Linux v4.6-10203-g84787c572d40

- Enable CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE (rhbz 1339281)
- Fixup SB patchset to work with upstream changes
This commit is contained in:
Josh Boyer 2016-05-25 11:13:52 -04:00
parent cfaea7dc72
commit 42d2805cbe
23 changed files with 213 additions and 154 deletions

View File

@ -1,7 +1,7 @@
From 6fb2a60e6bfb5ce2d3a4964e7b47ac5c7ecd6f82 Mon Sep 17 00:00:00 2001
From 5216de8394ff599e41c8540c0572368c18c51459 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH] Add EFI signature data types
Subject: [PATCH 4/9] Add EFI signature data types
Add the data types that are used for containing hashes, keys and certificates
for cryptographic verification.
@ -15,10 +15,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index fb0734f..b80227a 100644
index 8cb38cfcba74..8c274b4ea8e6 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -653,6 +653,12 @@ void efi_native_runtime_setup(void);
@@ -647,6 +647,12 @@ void efi_native_runtime_setup(void);
EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, \
0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
@ -31,7 +31,7 @@ index fb0734f..b80227a 100644
typedef struct {
efi_guid_t guid;
u64 table;
@@ -885,6 +891,20 @@ typedef struct {
@@ -879,6 +885,20 @@ typedef struct {
efi_memory_desc_t entry[0];
} efi_memory_attributes_table_t;

View File

@ -1,7 +1,7 @@
From 8cd53548ce7b88b08cc6345c8fca7d28d1f3a7f2 Mon Sep 17 00:00:00 2001
From e36a2d65e25fdf42b50aa5dc17583d7bfd09c4c4 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
Subject: [PATCH 5/9] Add an EFI signature blob parser and key loader.
X.509 certificates are loaded into the specified keyring as asymmetric type
keys.
@ -17,7 +17,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index e28e912..94024e8 100644
index e28e912000a7..94024e8aedaa 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -60,4 +60,12 @@ config SIGNED_PE_FILE_VERIFICATION
@ -34,7 +34,7 @@ index e28e912..94024e8 100644
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 6516855..c099fe1 100644
index 6516855bec18..c099fe15ed6d 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -10,6 +10,7 @@ asymmetric_keys-y := \
@ -47,7 +47,7 @@ index 6516855..c099fe1 100644
# X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
new file mode 100644
index 0000000..636feb1
index 000000000000..636feb18b733
--- /dev/null
+++ b/crypto/asymmetric_keys/efi_parser.c
@@ -0,0 +1,108 @@
@ -160,10 +160,10 @@ index 0000000..636feb1
+ return 0;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index b80227a..18443e3 100644
index 8c274b4ea8e6..ff1877145aa4 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1050,6 +1050,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
@@ -1044,6 +1044,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
char * __init efi_md_typeattr_format(char *buf, size_t size,
const efi_memory_desc_t *md);

