVE-2014-XXXX rhbz 1175235 1175250 -ApplyPatch isofs-Fix-infinite-looping-over-CE-entries.patch - -#rhbz 1175261 -ApplyPatch blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch - -#rhbz 1168434 -ApplyPatch dm-cache-only-use-overwrite-optimisation-for-promoti.patch -ApplyPatch dm-cache-dirty-flag-was-mistakenly-being-cleared-whe.patch -ApplyPatch dm-cache-fix-spurious-cell_defer-when-dealing-with-p.patch - -ApplyPatch uapi-linux-target_core_user.h-fix-headers_install.sh.patch - -#mount fixes for stable -ApplyPatch mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch -ApplyPatch mnt-Update-unprivileged-remount-test.patch -ApplyPatch umount-Disallow-unprivileged-mount-force.patch - -#CVE-2014-8989 rhbz 1170684 1170688 -ApplyPatch groups-Consolidate-the-setgroups-permission-checks.patch -ApplyPatch userns-Document-what-the-invariant-required-for-safe.patch -ApplyPatch userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch -ApplyPatch userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch -ApplyPatch userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch -ApplyPatch userns-Only-allow-the-creator-of-the-userns-unprivil.patch -ApplyPatch userns-Rename-id_map_mutex-to-userns_state_mutex.patch -ApplyPatch userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch -ApplyPatch userns-Allow-setting-gid_maps-without-privilege-when.patch -ApplyPatch userns-Unbreak-the-unprivileged-remount-tests.patch - %if 0%{?aarch64patches} ApplyPatch kernel-arm64.patch %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. @@ -2300,6 +2204,11 @@ fi # ||----w | # || || %changelog +* Mon Jan 05 2015 Josh Boyer +- Linux v3.19-rc2 +- Temporarily disable aarch64patches +- Happy New Year + * Sun Dec 28 2014 Josh Boyer - Enable F2FS (rhbz 972446) diff --git a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch index eac51c600..d521c804d 100644 --- a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch +++ b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch @@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 8 insertions(+) diff --git a/kernel/kexec.c b/kernel/kexec.c -index 2abf9f6e9a61..417bd0599024 100644 +index 9a8a01abbaed..9a0ecbf14545 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -36,6 +36,7 @@ diff --git a/mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch b/mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch deleted file mode 100644 index 0fff15128..000000000 --- a/mnt-Implicitly-add-MNT_NODEV-on-remount-when-it-was-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: "Eric W. Biederman" -Date: Wed, 13 Aug 2014 01:33:38 -0700 -Subject: [PATCH] mnt: Implicitly add MNT_NODEV on remount when it was - implicitly added by mount - -Now that remount is properly enforcing the rule that you can't remove -nodev at least sandstorm.io is breaking when performing a remount. - -It turns out that there is an easy intuitive solution implicitly -add nodev on remount when nodev was implicitly added on mount. - -Tested-by: Cedric Bosdonnat -Tested-by: Richard Weinberger -Cc: stable@vger.kernel.org -Signed-off-by: "Eric W. Biederman" ---- - fs/namespace.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/fs/namespace.c b/fs/namespace.c -index 5b66b2b3624d..3a1a87dc33df 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -2098,7 +2098,13 @@ static int do_remount(struct path *path, int flags, int mnt_flags, - } - if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) && - !(mnt_flags & MNT_NODEV)) { -- return -EPERM; -+ /* Was the nodev implicitly added in mount? */ -+ if ((mnt->mnt_ns->user_ns != &init_user_ns) && -+ !(sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) { -+ mnt_flags |= MNT_NODEV; -+ } else { -+ return -EPERM; -+ } - } - if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) && - !(mnt_flags & MNT_NOSUID)) { --- -2.1.0 - diff --git a/mnt-Update-unprivileged-remount-test.patch b/mnt-Update-unprivileged-remount-test.patch deleted file mode 100644 index 5913d8272..000000000 --- a/mnt-Update-unprivileged-remount-test.patch +++ /dev/null @@ -1,280 +0,0 @@ -From: "Eric W. Biederman" -Date: Fri, 22 Aug 2014 16:39:03 -0500 -Subject: [PATCH] mnt: Update unprivileged remount test - -- MNT_NODEV should be irrelevant except when reading back mount flags, - no longer specify MNT_NODEV on remount. - -- Test MNT_NODEV on devpts where it is meaningful even for unprivileged mounts. - -- Add a test to verify that remount of a prexisting mount with the same flags - is allowed and does not change those flags. - -- Cleanup up the definitions of MS_REC, MS_RELATIME, MS_STRICTATIME that are used - when the code is built in an environment without them. - -- Correct the test error messages when tests fail. There were not 5 tests - that tested MS_RELATIME. - -Cc: stable@vger.kernel.org -Signed-off-by: Eric W. Biederman ---- - .../selftests/mount/unprivileged-remount-test.c | 172 +++++++++++++++++---- - 1 file changed, 142 insertions(+), 30 deletions(-) - -diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c -index 1b3ff2fda4d0..9669d375625a 100644 ---- a/tools/testing/selftests/mount/unprivileged-remount-test.c -+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c -@@ -6,6 +6,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -@@ -32,11 +34,14 @@ - # define CLONE_NEWPID 0x20000000 - #endif - -+#ifndef MS_REC -+# define MS_REC 16384 -+#endif - #ifndef MS_RELATIME --#define MS_RELATIME (1 << 21) -+# define MS_RELATIME (1 << 21) - #endif - #ifndef MS_STRICTATIME --#define MS_STRICTATIME (1 << 24) -+# define MS_STRICTATIME (1 << 24) - #endif - - static void die(char *fmt, ...) -@@ -87,6 +92,45 @@ static void write_file(char *filename, char *fmt, ...) - } - } - -+static int read_mnt_flags(const char *path) -+{ -+ int ret; -+ struct statvfs stat; -+ int mnt_flags; -+ -+ ret = statvfs(path, &stat); -+ if (ret != 0) { -+ die("statvfs of %s failed: %s\n", -+ path, strerror(errno)); -+ } -+ if (stat.f_flag & ~(ST_RDONLY | ST_NOSUID | ST_NODEV | \ -+ ST_NOEXEC | ST_NOATIME | ST_NODIRATIME | ST_RELATIME | \ -+ ST_SYNCHRONOUS | ST_MANDLOCK)) { -+ die("Unrecognized mount flags\n"); -+ } -+ mnt_flags = 0; -+ if (stat.f_flag & ST_RDONLY) -+ mnt_flags |= MS_RDONLY; -+ if (stat.f_flag & ST_NOSUID) -+ mnt_flags |= MS_NOSUID; -+ if (stat.f_flag & ST_NODEV) -+ mnt_flags |= MS_NODEV; -+ if (stat.f_flag & ST_NOEXEC) -+ mnt_flags |= MS_NOEXEC; -+ if (stat.f_flag & ST_NOATIME) -+ mnt_flags |= MS_NOATIME; -+ if (stat.f_flag & ST_NODIRATIME) -+ mnt_flags |= MS_NODIRATIME; -+ if (stat.f_flag & ST_RELATIME) -+ mnt_flags |= MS_RELATIME; -+ if (stat.f_flag & ST_SYNCHRONOUS) -+ mnt_flags |= MS_SYNCHRONOUS; -+ if (stat.f_flag & ST_MANDLOCK) -+ mnt_flags |= ST_MANDLOCK; -+ -+ return mnt_flags; -+} -+ - static void create_and_enter_userns(void) - { - uid_t uid; -@@ -118,7 +162,8 @@ static void create_and_enter_userns(void) - } - - static --bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) -+bool test_unpriv_remount(const char *fstype, const char *mount_options, -+ int mount_flags, int remount_flags, int invalid_flags) - { - pid_t child; - -@@ -151,9 +196,11 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) - strerror(errno)); - } - -- if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) { -- die("mount of /tmp failed: %s\n", -- strerror(errno)); -+ if (mount("testing", "/tmp", fstype, mount_flags, mount_options) != 0) { -+ die("mount of %s with options '%s' on /tmp failed: %s\n", -+ fstype, -+ mount_options? mount_options : "", -+ strerror(errno)); - } - - create_and_enter_userns(); -@@ -181,62 +228,127 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) - - static bool test_unpriv_remount_simple(int mount_flags) - { -- return test_unpriv_remount(mount_flags, mount_flags, 0); -+ return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, 0); - } - - static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags) - { -- return test_unpriv_remount(mount_flags, mount_flags, invalid_flags); -+ return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, -+ invalid_flags); -+} -+ -+static bool test_priv_mount_unpriv_remount(void) -+{ -+ pid_t child; -+ int ret; -+ const char *orig_path = "/dev"; -+ const char *dest_path = "/tmp"; -+ int orig_mnt_flags, remount_mnt_flags; -+ -+ child = fork(); -+ if (child == -1) { -+ die("fork failed: %s\n", -+ strerror(errno)); -+ } -+ if (child != 0) { /* parent */ -+ pid_t pid; -+ int status; -+ pid = waitpid(child, &status, 0); -+ if (pid == -1) { -+ die("waitpid failed: %s\n", -+ strerror(errno)); -+ } -+ if (pid != child) { -+ die("waited for %d got %d\n", -+ child, pid); -+ } -+ if (!WIFEXITED(status)) { -+ die("child did not terminate cleanly\n"); -+ } -+ return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false; -+ } -+ -+ orig_mnt_flags = read_mnt_flags(orig_path); -+ -+ create_and_enter_userns(); -+ ret = unshare(CLONE_NEWNS); -+ if (ret != 0) { -+ die("unshare(CLONE_NEWNS) failed: %s\n", -+ strerror(errno)); -+ } -+ -+ ret = mount(orig_path, dest_path, "bind", MS_BIND | MS_REC, NULL); -+ if (ret != 0) { -+ die("recursive bind mount of %s onto %s failed: %s\n", -+ orig_path, dest_path, strerror(errno)); -+ } -+ -+ ret = mount(dest_path, dest_path, "none", -+ MS_REMOUNT | MS_BIND | orig_mnt_flags , NULL); -+ if (ret != 0) { -+ /* system("cat /proc/self/mounts"); */ -+ die("remount of /tmp failed: %s\n", -+ strerror(errno)); -+ } -+ -+ remount_mnt_flags = read_mnt_flags(dest_path); -+ if (orig_mnt_flags != remount_mnt_flags) { -+ die("Mount flags unexpectedly changed during remount of %s originally mounted on %s\n", -+ dest_path, orig_path); -+ } -+ exit(EXIT_SUCCESS); - } - - int main(int argc, char **argv) - { -- if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) { -+ if (!test_unpriv_remount_simple(MS_RDONLY)) { - die("MS_RDONLY malfunctions\n"); - } -- if (!test_unpriv_remount_simple(MS_NODEV)) { -+ if (!test_unpriv_remount("devpts", "newinstance", MS_NODEV, MS_NODEV, 0)) { - die("MS_NODEV malfunctions\n"); - } -- if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) { -+ if (!test_unpriv_remount_simple(MS_NOSUID)) { - die("MS_NOSUID malfunctions\n"); - } -- if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) { -+ if (!test_unpriv_remount_simple(MS_NOEXEC)) { - die("MS_NOEXEC malfunctions\n"); - } -- if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV, -- MS_NOATIME|MS_NODEV)) -+ if (!test_unpriv_remount_atime(MS_RELATIME, -+ MS_NOATIME)) - { - die("MS_RELATIME malfunctions\n"); - } -- if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV, -- MS_NOATIME|MS_NODEV)) -+ if (!test_unpriv_remount_atime(MS_STRICTATIME, -+ MS_NOATIME)) - { - die("MS_STRICTATIME malfunctions\n"); - } -- if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV, -- MS_STRICTATIME|MS_NODEV)) -+ if (!test_unpriv_remount_atime(MS_NOATIME, -+ MS_STRICTATIME)) - { -- die("MS_RELATIME malfunctions\n"); -+ die("MS_NOATIME malfunctions\n"); - } -- if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV, -- MS_NOATIME|MS_NODEV)) -+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME, -+ MS_NOATIME)) - { -- die("MS_RELATIME malfunctions\n"); -+ die("MS_RELATIME|MS_NODIRATIME malfunctions\n"); - } -- if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV, -- MS_NOATIME|MS_NODEV)) -+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME, -+ MS_NOATIME)) - { -- die("MS_RELATIME malfunctions\n"); -+ die("MS_STRICTATIME|MS_NODIRATIME malfunctions\n"); - } -- if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV, -- MS_STRICTATIME|MS_NODEV)) -+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME, -+ MS_STRICTATIME)) - { -- die("MS_RELATIME malfunctions\n"); -+ die("MS_NOATIME|MS_DIRATIME malfunctions\n"); - } -- if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV, -- MS_NOATIME|MS_NODEV)) -+ if (!test_unpriv_remount("ramfs", NULL, MS_STRICTATIME, 0, MS_NOATIME)) - { - die("Default atime malfunctions\n"); - } -+ if (!test_priv_mount_unpriv_remount()) { -+ die("Mount flags unexpectedly changed after remount\n"); -+ } - return EXIT_SUCCESS; - } --- -2.1.0 - diff --git a/no-pcspkr-modalias.patch b/no-pcspkr-modalias.patch index a258676c3..28008094d 100644 --- a/no-pcspkr-modalias.patch +++ b/no-pcspkr-modalias.patch @@ -9,7 +9,7 @@ Upstream-status: Fedora mustard 1 file changed, 1 deletion(-) diff --git a/drivers/input/misc/pcspkr.c b/drivers/input/misc/pcspkr.c -index 674a2cfc3c0e..9a2807227c69 100644 +index 72b1fc3ab910..86907eaa4883 100644 --- a/drivers/input/misc/pcspkr.c +++ b/drivers/input/misc/pcspkr.c @@ -23,7 +23,6 @@ diff --git a/pinctrl-pinctrl-single-must-be-initialized-early.patch b/pinctrl-pinctrl-single-must-be-initialized-early.patch index 765ec1d3d..5aa4bd22f 100644 --- a/pinctrl-pinctrl-single-must-be-initialized-early.patch +++ b/pinctrl-pinctrl-single-must-be-initialized-early.patch @@ -10,10 +10,10 @@ exercise left to the reader. 