Merge branch 'master' of ssh://pkgs.fedoraproject.org/kernel into baytrail

3.17 merge.

Conflicts:
	Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
	config-armv7
	config-armv7-generic
	config-armv7-lpae
	config-nodebug
	kernel-arm64.patch
	kernel.spec
	secure-modules.patch
	sources
This commit is contained in:
Adam Williamson 2014-09-13 10:52:15 -07:00
commit a18b584961
91 changed files with 3468 additions and 12377 deletions

View File

@ -1,138 +0,0 @@
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1021036
Upstream-status: Send upstream for 3.17
From 0ad19912cb324f0a356a212433ec0b2a31f61acc Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 20 Jun 2014 10:29:16 +0200
Subject: [PATCH] ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling
It seems that the same problems which lead to adding an rfkill blacklist and
putting the Lenovo Yoga 2 11 on it are also present on the Lenovo Yoga 2 13
and Lenovo Yoga 2 Pro too:
https://bugzilla.redhat.com/show_bug.cgi?id=1021036
https://forums.lenovo.com/t5/Linux-Discussion/Yoga-2-13-not-Pro-Linux-Warning/m-p/1517612
Testing has shown that the firmware rfkill settings are persistent over
reboots. So blacklisting the driver is not good enough, if the wifi is blocked
at the firmware level the wifi needs to be explictly unblocked through the
ideapad-laptop interface.
And at least on the Lenovo Yoga 2 13 the VPCCMD_RF register which on devices
with hardware kill switch reports the hardware switch state, needs to be
explictly set to 1 (radio enabled / not blocked).
So this patch does 3 things to get proper rfkill handling on these models:
1) Instead of blacklisting the rfkill functionality, which means that people
with a firmware blocked wifi get stuck in that situation, ignore the value
reported by the not present hardware rfkill switch, as this is what is causing
ideapad-laptop to wrongly report all radios as hardware blocks. But do register
the rfkill interfaces so that the user can soft [un]block them.
2) On models without a hardware rfkill switch, explictly set VPCCMD_RF to 1
3) Drop the " 11" postfix from the dmi match string, as the entire Yoga 2
series is affected.
Yoga 2 11:
Reported-and-tested-by: Vincent Gerris <vgerris@gmail.com>
Yoga 2 13:
Tested-by: madls05 <http://ubuntuforums.org/showthread.php?t=2215044>
Yoga 2 Pro:
Reported-and-tested-by: Peter F. Patel-Schneider <pfpschneider@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/ideapad-laptop.c | 41 +++++++++++++++++++++++------------
1 file changed, 27 insertions(+), 14 deletions(-)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index b4c495a..b0e3a2e 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -87,6 +87,7 @@ struct ideapad_private {
struct backlight_device *blightdev;
struct dentry *debug;
unsigned long cfg;
+ bool has_hw_rfkill_switch;
};
static bool no_bt_rfkill;
@@ -473,12 +474,14 @@ static struct rfkill_ops ideapad_rfk_ops = {
static void ideapad_sync_rfk_state(struct ideapad_private *priv)
{
- unsigned long hw_blocked;
+ unsigned long hw_blocked = 0;
int i;
- if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
- return;
- hw_blocked = !hw_blocked;
+ if (priv->has_hw_rfkill_switch) {
+ if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
+ return;
+ hw_blocked = !hw_blocked;
+ }
for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
if (priv->rfk[i])
@@ -821,14 +824,17 @@ static void ideapad_acpi_notify(acpi_handle handle, u32 event, void *data)
}
}
-/* Blacklist for devices where the ideapad rfkill interface does not work */
-static struct dmi_system_id rfkill_blacklist[] = {
- /* The Lenovo Yoga 2 11 always reports everything as blocked */
+/*
+ * Some ideapads don't have a hardware rfkill switch, reading VPCCMD_R_RF
+ * always results in 0 on these models, causing ideapad_laptop to wrongly
+ * report all radios as hardware-blocked.
+ */
+static struct dmi_system_id no_hw_rfkill_list[] = {
{
- .ident = "Lenovo Yoga 2 11",
+ .ident = "Lenovo Yoga 2 11 / 13 / Pro",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
- DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2 11"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2"),
},
},
{}
@@ -856,6 +862,7 @@ static int ideapad_acpi_add(struct platform_device *pdev)
priv->cfg = cfg;
priv->adev = adev;
priv->platform_device = pdev;
+ priv->has_hw_rfkill_switch = !dmi_check_system(no_hw_rfkill_list);
ret = ideapad_sysfs_init(priv);
if (ret)
@@ -869,11 +876,17 @@ static int ideapad_acpi_add(struct platform_device *pdev)
if (ret)
goto input_failed;
- if (!dmi_check_system(rfkill_blacklist)) {
- for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
- if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
- ideapad_register_rfkill(priv, i);
- }
+ /*
+ * On some models without a hw-switch (the yoga 2 13 at least)
+ * VPCCMD_W_RF must be explicitly set to 1 for the wifi to work.
+ */
+ if (!priv->has_hw_rfkill_switch)
+ write_ec_cmd(priv->adev->handle, VPCCMD_W_RF, 1);
+
+ for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
+ if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
+ ideapad_register_rfkill(priv, i);
+
ideapad_sync_rfk_state(priv);
ideapad_sync_touchpad_state(priv);
--
2.0.0

View File

@ -0,0 +1,31 @@
From 70b5ad494c01fce2f3d3284affaefa8f581b21e8 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH] ACPI: Limit access to custom_method
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if any such restrictions have been enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/acpi/custom_method.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index c68e72414a67..4277938af700 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
struct acpi_table_header table;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
if (!(*ppos)) {
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
--
1.9.3

View File

@ -0,0 +1,32 @@
From 4efca4da7b99c99095a6390d5f20aee30bdb6d67 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 3 May 2012 20:27:11 +0100
Subject: [PATCH] ARM: tegra: usb no reset
Patch for disconnect issues with storage attached to a
tegra-ehci controller
---
drivers/usb/core/hub.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 46f5161c7891..be0877ff88b3 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5035,6 +5035,13 @@ static void hub_events(void)
(u16) hub->change_bits[0],
(u16) hub->event_bits[0]);
+ /* Don't disconnect USB-SATA on TrimSlice */
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
+ (hub->event_bits[0] == 0x2))
+ hub->event_bits[0] = 0;
+ }
+
/* Lock the device, then check to see if we were
* disconnected while waiting for the lock to succeed. */
usb_lock_device(hdev);
--
1.9.3

View File

@ -0,0 +1,57 @@
From fefd3c3f983024a88af6e80f03d999ca5f9314e2 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH] Add EFI signature data types
Add the data types that are used for containing hashes, keys and certificates
for cryptographic verification.
Bugzilla: N/A
Upstream-status: Fedora mustard for now
Signed-off-by: David Howells <dhowells@redhat.com>
---
include/linux/efi.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index ebe6a24cc1e1..5ce40e215f15 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -581,6 +581,12 @@ void efi_native_runtime_setup(void);
#define DEVICE_TREE_GUID \
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
+#define EFI_CERT_SHA256_GUID \
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
+
+#define EFI_CERT_X509_GUID \
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+
typedef struct {
efi_guid_t guid;
u64 table;
@@ -796,6 +802,20 @@ typedef struct _efi_file_io_interface {
#define EFI_INVALID_TABLE_ADDR (~0UL)
+typedef struct {
+ efi_guid_t signature_owner;
+ u8 signature_data[];
+} efi_signature_data_t;
+
+typedef struct {
+ efi_guid_t signature_type;
+ u32 signature_list_size;
+ u32 signature_header_size;
+ u32 signature_size;
+ u8 signature_header[];
+ /* efi_signature_data_t signatures[][] */
+} efi_signature_list_t;
+
/*
* All runtime access to EFI goes through this structure:
*/
--
1.9.3

View File

@ -0,0 +1,179 @@
From 1e20708ec6d992ab178cc0c9cc6c51ae3b95f48d Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH] Add an EFI signature blob parser and key loader.
X.509 certificates are loaded into the specified keyring as asymmetric type
keys.
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/Kconfig | 8 +++
crypto/asymmetric_keys/Makefile | 1 +
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
include/linux/efi.h | 4 ++
4 files changed, 122 insertions(+)
create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 4870f28403f5..4a1b50d73b80 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION
This option provides support for verifying the signature(s) on a
signed PE binary.
+config EFI_SIGNATURE_LIST_PARSER
+ bool "EFI signature list parser"
+ depends on EFI
+ select X509_CERTIFICATE_PARSER
+ help
+ This option provides support for parsing EFI signature lists for
+ X.509 certificates and turning them into keys.
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index e47fcd9ac5e8..6512f6596785 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
#
# X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
new file mode 100644
index 000000000000..424896a0b169
--- /dev/null
+++ b/crypto/asymmetric_keys/efi_parser.c
@@ -0,0 +1,109 @@
+/* EFI signature/key/certificate list parser
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "EFI: "fmt
+#include <linux/module.h>
+#include <linux/printk.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <keys/asymmetric-type.h>
+
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
+
+/**
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
+ * @data: The data blob to parse
+ * @size: The size of the data blob
+ * @keyring: The keyring to add extracted keys to
+ */
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
+{
+ unsigned offs = 0;
+ size_t lsize, esize, hsize, elsize;
+
+ pr_devel("-->%s(,%zu)\n", __func__, size);
+
+ while (size > 0) {
+ efi_signature_list_t list;
+ const efi_signature_data_t *elem;
+ key_ref_t key;
+
+ if (size < sizeof(list))
+ return -EBADMSG;
+
+ memcpy(&list, data, sizeof(list));
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
+ offs,
+ list.signature_type.b, list.signature_list_size,
+ list.signature_header_size, list.signature_size);
+
+ lsize = list.signature_list_size;
+ hsize = list.signature_header_size;
+ esize = list.signature_size;
+ elsize = lsize - sizeof(list) - hsize;
+
+ if (lsize > size) {
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
+ __func__, offs);
+ return -EBADMSG;
+ }
+ if (lsize < sizeof(list) ||
+ lsize - sizeof(list) < hsize ||
+ esize < sizeof(*elem) ||
+ elsize < esize ||
+ elsize % esize != 0) {
+ pr_devel("- bad size combo @%x\n", offs);
+ return -EBADMSG;
+ }
+
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
+ data += lsize;
+ size -= lsize;
+ offs += lsize;
+ continue;
+ }
+
+ data += sizeof(list) + hsize;
+ size -= sizeof(list) + hsize;
+ offs += sizeof(list) + hsize;
+
+ for (; elsize > 0; elsize -= esize) {
+ elem = data;
+
+ pr_devel("ELEM[%04x]\n", offs);
+
+ key = key_create_or_update(
+ make_key_ref(keyring, 1),
+ "asymmetric",
+ NULL,
+ &elem->signature_data,
+ esize - sizeof(*elem),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW,
+ KEY_ALLOC_NOT_IN_QUOTA |
+ KEY_ALLOC_TRUSTED);
+
+ if (IS_ERR(key))
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
+ PTR_ERR(key));
+ else
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
+ key_ref_to_ptr(key)->description,
+ keyring->description);
+
+ data += esize;
+ size -= esize;
+ offs += esize;
+ }
+ }
+
+ return 0;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 5ce40e215f15..41359e548bcb 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -906,6 +906,10 @@ extern bool efi_poweroff_required(void);
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
(md) = (void *)(md) + (m)->desc_size)
+struct key;
+extern int __init parse_efi_signature_list(const void *data, size_t size,
+ struct key *keyring);
+
/**
* efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address
--
1.9.3

View File

@ -0,0 +1,186 @@
From d9c97fea8a906281ee05486731746d648d8ff749 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH] Add option to automatically enforce module signatures when in
Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that all kernel modules also be signed. Add a configuration option
that enforces this automatically when enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
Documentation/x86/zero-page.txt | 2 ++
arch/x86/Kconfig | 10 ++++++++++
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
arch/x86/kernel/setup.c | 6 ++++++
include/linux/module.h | 6 ++++++
kernel/module.c | 7 +++++++
7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 199f453cb4de..ec38acf00b40 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
(below)
+1EB/001 ALL kbd_status Numlock is enabled
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
1EF/001 ALL sentinel Used to detect broken bootloaders
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 778178f4c7d1..8899dc333793 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1565,6 +1565,16 @@ config EFI_MIXED
If unsure, say N.
+config EFI_SECURE_BOOT_SIG_ENFORCE
+ def_bool n
+ prompt "Force module signing when UEFI Secure Boot is enabled"
+ ---help---
+ UEFI Secure Boot provides a mechanism for ensuring that the
+ firmware will only load signed bootloaders and kernels. Certain
+ use cases may also require that all kernel modules also be signed.
+ Say Y here to automatically enable module signature enforcement
+ when a system boots with UEFI Secure Boot enabled.
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index f277184e2ac1..88edd48f03e9 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
#include <asm/efi.h>
#include <asm/setup.h>
#include <asm/desc.h>
+#include <asm/bootparam_utils.h>
#undef memcpy /* Use memcpy from misc.c */
@@ -803,6 +804,37 @@ out:
return status;
}
+static int get_secure_boot(void)
+{
+ u8 sb, setup;
+ unsigned long datasize = sizeof(sb);
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
+ efi_status_t status;
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (sb == 0)
+ return 0;
+
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SetupMode", &var_guid, NULL, &datasize,
+ &setup);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (setup == 1)
+ return 0;
+
+ return 1;
+}
+
+
/*
* See if we have Graphics Output Protocol
*/
@@ -1374,6 +1406,10 @@ struct boot_params *efi_main(struct efi_config *c,
else
setup_boot_services32(efi_early);
+ sanitize_boot_params(boot_params);
+
+ boot_params->secure_boot = get_secure_boot();
+
setup_graphics(boot_params);
status = setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 225b0988043a..90dbfb73e11f 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -133,7 +133,8 @@ struct boot_params {
__u8 eddbuf_entries; /* 0x1e9 */
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
__u8 kbd_status; /* 0x1eb */
- __u8 _pad5[3]; /* 0x1ec */
+ __u8 secure_boot; /* 0x1ec */
+ __u8 _pad5[2]; /* 0x1ed */
/*
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 41ead8d3bc0b..5a5cf7395724 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
+ if (boot_params.secure_boot) {
+ enforce_signed_modules();
+ }
+#endif
+
/*
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index 341a73ecea2e..cca08ac450e2 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
struct notifier_block;
+#ifdef CONFIG_MODULE_SIG
+extern void enforce_signed_modules(void);
+#else
+static inline void enforce_signed_modules(void) {};
+#endif
+
#ifdef CONFIG_MODULES
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index 1f7b4664300e..866417ecc76a 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3843,6 +3843,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
+#ifdef CONFIG_MODULE_SIG
+void enforce_signed_modules(void)
+{
+ sig_enforce = true;
+}
+#endif
+
bool secure_modules(void)
{
#ifdef CONFIG_MODULE_SIG
--
1.9.3

View File

@ -0,0 +1,64 @@
From 3a2e996725c790c4a7db13246c312f3f5ed085e7 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH] Add secure_modules() call
Provide a single call to allow kernel code to determine whether the system
has been configured to either disable module loading entirely or to load
only modules signed with a trusted key.
Bugzilla: N/A
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
include/linux/module.h | 7 +++++++
kernel/module.c | 10 ++++++++++
2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 71f282a4e307..341a73ecea2e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb);
extern void print_modules(void);
+extern bool secure_modules(void);
+
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
static inline void print_modules(void)
{
}
+
+static inline bool secure_modules(void)
+{
+ return false;
+}
#endif /* CONFIG_MODULES */
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
index 03214bd288e9..1f7b4664300e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3842,3 +3842,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
+
+bool secure_modules(void)
+{
+#ifdef CONFIG_MODULE_SIG
+ return (sig_enforce || modules_disabled);
+#else
+ return modules_disabled;
+#endif
+}
+EXPORT_SYMBOL(secure_modules);
--
1.9.3

View File

@ -1,11 +1,10 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From 603230771bdbca78e6530d29dbe8b239cdcc8473 Mon Sep 17 00:00:00 2001
From 8e57a11b2016ad15653f55d2b0b799f94050cb8e Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@redhat.com>
Date: Fri, 30 Aug 2013 09:28:51 -0400
Subject: [PATCH] Add sysrq option to disable secure boot mode
Bugzilla: N/A
Upstream-status: Fedora mustard
---
arch/x86/kernel/setup.c | 36 ++++++++++++++++++++++++++++++++++++
drivers/input/misc/uinput.c | 1 +
@ -17,7 +16,7 @@ Subject: [PATCH] Add sysrq option to disable secure boot mode
7 files changed, 65 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 5ce785fc9f05..2024cbb7169b 100644
index fb282ff6a802..d291d16ba257 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -70,6 +70,11 @@
@ -71,10 +70,10 @@ index 5ce785fc9f05..2024cbb7169b 100644
.notifier_call = dump_kernel_offset
};
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 856936247500..1e87a1ea704b 100644
index 421e29e4cd81..61c1eb97806c 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -353,6 +353,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
if (!udev->dev)
return -ENOMEM;
@ -83,7 +82,7 @@ index 856936247500..1e87a1ea704b 100644
input_set_drvdata(udev->dev, udev);
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index 454b65898e2c..19d67594a3b8 100644
index 42bad18c66c9..496e073b09d7 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -463,6 +463,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
@ -217,7 +216,7 @@ index 387fa7d05c98..4b07e30b3279 100644
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
struct sysrq_key_op *__sysrq_get_key_op(int key);
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 2f7c760305ca..abb29d9811af 100644
index 379650b984f8..070f29fefdc2 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1924,7 +1924,7 @@ static int kdb_sr(int argc, const char **argv)
@ -230,10 +229,10 @@ index 2f7c760305ca..abb29d9811af 100644
return 0;
diff --git a/kernel/module.c b/kernel/module.c
index 452079124fb7..37dabbc1e902 100644
index 866417ecc76a..d7ca95c5a349 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
@@ -108,9 +108,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
#ifdef CONFIG_MODULE_SIG
#ifdef CONFIG_MODULE_SIG_FORCE

View File

@ -0,0 +1,47 @@
From bbe2ff3101aff1009fe9afbe17cb16a273797193 Mon Sep 17 00:00:00 2001
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Date: Wed, 3 Sep 2014 15:43:25 -0400
Subject: [PATCH] HID: wacom: Add support for the Cintiq Companion
The Wacom Cintiq Companion shares the same sensor than the Cintiq
Companion Hybrid, with the exception of the different PIDs.
Bugzilla: 1134969
Upstream-status: Queued for 3.18
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
---
drivers/hid/wacom_wac.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
index aa6a08eb7ad6..c3cbbfb5811f 100644
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2573,6 +2573,14 @@ static const struct wacom_features wacom_features_0x309 =
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10,
.check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
+static const struct wacom_features wacom_features_0x30A =
+ { "Wacom ISDv5 30A", 59352, 33648, 2047, 63,
+ CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
+static const struct wacom_features wacom_features_0x30C =
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30A, .touch_max = 10,
+ .check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
#define USB_DEVICE_WACOM(prod) \
HID_DEVICE(BUS_USB, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
@@ -2708,6 +2716,8 @@ const struct hid_device_id wacom_ids[] = {
{ USB_DEVICE_WACOM(0x304) },
{ USB_DEVICE_WACOM(0x307) },
{ USB_DEVICE_WACOM(0x309) },
+ { USB_DEVICE_WACOM(0x30A) },
+ { USB_DEVICE_WACOM(0x30C) },
{ USB_DEVICE_WACOM(0x30E) },
{ USB_DEVICE_WACOM(0x314) },
{ USB_DEVICE_WACOM(0x315) },
--
1.9.3

View File

@ -1,46 +0,0 @@
From bdfffc320102278edac2db5a397ffbfd89faeab3 Mon Sep 17 00:00:00 2001
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Date: Wed, 3 Sep 2014 15:43:25 -0400
Subject: [PATCH] Input: wacom: Add support for the Cintiq Companion
The Wacom Cintiq Companion shares the same sensor than the Cintiq
Companion Hybrid, with the exception of the different PIDs.
Bugzilla: 1134969
Upstream-status: Queued for 3.18
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
---
drivers/input/tablet/wacom_wac.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/input/tablet/wacom_wac.c b/drivers/input/tablet/wacom_wac.c
index e73cf2c71f35..7f6caf8c85fb 100644
--- a/drivers/input/tablet/wacom_wac.c
+++ b/drivers/input/tablet/wacom_wac.c
@@ -2332,6 +2332,13 @@ static const struct wacom_features wacom_features_0x0307 =
static const struct wacom_features wacom_features_0x0309 =
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10 };
+static const struct wacom_features wacom_features_0x030A =
+ { "Wacom ISDv5 30A", WACOM_PKGLEN_INTUOS, 59352, 33648, 2047,
+ 63, CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
+static const struct wacom_features wacom_features_0x030C =
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x030A, .touch_max = 10 };
#define USB_DEVICE_WACOM(prod) \
USB_DEVICE(USB_VENDOR_ID_WACOM, prod), \
@@ -2478,6 +2485,8 @@ const struct usb_device_id wacom_ids[] = {
{ USB_DEVICE_WACOM(0xFA) },
{ USB_DEVICE_WACOM(0xFB) },
{ USB_DEVICE_WACOM(0x0307) },
+ { USB_DEVICE_WACOM(0x030A) },
+ { USB_DEVICE_DETAILED(0x030C, USB_CLASS_HID, 0, 0) },
{ USB_DEVICE_DETAILED(0x0309, USB_CLASS_HID, 0, 0) },
{ USB_DEVICE_LENOVO(0x6004) },
{ }
--
1.9.3

View File

@ -0,0 +1,112 @@
From 6aca93c96e067deab170188aea3edb0afd88e9a2 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules
and if the module's certificate is found, it will refuse to load. This is
useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/keys/system_keyring.h | 4 ++++
init/Kconfig | 9 +++++++++
kernel/module_signing.c | 12 ++++++++++++
kernel/system_keyring.c | 17 +++++++++++++++++
4 files changed, 42 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 72665eb80692..2c7b80d31366 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
}
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index e84c6423a2e5..223b1a32bbcb 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1720,6 +1720,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fac4bd0..fed815fcdaf2 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
pr_debug("Look up: \"%s\"\n", id);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
+ &key_type_asymmetric, id);
+ if (!IS_ERR(key)) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key '%s' is in blacklist\n", id);
+ key_ref_put(key);
+ kfree(id);
+ return ERR_PTR(-EKEYREJECTED);
+ }
+#endif
+
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
&key_type_asymmetric, id);
if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 875f64e8935b..c15e93f5a418 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
EXPORT_SYMBOL_GPL(system_trusted_keyring);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+struct key *system_blacklist_keyring;
+#endif
extern __initconst const u8 system_certificate_list[];
extern __initconst const unsigned long system_certificate_list_size;
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
panic("Can't allocate system trusted keyring\n");
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ,
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ if (IS_ERR(system_blacklist_keyring))
+ panic("Can't allocate system blacklist keyring\n");
+
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
+#endif
+
return 0;
}
--
1.9.3

View File

@ -0,0 +1,95 @@
From 02c3c0f0c83483a79783b211ef1bbd79ef0bd360 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 9 Sep 2014 19:12:32 +0100
Subject: [PATCH] KEYS: Fix termination condition in assoc array garbage
collection
It is possible for an associative array to end up with a shortcut node at the
root of the tree, if there are more than fan-out nodes in the tree, but they
all crowd into the same slot in the lowest level (ie. they all have the same
first nibble of their index keys).
When assoc_array_gc() returns back up the tree after scanning some leaves, it
can fall off of the root and crash because it assumes that the back pointer
from a shortcut (after label ascend_old_tree) must point to a normal node -
which isn't true of a shortcut node at the root.
Should we find we're ascending rootwards over a shortcut, we should check to
see if the backpointer is zero - and if it is, we have completed the scan.
This particular bug cannot occur if the root node is not a shortcut - ie. if
you have fewer than 17 keys in a keyring or if you have at least two keys that
sit into separate slots (eg. a keyring and a non keyring).
If we do fall off of the top of the tree, we get the following oops:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
IP: [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
PGD dae15067 PUD cfc24067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: xt_nat xt_mark nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_ni
CPU: 0 PID: 26011 Comm: kworker/0:1 Not tainted 3.14.9-200.fc20.x86_64 #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: events key_garbage_collector
task: ffff8800918bd580 ti: ffff8800aac14000 task.ti: ffff8800aac14000
RIP: 0010:[<ffffffff8136cea7>] [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
RSP: 0018:ffff8800aac15d40 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8800aaecacc0
RDX: ffff8800daecf440 RSI: 0000000000000001 RDI: ffff8800aadc2bc0
RBP: ffff8800aac15da8 R08: 0000000000000001 R09: 0000000000000003
R10: ffffffff8136ccc7 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000070 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000018 CR3: 00000000db10d000 CR4: 00000000000006f0
Stack:
ffff8800aac15d50 0000000000000011 ffff8800aac15db8 ffffffff812e2a70
ffff880091a00600 0000000000000000 ffff8800aadc2bc3 00000000cd42c987
ffff88003702df20 ffff88003702dfa0 0000000053b65c09 ffff8800aac15fd8
Call Trace:
[<ffffffff812e2a70>] ? keyring_detect_cycle_iterator+0x30/0x30
[<ffffffff812e3e75>] keyring_gc+0x75/0x80
[<ffffffff812e1424>] key_garbage_collector+0x154/0x3c0
[<ffffffff810a67b6>] process_one_work+0x176/0x430
[<ffffffff810a744b>] worker_thread+0x11b/0x3a0
[<ffffffff810a7330>] ? rescuer_thread+0x3b0/0x3b0
[<ffffffff810ae1a8>] kthread+0xd8/0xf0
[<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
[<ffffffff816ffb7c>] ret_from_fork+0x7c/0xb0
[<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
Code: 08 4c 8b 22 0f 84 bf 00 00 00 41 83 c7 01 49 83 e4 fc 41 83 ff 0f 4c 89 65 c0 0f 8f 5a fe ff ff 48 8b 45 c0 4d 63 cf 49 83 c1 02 <4e> 8b 34 c8 4d 85 f6 0f 84 be 00 00 00 41 f6 c6 01 0f 84 92
RIP [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
RSP <ffff8800aac15d40>
CR2: 0000000000000018
---[ end trace 1129028a088c0cbd ]---
Bugzilla: 1116347
Upstream-status: ??
Signed-off-by: David Howells <dhowells@redhat.com>
---
lib/assoc_array.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/assoc_array.c b/lib/assoc_array.c
index ae146f0734eb..2404d03e251a 100644
--- a/lib/assoc_array.c
+++ b/lib/assoc_array.c
@@ -1723,11 +1723,13 @@ ascend_old_tree:
shortcut = assoc_array_ptr_to_shortcut(ptr);
slot = shortcut->parent_slot;
cursor = shortcut->back_pointer;
+ if (!cursor)
+ goto gc_complete;
} else {
slot = node->parent_slot;
cursor = ptr;
}
- BUG_ON(!ptr);
+ BUG_ON(!cursor);
node = assoc_array_ptr_to_node(cursor);
slot++;
goto continue_node;
--
1.9.3

View File

@ -0,0 +1,186 @@
From 728aa078f7fa819843c2eb68517d326cbf3947ea Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
Secure Boot stores a list of allowed certificates in the 'db' variable.
This imports those certificates into the system trusted keyring. This
allows for a third party signing certificate to be used in conjunction
with signed modules. By importing the public certificate into the 'db'
variable, a user can allow a module signed with that certificate to
load. The shim UEFI bootloader has a similar certificate list stored
in the 'MokListRT' variable. We import those as well.
In the opposite case, Secure Boot maintains a list of disallowed
certificates in the 'dbx' variable. We load those certificates into
the newly introduced system blacklist keyring and forbid any module
signed with those from loading.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/linux/efi.h | 6 ++++
init/Kconfig | 9 +++++
kernel/Makefile | 3 ++
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 110 insertions(+)
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 41359e548bcb..db9e6118575e 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -587,6 +587,12 @@ void efi_native_runtime_setup(void);
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
+
+#define EFI_SHIM_LOCK_GUID \
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
+
typedef struct {
efi_guid_t guid;
u64 table;
diff --git a/init/Kconfig b/init/Kconfig
index 223b1a32bbcb..3bad458f1c68 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1874,6 +1874,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_UEFI
+ bool "Allow modules signed with certs stored in UEFI"
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
+ select EFI_SIGNATURE_LIST_PARSER
+ help
+ This will import certificates stored in UEFI and allow modules
+ signed with those to be loaded. It will also disallow loading
+ of modules stored in the UEFI dbx variable.
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index dc5c77544fd6..95bdf3398880 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -45,6 +45,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+
# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644
index 000000000000..94b0eb38a284
--- /dev/null
+++ b/kernel/modsign_uefi.c
@@ -0,0 +1,92 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/cred.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <linux/slab.h>
+#include <keys/asymmetric-type.h>
+#include <keys/system_keyring.h>
+#include "module-internal.h"
+
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+{
+ efi_status_t status;
+ unsigned long lsize = 4;
+ unsigned long tmpdb[4];
+ void *db = NULL;
+
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status != EFI_BUFFER_TOO_SMALL) {
+ pr_err("Couldn't get size: 0x%lx\n", status);
+ return NULL;
+ }
+
+ db = kmalloc(lsize, GFP_KERNEL);
+ if (!db) {
+ pr_err("Couldn't allocate memory for uefi cert list\n");
+ goto out;
+ }
+
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
+ if (status != EFI_SUCCESS) {
+ kfree(db);
+ db = NULL;
+ pr_err("Error reading db var: 0x%lx\n", status);
+ }
+out:
+ *size = lsize;
+ return db;
+}
+
+/*
+ * * Load the certs contained in the UEFI databases
+ * */
+static int __init load_uefi_certs(void)
+{
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
+ void *db = NULL, *dbx = NULL, *mok = NULL;
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
+ int rc = 0;
+
+ /* Check if SB is enabled and just return if not */
+ if (!efi_enabled(EFI_SECURE_BOOT))
+ return 0;
+
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
+ * an error if we can't get them.
+ */
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
+
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+ if (!mok) {
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+ } else {
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
+ kfree(mok);
+ }
+
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
+ if (!dbx) {
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+ } else {
+ rc = parse_efi_signature_list(dbx, dbxsize,
+ system_blacklist_keyring);
+ if (rc)
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
+ kfree(dbx);
+ }
+
+ return rc;
+}
+late_initcall(load_uefi_certs);
--
1.9.3