View File

@ -1,7 +1,8 @@
From 8802c7e62531b3867580068ee8b50415b966d22c Mon Sep 17 00:00:00 2001
From 0000dc9edd5997cc49b8893a9d5407f89dfa1307 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH 10/20] Add option to automatically enforce module signatures when in Secure Boot mode
Subject: [PATCH] Add option to automatically enforce module signatures when in
Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
@ -11,16 +12,16 @@ that enforces this automatically when enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
Documentation/x86/zero-page.txt | 2 ++
arch/x86/Kconfig | 10 ++++++
arch/x86/Kconfig | 11 ++++++
arch/x86/boot/compressed/eboot.c | 66 +++++++++++++++++++++++++++++++++++
arch/x86/include/uapi/asm/bootparam.h | 3 +-
arch/x86/kernel/setup.c | 6 ++++
include/linux/module.h | 6 ++++
kernel/module.c | 7 ++++
7 files changed, 99 insertions(+), 1 deletion(-)
7 files changed, 100 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 95a4d34..b8527c6 100644
index 95a4d34af3fd..b8527c6b7646 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -31,6 +31,8 @@ Offset Proto Name Meaning
@ -33,15 +34,16 @@ index 95a4d34..b8527c6 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 2dc18605..a701d09 100644
index 0a7b885964ba..29b8ba9ae713 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1785,6 +1785,16 @@ config EFI_MIXED
@@ -1776,6 +1776,17 @@ config EFI_MIXED
If unsure, say N.
+config EFI_SECURE_BOOT_SIG_ENFORCE
+ def_bool n
+ def_bool n
+ depends on EFI
+ prompt "Force module signing when UEFI Secure Boot is enabled"
+ ---help---
+ UEFI Secure Boot provides a mechanism for ensuring that the
@ -54,7 +56,7 @@ index 2dc18605..a701d09 100644
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 52fef60..6b8b9a7 100644
index 52fef606bc54..6b8b9a775b46 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
@ -145,7 +147,7 @@ index 52fef60..6b8b9a7 100644
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 3292543..b61f853 100644
index c18ce67495fa..2b3e5427097b 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -134,7 +134,8 @@ struct boot_params {
@ -159,10 +161,10 @@ index 3292543..b61f853 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 2367ae0..1a78bf7 100644
index c4e7b3991b60..bdb9881c7afd 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1146,6 +1146,12 @@ void __init setup_arch(char **cmdline_p)
@@ -1152,6 +1152,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
@ -176,7 +178,7 @@ index 2367ae0..1a78bf7 100644
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index ab13009..e072b84 100644
index 082298a09df1..38d0597f7615 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
@ -193,10 +195,10 @@ index ab13009..e072b84 100644
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index 392ac8c..676c578 100644
index 3c384968f553..ea484f3a35b2 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4081,6 +4081,13 @@ void module_layout(struct module *mod,
@@ -4200,6 +4200,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif

View File

@ -1,7 +1,7 @@
From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
From e27a9a98dcf3ff95568593026da065a72ad21b92 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@redhat.com>
Date: Fri, 30 Aug 2013 09:28:51 -0400
Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
Subject: [PATCH 9/9] Add sysrq option to disable secure boot mode
Bugzilla: N/A
Upstream-status: Fedora mustard
@ -16,7 +16,7 @@ Upstream-status: Fedora mustard
7 files changed, 64 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index f93826b8522c..41679b1aca83 100644
index a666b6c29c77..7732c769937b 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -70,6 +70,11 @@
@ -31,7 +31,7 @@ index f93826b8522c..41679b1aca83 100644
#include <video/edid.h>
#include <asm/mtrr.h>
@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
#endif /* CONFIG_X86_32 */
@ -70,10 +70,10 @@ index f93826b8522c..41679b1aca83 100644
.notifier_call = dump_kernel_offset
};
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 345df9b03aed..dea6a6c4a39b 100644
index abe1a927b332..f4126fcec10c 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
@@ -379,6 +379,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
if (!udev->dev)
return -ENOMEM;
@ -82,10 +82,10 @@ index 345df9b03aed..dea6a6c4a39b 100644
input_set_drvdata(udev->dev, udev);
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index 95b330a9ea98..dfa3e154a719 100644
index e5139402e7f8..5ef2e04a03ad 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
@@ -478,6 +478,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
/* x: May be registered on mips for TLB dump */
/* x: May be registered on ppc/powerpc for xmon */
/* x: May be registered on sparc64 for global PMU dump */
@ -93,7 +93,7 @@ index 95b330a9ea98..dfa3e154a719 100644
NULL, /* x */
/* y: May be registered on sparc64 for global register dump */
NULL, /* y */
@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
@@ -521,7 +522,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
sysrq_key_table[i] = op_p;
}
@ -102,7 +102,7 @@ index 95b330a9ea98..dfa3e154a719 100644
{
struct sysrq_key_op *op_p;
int orig_log_level;
@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
@@ -541,11 +542,15 @@ void __handle_sysrq(int key, bool check_mask)
op_p = __sysrq_get_key_op(key);
if (op_p) {
@ -119,7 +119,7 @@ index 95b330a9ea98..dfa3e154a719 100644
pr_cont("%s\n", op_p->action_msg);
console_loglevel = orig_log_level;
op_p->handler(key);
@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
@@ -577,7 +582,7 @@ void __handle_sysrq(int key, bool check_mask)
void handle_sysrq(int key)
{
if (sysrq_on())
@ -128,7 +128,7 @@ index 95b330a9ea98..dfa3e154a719 100644
}
EXPORT_SYMBOL(handle_sysrq);
@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
@@ -658,7 +663,7 @@ static void sysrq_do_reset(unsigned long _state)
static void sysrq_handle_reset_request(struct sysrq_state *state)
{
if (state->reset_requested)
@ -137,7 +137,7 @@ index 95b330a9ea98..dfa3e154a719 100644
if (sysrq_reset_downtime_ms)
mod_timer(&state->keyreset_timer,
@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
@@ -809,8 +814,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
default:
if (sysrq->active && value && value != 2) {
@ -149,7 +149,7 @@ index 95b330a9ea98..dfa3e154a719 100644
}
break;
}
@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
@@ -1094,7 +1101,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
if (get_user(c, buf))
return -EFAULT;
@ -159,7 +159,7 @@ index 95b330a9ea98..dfa3e154a719 100644
return count;
diff --git a/include/linux/input.h b/include/linux/input.h
index 82ce323b9986..9e534f228945 100644
index 1e967694e9a5..2b56c6f9673c 100644
--- a/include/linux/input.h
+++ b/include/linux/input.h
@@ -42,6 +42,7 @@ struct input_value {
@ -216,7 +216,7 @@ index 387fa7d05c98..4b07e30b3279 100644
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
struct sysrq_key_op *__sysrq_get_key_op(int key);
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 4121345498e0..0ff3cef5df96 100644
index 2a20c0dfdafc..3d17205dab77 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1968,7 +1968,7 @@ static int kdb_sr(int argc, const char **argv)
@ -229,10 +229,10 @@ index 4121345498e0..0ff3cef5df96 100644
return 0;
diff --git a/kernel/module.c b/kernel/module.c
index 2b403ab0ef29..7818c110e95c 100644
index ea484f3a35b2..84b00659b0ee 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
@@ -269,7 +269,7 @@ static void module_assert_mutex_or_preempt(void)
#endif
}
@ -242,5 +242,5 @@ index 2b403ab0ef29..7818c110e95c 100644
module_param(sig_enforce, bool_enable_only, 0644);
#endif /* !CONFIG_MODULE_SIG_FORCE */
--
2.4.3
2.5.5

