rpms/kernel
9
2
Fork 4
Code Issues Pull Requests Releases Activity

Linux v3.15-rc2

Browse Source 
- Disable debugging options.
This commit is contained in:
Josh Boyer 2014-04-21 09:46:02 -04:00
parent 4b35a8c233
commit 86439e5e88
6 changed files with 110 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config-generic
View File

@ -1680,13 +1680,13 @@ CONFIG_B43_SDIO=y
CONFIG_B43_BCMA=y CONFIG_B43_BCMA=y
# CONFIG_B43_BCMA_EXTRA is not set # CONFIG_B43_BCMA_EXTRA is not set
CONFIG_B43_BCMA_PIO=y CONFIG_B43_BCMA_PIO=y
CONFIG_B43_DEBUG=y # CONFIG_B43_DEBUG is not set
CONFIG_B43_PHY_LP=y CONFIG_B43_PHY_LP=y
CONFIG_B43_PHY_N=y CONFIG_B43_PHY_N=y
CONFIG_B43_PHY_HT=y CONFIG_B43_PHY_HT=y
# CONFIG_B43_FORCE_PIO is not set # CONFIG_B43_FORCE_PIO is not set
CONFIG_B43LEGACY=m CONFIG_B43LEGACY=m
CONFIG_B43LEGACY_DEBUG=y # CONFIG_B43LEGACY_DEBUG is not set
CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_DMA=y
CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_PIO=y
CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@ -3543,7 +3543,7 @@ CONFIG_USB_STORAGE_REALTEK=m
CONFIG_REALTEK_AUTOPM=y CONFIG_REALTEK_AUTOPM=y
CONFIG_USB_STORAGE_ENE_UB6250=m CONFIG_USB_STORAGE_ENE_UB6250=m
# CONFIG_USB_LIBUSUAL is not set # CONFIG_USB_LIBUSUAL is not set
CONFIG_USB_UAS=m # CONFIG_USB_UAS is not set
# #
@ -4619,7 +4619,7 @@ CONFIG_PM_DEBUG=y
# CONFIG_DPM_WATCHDOG is not set # revisit this in debug # CONFIG_DPM_WATCHDOG is not set # revisit this in debug
CONFIG_PM_TRACE=y CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y CONFIG_PM_TRACE_RTC=y
CONFIG_PM_TEST_SUSPEND=y # CONFIG_PM_TEST_SUSPEND is not set
CONFIG_PM_RUNTIME=y CONFIG_PM_RUNTIME=y
# CONFIG_PM_OPP is not set # CONFIG_PM_OPP is not set
# CONFIG_PM_AUTOSLEEP is not set # CONFIG_PM_AUTOSLEEP is not set