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c -index fb94b772ad62..99668ad01b54 100644 +index 69e84427f913..f21cf4291476 100644 --- a/drivers/pinctrl/pinctrl-single.c +++ b/drivers/pinctrl/pinctrl-single.c -@@ -2026,7 +2026,17 @@ static struct platform_driver pcs_driver = { +@@ -2025,7 +2025,17 @@ static struct platform_driver pcs_driver = { #endif }; diff --git a/powerpc-powernv-force-all-CPUs-to-be-bootable.patch b/powerpc-powernv-force-all-CPUs-to-be-bootable.patch deleted file mode 100644 index f98ac878d..000000000 --- a/powerpc-powernv-force-all-CPUs-to-be-bootable.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Greg Kurz -Date: Fri, 12 Dec 2014 12:37:40 +0100 -Subject: [PATCH] powerpc/powernv: force all CPUs to be bootable - -The subcore logic needs all the CPUs declared in the DT to be bootable, -otherwise the kernel hangs at boot time. Since subcore support starts -with POWER8, we can keep the current behaviour for older CPUs. - -Signed-off-by: Greg Kurz ---- - arch/powerpc/platforms/powernv/smp.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/arch/powerpc/platforms/powernv/smp.c b/arch/powerpc/platforms/powernv/smp.c -index 4753958cd509..44ecd0925f56 100644 ---- a/arch/powerpc/platforms/powernv/smp.c -+++ b/arch/powerpc/platforms/powernv/smp.c -@@ -185,13 +185,24 @@ static void pnv_smp_cpu_kill_self(void) - - #endif /* CONFIG_HOTPLUG_CPU */ - -+static int pnv_cpu_bootable(unsigned int nr) -+{ -+ /* Starting with POWER8, all CPUs need to be booted to avoid hangs -+ * during subcore init. -+ */ -+ if (cpu_has_feature(CPU_FTR_ARCH_207S)) -+ return 1; -+ -+ return smp_generic_cpu_bootable(nr); -+} -+ - static struct smp_ops_t pnv_smp_ops = { - .message_pass = smp_muxed_ipi_message_pass, - .cause_ipi = NULL, /* Filled at runtime by xics_smp_probe() */ - .probe = xics_smp_probe, - .kick_cpu = pnv_smp_kick_cpu, - .setup_cpu = pnv_smp_setup_cpu, -- .cpu_bootable = smp_generic_cpu_bootable, -+ .cpu_bootable = pnv_cpu_bootable, - #ifdef CONFIG_HOTPLUG_CPU - .cpu_disable = pnv_smp_cpu_disable, - .cpu_die = generic_cpu_die, --- -2.1.0 - diff --git a/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch index 62530050f..f635da21a 100644 --- a/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch +++ b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch @@ -9,10 +9,10 @@ Upstream-status: Fedora mustard (might be worth dropping...) 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index cfba74cd8e8b..5127df3cc064 100644 +index 399516925d80..2ac9a156da39 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2768,13 +2768,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp) +@@ -2750,13 +2750,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp) static int sd_revalidate_disk(struct gendisk *disk) { struct scsi_disk *sdkp = scsi_disk(disk); diff --git a/silence-fbcon-logo.patch b/silence-fbcon-logo.patch index 654927e41..baeb94e5c 100644 --- a/silence-fbcon-logo.patch +++ b/silence-fbcon-logo.patch @@ -9,7 +9,7 @@ Upstream-status: Fedora mustard 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c -index eb976ee3a02f..275f20a643f4 100644 +index ea437245562e..eefa9c45d2e1 100644 --- a/drivers/video/console/fbcon.c +++ b/drivers/video/console/fbcon.c @@ -637,13 +637,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info, @@ -47,7 +47,7 @@ index eb976ee3a02f..275f20a643f4 100644 + +early_param("quiet", quiet_logo); + - module_init(fb_console_init); + fs_initcall(fb_console_init); #ifdef MODULE -- diff --git a/uapi-linux-target_core_user.h-fix-headers_install.sh.patch b/uapi-linux-target_core_user.h-fix-headers_install.sh.patch deleted file mode 100644 index 516d10f8a..000000000 --- a/uapi-linux-target_core_user.h-fix-headers_install.sh.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Kyle McMartin -Date: Thu, 18 Dec 2014 12:57:14 -0500 -Subject: [PATCH] uapi/linux/target_core_user.h: fix headers_install.sh badness - -scripts/headers_install.sh will transform __packed to -__attribute__((packed)), so the #ifndef is not necessary. -(and, in fact, it's problematic, because we'll end up with the header - containing: -#ifndef __attribute__((packed)) -#define __attribu... -and so forth.) - -Cc: stable@vger.kernel.org # 3.18 -Signed-off-by: Kyle McMartin ---- - include/uapi/linux/target_core_user.h | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/include/uapi/linux/target_core_user.h b/include/uapi/linux/target_core_user.h -index 7dcfbe6771b1..b483d1909d3e 100644 ---- a/include/uapi/linux/target_core_user.h -+++ b/include/uapi/linux/target_core_user.h -@@ -6,10 +6,6 @@ - #include - #include - --#ifndef __packed --#define __packed __attribute__((packed)) --#endif -- - #define TCMU_VERSION "1.0" - - /* --- -2.1.0 - diff --git a/umount-Disallow-unprivileged-mount-force.patch b/umount-Disallow-unprivileged-mount-force.patch deleted file mode 100644 index a57b2c927..000000000 --- a/umount-Disallow-unprivileged-mount-force.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: "Eric W. Biederman" -Date: Sat, 4 Oct 2014 14:44:03 -0700 -Subject: [PATCH] umount: Disallow unprivileged mount force - -Forced unmount affects not just the mount namespace but the underlying -superblock as well. Restrict forced unmount to the global root user -for now. Otherwise it becomes possible a user in a less privileged -mount namespace to force the shutdown of a superblock of a filesystem -in a more privileged mount namespace, allowing a DOS attack on root. - -Cc: stable@vger.kernel.org -Signed-off-by: "Eric W. Biederman" ---- - fs/namespace.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/fs/namespace.c b/fs/namespace.c -index 3a1a87dc33df..43b16af8af30 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -1544,6 +1544,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags) - goto dput_and_out; - if (mnt->mnt.mnt_flags & MNT_LOCKED) - goto dput_and_out; -+ retval = -EPERM; -+ if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN)) -+ goto dput_and_out; - - retval = do_umount(mnt, flags); - dput_and_out: --- -2.1.0 - diff --git a/userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch b/userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch deleted file mode 100644 index a55381706..000000000 --- a/userns-Add-a-knob-to-disable-setgroups-on-a-per-user.patch +++ /dev/null @@ -1,280 +0,0 @@ -From: "Eric W. Biederman" -Date: Tue, 2 Dec 2014 12:27:26 -0600 -Subject: [PATCH] userns: Add a knob to disable setgroups on a per user - namespace basis - -- Expose the knob to user space through a proc file /proc//setgroups - - A