View File

@ -1,7 +1,7 @@
From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
From 096da19de900a115ee3610b666ecb7e55926623d Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
Subject: [PATCH 6/9] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules
@ -10,52 +10,48 @@ useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
certs/system_keyring.c | 27 +++++++++++++++++++++++++++
certs/system_keyring.c | 22 ++++++++++++++++++++++
include/keys/system_keyring.h | 4 ++++
init/Kconfig | 9 +++++++++
3 files changed, 40 insertions(+)
3 files changed, 35 insertions(+)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 2570598b784d..53733822993f 100644
index 50979d6dcecd..787eeead2f57 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
EXPORT_SYMBOL_GPL(system_trusted_keyring);
@@ -22,6 +22,9 @@ static struct key *builtin_trusted_keys;
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
static struct key *secondary_trusted_keys;
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+struct key *system_blacklist_keyring;
+#endif
extern __initconst const u8 system_certificate_list[];
extern __initconst const unsigned long system_certificate_list_size;
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
panic("Can't allocate system trusted keyring\n");
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
@@ -99,6 +102,16 @@ static __init int system_trusted_keyring_init(void)
if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0)
panic("Can't link trusted keyrings\n");
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ,
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
+ ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
+ KEY_ALLOC_NOT_IN_QUOTA,
+ NULL, NULL);
+ if (IS_ERR(system_blacklist_keyring))
+ panic("Can't allocate system blacklist keyring\n");
+
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
+#endif
+
return 0;
}
@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
if (ret < 0)
goto error;
@@ -214,6 +227,15 @@ int verify_pkcs7_signature(const void *data, size_t len,
trusted_keys = builtin_trusted_keys;
#endif
}
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
+ ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring);
+ if (!ret) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key is in the blacklist\n");
@ -63,30 +59,29 @@ index 2570598b784d..53733822993f 100644
+ goto error;
+ }
+#endif
+
ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
if (ret < 0)
goto error;
ret = pkcs7_validate_trust(pkcs7, trusted_keys);
if (ret < 0) {
if (ret == -ENOKEY)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index b20cd885c1fd..51d8ddc60e0f 100644
index fbd4647767e9..5bc291a3d261 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -35,6 +35,10 @@ extern int system_verify_data(const void *data, unsigned long len,
enum key_being_used_for usage);
@@ -33,6 +33,10 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
#define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#ifdef CONFIG_IMA_MOK_KEYRING
extern struct key *ima_mok_keyring;
#ifdef CONFIG_IMA_BLACKLIST_KEYRING
extern struct key *ima_blacklist_keyring;
diff --git a/init/Kconfig b/init/Kconfig
index 02da9f1fd9df..782d26f02885 100644
index a9c4aefd5436..e5449d5aeff9 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
@@ -1829,6 +1829,15 @@ config SYSTEM_DATA_VERIFICATION
module verification, kexec image verification and firmware blob
verification.
@ -103,5 +98,5 @@ index 02da9f1fd9df..782d26f02885 100644
bool "Profiling support"
help
--
2.4.3
2.5.5