116
config-nodebug
View File

@ -2,100 +2,100 @@ CONFIG_SND_VERBOSE_PRINTK=y
CONFIG_SND_DEBUG=y CONFIG_SND_DEBUG=y
CONFIG_SND_PCM_XRUN_DEBUG=y CONFIG_SND_PCM_XRUN_DEBUG=y
CONFIG_DEBUG_ATOMIC_SLEEP=y # CONFIG_DEBUG_ATOMIC_SLEEP is not set
CONFIG_DEBUG_MUTEXES=y # CONFIG_DEBUG_MUTEXES is not set
CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y # CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
CONFIG_DEBUG_RT_MUTEXES=y # CONFIG_DEBUG_RT_MUTEXES is not set
CONFIG_DEBUG_LOCK_ALLOC=y # CONFIG_DEBUG_LOCK_ALLOC is not set
CONFIG_LOCK_TORTURE_TEST=m # CONFIG_LOCK_TORTURE_TEST is not set
CONFIG_PROVE_LOCKING=y # CONFIG_PROVE_LOCKING is not set
CONFIG_DEBUG_SPINLOCK=y # CONFIG_DEBUG_SPINLOCK is not set
CONFIG_PROVE_RCU=y # CONFIG_PROVE_RCU is not set
# CONFIG_PROVE_RCU_REPEATEDLY is not set # CONFIG_PROVE_RCU_REPEATEDLY is not set
CONFIG_DEBUG_PER_CPU_MAPS=y # CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUMASK_OFFSTACK=y
CONFIG_CPU_NOTIFIER_ERROR_INJECT=m # CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set
CONFIG_FAULT_INJECTION=y # CONFIG_FAULT_INJECTION is not set
CONFIG_FAILSLAB=y # CONFIG_FAILSLAB is not set
CONFIG_FAIL_PAGE_ALLOC=y # CONFIG_FAIL_PAGE_ALLOC is not set
CONFIG_FAIL_MAKE_REQUEST=y # CONFIG_FAIL_MAKE_REQUEST is not set
CONFIG_FAULT_INJECTION_DEBUG_FS=y # CONFIG_FAULT_INJECTION_DEBUG_FS is not set
CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y # CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set
CONFIG_FAIL_IO_TIMEOUT=y # CONFIG_FAIL_IO_TIMEOUT is not set
CONFIG_FAIL_MMC_REQUEST=y # CONFIG_FAIL_MMC_REQUEST is not set
CONFIG_LOCK_STAT=y # CONFIG_LOCK_STAT is not set
CONFIG_DEBUG_STACK_USAGE=y # CONFIG_DEBUG_STACK_USAGE is not set
CONFIG_ACPI_DEBUG=y # CONFIG_ACPI_DEBUG is not set
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set # CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
CONFIG_DEBUG_SG=y # CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_DEBUG_WRITECOUNT=y # CONFIG_DEBUG_WRITECOUNT is not set
CONFIG_DEBUG_OBJECTS=y # CONFIG_DEBUG_OBJECTS is not set
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set # CONFIG_DEBUG_OBJECTS_SELFTEST is not set
CONFIG_DEBUG_OBJECTS_FREE=y # CONFIG_DEBUG_OBJECTS_FREE is not set
CONFIG_DEBUG_OBJECTS_TIMERS=y # CONFIG_DEBUG_OBJECTS_TIMERS is not set
CONFIG_DEBUG_OBJECTS_RCU_HEAD=y # CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
CONFIG_X86_PTDUMP=y # CONFIG_X86_PTDUMP is not set
CONFIG_EFI_PGT_DUMP=y # CONFIG_EFI_PGT_DUMP is not set
CONFIG_CAN_DEBUG_DEVICES=y # CONFIG_CAN_DEBUG_DEVICES is not set
CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SYSCTL_SYSCALL_CHECK is not set
CONFIG_DEBUG_NOTIFIERS=y # CONFIG_DEBUG_NOTIFIERS is not set
CONFIG_DMA_API_DEBUG=y # CONFIG_DMA_API_DEBUG is not set
CONFIG_MMIOTRACE=y # CONFIG_MMIOTRACE is not set
CONFIG_DEBUG_CREDENTIALS=y # CONFIG_DEBUG_CREDENTIALS is not set
# off in both production debug and nodebug builds, # off in both production debug and nodebug builds,
# on in rawhide nodebug builds # on in rawhide nodebug builds
CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_EXT4_DEBUG=y # CONFIG_EXT4_DEBUG is not set
# CONFIG_XFS_WARN is not set # CONFIG_XFS_WARN is not set
CONFIG_DEBUG_PERF_USE_VMALLOC=y # CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_JBD2_DEBUG=y # CONFIG_JBD2_DEBUG is not set
CONFIG_NFSD_FAULT_INJECTION=y # CONFIG_NFSD_FAULT_INJECTION is not set
CONFIG_DEBUG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_DRBD_FAULT_INJECTION=y # CONFIG_DRBD_FAULT_INJECTION is not set
CONFIG_ATH_DEBUG=y # CONFIG_ATH_DEBUG is not set
CONFIG_CARL9170_DEBUGFS=y # CONFIG_CARL9170_DEBUGFS is not set
CONFIG_IWLWIFI_DEVICE_TRACING=y # CONFIG_IWLWIFI_DEVICE_TRACING is not set
# CONFIG_RTLWIFI_DEBUG is not set # CONFIG_RTLWIFI_DEBUG is not set
CONFIG_DEBUG_OBJECTS_WORK=y # CONFIG_DEBUG_OBJECTS_WORK is not set
CONFIG_DMADEVICES_DEBUG=y # CONFIG_DMADEVICES_DEBUG is not set
CONFIG_DMADEVICES_VDEBUG=y # CONFIG_DMADEVICES_VDEBUG is not set
CONFIG_PM_ADVANCED_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y
CONFIG_CEPH_LIB_PRETTYDEBUG=y # CONFIG_CEPH_LIB_PRETTYDEBUG is not set
CONFIG_QUOTA_DEBUG=y # CONFIG_QUOTA_DEBUG is not set
CONFIG_PCI_DEFAULT_USE_CRS=y CONFIG_PCI_DEFAULT_USE_CRS=y
@ -103,18 +103,18 @@ CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y CONFIG_KDB_KEYBOARD=y
CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_CONTINUE_CATASTROPHIC=0
CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y # CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
# CONFIG_PERCPU_TEST is not set # CONFIG_PERCPU_TEST is not set
CONFIG_TEST_LIST_SORT=y # CONFIG_TEST_LIST_SORT is not set
# CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_STRING_HELPERS is not set
CONFIG_DETECT_HUNG_TASK=y # CONFIG_DETECT_HUNG_TASK is not set
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y # CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set
CONFIG_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024 CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
# CONFIG_DEBUG_KMEMLEAK_TEST is not set # CONFIG_DEBUG_KMEMLEAK_TEST is not set
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
@ -125,7 +125,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
# CONFIG_SPI_DEBUG is not set # CONFIG_SPI_DEBUG is not set
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y # CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
# CONFIG_SCHEDSTATS is not set # CONFIG_SCHEDSTATS is not set
# CONFIG_LATENCYTOP is not set # CONFIG_LATENCYTOP is not set

