From 713abc0c25d574380a3154b9c4d524ac2f5aab29 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 12 Nov 2013 13:22:52 -0500 Subject: [PATCH] Linux v3.12-4849-g10d0c97 Replace x86-allow-1024-cpus.patch with the patch that contains the one hunk not already applied upstream. Don't install the 'trace' alias symlink for 'perf trace'. Seems much too generic to just throw that into /usr/bin --- ...-CPUMASK_OFFSTACK-usable-without-deb.patch | 35 ++++++ PatchList.txt | 6 - config-arm-generic | 1 + config-arm64 | 1 + config-armv7 | 2 + config-armv7-lpae | 2 + config-generic | 6 + config-powerpc64 | 2 + config-powerpc64p7 | 2 + config-x86-generic | 3 + config-x86_64-generic | 1 + kernel.spec | 19 ++- ...ke-periodic-RTC-update-more-reliable.patch | 44 ------- secure-modules.patch | 110 +++++++++--------- sources | 1 + x86-allow-1024-cpus.patch | 13 --- 16 files changed, 120 insertions(+), 128 deletions(-) create mode 100644 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch delete mode 100644 ntp-Make-periodic-RTC-update-more-reliable.patch delete mode 100644 x86-allow-1024-cpus.patch diff --git a/0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch b/0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch new file mode 100644 index 000000000..41be051e9 --- /dev/null +++ b/0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch @@ -0,0 +1,35 @@ +From 0f3f5c5b4ca2eb1f41947c50bedb9b17aa1a1f80 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Mon, 11 Nov 2013 08:39:16 -0500 +Subject: [PATCH] lib/cpumask: Make CPUMASK_OFFSTACK usable without debug + dependency + +When CPUMASK_OFFSTACK was added in 2008, it was dependent upon +DEBUG_PER_CPU_MAPS being enabled, or an architecture could select it. +The debug dependency adds additional overhead that isn't required for +operation of the feature, and we need CPUMASK_OFFSTACK to increase the +NR_CPUS value beyond 512 on x86. We drop the current dependency and make +sure SMP is set. + +Signed-off-by: Josh Boyer +--- + lib/Kconfig | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/Kconfig b/lib/Kconfig +index b3c8be0..50b47cd 100644 +--- a/lib/Kconfig ++++ b/lib/Kconfig +@@ -342,7 +342,8 @@ config CHECK_SIGNATURE + bool + + config CPUMASK_OFFSTACK +- bool "Force CPU masks off stack" if DEBUG_PER_CPU_MAPS ++ bool "Force CPU masks off stack" ++ depends on SMP + help + Use dynamic allocation for cpumask_var_t, instead of putting + them on the stack. This is a bit more expensive, but avoids +-- +1.8.3.1 + diff --git a/PatchList.txt b/PatchList.txt index 3759a643d..46fa21cea 100644 --- a/PatchList.txt +++ b/PatchList.txt @@ -1,8 +1,5 @@ **** Backports and patches headed/already upsteram ***************************** -* net-flow_dissector-fail-on-evil-iph-ihl.patch (rhbz 1007939 1025647) - - Should hit upstream and stable soon - * rt2800usb-slow-down-TX-status-polling.patch (rhbz 984696) - Still pending upstream. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=62781 @@ -31,9 +28,6 @@ * elevator-acquire-q-sysfs_lock-in-elevator_change.patch (rhbz 902012) - I believe these are both queued for the next upstream release -* ntp-Make-periodic-RTC-update-more-reliable.patch (rhbz 985522) - - I believe this is queued in John Stultz's tree for 3.13 - * ansi_cprng-Fix-off-by-one-error-in-non-block-size-request.patch (rhbz 1007690 1009136) - Fixes CVE-2013-4345 diff --git a/config-arm-generic b/config-arm-generic index 969ba60c2..320da296f 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -20,6 +20,7 @@ CONFIG_BACKLIGHT_PWM=m CONFIG_INPUT_PWM_BEEPER=m CONFIG_ARM_SP805_WATCHDOG=m CONFIG_ARM_ARCH_TIMER=y +CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y # CONFIG_ARM_DT_BL_CPUFREQ is not set CONFIG_NR_CPUS=8 CONFIG_ARM_DMA_USE_IOMMU=y diff --git a/config-arm64 b/config-arm64 index 214a15267..3b7ac06af 100644 --- a/config-arm64 +++ b/config-arm64 @@ -82,3 +82,4 @@ CONFIG_VM_EVENT_COUNTERS=y # CONFIG_PARPORT_PC is not set # CONFIG_VGA_CONSOLE is not set CONFIG_POWER_RESET_XGENE=y +CONFIG_COMMON_CLK_XGENE=y diff --git a/config-armv7 b/config-armv7 index 0118a15a5..ec0233678 100644 --- a/config-armv7 +++ b/config-armv7 @@ -316,6 +316,7 @@ CONFIG_TI_CPTS=y CONFIG_TI_EMIF=m CONFIG_DRM_TILCDC=m CONFIG_SPI_DAVINCI=m +CONFIG_SND_DAVINCI_SOC=m CONFIG_REGULATOR_TI_ABB=y CONFIG_TI_PRIV_EDMA=y CONFIG_TI_EDMA=y @@ -325,6 +326,7 @@ CONFIG_CHARGER_BQ24190=m CONFIG_TI_ADC081C=m CONFIG_TI_AM335X_ADC=m CONFIG_PWM_TIPWMSS=y +CONFIG_SND_AM33XX_SOC_EVM=m # Allwinner a1x CONFIG_PINCTRL_SUNXI=y diff --git a/config-armv7-lpae b/config-armv7-lpae index f2cfb02f2..f107d4d21 100644 --- a/config-armv7-lpae +++ b/config-armv7-lpae @@ -10,6 +10,7 @@ CONFIG_ARCH_EXYNOS5=y # CONFIG_ARCH_OMAP4 is not set # CONFIG_SOC_OMAP5 is not set # CONFIG_SOC_AM33XX is not set +# CONFIG_SND_AM33XX_SOC_EVM is not set # CONFIG_SOC_AM43XX is not set # CONFIG_ARCH_ROCKCHIP is not set # CONFIG_ARCH_SOCFPGA is not set @@ -139,4 +140,5 @@ CONFIG_S3C_LOWLEVEL_UART_PORT=1 # CONFIG_TEGRA_HOST1X is not set # CONFIG_SPI_DAVINCI is not set # CONFIG_I2C_DAVINCI is not set +# CONFIG_SND_DAVINCI_SOC is not set # CONFIG_TI_SOC_THERMAL is not set diff --git a/config-generic b/config-generic index 756791c9d..0c2eb994a 100644 --- a/config-generic +++ b/config-generic @@ -3338,6 +3338,7 @@ CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m +CONFIG_SND_DICE=m # # Open Sound System @@ -4558,6 +4559,7 @@ CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_PWM is not set # CONFIG_LEDS_LP8501 is not set # CONFIG_LEDS_PCA963X is not set +# CONFIG_LEDS_PCA9685 is not set CONFIG_LEDS_TRIGGERS=y CONFIG_LEDS_TRIGGER_TIMER=m CONFIG_LEDS_TRIGGER_ONESHOT=m @@ -4974,6 +4976,8 @@ CONFIG_GPIO_VIPERBOARD=m # CONFIG_GPIO_BT8XX is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_GRGPIO is not set +# CONFIG_GPIO_PL061 is not set +# CONFIG_GPIO_BCM_KONA is not set # FIXME: Why? CONFIG_EVENT_POWER_TRACING_DEPRECATED=y @@ -5039,6 +5043,8 @@ CONFIG_FMC_CHARDEV=m # CONFIG_HSI is not set +# CONFIG_ARM_ARCH_TIMER_EVTSTREAM is not set + # CONFIG_PM_DEVFREQ is not set # CONFIG_MODULE_SIG is not set # CONFIG_SYSTEM_TRUSTED_KEYRING is not set diff --git a/config-powerpc64 b/config-powerpc64 index ae23e739b..27cdb2dfd 100644 --- a/config-powerpc64 +++ b/config-powerpc64 @@ -14,6 +14,8 @@ CONFIG_PPC_PMAC=y CONFIG_PPC_POWERNV=y CONFIG_POWERNV_MSI=y CONFIG_PPC_POWERNV_RTAS=y +CONFIG_HW_RANDOM_POWERNV=m +CONFIG_SCOM_DEBUGFS=y # CONFIG_PPC_PASEMI is not set # CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set # CONFIG_PPC_PS3 is not set diff --git a/config-powerpc64p7 b/config-powerpc64p7 index 93ee2b276..8bf0e4464 100644 --- a/config-powerpc64p7 +++ b/config-powerpc64p7 @@ -10,6 +10,8 @@ CONFIG_PPC_PSERIES=y CONFIG_PPC_POWERNV=y CONFIG_POWERNV_MSI=y CONFIG_PPC_POWERNV_RTAS=y +CONFIG_HW_RANDOM_POWERNV=m +CONFIG_SCOM_DEBUGFS=y # CONFIG_PPC_PASEMI is not set # CONFIG_PPC_PASEMI_IOMMU_DMA_FORCE is not set # CONFIG_PPC_PS3 is not set diff --git a/config-x86-generic b/config-x86-generic index d2926802e..d120a3ef5 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -40,6 +40,7 @@ CONFIG_EFI_VARS_PSTORE=y CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y CONFIG_EFI_PCDP=y CONFIG_FB_EFI=y +CONFIG_EARLY_PRINTK_EFI=y # needs FB_SIMPLE to work correctly # CONFIG_X86_SYSFB is not set @@ -95,6 +96,7 @@ CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_IPMI=m