View File

@ -1,4 +1,4 @@
From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
From ba2b209daf984514229626803472e0b055832345 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
@ -18,18 +18,56 @@ signed with those from loading.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/linux/efi.h | 6 ++++
init/Kconfig | 9 +++++
kernel/Makefile | 3 ++
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 110 insertions(+)
certs/system_keyring.c | 13 ++++++
include/keys/system_keyring.h | 1 +
include/linux/efi.h | 6 +++
init/Kconfig | 9 ++++
kernel/Makefile | 3 ++
kernel/modsign_uefi.c | 99 +++++++++++++++++++++++++++++++++++++++++++
6 files changed, 131 insertions(+)
create mode 100644 kernel/modsign_uefi.c
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 787eeead2f57..4d9123ed5c07 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -30,6 +30,19 @@ extern __initconst const u8 system_certificate_list[];
extern __initconst const unsigned long system_certificate_list_size;
/**
+ * get_system_keyring - Return a pointer to the system keyring
+ *
+ */
+struct key *get_system_keyring(void)
+{
+ struct key *system_keyring = NULL;
+
+ system_keyring = builtin_trusted_keys;
+ return system_keyring;
+}
+EXPORT_SYMBOL_GPL(get_system_keyring);
+
+/**
* restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
*
* Restrict the addition of keys into a keyring based on the key-to-be-added
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 5bc291a3d261..56ff5715ab67 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -36,6 +36,7 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
extern struct key *system_blacklist_keyring;
#endif
+extern struct key *get_system_keyring(void);
#ifdef CONFIG_IMA_BLACKLIST_KEYRING
extern struct key *ima_blacklist_keyring;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 85ef051ac6fb..a042b2ece788 100644
index ff1877145aa4..2483de19c719 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -600,6 +600,12 @@ typedef struct {
@@ -658,6 +658,12 @@ typedef struct {
u64 table;
} efi_config_table_64_t;
@ -43,10 +81,10 @@ index 85ef051ac6fb..a042b2ece788 100644
efi_guid_t guid;
u32 table;
diff --git a/init/Kconfig b/init/Kconfig
index 02da9f1fd9df..90c73a0564b1 100644
index e5449d5aeff9..5408c96f6604 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
@@ -1979,6 +1979,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
@ -63,10 +101,10 @@ index 02da9f1fd9df..90c73a0564b1 100644
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index d4988410b410..55e886239e7e 100644
index e2ec54e2b952..8dab549985d8 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -47,6 +47,7 @@ endif
@@ -57,6 +57,7 @@ endif
obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
@ -74,7 +112,7 @@ index d4988410b410..55e886239e7e 100644
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
@@ -113,6 +114,8 @@ obj-$(CONFIG_MEMBARRIER) += membarrier.o
obj-$(CONFIG_HAS_IOMEM) += memremap.o
@ -85,10 +123,10 @@ index d4988410b410..55e886239e7e 100644
# config_data.h contains the same information as ikconfig.h but gzipped.
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644
index 000000000000..94b0eb38a284
index 000000000000..fe4a6f2bf10a
--- /dev/null
+++ b/kernel/modsign_uefi.c
@@ -0,0 +1,92 @@
@@ -0,0 +1,99 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/cred.h>
@ -139,11 +177,18 @@ index 000000000000..94b0eb38a284
+ void *db = NULL, *dbx = NULL, *mok = NULL;
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
+ int rc = 0;
+ struct key *keyring = NULL;
+
+ /* Check if SB is enabled and just return if not */
+ if (!efi_enabled(EFI_SECURE_BOOT))
+ return 0;
+
+ keyring = get_system_keyring();
+ if (!keyring) {
+ pr_err("MODSIGN: Couldn't get system keyring\n");
+ return -EINVAL;
+ }
+
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
+ * an error if we can't get them.
+ */
@ -151,7 +196,7 @@ index 000000000000..94b0eb38a284
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ rc = parse_efi_signature_list(db, dbsize, keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
@ -161,7 +206,7 @@ index 000000000000..94b0eb38a284
+ if (!mok) {
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+ } else {
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
+ rc = parse_efi_signature_list(mok, moksize, keyring);
+ if (rc)
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
+ kfree(mok);
@ -182,5 +227,5 @@ index 000000000000..94b0eb38a284
+}
+late_initcall(load_uefi_certs);
--
2.4.3
2.5.5

View File

@ -1,7 +1,7 @@
From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
From 7ce860189df19a38176c1510f4e5615bf35495c1 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
Subject: [PATCH 2/2] MODSIGN: Support not importing certs from db
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
index 94b0eb38a284..ae28b974d49a 100644
index 03f601a0052c..321c79a3b282 100644
--- a/kernel/modsign_uefi.c
+++ b/kernel/modsign_uefi.c
@@ -8,6 +8,23 @@
@ -41,16 +41,18 @@ index 94b0eb38a284..ae28b974d49a 100644
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
{
efi_status_t status;
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
@@ -47,7 +64,7 @@ static int __init load_uefi_certs(void)
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
void *db = NULL, *dbx = NULL, *mok = NULL;
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
- int rc = 0;
+ int ignore_db, rc = 0;
struct key *keyring = NULL;
/* Check if SB is enabled and just return if not */
if (!efi_enabled(EFI_SECURE_BOOT))
return 0;
@@ -60,17 +77,22 @@ static int __init load_uefi_certs(void)
return -EINVAL;
}
+ /* See if the user has setup Ignore DB mode */
+ ignore_db = check_ignore_db();
@ -62,7 +64,7 @@ index 94b0eb38a284..ae28b974d49a 100644
- if (!db) {
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
- } else {
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
- rc = parse_efi_signature_list(db, dbsize, keyring);
- if (rc)
- pr_err("Couldn't parse db signatures: %d\n", rc);
- kfree(db);
@ -71,7 +73,7 @@ index 94b0eb38a284..ae28b974d49a 100644
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ rc = parse_efi_signature_list(db, dbsize, keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
@ -80,5 +82,5 @@ index 94b0eb38a284..ae28b974d49a 100644
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
2.4.3
2.5.5