View File

@ -0,0 +1,84 @@
From 423462db8b901e6cc936350a5e1f538d15aa5555 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH] MODSIGN: Support not importing certs from db
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
Have the uefi import code look for this and not import things from the db
variable.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
index 94b0eb38a284..ae28b974d49a 100644
--- a/kernel/modsign_uefi.c
+++ b/kernel/modsign_uefi.c
@@ -8,6 +8,23 @@
#include <keys/system_keyring.h>
#include "module-internal.h"
+static __init int check_ignore_db(void)
+{
+ efi_status_t status;
+ unsigned int db = 0;
+ unsigned long size = sizeof(db);
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
+
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
+ * then we don't ignore DB. If it succeeds, we do.
+ */
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ return 1;
+}
+
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
{
efi_status_t status;
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
void *db = NULL, *dbx = NULL, *mok = NULL;
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
- int rc = 0;
+ int ignore_db, rc = 0;
/* Check if SB is enabled and just return if not */
if (!efi_enabled(EFI_SECURE_BOOT))
return 0;
+ /* See if the user has setup Ignore DB mode */
+ ignore_db = check_ignore_db();
+
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
* an error if we can't get them.
*/
- db = get_cert_list(L"db", &secure_var, &dbsize);
- if (!db) {
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
- } else {
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
- if (rc)
- pr_err("Couldn't parse db signatures: %d\n", rc);
- kfree(db);
+ if (!ignore_db) {
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
}
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
1.9.3

View File

@ -11,11 +11,10 @@ CONFIGFILES = \
$(CFG)-s390x.config \
$(CFG)-armv7hl.config $(CFG)-armv7hl-lpae.config \
$(CFG)-aarch64.config \
$(CFG)-ppc.config $(CFG)-ppc-smp.config \
$(CFG)-ppc64.config $(CFG)-ppc64p7.config $(CFG)-ppc64-debug.config \
$(CFG)-ppc64le.config
PLATFORMS = x86 x86_64 powerpc powerpc32 powerpc64 s390x arm arm64
PLATFORMS = x86 x86_64 powerpc powerpc64 s390x arm arm64
TEMPFILES = $(addprefix temp-, $(addsuffix -generic, $(PLATFORMS)))
configs: $(CONFIGFILES)
@ -81,9 +80,6 @@ temp-powerpc-generic: config-powerpc-generic temp-generic
temp-powerpc-debug-generic: config-powerpc-generic temp-debug-generic
perl merge.pl $^ > $@
temp-powerpc32-generic: config-powerpc32-generic temp-powerpc-generic
perl merge.pl $^ > $@
temp-powerpc64-generic: config-powerpc64 temp-powerpc-generic
perl merge.pl $^ > $@
@ -134,9 +130,3 @@ $(CFG)-armv7hl-lpae.config: /dev/null temp-armv7-lpae
$(CFG)-aarch64.config: /dev/null temp-arm64
perl merge.pl $^ arm64 > $@
$(CFG)-ppc.config: /dev/null temp-powerpc32-generic
perl merge.pl $^ powerpc > $@
$(CFG)-ppc-smp.config: config-powerpc32-smp temp-powerpc32-generic
perl merge.pl $^ powerpc > $@

View File

@ -0,0 +1,117 @@
From 6f2298da3471189910506e3eec34c2a9b7c12761 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
kernel code, allowing them to circumvent disabled module loading or module
signing. Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/pci/pci-sysfs.c | 10 ++++++++++
drivers/pci/proc.c | 8 +++++++-
drivers/pci/syscall.c | 3 ++-
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 9ff0a901ecf7..8d0d5d92b8d9 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -30,6 +30,7 @@
#include <linux/vgaarb.h>
#include <linux/pm_runtime.h>
#include <linux/of.h>
+#include <linux/module.h>
#include "pci.h"
static int sysfs_initialized; /* = 0 */
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
loff_t init_off = off;
u8 *data = (u8 *) buf;
+ if (secure_modules())
+ return -EPERM;
+
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
resource_size_t start, end;
int i;
+ if (secure_modules())
+ return -EPERM;
+
for (i = 0; i < PCI_ROM_RESOURCE; i++)
if (res == &pdev->resource[i])
break;
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{
+ if (secure_modules())
+ return -EPERM;
+
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
}
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
index 3f155e78513f..4265ea07e3b0 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
int size = dev->cfg_size;
int cnt;
+ if (secure_modules())
+ return -EPERM;
+
if (pos >= size)
return 0;
if (nbytes >= size)
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
#endif /* HAVE_PCI_MMAP */
int ret = 0;
+ if (secure_modules())
+ return -EPERM;
+
switch (cmd) {
case PCIIOC_CONTROLLER:
ret = pci_domain_nr(dev->bus);
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
struct pci_filp_private *fpriv = file->private_data;
int i, ret;
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
/* Make sure the caller is mapping a real resource for this device */
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
index b91c4da68365..98f5637304d1 100644
--- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c
@@ -10,6 +10,7 @@
#include <linux/errno.h>
#include <linux/pci.h>
#include <linux/syscalls.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
#include "pci.h"
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
u32 dword;
int err = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
return -EPERM;
dev = pci_get_bus_and_slot(bus, dfn);
--
1.9.3

View File

@ -0,0 +1,42 @@
From d999220356c7c2526cdaa1a9113784f95004d65e Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
restricted
Allowing users to write to address space makes it possible for the kernel
to be subverted, avoiding module loading restrictions. Prevent this when
any restrictions have been imposed on loading modules.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/char/mem.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index cdf839f9defe..c63cf93b00eb 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
if (p != *ppos)
return -EFBIG;
+ if (secure_modules())
+ return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p);
--
1.9.3

View File

@ -1,23 +1,25 @@
Bugzilla: N/A
Upstream-status: Sigh. We almost got to drop this.
From 20e3f1e1b9341d233a11734c07c076caac9936ef Mon Sep 17 00:00:00 2001
From 37a1b979a715b1c7e8247cfdfcc2eedc9aea1471 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Mon, 28 Jul 2014 12:59:48 -0400
Subject: [PATCH] Revert "Revert "ACPI / video: change acpi-video
brightness_switch_enabled default to 0""
This reverts commit 2843768b701971ab10e62c77d5c75ad7c306f1bd.
Bugzilla: N/A
Upstream-status: Sigh. We almost got to drop this.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
Documentation/kernel-parameters.txt | 2 +-
drivers/acpi/video.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index b7fa2f599459..e8db409a7e3a 100644
index 5ae8608ca9f5..8ffa8f91eeb2 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -3532,7 +3532,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
@@ -3595,7 +3595,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the allocated input device; If set to 0, video driver
will only send out the event without touching backlight
brightness level.
@ -27,7 +29,7 @@ index b7fa2f599459..e8db409a7e3a 100644
virtio_mmio.device=
[VMMIO] Memory mapped virtio (platform) device.
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 350d52a8f781..44c89f705018 100644
index fcbda105616e..2e0236af78b9 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot");

View File

@ -0,0 +1,39 @@
From e2b4ee7e99b8c0a0d48ed4aa76fd01e11bfe275d Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
is restricted
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules. Disable it in that case.
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
---
drivers/acpi/osl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 3abe9b223ba7..ee8f11cf65da 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@
#include <linux/list.h>
#include <linux/jiffies.h>
#include <linux/semaphore.h>
+#include <linux/module.h>
#include <asm/io.h>
#include <asm/uaccess.h>
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
- if (acpi_rsdp)
+ if (acpi_rsdp && !secure_modules())
return acpi_rsdp;
#endif
--
1.9.3

View File

@ -1,8 +1,8 @@
From 5573624261ab5d54f2dea2a3e09a98729db9ecd9 Mon Sep 17 00:00:00 2001
From 11ad2e84a328a6bc9861646044d4411352d82258 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 30 Apr 2014 15:24:19 +0200
Subject: [PATCH 1/2] acpi-video: Add 4 new models to the use_native_backlight
dmi list
Subject: [PATCH] acpi-video: Add 4 new models to the use_native_backlight dmi
list
Acer Aspire V5-171
https://bugzilla.redhat.com/show_bug.cgi?id=983342
@ -21,10 +21,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
1 file changed, 32 insertions(+)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 8b6990e..48146fc 100644
index 2e0236af78b9..df1626d2ba10 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -488,6 +488,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -556,6 +556,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
},
{
@ -39,7 +39,7 @@ index 8b6990e..48146fc 100644
.callback = video_set_use_native_backlight,
.ident = "Thinkpad Helix",
.matches = {
@@ -513,6 +521,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -597,6 +605,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -54,7 +54,7 @@ index 8b6990e..48146fc 100644
.ident = "Acer Aspire V5-431",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Acer"),
@@ -520,6 +536,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -644,6 +660,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
},
{
@ -69,7 +69,7 @@ index 8b6990e..48146fc 100644
.callback = video_set_use_native_backlight,
.ident = "HP ProBook 4340s",
.matches = {
@@ -571,6 +595,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -720,6 +744,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -85,5 +85,5 @@ index 8b6990e..48146fc 100644
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
--
1.9.0
1.9.3

View File

@ -1,11 +1,8 @@
Bugzilla: 1093171
Upstream-status: Queued for 3.16
From 7ac976d0109433d1ad0812f4f6889a904d9a0c40 Mon Sep 17 00:00:00 2001
From f2516b128351bcc2856d39a8b2aa98f748becda5 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:10 +0200
Subject: [PATCH 13/14] acpi-video: Add use native backlight quirk for the
ThinkPad W530
Subject: [PATCH] acpi-video: Add use native backlight quirk for the ThinkPad
W530
Like all of the other *30 ThinkPad models, the W530 has a broken acpi-video
backlight control. Note in order for this to actually fix things on the
@ -15,6 +12,9 @@ is also needed.
https://bugzilla.redhat.com/show_bug.cgi?id=1093171
Bugzilla: 1093171
Upstream-status: Queued for 3.16
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
@ -22,10 +22,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
1 file changed, 8 insertions(+)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index ab7cd65ce21e..dcb0ef4c22f6 100644
index df1626d2ba10..caa4d8fc3458 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -468,6 +468,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -469,6 +469,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -41,5 +41,5 @@ index ab7cd65ce21e..dcb0ef4c22f6 100644
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
--
1.9.0
1.9.3

View File

@ -1,16 +1,16 @@
Bugzilla: 1025690
Upstream-status: Waiting for feedback from reporter
From dfe2c6722a6f6cb45f6b336b094b26a77acd8393 Mon Sep 17 00:00:00 2001
From d48552d47446ac0562a46bbafcb1ab396d9b8555 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:11 +0200
Subject: [PATCH 14/14] acpi-video: Add use_native_backlight quirk for HP
ProBook 4540s
Subject: [PATCH] acpi-video: Add use_native_backlight quirk for HP ProBook
4540s
As reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1025690
This is yet another model which needs this quirk.
Bugzilla: 1025690
Upstream-status: Waiting for feedback from reporter
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
@ -18,10 +18,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
1 file changed, 8 insertions(+)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index dcb0ef4c22f6..3db16753f88a 100644
index caa4d8fc3458..7e86097f7c2b 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -548,6 +548,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
@@ -693,6 +693,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
},
{
.callback = video_set_use_native_backlight,
@ -37,5 +37,5 @@ index dcb0ef4c22f6..3db16753f88a 100644
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
--
1.9.0
1.9.3

View File

@ -1,460 +0,0 @@
Bugzilla: 1012025
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
From b5a2528c89fc8049b2a6a750634c14983e33d00f Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:05:09 -0600
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 6b71ad9..09ffbd8 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -74,5 +74,18 @@
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
status = "okay";
+
+ panel-info {
+ bpp = <16>;
+ ac-bias = <255>;
+ ac-bias-intrpt = <0>;
+ dma-burst-sz = <16>;
+ fdd = <16>;
+ sync-edge = <1>;
+ sync-ctrl = <1>;
+ raster-order = <0>;
+ fifo-th = <0>;
+ invert-pxl-clk;
+ };
};
};
--
1.8.5.1
From 1da083a002581520dd358b8b8e097078000d12b9 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:14:19 -0600
Subject: [PATCH 2/2] arm: dts: am335x-boneblack: add cpu0 opp points
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 09ffbd8..f213ccd 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -67,6 +67,24 @@
};
/ {
+ cpus {
+ cpu@0 {
+ cpu0-supply = <&dcdc2_reg>;
+ /*
+ * To consider voltage drop between PMIC and SoC,
+ * tolerance value is reduced to 2% from 4% and
+ * voltage value is increased as a precaution.
+ */
+ operating-points = <
+ /* kHz uV */
+ 1000000 1325000
+ 800000 1300000
+ 600000 1112000
+ 300000 969000
+ >;
+ };
+ };
+
hdmi {
compatible = "ti,tilcdc,slave";
i2c = <&i2c0>;
--
1.8.5.1
From 8551d8aa7d3e002da2097e7e902fb96fceb8694e Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 11:17:45 -0600
Subject: [PATCH 3/3] arm: dts: am335x-bone-common: enable and use i2c2
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index e3f27ec..54366b6 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -84,6 +84,13 @@
>;
};
+ i2c2_pins: pinmux_i2c2_pins {
+ pinctrl-single,pins = <
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
+ >;
+ };
+
uart0_pins: pinmux_uart0_pins {
pinctrl-single,pins = <
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
@@ -220,6 +227,38 @@
reg = <0x24>;
};
+ baseboard_eeprom: baseboard_eeprom@50 {
+ compatible = "at,24c256";
+ reg = <0x50>;
+ };
+};
+
+&i2c2 {
+ status = "okay";
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c2_pins>;
+
+ clock-frequency = <100000>;
+
+ cape_eeprom0: cape_eeprom0@54 {
+ compatible = "at,24c256";
+ reg = <0x54>;
+ };
+
+ cape_eeprom1: cape_eeprom1@55 {
+ compatible = "at,24c256";
+ reg = <0x55>;
+ };
+
+ cape_eeprom2: cape_eeprom2@56 {
+ compatible = "at,24c256";
+ reg = <0x56>;
+ };
+
+ cape_eeprom3: cape_eeprom3@57 {
+ compatible = "at,24c256";
+ reg = <0x57>;
+ };
};
/include/ "tps65217.dtsi"
--
1.8.5.2
From a3099dc53a47d1694a5b575580ec3406dc429bf8 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 14:18:00 -0600
Subject: [PATCH 4/4] arm: dts: am335x-bone-common: setup default pinmux
http://elinux.org/Basic_Proto_Cape
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
1 file changed, 130 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index e4571af..f85cabc 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -98,6 +98,13 @@
>;
};
+ uart1_pins: pinmux_uart1_pins {
+ pinctrl-single,pins = <
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
@@ -178,6 +185,33 @@
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
>;
};
+
+ spi0_pins: pinmux_spi0_pins {
+ pinctrl-single,pins = <
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
+ pinctrl-single,pins = <
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
+ pinctrl-single,pins = <
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
+ >;
+ };
+
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
+ pinctrl-single,pins = <
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
+ >;
+ };
};
&uart0 {
@@ -187,6 +221,13 @@
status = "okay";
};
+&uart1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart1_pins>;
+
+ status = "okay";
+};
+
&usb {
status = "okay";
@@ -261,6 +302,56 @@
};
};
+&epwmss0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ status = "okay";
+
+ ecap@48300100 {
+ status = "okay";
+ };
+};
+
+&epwmss1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <
+ &ehrpwm1_pin_p9_14
+ &ehrpwm1_pin_p9_16
+ >;
+
+ status = "okay";
+
+ ehrpwm@48302200 {
+ status = "okay";
+ };
+};
+
+&spi0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&spi0_pins>;
+ status = "okay";
+
+ spidev0: spi@0 {
+ compatible = "spidev";
+ reg = <0>;
+ spi-max-frequency = <16000000>;
+ spi-cpha;
+ };
+
+ spidev1: spi@1 {
+ compatible = "spidev";
+ reg = <1>;
+ spi-max-frequency = <16000000>;
+ };
+};
+
+&tscadc {
+ status = "okay";
+ adc {
+ ti,adc-channels = <4 5 6>;
+ };
+};
+
/include/ "tps65217.dtsi"
&tps {
@@ -336,3 +427,42 @@
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
cd-inverted;
};
+
+/ {
+ ocp {
+ //FIXME: these pwm's still need work, this guild isn't working..
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
+ pwm_test_P9_14@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_14";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_16@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_16";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_42 {
+ compatible = "pwm_test";
+ pwms = <&ecap0 0 500000 1>;
+ pwm-names = "PWM_P9_42";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+ };
+};
--
1.8.5.2
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Thu, 13 Mar 2014 14:18:52 -0500
Subject: [PATCH] arm: dts: am335x-bone-common: add
uart2_pins/uart4_pins/uart5_pins
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index f85cabc..5270d18 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -105,6 +105,27 @@
>;
};
+ uart2_pins: pinmux_uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
+ >;
+ };
+
+ uart4_pins: pinmux_uart4_pins {
+ pinctrl-single,pins = <
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
+ >;
+ };
+
+ uart5_pins: pinmux_uart5_pins {
+ pinctrl-single,pins = <
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
--
1.9.0
From 72567452d5d6007010597158f6afd00e2bf07579 Mon Sep 17 00:00:00 2001
From: Pantelis Antoniou <panto@antoniou-consulting.com>
Date: Sat, 15 Sep 2012 12:00:41 +0300
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
When using pinctrl-single to handle i2c initialization, it has
to be done early. Whether this is the best way to do so, is an
exercise left to the reader.
---
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index 829b98c..5107dcf 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -2039,7 +2039,17 @@ static struct platform_driver pcs_driver = {
#endif
};
-module_platform_driver(pcs_driver);
+static int __init pcs_init(void)
+{
+ return platform_driver_register(&pcs_driver);
+}
+postcore_initcall(pcs_init);
+
+static void __exit pcs_exit(void)
+{
+ platform_driver_unregister(&pcs_driver);
+}
+module_exit(pcs_exit);
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
--
1.8.5.2
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Thu, 13 Mar 2014 14:18:52 -0500
Subject: [PATCH] arm: dts: am335x-bone-common: add
uart2_pins/uart4_pins/uart5_pins
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index f85cabc..5270d18 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -105,6 +105,27 @@
>;
};
+ uart2_pins: pinmux_uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
+ >;
+ };
+
+ uart4_pins: pinmux_uart4_pins {
+ pinctrl-single,pins = <
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
+ >;
+ };
+
+ uart5_pins: pinmux_uart5_pins {
+ pinctrl-single,pins = <
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
--
1.9.0

View File

@ -0,0 +1,46 @@
From eff4447db91c46b6e638ceb0da832354e15e4502 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Thu, 13 Mar 2014 14:18:52 -0500
Subject: [PATCH] arm: dts: am335x-bone-common: add
uart2_pins/uart4_pins/uart5_pins
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index 86cdb52dbf8a..db4518ef755d 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -105,6 +105,27 @@
>;
};
+ uart2_pins: pinmux_uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
+ >;
+ };
+
+ uart4_pins: pinmux_uart4_pins {
+ pinctrl-single,pins = <
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
+ >;
+ };
+
+ uart5_pins: pinmux_uart5_pins {
+ pinctrl-single,pins = <
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
--
1.9.3

View File

@ -0,0 +1,70 @@
From 1f781abfa691083a36dd0d255d190cdb0251725e Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 11:17:45 -0600
Subject: [PATCH] arm: dts: am335x-bone-common: enable and use i2c2
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index bde1777b62be..c7357bcc7d5c 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -84,6 +84,13 @@
>;
};
+ i2c2_pins: pinmux_i2c2_pins {
+ pinctrl-single,pins = <
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
+ >;
+ };
+
uart0_pins: pinmux_uart0_pins {
pinctrl-single,pins = <
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
@@ -220,6 +227,38 @@
reg = <0x24>;
};
+ baseboard_eeprom: baseboard_eeprom@50 {
+ compatible = "at,24c256";
+ reg = <0x50>;
+ };
+};
+
+&i2c2 {
+ status = "okay";
+ pinctrl-names = "default";
+ pinctrl-0 = <&i2c2_pins>;
+
+ clock-frequency = <100000>;
+
+ cape_eeprom0: cape_eeprom0@54 {
+ compatible = "at,24c256";
+ reg = <0x54>;
+ };
+
+ cape_eeprom1: cape_eeprom1@55 {
+ compatible = "at,24c256";
+ reg = <0x55>;
+ };
+
+ cape_eeprom2: cape_eeprom2@56 {
+ compatible = "at,24c256";
+ reg = <0x56>;
+ };
+
+ cape_eeprom3: cape_eeprom3@57 {
+ compatible = "at,24c256";
+ reg = <0x57>;
+ };
};
/include/ "tps65217.dtsi"
--
1.9.3

View File

@ -0,0 +1,180 @@
From 3cdbaad2a041e42677e1e8137bb1a9f01fd37277 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Tue, 31 Dec 2013 14:18:00 -0600
Subject: [PATCH] arm: dts: am335x-bone-common: setup default pinmux
http://elinux.org/Basic_Proto_Cape
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
1 file changed, 130 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
index c7357bcc7d5c..86cdb52dbf8a 100644
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
@@ -98,6 +98,13 @@
>;
};
+ uart1_pins: pinmux_uart1_pins {
+ pinctrl-single,pins = <
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
+ >;
+ };
+
clkout2_pin: pinmux_clkout2_pin {
pinctrl-single,pins = <
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
@@ -178,6 +185,33 @@
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
>;
};
+
+ spi0_pins: pinmux_spi0_pins {
+ pinctrl-single,pins = <
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
+ pinctrl-single,pins = <
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
+ >;
+ };
+
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
+ pinctrl-single,pins = <
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
+ >;
+ };
+
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
+ pinctrl-single,pins = <
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
+ >;
+ };
};
&uart0 {
@@ -187,6 +221,13 @@
status = "okay";
};
+&uart1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart1_pins>;
+
+ status = "okay";
+};
+
&usb {
status = "okay";
};
@@ -261,6 +302,56 @@
};
};
+&epwmss0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ status = "okay";
+
+ ecap@48300100 {
+ status = "okay";
+ };
+};
+
+&epwmss1 {
+ pinctrl-names = "default";
+ pinctrl-0 = <
+ &ehrpwm1_pin_p9_14
+ &ehrpwm1_pin_p9_16
+ >;
+
+ status = "okay";
+
+ ehrpwm@48302200 {
+ status = "okay";
+ };
+};
+
+&spi0 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&spi0_pins>;
+ status = "okay";
+
+ spidev0: spi@0 {
+ compatible = "spidev";
+ reg = <0>;
+ spi-max-frequency = <16000000>;
+ spi-cpha;
+ };
+
+ spidev1: spi@1 {
+ compatible = "spidev";
+ reg = <1>;
+ spi-max-frequency = <16000000>;
+ };
+};
+
+&tscadc {
+ status = "okay";
+ adc {
+ ti,adc-channels = <4 5 6>;
+ };
+};
+
/include/ "tps65217.dtsi"
&tps {
@@ -337,3 +428,42 @@
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
cd-inverted;
};
+
+/ {
+ ocp {
+ //FIXME: these pwm's still need work, this guild isn't working..
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
+ pwm_test_P9_14@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_14";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_16@0 {
+ compatible = "pwm_test";
+ pwms = <&ehrpwm1 0 500000 1>;
+ pwm-names = "PWM_P9_16";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+
+ pwm_test_P9_42 {
+ compatible = "pwm_test";
+ pwms = <&ecap0 0 500000 1>;
+ pwm-names = "PWM_P9_42";
+ pinctrl-names = "default";
+ pinctrl-0 = <&ecap0_pin_p9_42>;
+ enabled = <1>;
+ duty = <0>;
+ status = "okay";
+ };
+ };
+};
--
1.9.3

View File

@ -0,0 +1,42 @@
From 30cbae0ae84ca0e7f874517dc10e0ac218de4050 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:14:19 -0600
Subject: [PATCH] arm: dts: am335x-boneblack: add cpu0 opp points
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index bf5349165542..acfff3befff5 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -66,6 +66,24 @@
};
/ {
+ cpus {
+ cpu@0 {
+ cpu0-supply = <&dcdc2_reg>;
+ /*
+ * To consider voltage drop between PMIC and SoC,
+ * tolerance value is reduced to 2% from 4% and
+ * voltage value is increased as a precaution.
+ */
+ operating-points = <
+ /* kHz uV */
+ 1000000 1325000
+ 800000 1300000
+ 600000 1112000
+ 300000 969000
+ >;
+ };
+ };
+
hdmi {
compatible = "ti,tilcdc,slave";
i2c = <&i2c0>;
--
1.9.3

View File

@ -0,0 +1,39 @@
From dfbaa9d6f848714f27e4cb0e007e86c4ac650268 Mon Sep 17 00:00:00 2001
From: Robert Nelson <robertcnelson@gmail.com>
Date: Fri, 27 Dec 2013 13:05:09 -0600
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
Bugzilla: 1012025
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
---
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
index 305975d3f531..bf5349165542 100644
--- a/arch/arm/boot/dts/am335x-boneblack.dts
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
@@ -73,5 +73,18 @@
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
status = "okay";
+
+ panel-info {
+ bpp = <16>;
+ ac-bias = <255>;
+ ac-bias-intrpt = <0>;
+ dma-burst-sz = <16>;
+ fdd = <16>;
+ sync-edge = <1>;
+ sync-ctrl = <1>;
+ raster-order = <0>;
+ fifo-th = <0>;
+ invert-pxl-clk;
+ };
};
};
--
1.9.3

View File

@ -1,5 +1,14 @@
From cb21611afe95c256214d50379279f8e79cd72cea Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Fri, 11 Jul 2014 00:10:56 +0100
Subject: [PATCH] arm: i.MX6 Utilite device dtb
---
arch/arm/boot/dts/imx6q-cm-fx6.dts | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/arch/arm/boot/dts/imx6q-cm-fx6.dts b/arch/arm/boot/dts/imx6q-cm-fx6.dts
index 99b46f8..8b6ddd1 100644
index 99b46f8030ad..8b6ddd16dcc5 100644
--- a/arch/arm/boot/dts/imx6q-cm-fx6.dts
+++ b/arch/arm/boot/dts/imx6q-cm-fx6.dts
@@ -97,11 +97,49 @@
@ -52,3 +61,6 @@ index 99b46f8..8b6ddd1 100644
+ pinctrl-0 = <&pinctrl_usdhc3>;
+ status = "okay";
+};
--
1.9.3