CONFIG_ACPI_CUSTOM_METHOD=m CONFIG_ACPI_BGRT=y +# CONFIG_ACPI_EXTLOG is not set CONFIG_X86_INTEL_PSTATE=y CONFIG_X86_ACPI_CPUFREQ=m @@ -382,6 +384,7 @@ CONFIG_F71808E_WDT=m CONFIG_HPWDT_NMI_DECODING=y # CONFIG_MFD_TPS6586X is not set # CONFIG_INTEL_MID_DMAC is not set +# CONFIG_GPIO_INTEL_MID is not set CONFIG_PCH_DMA=m CONFIG_INTEL_IPS=m # CONFIG_IBM_RTL is not set diff --git a/config-x86_64-generic b/config-x86_64-generic index e77695e0a..e48ef4503 100644 --- a/config-x86_64-generic +++ b/config-x86_64-generic @@ -30,6 +30,7 @@ CONFIG_AMD_IOMMU_V2=m # CONFIG_IOMMU_DEBUG is not set CONFIG_SWIOTLB=y # CONFIG_CALGARY_IOMMU is not set +# CONFIG_GART_IOMMU is not set CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_MEM_SOFT_DIRTY=y diff --git a/kernel.spec b/kernel.spec index 93d2f9822..6493b07d8 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 3 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -95,7 +95,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -625,7 +625,7 @@ Patch470: die-floppy-die.patch Patch510: silence-noise.patch Patch530: silence-fbcon-logo.patch -Patch600: x86-allow-1024-cpus.patch +Patch600: 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch Patch800: crash-driver.patch @@ -704,9 +704,6 @@ Patch25047: drm-radeon-Disable-writeback-by-default-on-ppc.patch #CVE-2013-4345 rhbz 1007690 1009136 Patch25104: ansi_cprng-Fix-off-by-one-error-in-non-block-size-request.patch -#rhbz 985522 -Patch25107: ntp-Make-periodic-RTC-update-more-reliable.patch - #rhbz 902012 Patch25114: elevator-Fix-a-race-in-elevator-switching-and-md.patch Patch25115: elevator-acquire-q-sysfs_lock-in-elevator_change.patch @@ -1281,7 +1278,7 @@ ApplyOptionalPatch upstream-reverts.patch -R # Architecture patches # x86(-64) -ApplyPatch x86-allow-1024-cpus.patch +ApplyPatch 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch # ARM64 @@ -1411,9 +1408,6 @@ ApplyPatch drm-radeon-Disable-writeback-by-default-on-ppc.patch #CVE-2013-4345 rhbz 1007690 1009136 ApplyPatch ansi_cprng-Fix-off-by-one-error-in-non-block-size-request.patch -#rhbz 985522 -ApplyPatch ntp-Make-periodic-RTC-update-more-reliable.patch - #rhbz 902012 ApplyPatch elevator-Fix-a-race-in-elevator-switching-and-md.patch ApplyPatch elevator-acquire-q-sysfs_lock-in-elevator_change.patch @@ -1944,6 +1938,8 @@ find $RPM_BUILD_ROOT/usr/include \ %if %{with_perf} # perf tool binary and supporting scripts/binaries %{perf_make} DESTDIR=$RPM_BUILD_ROOT install +# remove the 'trace' symlink. +rm -f %{buildroot}%{_bindir}/trace # python-perf extension %{perf_make} DESTDIR=$RPM_BUILD_ROOT install-python_ext @@ -2249,6 +2245,9 @@ fi # ||----w | # || || %changelog +* Tue Nov 12 2013 Josh Boyer - 3.13.0-0.rc0.git2.1 +- Linux v3.12-4849-g10d0c97 + * Mon Nov 11 2013 Josh Boyer - 3.13.0-0.rc0.git1.3 - Linux v3.12-2839-gedae583 - Reenable debugging options. diff --git a/ntp-Make-periodic-RTC-update-more-reliable.patch b/ntp-Make-periodic-RTC-update-more-reliable.patch deleted file mode 100644 index 59179e719..000000000 --- a/ntp-Make-periodic-RTC-update-more-reliable.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a97ad0c4b447a132a322cedc3a5f7fa4cab4b304 Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar -Date: Thu, 1 Aug 2013 19:31:35 +0200 -Subject: [PATCH] ntp: Make periodic RTC update more reliable - -The current code requires that the scheduled update of the RTC happens -in the closest tick to the half of the second. This seems to be -difficult to achieve reliably. The scheduled work may be missing the -target time by a tick or two and be constantly rescheduled every second. - -Relax the limit to 10 ticks. As a typical RTC drifts in the 11-minute -update interval by several milliseconds, this shouldn't affect the -overall accuracy of the RTC much. - -Signed-off-by: Miroslav Lichvar -Signed-off-by: John Stultz ---- - kernel/time/ntp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c -index 8f5b3b9..ab1fa7c 100644 ---- a/kernel/time/ntp.c -+++ b/kernel/time/ntp.c -@@ -475,6 +475,7 @@ static void sync_cmos_clock(struct work_struct *work) - * called as close as possible to 500 ms before the new second starts. - * This code is run on a timer. If the clock is set, that timer - * may not expire at the correct time. Thus, we adjust... -+ * We want the clock to be within a couple of ticks from the target. - */ - if (!ntp_synced()) { - /* -@@ -485,7 +486,7 @@ static void sync_cmos_clock(struct work_struct *work) - } - - getnstimeofday(&now); -- if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2) { -+ if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec * 5) { - struct timespec adjust = now; - - fail = -ENODEV; --- -1.7.9.5 - diff --git a/secure-modules.patch b/secure-modules.patch index 9d01b9356..025bf4fb6 100644 --- a/secure-modules.patch +++ b/secure-modules.patch @@ -1,4 +1,4 @@ -From 8dea807503a1ba88d9e27595daae7f86ec968711 Mon Sep 17 00:00:00 2001 +From 0fc411ee00c81b8a18b1417d31f2736fad155d89 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 17:58:15 -0400 Subject: [PATCH 01/14] Add secure_modules() call @@ -14,10 +14,10 @@ Signed-off-by: Matthew Garrett 2 files changed, 17 insertions(+) diff --git a/include/linux/module.h b/include/linux/module.h -index 46f1ea0..0c266b2 100644 +index 05f2447..de97e77 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -509,6 +509,8 @@ int unregister_module_notifier(struct notifier_block * nb); +@@ -515,6 +515,8 @@ int unregister_module_notifier(struct notifier_block * nb); extern void print_modules(void); @@ -26,7 +26,7 @@ index 46f1ea0..0c266b2 100644 #else /* !CONFIG_MODULES... */ /* Given an address, look for it in the exception tables. */ -@@ -619,6 +621,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb) +@@ -625,6 +627,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb) static inline void print_modules(void) { } @@ -39,10 +39,10 @@ index 46f1ea0..0c266b2 100644 #ifdef CONFIG_SYSFS diff --git a/kernel/module.c b/kernel/module.c -index 2069158..0e94acf 100644 +index dc58274..81206c1 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -3852,3 +3852,13 @@ void module_layout(struct module *mod, +@@ -3860,3 +3860,13 @@ void module_layout(struct module *mod, } EXPORT_SYMBOL(module_layout); #endif @@ -60,7 +60,7 @@ index 2069158..0e94acf 100644 1.8.3.1 -From 9b7b3f6283bf784e4ea1c34e52646b12971b2823 Mon Sep 17 00:00:00 2001 +From b94942e55b519e70366e970cea3665c464d1b7da Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 8 Mar 2012 10:10:38 -0500 Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is @@ -80,7 +80,7 @@ Signed-off-by: Matthew Garrett 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index c0dbe1f..cd4e35f 100644 +index d8eb880..a851ad6 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -29,6 +29,7 @@ @@ -91,7 +91,7 @@ index c0dbe1f..cd4e35f 100644 #include "pci.h" static int sysfs_initialized; /* = 0 */ -@@ -624,6 +625,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, +@@ -644,6 +645,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, loff_t init_off = off; u8 *data = (u8*) buf; @@ -101,7 +101,7 @@ index c0dbe1f..cd4e35f 100644 if (off > dev->cfg_size) return 0; if (off + count > dev->cfg_size) { -@@ -930,6 +934,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, +@@ -950,6 +954,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, resource_size_t