View File

@ -116,6 +116,7 @@ CONFIG_ROCKCHIP_SARADC=m
CONFIG_ROCKCHIP_IOMMU=y
CONFIG_ROCKCHIP_THERMAL=m
CONFIG_DRM_ROCKCHIP=m
CONFIG_ROCKCHIP_ANALOGIX_DP=m
CONFIG_ROCKCHIP_DW_HDMI=m
CONFIG_ROCKCHIP_DW_MIPI_DSI=y
CONFIG_ROCKCHIP_INNO_HDMI=m

View File

@ -159,6 +159,8 @@ CONFIG_PHY_HI6220_USB=m
CONFIG_COMMON_RESET_HI6220=m
CONFIG_HI6220_MBOX=m
# CONFIG_RESET_HISI is not set
CONFIG_DRM_HISI_KIRIN=m
CONFIG_HISI_KIRIN_DW_DSI=m
# Tegra
CONFIG_ARCH_TEGRA_132_SOC=y

View File

@ -318,6 +318,8 @@ CONFIG_PHY_QCOM_IPQ806X_SATA=m
CONFIG_DWMAC_IPQ806X=m
CONFIG_CRYPTO_DEV_QCE=m
CONFIG_DRM_MSM=m
# CONFIG_DRM_MSM_REGISTER_LOGGING is not set
CONFIG_DRM_MSM_HDMI_HDCP=y
CONFIG_USB_EHCI_MSM=m
CONFIG_MFD_PM8XXX=m
CONFIG_KEYBOARD_PMIC8XXX=m
@ -325,7 +327,6 @@ CONFIG_INPUT_PM8XXX_VIBRATOR=m
CONFIG_INPUT_PMIC8XXX_PWRKEY=m
CONFIG_INPUT_PM8941_PWRKEY=m
CONFIG_RTC_DRV_PM8XXX=m
# CONFIG_DRM_MSM_REGISTER_LOGGING is not set
CONFIG_QCOM_WDT=m
CONFIG_MFD_SPMI_PMIC=m
CONFIG_SPMI=m

View File

@ -206,6 +206,7 @@ CONFIG_MACH_SUN8I=y
CONFIG_SUNXI_SRAM=y
CONFIG_DMA_SUN4I=m
CONFIG_DMA_SUN6I=m
CONFIG_DRM_SUN4I=m
CONFIG_SUNXI_WATCHDOG=m
CONFIG_NET_VENDOR_ALLWINNER=y
CONFIG_RTC_DRV_SUNXI=m

View File

@ -598,6 +598,7 @@ CONFIG_ATA_BMDMA=y
CONFIG_ATA_VERBOSE_ERROR=y
CONFIG_ATA_SFF=y
CONFIG_ATA_PIIX=y
# CONFIG_SATA_DWC is not set
# CONFIG_SATA_HIGHBANK is not set
CONFIG_ATA_ACPI=y
CONFIG_BLK_DEV_SX8=m
@ -3346,6 +3347,8 @@ CONFIG_VGA_ARB_MAX_GPUS=16
CONFIG_DRM=m
CONFIG_DRM_ANALOGIX_ANX78XX=m
# CONFIG_DRM_ARCPGU is not set
CONFIG_DRM_DP_AUX_CHARDEV=y
CONFIG_DRM_FBDEV_EMULATION=y
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
@ -3359,6 +3362,7 @@ CONFIG_DRM_AMDGPU=m
CONFIG_DRM_AMD_ACP=y
# CONFIG_DRM_AMDGPU_CIK is not set
CONFIG_DRM_AMDGPU_USERPTR=y
# CONFIG_DRM_AMDGPU_GART_DEBUGFS is not set
CONFIG_DRM_AMD_POWERPLAY=y
# CONFIG_DRM_I810 is not set
# CONFIG_DRM_MGA is not set