2
config-x86-generic
View File

@ -336,7 +336,7 @@ CONFIG_SP5100_TCO=m
# CONFIG_MEMTEST is not set # CONFIG_MEMTEST is not set
# CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_DEBUG_TLBFLUSH is not set
CONFIG_MAXSMP=y # CONFIG_MAXSMP is not set
CONFIG_HP_ILO=m CONFIG_HP_ILO=m

10
kernel.spec
View File

@ -59,9 +59,9 @@ Summary: The Linux kernel
# The next upstream release sublevel (base_sublevel+1) # The next upstream release sublevel (base_sublevel+1)
%define upstream_sublevel %(echo $((%{base_sublevel} + 1))) %define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
# The rc snapshot level # The rc snapshot level
%define rcrev 1 %define rcrev 2
# The git snapshot level # The git snapshot level
%define gitrev 4 %define gitrev 0
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0 %define rpmversion 3.%{upstream_sublevel}.0
%endif %endif
@ -122,7 +122,7 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 1 for production (build separate debug kernels) # Set debugbuildsenabled to 1 for production (build separate debug kernels)
# and 0 for rawhide (all kernels are debug kernels). # and 0 for rawhide (all kernels are debug kernels).
# See also 'make debug' and 'make release'. # See also 'make debug' and 'make release'.
%define debugbuildsenabled 0 %define debugbuildsenabled 1
# Want to build a vanilla kernel build without any non-upstream patches? # Want to build a vanilla kernel build without any non-upstream patches?
%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@ -2064,6 +2064,10 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Mon Apr 21 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc2.git0.1
- Linux v3.15-rc2
- Disable debugging options.
* Fri Apr 18 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc1.git4.1 * Fri Apr 18 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc1.git4.1
- Linux v3.15-rc1-137-g81cef0fe19e0 - Linux v3.15-rc1-137-g81cef0fe19e0

