diff --git a/0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch b/0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch deleted file mode 100644 index aab1c4e32..000000000 --- a/0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch +++ /dev/null @@ -1,138 +0,0 @@ -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1021036 -Upstream-status: Send upstream for 3.17 - -From 0ad19912cb324f0a356a212433ec0b2a31f61acc Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 20 Jun 2014 10:29:16 +0200 -Subject: [PATCH] ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling - -It seems that the same problems which lead to adding an rfkill blacklist and -putting the Lenovo Yoga 2 11 on it are also present on the Lenovo Yoga 2 13 -and Lenovo Yoga 2 Pro too: -https://bugzilla.redhat.com/show_bug.cgi?id=1021036 -https://forums.lenovo.com/t5/Linux-Discussion/Yoga-2-13-not-Pro-Linux-Warning/m-p/1517612 - -Testing has shown that the firmware rfkill settings are persistent over -reboots. So blacklisting the driver is not good enough, if the wifi is blocked -at the firmware level the wifi needs to be explictly unblocked through the -ideapad-laptop interface. - -And at least on the Lenovo Yoga 2 13 the VPCCMD_RF register which on devices -with hardware kill switch reports the hardware switch state, needs to be -explictly set to 1 (radio enabled / not blocked). - -So this patch does 3 things to get proper rfkill handling on these models: - -1) Instead of blacklisting the rfkill functionality, which means that people -with a firmware blocked wifi get stuck in that situation, ignore the value -reported by the not present hardware rfkill switch, as this is what is causing -ideapad-laptop to wrongly report all radios as hardware blocks. But do register -the rfkill interfaces so that the user can soft [un]block them. - -2) On models without a hardware rfkill switch, explictly set VPCCMD_RF to 1 - -3) Drop the " 11" postfix from the dmi match string, as the entire Yoga 2 -series is affected. - -Yoga 2 11: -Reported-and-tested-by: Vincent Gerris - -Yoga 2 13: -Tested-by: madls05 - -Yoga 2 Pro: -Reported-and-tested-by: Peter F. Patel-Schneider - -Signed-off-by: Hans de Goede ---- - drivers/platform/x86/ideapad-laptop.c | 41 +++++++++++++++++++++++------------ - 1 file changed, 27 insertions(+), 14 deletions(-) - -diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c -index b4c495a..b0e3a2e 100644 ---- a/drivers/platform/x86/ideapad-laptop.c -+++ b/drivers/platform/x86/ideapad-laptop.c -@@ -87,6 +87,7 @@ struct ideapad_private { - struct backlight_device *blightdev; - struct dentry *debug; - unsigned long cfg; -+ bool has_hw_rfkill_switch; - }; - - static bool no_bt_rfkill; -@@ -473,12 +474,14 @@ static struct rfkill_ops ideapad_rfk_ops = { - - static void ideapad_sync_rfk_state(struct ideapad_private *priv) - { -- unsigned long hw_blocked; -+ unsigned long hw_blocked = 0; - int i; - -- if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked)) -- return; -- hw_blocked = !hw_blocked; -+ if (priv->has_hw_rfkill_switch) { -+ if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked)) -+ return; -+ hw_blocked = !hw_blocked; -+ } - - for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++) - if (priv->rfk[i]) -@@ -821,14 +824,17 @@ static void ideapad_acpi_notify(acpi_handle handle, u32 event, void *data) - } - } - --/* Blacklist for devices where the ideapad rfkill interface does not work */ --static struct dmi_system_id rfkill_blacklist[] = { -- /* The Lenovo Yoga 2 11 always reports everything as blocked */ -+/* -+ * Some ideapads don't have a hardware rfkill switch, reading VPCCMD_R_RF -+ * always results in 0 on these models, causing ideapad_laptop to wrongly -+ * report all radios as hardware-blocked. -+ */ -+static struct dmi_system_id no_hw_rfkill_list[] = { - { -- .ident = "Lenovo Yoga 2 11", -+ .ident = "Lenovo Yoga 2 11 / 13 / Pro", - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), -- DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2 11"), -+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2"), - }, - }, - {} -@@ -856,6 +862,7 @@ static int ideapad_acpi_add(struct platform_device *pdev) - priv->cfg = cfg; - priv->adev = adev; - priv->platform_device = pdev; -+ priv->has_hw_rfkill_switch = !dmi_check_system(no_hw_rfkill_list); - - ret = ideapad_sysfs_init(priv); - if (ret) -@@ -869,11 +876,17 @@ static int ideapad_acpi_add(struct platform_device *pdev) - if (ret) - goto input_failed; - -- if (!dmi_check_system(rfkill_blacklist)) { -- for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++) -- if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg)) -- ideapad_register_rfkill(priv, i); -- } -+ /* -+ * On some models without a hw-switch (the yoga 2 13 at least) -+ * VPCCMD_W_RF must be explicitly set to 1 for the wifi to work. -+ */ -+ if (!priv->has_hw_rfkill_switch) -+ write_ec_cmd(priv->adev->handle, VPCCMD_W_RF, 1); -+ -+ for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++) -+ if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg)) -+ ideapad_register_rfkill(priv, i); -+ - ideapad_sync_rfk_state(priv); - ideapad_sync_touchpad_state(priv); - --- -2.0.0 - diff --git a/ACPI-Limit-access-to-custom_method.patch b/ACPI-Limit-access-to-custom_method.patch new file mode 100644 index 000000000..932259442 --- /dev/null +++ b/ACPI-Limit-access-to-custom_method.patch @@ -0,0 +1,31 @@ +From 70b5ad494c01fce2f3d3284affaefa8f581b21e8 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Fri, 9 Mar 2012 08:39:37 -0500 +Subject: [PATCH] ACPI: Limit access to custom_method + +custom_method effectively allows arbitrary access to system memory, making +it possible for an attacker to circumvent restrictions on module loading. +Disable it if any such restrictions have been enabled. + +Signed-off-by: Matthew Garrett +--- + drivers/acpi/custom_method.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c +index c68e72414a67..4277938af700 100644 +--- a/drivers/acpi/custom_method.c ++++ b/drivers/acpi/custom_method.c +@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, + struct acpi_table_header table; + acpi_status status; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (!(*ppos)) { + /* parse the table header to get the table length */ + if (count <= sizeof(struct acpi_table_header)) +-- +1.9.3 + diff --git a/ARM-tegra-usb-no-reset.patch b/ARM-tegra-usb-no-reset.patch new file mode 100644 index 000000000..8335abafe --- /dev/null +++ b/ARM-tegra-usb-no-reset.patch @@ -0,0 +1,32 @@ +From 4efca4da7b99c99095a6390d5f20aee30bdb6d67 Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Thu, 3 May 2012 20:27:11 +0100 +Subject: [PATCH] ARM: tegra: usb no reset + +Patch for disconnect issues with storage attached to a + tegra-ehci controller +--- + drivers/usb/core/hub.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 46f5161c7891..be0877ff88b3 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -5035,6 +5035,13 @@ static void hub_events(void) + (u16) hub->change_bits[0], + (u16) hub->event_bits[0]); + ++ /* Don't disconnect USB-SATA on TrimSlice */ ++ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) { ++ if ((hdev->state == 7) && (hub->change_bits[0] == 0) && ++ (hub->event_bits[0] == 0x2)) ++ hub->event_bits[0] = 0; ++ } ++ + /* Lock the device, then check to see if we were + * disconnected while waiting for the lock to succeed. */ + usb_lock_device(hdev); +-- +1.9.3 + diff --git a/Add-EFI-signature-data-types.patch b/Add-EFI-signature-data-types.patch new file mode 100644 index 000000000..88cd5f512 --- /dev/null +++ b/Add-EFI-signature-data-types.patch @@ -0,0 +1,57 @@ +From fefd3c3f983024a88af6e80f03d999ca5f9314e2 Mon Sep 17 00:00:00 2001 +From: Dave Howells +Date: Tue, 23 Oct 2012 09:30:54 -0400 +Subject: [PATCH] Add EFI signature data types + +Add the data types that are used for containing hashes, keys and certificates +for cryptographic verification. + +Bugzilla: N/A +Upstream-status: Fedora mustard for now + +Signed-off-by: David Howells +--- + include/linux/efi.h | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/include/linux/efi.h b/include/linux/efi.h +index ebe6a24cc1e1..5ce40e215f15 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -581,6 +581,12 @@ void efi_native_runtime_setup(void); + #define DEVICE_TREE_GUID \ + EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 ) + ++#define EFI_CERT_SHA256_GUID \ ++ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 ) ++ ++#define EFI_CERT_X509_GUID \ ++ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) ++ + typedef struct { + efi_guid_t guid; + u64 table; +@@ -796,6 +802,20 @@ typedef struct _efi_file_io_interface { + + #define EFI_INVALID_TABLE_ADDR (~0UL) + ++typedef struct { ++ efi_guid_t signature_owner; ++ u8 signature_data[]; ++} efi_signature_data_t; ++ ++typedef struct { ++ efi_guid_t signature_type; ++ u32 signature_list_size; ++ u32 signature_header_size; ++ u32 signature_size; ++ u8 signature_header[]; ++ /* efi_signature_data_t signatures[][] */ ++} efi_signature_list_t; ++ + /* + * All runtime access to EFI goes through this structure: + */ +-- +1.9.3 + diff --git a/Add-an-EFI-signature-blob-parser-and-key-loader.patch b/Add-an-EFI-signature-blob-parser-and-key-loader.patch new file mode 100644 index 000000000..c873dd0e0 --- /dev/null +++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch @@ -0,0 +1,179 @@ +From 1e20708ec6d992ab178cc0c9cc6c51ae3b95f48d Mon Sep 17 00:00:00 2001 +From: Dave Howells +Date: Tue, 23 Oct 2012 09:36:28 -0400 +Subject: [PATCH] Add an EFI signature blob parser and key loader. + +X.509 certificates are loaded into the specified keyring as asymmetric type +keys. + +Signed-off-by: David Howells +--- + crypto/asymmetric_keys/Kconfig | 8 +++ + crypto/asymmetric_keys/Makefile | 1 + + crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++ + include/linux/efi.h | 4 ++ + 4 files changed, 122 insertions(+) + create mode 100644 crypto/asymmetric_keys/efi_parser.c + +diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig +index 4870f28403f5..4a1b50d73b80 100644 +--- a/crypto/asymmetric_keys/Kconfig ++++ b/crypto/asymmetric_keys/Kconfig +@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION + This option provides support for verifying the signature(s) on a + signed PE binary. + ++config EFI_SIGNATURE_LIST_PARSER ++ bool "EFI signature list parser" ++ depends on EFI ++ select X509_CERTIFICATE_PARSER ++ help ++ This option provides support for parsing EFI signature lists for ++ X.509 certificates and turning them into keys. ++ + endif # ASYMMETRIC_KEY_TYPE +diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile +index e47fcd9ac5e8..6512f6596785 100644 +--- a/crypto/asymmetric_keys/Makefile ++++ b/crypto/asymmetric_keys/Makefile +@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o + + obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o + obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o ++obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o + + # + # X.509 Certificate handling +diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c +new file mode 100644 +index 000000000000..424896a0b169 +--- /dev/null ++++ b/crypto/asymmetric_keys/efi_parser.c +@@ -0,0 +1,109 @@ ++/* EFI signature/key/certificate list parser ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) "EFI: "fmt ++#include ++#include ++#include ++#include ++#include ++ ++static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID; ++ ++/** ++ * parse_efi_signature_list - Parse an EFI signature list for certificates ++ * @data: The data blob to parse ++ * @size: The size of the data blob ++ * @keyring: The keyring to add extracted keys to ++ */ ++int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring) ++{ ++ unsigned offs = 0; ++ size_t lsize, esize, hsize, elsize; ++ ++ pr_devel("-->%s(,%zu)\n", __func__, size); ++ ++ while (size > 0) { ++ efi_signature_list_t list; ++ const efi_signature_data_t *elem; ++ key_ref_t key; ++ ++ if (size < sizeof(list)) ++ return -EBADMSG; ++ ++ memcpy(&list, data, sizeof(list)); ++ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n", ++ offs, ++ list.signature_type.b, list.signature_list_size, ++ list.signature_header_size, list.signature_size); ++ ++ lsize = list.signature_list_size; ++ hsize = list.signature_header_size; ++ esize = list.signature_size; ++ elsize = lsize - sizeof(list) - hsize; ++ ++ if (lsize > size) { ++ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n", ++ __func__, offs); ++ return -EBADMSG; ++ } ++ if (lsize < sizeof(list) || ++ lsize - sizeof(list) < hsize || ++ esize < sizeof(*elem) || ++ elsize < esize || ++ elsize % esize != 0) { ++ pr_devel("- bad size combo @%x\n", offs); ++ return -EBADMSG; ++ } ++ ++ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) { ++ data += lsize; ++ size -= lsize; ++ offs += lsize; ++ continue; ++ } ++ ++ data += sizeof(list) + hsize; ++ size -= sizeof(list) + hsize; ++ offs += sizeof(list) + hsize; ++ ++ for (; elsize > 0; elsize -= esize) { ++ elem = data; ++ ++ pr_devel("ELEM[%04x]\n", offs); ++ ++ key = key_create_or_update( ++ make_key_ref(keyring, 1), ++ "asymmetric", ++ NULL, ++ &elem->signature_data, ++ esize - sizeof(*elem), ++ (KEY_POS_ALL & ~KEY_POS_SETATTR) | ++ KEY_USR_VIEW, ++ KEY_ALLOC_NOT_IN_QUOTA | ++ KEY_ALLOC_TRUSTED); ++ ++ if (IS_ERR(key)) ++ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", ++ PTR_ERR(key)); ++ else ++ pr_notice("Loaded cert '%s' linked to '%s'\n", ++ key_ref_to_ptr(key)->description, ++ keyring->description); ++ ++ data += esize; ++ size -= esize; ++ offs += esize; ++ } ++ } ++ ++ return 0; ++} +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 5ce40e215f15..41359e548bcb 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -906,6 +906,10 @@ extern bool efi_poweroff_required(void); + (md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \ + (md) = (void *)(md) + (m)->desc_size) + ++struct key; ++extern int __init parse_efi_signature_list(const void *data, size_t size, ++ struct key *keyring); ++ + /** + * efi_range_is_wc - check the WC bit on an address range + * @start: starting kvirt address +-- +1.9.3 + diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch new file mode 100644 index 000000000..079e28b2c --- /dev/null +++ b/Add-option-to-automatically-enforce-module-signature.patch @@ -0,0 +1,186 @@ +From d9c97fea8a906281ee05486731746d648d8ff749 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Fri, 9 Aug 2013 18:36:30 -0400 +Subject: [PATCH] Add option to automatically enforce module signatures when in + Secure Boot mode + +UEFI Secure Boot provides a mechanism for ensuring that the firmware will +only load signed bootloaders and kernels. Certain use cases may also +require that all kernel modules also be signed. Add a configuration option +that enforces this automatically when enabled. + +Signed-off-by: Matthew Garrett +--- + Documentation/x86/zero-page.txt | 2 ++ + arch/x86/Kconfig | 10 ++++++++++ + arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++ + arch/x86/include/uapi/asm/bootparam.h | 3 ++- + arch/x86/kernel/setup.c | 6 ++++++ + include/linux/module.h | 6 ++++++ + kernel/module.c | 7 +++++++ + 7 files changed, 69 insertions(+), 1 deletion(-) + +diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt +index 199f453cb4de..ec38acf00b40 100644 +--- a/Documentation/x86/zero-page.txt ++++ b/Documentation/x86/zero-page.txt +@@ -30,6 +30,8 @@ Offset Proto Name Meaning + 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below) + 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer + (below) ++1EB/001 ALL kbd_status Numlock is enabled ++1EC/001 ALL secure_boot Secure boot is enabled in the firmware + 1EF/001 ALL sentinel Used to detect broken bootloaders + 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures + 2D0/A00 ALL e820_map E820 memory map table +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 778178f4c7d1..8899dc333793 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1565,6 +1565,16 @@ config EFI_MIXED + + If unsure, say N. + ++config EFI_SECURE_BOOT_SIG_ENFORCE ++ def_bool n ++ prompt "Force module signing when UEFI Secure Boot is enabled" ++ ---help--- ++ UEFI Secure Boot provides a mechanism for ensuring that the ++ firmware will only load signed bootloaders and kernels. Certain ++ use cases may also require that all kernel modules also be signed. ++ Say Y here to automatically enable module signature enforcement ++ when a system boots with UEFI Secure Boot enabled. ++ + config SECCOMP + def_bool y + prompt "Enable seccomp to safely compute untrusted bytecode" +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index f277184e2ac1..88edd48f03e9 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + + #undef memcpy /* Use memcpy from misc.c */ + +@@ -803,6 +804,37 @@ out: + return status; + } + ++static int get_secure_boot(void) ++{ ++ u8 sb, setup; ++ unsigned long datasize = sizeof(sb); ++ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; ++ efi_status_t status; ++ ++ status = efi_early->call((unsigned long)sys_table->runtime->get_variable, ++ L"SecureBoot", &var_guid, NULL, &datasize, &sb); ++ ++ if (status != EFI_SUCCESS) ++ return 0; ++ ++ if (sb == 0) ++ return 0; ++ ++ ++ status = efi_early->call((unsigned long)sys_table->runtime->get_variable, ++ L"SetupMode", &var_guid, NULL, &datasize, ++ &setup); ++ ++ if (status != EFI_SUCCESS) ++ return 0; ++ ++ if (setup == 1) ++ return 0; ++ ++ return 1; ++} ++ ++ + /* + * See if we have Graphics Output Protocol + */ +@@ -1374,6 +1406,10 @@ struct boot_params *efi_main(struct efi_config *c, + else + setup_boot_services32(efi_early); + ++ sanitize_boot_params(boot_params); ++ ++ boot_params->secure_boot = get_secure_boot(); ++ + setup_graphics(boot_params); + + status = setup_efi_pci(boot_params); +diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h +index 225b0988043a..90dbfb73e11f 100644 +--- a/arch/x86/include/uapi/asm/bootparam.h ++++ b/arch/x86/include/uapi/asm/bootparam.h +@@ -133,7 +133,8 @@ struct boot_params { + __u8 eddbuf_entries; /* 0x1e9 */ + __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ + __u8 kbd_status; /* 0x1eb */ +- __u8 _pad5[3]; /* 0x1ec */ ++ __u8 secure_boot; /* 0x1ec */ ++ __u8 _pad5[2]; /* 0x1ed */ + /* + * The sentinel is set to a nonzero value (0xff) in header.S. + * +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 41ead8d3bc0b..5a5cf7395724 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p) + + io_delay_init(); + ++#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE ++ if (boot_params.secure_boot) { ++ enforce_signed_modules(); ++ } ++#endif ++ + /* + * Parse the ACPI tables for possible boot-time SMP configuration. + */ +diff --git a/include/linux/module.h b/include/linux/module.h +index 341a73ecea2e..cca08ac450e2 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); + + struct notifier_block; + ++#ifdef CONFIG_MODULE_SIG ++extern void enforce_signed_modules(void); ++#else ++static inline void enforce_signed_modules(void) {}; ++#endif ++ + #ifdef CONFIG_MODULES + + extern int modules_disabled; /* for sysctl */ +diff --git a/kernel/module.c b/kernel/module.c +index 1f7b4664300e..866417ecc76a 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3843,6 +3843,13 @@ void module_layout(struct module *mod, + EXPORT_SYMBOL(module_layout); + #endif + ++#ifdef CONFIG_MODULE_SIG ++void enforce_signed_modules(void) ++{ ++ sig_enforce = true; ++} ++#endif ++ + bool secure_modules(void) + { + #ifdef CONFIG_MODULE_SIG +-- +1.9.3 + diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch new file mode 100644 index 000000000..23d01fdf7 --- /dev/null +++ b/Add-secure_modules-call.patch @@ -0,0 +1,64 @@ +From 3a2e996725c790c4a7db13246c312f3f5ed085e7 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Fri, 9 Aug 2013 17:58:15 -0400 +Subject: [PATCH] Add secure_modules() call + +Provide a single call to allow kernel code to determine whether the system +has been configured to either disable module loading entirely or to load +only modules signed with a trusted key. + +Bugzilla: N/A +Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd + +Signed-off-by: Matthew Garrett +--- + include/linux/module.h | 7 +++++++ + kernel/module.