value of "deny" means the setgroups system call is disabled in the - current processes user namespace and can not be enabled in the - future in this user namespace. - - A value of "allow" means the segtoups system call is enabled. - -- Descendant user namespaces inherit the value of setgroups from - their parents. - -- A proc file is used (instead of a sysctl) as sysctls currently do - not allow checking the permissions at open time. - -- Writing to the proc file is restricted to before the gid_map - for the user namespace is set. - - This ensures that disabling setgroups at a user namespace - level will never remove the ability to call setgroups - from a process that already has that ability. - - A process may opt in to the setgroups disable for itself by - creating, entering and configuring a user namespace or by calling - setns on an existing user namespace with setgroups disabled. - Processes without privileges already can not call setgroups so this - is a noop. Prodcess with privilege become processes without - privilege when entering a user namespace and as with any other path - to dropping privilege they would not have the ability to call - setgroups. So this remains within the bounds of what is possible - without a knob to disable setgroups permanently in a user namespace. - -Cc: stable@vger.kernel.org -Signed-off-by: "Eric W. Biederman" ---- - fs/proc/base.c | 53 ++++++++++++++++++++++++++ - include/linux/user_namespace.h | 7 ++++ - kernel/user.c | 1 + - kernel/user_namespace.c | 85 ++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 146 insertions(+) - -diff --git a/fs/proc/base.c b/fs/proc/base.c -index 772efa45a452..7dc3ea89ef1a 100644 ---- a/fs/proc/base.c -+++ b/fs/proc/base.c -@@ -2464,6 +2464,57 @@ static const struct file_operations proc_projid_map_operations = { - .llseek = seq_lseek, - .release = proc_id_map_release, - }; -+ -+static int proc_setgroups_open(struct inode *inode, struct file *file) -+{ -+ struct user_namespace *ns = NULL; -+ struct task_struct *task; -+ int ret; -+ -+ ret = -ESRCH; -+ task = get_proc_task(inode); -+ if (task) { -+ rcu_read_lock(); -+ ns = get_user_ns(task_cred_xxx(task, user_ns)); -+ rcu_read_unlock(); -+ put_task_struct(task); -+ } -+ if (!ns) -+ goto err; -+ -+ if (file->f_mode & FMODE_WRITE) { -+ ret = -EACCES; -+ if (!ns_capable(ns, CAP_SYS_ADMIN)) -+ goto err_put_ns; -+ } -+ -+ ret = single_open(file, &proc_setgroups_show, ns); -+ if (ret) -+ goto err_put_ns; -+ -+ return 0; -+err_put_ns: -+ put_user_ns(ns); -+err: -+ return ret; -+} -+ -+static int proc_setgroups_release(struct inode *inode, struct file *file) -+{ -+ struct seq_file *seq = file->private_data; -+ struct user_namespace *ns = seq->private; -+ int ret = single_release(inode, file); -+ put_user_ns(ns); -+ return ret; -+} -+ -+static const struct file_operations proc_setgroups_operations = { -+ .open = proc_setgroups_open, -+ .write = proc_setgroups_write, -+ .read = seq_read, -+ .llseek = seq_lseek, -+ .release = proc_setgroups_release, -+}; - #endif /* CONFIG_USER_NS */ - - static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns, -@@ -2572,6 +2623,7 @@ static const struct pid_entry tgid_base_stuff[] = { - REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), - REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), - REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), -+ REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), - #endif - #ifdef CONFIG_CHECKPOINT_RESTORE - REG("timers", S_IRUGO, proc_timers_operations), -@@ -2913,6 +2965,7 @@ static const struct pid_entry tid_base_stuff[] = { - REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), - REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), - REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), -+ REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), - #endif - }; - -diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index 8d493083486a..9f3579ff543d 100644 ---- a/include/linux/user_namespace.h -+++ b/include/linux/user_namespace.h -@@ -17,6 +17,10 @@ struct uid_gid_map { /* 64 bytes -- 1 cache line */ - } extent[UID_GID_MAP_MAX_EXTENTS]; - }; - -+#define USERNS_SETGROUPS_ALLOWED 1UL -+ -+#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED -+ - struct user_namespace { - struct uid_gid_map uid_map; - struct uid_gid_map gid_map; -@@ -27,6 +31,7 @@ struct user_namespace { - kuid_t owner; - kgid_t group; - unsigned int proc_inum; -+ unsigned long flags; - - /* Register of per-UID persistent keyrings for this namespace */ - #ifdef CONFIG_PERSISTENT_KEYRINGS -@@ -63,6 +68,8 @@ extern const struct seq_operations proc_projid_seq_operations; - extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *); - extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *); - extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *); -+extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *); -+extern int proc_setgroups_show(struct seq_file *m, void *v); - extern bool userns_may_setgroups(const struct user_namespace *ns); - #else - -diff --git a/kernel/user.c b/kernel/user.c -index 4efa39350e44..2d09940c9632 100644 ---- a/kernel/user.c -+++ b/kernel/user.c -@@ -51,6 +51,7 @@ struct user_namespace init_user_ns = { - .owner = GLOBAL_ROOT_UID, - .group = GLOBAL_ROOT_GID, - .proc_inum = PROC_USER_INIT_INO, -+ .flags = USERNS_INIT_FLAGS, - #ifdef CONFIG_PERSISTENT_KEYRINGS - .persistent_keyring_register_sem = - __RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem), -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 44a555ac6104..6e80f4c1322b 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -100,6 +100,11 @@ int create_user_ns(struct cred *new) - ns->owner = owner; - ns->group = group; - -+ /* Inherit USERNS_SETGROUPS_ALLOWED from our parent */ -+ mutex_lock(&userns_state_mutex); -+ ns->flags = parent_ns->flags; -+ mutex_unlock(&userns_state_mutex); -+ - set_cred_user_ns(new, ns); - - #ifdef CONFIG_PERSISTENT_KEYRINGS -@@ -839,6 +844,84 @@ static bool new_idmap_permitted(const struct file *file, - return false; - } - -+int proc_setgroups_show(struct seq_file *seq, void *v) -+{ -+ struct user_namespace *ns = seq->private; -+ unsigned long userns_flags = ACCESS_ONCE(ns->flags); -+ -+ seq_printf(seq, "%s\n", -+ (userns_flags & USERNS_SETGROUPS_ALLOWED) ? -+ "allow" : "deny"); -+ return 0; -+} -+ -+ssize_t proc_setgroups_write(struct file *file, const char __user *buf, -+ size_t count, loff_t *ppos) -+{ -+ struct seq_file *seq = file->private_data; -+ struct user_namespace *ns = seq->private; -+ char kbuf[8], *pos; -+ bool setgroups_allowed; -+ ssize_t ret; -+ -+ /* Only allow a very narrow range of strings to be written */ -+ ret = -EINVAL; -+ if ((*ppos != 0) || (count >= sizeof(kbuf))) -+ goto out; -+ -+ /* What was written? */ -+ ret = -EFAULT; -+ if (copy_from_user(kbuf, buf, count)) -+ goto out; -+ kbuf[count] = '\0'; -+ pos = kbuf; -+ -+ /* What is being requested? */ -+ ret = -EINVAL; -+ if (strncmp(pos, "allow", 5) == 0) { -+ pos += 5; -+ setgroups_allowed = true; -+ } -+ else if (strncmp(pos, "deny", 4) == 0) { -+ pos += 4; -+ setgroups_allowed = false; -+ } -+ else -+ goto out; -+ -+ /* Verify there is not trailing junk on the line */ -+ pos = skip_spaces(pos); -+ if (*pos != '\0') -+ goto out; -+ -+ ret = -EPERM; -+ mutex_lock(&userns_state_mutex); -+ if (setgroups_allowed) { -+ /* Enabling setgroups after setgroups has been disabled -+ * is not allowed. -+ */ -+ if (!