View File

@ -1,472 +0,0 @@
commit d10715be03bd8bad59ddc50236cb140c3bd73c7b
Author: Pawel Moll <pawel.moll@arm.com>
Date: Tue Jun 24 12:55:11 2014 +0100
video: ARM CLCD: Add DT support
This patch adds basic DT bindings for the PL11x CLCD cells
and make their fbdev driver use them.
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
diff --git a/Documentation/devicetree/bindings/video/arm,pl11x.txt b/Documentation/devicetree/bindings/video/arm,pl11x.txt
new file mode 100644
index 0000000..3e3039a
--- /dev/null
+++ b/Documentation/devicetree/bindings/video/arm,pl11x.txt
@@ -0,0 +1,109 @@
+* ARM PrimeCell Color LCD Controller PL110/PL111
+
+See also Documentation/devicetree/bindings/arm/primecell.txt
+
+Required properties:
+
+- compatible: must be one of:
+ "arm,pl110", "arm,primecell"
+ "arm,pl111", "arm,primecell"
+
+- reg: base address and size of the control registers block
+
+- interrupt-names: either the single entry "combined" representing a
+ combined interrupt output (CLCDINTR), or the four entries
+ "mbe", "vcomp", "lnbu", "fuf" representing the individual
+ CLCDMBEINTR, CLCDVCOMPINTR, CLCDLNBUINTR, CLCDFUFINTR interrupts
+
+- interrupts: contains an interrupt specifier for each entry in
+ interrupt-names
+
+- clock-names: should contain "clcdclk" and "apb_pclk"
+
+- clocks: contains phandle and clock specifier pairs for the entries
+ in the clock-names property. See
+ Documentation/devicetree/binding/clock/clock-bindings.txt
+
+Optional properties:
+
+- memory-region: phandle to a node describing memory (see
+ Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt)
+ to be used for the framebuffer; if not present, the framebuffer
+ may be located anywhere in the memory
+
+- max-memory-bandwidth: maximum bandwidth in bytes per second that the
+ cell's memory interface can handle; if not present, the memory
+ interface is fast enough to handle all possible video modes
+
+Required sub-nodes:
+
+- port: describes LCD panel signals, following the common binding
+ for video transmitter interfaces; see
+ Documentation/devicetree/bindings/media/video-interfaces.txt;
+ when it is a TFT panel, the port's endpoint must define the
+ following property:
+
+ - arm,pl11x,tft-r0g0b0-pads: an array of three 32-bit values,
+ defining the way CLD pads are wired up; first value
+ contains index of the "CLD" external pin (pad) used
+ as R0 (first bit of the red component), second value
+ index of the pad used as G0, third value index of the
+ pad used as B0, see also "LCD panel signal multiplexing
+ details" paragraphs in the PL110/PL111 Technical
+ Reference Manuals; this implicitly defines available
+ color modes, for example:
+ - PL111 TFT 4:4:4 panel:
+ arm,pl11x,tft-r0g0b0-pads = <4 15 20>;
+ - PL110 TFT (1:)5:5:5 panel:
+ arm,pl11x,tft-r0g0b0-pads = <1 7 13>;
+ - PL111 TFT (1:)5:5:5 panel:
+ arm,pl11x,tft-r0g0b0-pads = <3 11 19>;
+ - PL111 TFT 5:6:5 panel:
+ arm,pl11x,tft-r0g0b0-pads = <3 10 19>;
+ - PL110 and PL111 TFT 8:8:8 panel:
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
+ - PL110 and PL111 TFT 8:8:8 panel, R & B components swapped:
+ arm,pl11x,tft-r0g0b0-pads = <16 8 0>;
+
+
+Example:
+
+ clcd@10020000 {
+ compatible = "arm,pl111", "arm,primecell";
+ reg = <0x10020000 0x1000>;
+ interrupt-names = "combined";
+ interrupts = <0 44 4>;
+ clocks = <&oscclk1>, <&oscclk2>;
+ clock-names = "clcdclk", "apb_pclk";
+ max-memory-bandwidth = <94371840>; /* Bps, 1024x768@60 16bpp */
+
+ port {
+ clcd_pads: endpoint {
+ remote-endpoint = <&clcd_panel>;
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
+ };
+ };
+
+ };
+
+ panel {
+ compatible = "panel-dpi";
+
+ port {
+ clcd_panel: endpoint {
+ remote-endpoint = <&clcd_pads>;
+ };
+ };
+
+ panel-timing {
+ clock-frequency = <25175000>;
+ hactive = <640>;
+ hback-porch = <40>;
+ hfront-porch = <24>;
+ hsync-len = <96>;
+ vactive = <480>;
+ vback-porch = <32>;
+ vfront-porch = <11>;
+ vsync-len = <2>;
+ };
+ };
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
index 4a7098f..6f451ad 100644
--- a/drivers/video/fbdev/Kconfig
+++ b/drivers/video/fbdev/Kconfig
@@ -280,6 +280,7 @@ config FB_ARMCLCD
select FB_CFB_FILLRECT
select FB_CFB_COPYAREA
select FB_CFB_IMAGEBLIT
+ select VIDEOMODE_HELPERS if OF
help
This framebuffer device driver is for the ARM PrimeCell PL110
Colour LCD controller. ARM PrimeCells provide the building
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
index 14d6b37..23b3519 100644
--- a/drivers/video/fbdev/amba-clcd.c
+++ b/drivers/video/fbdev/amba-clcd.c
@@ -26,6 +26,13 @@
#include <linux/amba/clcd.h>
#include <linux/clk.h>
#include <linux/hardirq.h>
+#include <linux/dma-mapping.h>
+#include <linux/of.h>
+#include <linux/of_address.h>
+#include <linux/of_graph.h>
+#include <video/display_timing.h>
+#include <video/of_display_timing.h>
+#include <video/videomode.h>
#include <asm/sizes.h>
@@ -543,6 +550,259 @@ static int clcdfb_register(struct clcd_fb *fb)
return ret;
}
+#ifdef CONFIG_OF
+static int clcdfb_of_get_dpi_panel_mode(struct device_node *node,
+ struct fb_videomode *mode)
+{
+ int err;
+ struct display_timing timing;
+ struct videomode video;
+
+ err = of_get_display_timing(node, "panel-timing", &timing);
+ if (err)
+ return err;
+
+ videomode_from_timing(&timing, &video);
+
+ err = fb_videomode_from_videomode(&video, mode);
+ if (err)
+ return err;
+
+ return 0;
+}
+
+static int clcdfb_snprintf_mode(char *buf, int size, struct fb_videomode *mode)
+{
+ return snprintf(buf, size, "%ux%u@%u", mode->xres, mode->yres,
+ mode->refresh);
+}
+
+static int clcdfb_of_get_mode(struct device *dev, struct device_node *endpoint,
+ struct fb_videomode *mode)
+{
+ int err;
+ struct device_node *panel;
+ char *name;
+ int len;
+
+ panel = of_graph_get_remote_port_parent(endpoint);
+ if (!panel)
+ return -ENODEV;
+
+ /* Only directly connected DPI panels supported for now */
+ if (of_device_is_compatible(panel, "panel-dpi"))
+ err = clcdfb_of_get_dpi_panel_mode(panel, mode);
+ else
+ err = -ENOENT;
+ if (err)
+ return err;
+
+ len = clcdfb_snprintf_mode(NULL, 0, mode);
+ name = devm_kzalloc(dev, len + 1, GFP_KERNEL);
+ clcdfb_snprintf_mode(name, len + 1, mode);
+ mode->name = name;
+
+ return 0;
+}
+
+static int clcdfb_of_init_tft_panel(struct clcd_fb *fb, u32 r0, u32 g0, u32 b0)
+{
+ static struct {
+ unsigned int part;
+ u32 r0, g0, b0;
+ u32 caps;
+ } panels[] = {
+ { 0x110, 1, 7, 13, CLCD_CAP_5551 },
+ { 0x110, 0, 8, 16, CLCD_CAP_888 },
+ { 0x111, 4, 14, 20, CLCD_CAP_444 },
+ { 0x111, 3, 11, 19, CLCD_CAP_444 | CLCD_CAP_5551 },
+ { 0x111, 3, 10, 19, CLCD_CAP_444 | CLCD_CAP_5551 |
+ CLCD_CAP_565 },
+ { 0x111, 0, 8, 16, CLCD_CAP_444 | CLCD_CAP_5551 |
+ CLCD_CAP_565 | CLCD_CAP_888 },
+ };
+ int i;
+
+ /* Bypass pixel clock divider, data output on the falling edge */
+ fb->panel->tim2 = TIM2_BCD | TIM2_IPC;
+
+ /* TFT display, vert. comp. interrupt at the start of the back porch */
+ fb->panel->cntl |= CNTL_LCDTFT | CNTL_LCDVCOMP(1);
+
+ fb->panel->caps = 0;
+
+ /* Match the setup with known variants */
+ for (i = 0; i < ARRAY_SIZE(panels) && !fb->panel->caps; i++) {
+ if (amba_part(fb->dev) != panels[i].part)
+ continue;
+ if (g0 != panels[i].g0)
+ continue;
+ if (r0 == panels[i].r0 && b0 == panels[i].b0)
+ fb->panel->caps = panels[i].caps & CLCD_CAP_RGB;
+ if (r0 == panels[i].b0 && b0 == panels[i].r0)
+ fb->panel->caps = panels[i].caps & CLCD_CAP_BGR;
+ }
+
+ return fb->panel->caps ? 0 : -EINVAL;
+}
+
+static int clcdfb_of_init_display(struct clcd_fb *fb)
+{
+ struct device_node *endpoint;
+ int err;
+ u32 max_bandwidth;
+ u32 tft_r0b0g0[3];
+
+ fb->panel = devm_kzalloc(&fb->dev->dev, sizeof(*fb->panel), GFP_KERNEL);
+ if (!fb->panel)
+ return -ENOMEM;
+
+ endpoint = of_graph_get_next_endpoint(fb->dev->dev.of_node, NULL);
+ if (!endpoint)
+ return -ENODEV;
+
+ err = clcdfb_of_get_mode(&fb->dev->dev, endpoint, &fb->panel->mode);
+ if (err)
+ return err;
+
+ err = of_property_read_u32(fb->dev->dev.of_node, "max-memory-bandwidth",
+ &max_bandwidth);
+ if (!err)
+ fb->panel->bpp = 8 * max_bandwidth / (fb->panel->mode.xres *
+ fb->panel->mode.yres * fb->panel->mode.refresh);
+ else
+ fb->panel->bpp = 32;
+
+#ifdef CONFIG_CPU_BIG_ENDIAN
+ fb->panel->cntl |= CNTL_BEBO;
+#endif
+ fb->panel->width = -1;
+ fb->panel->height = -1;
+
+ if (of_property_read_u32_array(endpoint,
+ "arm,pl11x,tft-r0g0b0-pads",
+ tft_r0b0g0, ARRAY_SIZE(tft_r0b0g0)) == 0)
+ return clcdfb_of_init_tft_panel(fb, tft_r0b0g0[0],
+ tft_r0b0g0[1], tft_r0b0g0[2]);
+
+ return -ENOENT;
+}
+
+static int clcdfb_of_vram_setup(struct clcd_fb *fb)
+{
+ int err;
+ struct device_node *memory;
+ u64 size;
+
+ err = clcdfb_of_init_display(fb);
+ if (err)
+ return err;
+
+ memory = of_parse_phandle(fb->dev->dev.of_node, "memory-region", 0);
+ if (!memory)
+ return -ENODEV;
+
+ fb->fb.screen_base = of_iomap(memory, 0);
+ if (!fb->fb.screen_base)
+ return -ENOMEM;
+
+ fb->fb.fix.smem_start = of_translate_address(memory,
+ of_get_address(memory, 0, &size, NULL));
+ fb->fb.fix.smem_len = size;
+
+ return 0;
+}
+
+static int clcdfb_of_vram_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
+{
+ unsigned long off, user_size, kernel_size;
+
+
+ off = vma->vm_pgoff << PAGE_SHIFT;
+ user_size = vma->vm_end - vma->vm_start;
+ kernel_size = fb->fb.fix.smem_len;
+
+ if (off >= kernel_size || user_size > (kernel_size - off))
+ return -ENXIO;
+
+ return remap_pfn_range(vma, vma->vm_start,
+ __phys_to_pfn(fb->fb.fix.smem_start) + vma->vm_pgoff,
+ user_size,
+ pgprot_writecombine(vma->vm_page_prot));
+}
+
+static void clcdfb_of_vram_remove(struct clcd_fb *fb)
+{
+ iounmap(fb->fb.screen_base);
+}
+
+static int clcdfb_of_dma_setup(struct clcd_fb *fb)
+{
+ unsigned long framesize;
+ dma_addr_t dma;
+ int err;
+
+ err = clcdfb_of_init_display(fb);
+ if (err)
+ return err;
+
+ framesize = fb->panel->mode.xres * fb->panel->mode.yres *
+ fb->panel->bpp / 8;
+ fb->fb.screen_base = dma_alloc_coherent(&fb->dev->dev, framesize,
+ &dma, GFP_KERNEL);
+ if (!fb->fb.screen_base)
+ return -ENOMEM;
+
+ fb->fb.fix.smem_start = dma;
+ fb->fb.fix.smem_len = framesize;
+
+ return 0;
+}
+
+static int clcdfb_of_dma_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
+{
+ return dma_mmap_writecombine(&fb->dev->dev, vma, fb->fb.screen_base,
+ fb->fb.fix.smem_start, fb->fb.fix.smem_len);
+}
+
+static void clcdfb_of_dma_remove(struct clcd_fb *fb)
+{
+ dma_free_coherent(&fb->dev->dev, fb->fb.fix.smem_len,
+ fb->fb.screen_base, fb->fb.fix.smem_start);
+}
+
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
+{
+ struct clcd_board *board = devm_kzalloc(&dev->dev, sizeof(*board),
+ GFP_KERNEL);
+ struct device_node *node = dev->dev.of_node;
+
+ if (!board)
+ return NULL;
+
+ board->name = of_node_full_name(node);
+ board->caps = CLCD_CAP_ALL;
+ board->check = clcdfb_check;
+ board->decode = clcdfb_decode;
+ if (of_find_property(node, "memory-region", NULL)) {
+ board->setup = clcdfb_of_vram_setup;
+ board->mmap = clcdfb_of_vram_mmap;
+ board->remove = clcdfb_of_vram_remove;
+ } else {
+ board->setup = clcdfb_of_dma_setup;
+ board->mmap = clcdfb_of_dma_mmap;
+ board->remove = clcdfb_of_dma_remove;
+ }
+
+ return board;
+}
+#else
+static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
+{
+ return NULL;
+}
+#endif
+
static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
{
struct clcd_board *board = dev_get_platdata(&dev->dev);
@@ -550,6 +810,9 @@ static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
int ret;
if (!board)
+ board = clcdfb_of_get_board(dev);
+
+ if (!board)
return -EINVAL;
ret = dma_set_mask_and_coherent(&dev->dev, DMA_BIT_MASK(32));
commit 1d5167b72ca05b2096760e1200fcd53b5f9a7562
Author: Pawel Moll <pawel.moll@arm.com>
Date: Fri Aug 1 15:43:34 2014 +0100
video: ARM CLCD: Fix DT-related build problems
This patch fixes the following error when !CONFIG_OF:
drivers/video/fbdev/amba-clcd.c:800:54: warning: struct amba_dev declared inside parameter list [enabled by default]
static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
^
and adds a missing Kconfig select causing this
when CONFIG_OF && !CONFIG_FB_MODE_HELPERS:
drivers/video/fbdev/amba-clcd.c:567: undefined reference to `fb_videomode_from_videomode'
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
index 6f451ad..ef94623 100644
--- a/drivers/video/fbdev/Kconfig
+++ b/drivers/video/fbdev/Kconfig
@@ -280,6 +280,7 @@ config FB_ARMCLCD
select FB_CFB_FILLRECT
select FB_CFB_COPYAREA
select FB_CFB_IMAGEBLIT
+ select FB_MODE_HELPERS if OF
select VIDEOMODE_HELPERS if OF
help
This framebuffer device driver is for the ARM PrimeCell PL110
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
index 23b3519..beadd3e 100644
--- a/drivers/video/fbdev/amba-clcd.c
+++ b/drivers/video/fbdev/amba-clcd.c
@@ -797,7 +797,7 @@ static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
return board;
}
#else
-static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
{
return NULL;
}

View File

@ -1,111 +0,0 @@
From: Stephen Warren <swarren@xxxxxxxxxx>
When tegra-drm.ko is built as a module, these MODULE_DEVICE_TABLEs allow
the module to be auto-loaded since the module will match the devices
instantiated from device tree.
(Notes for stable: in 3.14+, just git rm any conflicting file, since they
are added in later kernels. For 3.13 and below, manual merging will be
needed)
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Stephen Warren <swarren@xxxxxxxxxx>
---
v2: Remove change to drm.c, since the match table there isn't used for
probing.
---
drivers/gpu/drm/tegra/dc.c | 1 +
drivers/gpu/drm/tegra/dpaux.c | 1 +
drivers/gpu/drm/tegra/dsi.c | 1 +
drivers/gpu/drm/tegra/gr2d.c | 1 +
drivers/gpu/drm/tegra/gr3d.c | 1 +
drivers/gpu/drm/tegra/hdmi.c | 1 +
drivers/gpu/drm/tegra/sor.c | 1 +
7 files changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
index ef40381f3909..48c3bc460eef 100644
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -1303,6 +1303,7 @@ static const struct of_device_id tegra_dc_of_match[] = {
/* sentinel */
}
};
+MODULE_DEVICE_TABLE(of, tegra_dc_of_match);
static int tegra_dc_parse_dt(struct tegra_dc *dc)
{
diff --git a/drivers/gpu/drm/tegra/dpaux.c b/drivers/gpu/drm/tegra/dpaux.c
index 3f132e356e9c..708f783ead47 100644
--- a/drivers/gpu/drm/tegra/dpaux.c
+++ b/drivers/gpu/drm/tegra/dpaux.c
@@ -382,6 +382,7 @@ static const struct of_device_id tegra_dpaux_of_match[] = {
{ .compatible = "nvidia,tegra124-dpaux", },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_dpaux_of_match);
struct platform_driver tegra_dpaux_driver = {
.driver = {
diff --git a/drivers/gpu/drm/tegra/dsi.c b/drivers/gpu/drm/tegra/dsi.c
index bd56f2affa78..97c409f10456 100644
--- a/drivers/gpu/drm/tegra/dsi.c
+++ b/drivers/gpu/drm/tegra/dsi.c
@@ -982,6 +982,7 @@ static const struct of_device_id tegra_dsi_of_match[] = {
{ .compatible = "nvidia,tegra114-dsi", },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_dsi_of_match);
struct platform_driver tegra_dsi_driver = {
.driver = {
diff --git a/drivers/gpu/drm/tegra/gr2d.c b/drivers/gpu/drm/tegra/gr2d.c
index 7c53941f2a9e..02cd3e37a6ec 100644
--- a/drivers/gpu/drm/tegra/gr2d.c
+++ b/drivers/gpu/drm/tegra/gr2d.c
@@ -121,6 +121,7 @@ static const struct of_device_id gr2d_match[] = {
{ .compatible = "nvidia,tegra20-gr2d" },
{ },
};
+MODULE_DEVICE_TABLE(of, gr2d_match);
static const u32 gr2d_addr_regs[] = {
GR2D_UA_BASE_ADDR,
diff --git a/drivers/gpu/drm/tegra/gr3d.c b/drivers/gpu/drm/tegra/gr3d.c
index 30f5ba9bd6d0..2bea2b2d204e 100644
--- a/drivers/gpu/drm/tegra/gr3d.c
+++ b/drivers/gpu/drm/tegra/gr3d.c
@@ -130,6 +130,7 @@ static const struct of_device_id tegra_gr3d_match[] = {
{ .compatible = "nvidia,tegra20-gr3d" },
{ }
};
+MODULE_DEVICE_TABLE(of, tegra_gr3d_match);
static const u32 gr3d_addr_regs[] = {
GR3D_IDX_ATTRIBUTE( 0),
diff --git a/drivers/gpu/drm/tegra/hdmi.c b/drivers/gpu/drm/tegra/hdmi.c
index a0b8d8539d07..84ea0c8b47f7 100644
--- a/drivers/gpu/drm/tegra/hdmi.c
+++ b/drivers/gpu/drm/tegra/hdmi.c
@@ -1370,6 +1370,7 @@ static const struct of_device_id tegra_hdmi_of_match[] = {
{ .compatible = "nvidia,tegra20-hdmi", .data = &tegra20_hdmi_config },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_hdmi_of_match);
static int tegra_hdmi_probe(struct platform_device *pdev)
{
diff --git a/drivers/gpu/drm/tegra/sor.c b/drivers/gpu/drm/tegra/sor.c
index 27c979b50111..061a5c501124 100644
--- a/drivers/gpu/drm/tegra/sor.c
+++ b/drivers/gpu/drm/tegra/sor.c
@@ -1455,6 +1455,7 @@ static const struct of_device_id tegra_sor_of_match[] = {
{ .compatible = "nvidia,tegra124-sor", },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_sor_of_match);
struct platform_driver tegra_sor_driver = {
.driver = {
--
1.8.1.5

View File

@ -1,16 +0,0 @@
--- linux-3.3.4-3.fc17.x86_64_orig/drivers/usb/core/hub.c 2012-05-02 20:08:18.421685932 -0400
+++ linux-3.3.4-3.fc17.x86_64/drivers/usb/core/hub.c 2012-05-02 20:30:36.565865425 -0400
@@ -3484,6 +3484,13 @@ static void hub_events(void)
(u16) hub->change_bits[0],
(u16) hub->event_bits[0]);
+ /* Don't disconnect USB-SATA on TrimSlice */
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
+ (hub->event_bits[0] == 0x2))
+ hub->event_bits[0] = 0;
+ }
+
/* Lock the device, then check to see if we were
* disconnected while waiting for the lock to succeed. */
usb_lock_device(hdev);

View File

@ -1,69 +0,0 @@
Bugzilla: 1097436
Upstream-status: Sent upstream for 3.16
From f6fad201a0e4584e9826a2deb8ebbfccdb8cb13b Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:01 +0200
Subject: [PATCH 04/14] asus-wmi: Add a no backlight quirk
Some Asus motherboards for desktop PC-s export an acpi-video and
an asus-wmi interface advertising backlight support. Add a quirk to allow
to blacklist these so that desktop environments such as gnome don't start
showing nonsense brightness controls.
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/asus-wmi.c | 8 ++++++--
drivers/platform/x86/asus-wmi.h | 1 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index c5e082fb82fa..6f73dc5125ca 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1272,6 +1272,9 @@ static int asus_wmi_backlight_init(struct asus_wmi *asus)
int max;
int power;
+ if (asus->driver->quirks->no_backlight)
+ return -ENODEV;
+
max = read_brightness_max(asus);
if (max == -ENODEV)
@@ -1370,7 +1373,7 @@ static void asus_wmi_notify(u32 value, void *context)
code = ASUS_WMI_BRN_DOWN;
if (code == ASUS_WMI_BRN_DOWN || code == ASUS_WMI_BRN_UP) {
- if (!acpi_video_backlight_support()) {
+ if (asus->backlight_device) {
asus_wmi_backlight_notify(asus, orig_code);
goto exit;
}
@@ -1773,7 +1776,8 @@ static int asus_wmi_add(struct platform_device *pdev)
if (err)
goto fail_rfkill;
- if (asus->driver->quirks->wmi_backlight_power)
+ if (asus->driver->quirks->wmi_backlight_power ||
+ asus->driver->quirks->no_backlight)
acpi_video_dmi_promote_vendor();
if (!acpi_video_backlight_support()) {
pr_info("Disabling ACPI video driver\n");
diff --git a/drivers/platform/x86/asus-wmi.h b/drivers/platform/x86/asus-wmi.h
index 4da4c8bafe70..cc47efe14974 100644
--- a/drivers/platform/x86/asus-wmi.h
+++ b/drivers/platform/x86/asus-wmi.h
@@ -42,6 +42,7 @@ struct quirk_entry {
bool scalar_panel_brightness;
bool store_backlight_power;
bool wmi_backlight_power;
+ bool no_backlight;
int wapf;
/*
* For machines with AMD graphic chips, it will send out WMI event
--
1.9.0

View File

@ -0,0 +1,54 @@
From f04bd0bd583d4b531b2adc7299c85b4e9934a133 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
restricted
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
be manipulated in such a way that arbitrary code can be executed in the
kernel, circumventing module loading restrictions. Prevent that if any of
these features are enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/platform/x86/asus-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index 21fc932da3a1..c6d42ad95c08 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1590,6 +1590,9 @@ static int show_dsts(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0)
@@ -1606,6 +1609,9 @@ static int show_devs(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval);
@@ -1630,6 +1636,9 @@ static int show_call(struct seq_file *m, void *data)
union acpi_object *obj;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
1, asus->debug.method_id,
&input, &output);
--
1.9.3

View File

@ -1,6 +1,17 @@
From d57ac23df8a6f1b21bd55d0884ae81f6e8e3bb8f Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Wed, 6 Feb 2013 09:57:47 -0500
Subject: [PATCH] ath9k: rx dma stop check
---
drivers/net/wireless/ath/ath9k/mac.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c
index 275205ab5f15..bb842623bdf6 100644
--- a/drivers/net/wireless/ath/ath9k/mac.c
+++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -689,7 +689,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
@@ -700,7 +700,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
{
#define AH_RX_STOP_DMA_TIMEOUT 10000 /* usec */
struct ath_common *common = ath9k_hw_common(ah);
@ -9,7 +20,7 @@
int i;
/* Enable access to the DMA observation bus */
@@ -719,6 +719,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
@@ -730,6 +730,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
}
if (i == 0) {
@ -26,3 +37,6 @@
ath_err(common,
"DMA failed to stop in %d ms AR_CR=0x%08x AR_DIAG_SW=0x%08x DMADBG_7=0x%08x\n",
AH_RX_STOP_DMA_TIMEOUT / 1000,
--
1.9.3

View File

@ -8,6 +8,7 @@ CONFIG_HW_PERF_EVENTS=y
CONFIG_NFS_FS=y
CONFIG_CRASH=m
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_PID_IN_CONTEXTIDR is not set
@ -42,6 +43,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y
# ARM AMBA generic HW
CONFIG_ARM_AMBA=y
CONFIG_ARM_CCI=y
CONFIG_ARM_CCN=y
CONFIG_ARM_DMA_USE_IOMMU=y
CONFIG_ARM_DMA_IOMMU_ALIGNMENT=8
CONFIG_ARM_GIC=y
@ -104,6 +106,7 @@ CONFIG_EXTCON=m
CONFIG_OF_EXTCON=m
CONFIG_EXTCON_GPIO=m
CONFIG_EXTCON_ADC_JACK=m
# CONFIG_EXTCON_SM5502 is not set
# MTD
CONFIG_MTD_BLKDEVS=m
@ -177,18 +180,29 @@ CONFIG_CMA_AREAS=7
# CONFIG_CRYPTO_TEST is not set
# CONFIG_TRANSPARENT_HUGEPAGE is not set
# CONFIG_XEN is not set
# CONFIG_DRM_RCAR_DU is not set
# CONFIG_I2C_RCAR is not set
# CONFIG_DRM_SHMOBILE is not set
# CONFIG_I2C_SH_MOBILE is not set
# CONFIG_MMC_DW_SOCFPGA is not set
# CONFIG_I2C_NOMADIK is not set
# CONFIG_IRQ_DOMAIN_DEBUG is not set
# CONFIG_LEDS_RENESAS_TPU is not set
# CONFIG_LOCK_STAT is not set
# CONFIG_DRM_ARMADA is not set
# CONFIG_DRM_TEGRA is not set
# CONFIG_SHMOBILE_IOMMU is not set
# CONFIG_COMMON_CLK_SI570 is not set
# CONFIG_COMMON_CLK_QCOM is not set
# CONFIG_IRQ_DOMAIN_DEBUG is not set
# CONFIG_ARM_PTDUMP is not set
### turn off things which make no sense on ARM
# CONFIG_PATA_PLATFORM is not set
# CONFIG_USB_ULPI is not set
### turn off things which make no sense on embedded SoC
# core
@ -201,8 +215,6 @@ CONFIG_CMA_AREAS=7
# CONFIG_ISDN is not set
# CONFIG_GAMEPORT is not set
# CONFIG_AGP is not set
# CONFIG_PATA_PLATFORM is not set
# CONFIG_USB_ULPI is not set
# netdrv
@ -241,10 +253,17 @@ CONFIG_CMA_AREAS=7
# CONFIG_SCSI_MPT3SAS is not set
# serial
# CONFIG_SERIAL_SH_SCI is not set
# CONFIG_SERIAL_MAX3100 is not set
# CONFIG_SERIAL_MAX310X is not set
# CONFIG_SERIAL_IFX6X60 is not set
# drm
# CONFIG_DRM_VMWGFX is not set
# CONFIG_IMX_IPUV3_CORE is not set
# CONFIG_DEBUG_SET_MODULE_RONX is not set
# CONFIG_LATTICE_ECP3_CONFIG is not set
# CONFIG_BMP085_SPI is not set
# CONFIG_TI_DAC7512 is not set
# CONFIG_SPI_ROCKCHIP is not set

View File

@ -30,7 +30,6 @@ CONFIG_GENERIC_ACL=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
CONFIG_GENERIC_CSUM=y
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_GENERIC_IO=y
CONFIG_GENERIC_PCI_IOMAP=y
@ -81,6 +80,11 @@ CONFIG_CRYPTO_AES_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
CONFIG_I2C_ACPI=y
# APM Xgene
CONFIG_POWER_RESET_XGENE=y
@ -111,3 +115,5 @@ CONFIG_PCI_XGENE=y
CONFIG_HOTPLUG_PCI=y
# CONFIG_HOTPLUG_PCI_CPCI is not set
# CONFIG_HOTPLUG_PCI_SHPC is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set