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/include/linux/module.h b/include/linux/module.h +index 71f282a4e307..341a73ecea2e 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb); + + extern void print_modules(void); + ++extern bool secure_modules(void); ++ + #else /* !CONFIG_MODULES... */ + + /* Given an address, look for it in the exception tables. */ +@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb) + static inline void print_modules(void) + { + } ++ ++static inline bool secure_modules(void) ++{ ++ return false; ++} + #endif /* CONFIG_MODULES */ + + #ifdef CONFIG_SYSFS +diff --git a/kernel/module.c b/kernel/module.c +index 03214bd288e9..1f7b4664300e 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3842,3 +3842,13 @@ void module_layout(struct module *mod, + } + EXPORT_SYMBOL(module_layout); + #endif ++ ++bool secure_modules(void) ++{ ++#ifdef CONFIG_MODULE_SIG ++ return (sig_enforce || modules_disabled); ++#else ++ return modules_disabled; ++#endif ++} ++EXPORT_SYMBOL(secure_modules); +-- +1.9.3 + diff --git a/sysrq-secure-boot.patch b/Add-sysrq-option-to-disable-secure-boot-mode.patch similarity index 95% rename from sysrq-secure-boot.patch rename to Add-sysrq-option-to-disable-secure-boot-mode.patch index 1b1399340..3724958fe 100644 --- a/sysrq-secure-boot.patch +++ b/Add-sysrq-option-to-disable-secure-boot-mode.patch @@ -1,11 +1,10 @@ -Bugzilla: N/A -Upstream-status: Fedora mustard - -From 603230771bdbca78e6530d29dbe8b239cdcc8473 Mon Sep 17 00:00:00 2001 +From 8e57a11b2016ad15653f55d2b0b799f94050cb8e Mon Sep 17 00:00:00 2001 From: Kyle McMartin Date: Fri, 30 Aug 2013 09:28:51 -0400 Subject: [PATCH] Add sysrq option to disable secure boot mode +Bugzilla: N/A +Upstream-status: Fedora mustard --- arch/x86/kernel/setup.c | 36 ++++++++++++++++++++++++++++++++++++ drivers/input/misc/uinput.c | 1 + @@ -17,7 +16,7 @@ Subject: [PATCH] Add sysrq option to disable secure boot mode 7 files changed, 65 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 5ce785fc9f05..2024cbb7169b 100644 +index fb282ff6a802..d291d16ba257 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -70,6 +70,11 @@ @@ -71,10 +70,10 @@ index 5ce785fc9f05..2024cbb7169b 100644 .notifier_call = dump_kernel_offset }; diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c -index 856936247500..1e87a1ea704b 100644 +index 421e29e4cd81..61c1eb97806c 100644 --- a/drivers/input/misc/uinput.c +++ b/drivers/input/misc/uinput.c -@@ -353,6 +353,7 @@ static int uinput_allocate_device(struct uinput_device *udev) +@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev) if (!udev->dev) return -ENOMEM; @@ -83,7 +82,7 @@ index 856936247500..1e87a1ea704b 100644 input_set_drvdata(udev->dev, udev); diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index 454b65898e2c..19d67594a3b8 100644 +index 42bad18c66c9..496e073b09d7 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c @@ -463,6 +463,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = { @@ -217,7 +216,7 @@ index 387fa7d05c98..4b07e30b3279 100644 int unregister_sysrq_key(int key, struct sysrq_key_op *op); struct sysrq_key_op *__sysrq_get_key_op(int key); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 2f7c760305ca..abb29d9811af 100644 +index 379650b984f8..070f29fefdc2 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1924,7 +1924,7 @@ static int kdb_sr(int argc, const char **argv) @@ -230,10 +229,10 @@ index 2f7c760305ca..abb29d9811af 100644 return 0; diff --git a/kernel/module.c b/kernel/module.c -index 452079124fb7..37dabbc1e902 100644 +index 866417ecc76a..d7ca95c5a349 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */ +@@ -108,9 +108,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */ #ifdef CONFIG_MODULE_SIG #ifdef CONFIG_MODULE_SIG_FORCE diff --git a/HID-wacom-Add-support-for-the-Cintiq-Companion.patch b/HID-wacom-Add-support-for-the-Cintiq-Companion.patch new file mode 100644 index 000000000..38f114bc2 --- /dev/null +++ b/HID-wacom-Add-support-for-the-Cintiq-Companion.patch @@ -0,0 +1,47 @@ +From bbe2ff3101aff1009fe9afbe17cb16a273797193 Mon Sep 17 00:00:00 2001 +From: Benjamin Tissoires +Date: Wed, 3 Sep 2014 15:43:25 -0400 +Subject: [PATCH] HID: wacom: Add support for the Cintiq Companion + +The Wacom Cintiq Companion shares the same sensor than the Cintiq +Companion Hybrid, with the exception of the different PIDs. + +Bugzilla: 1134969 +Upstream-status: Queued for 3.18 + +Signed-off-by: Benjamin Tissoires +--- + drivers/hid/wacom_wac.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c +index aa6a08eb7ad6..c3cbbfb5811f 100644 +--- a/drivers/hid/wacom_wac.c ++++ b/drivers/hid/wacom_wac.c +@@ -2573,6 +2573,14 @@ static const struct wacom_features wacom_features_0x309 = + { "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */ + .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10, + .check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE }; ++static const struct wacom_features wacom_features_0x30A = ++ { "Wacom ISDv5 30A", 59352, 33648, 2047, 63, ++ CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200, ++ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C }; ++static const struct wacom_features wacom_features_0x30C = ++ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */ ++ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30A, .touch_max = 10, ++ .check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE }; + + #define USB_DEVICE_WACOM(prod) \ + HID_DEVICE(BUS_USB, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\ +@@ -2708,6 +2716,8 @@ const struct hid_device_id wacom_ids[] = { + { USB_DEVICE_WACOM(0x304) }, + { USB_DEVICE_WACOM(0x307) }, + { USB_DEVICE_WACOM(0x309) }, ++ { USB_DEVICE_WACOM(0x30A) }, ++ { USB_DEVICE_WACOM(0x30C) }, + { USB_DEVICE_WACOM(0x30E) }, + { USB_DEVICE_WACOM(0x314) }, + { USB_DEVICE_WACOM(0x315) }, +-- +1.9.3 + diff --git a/Input-wacom-Add-support-for-the-Cintiq-Companion.patch b/Input-wacom-Add-support-for-the-Cintiq-Companion.patch deleted file mode 100644 index 33691ccff..000000000 --- a/Input-wacom-Add-support-for-the-Cintiq-Companion.patch +++ /dev/null @@ -1,46 +0,0 @@ -From bdfffc320102278edac2db5a397ffbfd89faeab3 Mon Sep 17 00:00:00 2001 -From: Benjamin Tissoires -Date: Wed, 3 Sep 2014 15:43:25 -0400 -Subject: [PATCH] Input: wacom: Add support for the Cintiq Companion - -The Wacom Cintiq Companion shares the same sensor than the Cintiq -Companion Hybrid, with the exception of the different PIDs. - -Bugzilla: 1134969 -Upstream-status: Queued for 3.18 - -Signed-off-by: Benjamin Tissoires ---- - drivers/input/tablet/wacom_wac.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/drivers/input/tablet/wacom_wac.c b/drivers/input/tablet/wacom_wac.c -index e73cf2c71f35..7f6caf8c85fb 100644 ---- a/drivers/input/tablet/wacom_wac.c -+++ b/drivers/input/tablet/wacom_wac.c -@@ -2332,6 +2332,13 @@ static const struct wacom_features wacom_features_0x0307 = - static const struct wacom_features wacom_features_0x0309 = - { "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */ - .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10 }; -+static const struct wacom_features wacom_features_0x030A = -+ { "Wacom ISDv5 30A", WACOM_PKGLEN_INTUOS, 59352, 33648, 2047, -+ 63, CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200, -+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C }; -+static const struct wacom_features wacom_features_0x030C = -+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */ -+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x030A, .touch_max = 10 }; - - #define USB_DEVICE_WACOM(prod) \ - USB_DEVICE(USB_VENDOR_ID_WACOM, prod), \ -@@ -2478,6 +2485,8 @@ const struct usb_device_id wacom_ids[] = { - { USB_DEVICE_WACOM(0xFA) }, - { USB_DEVICE_WACOM(0xFB) }, - { USB_DEVICE_WACOM(0x0307) }, -+ { USB_DEVICE_WACOM(0x030A) }, -+ { USB_DEVICE_DETAILED(0x030C, USB_CLASS_HID, 0, 0) }, - { USB_DEVICE_DETAILED(0x0309, USB_CLASS_HID, 0, 0) }, - { USB_DEVICE_LENOVO(0x6004) }, - { } --- -1.9.3 - diff --git a/KEYS-Add-a-system-blacklist-keyring.patch b/KEYS-Add-a-system-blacklist-keyring.patch new file mode 100644 index 000000000..336c9d976 --- /dev/null +++ b/KEYS-Add-a-system-blacklist-keyring.patch @@ -0,0 +1,112 @@ +From 6aca93c96e067deab170188aea3edb0afd88e9a2 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Fri, 26 Oct 2012 12:36:24 -0400 +Subject: [PATCH] KEYS: Add a system blacklist keyring + +This adds an additional keyring that is used to store certificates that +are blacklisted. This keyring is searched first when loading signed modules +and if the module's certificate is found, it will refuse to load. This is +useful in cases where third party certificates are used for module signing. + +Signed-off-by: Josh Boyer +--- + include/keys/system_keyring.h | 4 ++++ + init/Kconfig | 9 +++++++++ + kernel/module_signing.c | 12 ++++++++++++ + kernel/system_keyring.c | 17 +++++++++++++++++ + 4 files changed, 42 insertions(+) + +diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h +index 72665eb80692..2c7b80d31366 100644 +--- a/include/keys/system_keyring.h ++++ b/include/keys/system_keyring.h +@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void) + } + #endif + ++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING ++extern struct key *system_blacklist_keyring; ++#endif ++ + #endif /* _KEYS_SYSTEM_KEYRING_H */ +diff --git a/init/Kconfig b/init/Kconfig +index e84c6423a2e5..223b1a32bbcb 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1720,6 +1720,15 @@ config SYSTEM_TRUSTED_KEYRING + + Keys in this keyring are used by module signature checking. + ++config SYSTEM_BLACKLIST_KEYRING ++ bool "Provide system-wide ring of blacklisted keys" ++ depends on KEYS ++ help ++ Provide a system keyring to which blacklisted keys can be added. ++ Keys in the keyring are considered entirely untrusted. Keys in this ++ keyring are used by the module signature checking to reject loading ++ of modules signed with a blacklisted key. ++ + config PROFILING + bool "Profiling support" + help +diff --git a/kernel/module_signing.c b/kernel/module_signing.c +index be5b8fac4bd0..fed815fcdaf2 100644 +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len, + + pr_debug("Look up: \"%s\"\n", id); + ++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING ++ key = keyring_search(make_key_ref(system_blacklist_keyring, 1), ++ &key_type_asymmetric, id); ++ if (!IS_ERR(key)) { ++ /* module is signed with a cert in the blacklist. reject */ ++ pr_err("Module key '%s' is in blacklist\n", id); ++ key_ref_put(key); ++ kfree(id); ++ return ERR_PTR(-EKEYREJECTED); ++ } ++#endif ++ + key = keyring_search(make_key_ref(system_trusted_keyring, 1), + &key_type_asymmetric, id); + if (IS_ERR(key)) +diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c +index 875f64e8935b..c15e93f5a418 100644 +--- a/kernel/system_keyring.c ++++ b/kernel/system_keyring.c +@@ -20,6 +20,9 @@ + + struct key *system_trusted_keyring; + EXPORT_SYMBOL_GPL(system_trusted_keyring); ++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING ++struct key *system_blacklist_keyring; ++#endif + + extern __initconst const u8 system_certificate_list[]; + extern __initconst const unsigned long system_certificate_list_size; +@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void) + panic("Can't allocate system trusted keyring\n"); + + set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags); ++ ++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING ++ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring", ++ KUIDT_INIT(0), KGIDT_INIT(0), ++ current_cred(), ++ (KEY_POS_ALL & ~KEY_POS_SETATTR) | ++ KEY_USR_VIEW | KEY_USR_READ, ++ KEY_ALLOC_NOT_IN_QUOTA, NULL); ++ if (IS_ERR(system_blacklist_keyring)) ++ panic("Can't allocate system blacklist keyring\n"); ++ ++ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags); ++#endif ++ + return 0; + } + +-- +1.9.3 + diff --git a/KEYS-Fix-termination-condition-in-assoc-array-garbag.patch b/KEYS-Fix-termination-condition-in-assoc-array-garbag.patch new file mode 100644 index 000000000..d5fc6e2f1 --- /dev/null +++ b/KEYS-Fix-termination-condition-in-assoc-array-garbag.patch @@ -0,0 +1,95 @@ +From 02c3c0f0c83483a79783b211ef1bbd79ef0bd360 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Tue, 9 Sep 2014 19:12:32 +0100 +Subject: [PATCH] KEYS: Fix termination condition in assoc array garbage + collection + +It is possible for an associative array to end up with a shortcut node at the +root of the tree, if there are more than fan-out nodes in the tree, but they +all crowd into the same slot in the lowest level (ie. they all have the same +first nibble of their index keys). + +When assoc_array_gc() returns back up the tree after scanning some leaves, it +can fall off of the root and crash because it assumes that the back pointer +from a shortcut (after label ascend_old_tree) must point to a normal node - +which isn't true of a shortcut node at the root. + +Should we find we're ascending rootwards over a shortcut, we should check to +see if the backpointer is zero - and if it is, we have completed the scan. + +This particular bug cannot occur if the root node is not a shortcut - ie. if +you have fewer than 17 keys in a keyring or if you have at least two keys that +sit into separate slots (eg. a keyring and a non keyring). + +If we do fall off of the top of the tree, we get the following oops: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 + IP: [] assoc_array_gc+0x2f7/0x540 + PGD dae15067 PUD cfc24067 PMD 0 + Oops: 0000 [#1] SMP + Modules linked in: xt_nat xt_mark nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_ni + CPU: 0 PID: 26011 Comm: kworker/0:1 Not tainted 3.14.9-200.fc20.x86_64 #1 + Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 + Workqueue: events key_garbage_collector + task: ffff8800918bd580 ti: ffff8800aac14000 task.ti: ffff8800aac14000 + RIP: 0010:[] [] assoc_array_gc+0x2f7/0x540 + RSP: 0018:ffff8800aac15d40 EFLAGS: 00010206 + RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8800aaecacc0 + RDX: ffff8800daecf440 RSI: 0000000000000001 RDI: ffff8800aadc2bc0 + RBP: ffff8800aac15da8 R08: 0000000000000001 R09: 0000000000000003 + R10: ffffffff8136ccc7 R11: 0000000000000000 R12: 0000000000000000 + R13: 0000000000000000 R14: 0000000000000070 R15: 0000000000000001 + FS: 0000000000000000(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b + CR2: 0000000000000018 CR3: 00000000db10d000 CR4: 00000000000006f0 + Stack: + ffff8800aac15d50 0000000000000011 ffff8800aac15db8 ffffffff812e2a70 + ffff880091a00600 0000000000000000 ffff8800aadc2bc3 00000000cd42c987 + ffff88003702df20 ffff88003702dfa0 0000000053b65c09 ffff8800aac15fd8 + Call Trace: + [] ? keyring_detect_cycle_iterator+0x30/0x30 + [] keyring_gc+0x75/0x80 + [] key_garbage_collector+0x154/0x3c0 + [] process_one_work+0x176/0x430 + [] worker_thread+0x11b/0x3a0 + [] ? rescuer_thread+0x3b0/0x3b0 + [] kthread+0xd8/0xf0 + [] ? insert_kthread_work+0x40/0x40 + [] ret_from_fork+0x7c/0xb0 + [] ? insert_kthread_work+0x40/0x40 + Code: 08 4c 8b 22 0f 84 bf 00 00 00 41 83 c7 01 49 83 e4 fc 41 83 ff 0f 4c 89 65 c0 0f 8f 5a fe ff ff 48 8b 45 c0 4d 63 cf 49 83 c1 02 <4e> 8b 34 c8 4d 85 f6 0f 84 be 00 00 00 41 f6 c6 01 0f 84 92 + RIP [] assoc_array_gc+0x2f7/0x540 + RSP + CR2: 0000000000000018 + ---[ end trace 1129028a088c0cbd ]--- + +Bugzilla: 1116347 +Upstream-status: ?? + +Signed-off-by: David Howells +--- + lib/assoc_array.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/assoc_array.c b/lib/assoc_array.c +index ae146f0734eb..2404d03e251a 100644 +--- a/lib/assoc_array.c ++++ b/lib/assoc_array.c +@@ -1723,11 +1723,13 @@ ascend_old_tree: + shortcut = assoc_array_ptr_to_shortcut(ptr); + slot = shortcut->parent_slot; + cursor = shortcut->back_pointer; ++ if (!cursor) ++ goto gc_complete; + } else { + slot = node->parent_slot; + cursor = ptr; + } +- BUG_ON(!ptr); ++ BUG_ON(!cursor); + node = assoc_array_ptr_to_node(cursor); + slot++; + goto continue_node; +-- +1.9.3 + diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch new file mode 100644 index 000000000..0a9a5b175 --- /dev/null +++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch @@ -0,0 +1,186 @@ +From 728aa078f7fa819843c2eb68517d326cbf3947ea Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Fri, 26 Oct 2012 12:42:16 -0400 +Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot + +Secure Boot stores a list of allowed certificates in the 'db' variable. +This imports those certificates into the system trusted keyring. This +allows for a third party signing certificate to be used in conjunction +with signed modules. By importing the public certificate into the 'db' +variable, a user can allow a module signed with that certificate to +load. The shim UEFI bootloader has a similar certificate list stored +in the 'MokListRT' variable. We import those as well. + +In the opposite case, Secure Boot maintains a list of disallowed +certificates in the 'dbx' variable. We load those certificates into +the newly introduced system blacklist keyring and forbid any module +signed with those from loading. + +Signed-off-by: Josh Boyer +--- + include/linux/efi.h | 6 ++++ + init/Kconfig | 9 +++++ + kernel/Makefile | 3 ++ + kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 110 insertions(+) + create mode 100644 kernel/modsign_uefi.c + +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 41359e548bcb..db9e6118575e 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -587,6 +587,12 @@ void efi_native_runtime_setup(void); + #define EFI_CERT_X509_GUID \ + EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) + ++#define EFI_IMAGE_SECURITY_DATABASE_GUID \ ++ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f ) ++ ++#define EFI_SHIM_LOCK_GUID \ ++ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 ) ++ + typedef struct { + efi_guid_t guid; + u64 table; +diff --git a/init/Kconfig b/init/Kconfig +index 223b1a32bbcb..3bad458f1c68 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1874,6 +1874,15 @@ config MODULE_SIG_ALL + comment "Do not forget to sign required modules with scripts/sign-file" + depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL + ++config MODULE_SIG_UEFI ++ bool "Allow modules signed with certs stored in UEFI" ++ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI ++ select EFI_SIGNATURE_LIST_PARSER ++ help ++ This will import certificates stored in UEFI and allow modules ++ signed with those to be loaded. It will also disallow loading ++ of modules stored in the UEFI dbx variable. ++ + choice + prompt "Which hash algorithm should modules be signed with?" + depends on MODULE_SIG +diff --git a/kernel/Makefile b/kernel/Makefile +index dc5c77544fd6..95bdf3398880 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -45,6 +45,7 @@ obj-$(CONFIG_UID16) += uid16.o + obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o + obj-$(CONFIG_MODULES) += module.o + obj-$(CONFIG_MODULE_SIG) += module_signing.o ++obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o + obj-$(CONFIG_KALLSYMS) += kallsyms.o + obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o + obj-$(CONFIG_KEXEC) += kexec.o +@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o + + $(obj)/configs.o: $(obj)/config_data.h + ++$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar ++ + # config_data.h contains the same information as ikconfig.h but gzipped. + # Info from config_data can be extracted from /proc/config* + targets += config_data.gz +diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c +new file mode 100644 +index 000000000000..94b0eb38a284 +--- /dev/null ++++ b/kernel/modsign_uefi.c +@@ -0,0 +1,92 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "module-internal.h" ++ ++static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size) ++{ ++ efi_status_t status; ++ unsigned long lsize = 4; ++ unsigned long tmpdb[4]; ++ void *db = NULL; ++ ++ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); ++ if (status != EFI_BUFFER_TOO_SMALL) { ++ pr_err("Couldn't get size: 0x%lx\n", status); ++ return NULL; ++ } ++ ++ db = kmalloc(lsize, GFP_KERNEL); ++ if (!db) { ++ pr_err("Couldn't allocate memory for uefi cert list\n"); ++ goto out; ++ } ++ ++ status = efi.get_variable(name, guid, NULL, &lsize, db); ++ if (status != EFI_SUCCESS) { ++ kfree(db); ++ db = NULL; ++ pr_err("Error reading db var: 0x%lx\n", status); ++ } ++out: ++ *size = lsize; ++ return db; ++} ++ ++/* ++ * * Load the certs contained in the UEFI databases ++ * */ ++static int __init load_uefi_certs(void) ++{ ++ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID; ++ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID; ++ void *db = NULL, *dbx = NULL, *mok = NULL; ++ unsigned long dbsize = 0, dbxsize = 0, moksize = 0; ++ int rc = 0; ++ ++ /* Check if SB is enabled and just return if not */ ++ if (!efi_enabled(EFI_SECURE_BOOT)) ++ return 0; ++ ++ /* Get db, MokListRT, and dbx. They might not exist, so it isn't ++ * an error if we can't get them. ++ */ ++ db = get_cert_list(L"db", &secure_var, &dbsize); ++ if (!db) { ++ pr_err("MODSIGN: Couldn't get UEFI db list\n"); ++ } else { ++ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring); ++ if (rc) ++ pr_err("Couldn't parse db signatures: %d\n", rc); ++ kfree(db); ++ } ++ ++ mok = get_cert_list(L"MokListRT", &mok_var, &moksize); ++ if (!mok) { ++ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n"); ++ } else { ++ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring); ++ if (rc) ++ pr_err("Couldn't parse MokListRT signatures: %d\n", rc); ++ kfree(mok); ++ } ++ ++ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); ++ if (!dbx) { ++ pr_info("MODSIGN: Couldn't get UEFI dbx list\n"); ++ } else { ++ rc = parse_efi_signature_list(dbx, dbxsize, ++ system_blacklist_keyring); ++ if (rc) ++ pr_err("Couldn't parse dbx signatures: %d\n", rc); ++ kfree(dbx); ++ } ++ ++ return rc; ++} ++late_initcall(load_uefi_certs); +-- +1.9.3 + diff --git a/MODSIGN-Support-not-importing-certs-from-db.patch b/MODSIGN-Support-not-importing-certs-from-db.patch new file mode 100644 index 000000000..408976c5c --- /dev/null +++ b/MODSIGN-Support-not-importing-certs-from-db.patch @@ -0,0 +1,84 @@ +From 423462db8b901e6cc936350a5e1f538d15aa5555 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Thu, 3 Oct 2013 10:14:23 -0400 +Subject: [PATCH] MODSIGN: Support not importing certs from db + +If a user tells shim to not use the certs/hashes in the UEFI db variable +for verification purposes, shim will set a UEFI variable called MokIgnoreDB. +Have the uefi import code look for this and not import things from the db +variable. + +Signed-off-by: Josh Boyer +--- + kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++--------- + 1 file changed, 31 insertions(+), 9 deletions(-) + +diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c +index 94b0eb38a284..ae28b974d49a 100644 +--- a/kernel/modsign_uefi.c ++++ b/kernel/modsign_uefi.c +@@ -8,6 +8,23 @@ + #include + #include "module-internal.h" + ++static __init int check_ignore_db(void) ++{ ++ efi_status_t status; ++ unsigned int db = 0; ++ unsigned long size = sizeof(db); ++ efi_guid_t guid = EFI_SHIM_LOCK_GUID; ++ ++ /* Check and see if the MokIgnoreDB variable exists. If that fails ++ * then we don't ignore DB. If it succeeds, we do. ++ */ ++ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db); ++ if (status != EFI_SUCCESS) ++ return 0; ++ ++ return 1; ++} ++ + static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size) + { + efi_status_t status; +@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void) + efi_guid_t mok_var = EFI_SHIM_LOCK_GUID; + void *db = NULL, *dbx = NULL, *mok = NULL; + unsigned long dbsize = 0, dbxsize = 0, moksize = 0; +- int rc = 0; ++ int ignore_db, rc = 0; + + /* Check if SB is enabled and just return if not */ + if (!efi_enabled(EFI_SECURE_BOOT)) + return 0; + ++ /* See if the user has setup Ignore DB mode */ ++ ignore_db = check_ignore_db(); ++ + /* Get db, MokListRT, and dbx. They might not exist, so it isn't + * an error if we can't get them. + */ +- db = get_cert_list(L"db", &secure_var, &dbsize); +- if (!db) { +- pr_err("MODSIGN: Couldn't get UEFI db list\n"); +- } else { +- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring); +- if (rc) +- pr_err("Couldn't parse db signatures: %d\n", rc); +- kfree(db); ++ if (!ignore_db) { ++ db = get_cert_list(L"db", &secure_var, &dbsize); ++ if (!db) { ++ pr_err("MODSIGN: Couldn't get UEFI db list\n"); ++ } else { ++ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring); ++ if (rc) ++ pr_err("Couldn't parse db signatures: %d\n", rc); ++ kfree(db); ++ } + } + + mok = get_cert_list(L"MokListRT", &mok_var, &moksize); +-- +1.9.3 + diff --git a/Makefile.config b/Makefile.config index 348396828..63549f642 100644 --- a/Makefile.config +++ b/Makefile.config @@ -11,11 +11,10 @@ CONFIGFILES = \ $(CFG)-s390x.config \ $(CFG)-armv7hl.config $(CFG)-armv7hl-lpae.config \ $(CFG)-aarch64.config \ - $(CFG)-ppc.config $(CFG)-ppc-smp.config \ $(CFG)-ppc64.config $(CFG)-ppc64p7.config $(CFG)-ppc64-debug.config \ $(CFG)-ppc64le.config -PLATFORMS = x86 x86_64 powerpc powerpc32 powerpc64 s390x arm arm64 +PLATFORMS = x86 x86_64 powerpc powerpc64 s390x arm arm64 TEMPFILES = $(addprefix temp-, $(addsuffix -generic, $(PLATFORMS))) configs: $(CONFIGFILES) @@ -81,9 +80,6 @@ temp-powerpc-generic: config-powerpc-generic temp-generic temp-powerpc-debug-generic: config-powerpc-generic temp-debug-generic perl merge.pl $^ > $@ -temp-powerpc32-generic: config-powerpc32-generic temp-powerpc-generic - perl merge.pl $^ > $@ - temp-powerpc64-generic: config-powerpc64 temp-powerpc-generic perl merge.pl $^ > $@ @@ -134,9 +130,3 @@ $(CFG)-armv7hl-lpae.config: /dev/null temp-armv7-lpae $(CFG)-aarch64.config: /dev/null temp-arm64 perl merge.pl $^ arm64 > $@ - -$(CFG)-ppc.config: /dev/null temp-powerpc32-generic - perl merge.pl $^ powerpc > $@ - -$(CFG)-ppc-smp.config: config-powerpc32-smp temp-powerpc32-generic - perl merge.pl $^ powerpc > $@ diff --git a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch new file mode 100644 index 000000000..cfded0b74 --- /dev/null +++ b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch @@ -0,0 +1,117 @@ +From 6f2298da3471189910506e3eec34c2a9b7c12761 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 8 Mar 2012 10:10:38 -0500 +Subject: [PATCH] PCI: Lock down BAR access when module security is enabled + +Any hardware that can potentially generate DMA has to be locked down from +userspace in order to avoid it being possible for an attacker to modify +kernel code, allowing them to circumvent disabled module loading or module +signing. Default to paranoid - in future we can potentially relax this for +sufficiently IOMMU-isolated devices. + +Signed-off-by: Matthew Garrett +--- + drivers/pci/pci-sysfs.c | 10 ++++++++++ + drivers/pci/proc.c | 8 +++++++- + drivers/pci/syscall.c | 3 ++- + 3 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c +index 9ff0a901ecf7..8d0d5d92b8d9 100644 +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include "pci.h" + + static int sysfs_initialized; /* = 0 */ +@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, + loff_t init_off = off; + u8 *data = (u8 *) buf; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (off > dev->cfg_size) + return 0; + if (off + count > dev->cfg_size) { +@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, + resource_size_t start, end; + int i; + ++ if (secure_modules()) ++ return -EPERM; ++ + for (i = 0; i < PCI_ROM_RESOURCE; i++) + if (res == &pdev->resource[i]) + break; +@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, + struct bin_attribute *attr, char *buf, + loff_t off, size_t count) + { ++ if (secure_modules()) ++ return -EPERM; ++ + return pci_resource_io(filp, kobj, attr, buf, off, count, true); + } + +diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c +index 3f155e78513f..4265ea07e3b0 100644 +--- a/drivers/pci/proc.c ++++ b/drivers/pci/proc.c +@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf, + int size = dev->cfg_size; + int cnt; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (pos >= size) + return 0; + if (nbytes >= size) +@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd, + #endif /* HAVE_PCI_MMAP */ + int ret = 0; + ++ if (secure_modules()) ++ return -EPERM; ++ + switch (cmd) { + case PCIIOC_CONTROLLER: + ret = pci_domain_nr(dev->bus); +@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) + struct pci_filp_private *fpriv = file->private_data; + int i, ret; + +- if (!capable(CAP_SYS_RAWIO)) ++ if (!capable(CAP_SYS_RAWIO) || secure_modules()) + return -EPERM; + + /* Make sure the caller is mapping a real resource for this device */ +diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c +index b91c4da68365..98f5637304d1 100644 +--- a/drivers/pci/syscall.c ++++ b/drivers/pci/syscall.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include + #include "pci.h" + +@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn, + u32 dword; + int err = 0; + +- if (!capable(CAP_SYS_ADMIN)) ++ if (!capable(CAP_SYS_ADMIN) || secure_modules()) + return -EPERM; + + dev = pci_get_bus_and_slot(bus, dfn); +-- +1.9.3 + diff --git a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch new file mode 100644 index 000000000..4338dbe69 --- /dev/null +++ b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch @@ -0,0 +1,42 @@ +From d999220356c7c2526cdaa1a9113784f95004d65e Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Fri, 9 Mar 2012 09:28:15 -0500 +Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is + restricted + +Allowing users to write to address space makes it possible for the kernel +to be subverted, avoiding module loading restrictions. Prevent this when +any restrictions have been imposed on loading modules. + +Signed-off-by: Matthew Garrett +--- + drivers/char/mem.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index cdf839f9defe..c63cf93b00eb 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, + if (p != *ppos) + return -EFBIG; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (!valid_phys_addr_range(p, count)) + return -EFAULT; + +@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, + char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ + int err = 0; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (p < (unsigned long) high_memory) { + unsigned long to_write = min_t(unsigned long, count, + (unsigned long)high_memory - p); +-- +1.9.3 + diff --git a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch index 2f44032c8..2a5bd2bda 100644 --- a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch +++ b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch @@ -1,23 +1,25 @@ -Bugzilla: N/A -Upstream-status: Sigh. We almost got to drop this. - -From 20e3f1e1b9341d233a11734c07c076caac9936ef Mon Sep 17 00:00:00 2001 +From 37a1b979a715b1c7e8247cfdfcc2eedc9aea1471 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 28 Jul 2014 12:59:48 -0400 Subject: [PATCH] Revert "Revert "ACPI / video: change acpi-video brightness_switch_enabled default to 0"" This reverts commit 2843768b701971ab10e62c77d5c75ad7c306f1bd. + +Bugzilla: N/A +Upstream-status: Sigh. We almost got to drop this. + +Signed-off-by: Josh Boyer --- Documentation/kernel-parameters.txt | 2 +- drivers/acpi/video.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index b7fa2f599459..e8db409a7e3a 100644 +index 5ae8608ca9f5..8ffa8f91eeb2 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -3532,7 +3532,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -3595,7 +3595,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the allocated input device; If set to 0, video driver will only send out the event without touching backlight brightness level. @@ -27,7 +29,7 @@ index b7fa2f599459..e8db409a7e3a 100644 virtio_mmio.device= [VMMIO] Memory mapped virtio (platform) device. diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c -index 350d52a8f781..44c89f705018 100644 +index fcbda105616e..2e0236af78b9 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c @@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot"); diff --git a/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch new file mode 100644 index 000000000..58437f22f --- /dev/null +++ b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch @@ -0,0 +1,39 @@ +From e2b4ee7e99b8c0a0d48ed4aa76fd01e11bfe275d Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Mon, 25 Jun 2012 19:57:30 -0400 +Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading + is restricted + +This option allows userspace to pass the RSDP address to the kernel, which +makes it possible for a user to circumvent any restrictions imposed on +loading modules. Disable it in that case. + +Signed-off-by: Josh Boyer +--- + drivers/acpi/osl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c +index 3abe9b223ba7..ee8f11cf65da 100644 +--- a/drivers/acpi/osl.c ++++ b/drivers/acpi/osl.c +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); + acpi_physical_address __init acpi_os_get_root_pointer(void) + { + #ifdef CONFIG_KEXEC +- if (acpi_rsdp) ++ if (acpi_rsdp && !secure_modules()) + return acpi_rsdp; + #endif + +-- +1.9.3 + diff --git a/0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch b/acpi-video-Add-4-new-models-to-the-use_native_backli.patch similarity index 81% rename from 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch rename to acpi-video-Add-4-new-models-to-the-use_native_backli.patch index dd7f27367..5ba7b3b0a 100644 --- a/0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch +++ b/acpi-video-Add-4-new-models-to-the-use_native_backli.patch @@ -1,8 +1,8 @@ -From 5573624261ab5d54f2dea2a3e09a98729db9ecd9 Mon Sep 17 00:00:00 2001 +From 11ad2e84a328a6bc9861646044d4411352d82258 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 30 Apr 2014 15:24:19 +0200 -Subject: [PATCH 1/2] acpi-video: Add 4 new models to the use_native_backlight - dmi list +Subject: [PATCH] acpi-video: Add 4 new models to the use_native_backlight dmi + list Acer Aspire V5-171 https://bugzilla.redhat.com/show_bug.cgi?id=983342 @@ -21,10 +21,10 @@ Signed-off-by: Hans de Goede 1 file changed, 32 insertions(+) diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c -index 8b6990e..48146fc 100644 +index 2e0236af78b9..df1626d2ba10 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c -@@ -488,6 +488,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { +@@ -556,6 +556,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { }, }, { @@ -39,7 +39,7 @@ index 8b6990e..48146fc 100644 .callback = video_set_use_native_backlight, .ident = "Thinkpad Helix", .matches = { -@@ -513,6 +521,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { +@@ -597,6 +605,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { }, { .callback = video_set_use_native_backlight, @@ -54,7 +54,7 @@ index 8b6990e..48146fc 100644 .ident = "Acer Aspire V5-431", .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Acer"), -@@ -520,6 +536,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { +@@ -644,6 +660,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { }, }, { @@ -69,7 +69,7 @@ index 8b6990e..48146fc 100644 .callback = video_set_use_native_backlight, .ident = "HP ProBook 4340s", .matches = { -@@ -571,6 +595,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { +@@ -720,6 +744,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { }, { .callback = video_set_use_native_backlight, @@ -85,5 +85,5 @@ index 8b6990e..48146fc 100644 .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), -- -1.9.0 +1.9.3 diff --git a/acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch b/acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch index f3d36889f..bcae66a21 100644 --- a/acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch +++ b/acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch @@ -1,11 +1,8 @@ -Bugzilla: 1093171 -Upstream-status: Queued for 3.16 - -From 7ac976d0109433d1ad0812f4f6889a904d9a0c40 Mon Sep 17 00:00:00 2001 +From f2516b128351bcc2856d39a8b2aa98f748becda5 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Mon, 2 Jun 2014 17:41:10 +0200 -Subject: [PATCH 13/14] acpi-video: Add use native backlight quirk for the - ThinkPad W530 +Subject: [PATCH] acpi-video: Add use native backlight quirk for the ThinkPad + W530 Like all of the other *30 ThinkPad models, the W530 has a broken acpi-video backlight control. Note in order for this to actually fix things on the @@ -15,6 +12,9 @@ is also needed. https://bugzilla.redhat.com/show_bug.cgi?id=1093171 +Bugzilla: 1093171 +Upstream-status: Queued for 3.16 + Cc: stable@vger.kernel.org Signed-off-by: Hans de Goede --- @@ -22,10 +22,10 @@ Signed-off-by: Hans de Goede 1 file changed, 8 insertions(+) diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c -index ab7cd65ce21e..dcb0ef4c22f6 100644 +index df1626d2ba10..caa4d8fc3458 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c -@@ -468,6 +468,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { +@@ -469,6 +469,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { }, { .callback = video_set_use_native_backlight, @@ -41,5 +41,5 @@ index ab7cd65ce21e..dcb0ef4c22f6 100644 .matches = { DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), -- -1.9.0 +1.9.3 diff --git a/acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch b/acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch index c8c1f7aa2..a7235cf68 100644 --- a/acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch +++ b/acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch @@ -1,16 +1,16 @@ -Bugzilla: 1025690 -Upstream-status: Waiting for feedback from reporter - -From dfe2c6722a6f6cb45f6b336b094b26a77acd8393 Mon Sep 17 00:00:00 2001 +From d48552d47446ac0562a46bbafcb1ab396d9b8555 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Mon, 2 Jun 2014 17:41:11 +0200 -Subject: [PATCH 14/14] acpi-video: Add use_native_backlight quirk for HP - ProBook 4540s +Subject: [PATCH] acpi-video: Add use_native_backlight quirk for HP ProBook + 4540s As reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1025690 This is yet another model which needs this quirk. +Bugzilla: 1025690 +Upstream-status: Waiting for feedback from reporter + Cc: stable@vger.kernel.org Signed-off-by: Hans de Goede --- @@ -18,10 +18,10 @@ Signed-off-by: Hans de Goede 1 file changed, 8 insertions(+) diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c -index dcb0ef4c22f6..3db16753f88a 100644 +index caa4d8fc3458..7e86097f7c2b 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c -@@ -548,6 +548,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { +@@ -693,6 +693,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = { }, { .callback = video_set_use_native_backlight, @@ -37,5 +37,5 @@ index dcb0ef4c22f6..3db16753f88a 100644 .matches = { DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), -- -1.9.0 +1.9.3 diff --git a/arm-beagle.patch b/arm-beagle.patch deleted file mode 100644 index 5e2d8abdc..000000000 --- a/arm-beagle.patch +++ /dev/null @@ -1,460 +0,0 @@ -Bugzilla: 1012025 -Upstream-status: In beagle github repository https://github.com/beagleboard/kernel - -From b5a2528c89fc8049b2a6a750634c14983e33d00f Mon Sep 17 00:00:00 2001 -From: Robert Nelson -Date: Fri, 27 Dec 2013 13:05:09 -0600 -Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info - -Signed-off-by: Robert Nelson ---- - arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts -index 6b71ad9..09ffbd8 100644 ---- a/arch/arm/boot/dts/am335x-boneblack.dts -+++ b/arch/arm/boot/dts/am335x-boneblack.dts -@@ -74,5 +74,18 @@ - pinctrl-0 = <&nxp_hdmi_bonelt_pins>; - pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>; - status = "okay"; -+ -+ panel-info { -+ bpp = <16>; -+ ac-bias = <255>; -+ ac-bias-intrpt = <0>; -+ dma-burst-sz = <16>; -+ fdd = <16>; -+ sync-edge = <1>; -+ sync-ctrl = <1>; -+ raster-order = <0>; -+ fifo-th = <0>; -+ invert-pxl-clk; -+ }; - }; - }; --- -1.8.5.1 - -From 1da083a002581520dd358b8b8e097078000d12b9 Mon Sep 17 00:00:00 2001 -From: Robert Nelson -Date: Fri, 27 Dec 2013 13:14:19 -0600 -Subject: [PATCH 2/2] arm: dts: am335x-boneblack: add cpu0 opp points - -Signed-off-by: Robert Nelson ---- - arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts -index 09ffbd8..f213ccd 100644 ---- a/arch/arm/boot/dts/am335x-boneblack.dts -+++ b/arch/arm/boot/dts/am335x-boneblack.dts -@@ -67,6 +67,24 @@ - }; - - / { -+ cpus { -+ cpu@0 { -+ cpu0-supply = <&dcdc2_reg>; -+ /* -+ * To consider voltage drop between PMIC and SoC, -+ * tolerance value is reduced to 2% from 4% and -+ * voltage value is increased as a precaution. -+ */ -+ operating-points = < -+ /* kHz uV */ -+ 1000000 1325000 -+ 800000 1300000 -+ 600000 1112000 -+ 300000 969000 -+ >; -+ }; -+ }; -+ - hdmi { - compatible = "ti,tilcdc,slave"; - i2c = <&i2c0>; --- -1.8.5.1 - -From 8551d8aa7d3e002da2097e7e902fb96fceb8694e Mon Sep 17 00:00:00 2001 -From: Robert Nelson -Date: Tue, 31 Dec 2013 11:17:45 -0600 -Subject: [PATCH 3/3] arm: dts: am335x-bone-common: enable and use i2c2 - -Signed-off-by: Robert Nelson ---- - arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++ - 1 file changed, 39 insertions(+) - -diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi -index e3f27ec..54366b6 100644 ---- a/arch/arm/boot/dts/am335x-bone-common.dtsi -+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi -@@ -84,6 +84,13 @@ - >; - }; - -+ i2c2_pins: pinmux_i2c2_pins { -+ pinctrl-single,pins = < -+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */ -+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */ -+ >; -+ }; -+ - uart0_pins: pinmux_uart0_pins { - pinctrl-single,pins = < - 0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */ -@@ -220,6 +227,38 @@ - reg = <0x24>; - }; - -+ baseboard_eeprom: baseboard_eeprom@50 { -+ compatible = "at,24c256"; -+ reg = <0x50>; -+ }; -+}; -+ -+&i2c2 { -+ status = "okay"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&i2c2_pins>; -+ -+ clock-frequency = <100000>; -+ -+ cape_eeprom0: cape_eeprom0@54 { -+ compatible = "at,24c256"; -+ reg = <0x54>; -+ }; -+ -+ cape_eeprom1: cape_eeprom1@55 { -+ compatible = "at,24c256"; -+ reg = <0x55>; -+ }; -+ -+ cape_eeprom2: cape_eeprom2@56 { -+ compatible = "at,24c256"; -+ reg = <0x56>; -+ }; -+ -+ cape_eeprom3: cape_eeprom3@57 { -+ compatible = "at,24c256"; -+ reg = <0x57>; -+ }; - }; - - /include/ "tps65217.dtsi" --- -1.8.5.2 - -From a3099dc53a47d1694a5b575580ec3406dc429bf8 Mon Sep 17 00:00:00 2001 -From: Robert Nelson -Date: Tue, 31 Dec 2013 14:18:00 -0600 -Subject: [PATCH 4/4] arm: dts: am335x-bone-common: setup default pinmux - http://elinux.org/Basic_Proto_Cape - -Signed-off-by: Robert Nelson ---- - arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++ - 1 file changed, 130 insertions(+) - -diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi -index e4571af..f85cabc 100644 ---- a/arch/arm/boot/dts/am335x-bone-common.dtsi -+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi -@@ -98,6 +98,13 @@ - >; - }; - -+ uart1_pins: pinmux_uart1_pins { -+ pinctrl-single,pins = < -+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */ -+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */ -+ >; -+ }; -+ - clkout2_pin: pinmux_clkout2_pin { - pinctrl-single,pins = < - 0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */ -@@ -178,6 +185,33 @@ - 0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */ - >; - }; -+ -+ spi0_pins: pinmux_spi0_pins { -+ pinctrl-single,pins = < -+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */ -+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */ -+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */ -+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */ -+ >; -+ }; -+ -+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 { -+ pinctrl-single,pins = < -+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */ -+ >; -+ }; -+ -+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 { -+ pinctrl-single,pins = < -+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */ -+ >; -+ }; -+ -+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 { -+ pinctrl-single,pins = < -+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */ -+ >; -+ }; - }; - - &uart0 { -@@ -187,6 +221,13 @@ - status = "okay"; - }; - -+&uart1 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&uart1_pins>; -+ -+ status = "okay"; -+}; -+ - &usb { - status = "okay"; - -@@ -261,6 +302,56 @@ - }; - }; - -+&epwmss0 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&ecap0_pin_p9_42>; -+ status = "okay"; -+ -+ ecap@48300100 { -+ status = "okay"; -+ }; -+}; -+ -+&epwmss1 { -+ pinctrl-names = "default"; -+ pinctrl-0 = < -+ &ehrpwm1_pin_p9_14 -+ &ehrpwm1_pin_p9_16 -+ >; -+ -+ status = "okay"; -+ -+ ehrpwm@48302200 { -+ status = "okay"; -+ }; -+}; -+ -+&spi0 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&spi0_pins>; -+ status = "okay"; -+ -+ spidev0: spi@0 { -+ compatible = "spidev"; -+ reg = <0>; -+ spi-max-frequency = <16000000>; -+ spi-cpha; -+ }; -+ -+ spidev1: spi@1 { -+ compatible = "spidev"; -+ reg = <1>; -+ spi-max-frequency = <16000000>; -+ }; -+}; -+ -+&tscadc { -+ status = "okay"; -+ adc { -+ ti,adc-channels = <4 5 6>; -+ }; -+}; -+ - /include/ "tps65217.dtsi" - - &tps { -@@ -336,3 +427,42 @@ - cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>; - cd-inverted; - }; -+ -+/ { -+ ocp { -+ //FIXME: these pwm's still need work, this guild isn't working.. -+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation -+ pwm_test_P9_14@0 { -+ compatible = "pwm_test"; -+ pwms = <&ehrpwm1 0 500000 1>; -+ pwm-names = "PWM_P9_14"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&ehrpwm1_pin_p9_14>; -+ enabled = <1>; -+ duty = <0>; -+ status = "okay"; -+ }; -+ -+ pwm_test_P9_16@0 { -+ compatible = "pwm_test"; -+ pwms = <&ehrpwm1 0 500000 1>; -+ pwm-names = "PWM_P9_16"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&ehrpwm1_pin_p9_16>; -+ enabled = <1>; -+ duty = <0>; -+ status = "okay"; -+ }; -+ -+ pwm_test_P9_42 { -+ compatible = "pwm_test"; -+ pwms = <&ecap0 0 500000 1>; -+ pwm-names = "PWM_P9_42"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&ecap0_pin_p9_42>; -+ enabled = <1>; -+ duty = <0>; -+ status = "okay"; -+ }; -+ }; -+}; --- -1.8.5.2 - -From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001 -From: Robert Nelson -Date: Thu, 13 Mar 2014 14:18:52 -0500 -Subject: [PATCH] arm: dts: am335x-bone-common: add - uart2_pins/uart4_pins/uart5_pins - -Signed-off-by: Robert Nelson ---- - arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi -index f85cabc..5270d18 100644 ---- a/arch/arm/boot/dts/am335x-bone-common.dtsi -+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi -@@ -105,6 +105,27 @@ - >; - }; - -+ uart2_pins: pinmux_uart2_pins { -+ pinctrl-single,pins = < -+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */ -+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */ -+ >; -+ }; -+ -+ uart4_pins: pinmux_uart4_pins { -+ pinctrl-single,pins = < -+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */ -+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */ -+ >; -+ }; -+ -+ uart5_pins: pinmux_uart5_pins { -+ pinctrl-single,pins = < -+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */ -+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */ -+ >; -+ }; -+ - clkout2_pin: pinmux_clkout2_pin { - pinctrl-single,pins = < - 0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */ --- -1.9.0 - -From 72567452d5d6007010597158f6afd00e2bf07579 Mon Sep 17 00:00:00 2001 -From: Pantelis Antoniou -Date: Sat, 15 Sep 2012 12:00:41 +0300 -Subject: [PATCH] pinctrl: pinctrl-single must be initialized early. - -When using pinctrl-single to handle i2c initialization, it has -to be done early. Whether this is the best way to do so, is an -exercise left to the reader. ---- - drivers/pinctrl/pinctrl-single.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c -index 829b98c..5107dcf 100644 ---- a/drivers/pinctrl/pinctrl-single.c -+++ b/drivers/pinctrl/pinctrl-single.c -@@ -2039,7 +2039,17 @@ static struct platform_driver pcs_driver = { - #endif - }; - --module_platform_driver(pcs_driver); -+static int __init pcs_init(void) -+{ -+ return platform_driver_register(&pcs_driver); -+} -+postcore_initcall(pcs_init); -+ -+static void __exit pcs_exit(void) -+{ -+ platform_driver_unregister(&pcs_driver); -+} -+module_exit(pcs_exit); - - MODULE_AUTHOR("Tony Lindgren "); - MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver"); --- -1.8.5.2 - -From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001 -From: Robert Nelson -Date: Thu, 13 Mar 2014 14:18:52 -0500 -Subject: [PATCH] arm: dts: am335x-bone-common: add - uart2_pins/uart4_pins/uart5_pins - -Signed-off-by: Robert Nelson ---- - arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi -index f85cabc..5270d18 100644 ---- a/arch/arm/boot/dts/am335x-bone-common.dtsi -+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi -@@ -105,6 +105,27 @@ - >; - }; - -+ uart2_pins: pinmux_uart2_pins { -+ pinctrl-single,pins = < -+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */ -+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */ -+ >; -+ }; -+ -+ uart4_pins: pinmux_uart4_pins { -+ pinctrl-single,pins = < -+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */ -+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */ -+ >; -+ }; -+ -+ uart5_pins: pinmux_uart5_pins { -+ pinctrl-single,pins = < -+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */ -+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */ -+ >; -+ }; -+ - clkout2_pin: pinmux_clkout2_pin { - pinctrl-single,pins = < - 0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */ --- -1.9.0 diff --git a/arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch b/arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch new file mode 100644 index 000000000..2ddac4f52 --- /dev/null +++ b/arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch @@ -0,0 +1,46 @@ +From eff4447db91c46b6e638ceb0da832354e15e4502 Mon Sep 17 00:00:00 2001 +From: Robert Nelson +Date: Thu, 13 Mar 2014 14:18:52 -0500 +Subject: [PATCH] arm: dts: am335x-bone-common: add + uart2_pins/uart4_pins/uart5_pins + +Signed-off-by: Robert Nelson +--- + arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi +index 86cdb52dbf8a..db4518ef755d 100644 +--- a/arch/arm/boot/dts/am335x-bone-common.dtsi ++++ b/arch/arm/boot/dts/am335x-bone-common.dtsi +@@ -105,6 +105,27 @@ + >; + }; + ++ uart2_pins: pinmux_uart2_pins { ++ pinctrl-single,pins = < ++ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */ ++ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */ ++ >; ++ }; ++ ++ uart4_pins: pinmux_uart4_pins { ++ pinctrl-single,pins = < ++ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */ ++ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */ ++ >; ++ }; ++ ++ uart5_pins: pinmux_uart5_pins { ++ pinctrl-single,pins = < ++ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */ ++ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */ ++ >; ++ }; ++ + clkout2_pin: pinmux_clkout2_pin { + pinctrl-single,pins = < + 0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */ +-- +1.9.3 + diff --git a/arm-dts-am335x-bone-common-enable-and-use-i2c2.patch b/arm-dts-am335x-bone-common-enable-and-use-i2c2.patch new file mode 100644 index 000000000..38111baf4 --- /dev/null +++ b/arm-dts-am335x-bone-common-enable-and-use-i2c2.patch @@ -0,0 +1,70 @@ +From 1f781abfa691083a36dd0d255d190cdb0251725e Mon Sep 17 00:00:00 2001 +From: Robert Nelson +Date: Tue, 31 Dec 2013 11:17:45 -0600 +Subject: [PATCH] arm: dts: am335x-bone-common: enable and use i2c2 + +Signed-off-by: Robert Nelson +--- + arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi +index bde1777b62be..c7357bcc7d5c 100644 +--- a/arch/arm/boot/dts/am335x-bone-common.dtsi ++++ b/arch/arm/boot/dts/am335x-bone-common.dtsi +@@ -84,6 +84,13 @@ + >; + }; + ++ i2c2_pins: pinmux_i2c2_pins { ++ pinctrl-single,pins = < ++ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */ ++ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */ ++ >; ++ }; ++ + uart0_pins: pinmux_uart0_pins { + pinctrl-single,pins = < + 0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */ +@@ -220,6 +227,38 @@ + reg = <0x24>; + }; + ++ baseboard_eeprom: baseboard_eeprom@50 { ++ compatible = "at,24c256"; ++ reg = <0x50>; ++ }; ++}; ++ ++&i2c2 { ++ status = "okay"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&i2c2_pins>; ++ ++ clock-frequency = <100000>; ++ ++ cape_eeprom0: cape_eeprom0@54 { ++ compatible = "at,24c256"; ++ reg = <0x54>; ++ }; ++ ++ cape_eeprom1: cape_eeprom1@55 { ++ compatible = "at,24c256"; ++ reg = <0x55>; ++ }; ++ ++ cape_eeprom2: cape_eeprom2@56 { ++ compatible = "at,24c256"; ++ reg = <0x56>; ++ }; ++ ++ cape_eeprom3: cape_eeprom3@57 { ++ compatible = "at,24c256"; ++ reg = <0x57>; ++ }; + }; + + /include/ "tps65217.dtsi" +-- +1.9.3 + diff --git a/arm-dts-am335x-bone-common-setup-default-pinmux-http.patch b/arm-dts-am335x-bone-common-setup-default-pinmux-http.patch new file mode 100644 index 000000000..49e4e19d2 --- /dev/null +++ b/arm-dts-am335x-bone-common-setup-default-pinmux-http.patch @@ -0,0 +1,180 @@ +From 3cdbaad2a041e42677e1e8137bb1a9f01fd37277 Mon Sep 17 00:00:00 2001 +From: Robert Nelson +Date: Tue, 31 Dec 2013 14:18:00 -0600 +Subject: [PATCH] arm: dts: am335x-bone-common: setup default pinmux + http://elinux.org/Basic_Proto_Cape + +Signed-off-by: Robert Nelson +--- + arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++ + 1 file changed, 130 insertions(+) + +diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi +index c7357bcc7d5c..86cdb52dbf8a 100644 +--- a/arch/arm/boot/dts/am335x-bone-common.dtsi ++++ b/arch/arm/boot/dts/am335x-bone-common.dtsi +@@ -98,6 +98,13 @@ + >; + }; + ++ uart1_pins: pinmux_uart1_pins { ++ pinctrl-single,pins = < ++ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */ ++ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */ ++ >; ++ }; ++ + clkout2_pin: pinmux_clkout2_pin { + pinctrl-single,pins = < + 0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */ +@@ -178,6 +185,33 @@ + 0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */ + >; + }; ++ ++ spi0_pins: pinmux_spi0_pins { ++ pinctrl-single,pins = < ++ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */ ++ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */ ++ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */ ++ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */ ++ >; ++ }; ++ ++ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 { ++ pinctrl-single,pins = < ++ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */ ++ >; ++ }; ++ ++ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 { ++ pinctrl-single,pins = < ++ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */ ++ >; ++ }; ++ ++ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 { ++ pinctrl-single,pins = < ++ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */ ++ >; ++ }; + }; + + &uart0 { +@@ -187,6 +221,13 @@ + status = "okay"; + }; + ++&uart1 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&uart1_pins>; ++ ++ status = "okay"; ++}; ++ + &usb { + status = "okay"; + }; +@@ -261,6 +302,56 @@ + }; + }; + ++&epwmss0 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&ecap0_pin_p9_42>; ++ status = "okay"; ++ ++ ecap@48300100 { ++ status = "okay"; ++ }; ++}; ++ ++&epwmss1 { ++ pinctrl-names = "default"; ++ pinctrl-0 = < ++ &ehrpwm1_pin_p9_14 ++ &ehrpwm1_pin_p9_16 ++ >; ++ ++ status = "okay"; ++ ++ ehrpwm@48302200 { ++ status = "okay"; ++ }; ++}; ++ ++&spi0 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&spi0_pins>; ++ status = "okay"; ++ ++ spidev0: spi@0 { ++ compatible = "spidev"; ++ reg = <0>; ++ spi-max-frequency = <16000000>; ++ spi-cpha; ++ }; ++ ++ spidev1: spi@1 { ++ compatible = "spidev"; ++ reg = <1>; ++ spi-max-frequency = <16000000>; ++ }; ++}; ++ ++&tscadc { ++ status = "okay"; ++ adc { ++ ti,adc-channels = <4 5 6>; ++ }; ++}; ++ + /include/ "tps65217.dtsi" + + &tps { +@@ -337,3 +428,42 @@ + cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>; + cd-inverted; + }; ++ ++/ { ++ ocp { ++ //FIXME: these pwm's still need work, this guild isn't working.. ++ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation ++ pwm_test_P9_14@0 { ++ compatible = "pwm_test"; ++ pwms = <&ehrpwm1 0 500000 1>; ++ pwm-names = "PWM_P9_14"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&ehrpwm1_pin_p9_14>; ++ enabled = <1>; ++ duty = <0>; ++ status = "okay"; ++ }; ++ ++ pwm_test_P9_16@0 { ++ compatible = "pwm_test"; ++ pwms = <&ehrpwm1 0 500000 1>; ++ pwm-names = "PWM_P9_16"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&ehrpwm1_pin_p9_16>; ++ enabled = <1>; ++ duty = <0>; ++ status = "okay"; ++ }; ++ ++ pwm_test_P9_42 { ++ compatible = "pwm_test"; ++ pwms = <&ecap0 0 500000 1>; ++ pwm-names = "PWM_P9_42"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&ecap0_pin_p9_42>; ++ enabled = <1>; ++ duty = <0>; ++ status = "okay"; ++ }; ++ }; ++}; +-- +1.9.3 + diff --git a/arm-dts-am335x-boneblack-add-cpu0-opp-points.patch b/arm-dts-am335x-boneblack-add-cpu0-opp-points.patch new file mode 100644 index 000000000..99f5d7cd5 --- /dev/null +++ b/arm-dts-am335x-boneblack-add-cpu0-opp-points.patch @@ -0,0 +1,42 @@ +From 30cbae0ae84ca0e7f874517dc10e0ac218de4050 Mon Sep 17 00:00:00 2001 +From: Robert Nelson +Date: Fri, 27 Dec 2013 13:14:19 -0600 +Subject: [PATCH] arm: dts: am335x-boneblack: add cpu0 opp points + +Signed-off-by: Robert Nelson +--- + arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts +index bf5349165542..acfff3befff5 100644 +--- a/arch/arm/boot/dts/am335x-boneblack.dts ++++ b/arch/arm/boot/dts/am335x-boneblack.dts +@@ -66,6 +66,24 @@ + }; + + / { ++ cpus { ++ cpu@0 { ++ cpu0-supply = <&dcdc2_reg>; ++ /* ++ * To consider voltage drop between PMIC and SoC, ++ * tolerance value is reduced to 2% from 4% and ++ * voltage value is increased as a precaution. ++ */ ++ operating-points = < ++ /* kHz uV */ ++ 1000000 1325000 ++ 800000 1300000 ++ 600000 1112000 ++ 300000 969000 ++ >; ++ }; ++ }; ++ + hdmi { + compatible = "ti,tilcdc,slave"; + i2c = <&i2c0>; +-- +1.9.3 + diff --git a/arm-dts-am335x-boneblack-lcdc-add-panel-info.patch b/arm-dts-am335x-boneblack-lcdc-add-panel-info.patch new file mode 100644 index 000000000..800f81c03 --- /dev/null +++ b/arm-dts-am335x-boneblack-lcdc-add-panel-info.patch @@ -0,0 +1,39 @@ +From dfbaa9d6f848714f27e4cb0e007e86c4ac650268 Mon Sep 17 00:00:00 2001 +From: Robert Nelson +Date: Fri, 27 Dec 2013 13:05:09 -0600 +Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info + +Bugzilla: 1012025 +Upstream-status: In beagle github repository https://github.com/beagleboard/kernel + +Signed-off-by: Robert Nelson +--- + arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts +index 305975d3f531..bf5349165542 100644 +--- a/arch/arm/boot/dts/am335x-boneblack.dts ++++ b/arch/arm/boot/dts/am335x-boneblack.dts +@@ -73,5 +73,18 @@ + pinctrl-0 = <&nxp_hdmi_bonelt_pins>; + pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>; + status = "okay"; ++ ++ panel-info { ++ bpp = <16>; ++ ac-bias = <255>; ++ ac-bias-intrpt = <0>; ++ dma-burst-sz = <16>; ++ fdd = <16>; ++ sync-edge = <1>; ++ sync-ctrl = <1>; ++ raster-order = <0>; ++ fifo-th = <0>; ++ invert-pxl-clk; ++ }; + }; + }; +-- +1.9.3 + diff --git a/arm-imx6-utilite.patch b/arm-i.MX6-Utilite-device-dtb.patch similarity index 78% rename from arm-imx6-utilite.patch rename to arm-i.MX6-Utilite-device-dtb.patch index bb0747202..13d9af1b2 100644 --- a/arm-imx6-utilite.patch +++ b/arm-i.MX6-Utilite-device-dtb.patch @@ -1,5 +1,14 @@ +From cb21611afe95c256214d50379279f8e79cd72cea Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Fri, 11 Jul 2014 00:10:56 +0100 +Subject: [PATCH] arm: i.MX6 Utilite device dtb + +--- + arch/arm/boot/dts/imx6q-cm-fx6.dts | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) + diff --git a/arch/arm/boot/dts/imx6q-cm-fx6.dts b/arch/arm/boot/dts/imx6q-cm-fx6.dts -index 99b46f8..8b6ddd1 100644 +index 99b46f8030ad..8b6ddd16dcc5 100644 --- a/arch/arm/boot/dts/imx6q-cm-fx6.dts +++ b/arch/arm/boot/dts/imx6q-cm-fx6.dts @@ -97,11 +97,49 @@ @@ -52,3 +61,6 @@ index 99b46f8..8b6ddd1 100644 + pinctrl-0 = <&pinctrl_usdhc3>; + status = "okay"; +}; +-- +1.9.3 + diff --git a/arm-qemu-fixdisplay.patch b/arm-qemu-fixdisplay.patch deleted file mode 100644 index 090193c2d..000000000 --- a/arm-qemu-fixdisplay.patch +++ /dev/null @@ -1,472 +0,0 @@ -commit d10715be03bd8bad59ddc50236cb140c3bd73c7b -Author: Pawel Moll -Date: Tue Jun 24 12:55:11 2014 +0100 - - video: ARM CLCD: Add DT support - - This patch adds basic DT bindings for the PL11x CLCD cells - and make their fbdev driver use them. - - Signed-off-by: Pawel Moll - Signed-off-by: Tomi Valkeinen - -diff --git a/Documentation/devicetree/bindings/video/arm,pl11x.txt b/Documentation/devicetree/bindings/video/arm,pl11x.txt -new file mode 100644 -index 0000000..3e3039a ---- /dev/null -+++ b/Documentation/devicetree/bindings/video/arm,pl11x.txt -@@ -0,0 +1,109 @@ -+* ARM PrimeCell Color LCD Controller PL110/PL111 -+ -+See also Documentation/devicetree/bindings/arm/primecell.txt -+ -+Required properties: -+ -+- compatible: must be one of: -+ "arm,pl110", "arm,primecell" -+ "arm,pl111", "arm,primecell" -+ -+- reg: base address and size of the control registers block -+ -+- interrupt-names: either the single entry "combined" representing a -+ combined interrupt output (CLCDINTR), or the four entries -+ "mbe", "vcomp", "lnbu", "fuf" representing the individual -+ CLCDMBEINTR, CLCDVCOMPINTR, CLCDLNBUINTR, CLCDFUFINTR interrupts -+ -+- interrupts: contains an interrupt specifier for each entry in -+ interrupt-names -+ -+- clock-names: should contain "clcdclk" and "apb_pclk" -+ -+- clocks: contains phandle and clock specifier pairs for the entries -+ in the clock-names property. See -+ Documentation/devicetree/binding/clock/clock-bindings.txt -+ -+Optional properties: -+ -+- memory-region: phandle to a node describing memory (see -+ Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt) -+ to be used for the framebuffer; if not present, the framebuffer -+ may be located anywhere in the memory -+ -+- max-memory-bandwidth: maximum bandwidth in bytes per second that the -+ cell's memory interface can handle; if not present, the memory -+ interface is fast enough to handle all possible video modes -+ -+Required sub-nodes: -+ -+- port: describes LCD panel signals, following the common binding -+ for video transmitter interfaces; see -+ Documentation/devicetree/bindings/media/video-interfaces.txt; -+ when it is a TFT panel, the port's endpoint must define the -+ following property: -+ -+ - arm,pl11x,tft-r0g0b0-pads: an array of three 32-bit values, -+ defining the way CLD pads are wired up; first value -+ contains index of the "CLD" external pin (pad) used -+ as R0 (first bit of the red component), second value -+ index of the pad used as G0, third value index of the -+ pad used as B0, see also "LCD panel signal multiplexing -+ details" paragraphs in the PL110/PL111 Technical -+ Reference Manuals; this implicitly defines available -+ color modes, for example: -+ - PL111 TFT 4:4:4 panel: -+ arm,pl11x,tft-r0g0b0-pads = <4 15 20>; -+ - PL110 TFT (1:)5:5:5 panel: -+ arm,pl11x,tft-r0g0b0-pads = <1 7 13>; -+ - PL111 TFT (1:)5:5:5 panel: -+ arm,pl11x,tft-r0g0b0-pads = <3 11 19>; -+ - PL111 TFT 5:6:5 panel: -+ arm,pl11x,tft-r0g0b0-pads = <3 10 19>; -+ - PL110 and PL111 TFT 8:8:8 panel: -+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>; -+ - PL110 and PL111 TFT 8:8:8 panel, R & B components swapped: -+ arm,pl11x,tft-r0g0b0-pads = <16 8 0>; -+ -+ -+Example: -+ -+ clcd@10020000 { -+ compatible = "arm,pl111", "arm,primecell"; -+ reg = <0x10020000 0x1000>; -+ interrupt-names = "combined"; -+ interrupts = <0 44 4>; -+ clocks = <&oscclk1>, <&oscclk2>; -+ clock-names = "clcdclk", "apb_pclk"; -+ max-memory-bandwidth = <94371840>; /* Bps, 1024x768@60 16bpp */ -+ -+ port { -+ clcd_pads: endpoint { -+ remote-endpoint = <&clcd_panel>; -+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>; -+ }; -+ }; -+ -+ }; -+ -+ panel { -+ compatible = "panel-dpi"; -+ -+ port { -+ clcd_panel: endpoint { -+ remote-endpoint = <&clcd_pads>; -+ }; -+ }; -+ -+ panel-timing { -+ clock-frequency = <25175000>; -+ hactive = <640>; -+ hback-porch = <40>; -+ hfront-porch = <24>; -+ hsync-len = <96>; -+ vactive = <480>; -+ vback-porch = <32>; -+ vfront-porch = <11>; -+ vsync-len = <2>; -+ }; -+ }; -diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig -index 4a7098f..6f451ad 100644 ---- a/drivers/video/fbdev/Kconfig -+++ b/drivers/video/fbdev/Kconfig -@@ -280,6 +280,7 @@ config FB_ARMCLCD - select FB_CFB_FILLRECT - select FB_CFB_COPYAREA - select FB_CFB_IMAGEBLIT -+ select VIDEOMODE_HELPERS if OF - help - This framebuffer device driver is for the ARM PrimeCell PL110 - Colour LCD controller. ARM PrimeCells provide the building -diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c -index 14d6b37..23b3519 100644 ---- a/drivers/video/fbdev/amba-clcd.c -+++ b/drivers/video/fbdev/amba-clcd.c -@@ -26,6 +26,13 @@ - #include - #include - #include -+#include -+#include -+#include -+#include -+#include