View File

@ -56,7 +56,7 @@ CONFIG_PPC_64K_PAGES=y
CONFIG_PPC_SUBPAGE_PROT=y
CONFIG_SCHED_SMT=y
CONFIG_MEMORY_HOTPLUG=y
# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set
CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y
CONFIG_MEMORY_HOTREMOVE=y
CONFIG_PPC64_SUPPORTS_MEMORY_FAILURE=y

View File

@ -183,7 +183,7 @@ CONFIG_VIRTIO_CONSOLE=y
CONFIG_MEMORY_HOTPLUG=y
CONFIG_MEMORY_HOTREMOVE=y
# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set
CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y
CONFIG_CHSC_SCH=m
# drivers/isdn/hardware/mISDN/hfcmulti.c:5255:2: error: #error "not running on big endian machines now"

View File

@ -361,7 +361,6 @@ CONFIG_DMI_SYSFS=y
CONFIG_ISCSI_IBFT_FIND=y
CONFIG_ISCSI_IBFT=m
CONFIG_DMADEVICES=y
CONFIG_INTEL_IOATDMA=m
CONFIG_INTEL_IDMA64=m

View File

@ -117,7 +117,7 @@ CONFIG_SPARSEMEM_EXTREME=y
CONFIG_SPARSEMEM_VMEMMAP=y
# CONFIG_MOVABLE_NODE is not set
CONFIG_MEMORY_HOTPLUG=y
# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set
CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y
# CONFIG_ARCH_MEMORY_PROBE is not set
CONFIG_MEMORY_HOTREMOVE=y
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
@ -223,8 +223,12 @@ CONFIG_CMA_AREAS=7
CONFIG_ZONE_DMA=y
CONFIG_ZONE_DEVICE=y
CONFIG_NVDIMM_PFN=y
CONFIG_NVDIMM_DAX=y
CONFIG_ND_PFN=m
CONFIG_DEV_DAX=m
CONFIG_DEV_DAX_PMEM=m
# Staging
CONFIG_STAGING_RDMA=y
CONFIG_INFINIBAND_HFI1=m

View File

@ -1,4 +1,4 @@
From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
From 5550f20b5f9becb485fb3a67bf0193025d40bc6f Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 13 Nov 2013 10:17:24 -0500
Subject: [PATCH] drm/i915: hush check crtc state
@ -15,18 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index ca9278be49f7..308ac0539a87 100644
index 46f9be3ad5a2..ad2e62e4cdba 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
sw_config = to_intel_crtc_state(crtc->state);
if (!intel_pipe_config_compare(dev, sw_config,
pipe_config, false)) {
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
intel_dump_pipe_config(intel_crtc, pipe_config,
"[hw state]");
intel_dump_pipe_config(intel_crtc, sw_config,
@@ -12970,7 +12970,7 @@ verify_crtc_state(struct drm_crtc *crtc,
sw_config = to_intel_crtc_state(crtc->state);
if (!intel_pipe_config_compare(dev, sw_config,
pipe_config, false)) {
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
intel_dump_pipe_config(intel_crtc, pipe_config,
"[hw state]");
intel_dump_pipe_config(intel_crtc, sw_config,
--
2.4.3
2.5.5

View File

@ -1,7 +1,7 @@
From c01ff700ea4192ae04b306fef725d62189550236 Mon Sep 17 00:00:00 2001
From 04e65e01058ed6357b932e64b19e4bf762f04970 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
Subject: [PATCH 2/9] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
@ -13,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index f3b804f..a401ff8 100644
index bdb9881c7afd..a666b6c29c77 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1145,7 +1145,9 @@ void __init setup_arch(char **cmdline_p)
@@ -1154,7 +1154,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
@ -27,10 +27,10 @@ index f3b804f..a401ff8 100644
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 569b5a8..4dc970e 100644
index c2db3ca22217..8cb38cfcba74 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -980,6 +980,7 @@ extern int __init efi_setup_pcdp_console(char *);
@@ -1062,6 +1062,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_ARCH_1 7 /* First arch-specific bit */
#define EFI_DBG 8 /* Print additional debug info at runtime */
#define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */
@ -39,5 +39,5 @@ index 569b5a8..4dc970e 100644
#ifdef CONFIG_EFI
/*
--
2.5.0
2.5.5