View File

@ -10,7 +10,6 @@ CONFIG_ARCH_OMAP4=y
CONFIG_ARCH_PICOXCELL=y
CONFIG_ARCH_QCOM=y
CONFIG_ARCH_ROCKCHIP=y
# CONFIG_ARCH_SOCFPGA is not set
CONFIG_ARCH_TEGRA=y
CONFIG_ARCH_U8500=y
# CONFIG_ARCH_VIRT is not set
@ -39,7 +38,7 @@ CONFIG_MV643XX_ETH=m
CONFIG_PINCTRL_MVEBU=y
CONFIG_PINCTRL_ARMADA_370=y
CONFIG_PINCTRL_ARMADA_XP=y
# CONFIG_ARM_ARMADA_370_XP_CPUIDLE is not set
# CONFIG_ARM_MVEBU_V7_CPUIDLE is not set
CONFIG_PINCTRL_DOVE=y
CONFIG_EDAC_MV64X60=m
CONFIG_RTC_DRV_S35390A=m
@ -115,7 +114,6 @@ CONFIG_OMAP_DM_TIMER=y
CONFIG_OMAP_PM_NOOP=y
CONFIG_DMA_OMAP=y
CONFIG_OMAP_IOMMU=y
CONFIG_OMAP_IOVMM=m
CONFIG_HWSPINLOCK_OMAP=m
CONFIG_OMAP3_EMU=y
# CONFIG_OMAP3_SDRC_AC_TIMING is not set
@ -136,6 +134,7 @@ CONFIG_BATTERY_TWL4030_MADC=m
CONFIG_OMAP_USB2=m
CONFIG_OMAP_CONTROL_PHY=m
CONFIG_TI_PIPE3=m
CONFIG_PCI_DRA7XX=y
CONFIG_TWL4030_USB=m
CONFIG_TWL6030_USB=m
CONFIG_TWL6030_PWM=m
@ -173,6 +172,7 @@ CONFIG_REGULATOR_PBIAS=m
CONFIG_RTC_DRV_PALMAS=m
CONFIG_OMAP5_DSS_HDMI=y
CONFIG_OMAP5_DSS_HDMI_AUDIO=y
CONFIG_COMMON_CLK_PALMAS=m
CONFIG_WL_TI=y
CONFIG_WLCORE_SDIO=m
@ -301,7 +301,6 @@ CONFIG_RADIO_WL128X=m
CONFIG_OMAP_REMOTEPROC=m
# CONFIG_TIDSPBRIDGE is not set
# CONFIG_OMAP2_DSS_DEBUGFS is not set
# CONFIG_OMAP_IOMMU_DEBUG is not set
# CONFIG_OMAP_MUX_DEBUG is not set
@ -334,6 +333,7 @@ CONFIG_SND_DAVINCI_SOC_I2S=m
CONFIG_SND_DAVINCI_SOC_MCASP=m
CONFIG_SND_DAVINCI_SOC_VCIF=m
CONFIG_SND_DAVINCI_SOC_GENERIC_EVM=m
CONFIG_SND_EDMA_SOC=m
CONFIG_SND_AM33XX_SOC_EVM=m
CONFIG_REGULATOR_TI_ABB=m
CONFIG_TI_ADC081C=m
@ -351,7 +351,6 @@ CONFIG_SERIAL_MSM_CONSOLE=y
CONFIG_PINCTRL_APQ8064=m
CONFIG_PINCTRL_IPQ8064=m
CONFIG_PINCTRL_MSM8960=m
CONFIG_PINCTRL_MSM8960=m
CONFIG_COMMON_CLK_QCOM=m
CONFIG_APQ_GCC_8084=m
CONFIG_APQ_MMCC_8084=m
@ -370,6 +369,9 @@ CONFIG_USB_MSM_OTG=m
CONFIG_MMC_SDHCI_MSM=m
CONFIG_QCOM_BAM_DMA=m
CONFIG_QCOM_GSBI=m
CONFIG_PHY_QCOM_APQ8064_SATA=m
CONFIG_PHY_QCOM_IPQ806X_SATA=m
CONFIG_CRYPTO_DEV_QCE=m
CONFIG_MSM_IOMMU=y
CONFIG_DRM_MSM=m
CONFIG_DRM_MSM_FBDEV=y
@ -386,7 +388,6 @@ CONFIG_SOC_IMX6Q=y
CONFIG_SOC_IMX6SL=y
CONFIG_SOC_IMX6SX=y
# CONFIG_SOC_VF610 is not set
CONFIG_MACH_IMX51_DT=y
CONFIG_ARM_IMX6Q_CPUFREQ=m
CONFIG_PCI_IMX6=y
CONFIG_IMX_THERMAL=m
@ -428,6 +429,7 @@ CONFIG_RTC_DRV_SNVS=m
# CONFIG_FB_IMX is not set
CONFIG_SND_IMX_SOC=m
CONFIG_SND_SOC_FSL_ASRC=m
CONFIG_SND_SOC_FSL_ESAI=m
CONFIG_SND_SOC_FSL_SAI=m
CONFIG_SND_SOC_FSL_SPDIF=m
@ -507,6 +509,9 @@ CONFIG_REGULATOR_DA9055=m
# Rockchips
CONFIG_I2C_RK3X=m
CONFIG_SPI_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP=m
CONFIG_PWM_ROCKCHIP=m
# ST Ericsson
CONFIG_MACH_HREFV60=y
@ -605,6 +610,8 @@ CONFIG_LATTICE_ECP3_CONFIG=m
CONFIG_NET_VENDOR_XILINX=y
CONFIG_XILINX_EMACLITE=m
CONFIG_GPIO_XILINX=y
# Broken
# CONFIG_GPIO_ZYNQ is not set
CONFIG_I2C_XILINX=m
CONFIG_SPI_XILINX=m
CONFIG_SPI_CADENCE=m

View File

@ -60,9 +60,13 @@ CONFIG_ARCH_VEXPRESS_CORTEX_A5_A9_ERRATA=y
# CONFIG_ARCH_BCM is not set
# CONFIG_ARCH_BERLIN is not set
# CONFIG_ARCH_HI3xxx is not set
# CONFIG_ARCH_HISI is not set
# CONFIG_ARCH_MEDIATEK is not set
# CONFIG_ARCH_QCOM is not set
# CONFIG_ARCH_S5PV210 is not set
# CONFIG_ARCH_SHMOBILE_MULTI is not set
# CONFIG_ARCH_SIRF is not set
# CONFIG_ARCH_SOCFPGA is not set
# CONFIG_PLAT_SPEAR is not set
# CONFIG_ARCH_STI is not set
# CONFIG_ARCH_U8500 is not set
@ -122,7 +126,6 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768
CONFIG_XZ_DEC_ARM=y
CONFIG_UACCESS_WITH_MEMCPY=y
CONFIG_CC_STACKPROTECTOR=y
CONFIG_PCI_HOST_GENERIC=y
@ -165,11 +168,11 @@ CONFIG_ARM_HIGHBANK_CPUFREQ=m
# CONFIG_MACH_SUN5I is not set
CONFIG_MACH_SUN6I=y
CONFIG_MACH_SUN7I=y
CONFIG_PINCTRL_SUNXI=y
# CONFIG_MACH_SUN8I is not set
CONFIG_DMA_SUN6I=m
CONFIG_SUNXI_WATCHDOG=m
CONFIG_NET_VENDOR_ALLWINNER=y
CONFIG_STMMAC_PLATFORM=y
CONFIG_DWMAC_SOCFPGA=y
CONFIG_DWMAC_SUNXI=y
CONFIG_EEPROM_SUNXI_SID=m
CONFIG_RTC_DRV_SUNXI=m
@ -184,11 +187,10 @@ CONFIG_POWER_RESET_SUN6I=y
CONFIG_TOUCHSCREEN_SUN4I=m
CONFIG_MFD_AXP20X=y
CONFIG_REGULATOR_AXP20X=m
CONFIG_IR_SUNXI=m
CONFIG_MDIO_SUN4I=m
CONFIG_SUN4I_EMAC=m
CONFIG_MDIO_SUN4I=m
CONFIG_SUN4I_EMAC=m
# Exynos
CONFIG_ARCH_EXYNOS3=y
CONFIG_ARCH_EXYNOS4=y
@ -427,6 +429,7 @@ CONFIG_MFD_TPS65912_SPI=y
# CONFIG_MFD_TPS80031 is not set
# CONFIG_TWL4030_CORE is not set
# CONFIG_TWL6040_CORE is not set
#
# Pin stuff
CONFIG_PINMUX=y
@ -440,6 +443,7 @@ CONFIG_GENERIC_PINCONF=y
# CONFIG_PINCTRL_BCM281XX is not set
# CONFIG_PINCTRL_APQ8064 is not set
# CONFIG_PINCTRL_IPQ8064 is not set
# CONFIG_PINCTRL_MSM8960 is not set
# GPIO
# CONFIG_GPIO_EM is not set
@ -478,7 +482,6 @@ CONFIG_SPI_OC_TINY=m
CONFIG_SPI_SC18IS602=m
CONFIG_SPI_TLE62X0=m
CONFIG_SPI_XCOMM=m
CONFIG_SPI_XILINX=m
# CONFIG_SPI_FSL_SPI is not set
# CONFIG_SPI_CADENCE is not set
@ -493,6 +496,8 @@ CONFIG_I2C_MV64XXX=m
CONFIG_CRYPTO_SHA1_ARM=m
CONFIG_CRYPTO_AES_ARM=m
# CONFIG_CRYPTO_AES_ARM_BS is not set
CONFIG_CRYPTO_SHA1_ARM_NEON=m
CONFIG_CRYPTO_SHA512_ARM_NEON=m
# DMA
CONFIG_TI_PRIV_EDMA=y
@ -550,7 +555,6 @@ CONFIG_MMC_DW_PLTFM=m
CONFIG_MMC_DW_PCI=m
CONFIG_SPI_DW_MMIO=m
CONFIG_SPI_DW_PCI=m
# CONFIG_MMC_DW_SOCFPGA is not set
# CONFIG_MMC_DW_IDMAC is not set
# CONFIG_MMC_DW_K3 is not set
CONFIG_USB_DWC2=y
@ -565,6 +569,7 @@ CONFIG_USB_DWC3_OMAP=m
CONFIG_USB_DWC3_PCI=m
# CONFIG_USB_DWC3_DEBUG is not set
# CONFIG_USB_DWC3_KEYSTONE is not set
# CONFIG_DWC3_HOST_USB3_LPM_ENABLE is not set
CONFIG_DW_WATCHDOG=m
CONFIG_PCIE_DW=y
@ -618,15 +623,21 @@ CONFIG_SND_SOC_SPDIF=m
# CONFIG_SND_SOC_WM8903 is not set
# CONFIG_SND_SOC_WM8962 is not set
# CONFIG_SND_SOC_TPA6130A2 is not set
# CONFIG_SND_SOC_FSL_SAI is not set
# CONFIG_SND_SOC_FSL_SSI is not set
# CONFIG_SND_SOC_FSL_SPDIF is not set
# CONFIG_SND_SOC_FSL_ASRC is not set
# CONFIG_SND_SOC_FSL_ESAI is not set
# CONFIG_SND_SOC_FSL_SAI is not set
# CONFIG_SND_SOC_FSL_SPDIF is not set
# CONFIG_SND_SOC_FSL_SSI is not set
# CONFIG_SND_SOC_IMX_AUDMUX is not set
# CONFIG_SND_SOC_ALC5623 is not set
# CONFIG_SND_SOC_CS42L56 is not set
# CONFIG_SND_SOC_STA350 is not set
# CONFIG_SND_ATMEL_SOC is not set
# CONFIG_SND_SOC_TLV320AIC31XX is not set
# CONFIG_SND_SOC_TAS2552 is not set
# CONFIG_SND_SOC_CS4265 is not set
# CONFIG_SND_EDMA_SOC is not set
# CONFIG_SND_SOC_ROCKCHIP is not set
# Displays
CONFIG_BACKLIGHT_TPS65217=m
@ -685,6 +696,7 @@ CONFIG_REGULATOR_TPS65912=m
CONFIG_REGULATOR_TPS80031=m
CONFIG_REGULATOR_LTC3589=m
CONFIG_REGULATOR_ANATOP=m
CONFIG_REGULATOR_DA9211=m
CONFIG_CHARGER_MANAGER=y
CONFIG_CHARGER_BQ2415X=m
@ -792,6 +804,7 @@ CONFIG_BPF_JIT=y
# HW Enabled in armv7 not lpae
# CONFIG_DRM_TILCDC is not set
# CONFIG_DRM_IMX is not set
# CONFIG_DRM_STI is not set
# CONFIG_AHCI_IMX is not set
# CONFIG_IMX_THERMAL is not set
# CONFIG_TI_DAC7512 is not set
@ -828,6 +841,8 @@ CONFIG_BPF_JIT=y
# CONFIG_MMC_TMIO is not set
# CONFIG_PINCTRL_IMX35 is not set
# CONFIG_DVB_USB_PCTV452E is not set
# CONFIG_DWMAC_SOCFPGA is not set
# CONFIG_MMC_DW_SOCFPGA is not set
# CONFIG_MFD_LP8788 is not set
# CONFIG_MFD_MAX77693 is not set

View File

@ -11,7 +11,6 @@ CONFIG_ARCH_VIRT=y
# CONFIG_SOC_AM43XX is not set
# CONFIG_SOC_DRA7XX is not set
# CONFIG_ARCH_ROCKCHIP is not set
# CONFIG_ARCH_SOCFPGA is not set
# CONFIG_ARCH_ZYNQ is not set
# CONFIG_ARCH_AXXIA is not set
@ -62,6 +61,7 @@ CONFIG_TI_AEMIF=m
CONFIG_POWER_RESET_KEYSTONE=y
CONFIG_DAVINCI_WATCHDOG=m
CONFIG_SPI_DAVINCI=m
CONFIG_TI_DAVINCI_MDIO=m
# CONFIG_TI_SOC_THERMAL is not set
# Tegra (non A15 device options)

View File

@ -123,6 +123,8 @@ CONFIG_MAC80211_MESSAGE_TRACING=y
CONFIG_EDAC_DEBUG=y
CONFIG_SPI_DEBUG=y
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
CONFIG_LATENCYTOP=y
CONFIG_SCHEDSTATS=y

View File

@ -44,6 +44,7 @@ CONFIG_TASK_XACCT=y
CONFIG_TASK_IO_ACCOUNTING=y
CONFIG_SYSCTL=y
CONFIG_LOG_BUF_SHIFT=18
CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
# CONFIG_IKCONFIG is not set
# CONFIG_EMBEDDED is not set
# CONFIG_EXPERT is not set
@ -149,6 +150,7 @@ CONFIG_MMC_USHC=m
CONFIG_MMC_REALTEK_PCI=m
CONFIG_MMC_REALTEK_USB=m
CONFIG_MMC_VUB300=m
# CONFIG_MMC_SPI is not set
# CONFIG_MMC_SDHCI_PXAV2 is not set
# CONFIG_MMC_SDHCI_PXAV3 is not set
# CONFIG_MMC_SDHCI_OF_ARASAN is not set
@ -208,16 +210,34 @@ CONFIG_BINFMT_MISC=m
# Generic Driver Options
#
CONFIG_FW_LOADER=y
# CONFIG_TEST_FIRMWARE is not set
# CONFIG_FIRMWARE_IN_KERNEL is not set
CONFIG_EXTRA_FIRMWARE=""
# Give this a try in rawhide for now
# CONFIG_FW_LOADER_USER_HELPER is not set
# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
# CONFIG_CMA is not set
# CONFIG_DMA_CMA is not set
# CONFIG_FENCE_TRACE is not set
# CONFIG_SPI is not set
# CONFIG_SPI_ALTERA is not set
# CONFIG_SPI_BITBANG is not set
# CONFIG_SPI_BUTTERFLY is not set
# CONFIG_SPI_GPIO is not set
# CONFIG_SPI_LM70_LLP is not set
# CONFIG_SPI_OC_TINY is not set
# CONFIG_SPI_PXA2XX is not set
# CONFIG_SPI_SC18IS602 is not set
# CONFIG_SPI_TOPCLIFF_PCH is not set
# CONFIG_SPI_XCOMM is not set
# CONFIG_SPI_XILINX is not set
# CONFIG_SPI_DESIGNWARE is not set
# CONFIG_SPI_SPIDEV is not set
# CONFIG_SPI_TLE62X0 is not set
# CONFIG_SPI_FSL_SPI is not set
# CONFIG_SPMI is not set
@ -272,6 +292,8 @@ CONFIG_MTD_CFI_I2=y
# CONFIG_MTD_TS5500 is not set
# CONFIG_MTD_INTEL_VR_NOR is not set
# CONFIG_MTD_PLATRAM is not set
# CONFIG_MTD_SST25L is not set
# CONFIG_MTD_DATAFLASH is not set
# Self-contained MTD device drivers
# CONFIG_MTD_PMC551 is not set
@ -860,10 +882,13 @@ CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
CONFIG_NETFILTER_XT_TARGET_LED=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_NAT=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
@ -954,6 +979,11 @@ CONFIG_NF_CT_NETLINK=m
CONFIG_NF_CT_NETLINK_HELPER=m
CONFIG_NF_CT_PROTO_UDPLITE=m
CONFIG_NF_LOG_ARP=m
CONFIG_NF_LOG_IPV4=m
CONFIG_NF_LOG_IPV6=m
CONFIG_NF_LOG_BRIDGE=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_RPFILTER=m
@ -967,7 +997,7 @@ CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_SYNPROXY=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_NF_NAT_IPV4=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_ARPTABLES=m
@ -1001,7 +1031,7 @@ CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_TARGET_SYNPROXY=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_NF_NAT_IPV6=m
CONFIG_IP6_NF_NAT=m
CONFIG_IP6_NF_TARGET_MASQUERADE=m
# CONFIG_IP6_NF_TARGET_NPT is not set
@ -1058,6 +1088,7 @@ CONFIG_BRIDGE_EBT_T_NAT=m
CONFIG_BRIDGE_EBT_ULOG=m
CONFIG_BRIDGE_EBT_VLAN=m
CONFIG_NFT_BRIDGE_META=m
CONFIG_NFT_BRIDGE_REJECT=m
CONFIG_XFRM=y
CONFIG_XFRM_MIGRATE=y
CONFIG_XFRM_SUB_POLICY=y
@ -1347,6 +1378,7 @@ CONFIG_CHELSIO_T1_1G=y
CONFIG_CHELSIO_T3=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
# CONFIG_CHELSIO_T4_DCB is not set
CONFIG_NET_VENDOR_CISCO=y
CONFIG_ENIC=m
@ -1398,7 +1430,6 @@ CONFIG_E1000E=m
CONFIG_IGB=m
CONFIG_IGB_HWMON=y
CONFIG_IGB_DCA=y
CONFIG_IGB_PTP=y
CONFIG_IGBVF=m
CONFIG_IXGB=m
CONFIG_IXGBEVF=m
@ -1425,8 +1456,11 @@ CONFIG_SKY2=m
CONFIG_NET_VENDOR_MICREL=y
CONFIG_KSZ884X_PCI=m
# CONFIG_KS8842 is not set
# CONFIG_KS8851 is not set
# CONFIG_KS8851_MLL is not set
# CONFIG_NET_VENDOR_MICROCHIP is not set
# CONFIG_ENC28J60 is not set
CONFIG_NET_VENDOR_MYRI=y
CONFIG_MYRI10GE=m
CONFIG_MYRI10GE_DCA=y
@ -1550,6 +1584,7 @@ CONFIG_SMSC_PHY=m
CONFIG_STE10XP=m
CONFIG_VITESSE_PHY=m
CONFIG_MICREL_PHY=m
# CONFIG_MICREL_KS8995MA is not set
# CONFIG_OMAP_CONTROL_PHY is not set
# CONFIG_PHY_SAMSUNG_USB2 is not set
@ -1695,13 +1730,14 @@ CONFIG_B43_SDIO=y
CONFIG_B43_BCMA=y
# CONFIG_B43_BCMA_EXTRA is not set
CONFIG_B43_BCMA_PIO=y
# CONFIG_B43_DEBUG is not set
CONFIG_B43_DEBUG=y
CONFIG_B43_PHY_LP=y
CONFIG_B43_PHY_N=y
CONFIG_B43_PHY_HT=y
# CONFIG_B43_PHY_G is not set
# CONFIG_B43_FORCE_PIO is not set
CONFIG_B43LEGACY=m
# CONFIG_B43LEGACY_DEBUG is not set
CONFIG_B43LEGACY_DEBUG=y
CONFIG_B43LEGACY_DMA=y
CONFIG_B43LEGACY_PIO=y
CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@ -1712,6 +1748,7 @@ CONFIG_BRCMFMAC=m
CONFIG_BRCMFMAC_SDIO=y
CONFIG_BRCMFMAC_SDIO_OOB=y
CONFIG_BRCMFMAC_USB=y
CONFIG_BRCMFMAC_PCIE=y
# CONFIG_BRCM_TRACING is not set
# CONFIG_BRCMISCAN is not set
# CONFIG_BRCMDBG is not set
@ -1741,6 +1778,7 @@ CONFIG_LIBERTAS_CS=m
CONFIG_LIBERTAS_SDIO=m
# CONFIG_LIBERTAS_DEBUG is not set
# CONFIG_LIBERTAS_THINFIRM is not set
# CONFIG_LIBERTAS_SPI is not set
CONFIG_LIBERTAS_MESH=y
CONFIG_IWLWIFI=m
CONFIG_IWLDVM=m
@ -1764,6 +1802,7 @@ CONFIG_MAC80211_HWSIM=m
CONFIG_P54_COMMON=m
CONFIG_P54_USB=m
CONFIG_P54_PCI=m
# CONFIG_P54_SPI is not set
CONFIG_MWL8K=m
# CONFIG_PRISM54 is not set
# CONFIG_PCMCIA_WL3501 is not set
@ -1888,6 +1927,9 @@ CONFIG_NFC_MICROREAD_I2C=m
CONFIG_NFC_TRF7970A=m
CONFIG_NFC_ST21NFCA=m
CONFIG_NFC_ST21NFCA_I2C=m
# CONFIG_NFC_ST21NFCB is not set
# CONFIG_NFC_ST21NFCB_I2C is not set
# CONFIG_NFC_NCI_SPI is not set
#
@ -2118,6 +2160,7 @@ CONFIG_TABLET_USB_GTCO=m
CONFIG_TABLET_USB_HANWANG=m
CONFIG_TABLET_USB_KBTAB=m
CONFIG_TABLET_USB_WACOM=m
CONFIG_TABLET_SERIAL_WACOM4=m
CONFIG_INPUT_POWERMATE=m
CONFIG_INPUT_YEALINK=m
@ -2180,6 +2223,7 @@ CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_TCA6416 is not set
# CONFIG_KEYBOARD_TCA8418 is not set
# CONFIG_KEYBOARD_OMAP4 is not set
# CONFIG_KEYBOARD_CAP1106 is not set
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=y
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
@ -2267,6 +2311,9 @@ CONFIG_TOUCHSCREEN_ATMEL_MXT=m
CONFIG_TOUCHSCREEN_AUO_PIXCIR=m
CONFIG_TOUCHSCREEN_TI_AM335X_TSC=m
CONFIG_TOUCHSCREEN_ZFORCE=m
# CONFIG_TOUCHSCREEN_ADS7846 is not set
# CONFIG_TOUCHSCREEN_AD7877 is not set
# CONFIG_TOUCHSCREEN_TSC2005 is not set
CONFIG_INPUT_MISC=y
CONFIG_INPUT_PCSPKR=m
@ -2368,6 +2415,9 @@ CONFIG_SERIAL_ARC_NR_PORTS=1
# CONFIG_SERIAL_FSL_LPUART is not set
# CONFIG_SERIAL_ST_ASC is not set
# CONFIG_SERIAL_PCH_UART is not set
# CONFIG_SERIAL_MAX3100 is not set
# CONFIG_SERIAL_MAX310X is not set
# CONFIG_SERIAL_IFX6X60 is not set
CONFIG_UNIX98_PTYS=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
@ -2423,6 +2473,8 @@ CONFIG_EEPROM_AT24=m
CONFIG_EEPROM_LEGACY=m
CONFIG_EEPROM_93CX6=m
CONFIG_EEPROM_MAX6875=m
# CONFIG_EEPROM_AT25 is not set
# CONFIG_EEPROM_93XX46 is not set
CONFIG_I2C_NFORCE2=m
# CONFIG_I2C_OCORES is not set
@ -2497,6 +2549,7 @@ CONFIG_SENSORS_K8TEMP=m
CONFIG_SENSORS_K10TEMP=m
CONFIG_SENSORS_LIS3LV02D=m
CONFIG_SENSORS_LIS3_I2C=m
# CONFIG_SENSORS_LIS3_SPI is not set
CONFIG_SENSORS_LM63=m
CONFIG_SENSORS_LM75=m
CONFIG_SENSORS_LM77=m
@ -2588,6 +2641,15 @@ CONFIG_SENSORS_UCD9200=m
CONFIG_SENSORS_ZL6100=m
CONFIG_SENSORS_EMC6W201=m
CONFIG_SENSORS_TMP103=m
CONFIG_SENSORS_ADS7871=m
CONFIG_SENSORS_PWM_FAN=m
CONFIG_SENSORS_LM70=m
CONFIG_SENSORS_ADCXX=m
CONFIG_SENSORS_MAX1111=m
CONFIG_SENSORS_POWR1220=m
CONFIG_SENSORS_AD7314=m
CONFIG_PMBUS=m
CONFIG_SENSORS_PMBUS=m
CONFIG_SENSORS_MAX16064=m
@ -2597,6 +2659,7 @@ CONFIG_SENSORS_MAX34440=m
CONFIG_SENSORS_MAX8688=m
CONFIG_SENSORS_MAX1668=m
CONFIG_SENSORS_MAX197=m
CONFIG_SENSORS_TPS40422=m
# Industrial I/O subsystem configuration
CONFIG_IIO=m
@ -2642,6 +2705,7 @@ CONFIG_HID_SENSOR_INCLINOMETER_3D=m
CONFIG_HID_SENSOR_DEVICE_ROTATION=m
# CONFIG_ADJD_S311 is not set
# CONFIG_SENSORS_TSL2563 is not set
# CONFIG_SENSORS_HMC5843_I2C is not set
# CONFIG_VCNL4000 is not set
# CONFIG_AK8975 is not set
# CONFIG_MAG3110 is not set
@ -2685,6 +2749,13 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
# CONFIG_MPL115 is not set
# CONFIG_SI7005 is not set
# CONFIG_AS3935 is not set
# CONFIG_KXCJK1013 is not set
# CONFIG_ISL29125 is not set
# CONFIG_TCS3414 is not set
# CONFIG_AK09911 is not set
# CONFIG_T5403 is not set
# CONFIG_MCP4922 is not set
# CONFIG_MAX1027 is not set
# staging IIO drivers
# CONFIG_AD7291 is not set
@ -2699,6 +2770,7 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
# CONFIG_SENSORS_ISL29018 is not set
# CONFIG_SENSORS_ISL29028 is not set
# CONFIG_SENSORS_HMC5843 is not set
# CONFIG_SENSORS_HMC5843_SPI is not set
# CONFIG_IIO_PERIODIC_RTC_TRIGGER is not set
# CONFIG_IIO_SIMPLE_DUMMY is not set
# CONFIG_ADIS16201 is not set
@ -2737,6 +2809,9 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
# CONFIG_PCH_PHUB is not set
# CONFIG_USB_SWITCH_FSA9480 is not set
# CONFIG_SRAM is not set
# CONFIG_TI_DAC7512 is not set
# CONFIG_BMP085_SPI is not set
# CONFIG_LATTICE_ECP3_CONFIG is not set
CONFIG_W1=m
CONFIG_W1_CON=y
@ -2758,6 +2833,7 @@ CONFIG_W1_SLAVE_DS2780=m
CONFIG_W1_SLAVE_DS2781=m
CONFIG_W1_SLAVE_DS28E04=m
CONFIG_W1_SLAVE_BQ27000=m
CONFIG_W1_SLAVE_DS2406=m
#
# Mice
@ -2879,6 +2955,20 @@ CONFIG_RTC_DRV_RV3029C2=m
CONFIG_RTC_DRV_PCF50633=m
CONFIG_RTC_DRV_DS3232=m
CONFIG_RTC_DRV_ISL12022=m
CONFIG_RTC_DRV_MCP795=m
CONFIG_RTC_DRV_RX4581=m
CONFIG_RTC_DRV_PCF2123=m
CONFIG_RTC_DRV_DS3234=m
CONFIG_RTC_DRV_RS5C348=m
CONFIG_RTC_DRV_R9701=m
CONFIG_RTC_DRV_MAX6902=m
CONFIG_RTC_DRV_DS1390=m
CONFIG_RTC_DRV_DS1347=m
CONFIG_RTC_DRV_DS1343=m
CONFIG_RTC_DRV_DS1305=m
CONFIG_RTC_DRV_M41T94=m
CONFIG_RTC_DRV_M41T93=m
CONFIG_RTC_DRV_PCF85063=m
# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set
# CONFIG_RTC_DRV_MOXART is not set
# CONFIG_RTC_DRV_ISL12057 is not set
@ -2969,6 +3059,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y
CONFIG_MEDIA_RADIO_SUPPORT=y
CONFIG_MEDIA_RC_SUPPORT=y
CONFIG_MEDIA_CONTROLLER=y
# CONFIG_MEDIA_SDR_SUPPORT is not set
CONFIG_VIDEO_DEV=m
# CONFIG_VIDEO_ADV_DEBUG is not set
CONFIG_VIDEO_HELPER_CHIPS_AUTO=y
@ -3035,6 +3126,7 @@ CONFIG_VIDEO_SAA7134=m
CONFIG_VIDEO_SAA7134_ALSA=m
CONFIG_VIDEO_SAA7134_DVB=m
CONFIG_VIDEO_SAA7134_RC=y
CONFIG_VIDEO_SOLO6X10=m
CONFIG_VIDEO_USBVISION=m
CONFIG_VIDEO_STK1160_COMMON=m
CONFIG_VIDEO_STK1160=m
@ -3059,6 +3151,7 @@ CONFIG_VIDEO_TLG2300=m
# CONFIG_VIDEO_M5MOLS is not set
# CONFIG_EXYNOS_VIDEO is not set
CONFIG_VIDEO_USBTV=m
# CONFIG_VIDEO_AU0828_RC is not set
CONFIG_USB_VIDEO_CLASS=m
CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y
@ -3214,6 +3307,7 @@ CONFIG_IR_WINBOND_CIR=m
CONFIG_IR_IGUANA=m
CONFIG_IR_TTUSBIR=m
CONFIG_IR_GPIO_CIR=m
CONFIG_IR_XMP_DECODER=m
CONFIG_V4L_MEM2MEM_DRIVERS=y
# CONFIG_VIDEO_MEM2MEM_DEINTERLACE is not set
@ -3356,6 +3450,7 @@ CONFIG_SND_RTCTIMER=y
CONFIG_SND_DYNAMIC_MINORS=y
CONFIG_SND_MAX_CARDS=32
# CONFIG_SND_SUPPORT_OLD_API is not set
# CONFIG_SND_SPI is not set
#
# Generic devices
@ -3659,6 +3754,7 @@ CONFIG_HID_ROCCAT_KOVAPLUS=m
CONFIG_HID_HOLTEK=m
CONFIG_HOLTEK_FF=y
CONFIG_HID_HUION=m
CONFIG_HID_GT683R=m
CONFIG_HID_SPEEDLINK=m
CONFIG_HID_WIIMOTE=m
CONFIG_HID_WIIMOTE_EXT=y
@ -3669,6 +3765,7 @@ CONFIG_HID_GENERIC=y
CONFIG_HID_AUREAL=m
CONFIG_HID_APPLEIR=m
# CONFIG_HID_CP2112 is not set
CONFIG_HID_LENOVO=m
#
@ -3743,6 +3840,7 @@ CONFIG_USB_ZR364XX=m
#
# USB Network adaptors
#
CONFIG_USB_NET_DRIVERS=y
CONFIG_USB_CATC=m
CONFIG_USB_HSO=m
CONFIG_USB_KAWETH=m
@ -3897,6 +3995,8 @@ CONFIG_USB_PHY=y
# CONFIG_GENERIC_PHY is not set
# CONFIG_PHY_EXYNOS_MIPI_VIDEO is not set
# CONFIG_PHY_EXYNOS_DP_VIDEO is not set
# CONFIG_PHY_ST_SPEAR1310_MIPHY is not set
# CONFIG_PHY_ST_SPEAR1340_MIPHY is not set
# CONFIG_AM335X_PHY_USB is not set
# CONFIG_SAMSUNG_USBPHY is not set
# CONFIG_SAMSUNG_USB2PHY is not set
@ -3920,6 +4020,7 @@ CONFIG_USB_ISIGHTFW=m
CONFIG_USB_YUREX=m
CONFIG_USB_EZUSB_FX2=m
CONFIG_USB_HSIC_USB3503=m
# CONFIG_USB_LINK_LAYER_TEST is not set
CONFIG_USB_LCD=m
CONFIG_USB_LD=m
CONFIG_USB_LEGOTOWER=m
@ -3947,13 +4048,11 @@ CONFIG_USB_UEAGLEATM=m
CONFIG_USB_XUSBATM=m
# CONFIG_USB_DWC2 is not set
# CONFIG_USB_ISP1301 is not set
# CONFIG_USB_OTG is not set
CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
# CONFIG_USB_ISP1301 is not set
# CONFIG_USB_OTG is not set
#
# Sonics Silicon Backplane
#
@ -4024,6 +4123,13 @@ CONFIG_MFD_VIPERBOARD=m
# CONFIG_MFD_LP3943 is not set
# CONFIG_MFD_BCM590XX is not set
# CONFIG_MFD_TPS65218 is not set
# CONFIG_MFD_WM831X_SPI is not set
# CONFIG_MFD_ARIZONA_SPI is not set
# CONFIG_MFD_TPS65912_SPI is not set
# CONFIG_MFD_MC13XXX_SPI is not set
# CONFIG_MFD_DA9052_SPI is not set
# CONFIG_EZX_PCAP is not set
# CONFIG_INTEL_SOC_PMIC is not set
#
@ -4345,6 +4451,9 @@ CONFIG_FRAME_WARN=1024
CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
CONFIG_DEBUG_INFO=y
# Revisit both of these options
# CONFIG_DEBUG_INFO_SPLIT is not set
# CONFIG_DEBUG_INFO_DWARF4 is not set
CONFIG_FRAME_POINTER=y
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
# CONFIG_DEBUG_DRIVER is not set
@ -4514,6 +4623,7 @@ CONFIG_LIBCRC32C=m
CONFIG_CRYPTO_CRC32C_INTEL=m
CONFIG_CRYPTO_GHASH=m
CONFIG_CRYPTO_ANSI_CPRNG=m
# CONFIG_CRYPTO_DRBG_MENU is not set
CONFIG_CRYPTO_DEV_HIFN_795X=m
CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
CONFIG_CRYPTO_PCRYPT=m
@ -4576,6 +4686,19 @@ CONFIG_BACKLIGHT_LP855X=m
CONFIG_LCD_CLASS_DEVICE=m
CONFIG_LCD_PLATFORM=m
# CONFIG_LCD_ILI922X is not set
# CONFIG_LCD_ILI9320 is not set
# CONFIG_LCD_TDO24M is not set
# CONFIG_LCD_VGG2432A4 is not set
# CONFIG_LCD_S6E63M0 is not set
# CONFIG_LCD_LD9040 is not set
# CONFIG_LCD_AMS369FG06 is not set
# CONFIG_LCD_LMS501KF03 is not set
# CONFIG_LCD_HX8357 is not set
# CONFIG_LCD_L4F00242T03 is not set
# CONFIG_LCD_LMS283GF05 is not set
# CONFIG_LCD_LTV350QV is not set
CONFIG_SCHED_DEBUG=y
CONFIG_FAIR_GROUP_SCHED=y
@ -4608,6 +4731,7 @@ CONFIG_BLK_CGROUP=y
CONFIG_RELAY=y
CONFIG_PRINTK_TIME=y
CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
CONFIG_ENABLE_MUST_CHECK=y
# CONFIG_ENABLE_WARN_DEPRECATED is not set
@ -4643,7 +4767,7 @@ CONFIG_PM_DEBUG=y
# CONFIG_DPM_WATCHDOG is not set # revisit this in debug
CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y
# CONFIG_PM_TEST_SUSPEND is not set
CONFIG_PM_TEST_SUSPEND=y
CONFIG_PM_RUNTIME=y
# CONFIG_PM_OPP is not set
# CONFIG_PM_AUTOSLEEP is not set
@ -4753,6 +4877,7 @@ CONFIG_LEDS_REGULATOR=m
CONFIG_LEDS_TRIGGER_GPIO=m
CONFIG_LEDS_WM8350=m
CONFIG_LEDS_WM831X_STATUS=m
# CONFIG_LEDS_DAC124S085 is not set
CONFIG_DMADEVICES=y
CONFIG_DMA_ENGINE=y
@ -4763,6 +4888,7 @@ CONFIG_DW_DMAC_PCI=m
# CONFIG_TIMB_DMA is not set
# CONFIG_DMATEST is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_NBPFAXI_DMA is not set
CONFIG_ASYNC_TX_DMA=y
CONFIG_UNUSED_SYMBOLS=y
@ -4929,6 +5055,8 @@ CONFIG_NET_DSA_MV88E6123_61_65=m
# Used by Maemo, we don't care.
# CONFIG_PHONET is not set
# CONFIG_6LOWPAN is not set
# CONFIG_ICS932S401 is not set
# CONFIG_ATMEL_SSC is not set
@ -5098,6 +5226,9 @@ CONFIG_IEEE802154_6LOWPAN=m
CONFIG_IEEE802154_DRIVERS=m
CONFIG_IEEE802154_FAKEHARD=m
CONFIG_IEEE802154_FAKELB=m
# CONFIG_IEEE802154_AT86RF230 is not set
# CONFIG_IEEE802154_MRF24J40 is not set
# CONFIG_IEEE802154_CC2520 is not set
CONFIG_MAC802154=m
CONFIG_NET_MPLS_GSO=m
@ -5123,6 +5254,7 @@ CONFIG_PTP_1588_CLOCK_PCH=m
CONFIG_CLEANCACHE=y
CONFIG_FRONTSWAP=y
CONFIG_ZSWAP=y
# CONFIG_ZBUD is not set
CONFIG_ZSMALLOC=y
# CONFIG_PGTABLE_MAPPING is not set
@ -5167,6 +5299,9 @@ CONFIG_GPIO_VIPERBOARD=m
# CONFIG_GPIO_BCM_KONA is not set
# CONFIG_GPIO_SCH311X is not set
# CONFIG_GPIO_DWAPB is not set
# CONFIG_GPIO_74X164 is not set
# CONFIG_GPIO_MAX7301 is not set
# CONFIG_GPIO_MC33880 is not set
# FIXME: Why?
CONFIG_EVENT_POWER_TRACING_DEPRECATED=y
@ -5202,6 +5337,8 @@ CONFIG_PSTORE_RAM=m
# CONFIG_TEST_MODULE is not set
# CONFIG_TEST_USER_COPY is not set
# CONFIG_TEST_BPF is not set
# CONFIG_TEST_UDELAY is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_AVERAGE is not set
# CONFIG_VMXNET3 is not set
@ -5236,6 +5373,7 @@ CONFIG_FMC_CHARDEV=m
# CONFIG_GENWQE is not set
# CONFIG_POWERCAP is not set
# CONFIG_THUNDERBOLT is not set
# CONFIG_HSI is not set
@ -5254,3 +5392,5 @@ CONFIG_FMC_CHARDEV=m
# CONFIG_RTC_DRV_EFI is not set
# CONFIG_NET_XGENE is not set
# CONFIG_GLOB_SELFTEST is not set