78
modsign-uefi.patch
View File

@ -1,7 +1,7 @@
Bugzilla: N/A Bugzilla: N/A
Upstream-status: Fedora mustard for now Upstream-status: Fedora mustard for now
From 2b668e069365b608e855cf1f5edcf8caed0aaa4d Mon Sep 17 00:00:00 2001 From 779183da2955e33a221c3f7a622766cd53e06d45 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com> From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400 Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH 1/5] Add EFI signature data types Subject: [PATCH 1/5] Add EFI signature data types
@ -15,10 +15,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed, 20 insertions(+) 1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h diff --git a/include/linux/efi.h b/include/linux/efi.h
index 0c1d367..de1faea 100644 index 3a77a70fff27..4c7f7011ea19 100644
--- a/include/linux/efi.h --- a/include/linux/efi.h
+++ b/include/linux/efi.h +++ b/include/linux/efi.h
@@ -394,6 +394,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si @@ -575,6 +575,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define EFI_FILE_SYSTEM_GUID \ #define EFI_FILE_SYSTEM_GUID \
EFI_GUID( 0x964e5b22, 0x6459, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b ) EFI_GUID( 0x964e5b22, 0x6459, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b )
@ -31,7 +31,7 @@ index 0c1d367..de1faea 100644
typedef struct { typedef struct {
efi_guid_t guid; efi_guid_t guid;
u64 table; u64 table;
@@ -541,6 +547,20 @@ typedef struct _efi_file_io_interface { @@ -782,6 +788,20 @@ typedef struct _efi_file_io_interface {
#define EFI_INVALID_TABLE_ADDR (~0UL) #define EFI_INVALID_TABLE_ADDR (~0UL)
@ -53,10 +53,10 @@ index 0c1d367..de1faea 100644
* All runtime access to EFI goes through this structure: * All runtime access to EFI goes through this structure:
*/ */
-- --
1.8.4.2 1.9.0
From 42d75e3e3fe134cc274f765525031b764540a587 Mon Sep 17 00:00:00 2001 From 8592d1f6a8cc8d901c94582b9d0b57d170a0940b Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com> From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400 Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH 2/5] Add an EFI signature blob parser and key loader. Subject: [PATCH 2/5] Add an EFI signature blob parser and key loader.
@ -74,7 +74,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
create mode 100644 crypto/asymmetric_keys/efi_parser.c create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 03a6eb9..6306ffc 100644 index 03a6eb95ab50..6306ffc2a7fe 100644
--- a/crypto/asymmetric_keys/Kconfig --- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig
@@ -37,4 +37,12 @@ config X509_CERTIFICATE_PARSER @@ -37,4 +37,12 @@ config X509_CERTIFICATE_PARSER
@ -91,7 +91,7 @@ index 03a6eb9..6306ffc 100644
+ +
endif # ASYMMETRIC_KEY_TYPE endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 0727204..cd8388e 100644 index 0727204aab68..cd8388e5f2f1 100644
--- a/crypto/asymmetric_keys/Makefile --- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o @@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
@ -104,7 +104,7 @@ index 0727204..cd8388e 100644
# X.509 Certificate handling # X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
new file mode 100644 new file mode 100644
index 0000000..424896a index 000000000000..424896a0b169
--- /dev/null --- /dev/null
+++ b/crypto/asymmetric_keys/efi_parser.c +++ b/crypto/asymmetric_keys/efi_parser.c
@@ -0,0 +1,109 @@ @@ -0,0 +1,109 @@
@ -218,10 +218,10 @@ index 0000000..424896a
+ return 0; + return 0;
+} +}
diff --git a/include/linux/efi.h b/include/linux/efi.h diff --git a/include/linux/efi.h b/include/linux/efi.h
index de1faea..13e1425 100644 index 4c7f7011ea19..96174a7f9e90 100644
--- a/include/linux/efi.h --- a/include/linux/efi.h
+++ b/include/linux/efi.h +++ b/include/linux/efi.h