View File

@ -1,7 +1,7 @@
From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
From 0a5c52b9eb4918fb2bee43bacc3521b574334cff Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
Subject: [PATCH 1/9] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
@ -15,10 +15,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index b4de3faa3f29..5cc2ef570390 100644
index 6b8b9a775b46..b3a5364d31c6 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -830,8 +830,9 @@ out:
@@ -574,8 +574,9 @@ free_handle:
static int get_secure_boot(void)
{
@ -29,7 +29,7 @@ index b4de3faa3f29..5cc2ef570390 100644
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
efi_status_t status;
@@ -855,6 +856,23 @@ static int get_secure_boot(void)
@@ -599,6 +600,23 @@ static int get_secure_boot(void)
if (setup == 1)
return 0;
@ -54,5 +54,5 @@ index b4de3faa3f29..5cc2ef570390 100644
}
--
2.4.3
2.5.5

2
gitrev
View File

@ -1 +1 @@
7639dad93a5564579987abded4ec05e3db13659d
84787c572d402644dca4874aba73324d9f8e3948

View File

@ -1,7 +1,7 @@
From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
From e07815cf02eadb245fa60359133b122f9ffe9045 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
Subject: [PATCH 3/9] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index 690f78f210f2..037303a1cba9 100644
index fca9254280ee..ffd8644078b2 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -29,6 +29,7 @@
@ -35,5 +35,5 @@ index 690f78f210f2..037303a1cba9 100644
/**
--
2.4.3
2.5.5

View File

@ -69,7 +69,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 0
# The git snapshot level
%define gitrev 6
%define gitrev 7
# Set rpm version accordingly
%define rpmversion 4.%{upstream_sublevel}.0
%endif
@ -553,8 +553,6 @@ Patch482: Add-option-to-automatically-enforce-module-signature.patch
Patch483: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
Patch484: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
Patch485: efi-Add-EFI_SECURE_BOOT-bit.patch
Patch486: hibernate-Disable-in-a-signed-modules-environment.patch
@ -566,7 +564,7 @@ Patch488: Add-an-EFI-signature-blob-parser-and-key-loader.patch
# This doesn't apply. It seems like it could be replaced by
# https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ac7eace2d00eab5ae0e9fdee63e38aee6001f7c
# which has an explicit line about blacklisting
# Patch489: KEYS-Add-a-system-blacklist-keyring.patch
Patch489: KEYS-Add-a-system-blacklist-keyring.patch
Patch490: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
@ -2135,6 +2133,11 @@ fi
#
#
%changelog
* Tue May 24 2016 Josh Boyer <jwboyer@fedoraproject.org> - 4.7.0-0.rc0.git7.1
- Linux v4.6-10203-g84787c572d40
- Enable CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE (rhbz 1339281)
- Fixup SB patchset to work with upstream changes
* Mon May 23 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git6.1
- Linux v4.6-8907-g7639dad
- trace, f2fs, btrfs, rtc, mailbox, akpm, staging, driver core, char, usb,

View File

@ -1,3 +1,3 @@
d2927020e24a76da4ab482a8bc3e9ef3 linux-4.6.tar.xz
fd23b14b9d474c3dfacb6e8ee82d3a51 perf-man-4.6.tar.gz
4c4f2eb647eef6e04a1dbb843e4fd72d patch-4.6-git6.xz
3dd9be4fbde8316efd366f735a30d1f1 patch-4.6-git7.xz