(ns->flags & USERNS_SETGROUPS_ALLOWED)) -+ goto out_unlock; -+ } else { -+ /* Permanently disabling setgroups after setgroups has -+ * been enabled by writing the gid_map is not allowed. -+ */ -+ if (ns->gid_map.nr_extents != 0) -+ goto out_unlock; -+ ns->flags &= ~USERNS_SETGROUPS_ALLOWED; -+ } -+ mutex_unlock(&userns_state_mutex); -+ -+ /* Report a successful write */ -+ *ppos = count; -+ ret = count; -+out: -+ return ret; -+out_unlock: -+ mutex_unlock(&userns_state_mutex); -+ goto out; -+} -+ - bool userns_may_setgroups(const struct user_namespace *ns) - { - bool allowed; -@@ -848,6 +931,8 @@ bool userns_may_setgroups(const struct user_namespace *ns) - * the user namespace has been established. - */ - allowed = ns->gid_map.nr_extents != 0; -+ /* Is setgroups allowed? */ -+ allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED); - mutex_unlock(&userns_state_mutex); - - return allowed; --- -2.1.0 - diff --git a/userns-Allow-setting-gid_maps-without-privilege-when.patch b/userns-Allow-setting-gid_maps-without-privilege-when.patch deleted file mode 100644 index 97d3fe69a..000000000 --- a/userns-Allow-setting-gid_maps-without-privilege-when.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: "Eric W. Biederman" -Date: Fri, 5 Dec 2014 19:36:04 -0600 -Subject: [PATCH] userns: Allow setting gid_maps without privilege when - setgroups is disabled - -Now that setgroups can be disabled and not reenabled, setting gid_map -without privielge can now be enabled when setgroups is disabled. - -This restores most of the functionality that was lost when unprivileged -setting of gid_map was removed. Applications that use this functionality -will need to check to see if they use setgroups or init_groups, and if they -don't they can be fixed by simply disabling setgroups before writing to -gid_map. - -Cc: stable@vger.kernel.org -Reviewed-by: Andy Lutomirski -Signed-off-by: "Eric W. Biederman" ---- - kernel/user_namespace.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 6e80f4c1322b..a2e37c5d2f63 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -826,6 +826,11 @@ static bool new_idmap_permitted(const struct file *file, - kuid_t uid = make_kuid(ns->parent, id); - if (uid_eq(uid, cred->euid)) - return true; -+ } else if (cap_setid == CAP_SETGID) { -+ kgid_t gid = make_kgid(ns->parent, id); -+ if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) && -+ gid_eq(gid, cred->egid)) -+ return true; - } - } - --- -2.1.0 - diff --git a/userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch b/userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch deleted file mode 100644 index 50830c30e..000000000 --- a/userns-Check-euid-no-fsuid-when-establishing-an-unpr.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: "Eric W. Biederman" -Date: Fri, 5 Dec 2014 18:26:30 -0600 -Subject: [PATCH] userns: Check euid no fsuid when establishing an unprivileged - uid mapping - -setresuid allows the euid to be set to any of uid, euid, suid, and -fsuid. Therefor it is safe to allow an unprivileged user to map -their euid and use CAP_SETUID privileged with exactly that uid, -as no new credentials can be obtained. - -I can not find a combination of existing system calls that allows setting -uid, euid, suid, and fsuid from the fsuid making the previous use -of fsuid for allowing unprivileged mappings a bug. - -This is part of a fix for CVE-2014-8989. - -Cc: stable@vger.kernel.org -Reviewed-by: Andy Lutomirski -Signed-off-by: "Eric W. Biederman" ---- - kernel/user_namespace.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 1ce6d67c07b7..9451b12a9b6c 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -819,7 +819,7 @@ static bool new_idmap_permitted(const struct file *file, - u32 id = new_map->extent[0].lower_first; - if (cap_setid == CAP_SETUID) { - kuid_t uid = make_kuid(ns->parent, id); -- if (uid_eq(uid, file->f_cred->fsuid)) -+ if (uid_eq(uid, file->f_cred->euid)) - return true; - } - } --- -2.1.0 - diff --git a/userns-Document-what-the-invariant-required-for-safe.patch b/userns-Document-what-the-invariant-required-for-safe.patch deleted file mode 100644 index c364b2bce..000000000 --- a/userns-Document-what-the-invariant-required-for-safe.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: "Eric W. Biederman" -Date: Fri, 5 Dec 2014 17:51:47 -0600 -Subject: [PATCH] userns: Document what the invariant required for safe - unprivileged mappings. - -The rule is simple. Don't allow anything that wouldn't be allowed -without unprivileged mappings. - -It was previously overlooked that establishing gid mappings would -allow dropping groups and potentially gaining permission to files and -directories that had lesser permissions for a specific group than for -all other users. - -This is the rule needed to fix CVE-2014-8989 and prevent any other -security issues with new_idmap_permitted. - -The reason for this rule is that the unix permission model is old and -there are programs out there somewhere that take advantage of every -little corner of it. So allowing a uid or gid mapping to be -established without privielge that would allow anything that would not -be allowed without that mapping will result in expectations from some -code somewhere being violated. Violated expectations about the -behavior of the OS is a long way to say a security issue. - -Cc: stable@vger.kernel.org -Signed-off-by: "Eric W. Biederman" ---- - kernel/user_namespace.