@@ -641,6 +641,10 @@ extern int efi_set_rtc_mmss(const struct timespec *now); @@ -883,6 +883,10 @@ extern int efi_set_rtc_mmss(const struct timespec *now);
extern void efi_reserve_boot_services(void); extern void efi_reserve_boot_services(void);
extern struct efi_memory_map memmap; extern struct efi_memory_map memmap;
@ -233,10 +233,10 @@ index de1faea..13e1425 100644
* efi_range_is_wc - check the WC bit on an address range * efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address * @start: starting kvirt address
-- --
1.8.4.2 1.9.0
From d750dbcdcb3a712a2ea4ec57b9c9729c6a26b41d Mon Sep 17 00:00:00 2001 From a4da3547b2eb4e0c7111eee7e5d5043413142835 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400 Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH 3/5] KEYS: Add a system blacklist keyring Subject: [PATCH 3/5] KEYS: Add a system blacklist keyring
@ -255,7 +255,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
4 files changed, 42 insertions(+) 4 files changed, 42 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 8dabc39..e466de1 100644 index 8dabc399bd1d..e466de10ceec 100644
--- a/include/keys/system_keyring.h --- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h +++ b/include/keys/system_keyring.h
@@ -18,6 +18,10 @@ @@ -18,6 +18,10 @@
@ -270,10 +270,10 @@ index 8dabc39..e466de1 100644
#endif /* _KEYS_SYSTEM_KEYRING_H */ #endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig diff --git a/init/Kconfig b/init/Kconfig
index 5236dc5..f59e6fe 100644 index 9d3585bb2a7a..932f22f7cc40 100644
--- a/init/Kconfig --- a/init/Kconfig
+++ b/init/Kconfig +++ b/init/Kconfig
@@ -1673,6 +1673,15 @@ config SYSTEM_TRUSTED_KEYRING @@ -1658,6 +1658,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking. Keys in this keyring are used by module signature checking.
@ -281,16 +281,16 @@ index 5236dc5..f59e6fe 100644
+ bool "Provide system-wide ring of blacklisted keys" + bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS + depends on KEYS
+ help + help
+ Provide a system keyring to which blacklisted keys can be added. Keys + Provide a system keyring to which blacklisted keys can be added.
+ in the keyring are considered entirely untrusted. Keys in this keyring + Keys in the keyring are considered entirely untrusted. Keys in this
+ are used by the module signature checking to reject loading of modules + keyring are used by the module signature checking to reject loading
+ signed with a blacklisted key. + of modules signed with a blacklisted key.
+ +
menuconfig MODULES config PROFILING
bool "Enable loadable module support" bool "Profiling support"
option modules help
diff --git a/kernel/module_signing.c b/kernel/module_signing.c diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fa..fed815f 100644 index be5b8fac4bd0..fed815fcdaf2 100644
--- a/kernel/module_signing.c --- a/kernel/module_signing.c
+++ b/kernel/module_signing.c +++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len, @@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
@ -313,7 +313,7 @@ index be5b8fa..fed815f 100644
&key_type_asymmetric, id); &key_type_asymmetric, id);
if (IS_ERR(key)) if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 52ebc70..478c4f8 100644 index 52ebc70263f4..478c4f8ec908 100644
--- a/kernel/system_keyring.c --- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c +++ b/kernel/system_keyring.c
@@ -20,6 +20,9 @@ @@ -20,6 +20,9 @@
@ -348,10 +348,10 @@ index 52ebc70..478c4f8 100644
} }
-- --
1.8.4.2 1.9.0
From c32beadd0d75fddcd75b700e4a75884d7a82e9bb Mon Sep 17 00:00:00 2001 From 25adb4e43fb5c23723f33a806399ad484f8dcfa5 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400 Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH 4/5] MODSIGN: Import certificates from UEFI Secure Boot Subject: [PATCH 4/5] MODSIGN: Import certificates from UEFI Secure Boot