start, end; int i; @@ -111,7 +111,7 @@ index c0dbe1f..cd4e35f 100644 for (i = 0; i < PCI_ROM_RESOURCE; i++) if (res == &pdev->resource[i]) break; -@@ -1037,6 +1044,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, +@@ -1057,6 +1064,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { @@ -179,7 +179,7 @@ index e1c1ec5..bffbf71 100644 1.8.3.1 -From aac2425a2664c09c2a369e1eec6e7a5bc2713cb1 Mon Sep 17 00:00:00 2001 +From 36f34509fe52cc49e1b1f6815a3f235040f64a03 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 8 Mar 2012 10:35:59 -0500 Subject: [PATCH 03/14] x86: Lock down IO port access when module security is @@ -252,7 +252,7 @@ index f895a8c..1af8664 100644 1.8.3.1 -From e7f9789c7eedf291972666befee726ff8e7126f6 Mon Sep 17 00:00:00 2001 +From 67d9800dcf60467e076587b0aac67bcdc516cfe2 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 08:39:37 -0500 Subject: [PATCH 04/14] ACPI: Limit access to custom_method @@ -284,7 +284,7 @@ index 12b62f2..50647b3 100644 1.8.3.1 -From d81cd6628c821d47bd086354cbc57b1474f3c1a8 Mon Sep 17 00:00:00 2001 +From bdf3761573167c20c72b151c1088b24fd24869ac Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 08:46:50 -0500 Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module @@ -339,7 +339,7 @@ index 19c313b..db18ef66 100644 1.8.3.1 -From df75e984729ef50bb691b4d15472529fcd81580b Mon Sep 17 00:00:00 2001 +From 65d88af5a2c6bb6d01da17819d8ba782bd208837 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 09:28:15 -0500 Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is @@ -382,7 +382,7 @@ index 1af8664..61406c8 100644 1.8.3.1 -From 78955913cc46cc5e5c7f2c71c1b07a5c18e06456 Mon Sep 17 00:00:00 2001 +From 4aa42b7fa5d7f79eb1d179e728ffa561fd9cf354 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 25 Jun 2012 19:57:30 -0400 Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module @@ -398,7 +398,7 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index 6ab2c35..e4c4410 100644 +index e5f416c..9311c00 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -45,6 +45,7 @@ @@ -409,7 +409,7 @@ index 6ab2c35..e4c4410 100644 #include #include -@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); +@@ -249,7 +250,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); acpi_physical_address __init acpi_os_get_root_pointer(void) { #ifdef CONFIG_KEXEC @@ -422,7 +422,7 @@ index 6ab2c35..e4c4410 100644 1.8.3.1 -From 23aae9143fbece326b3a26bf5ba48956c99cabe4 Mon Sep 17 00:00:00 2001 +From c9e62c2ce588d98a774a3853e56d95e48b9df98c Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 03:33:56 -0400 Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module @@ -438,7 +438,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 8 insertions(+) diff --git a/kernel/kexec.c b/kernel/kexec.c -index 59f7b55..3e2b63a 100644 +index 2a74f30..13601e3 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -32,6 +32,7 @@ @@ -467,7 +467,7 @@ index 59f7b55..3e2b63a 100644 1.8.3.1 -From 218cd49aa2d6a085c5c4edc0396200864f0b54ad Mon Sep 17 00:00:00 2001 +From d0e3cb2c13dc9634849ddacf75b6f0d94147516a Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 3 Sep 2013 11:23:29 -0400 Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted @@ -482,7 +482,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 4 insertions(+) diff --git a/kernel/power/user.c b/kernel/power/user.c -index 4ed81e7..15cb72f 100644 +index 957f061..e570609d 100644 --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -24,6 +24,7 @@ @@ -493,7 +493,7 @@ index 4ed81e7..15cb72f 100644 #include -@@ -48,6 +49,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) +@@ -49,6 +50,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) struct