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index aa312b0dc3ec..b99c862a2e3f 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -812,7 +812,9 @@ static bool new_idmap_permitted(const struct file *file, - struct user_namespace *ns, int cap_setid, - struct uid_gid_map *new_map) - { -- /* Allow mapping to your own filesystem ids */ -+ /* Don't allow mappings that would allow anything that wouldn't -+ * be allowed without the establishment of unprivileged mappings. -+ */ - if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) { - u32 id = new_map->extent[0].lower_first; - if (cap_setid == CAP_SETUID) { --- -2.1.0 - diff --git a/userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch b/userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch deleted file mode 100644 index 81217d2a5..000000000 --- a/userns-Don-t-allow-setgroups-until-a-gid-mapping-has.patch +++ /dev/null @@ -1,98 +0,0 @@ -From: "Eric W. Biederman" -Date: Fri, 5 Dec 2014 18:01:11 -0600 -Subject: [PATCH] userns: Don't allow setgroups until a gid mapping has been - setablished - -setgroups is unique in not needing a valid mapping before it can be called, -in the case of setgroups(0, NULL) which drops all supplemental groups. - -The design of the user namespace assumes that CAP_SETGID can not actually -be used until a gid mapping is established. Therefore add a helper function -to see if the user namespace gid mapping has been established and call -that function in the setgroups permission check. - -This is part of the fix for CVE-2014-8989, being able to drop groups -without privilege using user namespaces. - -Cc: stable@vger.kernel.org -Reviewed-by: Andy Lutomirski -Signed-off-by: "Eric W. Biederman" ---- - include/linux/user_namespace.h | 5 +++++ - kernel/groups.c | 4 +++- - kernel/user_namespace.c | 14 ++++++++++++++ - 3 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index e95372654f09..8d493083486a 100644 ---- a/include/linux/user_namespace.h -+++ b/include/linux/user_namespace.h -@@ -63,6 +63,7 @@ extern const struct seq_operations proc_projid_seq_operations; - extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *); - extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *); - extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *); -+extern bool userns_may_setgroups(const struct user_namespace *ns); - #else - - static inline struct user_namespace *get_user_ns(struct user_namespace *ns) -@@ -87,6 +88,10 @@ static inline void put_user_ns(struct user_namespace *ns) - { - } - -+static inline bool userns_may_setgroups(const struct user_namespace *ns) -+{ -+ return true; -+} - #endif - - #endif /* _LINUX_USER_H */ -diff --git a/kernel/groups.c b/kernel/groups.c -index 02d8a251c476..664411f171b5 100644 ---- a/kernel/groups.c -+++ b/kernel/groups.c -@@ -6,6 +6,7 @@ - #include - #include - #include -+#include - #include - - /* init to 2 - one for init_task, one to ensure it is never freed */ -@@ -217,7 +218,8 @@ bool may_setgroups(void) - { - struct user_namespace *user_ns = current_user_ns(); - -- return ns_capable(user_ns, CAP_SETGID); -+ return ns_capable(user_ns, CAP_SETGID) && -+ userns_may_setgroups(user_ns); - } - - /* -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index b99c862a2e3f..27c8dab48c07 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -843,6 +843,20 @@ static bool new_idmap_permitted(const struct file *file, - return false; - } - -+bool userns_may_setgroups(const struct user_namespace *ns) -+{ -+ bool allowed; -+ -+ mutex_lock(&id_map_mutex); -+ /* It is not safe to use setgroups until a gid mapping in -+ * the user namespace has been established. -+ */ -+ allowed = ns->gid_map.nr_extents != 0; -+ mutex_unlock(&id_map_mutex); -+ -+ return allowed; -+} -+ - static void *userns_get(struct task_struct *task) - { - struct user_namespace *user_ns; --- -2.1.0 - diff --git a/userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch b/userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch deleted file mode 100644 index b1d53828a..000000000 --- a/userns-Don-t-allow-unprivileged-creation-of-gid-mapp.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: "Eric W. Biederman" -Date: Fri, 5 Dec 2014 18:14:19 -0600 -Subject: [PATCH] userns: Don't allow unprivileged creation of gid mappings - -As any gid mapping will allow and must allow for backwards -compatibility dropping groups don't allow any gid mappings to be -established without CAP_SETGID in the parent user namespace. - -For a small class of applications this change breaks userspace -and removes useful functionality. This small class of applications -includes tools/testing/selftests/mount/unprivilged-remount-test.c - -Most of the removed functionality will be added back with the addition -of a one way knob to disable setgroups. Once setgroups is disabled -setting the gid_map becomes as safe as setting the uid_map. - -For more common applications that set the uid_map and the gid_map -with privilege this change will have no affect. - -This is part of a fix for CVE-2014-8989. - -Cc: stable@vger.kernel.org -Reviewed-by: Andy Lutomirski -Signed-off-by: "Eric W. Biederman" ---- - kernel/user_namespace.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 27c8dab48c07..1ce6d67c07b7 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -821,10 +821,6 @@ static bool new_idmap_permitted(const struct file *file, - kuid_t uid = make_kuid(ns->parent, id); - if (uid_eq(uid, file->f_cred->fsuid)) - return true; -- } else if (cap_setid == CAP_SETGID) { -- kgid_t gid = make_kgid(ns->parent, id); -- if (gid_eq(gid, file->f_cred->fsgid)) -- return true; - } - } - --- -2.1.0 - diff --git a/userns-Only-allow-the-creator-of-the-userns-unprivil.patch b/userns-Only-allow-the-creator-of-the-userns-unprivil.patch deleted file mode 100644 index 8381b14e3..000000000 --- a/userns-Only-allow-the-creator-of-the-userns-unprivil.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: "Eric W. Biederman" -Date: Wed, 26 Nov 2014 23:22:14 -0600 -Subject: [PATCH] userns: Only allow the creator of the userns unprivileged - mappings - -If you did not create the user namespace and are allowed -to write to uid_map or gid_map you should already have the necessary -privilege in the parent user namespace to establish any mapping -you want so this will not affect userspace in practice. - -Limiting unprivileged uid mapping establishment to the creator of the -user namespace makes it easier to verify all credentials obtained with -the uid mapping can be obtained without the uid mapping without -privilege. - -Limiting unprivileged gid mapping establishment (which is temporarily -absent) to the creator of the user namespace also ensures that the -combination of uid and gid can already be obtained without privilege. - -This is part of the fix for CVE-2014-8989. - -Cc: stable@vger.kernel.org -Reviewed-by: Andy Lutomirski -Signed-off-by: "Eric W. Biederman" ---- - kernel/user_namespace.