@ -379,10 +379,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
create mode 100644 kernel/modsign_uefi.c create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h diff --git a/include/linux/efi.h b/include/linux/efi.h
index 13e1425..a7175eb 100644 index 96174a7f9e90..8f7466023105 100644
--- a/include/linux/efi.h --- a/include/linux/efi.h
+++ b/include/linux/efi.h +++ b/include/linux/efi.h
@@ -400,6 +400,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si @@ -581,6 +581,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define EFI_CERT_X509_GUID \ #define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
@ -396,10 +396,10 @@ index 13e1425..a7175eb 100644
efi_guid_t guid; efi_guid_t guid;
u64 table; u64 table;
diff --git a/init/Kconfig b/init/Kconfig diff --git a/init/Kconfig b/init/Kconfig
index f59e6fe..90fa75f 100644 index 932f22f7cc40..6023af12ef4f 100644
--- a/init/Kconfig --- a/init/Kconfig
+++ b/init/Kconfig +++ b/init/Kconfig
@@ -1792,6 +1792,15 @@ config MODULE_SIG_ALL @@ -1812,6 +1812,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file" comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
@ -416,10 +416,10 @@ index f59e6fe..90fa75f 100644
prompt "Which hash algorithm should modules be signed with?" prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile diff --git a/kernel/Makefile b/kernel/Makefile
index bc010ee..bee938f 100644 index f2a8b6246ce9..706e7952bde5 100644
--- a/kernel/Makefile --- a/kernel/Makefile
+++ b/kernel/Makefile +++ b/kernel/Makefile
@@ -44,6 +44,7 @@ obj-$(CONFIG_UID16) += uid16.o @@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o obj-$(CONFIG_MODULE_SIG) += module_signing.o
@ -427,7 +427,7 @@ index bc010ee..bee938f 100644
obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o obj-$(CONFIG_KEXEC) += kexec.o
@@ -96,6 +97,8 @@ obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o @@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h $(obj)/configs.o: $(obj)/config_data.h
@ -438,7 +438,7 @@ index bc010ee..bee938f 100644
targets += config_data.gz targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644 new file mode 100644
index 0000000..94b0eb3 index 000000000000..94b0eb38a284
--- /dev/null --- /dev/null
+++ b/kernel/modsign_uefi.c +++ b/kernel/modsign_uefi.c
@@ -0,0 +1,92 @@ @@ -0,0 +1,92 @@
@ -535,10 +535,10 @@ index 0000000..94b0eb3
+} +}
+late_initcall(load_uefi_certs); +late_initcall(load_uefi_certs);
-- --
1.8.4.2 1.9.0
From 5c86fc6c7e4d51286d75ee6d8ceedf983ae434fb Mon Sep 17 00:00:00 2001 From 20b7de055a87e6f5555c27de8188b7c975e3e330 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400 Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH 5/5] MODSIGN: Support not importing certs from db Subject: [PATCH 5/5] MODSIGN: Support not importing certs from db
@ -554,7 +554,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 31 insertions(+), 9 deletions(-) 1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
index 94b0eb3..ae28b97 100644 index 94b0eb38a284..ae28b974d49a 100644
--- a/kernel/modsign_uefi.c --- a/kernel/modsign_uefi.c
+++ b/kernel/modsign_uefi.c +++ b/kernel/modsign_uefi.c
@@ -8,6 +8,23 @@ @@ -8,6 +8,23 @@
@ -620,5 +620,5 @@ index 94b0eb3..ae28b97 100644
mok = get_cert_list(L"MokListRT", &mok_var, &moksize); mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
-- --
1.8.4.2 1.9.0

3
sources
View File

@ -1,4 +1,3 @@
b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
d36baf2d62de5aa61f10a976d00d2d2a perf-man-3.14.tar.gz d36baf2d62de5aa61f10a976d00d2d2a perf-man-3.14.tar.gz
13e450bb569cfad7c246f0746a7f3217 patch-3.15-rc1.xz f8adc3ee2a7490a403ae1971597c0d0e patch-3.15-rc2.xz
9fd252a3af5b8585254a730d0ad08af0 patch-3.15-rc1-git4.xz