View File

@ -2,100 +2,100 @@ CONFIG_SND_VERBOSE_PRINTK=y
CONFIG_SND_DEBUG=y
CONFIG_SND_PCM_XRUN_DEBUG=y
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
CONFIG_DEBUG_ATOMIC_SLEEP=y
# CONFIG_DEBUG_MUTEXES is not set
# CONFIG_DEBUG_RT_MUTEXES is not set
# CONFIG_DEBUG_LOCK_ALLOC is not set
# CONFIG_LOCK_TORTURE_TEST is not set
# CONFIG_PROVE_LOCKING is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_PROVE_RCU is not set
CONFIG_DEBUG_MUTEXES=y
CONFIG_DEBUG_RT_MUTEXES=y
CONFIG_DEBUG_LOCK_ALLOC=y
CONFIG_LOCK_TORTURE_TEST=m
CONFIG_PROVE_LOCKING=y
CONFIG_DEBUG_SPINLOCK=y
CONFIG_PROVE_RCU=y
# CONFIG_PROVE_RCU_REPEATEDLY is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_DEBUG_PER_CPU_MAPS=y
CONFIG_CPUMASK_OFFSTACK=y
# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set
CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
# CONFIG_FAULT_INJECTION is not set
# CONFIG_FAILSLAB is not set
# CONFIG_FAIL_PAGE_ALLOC is not set
# CONFIG_FAIL_MAKE_REQUEST is not set
# CONFIG_FAULT_INJECTION_DEBUG_FS is not set
# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set
# CONFIG_FAIL_IO_TIMEOUT is not set
# CONFIG_FAIL_MMC_REQUEST is not set
CONFIG_FAULT_INJECTION=y
CONFIG_FAILSLAB=y
CONFIG_FAIL_PAGE_ALLOC=y
CONFIG_FAIL_MAKE_REQUEST=y
CONFIG_FAULT_INJECTION_DEBUG_FS=y
CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
CONFIG_FAIL_IO_TIMEOUT=y
CONFIG_FAIL_MMC_REQUEST=y
# CONFIG_LOCK_STAT is not set
CONFIG_LOCK_STAT=y
# CONFIG_DEBUG_STACK_USAGE is not set
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_ACPI_DEBUG is not set
CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_PI_LIST is not set
CONFIG_DEBUG_SG=y
CONFIG_DEBUG_PI_LIST=y
# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_WRITECOUNT is not set
# CONFIG_DEBUG_OBJECTS is not set
CONFIG_DEBUG_WRITECOUNT=y
CONFIG_DEBUG_OBJECTS=y
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
# CONFIG_DEBUG_OBJECTS_FREE is not set
# CONFIG_DEBUG_OBJECTS_TIMERS is not set
# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
CONFIG_DEBUG_OBJECTS_FREE=y
CONFIG_DEBUG_OBJECTS_TIMERS=y
CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
# CONFIG_X86_PTDUMP is not set
# CONFIG_EFI_PGT_DUMP is not set
CONFIG_X86_PTDUMP=y
CONFIG_EFI_PGT_DUMP=y
# CONFIG_CAN_DEBUG_DEVICES is not set
CONFIG_CAN_DEBUG_DEVICES=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODULE_FORCE_UNLOAD=y
# CONFIG_SYSCTL_SYSCALL_CHECK is not set
CONFIG_SYSCTL_SYSCALL_CHECK=y
# CONFIG_DEBUG_NOTIFIERS is not set
CONFIG_DEBUG_NOTIFIERS=y
# CONFIG_DMA_API_DEBUG is not set
CONFIG_DMA_API_DEBUG=y
# CONFIG_MMIOTRACE is not set
CONFIG_MMIOTRACE=y
# CONFIG_DEBUG_CREDENTIALS is not set
CONFIG_DEBUG_CREDENTIALS=y
# off in both production debug and nodebug builds,
# on in rawhide nodebug builds
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
# CONFIG_EXT4_DEBUG is not set
CONFIG_EXT4_DEBUG=y
# CONFIG_XFS_WARN is not set
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_DEBUG_PERF_USE_VMALLOC=y
# CONFIG_JBD2_DEBUG is not set
CONFIG_JBD2_DEBUG=y
# CONFIG_NFSD_FAULT_INJECTION is not set
CONFIG_NFSD_FAULT_INJECTION=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_DEBUG_BLK_CGROUP=y
# CONFIG_DRBD_FAULT_INJECTION is not set
CONFIG_DRBD_FAULT_INJECTION=y
# CONFIG_ATH_DEBUG is not set
# CONFIG_CARL9170_DEBUGFS is not set
# CONFIG_IWLWIFI_DEVICE_TRACING is not set
CONFIG_ATH_DEBUG=y
CONFIG_CARL9170_DEBUGFS=y
CONFIG_IWLWIFI_DEVICE_TRACING=y
# CONFIG_RTLWIFI_DEBUG is not set
# CONFIG_DEBUG_OBJECTS_WORK is not set
CONFIG_DEBUG_OBJECTS_WORK=y
# CONFIG_DMADEVICES_DEBUG is not set
# CONFIG_DMADEVICES_VDEBUG is not set
CONFIG_DMADEVICES_DEBUG=y
CONFIG_DMADEVICES_VDEBUG=y
CONFIG_PM_ADVANCED_DEBUG=y
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
# CONFIG_QUOTA_DEBUG is not set
CONFIG_CEPH_LIB_PRETTYDEBUG=y
CONFIG_QUOTA_DEBUG=y
CONFIG_PCI_DEFAULT_USE_CRS=y
@ -103,18 +103,18 @@ CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y
CONFIG_KDB_CONTINUE_CATASTROPHIC=0
# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
# CONFIG_PERCPU_TEST is not set
# CONFIG_TEST_LIST_SORT is not set
CONFIG_TEST_LIST_SORT=y
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_DETECT_HUNG_TASK is not set
CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set
CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
# CONFIG_DEBUG_KMEMLEAK is not set
CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
# CONFIG_DEBUG_KMEMLEAK_TEST is not set
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
@ -125,7 +125,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
# CONFIG_SPI_DEBUG is not set
# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
# CONFIG_SCHEDSTATS is not set
# CONFIG_LATENCYTOP is not set

View File

@ -61,7 +61,6 @@ CONFIG_CAPI_EICON=y
CONFIG_NVRAM=y
# CONFIG_PCMCIA_M8XX is not set
# CONFIG_SCSI_AHA1542 is not set
# CONFIG_SCSI_IN2000 is not set
# CONFIG_SCSI_IPS is not set

View File

@ -1,180 +0,0 @@
# CONFIG_SMP is not set
CONFIG_PPC32=y
# CONFIG_PPC64 is not set
# CONFIG_RTAS_PROC is not set
# CONFIG_PCMCIA_M8XX is not set
# CONFIG_HOTPLUG_PCI is not set
CONFIG_CPU_FREQ_PMAC=y
CONFIG_PPC_CHRP=y
CONFIG_PPC_PMAC=y
# CONFIG_PPC_MPC52xx is not set
CONFIG_PPC_PREP=y
# CONFIG_PPC_MPC5200_SIMPLE is not set
# CONFIG_SATA_FSL is not set
# CONFIG_SATA_NV is not set
# busted in .28git1
# ERROR: "cacheable_memzero" [drivers/net/gianfar_driver.ko] undefined!
# CONFIG_GIANFAR is not set
# CONFIG_USB_EHCI_FSL is not set
CONFIG_PMAC_APM_EMU=y
CONFIG_PMAC_BACKLIGHT=y
CONFIG_HIGHMEM=y
# CONFIG_HIGHMEM_START_BOOL is not set
# CONFIG_LOWMEM_SIZE_BOOL is not set
# CONFIG_TASK_SIZE_BOOL is not set
# CONFIG_KERNEL_START_BOOL is not set
# CONFIG_PPC601_SYNC_FIX is not set
CONFIG_ADVANCED_OPTIONS=y
CONFIG_SCSI_MESH=m
CONFIG_SCSI_MESH_SYNC_RATE=5
CONFIG_SCSI_MESH_RESET_DELAY_MS=4000
CONFIG_LBDAF=y
CONFIG_SCSI_MAC53C94=m
CONFIG_ADB_CUDA=y
CONFIG_ADB_MACIO=y
CONFIG_INPUT_ADBHID=y
CONFIG_ADB_PMU_LED=y
CONFIG_ADB_PMU_LED_IDE=y
CONFIG_PMAC_MEDIABAY=y
CONFIG_NET_VENDOR_APPLE=y
CONFIG_BMAC=m
CONFIG_MACE=m
# CONFIG_MACE_AAUI_PORT is not set
# CONFIG_MV643XX_ETH is not set
CONFIG_I2C_HYDRA=m
CONFIG_I2C_MPC=m
CONFIG_THERM_WINDTUNNEL=m
CONFIG_THERM_ADT746X=m
# CONFIG_ANSLCD is not set
CONFIG_FB_PLATINUM=y
CONFIG_FB_VALKYRIE=y
CONFIG_FB_CT65550=y
# CONFIG_BDI_SWITCH is not set
CONFIG_MAC_FLOPPY=m
# CONFIG_BLK_DEV_FD is not set
CONFIG_FB_ATY128=y
CONFIG_FB_ATY=y
CONFIG_FB_MATROX=y
# CONFIG_KEXEC is not set
# CONFIG_HVC_RTAS is not set
# CONFIG_UDBG_RTAS_CONSOLE is not set
CONFIG_BRIQ_PANEL=m
# CONFIG_ATA_PIIX is not set
# CONFIG_PATA_AMD is not set
# CONFIG_PATA_ATIIXP is not set
# CONFIG_PATA_MPC52xx is not set
# CONFIG_PATA_MPIIX is not set
# CONFIG_PATA_OLDPIIX is not set
# CONFIG_PATA_OPTI is not set
# CONFIG_PATA_SERVERWORKS is not set
# CONFIG_SERIAL_MPC52xx is not set
# CONFIG_MPC5200_WDT is not set
CONFIG_8xxx_WDT=m
CONFIG_GEF_WDT=m
# CONFIG_PPC_MPC5200_BUGFIX is not set
# CONFIG_NET_VENDOR_FREESCALE is not set
#CHECK: This may later become a tristate.
CONFIG_MDIO_GPIO=m
CONFIG_SERIAL_OF_PLATFORM=y
CONFIG_DEBUG_STACKOVERFLOW=y
# CONFIG_EMBEDDED6xx is not set
# CONFIG_BLK_DEV_PLATFORM is not set
# CONFIG_BLK_DEV_4DRIVES is not set
# CONFIG_BLK_DEV_ALI14XX is not set
# CONFIG_BLK_DEV_DTC2278 is not set
# CONFIG_BLK_DEV_HT6560B is not set
# CONFIG_BLK_DEV_QD65XX is not set
# CONFIG_BLK_DEV_UMC8672 is not set
# CONFIG_VIRQ_DEBUG is not set
CONFIG_PPC_BESTCOMM_ATA=m
CONFIG_PPC_BESTCOMM_FEC=m
CONFIG_PPC_BESTCOMM_GEN_BD=m
CONFIG_FORCE_MAX_ZONEORDER=11
# CONFIG_PAGE_OFFSET_BOOL is not set
# CONFIG_FB_FSL_DIU is not set
CONFIG_IRQSTACKS=y
CONFIG_VIRTUALIZATION=y
# CONFIG_DEBUG_GPIO is not set
# CONFIG_GPIO_PCA953X is not set
# CONFIG_GPIO_PCF857X is not set
# CONFIG_HTC_EGPIO is not set
# CONFIG_TIFM_CORE is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_CISS_SCSI_TAPE is not set
# CONFIG_I2C_NFORCE2 is not set
# CONFIG_SND_INTEL8X0 is not set
# CONFIG_SND_INTEL8X0M is not set
# CONFIG_MEMSTICK is not set
# CONFIG_IPMI_HANDLER is not set
# PPC gets sad with debug alloc (bz 448598)
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_CRYPTO_DEV_TALITOS=m
# CONFIG_FSL_EMB_PERFMON is not set
# CONFIG_MPC8272_ADS is not set
# CONFIG_PQ2FADS is not set
# CONFIG_EP8248E is not set
# CONFIG_MPC830x_RDB is not set
# CONFIG_MPC831x_RDB is not set
# CONFIG_MPC832x_MDS is not set
# CONFIG_MPC832x_RDB is not set
# CONFIG_MPC834x_MDS is not set
# CONFIG_MPC834x_ITX is not set
# CONFIG_MPC836x_MDS is not set
# CONFIG_MPC836x_RDK is not set
# CONFIG_MPC837x_MDS is not set
# CONFIG_MPC837x_RDB is not set
# CONFIG_SBC834x is not set
# CONFIG_ASP834x is not set
# CONFIG_KMETER1 is not set
# CONFIG_MPC8641_HPCN is not set
# CONFIG_SBC8641D is not set
# CONFIG_MPC8610_HPCD is not set
# CONFIG_FSL_LBC is not set
# CONFIG_MTD_NAND_FSL_UPM is not set
# CONFIG_USB_MUSB_HDRC is not set
# busted in 2.6.27
# drivers/mtd/maps/sbc8240.c: In function 'init_sbc8240_mtd':
# drivers/mtd/maps/sbc8240.c:172: warning: passing argument 1 of 'simple_map_init' from incompatible pointer type
# drivers/mtd/maps/sbc8240.c:177: error: 'struct mtd_info' has no member named 'module'
CONFIG_RCU_FANOUT=32
CONFIG_KVM_BOOK3S_32=m
# CONFIG_SCSI_QLA_ISCSI is not set
CONFIG_BATTERY_PMU=m

View File

@ -1,3 +0,0 @@
# CONFIG_HOTPLUG_CPU is not set
CONFIG_NR_CPUS=4
# CONFIG_BATTERY_PMU is not set

View File

@ -146,6 +146,7 @@ CONFIG_RCU_FANOUT=64
CONFIG_CMA=y
# CONFIG_CMA_DEBUG is not set
CONFIG_CMA_AREAS=7
CONFIG_KVM_BOOK3S_64=m
CONFIG_KVM_BOOK3S_64_HV=m
CONFIG_KVM_BOOK3S_64_PR=m

View File

@ -137,6 +137,7 @@ CONFIG_RCU_FANOUT=64
CONFIG_CMA=y
# CONFIG_CMA_DEBUG is not set
CONFIG_CMA_AREAS=7
CONFIG_KVM_BOOK3S_64=m
CONFIG_KVM_BOOK3S_64_HV=m
CONFIG_KVM_BOOK3S_64_PR=m

View File

@ -119,6 +119,7 @@ CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
CONFIG_GENERIC_ISA_DMA=y
@ -142,6 +143,9 @@ CONFIG_IPW2200_QOS=y
CONFIG_BLK_DEV_AMD74XX=y
# I2C_ACPI casues I2C to be built in. This should probably be fixed.
CONFIG_I2C=y
CONFIG_ACPI_I2C_OPREGION=y
CONFIG_I2C_AMD756=m
CONFIG_I2C_AMD756_S4882=m
CONFIG_I2C_AMD8111=m
@ -183,6 +187,7 @@ CONFIG_EDAC_X38=m
CONFIG_EDAC_MCE_INJ=m
CONFIG_EDAC_DECODE_MCE=m
CONFIG_EDAC_LEGACY_SYSFS=y
CONFIG_EDAC_IE31200=m
CONFIG_SCHED_MC=y
@ -404,7 +409,7 @@ CONFIG_SP5100_TCO=m
# CONFIG_MEMTEST is not set
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_MAXSMP is not set
CONFIG_MAXSMP=y
CONFIG_HP_ILO=m
@ -437,6 +442,7 @@ CONFIG_X86_DECODER_SELFTEST=y
CONFIG_ACPI_CMPC=m
CONFIG_MSI_WMI=m
CONFIG_TOSHIBA_BT_RFKILL=m
CONFIG_TOSHIBA_HAPS=m
CONFIG_VGA_SWITCHEROO=y
CONFIG_LPC_SCH=m
@ -447,6 +453,33 @@ CONFIG_GPIO_ICH=m
# CONFIG_GPIO_MCP23S08 is not set
# CONFIG_GPIO_F7188X is not set
# These should all go away with IC2_ACPI is fixed
# CONFIG_MFD_AS3711 is not set
# CONFIG_PMIC_ADP5520 is not set
# CONFIG_MFD_AAT2870_CORE is not set
# CONFIG_MFD_AXP20X is not set
# CONFIG_PMIC_DA903X is not set
# CONFIG_MFD_DA9052_I2C is not set
# CONFIG_MFD_DA9055 is not set
# CONFIG_MFD_88PM800 is not set
# CONFIG_MFD_88PM805 is not set
# CONFIG_MFD_MAX14577 is not set
# CONFIG_MFD_MAX77686 is not set
# CONFIG_MFD_MAX77693 is not set
# CONFIG_MFD_MAX8907 is not set
# CONFIG_MFD_MAX8997 is not set
# CONFIG_MFD_RC5T583 is not set
# CONFIG_MFD_SEC_CORE is not set
# CONFIG_MFD_SMSC is not set
# CONFIG_MFD_LP8788 is not set
# CONFIG_MFD_PALMAS is not set
# CONFIG_MFD_TPS65090 is not set
# CONFIG_MFD_TPS65910 is not set
# CONFIG_MFD_TPS65912_I2C is not set
# CONFIG_MFD_TPS80031 is not set
# CONFIG_TWL4030_CORE is not set
# CONFIG_TWL6040_CORE is not set
CONFIG_PCI_CNB20LE_QUIRK=y
@ -537,6 +570,9 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_XZ_DEC_X86=y
CONFIG_MPILIB=y
CONFIG_PKCS7_MESSAGE_PARSER=y
# CONFIG_PKCS7_TEST_KEY is not set
CONFIG_SIGNED_PE_FILE_VERIFICATION=y
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_MODULE_SIG=y
@ -547,6 +583,9 @@ CONFIG_MODULE_SIG_SHA256=y
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
# CONFIG_KEXEC_FILE is not set
# CONFIG_KEXEC_VERIFY_SIG is not set
CONFIG_MODULE_SIG_UEFI=y
CONFIG_VMXNET3=m

View File

@ -42,6 +42,9 @@ CONFIG_CGROUP_HUGETLB=y
CONFIG_MEM_SOFT_DIRTY=y
CONFIG_KEXEC_JUMP=y
CONFIG_KEXEC_FILE=y
CONFIG_KEXEC_VERIFY_SIG=y
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
CONFIG_ACPI_HOTPLUG_MEMORY=y
@ -49,6 +52,8 @@ CONFIG_ACPI_HOTPLUG_MEMORY=y
CONFIG_INTEL_MIC_HOST=m
CONFIG_INTEL_MIC_CARD=m
CONFIG_INTEL_MIC_BUS=m
CONFIG_INTEL_MIC_X100_DMA=m
# SHPC has half-arsed PCI probing, which makes it load on too many systems
CONFIG_HOTPLUG_PCI_SHPC=m
@ -74,6 +79,7 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
CONFIG_CRYPTO_TWOFISH_AVX2_X86_64=m
CONFIG_CRYPTO_DES3_EDE_X86_64=m
# staging crypto
# CONFIG_CRYPTO_SKEIN is not set
# CONFIG_CRYPTO_THREEFISH is not set
@ -158,6 +164,8 @@ CONFIG_CHECKPOINT_RESTORE=y
# Should be 32bit only, but lacks KConfig depends
# CONFIG_XO15_EBOOK is not set
CONFIG_THUNDERBOLT=m
CONFIG_NTB=m
CONFIG_NTB_NETDEV=m