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 9451b12a9b6c..1e34de2fbd60 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -812,14 +812,16 @@ static bool new_idmap_permitted(const struct file *file, - struct user_namespace *ns, int cap_setid, - struct uid_gid_map *new_map) - { -+ const struct cred *cred = file->f_cred; - /* Don't allow mappings that would allow anything that wouldn't - * be allowed without the establishment of unprivileged mappings. - */ -- if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) { -+ if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1) && -+ uid_eq(ns->owner, cred->euid)) { - u32 id = new_map->extent[0].lower_first; - if (cap_setid == CAP_SETUID) { - kuid_t uid = make_kuid(ns->parent, id); -- if (uid_eq(uid, file->f_cred->euid)) -+ if (uid_eq(uid, cred->euid)) - return true; - } - } --- -2.1.0 - diff --git a/userns-Rename-id_map_mutex-to-userns_state_mutex.patch b/userns-Rename-id_map_mutex-to-userns_state_mutex.patch deleted file mode 100644 index ce6288ae6..000000000 --- a/userns-Rename-id_map_mutex-to-userns_state_mutex.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: "Eric W. Biederman" -Date: Tue, 9 Dec 2014 14:03:14 -0600 -Subject: [PATCH] userns: Rename id_map_mutex to userns_state_mutex - -Generalize id_map_mutex so it can be used for more state of a user namespace. - -Cc: stable@vger.kernel.org -Reviewed-by: Andy Lutomirski -Signed-off-by: "Eric W. Biederman" ---- - kernel/user_namespace.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 1e34de2fbd60..44a555ac6104 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -24,6 +24,7 @@ - #include - - static struct kmem_cache *user_ns_cachep __read_mostly; -+static DEFINE_MUTEX(userns_state_mutex); - - static bool new_idmap_permitted(const struct file *file, - struct user_namespace *ns, int cap_setid, -@@ -583,9 +584,6 @@ static bool mappings_overlap(struct uid_gid_map *new_map, - return false; - } - -- --static DEFINE_MUTEX(id_map_mutex); -- - static ssize_t map_write(struct file *file, const char __user *buf, - size_t count, loff_t *ppos, - int cap_setid, -@@ -602,7 +600,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, - ssize_t ret = -EINVAL; - - /* -- * The id_map_mutex serializes all writes to any given map. -+ * The userns_state_mutex serializes all writes to any given map. - * - * Any map is only ever written once. - * -@@ -620,7 +618,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, - * order and smp_rmb() is guaranteed that we don't have crazy - * architectures returning stale data. - */ -- mutex_lock(&id_map_mutex); -+ mutex_lock(&userns_state_mutex); - - ret = -EPERM; - /* Only allow one successful write to the map */ -@@ -750,7 +748,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, - *ppos = count; - ret = count; - out: -- mutex_unlock(&id_map_mutex); -+ mutex_unlock(&userns_state_mutex); - if (page) - free_page(page); - return ret; -@@ -845,12 +843,12 @@ bool userns_may_setgroups(const struct user_namespace *ns) - { - bool allowed; - -- mutex_lock(&id_map_mutex); -+ mutex_lock(&userns_state_mutex); - /* It is not safe to use setgroups until a gid mapping in - * the user namespace has been established. - */ - allowed = ns->gid_map.nr_extents != 0; -- mutex_unlock(&id_map_mutex); -+ mutex_unlock(&userns_state_mutex); - - return allowed; - } --- -2.1.0 - diff --git a/userns-Unbreak-the-unprivileged-remount-tests.patch b/userns-Unbreak-the-unprivileged-remount-tests.patch deleted file mode 100644 index 69edd2ed3..000000000 --- a/userns-Unbreak-the-unprivileged-remount-tests.patch +++ /dev/null @@ -1,91 +0,0 @@ -From: "Eric W. Biederman" -Date: Tue, 2 Dec 2014 13:56:30 -0600 -Subject: [PATCH] userns: Unbreak the unprivileged remount tests - -A security fix in caused the way the unprivileged remount tests were -using user namespaces to break. Tweak the way user namespaces are -being used so the test works again. - -Cc: stable@vger.kernel.org -Signed-off-by: "Eric W. Biederman" ---- - .../selftests/mount/unprivileged-remount-test.c | 32 ++++++++++++++++------ - 1 file changed, 24 insertions(+), 8 deletions(-) - -diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c -index 9669d375625a..517785052f1c 100644 ---- a/tools/testing/selftests/mount/unprivileged-remount-test.c -+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c -@@ -53,17 +53,14 @@ static void die(char *fmt, ...) - exit(EXIT_FAILURE); - } - --static void write_file(char *filename, char *fmt, ...) -+static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap) - { - char buf[4096]; - int fd; - ssize_t written; - int buf_len; -- va_list ap; - -- va_start(ap, fmt); - buf_len = vsnprintf(buf, sizeof(buf), fmt, ap); -- va_end(ap); - if (buf_len < 0) { - die("vsnprintf failed: %s\n", - strerror(errno)); -@@ -74,6 +71,8 @@ static void write_file(char *filename, char *fmt, ...) - - fd = open(filename, O_WRONLY); - if (fd < 0) { -+ if ((errno == ENOENT) && enoent_ok) -+ return; - die("open of %s failed: %s\n", - filename, strerror(errno)); - } -@@ -92,6 +91,26 @@ static void write_file(char *filename, char *fmt, ...) - } - } - -+static void maybe_write_file(char *filename, char *fmt, ...) -+{ -+ va_list ap; -+ -+ va_start(ap, fmt); -+ vmaybe_write_file(true, filename, fmt, ap); -+ va_end(ap); -+ -+} -+ -+static void write_file(char *filename, char *fmt, ...) -+{ -+ va_list ap; -+ -+ va_start(ap, fmt); -+ vmaybe_write_file(false, filename, fmt, ap); -+ va_end(ap); -+ -+} -+ - static int read_mnt_flags(const char *path) - { - int ret; -@@ -144,13 +163,10 @@ static void create_and_enter_userns(void) - strerror(errno)); - } - -+ maybe_write_file("/proc/self/setgroups", "deny"); - write_file("/proc/self/uid_map", "0 %d 1", uid); - write_file("/proc/self/gid_map", "0 %d 1", gid); - -- if (setgroups(0, NULL) != 0) { -- die("setgroups failed: %s\n", -- strerror(errno)); -- } - if (setgid(0) != 0) { - die ("setgid(0) failed %s\n", - strerror(errno)); --- -2.1.0 - diff --git a/x86-Lock-down-IO-port-access-when-module-security-is.patch b/x86-Lock-down-IO-port-access-when-module-security-is.patch