snapshot_data *data; int error; @@ -507,7 +507,7 @@ index 4ed81e7..15cb72f 100644 1.8.3.1 -From beeaac053d4ae57dc65be1da8b46e5d4bc6542b8 Mon Sep 17 00:00:00 2001 +From b238417ed3c5a0b21bbfcac84f6c70011b8977c0 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 8 Feb 2013 11:12:13 -0800 Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is @@ -524,7 +524,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index 88458fa..d08f7e3 100644 +index 05266b5..e2bd647 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, @@ -552,7 +552,7 @@ index 88458fa..d08f7e3 100644 1.8.3.1 -From b4331711c52aff0a6a9cef0f4b52fe261874d6f2 Mon Sep 17 00:00:00 2001 +From c3a9afb3b580b4f721d245fc5d13e378b99b9cd8 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 18:36:30 -0400 Subject: [PATCH 11/14] Add option to automatically enforce module signatures @@ -588,12 +588,12 @@ index 199f453..ec38acf 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index b32ebf9..6a6c19b 100644 +index 725e157..fe212ef 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1581,6 +1581,16 @@ config EFI_STUB +@@ -1604,6 +1604,16 @@ config EFI_STUB - See Documentation/x86/efi-stub.txt for more information. + See Documentation/efi-stub.txt for more information. +config EFI_SECURE_BOOT_SIG_ENFORCE + def_bool n @@ -609,7 +609,7 @@ index b32ebf9..6a6c19b 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index b7388a4..53bfe4f 100644 +index a7677ba..4e172e9 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -12,6 +12,7 @@ @@ -620,10 +620,10 @@ index b7388a4..53bfe4f 100644 #undef memcpy /* Use memcpy from misc.c */ -@@ -861,6 +862,37 @@ fail: - return status; +@@ -741,6 +742,37 @@ free_mem_map: } + +static int get_secure_boot(void) +{ + u8 sb, setup; @@ -656,9 +656,9 @@ index b7388a4..53bfe4f 100644 + + /* - * Because the x86 boot code expects to be passed a boot_params we - * need to create one ourselves (usually the bootloader would create -@@ -1169,6 +1201,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, + * On success we return a pointer to a boot_params structure, and NULL + * on failure. +@@ -760,6 +792,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) goto fail; @@ -670,7 +670,7 @@ index b7388a4..53bfe4f 100644 setup_efi_pci(boot_params); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h -index c15ddaf..85d7685 100644 +index 9c3733c..a7ba210 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h @@ -131,7 +131,8 @@ struct boot_params { @@ -684,10 +684,10 @@ index c15ddaf..85d7685 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index f8ec578..deeb7bc 100644 +index 918d489..fe429c1 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1129,6 +1129,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1127,6 +1127,12 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); @@ -701,10 +701,10 @@ index f8ec578..deeb7bc 100644 * Parse the ACPI tables for possible boot-time SMP configuration. */ diff --git a/include/linux/module.h b/include/linux/module.h -index 0c266b2..5a6374a 100644 +index de97e77..d69fe19 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -184,6 +184,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); +@@ -190,6 +190,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); struct notifier_block; @@ -718,10 +718,10 @@ index 0c266b2..5a6374a 100644 extern int modules_disabled; /* for sysctl */ diff --git a/kernel/module.c b/kernel/module.c -index 0e94acf..974139b 100644 +index 81206c1..e1428f0 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -3853,6 +3853,13 @@ void module_layout(struct module *mod, +@@ -3861,6 +3861,13 @@ void module_layout(struct module *mod, EXPORT_SYMBOL(module_layout); #endif @@ -739,7 +739,7 @@ index 0e94acf..974139b 100644 1.8.3.1 -From bb28516d346e6511f1e012321c48eb142763e539 Mon Sep 17 00:00:00 2001 +From 27a1aa77c7fbaaae8c6a776190a38dcbf3c3d6d2 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 5 Feb 2013 19:25:05 -0500 Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode @@ -756,10 +756,10 @@ Signed-off-by: Josh Boyer 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 53bfe4f..946028b 100644 +index 4e172e9..4905f4d 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -864,8 +864,9 @@ fail: +@@ -744,8 +744,9 @@ free_mem_map: static int get_secure_boot(void) { @@ -770,7 +770,7 @@ index 53bfe4f..946028b 100644 efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; efi_status_t status; -@@ -889,6 +890,23 @@ static int get_secure_boot(void) +@@ -769,6 +770,23 @@ static int get_secure_boot(void) if (setup == 1) return 0; @@ -798,7 +798,7 @@ index 53bfe4f..946028b 100644 1.8.3.1 -From 4c8824bac8d4284e66c39c365ba84151f2d78e87 Mon Sep 17 00:00:00 2001 +From 2a445ca2c187da4497ef5f68f111574fd2b0d419 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 27 Aug 2013 13:28:43 -0400 Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI @@ -812,11 +812,11 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 6a6c19b..10498ec 100644 +index fe212ef..bf83fd3 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1582,7 +1582,8 @@ config EFI_STUB - See Documentation/x86/efi-stub.txt for more information. +@@ -1605,7 +1605,8 @@ config EFI_STUB + See Documentation/efi-stub.txt for more information. config EFI_SECURE_BOOT_SIG_ENFORCE - def_bool n @@ -829,7 +829,7 @@ index 6a6c19b..10498ec 100644 1.8.3.1 -From 871b0ed1847c3c5413a4ca72ecf18735858f7708 Mon Sep 17 00:00:00 2001 +From b1c533cc1d1ca7a03497cc4f2e1b029bde95633c Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 27 Aug 2013 13:33:03 -0400 Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit @@ -844,10 +844,10 @@ Signed-off-by: Josh Boyer 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index deeb7bc..08dc16e 100644 +index fe429c1..469fbf0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1131,7 +1131,9 @@ void __init setup_arch(char **cmdline_p) +@@ -1129,7 +1129,9 @@ void __init setup_arch(char **cmdline_p) #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE if (boot_params.secure_boot) { @@ -858,10 +858,10 @@ index deeb7bc..08dc16e 100644 #endif diff --git a/include/linux/efi.h b/include/linux/efi.h -index 5f8f176..eed2202 100644 +index bc5687d..b010a2e 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -634,6 +634,7 @@ extern int __init efi_setup_pcdp_console(char *); +@@ -653,6 +653,7 @@ extern int __init efi_setup_pcdp_console(char *); #define EFI_RUNTIME_SERVICES 3 /* Can we use runtime services? */ #define EFI_MEMMAP 4 /* Can we use EFI memory map? */ #define EFI_64BIT 5 /* Is the firmware 64-bit? */ diff --git a/sources b/sources index acdca4b59..fd4184c50 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz 47eda935b7156e21ef3d424ba8797863 patch-3.12-git1.xz +6de5ff06cc215c8aba4f411d397e4b47 patch-3.12-git2.xz diff --git a/x86-allow-1024-cpus.patch b/x86-allow-1024-cpus.patch deleted file mode 100644 index decafd6ef..000000000 --- a/x86-allow-1024-cpus.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index f67e839..d726b2d 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -825,7 +825,7 @@ config MAXSMP - config NR_CPUS - int "Maximum number of CPUs" if SMP && !MAXSMP - range 2 8 if SMP && X86_32 && !X86_BIGSMP -- range 2 512 if SMP && !MAXSMP -+ range 2 1024 if SMP && !MAXSMP - default "1" if !SMP - default "4096" if MAXSMP - default "32" if SMP && (X86_NUMAQ || X86_SUMMIT || X86_BIGSMP || X86_ES7000)