View File

@ -1,69 +1,68 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From 1786bc697d34af944e29437ce44337b0eb8b6799 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@dreadnought.bos.jkkm.org>
From cd5c274ee73762b5616bf36fab3a2df50bceb203 Mon Sep 17 00:00:00 2001
From: Dave Anderson <anderson@redhat.com>
Date: Tue, 26 Nov 2013 12:42:46 -0500
Subject: [PATCH] crash-driver
Bugzilla: N/A
Upstream-status: Fedora mustard
---
arch/arm/include/asm/crash.h | 6 ++
arch/arm64/include/asm/crash.h | 6 ++
arch/ia64/include/asm/crash.h | 90 +++++++++++++++++++++++++++
arch/arm/include/asm/crash-driver.h | 6 ++
arch/arm64/include/asm/crash-driver.h | 6 ++
arch/ia64/include/asm/crash-driver.h | 90 ++++++++++++++++++++++
arch/ia64/kernel/ia64_ksyms.c | 3 +
arch/powerpc/include/asm/crash.h | 6 ++
arch/s390/include/asm/crash.h | 60 ++++++++++++++++++
arch/powerpc/include/asm/crash-driver.h | 6 ++
arch/s390/include/asm/crash-driver.h | 60 +++++++++++++++
arch/s390/mm/maccess.c | 2 +
arch/x86/include/asm/crash.h | 6 ++
arch/x86/include/asm/crash-driver.h | 6 ++
drivers/char/Kconfig | 3 +
drivers/char/Makefile | 2 +
drivers/char/crash.c | 128 +++++++++++++++++++++++++++++++++++++++
include/asm-generic/crash.h | 72 ++++++++++++++++++++++
drivers/char/crash.c | 128 ++++++++++++++++++++++++++++++++
include/asm-generic/crash-driver.h | 72 ++++++++++++++++++
12 files changed, 384 insertions(+)
create mode 100644 arch/arm/include/asm/crash.h
create mode 100644 arch/arm64/include/asm/crash.h
create mode 100644 arch/ia64/include/asm/crash.h
create mode 100644 arch/powerpc/include/asm/crash.h
create mode 100644 arch/s390/include/asm/crash.h
create mode 100644 arch/x86/include/asm/crash.h
create mode 100644 arch/arm/include/asm/crash-driver.h
create mode 100644 arch/arm64/include/asm/crash-driver.h
create mode 100644 arch/ia64/include/asm/crash-driver.h
create mode 100644 arch/powerpc/include/asm/crash-driver.h
create mode 100644 arch/s390/include/asm/crash-driver.h
create mode 100644 arch/x86/include/asm/crash-driver.h
create mode 100644 drivers/char/crash.c
create mode 100644 include/asm-generic/crash.h
create mode 100644 include/asm-generic/crash-driver.h
diff --git a/arch/arm/include/asm/crash.h b/arch/arm/include/asm/crash.h
diff --git a/arch/arm/include/asm/crash-driver.h b/arch/arm/include/asm/crash-driver.h
new file mode 100644
index 0000000..1d2e537
index 000000000000..06e7ae916601
--- /dev/null
+++ b/arch/arm/include/asm/crash.h
+++ b/arch/arm/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _ARM_CRASH_H
+#define _ARM_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _ARM_CRASH_H */
diff --git a/arch/arm64/include/asm/crash.h b/arch/arm64/include/asm/crash.h
diff --git a/arch/arm64/include/asm/crash-driver.h b/arch/arm64/include/asm/crash-driver.h
new file mode 100644
index 0000000..a7fcc28
index 000000000000..43b26da0c5d6
--- /dev/null
+++ b/arch/arm64/include/asm/crash.h
+++ b/arch/arm64/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _ARM64_CRASH_H
+#define _ARM64_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _ARM64_CRASH_H */
diff --git a/arch/ia64/include/asm/crash.h b/arch/ia64/include/asm/crash.h
diff --git a/arch/ia64/include/asm/crash-driver.h b/arch/ia64/include/asm/crash-driver.h
new file mode 100644
index 0000000..28bd955
index 000000000000..404bcb93c112
--- /dev/null
+++ b/arch/ia64/include/asm/crash.h
+++ b/arch/ia64/include/asm/crash-driver.h
@@ -0,0 +1,90 @@
+#ifndef _ASM_IA64_CRASH_H
+#define _ASM_IA64_CRASH_H
+
+/*
+ * linux/include/asm-ia64/crash.h
+ * linux/include/asm-ia64/crash-driver.h
+ *
+ * Copyright (c) 2004 Red Hat, Inc. All rights reserved.
+ *
@ -150,7 +149,7 @@ index 0000000..28bd955
+
+#endif /* _ASM_IA64_CRASH_H */
diff --git a/arch/ia64/kernel/ia64_ksyms.c b/arch/ia64/kernel/ia64_ksyms.c
index 5b7791d..aee4b87 100644
index 5b7791dd3965..aee4b870c763 100644
--- a/arch/ia64/kernel/ia64_ksyms.c
+++ b/arch/ia64/kernel/ia64_ksyms.c
@@ -84,6 +84,9 @@ EXPORT_SYMBOL(ia64_save_scratch_fpregs);
@ -163,23 +162,23 @@ index 5b7791d..aee4b87 100644
#if defined(CONFIG_IA64_ESI) || defined(CONFIG_IA64_ESI_MODULE)
extern void esi_call_phys (void);
EXPORT_SYMBOL_GPL(esi_call_phys);
diff --git a/arch/powerpc/include/asm/crash.h b/arch/powerpc/include/asm/crash.h
diff --git a/arch/powerpc/include/asm/crash-driver.h b/arch/powerpc/include/asm/crash-driver.h
new file mode 100644
index 0000000..daa8c4d
index 000000000000..50092d965dc5
--- /dev/null
+++ b/arch/powerpc/include/asm/crash.h
+++ b/arch/powerpc/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _PPC64_CRASH_H
+#define _PPC64_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _PPC64_CRASH_H */
diff --git a/arch/s390/include/asm/crash.h b/arch/s390/include/asm/crash.h
diff --git a/arch/s390/include/asm/crash-driver.h b/arch/s390/include/asm/crash-driver.h
new file mode 100644
index 0000000..552be5e
index 000000000000..552be5e2c571
--- /dev/null
+++ b/arch/s390/include/asm/crash.h
+++ b/arch/s390/include/asm/crash-driver.h
@@ -0,0 +1,60 @@
+#ifndef _S390_CRASH_H
+#define _S390_CRASH_H
@ -242,10 +241,10 @@ index 0000000..552be5e
+
+#endif /* _S390_CRASH_H */
diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c
index d1e0e0c..a2be459 100644
index 2a2e35416d2f..a529181429bb 100644
--- a/arch/s390/mm/maccess.c
+++ b/arch/s390/mm/maccess.c
@@ -219,6 +219,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
put_online_cpus();
return bounce;
}
@ -253,25 +252,25 @@ index d1e0e0c..a2be459 100644
/*
* Free converted buffer for /dev/mem access (if necessary)
@@ -228,3 +229,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
if ((void *) addr != buf)
free_page((unsigned long) buf);
}
+EXPORT_SYMBOL_GPL(unxlate_dev_mem_ptr);
diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h
diff --git a/arch/x86/include/asm/crash-driver.h b/arch/x86/include/asm/crash-driver.h
new file mode 100644
index 0000000..27a4156
index 000000000000..fd4736ec99f5
--- /dev/null
+++ b/arch/x86/include/asm/crash.h
+++ b/arch/x86/include/asm/crash-driver.h
@@ -0,0 +1,6 @@
+#ifndef _X86_CRASH_H
+#define _X86_CRASH_H
+
+#include <asm-generic/crash.h>
+#include <asm-generic/crash-driver.h>
+
+#endif /* _X86_CRASH_H */
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index fa3243d..83643e5b 100644
index 6e9f74a5c095..ee6bae16b04c 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -4,6 +4,9 @@
@ -285,10 +284,10 @@ index fa3243d..83643e5b 100644
config DEVKMEM
diff --git a/drivers/char/Makefile b/drivers/char/Makefile
index 7ff1d0d..3ed67af 100644
index a324f9303e36..33ce2fb1d0a3 100644
--- a/drivers/char/Makefile
+++ b/drivers/char/Makefile
@@ -62,3 +62,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
@@ -61,3 +61,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
js-rtc-y = rtc.o
obj-$(CONFIG_TILE_SROM) += tile-srom.o
@ -296,7 +295,7 @@ index 7ff1d0d..3ed67af 100644
+obj-$(CONFIG_CRASH) += crash.o
diff --git a/drivers/char/crash.c b/drivers/char/crash.c
new file mode 100644
index 0000000..a142bb3
index 000000000000..085378a1d539
--- /dev/null
+++ b/drivers/char/crash.c
@@ -0,0 +1,128 @@
@ -332,7 +331,7 @@ index 0000000..a142bb3
+#include <asm/io.h>
+#include <asm/uaccess.h>
+#include <asm/types.h>
+#include <asm/crash.h>
+#include <asm/crash-driver.h>
+
+#define CRASH_VERSION "1.0"
+
@ -428,17 +427,17 @@ index 0000000..a142bb3
+module_exit(crash_cleanup_module);
+
+MODULE_LICENSE("GPL");
diff --git a/include/asm-generic/crash.h b/include/asm-generic/crash.h
diff --git a/include/asm-generic/crash-driver.h b/include/asm-generic/crash-driver.h
new file mode 100644
index 0000000..8a0a69a
index 000000000000..25ab9869d566
--- /dev/null
+++ b/include/asm-generic/crash.h
+++ b/include/asm-generic/crash-driver.h
@@ -0,0 +1,72 @@
+#ifndef __CRASH_H__
+#define __CRASH_H__
+
+/*
+ * include/linux/crash.h
+ * include/linux/crash-driver.h
+ *
+ * Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+ *
@ -507,5 +506,5 @@ index 0000000..8a0a69a
+
+#endif /* __CRASH_H__ */
--
1.8.3.1
1.9.3

View File

@ -1,11 +1,19 @@
From feb3b6774ce9a5b11aec2602961eee0017349534 Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Wed, 30 Jan 2013 10:55:31 -0500
Subject: [PATCH] criu: no expert
Bugzilla: N/A
Upstream-status: Fedora mustard
---
init/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index be8b7f5..7461760 100644
index 3bad458f1c68..aee58b9fedfc 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -989,7 +989,7 @@ config DEBUG_BLK_CGROUP
@@ -1147,7 +1147,7 @@ config DEBUG_BLK_CGROUP
endif # CGROUPS
config CHECKPOINT_RESTORE
@ -14,7 +22,7 @@ index be8b7f5..7461760 100644
default n
help
Enables additional kernel features in a sake of checkpoint/restore.
@@ -1000,7 +1000,7 @@ config CHECKPOINT_RESTORE
@@ -1158,7 +1158,7 @@ config CHECKPOINT_RESTORE
If unsure, say N here.
menuconfig NAMESPACES
@ -23,3 +31,6 @@ index be8b7f5..7461760 100644
default !EXPERT
help
Provides the way to make tasks work with different objects using
--
1.9.3

View File

@ -1,24 +1,24 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From 4ff58b642f80dedb20533978123d89b5ac9b1ed5 Mon Sep 17 00:00:00 2001
From d8889580d123fefd57c25681a39de089bedf42ba Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@phobos.i.jkkm.org>
Date: Tue, 30 Mar 2010 00:04:29 -0400
Subject: die-floppy-die
Subject: [PATCH] die-floppy-die
Kill the floppy.ko pnp modalias. We were surviving just fine without
autoloading floppy drivers, tyvm.
Please feel free to register all complaints in the wastepaper bin.
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/block/floppy.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index 90c4038..f4a0b90 100644
index 56d46ffb08e1..1c8db250df88 100644
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -4619,8 +4619,7 @@ static const struct pnp_device_id floppy_pnpids[] = {
@@ -4634,8 +4634,7 @@ static const struct pnp_device_id floppy_pnpids[] = {
{"PNP0700", 0},
{}
};
@ -29,5 +29,5 @@ index 90c4038..f4a0b90 100644
#else
--
1.7.0.1
1.9.3

View File

@ -1,10 +1,7 @@
Bugzilla: N/A
Upstream-status: http://lkml.indiana.edu/hypermail/linux/kernel/1005.0/00938.html (and pinged on Dec 17, 2013)
From 2a79554c864ac58fa2ad982f0fcee2cc2aa33eb5 Mon Sep 17 00:00:00 2001
From 9eeae62a9c758b843ac7dac5ee67248d3ad282a1 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 20 May 2010 10:30:31 -0400
Subject: Disable i8042 checks on Intel Apple Macs
Subject: [PATCH] disable i8042 check on apple mac
As those computers never had any i8042 controllers, and the
current lookup code could potentially lock up/hang/wait for
@ -12,16 +9,19 @@ timeout for long periods of time.
Fixes intermittent hangs on boot on a MacbookAir1,1
Bugzilla: N/A
Upstream-status: http://lkml.indiana.edu/hypermail/linux/kernel/1005.0/00938.html (and pinged on Dec 17, 2013)
Signed-off-by: Bastien Nocera <hadess@hadess.net>
---
drivers/input/serio/i8042.c | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
1 file changed, 22 insertions(+)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index 6440a8f..4d7cf98 100644
index 612f855c340f..f1aeb0240d6e 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1451,6 +1451,22 @@ static struct platform_driver i8042_driver = {
@@ -1469,6 +1469,22 @@ static struct platform_driver i8042_driver = {
.shutdown = i8042_shutdown,
};
@ -44,7 +44,7 @@ index 6440a8f..4d7cf98 100644
static int __init i8042_init(void)
{
struct platform_device *pdev;
@@ -1458,6 +1474,12 @@ static int __init i8042_init(void)
@@ -1476,6 +1492,12 @@ static int __init i8042_init(void)
dbg_init();
@ -58,5 +58,5 @@ index 6440a8f..4d7cf98 100644
if (err)
return err;
--
1.7.0.1
1.9.3

View File

@ -1,9 +1,20 @@
From b729efbc480486186d8916a87f58f6114220a7cb Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Fri, 18 Apr 2014 06:58:29 -0400
Subject: [PATCH] disable libdw unwind on non-x86
Bugzilla: 1025603
Upstream-status: ??
---
tools/perf/config/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
index ee21fa9..19ee413 100644
index 1f67aa02d240..86c21a24da46 100644
--- a/tools/perf/config/Makefile
+++ b/tools/perf/config/Makefile
@@ -34,6 +34,10 @@ ifeq ($(ARCH),arm)
LIBUNWIND_LIBS = -lunwind -lunwind-arm
@@ -52,6 +52,10 @@ ifeq ($(ARCH),powerpc)
CFLAGS += -DHAVE_SKIP_CALLCHAIN_IDX
endif
+ifneq ($(ARCH),x86)
@ -13,3 +24,6 @@ index ee21fa9..19ee413 100644
ifeq ($(LIBUNWIND_LIBS),)
NO_LIBUNWIND := 1
else
--
1.9.3

View File

@ -1,15 +1,24 @@
Bugzilla: 1027037 1028785
Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/035948.html
From 395528c008e2d49c9bf8f02d6cb071aa11742755 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 13 Nov 2013 10:17:24 -0500
Subject: [PATCH] drm/i915: hush check crtc state
This is _by far_ the most common backtrace for i915 on retrace.fp.o, and
it's mostly useless noise. There's not enough context when it's generated
to know if something actually went wrong. Downgrade the message to
KMS debugging so we can still get it if we want it.
diff -up linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c.jx linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c
--- linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c.jx 2013-11-03 18:41:51.000000000 -0500
+++ linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c 2013-11-13 10:12:05.781301624 -0500
@@ -8803,7 +8803,7 @@ check_crtc_state(struct drm_device *dev)
Bugzilla: 1027037 1028785
Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/035948.html
---
drivers/gpu/drm/i915/intel_display.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index d8324c69fa86..ee0ca36930f8 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -10656,7 +10656,7 @@ check_crtc_state(struct drm_device *dev)
if (active &&
!intel_pipe_config_compare(dev, &crtc->config, &pipe_config)) {
@ -18,3 +27,6 @@ diff -up linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_displa
intel_dump_pipe_config(crtc, &pipe_config,
"[hw state]");
intel_dump_pipe_config(crtc, &crtc->config,
--
1.9.3

View File

@ -1,50 +0,0 @@
Bugzilla: 1097463
Upstream-status: Sent for 3.16
From 7ad066ecd4dfb4c36fb00f9f9eb1a5d6099db834 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:41:02 +0200
Subject: [PATCH 05/14] eeepc-wmi: Add no backlight quirk for Asus H87I-PLUS
Motherboard
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/eeepc-wmi.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/platform/x86/eeepc-wmi.c b/drivers/platform/x86/eeepc-wmi.c
index 6112933f6278..a7286bbfe28e 100644
--- a/drivers/platform/x86/eeepc-wmi.c
+++ b/drivers/platform/x86/eeepc-wmi.c
@@ -114,6 +114,10 @@ static struct quirk_entry quirk_asus_x101ch = {
.wmi_backlight_power = true,
};
+static struct quirk_entry quirk_asus_no_backlight = {
+ .no_backlight = true,
+};
+
static struct quirk_entry *quirks;
static void et2012_quirks(void)
@@ -182,6 +186,15 @@ static struct dmi_system_id asus_quirks[] = {
},
.driver_data = &quirk_asus_x101ch,
},
+ {
+ .callback = dmi_matched,
+ .ident = "ASUSTeK Computer INC. H87I-PLUS",
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_BOARD_NAME, "H87I-PLUS"),
+ },
+ .driver_data = &quirk_asus_no_backlight,
+ },
{},
};
--
1.9.0

View File

@ -0,0 +1,43 @@
From 5a8578dc90626d4bc4d9dca2311fcdb2b75a3a87 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/kernel/setup.c | 2 ++
include/linux/efi.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 5a5cf7395724..fb282ff6a802 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
enforce_signed_modules();
+ pr_info("Secure boot enabled\n");
}
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 45cb4ffdea62..ebe6a24cc1e1 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -923,6 +923,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
#define EFI_PARAVIRT 6 /* Access is via a paravirt interface */
#define EFI_ARCH_1 7 /* First arch-specific bit */
+#define EFI_SECURE_BOOT 8 /* Are we in Secure Boot mode? */
#ifdef CONFIG_EFI
/*
--
1.9.3

View File

@ -0,0 +1,58 @@
From bb5d57cb1278a0ca3ba6d904c3698d308c12b3be Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
MokSBState that does not have the runtime attribute set. Given that the
user explicitly disabled validation, we can honor that and not enable
secure boot mode if that variable is set.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 88edd48f03e9..3b18ef2b534c 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -806,8 +806,9 @@ out:
static int get_secure_boot(void)
{
- u8 sb, setup;
+ u8 sb, setup, moksbstate;
unsigned long datasize = sizeof(sb);
+ u32 attr;
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
efi_status_t status;
@@ -831,6 +832,23 @@ static int get_secure_boot(void)
if (setup == 1)
return 0;
+ /* See if a user has put shim into insecure_mode. If so, and the variable
+ * doesn't have the runtime attribute set, we might as well honor that.
+ */
+ var_guid = EFI_SHIM_LOCK_GUID;
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"MokSBState", &var_guid, &attr, &datasize,
+ &moksbstate);
+
+ /* If it fails, we don't care why. Default to secure */
+ if (status != EFI_SUCCESS)
+ return 1;
+
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
+ if (moksbstate == 1)
+ return 0;
+ }
+
return 1;
}
--
1.9.3

View File

@ -0,0 +1,30 @@
From 27c9c6fc3c570ac29db93262d712ce1557b90128 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
The functionality of the config option is dependent upon the platform being
UEFI based. Reflect this in the config deps.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 8899dc333793..33dfa4ce8c09 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1566,7 +1566,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE
- def_bool n
+ def_bool n
+ depends on EFI
prompt "Force module signing when UEFI Secure Boot is enabled"
---help---
UEFI Secure Boot provides a mechanism for ensuring that the
--
1.9.3

View File

@ -1,14 +0,0 @@
#! /bin/bash
# This is the ppc override file for the core/drivers package split. The
# module directories listed here and in the generic list in filter-modules.sh
# will be moved to the resulting kernel-modules package for this arch.
# Anything not listed in those files will be in the kernel-core package.
#
# Please review the default list in filter-modules.sh before making
# modifications to the overrides below. If something should be removed across
# all arches, remove it in the default instead of per-arch.
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma svcrdma xprtrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject"

View File

@ -0,0 +1,39 @@
From 1ed340b9f2da1a8f5a38c7bf9b181feae8580eb5 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/power/hibernate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index a9dfa79b6bab..14c7356ff53a 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -28,6 +28,7 @@
#include <linux/syscore_ops.h>
#include <linux/ctype.h>
#include <linux/genhd.h>
+#include <linux/module.h>
#include <trace/events/power.h>
#include "power.h"
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
bool hibernation_available(void)
{
- return (nohibernate == 0);
+ return ((nohibernate == 0) && !secure_modules());
}
/**
--
1.9.3

View File

@ -0,0 +1,32 @@
From 6fd77b0f76b946fd6de55c0a1acff4eee191e5ed Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 30 Jul 2014 17:56:05 +0200
Subject: [PATCH] i8042: Also store the aux firmware id in multi-plexed aux
ports
So that firmware-id matching can be used with multiplexed aux ports too.
Bugzilla: 1110011
Upstream-status: sent for 3.17/3.18
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/input/serio/i8042.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index f1aeb0240d6e..4b5015f27f9e 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1253,6 +1253,8 @@ static int __init i8042_create_aux_port(int idx)
} else {
snprintf(serio->name, sizeof(serio->name), "i8042 AUX%d port", idx);
snprintf(serio->phys, sizeof(serio->phys), I8042_MUX_PHYS_DESC, idx + 1);
+ strlcpy(serio->firmware_id, i8042_aux_firmware_id,
+ sizeof(serio->firmware_id));
}
port->serio = serio;
--
1.9.3

View File

@ -1,11 +1,19 @@
From f10b526aee84af2e6de026ea7300e325e117705f Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Thu, 29 Jul 2010 16:46:31 -0700
Subject: [PATCH] input: kill stupid messages
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/input/keyboard/atkbd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c
index add5ffd..5eb2f03 100644
index 2dd1d0dd4f7d..7116b70074bf 100644
--- a/drivers/input/keyboard/atkbd.c
+++ b/drivers/input/keyboard/atkbd.c
@@ -430,11 +430,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,
@@ -436,11 +436,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,
goto out;
case ATKBD_RET_ACK:
case ATKBD_RET_NAK:
@ -21,3 +29,6 @@ index add5ffd..5eb2f03 100644
goto out;
case ATKBD_RET_ERR:
atkbd->err_count++;
--
1.9.3

View File

@ -1,20 +1,39 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From b4e96f34c17e5a79cd28774cc722bb33e7e02c6e Mon Sep 17 00:00:00 2001
From 8be33914661d87ef0e644dc23d10ead4bc1c68c9 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 25 Sep 2008 16:23:33 -0400
Subject: [PATCH] Don't print an error message just because there's no i8042 chip.
Subject: [PATCH] input: silence i8042 noise
Don't print an error message just because there's no i8042 chip.
Some systems, such as EFI-based Apple systems, won't necessarily have an
i8042 to initialize. We shouldn't be printing an error message in this
case, since not detecting the chip is the correct behavior.
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/base/power/main.c | 2 --
drivers/input/serio/i8042.c | 1 -
net/can/af_can.c | 8 ++------
3 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
index b67d9aef9fe4..dd58b0fdaafd 100644
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -122,8 +122,6 @@ void device_pm_unlock(void)
*/
void device_pm_add(struct device *dev)
{
- pr_debug("PM: Adding info for %s:%s\n",
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
mutex_lock(&dpm_list_mtx);
if (dev->parent && dev->parent->power.is_prepared)
dev_warn(dev, "parent %s should not be sleeping\n",
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index 52c9ebf..c374a96 100644
index 3807c3e971cc..612f855c340f 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -855,7 +855,6 @@ static int __init i8042_check_aux(void)
@@ -857,7 +857,6 @@ static int __init i8042_check_aux(void)
static int i8042_controller_check(void)
{
if (i8042_flush()) {
@ -22,16 +41,11 @@ index 52c9ebf..c374a96 100644
return -ENODEV;
}
--
Socket fuzzers like sfuzz will trigger this printk a lot, even though it's
ratelimited. It isn't particularly useful, so just remove it.
Signed-off-by: Dave Jones <davej@redhat.com>
diff --git a/net/can/af_can.c b/net/can/af_can.c
index ce82337521f6..a3fee4becc93 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -157,13 +157,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
@@ -158,13 +158,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
err = request_module("can-proto-%d", protocol);
/*
@ -47,22 +61,6 @@ Signed-off-by: Dave Jones <davej@redhat.com>
cp = can_get_proto(protocol);
}
--
1.9.3
This was removed in revision 1.6 of linux-2.6-silence-noise.patch
in ye olde CVS tree. I have no idea why. Originally the pr_debug in
device_pm_remove was nuked as well, but that seems to have gotten lost in
the r1.634 of kernel.spec (2.6.26-rc2-git5.)
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
index 2a52270..bacbdd2 100644
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -87,8 +87,6 @@ void device_pm_unlock(void)
*/
void device_pm_add(struct device *dev)
{
- pr_debug("PM: Adding info for %s:%s\n",
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
mutex_lock(&dpm_list_mtx);
if (dev->parent && dev->parent->power.is_prepared)
dev_warn(dev, "parent %s should not be sleeping\n",

View File

@ -1,7 +1,4 @@
Bugzilla: N/A
Upstream-status: ??
From fd4e7f06ecc891474dea3a93df083de5f8c50cdc Mon Sep 17 00:00:00 2001
From 4ce7b2f872d8fc2520f05dae5e1c523e20cda894 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@redhat.com>
Date: Mon, 6 Oct 2008 23:03:03 -0700
Subject: [PATCH] kbuild: AFTER_LINK
@ -9,6 +6,9 @@ Subject: [PATCH] kbuild: AFTER_LINK
If the make variable AFTER_LINK is set, it is a command line to run
after each final link. This includes vmlinux itself and vDSO images.
Bugzilla: N/A
Upstream-status: ??
Signed-off-by: Roland McGrath <roland@redhat.com>
---
arch/arm64/kernel/vdso/Makefile | 3 ++-
@ -21,10 +21,10 @@ Signed-off-by: Roland McGrath <roland@redhat.com>
7 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
index 6d20b7d162d8..863a01bde0bf 100644
index ff3bddea482d..d8a439dd6351 100644
--- a/arch/arm64/kernel/vdso/Makefile
+++ b/arch/arm64/kernel/vdso/Makefile
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S FORCE
# Actual build commands
quiet_cmd_vdsold = VDSOL $@
@ -91,10 +91,10 @@ index 2a8ddfd12a5b..452ca53561fe 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
index 9206ac7961a5..3d7f533f6757 100644
index 5a4affe025e8..8ff38ce94c8e 100644
--- a/arch/x86/vdso/Makefile
+++ b/arch/x86/vdso/Makefile
@@ -181,8 +181,9 @@ $(obj)/vdso32-syms.lds: $(vdso32.so-y:%=$(obj)/vdso32-%-syms.lds) FORCE
@@ -171,8 +171,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
quiet_cmd_vdso = VDSO $@
cmd_vdso = $(CC) -nostdlib -o $@ \
$(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
@ -105,9 +105,9 @@ index 9206ac7961a5..3d7f533f6757 100644
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
$(LTO_CFLAGS)
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index 2dcb37736d84..25e170e92ef1 100644
index 86a4fe75f453..161637ed5611 100644
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -65,6 +65,10 @@ vmlinux_link()
@ -122,5 +122,5 @@ index 2dcb37736d84..25e170e92ef1 100644
--
1.8.5.3
1.9.3