index 13392c902..cf57f33bd 100644 --- a/x86-Lock-down-IO-port-access-when-module-security-is.patch +++ b/x86-Lock-down-IO-port-access-when-module-security-is.patch @@ -44,7 +44,7 @@ index 4ddaf66ea35f..00b440307419 100644 } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 524b707894ef..c268e2581ed6 100644 +index 4c58333b4257..fc9637812d78 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -27,6 +27,7 @@ @@ -55,7 +55,7 @@ index 524b707894ef..c268e2581ed6 100644 #include -@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, +@@ -571,6 +572,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, unsigned long i = *ppos; const char __user *tmp = buf; diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch index 12eedc931..39ea0604b 100644 --- a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch +++ b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch @@ -13,10 +13,10 @@ Signed-off-by: Matthew Garrett 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index c9603ac80de5..8bef43fc3f40 100644 +index 113e70784854..26c2f83fc470 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c -@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, +@@ -105,6 +105,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, int err = 0; ssize_t bytes = 0; @@ -26,7 +26,7 @@ index c9603ac80de5..8bef43fc3f40 100644 if (count % 8) return -EINVAL; /* Invalid chunk size */ -@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) +@@ -152,6 +155,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) err = -EBADF; break; } diff --git a/x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch b/x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch deleted file mode 100644 index 4fbbfb585..000000000 --- a/x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch +++ /dev/null @@ -1,72 +0,0 @@ -From: Andy Lutomirski -Date: Fri, 5 Dec 2014 19:03:28 -0800 -Subject: [PATCH] x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's - benefit - -paravirt_enabled has the following effects: - - - Disables the F00F bug workaround warning. There is no F00F bug - workaround any more because Linux's standard IDT handling already - works around the F00F bug, but the warning still exists. This - is only cosmetic, and, in any event, there is no such thing as - KVM on a CPU with the F00F bug. - - - Disables 32-bit APM BIOS detection. On a KVM paravirt system, - there should be no APM BIOS anyway. - - - Disables tboot. I think that the tboot code should check the - CPUID hypervisor bit directly if it matters. - - - paravirt_enabled disables espfix32. espfix32 should *not* be - disabled under KVM paravirt. - -The last point is the purpose of this patch. It fixes a leak of the -high 16 bits of the kernel stack address on 32-bit KVM paravirt -guests. - -While I'm at it, this removes pv_info setup from kvmclock. That -code seems to serve no purpose. - -Cc: stable@vger.kernel.org -Signed-off-by: Andy Lutomirski ---- - arch/x86/kernel/kvm.c | 9 ++++++++- - arch/x86/kernel/kvmclock.c | 2 -- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index f6945bef2cd1..94f643484300 100644 ---- a/arch/x86/kernel/kvm.c -+++ b/arch/x86/kernel/kvm.c -@@ -283,7 +283,14 @@ NOKPROBE_SYMBOL(do_async_page_fault); - static void __init paravirt_ops_setup(void) - { - pv_info.name = "KVM"; -- pv_info.paravirt_enabled = 1; -+ -+ /* -+ * KVM isn't paravirt in the sense of paravirt_enabled. A KVM -+ * guest kernel works like a bare metal kernel with additional -+ * features, and paravirt_enabled is about features that are -+ * missing. -+ */ -+ pv_info.paravirt_enabled = 0; - - if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) - pv_cpu_ops.io_delay = kvm_io_delay; -diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c -index d9156ceecdff..d4d9a8ad7893 100644 ---- a/arch/x86/kernel/kvmclock.c -+++ b/arch/x86/kernel/kvmclock.c -@@ -263,8 +263,6 @@ void __init kvmclock_init(void) - #endif - kvm_get_preset_lpj(); - clocksource_register_hz(&kvm_clock, NSEC_PER_SEC); -- pv_info.paravirt_enabled = 1; -- pv_info.name = "KVM"; - - if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT)) - pvclock_set_flags(PVCLOCK_TSC_STABLE_BIT); --- -2.1.0 - diff --git a/x86-tls-Validate-TLS-entries-to-protect-espfix.patch b/x86-tls-Validate-TLS-entries-to-protect-espfix.patch deleted file mode 100644 index 52c049767..000000000 --- a/x86-tls-Validate-TLS-entries-to-protect-espfix.patch +++ /dev/null @@ -1,77 +0,0 @@ -From: Andy Lutomirski -Date: Thu, 4 Dec 2014 16:48:16 -0800 -Subject: [PATCH] x86/tls: Validate TLS entries to protect espfix - -Installing a 16-bit RW data segment into the GDT defeats espfix. -AFAICT this will not affect glibc, Wine, or dosemu at all. - -Signed-off-by: Andy Lutomirski -Acked-by: H. Peter Anvin -Cc: stable@vger.kernel.org -Cc: Konrad Rzeszutek Wilk -Cc: Linus Torvalds -Cc: security@kernel.org -Cc: Willy Tarreau -Signed-off-by: Ingo Molnar ---- - arch/x86/kernel/tls.c | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - -diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index f7fec09e3e3a..e7650bd71109 100644 ---- a/arch/x86/kernel/tls.c -+++ b/arch/x86/kernel/tls.c -@@ -27,6 +27,21 @@ static int get_free_idx(void) - return -ESRCH; - } - -+static bool tls_desc_okay(const struct user_desc *info) -+{ -+ if (LDT_empty(info)) -+ return true; -+ -+ /* -+ * espfix is required for 16-bit data segments, but espfix -+ * only works for LDT segments. -+ */ -+ if (!info->seg_32bit) -+ return false; -+ -+ return true; -+} -+ - static void set_tls_desc(struct task_struct *p, int idx, - const struct user_desc *info, int n) - { -@@ -66,6 +81,9 @@ int do_set_thread_area(struct task_struct *p, int idx, - if (copy_from_user(&info, u_info, sizeof(info))) - return -EFAULT; - -+ if (!tls_desc_okay(&info)) -+ return -EINVAL; -+ - if (idx == -1) - idx = info.entry_number; - -@@ -192,6 +210,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, - { - struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES]; - const struct user_desc *info; -+ int i; - - if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || - (pos % sizeof(struct user_desc)) != 0 || -@@ -205,6 +224,10 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, - else - info = infobuf; - -+ for (i = 0; i < count / sizeof(struct user_desc); i++) -+ if (!tls_desc_okay(info + i)) -+ return -EINVAL; -+ - set_tls_desc(target, - GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)), - info, count / sizeof(struct user_desc)); --- -2.1.0 -