File diff suppressed because it is too large Load Diff

View File

@ -6,7 +6,7 @@ Summary: The Linux kernel
# For a stable, released kernel, released_kernel should be 1. For rawhide
# and/or a kernel built from an rc or git snapshot, released_kernel should
# be 0.
%global released_kernel 1
%global released_kernel 0
%global aarch64patches 1
@ -43,7 +43,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 300
%global baserelease 1
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@ -55,7 +55,7 @@ Summary: The Linux kernel
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 2
%define stable_update 0
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -68,9 +68,9 @@ Summary: The Linux kernel
# The next upstream release sublevel (base_sublevel+1)
%define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
# The rc snapshot level
%define rcrev 0
%define rcrev 4
# The git snapshot level
%define gitrev 0
%define gitrev 4
# Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0
%endif
@ -87,8 +87,6 @@ Summary: The Linux kernel
#
# standard kernel
%define with_up %{?_without_up: 0} %{?!_without_up: 1}
# kernel-smp (only valid for ppc 32-bit)
%define with_smp %{?_without_smp: 0} %{?!_without_smp: 1}
# kernel PAE (only valid for i686 (PAE) and ARM (lpae))
%define with_pae %{?_without_pae: 0} %{?!_without_pae: 1}
# kernel-debug
@ -110,8 +108,6 @@ Summary: The Linux kernel
#
# Only build the base kernel (--with baseonly):
%define with_baseonly %{?_with_baseonly: 1} %{?!_with_baseonly: 0}
# Only build the smp kernel (--with smponly):
%define with_smponly %{?_with_smponly: 1} %{?!_with_smponly: 0}
# Only build the pae kernel (--with paeonly):
%define with_paeonly %{?_with_paeonly: 1} %{?!_with_paeonly: 0}
# Only build the debug kernel (--with dbgonly):
@ -129,7 +125,7 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 1 for production (build separate debug kernels)
# and 0 for rawhide (all kernels are debug kernels).
# See also 'make debug' and 'make release'.
%define debugbuildsenabled 1
%define debugbuildsenabled 0
# Want to build a vanilla kernel build without any non-upstream patches?
%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@ -194,14 +190,6 @@ Summary: The Linux kernel
# if requested, only build base kernel
%if %{with_baseonly}
%define with_smp 0
%define with_pae 0
%define with_debug 0
%endif
# if requested, only build smp kernel
%if %{with_smponly}
%define with_up 0
%define with_pae 0
%define with_debug 0
%endif
@ -209,7 +197,6 @@ Summary: The Linux kernel
# if requested, only build pae kernel
%if %{with_paeonly}
%define with_up 0
%define with_smp 0
%define with_debug 0
%endif
@ -219,7 +206,6 @@ Summary: The Linux kernel
%define with_up 0
%define with_pae 0
%endif
%define with_smp 0
%define with_pae 0
%define with_tools 0
%define with_perf 0
@ -229,16 +215,11 @@ Summary: The Linux kernel
%if %{with_vdso_install}
# These arches install vdso/ directories.
%define vdso_arches %{all_x86} x86_64 ppc %{power64} s390 s390x aarch64
%define vdso_arches %{all_x86} x86_64 %{power64} s390 s390x aarch64
%endif
# Overrides for generic default options
# only ppc needs a separate smp kernel
%ifnarch ppc
%define with_smp 0
%endif
# don't do debug builds on anything but i686 and x86_64
%ifnarch i686 x86_64
%define with_debug 0
@ -255,7 +236,7 @@ Summary: The Linux kernel
# bootwrapper is only on ppc
# sparse blows up on ppc
%ifnarch ppc %{power64}
%ifnarch %{power64}
%define with_bootwrapper 0
%define with_sparse 0
%endif
@ -303,16 +284,6 @@ Summary: The Linux kernel
%define with_tools 0
%endif
%ifarch ppc
%define asmarch powerpc
%define hdrarch powerpc
%define all_arch_configs kernel-%{version}-ppc{-,.}*config
%define image_install_path boot
%define make_target vmlinux
%define kernel_image vmlinux
%define kernel_image_elf 1
%endif
%ifarch %{arm}
%define all_arch_configs kernel-%{version}-arm*.config
%define image_install_path boot
@ -364,7 +335,6 @@ Summary: The Linux kernel
%ifarch %nobuildarches
%define with_up 0
%define with_smp 0
%define with_pae 0
%define with_debuginfo 0
%define with_perf 0
@ -378,7 +348,7 @@ Summary: The Linux kernel
%endif
# Architectures we build tools/cpupower on
%define cpupowerarchs %{ix86} x86_64 ppc %{power64} %{arm} aarch64
%define cpupowerarchs %{ix86} x86_64 %{power64} %{arm} aarch64
#
# Packages that need to be installed before the kernel is, because the %%post
@ -396,7 +366,7 @@ Version: %{rpmversion}
Release: %{pkg_release}
# DO NOT CHANGE THE 'ExclusiveArch' LINE TO TEMPORARILY EXCLUDE AN ARCHITECTURE BUILD.
# SET %%nobuildarches (ABOVE) INSTEAD
ExclusiveArch: %{all_x86} x86_64 ppc ppc64 ppc64p7 s390 s390x %{arm} aarch64 ppc64le
ExclusiveArch: %{all_x86} x86_64 ppc64 ppc64p7 s390 s390x %{arm} aarch64 ppc64le
ExclusiveOS: Linux
%ifnarch %{nobuildarches}
Requires: kernel-%{?variant:%{variant}-}core-uname-r = %{KVERREL}%{?variant}
@ -450,7 +420,6 @@ Source90: filter-x86_64.sh
Source91: filter-armv7hl.sh
Source92: filter-i686.sh
Source93: filter-aarch64.sh
Source94: filter-ppc.sh
Source95: filter-ppc64.sh
Source96: filter-ppc64le.sh
Source97: filter-s390x.sh
@ -472,8 +441,6 @@ Source32: config-x86-32-generic
Source40: config-x86_64-generic
Source50: config-powerpc-generic
Source51: config-powerpc32-generic
Source52: config-powerpc32-smp
Source53: config-powerpc64
Source54: config-powerpc64p7
Source55: config-powerpc64le
@ -527,7 +494,7 @@ Patch00: patch-3.%{base_sublevel}-git%{gitrev}.xz
Patch04: compile-fixes.patch
# build tweak for build ID magic, even for -vanilla
Patch05: makefile-after_link.patch
Patch05: kbuild-AFTER_LINK.patch
%if !%{nopatches}
@ -545,20 +512,38 @@ Patch470: die-floppy-die.patch
Patch500: Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
Patch510: silence-noise.patch
Patch510: input-silence-i8042-noise.patch
Patch530: silence-fbcon-logo.patch
Patch600: 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
Patch600: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
Patch800: crash-driver.patch
# crypto/
# secure boot
Patch1000: secure-modules.patch
Patch1001: modsign-uefi.patch
# atch1002: sb-hibernate.patch
Patch1003: sysrq-secure-boot.patch
Patch1000: Add-secure_modules-call.patch
Patch1001: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
Patch1002: x86-Lock-down-IO-port-access-when-module-security-is.patch
Patch1003: ACPI-Limit-access-to-custom_method.patch
Patch1004: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
Patch1005: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
Patch1006: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
Patch1007: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
Patch1008: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
Patch1009: Add-option-to-automatically-enforce-module-signature.patch
Patch1010: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
Patch1011: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
Patch1012: efi-Add-EFI_SECURE_BOOT-bit.patch
Patch1013: hibernate-Disable-in-a-signed-modules-environment.patch
Patch1014: Add-EFI-signature-data-types.patch
Patch1015: Add-an-EFI-signature-blob-parser-and-key-loader.patch
Patch1016: KEYS-Add-a-system-blacklist-keyring.patch
Patch1017: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
Patch1018: MODSIGN-Support-not-importing-certs-from-db.patch
Patch1019: Add-sysrq-option-to-disable-secure-boot-mode.patch
# virt + ksm patches
@ -581,17 +566,22 @@ Patch14000: hibernate-freeze-filesystems.patch
Patch14010: lis3-improve-handling-of-null-rate.patch
Patch15000: nowatchdog-on-virt.patch
Patch15000: watchdog-Disable-watchdog-on-virtual-machines.patch
# PPC
Patch18000: ppc64-fixtools.patch
# ARM64
# ARMv7
Patch21020: arm-tegra-usb-no-reset-linux33.patch
Patch21021: arm-beagle.patch
Patch21022: arm-imx6-utilite.patch
# http://www.spinics.net/lists/linux-tegra/msg17948.html
Patch21023: arm-tegra-drmdetection.patch
Patch21024: arm-qemu-fixdisplay.patch
Patch21020: ARM-tegra-usb-no-reset.patch
Patch21021: arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
Patch21022: arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
Patch21023: arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
Patch21024: arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
Patch21025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
Patch21026: pinctrl-pinctrl-single-must-be-initialized-early.patch
Patch21028: arm-i.MX6-Utilite-device-dtb.patch
#rhbz 754518
Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
@ -600,7 +590,7 @@ Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
Patch21242: criu-no-expert.patch
#rhbz 892811
Patch21247: ath9k_rx_dma_stop_check.patch
Patch21247: ath9k-rx-dma-stop-check.patch
Patch22000: weird-root-dentry-name-debug.patch
@ -608,27 +598,28 @@ Patch22000: weird-root-dentry-name-debug.patch
Patch25063: disable-libdw-unwind-on-non-x86.patch
#rhbz 983342 1093120
Patch25069: 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
Patch25069: acpi-video-Add-4-new-models-to-the-use_native_backli.patch
Patch26000: perf-lib64.patch
Patch26000: perf-install-trace-event-plugins.patch
# Patch series from Hans for various backlight and platform driver fixes
Patch26002: samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
Patch26004: asus-wmi-Add-a-no-backlight-quirk.patch
Patch26005: eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
Patch26013: acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch
Patch26014: acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
Patch25109: revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
#rhbz 1021036, submitted upstream
Patch25110: 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
#CVE-2014-{5206,5207} rhbz 1129662 1129669
Patch25119: namespaces-remount-fixes.patch
#rhbz 1132368
Patch26015: nfs-fix-kernel-warning-when-removing-proc-entry.patch
#rhbz 1134969
Patch26019: Input-wacom-Add-support-for-the-Cintiq-Companion.patch
Patch26016: HID-wacom-Add-support-for-the-Cintiq-Companion.patch
#rhbz 1116347
Patch26017: KEYS-Fix-termination-condition-in-assoc-array-garbag.patch
#rhbz 1110011
Patch26018: i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
Patch26019: psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
Patch26020: psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch
@ -950,15 +941,6 @@ Provides: kernel-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?1:+%{1}}\
# Now, each variant package.
%define variant_summary The Linux kernel compiled for SMP machines
%kernel_variant_package -n SMP smp
%description smp-core
This package includes a SMP version of the Linux kernel. It is
required only on machines with two or more CPUs as well as machines with
hyperthreading technology.
Install the kernel-smp package if your machine uses two or more CPUs.
%ifnarch armv7hl
%define variant_summary The Linux kernel compiled for PAE capable machines
%kernel_variant_package %{pae}
@ -1022,13 +1004,6 @@ exit 1
%endif
%endif
%if %{with_smponly}
%if !%{with_smp}
echo "Cannot build --with smponly, smp build is disabled"
exit 1
%endif
%endif
%if "%{baserelease}" == "0"
echo "baserelease must be greater than zero"
exit 1
@ -1242,7 +1217,7 @@ do
done
%endif
ApplyPatch makefile-after_link.patch
ApplyPatch kbuild-AFTER_LINK.patch
#
# misc small stuff to make things compile
@ -1256,18 +1231,24 @@ ApplyOptionalPatch upstream-reverts.patch -R
# Architecture patches
# x86(-64)
ApplyPatch 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
ApplyPatch lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
# PPC
ApplyPatch ppc64-fixtools.patch
# ARM64
#
# ARM
#
ApplyPatch arm-tegra-usb-no-reset-linux33.patch
ApplyPatch arm-beagle.patch
ApplyPatch arm-imx6-utilite.patch
ApplyPatch arm-tegra-drmdetection.patch
ApplyPatch arm-qemu-fixdisplay.patch
ApplyPatch ARM-tegra-usb-no-reset.patch
ApplyPatch arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
ApplyPatch arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
ApplyPatch arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
ApplyPatch arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
#
# bugfixes to drivers and filesystems
@ -1315,7 +1296,7 @@ ApplyPatch die-floppy-die.patch
ApplyPatch no-pcspkr-modalias.patch
# Silence some useless messages that still get printed with 'quiet'
ApplyPatch silence-noise.patch
ApplyPatch input-silence-i8042-noise.patch
# Make fbcon not show the penguins with 'quiet'
ApplyPatch silence-fbcon-logo.patch
@ -1328,10 +1309,28 @@ ApplyPatch crash-driver.patch
# crypto/
# secure boot
ApplyPatch secure-modules.patch
ApplyPatch modsign-uefi.patch
# pplyPatch sb-hibernate.patch
ApplyPatch sysrq-secure-boot.patch
ApplyPatch Add-secure_modules-call.patch
ApplyPatch PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
ApplyPatch x86-Lock-down-IO-port-access-when-module-security-is.patch
ApplyPatch ACPI-Limit-access-to-custom_method.patch
ApplyPatch asus-wmi-Restrict-debugfs-interface-when-module-load.patch
ApplyPatch Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
ApplyPatch acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
ApplyPatch kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
ApplyPatch x86-Restrict-MSR-access-when-module-loading-is-restr.patch
ApplyPatch Add-option-to-automatically-enforce-module-signature.patch
ApplyPatch efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
ApplyPatch efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
ApplyPatch efi-Add-EFI_SECURE_BOOT-bit.patch
ApplyPatch hibernate-Disable-in-a-signed-modules-environment.patch
ApplyPatch Add-EFI-signature-data-types.patch
ApplyPatch Add-an-EFI-signature-blob-parser-and-key-loader.patch
ApplyPatch KEYS-Add-a-system-blacklist-keyring.patch
ApplyPatch MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
ApplyPatch MODSIGN-Support-not-importing-certs-from-db.patch
ApplyPatch Add-sysrq-option-to-disable-secure-boot-mode.patch
# Assorted Virt Fixes
@ -1353,7 +1352,7 @@ ApplyPatch disable-i8042-check-on-apple-mac.patch
ApplyPatch lis3-improve-handling-of-null-rate.patch
# Disable watchdog on virtual machines.
ApplyPatch nowatchdog-on-virt.patch
ApplyPatch watchdog-Disable-watchdog-on-virtual-machines.patch
#rhbz 754518
ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
@ -1364,33 +1363,34 @@ ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
ApplyPatch criu-no-expert.patch
#rhbz 892811
ApplyPatch ath9k_rx_dma_stop_check.patch
ApplyPatch ath9k-rx-dma-stop-check.patch
#rhbz 1025603
ApplyPatch disable-libdw-unwind-on-non-x86.patch
#rhbz 983342 1093120
ApplyPatch 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
ApplyPatch acpi-video-Add-4-new-models-to-the-use_native_backli.patch
ApplyPatch perf-lib64.patch
ApplyPatch perf-install-trace-event-plugins.patch
# Patch series from Hans for various backlight and platform driver fixes
ApplyPatch samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
ApplyPatch asus-wmi-Add-a-no-backlight-quirk.patch
ApplyPatch eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
ApplyPatch acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch
ApplyPatch acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
ApplyPatch revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
#rhbz 1021036, submitted upstream
ApplyPatch 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
#CVE-2014-{5206,5207} rhbz 1129662 1129669
ApplyPatch namespaces-remount-fixes.patch
#rhbz 1132368
ApplyPatch nfs-fix-kernel-warning-when-removing-proc-entry.patch
#rhbz 1134969
ApplyPatch Input-wacom-Add-support-for-the-Cintiq-Companion.patch
ApplyPatch HID-wacom-Add-support-for-the-Cintiq-Companion.patch
#rhbz 1116347
ApplyPatch KEYS-Fix-termination-condition-in-assoc-array-garbag.patch
#rhbz 1110011
ApplyPatch i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
ApplyPatch psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
ApplyPatch psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
%if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch
@ -1648,7 +1648,7 @@ BuildKernel() {
fi
rm -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts/*.o
rm -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts/*/*.o
%ifarch ppc %{power64}
%ifarch %{power64}
cp -a --parents arch/powerpc/lib/crtsavres.[So] $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/
%endif
if [ -d arch/%{asmarch}/include ]; then
@ -1831,10 +1831,6 @@ BuildKernel %make_target %kernel_image %{pae}
BuildKernel %make_target %kernel_image
%endif
%if %{with_smp}
BuildKernel %make_target %kernel_image smp
%endif
%global perf_make \
make -s %{?cross_opts} %{?_smp_mflags} -C tools/perf V=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_LIBNUMA=1 NO_STRLCPY=1 NO_BIONIC=1 prefix=%{_prefix}
%if %{with_perf}
@ -2118,9 +2114,6 @@ fi}\
%kernel_variant_preun
%kernel_variant_post -r kernel-smp
%kernel_variant_preun smp
%kernel_variant_post -v smp
%kernel_variant_preun %{pae}
%kernel_variant_post -v %{pae} -r (kernel|kernel-smp)
@ -2275,7 +2268,6 @@ fi
%kernel_variant_files %{with_up}
%kernel_variant_files %{with_smp} smp
%kernel_variant_files %{with_debug} debug
%kernel_variant_files %{with_pae} %{pae}
%kernel_variant_files %{with_pae_debug} %{pae}debug
@ -2294,56 +2286,146 @@ fi
# ||----w |
# || ||
%changelog
* Fri Sep 12 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git4.1
- Linux v3.17-rc4-244-g5874cfed0b04
* Thu Sep 11 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Enable ACPI_I2C_OPREGION
* Thu Sep 11 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git3.1
- Linux v3.17-rc4-168-g7ec62d421bdf
- Add support for touchpad in Asus X450 and X550 (rhbz 1110011)
* Wed Sep 10 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git2.1
- Linux v3.17-rc4-158-ge874a5fe3efa
- Add patch to fix oops on keyring gc (rhbz 1116347)
* Tue Sep 09 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git1.1
- Linux v3.17-rc4-140-g8c68face5548
- Reenable debugging options.
* Mon Sep 08 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Remove ppc32 support
* Mon Sep 8 2014 Peter Robinson <pbrobinson@fedoraproject.org>
- Build tools on ppc64le (rhbz 1138884)
- Some minor ppc64 cleanups
* Fri Sep 05 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.2-300
- Linux v3.16.2
* Mon Sep 08 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git0.1
- Linux v3.17-rc4
- Disable debugging options.
* Thu Sep 04 2014 Josh Boyer <jwboyer@fedoraproject.org>
* Fri Sep 05 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git3.1
- Linux v3.17-rc3-94-gb7fece1be8b1
* Thu Sep 04 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git2.1
- Linux v3.17-rc3-63-g44bf091f5089
- Enable kexec bzImage signature verification (from Vivek Goyal)
- Add support for Wacom Cintiq Companion from Benjamin Tissoires (rhbz 1134969)
* Wed Sep 03 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git1.1
- Linux v3.17-rc3-16-g955837d8f50e
- Reenable debugging options.
* Tue Sep 02 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Remove with_extra switch
* Mon Sep 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git0.1
- Linux v3.17-rc3
- Disable debugging options.
* Fri Aug 29 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git3.1
- Linux v3.17-rc2-89-g59753a805499
* Thu Aug 28 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Fix NFSv3 ACL regression (rhbz 1132786)
* Thu Aug 28 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git2.1
- Linux v3.17-rc2-42-gf1bd473f95e0
- Don't enable CONFIG_DEBUG_WW_MUTEX_SLOWPATH (rhbz 1114160)
* Wed Aug 27 2014 Justin M. Forbes <jforbes@fedoraproject.org>
- CVE-2014-{5471,5472} isofs: Fix unbounded recursion when processing relocated
directories (rhbz 1134099 1134101)
* Wed Aug 27 2014 Josh Boyer <jwboyer@fedoraproject.org>
* Wed Aug 27 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git1.1
- Disable streams on via XHCI (rhbz 1132666)
- Linux v3.17-rc2-9-g68e370289c29
- Reenable debugging options.
* Tue Aug 26 2014 Peter Robinson <pbrobinson@fedoraproject.org>
- Minor tegra updates due to incorrect nvidia kernel config options
* Tue Aug 26 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git0.1
- Linux v3.17-rc2
- Fixup ARM MFD options after I2C=y change
- Disable debugging options.
* Tue Aug 26 2014 Peter Robinson <pbrobinson@fedoraproject.org>
- Minor generic ARMv7 updates
- Build tegra on both LPAE and general ARMv7 kernels (thank srwarren RHBZ 1110963)
- Set CMA to 64mb on LPAE kernel (RHBZ 1127000)
* Fri Aug 22 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.1-301
* Mon Aug 25 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git4.1
- Linux v3.17-rc1-231-g7be141d05549
- Add patch to fix NFS oops on /proc removal (rhbz 1132368)
* Fri Aug 22 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Drop userns revert patch (rhbz 917708)
* Tue Aug 19 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Fix NFSv3 oops (rhbz 1131551)
* Fri Aug 22 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git3.1
- Linux v3.17-rc1-99-g5317821c0853
* Fri Aug 15 2014 Peter Robinson <pbrobinson@fedoraproject.org>
- ARM updates for 3.16
* Thu Aug 21 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git2.1
- Linux v3.17-rc1-51-g372b1dbdd1fb
* Wed Aug 20 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git1.1
- Linux v3.17-rc1-22-g480cadc2b7e0
- Reenable debugging options.
* Mon Aug 18 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git0.1
- Linux v3.17-rc1
- Disable debugging options.
* Sat Aug 16 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git7.1
- Linux v3.16-11452-g88ec63d6f85c
* Fri Aug 15 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git6.1
- Linux v3.16-11383-gc9d26423e56c
* Thu Aug 14 2014 Kyle McMartin <kyle@fedoraproject.org>
- kernel-arm64: resynch with git head (no functional change)
* Thu Aug 14 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git5.1
- Linux v3.16-10959-gf0094b28f303
* Wed Aug 13 2014 Peter Robinson <pbrobinson@fedoraproject.org>
- 3.17 ARMv7 updates
- Cleanup some old removed options
- Disable legacy USB OTG (using new configfs equivilents)
- Upstream patch to fix display on qemu (VExpress A9)
* Thu Aug 14 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.1-300
- Linux v3.16.1
* Tue Aug 12 2014 Kyle McMartin <kyle@fedoraproject.org> 3.17.0-0.rc0.git4.2
- tegra-powergate-header-move.patch: deal with armv7hl breakage
- nouveau_platform-fix.patch: handle nouveau_dev() removal
* Thu Aug 14 2014 Hans de Goede <hdegoede@redhat.com>
- Blacklist usb bulk streams on Etron EJ168 xhci controllers (rhbz#1121288)
- UAS: Limit max number of requests over USB-2 to 32 (rhbz#1128472)
* Tue Aug 12 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git4.1
- Add updated crash driver from Dave Anderson and re-enable
* Wed Aug 13 2014 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2014-{5206,5207} ro bind mount bypass with namespaces (rhbz 1129662 1129669)
* Tue Aug 12 2014 Kyle McMartin <kyle@fedoraproject.org>
- kernel-arm64.patch: fix up merge conflict and re-enable
* Tue Aug 12 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Linux v3.16-10473-gc8d6637d0497
* Sat Aug 09 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git3.1
- Linux v3.16-10013-gc309bfa9b481
- Temporarily don't apply crash driver patch
* Thu Aug 07 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git2.1
- Linux v3.16-7503-g33caee39925b
* Tue Aug 05 2014 Kyle McMartin <kyle@fedoraproject.org>
- kernel-arm64.patch: fix up merge conflict and re-enable
* Tue Aug 05 2014 Josh Boyer <jwboyer@gmail.com> - 3.17.0-0.rc0.git1.1
- Linux v3.16-3652-gf19107379dbc
- Reenable debugging options.
* Mon Aug 04 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.0-1
- Linux v3.16

View File

@ -0,0 +1,44 @@
From 1f5d1a446393a33490fe50d4ae6dd3e67d06e7e5 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
loading restrictions
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that module signing enforcement is meant to prevent. It makes
sense to disable kexec in this situation.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
kernel/kexec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 2bee072268d9..891477dbfee0 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -36,6 +36,7 @@
#include <linux/syscore_ops.h>
#include <linux/compiler.h>
#include <linux/hugetlb.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -1251,6 +1252,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
+ if (secure_modules())
+ return -EPERM;
+
+ /*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
1.9.3

View File

@ -1,7 +1,4 @@
Bugzilla: N/A
Upstream-status: Nak'd, supposedly replacement coming to auto-select
From 0f3f5c5b4ca2eb1f41947c50bedb9b17aa1a1f80 Mon Sep 17 00:00:00 2001
From be4d9ecdaa91bd4dcc38e6082c5e48c5c88ec3ee Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Mon, 11 Nov 2013 08:39:16 -0500
Subject: [PATCH] lib/cpumask: Make CPUMASK_OFFSTACK usable without debug
@ -14,16 +11,19 @@ operation of the feature, and we need CPUMASK_OFFSTACK to increase the
NR_CPUS value beyond 512 on x86. We drop the current dependency and make
sure SMP is set.
Bugzilla: N/A
Upstream-status: Nak'd, supposedly replacement coming to auto-select
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
lib/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index b3c8be0..50b47cd 100644
index a5ce0c7f6c30..54cef46c99d7 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -342,7 +342,8 @@ config CHECK_SIGNATURE
@@ -379,7 +379,8 @@ config CHECK_SIGNATURE
bool
config CPUMASK_OFFSTACK
@ -34,5 +34,5 @@ index b3c8be0..50b47cd 100644
Use dynamic allocation for cpumask_var_t, instead of putting
them on the stack. This is a bit more expensive, but avoids
--
1.8.3.1
1.9.3

View File

@ -1,13 +1,7 @@
Bugzilla: 785814
Upstream-status: ??
>From 56fb161a9ca0129f8e266e4dbe79346552ff8089 Mon Sep 17 00:00:00 2001
From 913036cdc44e936c194294184853e4844af0494b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Piel?= <eric.piel@tremplin-utc.net>
Date: Thu, 3 Nov 2011 16:22:40 +0100
Subject: [PATCH] lis3: Improve handling of null rate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [PATCH] lis3: improve handling of null rate
When obtaining a rate of 0, we would disable the device supposely
because it seems to behave incorectly. It actually only comes from the
@ -15,16 +9,19 @@ fact that the device is off and on lis3dc it's reflected in the rate.
So handle this nicely by just waiting a safe time, and then using the
device as normally.
Bugzilla: 785814
Upstream-status: ??
Signed-off-by: ??ric Piel <eric.piel@tremplin-utc.net>
---
drivers/misc/lis3lv02d/lis3lv02d.c | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
index 35c67e0..42dce2a 100644
index 3ef4627f9cb1..2b2d2e8e5eeb 100644
--- a/drivers/misc/lis3lv02d/lis3lv02d.c
+++ b/drivers/misc/lis3lv02d/lis3lv02d.c
@@ -188,7 +188,8 @@ static void lis3lv02d_get_xyz(struct lis3lv02d *lis3, int *x, int *y, int *z)
@@ -216,7 +216,8 @@ static void lis3lv02d_get_xyz(struct lis3lv02d *lis3, int *x, int *y, int *z)
/* conversion btw sampling rate and the register values */
static int lis3_12_rates[4] = {40, 160, 640, 2560};
static int lis3_8_rates[2] = {100, 400};
@ -34,7 +31,7 @@ index 35c67e0..42dce2a 100644
static int lis3_3dlh_rates[4] = {50, 100, 400, 1000};
/* ODR is Output Data Rate */
@@ -202,12 +203,11 @@ static int lis3lv02d_get_odr(struct lis3lv02d *lis3)
@@ -231,12 +232,11 @@ static int lis3lv02d_get_odr(struct lis3lv02d *lis3)
return lis3->odrs[(ctrl >> shift)];
}
@ -50,7 +47,7 @@ index 35c67e0..42dce2a 100644
/* LIS3 power on delay is quite long */
msleep(lis3->pwron_delay / div);
@@ -274,7 +274,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
@@ -303,7 +303,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
lis3->read(lis3, ctlreg, &reg);
lis3->write(lis3, ctlreg, (reg | selftest));
@ -59,7 +56,7 @@ index 35c67e0..42dce2a 100644
if (ret)
goto fail;
@@ -285,7 +285,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
@@ -314,7 +314,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
/* back to normal settings */
lis3->write(lis3, ctlreg, reg);
@ -68,8 +65,8 @@ index 35c67e0..42dce2a 100644
if (ret)
goto fail;
@@ -397,7 +397,7 @@ int lis3lv02d_poweron(struct lis3lv02d *lis3)
lis3->write(lis3, CTRL_REG2, reg);
@@ -434,7 +434,7 @@ int lis3lv02d_poweron(struct lis3lv02d *lis3)
}
}
- err = lis3lv02d_get_pwron_wait(lis3);
@ -78,5 +75,5 @@ index 35c67e0..42dce2a 100644
return err;
--
1.7.7.1
1.9.3

View File

@ -1,624 +0,0 @@
Bugzilla: N/A
Upstream-status: Fedora mustard for now
From fa2bfe718da40bf24f92c85846577e9bc788882c Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH 1/5] Add EFI signature data types
Add the data types that are used for containing hashes, keys and certificates
for cryptographic verification.
Signed-off-by: David Howells <dhowells@redhat.com>
---
include/linux/efi.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index e73f391fd3c8..3d66a61bbbca 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -578,6 +578,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define DEVICE_TREE_GUID \
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
+#define EFI_CERT_SHA256_GUID \
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
+
+#define EFI_CERT_X509_GUID \
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+
typedef struct {
efi_guid_t guid;
u64 table;
@@ -793,6 +799,20 @@ typedef struct _efi_file_io_interface {
#define EFI_INVALID_TABLE_ADDR (~0UL)
+typedef struct {
+ efi_guid_t signature_owner;
+ u8 signature_data[];
+} efi_signature_data_t;
+
+typedef struct {
+ efi_guid_t signature_type;
+ u32 signature_list_size;
+ u32 signature_header_size;
+ u32 signature_size;
+ u8 signature_header[];
+ /* efi_signature_data_t signatures[][] */
+} efi_signature_list_t;
+
/*
* All runtime access to EFI goes through this structure:
*/
--
1.9.3
From 922e0512ce70101b596558d5bb075cd40a450322 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH 2/5] Add an EFI signature blob parser and key loader.
X.509 certificates are loaded into the specified keyring as asymmetric type
keys.
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/Kconfig | 8 +++
crypto/asymmetric_keys/Makefile | 1 +
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
include/linux/efi.h | 4 ++
4 files changed, 122 insertions(+)
create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 03a6eb95ab50..6306ffc2a7fe 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -37,4 +37,12 @@ config X509_CERTIFICATE_PARSER
data and provides the ability to instantiate a crypto key from a
public key packet found inside the certificate.
+config EFI_SIGNATURE_LIST_PARSER
+ bool "EFI signature list parser"
+ depends on EFI
+ select X509_CERTIFICATE_PARSER
+ help
+ This option provides support for parsing EFI signature lists for
+ X.509 certificates and turning them into keys.
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 0727204aab68..cd8388e5f2f1 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
#
# X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
new file mode 100644
index 000000000000..424896a0b169
--- /dev/null
+++ b/crypto/asymmetric_keys/efi_parser.c
@@ -0,0 +1,109 @@
+/* EFI signature/key/certificate list parser
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "EFI: "fmt
+#include <linux/module.h>
+#include <linux/printk.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <keys/asymmetric-type.h>
+
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
+
+/**
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
+ * @data: The data blob to parse
+ * @size: The size of the data blob
+ * @keyring: The keyring to add extracted keys to
+ */
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
+{
+ unsigned offs = 0;
+ size_t lsize, esize, hsize, elsize;
+
+ pr_devel("-->%s(,%zu)\n", __func__, size);
+
+ while (size > 0) {
+ efi_signature_list_t list;
+ const efi_signature_data_t *elem;
+ key_ref_t key;
+
+ if (size < sizeof(list))
+ return -EBADMSG;
+
+ memcpy(&list, data, sizeof(list));
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
+ offs,
+ list.signature_type.b, list.signature_list_size,
+ list.signature_header_size, list.signature_size);
+
+ lsize = list.signature_list_size;
+ hsize = list.signature_header_size;
+ esize = list.signature_size;
+ elsize = lsize - sizeof(list) - hsize;
+
+ if (lsize > size) {
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
+ __func__, offs);
+ return -EBADMSG;
+ }
+ if (lsize < sizeof(list) ||
+ lsize - sizeof(list) < hsize ||
+ esize < sizeof(*elem) ||
+ elsize < esize ||
+ elsize % esize != 0) {
+ pr_devel("- bad size combo @%x\n", offs);
+ return -EBADMSG;
+ }
+
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
+ data += lsize;
+ size -= lsize;
+ offs += lsize;
+ continue;
+ }
+
+ data += sizeof(list) + hsize;
+ size -= sizeof(list) + hsize;
+ offs += sizeof(list) + hsize;
+
+ for (; elsize > 0; elsize -= esize) {
+ elem = data;
+
+ pr_devel("ELEM[%04x]\n", offs);
+
+ key = key_create_or_update(
+ make_key_ref(keyring, 1),
+ "asymmetric",
+ NULL,
+ &elem->signature_data,
+ esize - sizeof(*elem),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW,
+ KEY_ALLOC_NOT_IN_QUOTA |
+ KEY_ALLOC_TRUSTED);
+
+ if (IS_ERR(key))
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
+ PTR_ERR(key));
+ else
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
+ key_ref_to_ptr(key)->description,
+ keyring->description);
+
+ data += esize;
+ size -= esize;
+ offs += esize;
+ }
+ }
+
+ return 0;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 3d66a61bbbca..7854ff3c0f11 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -901,6 +901,10 @@ extern struct efi_memory_map memmap;
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
(md) = (void *)(md) + (m)->desc_size)
+struct key;
+extern int __init parse_efi_signature_list(const void *data, size_t size,
+ struct key *keyring);
+
/**
* efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address
--
1.9.3
From 2534dedee545507c00973279d5db515e122b5104 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH 3/5] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules
and if the module's certificate is found, it will refuse to load. This is
useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/keys/system_keyring.h | 4 ++++
init/Kconfig | 9 +++++++++
kernel/module_signing.c | 12 ++++++++++++
kernel/system_keyring.c | 17 +++++++++++++++++
4 files changed, 42 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 8dabc399bd1d..e466de10ceec 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -18,6 +18,10 @@
extern struct key *system_trusted_keyring;
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 9d76b99af1b9..ac5f580437a0 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1677,6 +1677,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fac4bd0..fed815fcdaf2 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
pr_debug("Look up: \"%s\"\n", id);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
+ &key_type_asymmetric, id);
+ if (!IS_ERR(key)) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key '%s' is in blacklist\n", id);
+ key_ref_put(key);
+ kfree(id);
+ return ERR_PTR(-EKEYREJECTED);
+ }
+#endif
+
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
&key_type_asymmetric, id);
if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 52ebc70263f4..478c4f8ec908 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
EXPORT_SYMBOL_GPL(system_trusted_keyring);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+struct key *system_blacklist_keyring;
+#endif
extern __initconst const u8 system_certificate_list[];
extern __initconst const unsigned long system_certificate_list_size;
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
panic("Can't allocate system trusted keyring\n");
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ,
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ if (IS_ERR(system_blacklist_keyring))
+ panic("Can't allocate system blacklist keyring\n");
+
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
+#endif
+
return 0;
}
--
1.9.3
From a72ed58241f0d62b7f9fbf4e1fbbcc1e02145098 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH 4/5] MODSIGN: Import certificates from UEFI Secure Boot
Secure Boot stores a list of allowed certificates in the 'db' variable.
This imports those certificates into the system trusted keyring. This
allows for a third party signing certificate to be used in conjunction
with signed modules. By importing the public certificate into the 'db'
variable, a user can allow a module signed with that certificate to
load. The shim UEFI bootloader has a similar certificate list stored
in the 'MokListRT' variable. We import those as well.
In the opposite case, Secure Boot maintains a list of disallowed
certificates in the 'dbx' variable. We load those certificates into
the newly introduced system blacklist keyring and forbid any module
signed with those from loading.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
include/linux/efi.h | 6 ++++
init/Kconfig | 9 +++++
kernel/Makefile | 3 ++
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 110 insertions(+)
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 7854ff3c0f11..31fd75e7230b 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -584,6 +584,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
+
+#define EFI_SHIM_LOCK_GUID \
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
+
typedef struct {
efi_guid_t guid;
u64 table;
diff --git a/init/Kconfig b/init/Kconfig
index ac5f580437a0..ca7268b594aa 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1831,6 +1831,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_UEFI
+ bool "Allow modules signed with certs stored in UEFI"
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
+ select EFI_SIGNATURE_LIST_PARSER
+ help
+ This will import certificates stored in UEFI and allow modules
+ signed with those to be loaded. It will also disallow loading
+ of modules stored in the UEFI dbx variable.
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index f2a8b6246ce9..706e7952bde5 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+
# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644
index 000000000000..94b0eb38a284
--- /dev/null
+++ b/kernel/modsign_uefi.c
@@ -0,0 +1,92 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/cred.h>
+#include <linux/err.h>
+#include <linux/efi.h>
+#include <linux/slab.h>
+#include <keys/asymmetric-type.h>
+#include <keys/system_keyring.h>
+#include "module-internal.h"
+
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+{
+ efi_status_t status;
+ unsigned long lsize = 4;
+ unsigned long tmpdb[4];
+ void *db = NULL;
+
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status != EFI_BUFFER_TOO_SMALL) {
+ pr_err("Couldn't get size: 0x%lx\n", status);
+ return NULL;
+ }
+
+ db = kmalloc(lsize, GFP_KERNEL);
+ if (!db) {
+ pr_err("Couldn't allocate memory for uefi cert list\n");
+ goto out;
+ }
+
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
+ if (status != EFI_SUCCESS) {
+ kfree(db);
+ db = NULL;
+ pr_err("Error reading db var: 0x%lx\n", status);
+ }
+out:
+ *size = lsize;
+ return db;
+}
+
+/*
+ * * Load the certs contained in the UEFI databases
+ * */
+static int __init load_uefi_certs(void)
+{
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
+ void *db = NULL, *dbx = NULL, *mok = NULL;
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
+ int rc = 0;
+
+ /* Check if SB is enabled and just return if not */
+ if (!efi_enabled(EFI_SECURE_BOOT))
+ return 0;
+
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
+ * an error if we can't get them.
+ */
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
+
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+ if (!mok) {
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+ } else {
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
+ kfree(mok);
+ }
+
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
+ if (!dbx) {
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+ } else {
+ rc = parse_efi_signature_list(dbx, dbxsize,
+ system_blacklist_keyring);
+ if (rc)
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
+ kfree(dbx);
+ }
+
+ return rc;
+}
+late_initcall(load_uefi_certs);
--
1.9.3
From 11bb98e3a62de77fc66a3e2197578dd9d891b998 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH 5/5] MODSIGN: Support not importing certs from db
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
Have the uefi import code look for this and not import things from the db
variable.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
index 94b0eb38a284..ae28b974d49a 100644
--- a/kernel/modsign_uefi.c
+++ b/kernel/modsign_uefi.c
@@ -8,6 +8,23 @@
#include <keys/system_keyring.h>
#include "module-internal.h"
+static __init int check_ignore_db(void)
+{
+ efi_status_t status;
+ unsigned int db = 0;
+ unsigned long size = sizeof(db);
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
+
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
+ * then we don't ignore DB. If it succeeds, we do.
+ */
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ return 1;
+}
+
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
{
efi_status_t status;
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
void *db = NULL, *dbx = NULL, *mok = NULL;
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
- int rc = 0;
+ int ignore_db, rc = 0;
/* Check if SB is enabled and just return if not */
if (!efi_enabled(EFI_SECURE_BOOT))
return 0;
+ /* See if the user has setup Ignore DB mode */
+ ignore_db = check_ignore_db();
+
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
* an error if we can't get them.
*/
- db = get_cert_list(L"db", &secure_var, &dbsize);
- if (!db) {
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
- } else {
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
- if (rc)
- pr_err("Couldn't parse db signatures: %d\n", rc);
- kfree(db);
+ if (!ignore_db) {
+ db = get_cert_list(L"db", &secure_var, &dbsize);
+ if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else {
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db);
+ }
}
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
1.9.3

View File

@ -1,625 +0,0 @@
Bugzilla: 1129669
Upstream-status: 3.17 and CC'd to stable
From a6138db815df5ee542d848318e5dae681590fccd Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Mon, 28 Jul 2014 16:26:53 -0700
Subject: [PATCH 1/5] mnt: Only change user settable mount flags in remount
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
read-only bind mount read-only in a user namespace the
MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
to the remount a read-only mount read-write.
Correct this by replacing the mask of mount flags to preserve
with a mask of mount flags that may be changed, and preserve
all others. This ensures that any future bugs with this mask and
remount will fail in an easy to detect way where new mount flags
simply won't change.
Cc: stable@vger.kernel.org
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/namespace.c | 2 +-
include/linux/mount.h | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 7187d01329c3..cb40449ea0df 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1937,7 +1937,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
err = do_remount_sb(sb, flags, data, 0);
if (!err) {
lock_mount_hash();
- mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK;
+ mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
mnt->mnt.mnt_flags = mnt_flags;
touch_mnt_namespace(mnt->mnt_ns);
unlock_mount_hash();
diff --git a/include/linux/mount.h b/include/linux/mount.h
index 839bac270904..b637a89e1fae 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -42,7 +42,9 @@ struct mnt_namespace;
* flag, consider how it interacts with shared mounts.
*/
#define MNT_SHARED_MASK (MNT_UNBINDABLE)
-#define MNT_PROPAGATION_MASK (MNT_SHARED | MNT_UNBINDABLE)
+#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
+ | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
+ | MNT_READONLY)
#define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \
MNT_DOOMED | MNT_SYNC_UMOUNT | MNT_MARKED)
--
2.0.4
From 07b645589dcda8b7a5249e096fece2a67556f0f4 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Mon, 28 Jul 2014 17:10:56 -0700
Subject: [PATCH 2/5] mnt: Move the test for MNT_LOCK_READONLY from
change_mount_flags into do_remount
There are no races as locked mount flags are guaranteed to never change.
Moving the test into do_remount makes it more visible, and ensures all
filesystem remounts pass the MNT_LOCK_READONLY permission check. This
second case is not an issue today as filesystem remounts are guarded
by capable(CAP_DAC_ADMIN) and thus will always fail in less privileged
mount namespaces, but it could become an issue in the future.
Cc: stable@vger.kernel.org
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/namespace.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index cb40449ea0df..1105a577a14f 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1896,9 +1896,6 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags)
if (readonly_request == __mnt_is_readonly(mnt))
return 0;
- if (mnt->mnt_flags & MNT_LOCK_READONLY)
- return -EPERM;
-
if (readonly_request)
error = mnt_make_readonly(real_mount(mnt));
else
@@ -1924,6 +1921,16 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
if (path->dentry != path->mnt->mnt_root)
return -EINVAL;
+ /* Don't allow changing of locked mnt flags.
+ *
+ * No locks need to be held here while testing the various
+ * MNT_LOCK flags because those flags can never be cleared
+ * once they are set.
+ */
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) &&
+ !(mnt_flags & MNT_READONLY)) {
+ return -EPERM;
+ }
err = security_sb_remount(sb, data);
if (err)
return err;
--
2.0.4
From 9566d6742852c527bf5af38af5cbb878dad75705 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Mon, 28 Jul 2014 17:26:07 -0700
Subject: [PATCH 3/5] mnt: Correct permission checks in do_remount
While invesgiating the issue where in "mount --bind -oremount,ro ..."
would result in later "mount --bind -oremount,rw" succeeding even if
the mount started off locked I realized that there are several
additional mount flags that should be locked and are not.
In particular MNT_NOSUID, MNT_NODEV, MNT_NOEXEC, and the atime
flags in addition to MNT_READONLY should all be locked. These
flags are all per superblock, can all be changed with MS_BIND,
and should not be changable if set by a more privileged user.
The following additions to the current logic are added in this patch.
- nosuid may not be clearable by a less privileged user.
- nodev may not be clearable by a less privielged user.
- noexec may not be clearable by a less privileged user.
- atime flags may not be changeable by a less privileged user.
The logic with atime is that always setting atime on access is a
global policy and backup software and auditing software could break if
atime bits are not updated (when they are configured to be updated),
and serious performance degradation could result (DOS attack) if atime
updates happen when they have been explicitly disabled. Therefore an
unprivileged user should not be able to mess with the atime bits set
by a more privileged user.
The additional restrictions are implemented with the addition of
MNT_LOCK_NOSUID, MNT_LOCK_NODEV, MNT_LOCK_NOEXEC, and MNT_LOCK_ATIME
mnt flags.
Taken together these changes and the fixes for MNT_LOCK_READONLY
should make it safe for an unprivileged user to create a user
namespace and to call "mount --bind -o remount,... ..." without
the danger of mount flags being changed maliciously.
Cc: stable@vger.kernel.org
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/namespace.c | 36 +++++++++++++++++++++++++++++++++---
include/linux/mount.h | 5 +++++
2 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 1105a577a14f..dd9c93b5a9d5 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -890,8 +890,21 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root,
mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~(MNT_WRITE_HOLD|MNT_MARKED);
/* Don't allow unprivileged users to change mount flags */
- if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY))
- mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
+ if (flag & CL_UNPRIVILEGED) {
+ mnt->mnt.mnt_flags |= MNT_LOCK_ATIME;
+
+ if (mnt->mnt.mnt_flags & MNT_READONLY)
+ mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
+
+ if (mnt->mnt.mnt_flags & MNT_NODEV)
+ mnt->mnt.mnt_flags |= MNT_LOCK_NODEV;
+
+ if (mnt->mnt.mnt_flags & MNT_NOSUID)
+ mnt->mnt.mnt_flags |= MNT_LOCK_NOSUID;
+
+ if (mnt->mnt.mnt_flags & MNT_NOEXEC)
+ mnt->mnt.mnt_flags |= MNT_LOCK_NOEXEC;
+ }
/* Don't allow unprivileged users to reveal what is under a mount */
if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire))
@@ -1931,6 +1944,23 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
!(mnt_flags & MNT_READONLY)) {
return -EPERM;
}
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
+ !(mnt_flags & MNT_NODEV)) {
+ return -EPERM;
+ }
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
+ !(mnt_flags & MNT_NOSUID)) {
+ return -EPERM;
+ }
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOEXEC) &&
+ !(mnt_flags & MNT_NOEXEC)) {
+ return -EPERM;
+ }
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_ATIME) &&
+ ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (mnt_flags & MNT_ATIME_MASK))) {
+ return -EPERM;
+ }
+
err = security_sb_remount(sb, data);
if (err)
return err;
@@ -2129,7 +2159,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
*/
if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) {
flags |= MS_NODEV;
- mnt_flags |= MNT_NODEV;
+ mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
}
}
diff --git a/include/linux/mount.h b/include/linux/mount.h
index b637a89e1fae..b0c1e6574e7f 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -45,12 +45,17 @@ struct mnt_namespace;
#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
| MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
| MNT_READONLY)
+#define MNT_ATIME_MASK (MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME )
#define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \
MNT_DOOMED | MNT_SYNC_UMOUNT | MNT_MARKED)
#define MNT_INTERNAL 0x4000
+#define MNT_LOCK_ATIME 0x040000
+#define MNT_LOCK_NOEXEC 0x080000
+#define MNT_LOCK_NOSUID 0x100000
+#define MNT_LOCK_NODEV 0x200000
#define MNT_LOCK_READONLY 0x400000
#define MNT_LOCKED 0x800000
#define MNT_DOOMED 0x1000000
--
2.0.4
From ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Mon, 28 Jul 2014 17:36:04 -0700
Subject: [PATCH 4/5] mnt: Change the default remount atime from relatime to
the existing value
Since March 2009 the kernel has treated the state that if no
MS_..ATIME flags are passed then the kernel defaults to relatime.
Defaulting to relatime instead of the existing atime state during a
remount is silly, and causes problems in practice for people who don't
specify any MS_...ATIME flags and to get the default filesystem atime
setting. Those users may encounter a permission error because the
default atime setting does not work.
A default that does not work and causes permission problems is
ridiculous, so preserve the existing value to have a default
atime setting that is always guaranteed to work.
Using the default atime setting in this way is particularly
interesting for applications built to run in restricted userspace
environments without /proc mounted, as the existing atime mount
options of a filesystem can not be read from /proc/mounts.
In practice this fixes user space that uses the default atime
setting on remount that are broken by the permission checks
keeping less privileged users from changing more privileged users
atime settings.
Cc: stable@vger.kernel.org
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/namespace.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/namespace.c b/fs/namespace.c
index dd9c93b5a9d5..7886176232c1 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2473,6 +2473,14 @@ long do_mount(const char *dev_name, const char *dir_name,
if (flags & MS_RDONLY)
mnt_flags |= MNT_READONLY;
+ /* The default atime for remount is preservation */
+ if ((flags & MS_REMOUNT) &&
+ ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
+ MS_STRICTATIME)) == 0)) {
+ mnt_flags &= ~MNT_ATIME_MASK;
+ mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
+ }
+
flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
--
2.0.4
From db181ce011e3c033328608299cd6fac06ea50130 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 29 Jul 2014 15:50:44 -0700
Subject: [PATCH 5/5] mnt: Add tests for unprivileged remount cases that have
found to be faulty
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
read-only bind mount read-only in a user namespace the
MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
to the remount a read-only mount read-write.
Upon review of the code in remount it was discovered that the code allowed
nosuid, noexec, and nodev to be cleared. It was also discovered that
the code was allowing the per mount atime flags to be changed.
The first naive patch to fix these issues contained the flaw that using
default atime settings when remounting a filesystem could be disallowed.
To avoid this problems in the future add tests to ensure unprivileged
remounts are succeeding and failing at the appropriate times.
Cc: stable@vger.kernel.org
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/mount/Makefile | 17 ++
.../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++
3 files changed, 260 insertions(+)
create mode 100644 tools/testing/selftests/mount/Makefile
create mode 100644 tools/testing/selftests/mount/unprivileged-remount-test.c
diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
index e66e710cc595..0a8a9db43d34 100644
--- a/tools/testing/selftests/Makefile
+++ b/tools/testing/selftests/Makefile
@@ -4,6 +4,7 @@ TARGETS += efivarfs
TARGETS += kcmp
TARGETS += memory-hotplug
TARGETS += mqueue
+TARGETS += mount
TARGETS += net
TARGETS += ptrace
TARGETS += timers
diff --git a/tools/testing/selftests/mount/Makefile b/tools/testing/selftests/mount/Makefile
new file mode 100644
index 000000000000..337d853c2b72
--- /dev/null
+++ b/tools/testing/selftests/mount/Makefile
@@ -0,0 +1,17 @@
+# Makefile for mount selftests.
+
+all: unprivileged-remount-test
+
+unprivileged-remount-test: unprivileged-remount-test.c
+ gcc -Wall -O2 unprivileged-remount-test.c -o unprivileged-remount-test
+
+# Allow specific tests to be selected.
+test_unprivileged_remount: unprivileged-remount-test
+ @if [ -f /proc/self/uid_map ] ; then ./unprivileged-remount-test ; fi
+
+run_tests: all test_unprivileged_remount
+
+clean:
+ rm -f unprivileged-remount-test
+
+.PHONY: all test_unprivileged_remount
diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
new file mode 100644
index 000000000000..1b3ff2fda4d0
--- /dev/null
+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
@@ -0,0 +1,242 @@
+#define _GNU_SOURCE
+#include <sched.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+#include <sys/wait.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <stdbool.h>
+#include <stdarg.h>
+
+#ifndef CLONE_NEWNS
+# define CLONE_NEWNS 0x00020000
+#endif
+#ifndef CLONE_NEWUTS
+# define CLONE_NEWUTS 0x04000000
+#endif
+#ifndef CLONE_NEWIPC
+# define CLONE_NEWIPC 0x08000000
+#endif
+#ifndef CLONE_NEWNET
+# define CLONE_NEWNET 0x40000000
+#endif
+#ifndef CLONE_NEWUSER
+# define CLONE_NEWUSER 0x10000000
+#endif
+#ifndef CLONE_NEWPID
+# define CLONE_NEWPID 0x20000000
+#endif
+
+#ifndef MS_RELATIME
+#define MS_RELATIME (1 << 21)
+#endif
+#ifndef MS_STRICTATIME
+#define MS_STRICTATIME (1 << 24)
+#endif
+
+static void die(char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ exit(EXIT_FAILURE);
+}
+
+static void write_file(char *filename, char *fmt, ...)
+{
+ char buf[4096];
+ int fd;
+ ssize_t written;
+ int buf_len;
+ va_list ap;
+
+ va_start(ap, fmt);
+ buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ if (buf_len < 0) {
+ die("vsnprintf failed: %s\n",
+ strerror(errno));
+ }
+ if (buf_len >= sizeof(buf)) {
+ die("vsnprintf output truncated\n");
+ }
+
+ fd = open(filename, O_WRONLY);
+ if (fd < 0) {
+ die("open of %s failed: %s\n",
+ filename, strerror(errno));
+ }
+ written = write(fd, buf, buf_len);
+ if (written != buf_len) {
+ if (written >= 0) {
+ die("short write to %s\n", filename);
+ } else {
+ die("write to %s failed: %s\n",
+ filename, strerror(errno));
+ }
+ }
+ if (close(fd) != 0) {
+ die("close of %s failed: %s\n",
+ filename, strerror(errno));
+ }
+}
+
+static void create_and_enter_userns(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = getuid();
+ gid = getgid();
+
+ if (unshare(CLONE_NEWUSER) !=0) {
+ die("unshare(CLONE_NEWUSER) failed: %s\n",
+ strerror(errno));
+ }
+
+ write_file("/proc/self/uid_map", "0 %d 1", uid);
+ write_file("/proc/self/gid_map", "0 %d 1", gid);
+
+ if (setgroups(0, NULL) != 0) {
+ die("setgroups failed: %s\n",
+ strerror(errno));
+ }
+ if (setgid(0) != 0) {
+ die ("setgid(0) failed %s\n",
+ strerror(errno));
+ }
+ if (setuid(0) != 0) {
+ die("setuid(0) failed %s\n",
+ strerror(errno));
+ }
+}
+
+static
+bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
+{
+ pid_t child;
+
+ child = fork();
+ if (child == -1) {
+ die("fork failed: %s\n",
+ strerror(errno));
+ }
+ if (child != 0) { /* parent */
+ pid_t pid;
+ int status;
+ pid = waitpid(child, &status, 0);
+ if (pid == -1) {
+ die("waitpid failed: %s\n",
+ strerror(errno));
+ }
+ if (pid != child) {
+ die("waited for %d got %d\n",
+ child, pid);
+ }
+ if (!WIFEXITED(status)) {
+ die("child did not terminate cleanly\n");
+ }
+ return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
+ }
+
+ create_and_enter_userns();
+ if (unshare(CLONE_NEWNS) != 0) {
+ die("unshare(CLONE_NEWNS) failed: %s\n",
+ strerror(errno));
+ }
+
+ if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) {
+ die("mount of /tmp failed: %s\n",
+ strerror(errno));
+ }
+
+ create_and_enter_userns();
+
+ if (unshare(CLONE_NEWNS) != 0) {
+ die("unshare(CLONE_NEWNS) failed: %s\n",
+ strerror(errno));
+ }
+
+ if (mount("/tmp", "/tmp", "none",
+ MS_REMOUNT | MS_BIND | remount_flags, NULL) != 0) {
+ /* system("cat /proc/self/mounts"); */
+ die("remount of /tmp failed: %s\n",
+ strerror(errno));
+ }
+
+ if (mount("/tmp", "/tmp", "none",
+ MS_REMOUNT | MS_BIND | invalid_flags, NULL) == 0) {
+ /* system("cat /proc/self/mounts"); */
+ die("remount of /tmp with invalid flags "
+ "succeeded unexpectedly\n");
+ }
+ exit(EXIT_SUCCESS);
+}
+
+static bool test_unpriv_remount_simple(int mount_flags)
+{
+ return test_unpriv_remount(mount_flags, mount_flags, 0);
+}
+
+static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags)
+{
+ return test_unpriv_remount(mount_flags, mount_flags, invalid_flags);
+}
+
+int main(int argc, char **argv)
+{
+ if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) {
+ die("MS_RDONLY malfunctions\n");
+ }
+ if (!test_unpriv_remount_simple(MS_NODEV)) {
+ die("MS_NODEV malfunctions\n");
+ }
+ if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) {
+ die("MS_NOSUID malfunctions\n");
+ }
+ if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) {
+ die("MS_NOEXEC malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_STRICTATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV,
+ MS_STRICTATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV,
+ MS_STRICTATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("Default atime malfunctions\n");
+ }
+ return EXIT_SUCCESS;
+}
--
2.0.4

View File

@ -0,0 +1,77 @@
From 86b73a312f2d997ba0518674a221e026f127acd3 Mon Sep 17 00:00:00 2001
From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Sat, 16 Aug 2014 12:36:46 -0700
Subject: [PATCH] nfs: fix kernel warning when removing proc entry
I saw the following kernel warning:
[ 1852.321222] ------------[ cut here ]------------
[ 1852.326527] WARNING: CPU: 0 PID: 118 at fs/proc/generic.c:521 remove_proc_entry+0x154/0x16b()
[ 1852.335630] remove_proc_entry: removing non-empty directory 'fs/nfsfs', leaking at least 'volumes'
[ 1852.344084] CPU: 0 PID: 118 Comm: kworker/u8:2 Not tainted 3.16.0+ #540
[ 1852.350036] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1852.354992] Workqueue: netns cleanup_net
[ 1852.358701] 0000000000000000 ffff880116f2fbd0 ffffffff819c03e9 ffff880116f2fc18
[ 1852.366474] ffff880116f2fc08 ffffffff810744ee ffffffff811e0e6e ffff8800d4e96238
[ 1852.373507] ffffffff81dbe665 ffff8800d46a5948 0000000000000005 ffff880116f2fc68
[ 1852.380224] Call Trace:
[ 1852.381976] [<ffffffff819c03e9>] dump_stack+0x4d/0x66
[ 1852.385495] [<ffffffff810744ee>] warn_slowpath_common+0x7a/0x93
[ 1852.389869] [<ffffffff811e0e6e>] ? remove_proc_entry+0x154/0x16b
[ 1852.393987] [<ffffffff8107457b>] warn_slowpath_fmt+0x4c/0x4e
[ 1852.397999] [<ffffffff811e0e6e>] remove_proc_entry+0x154/0x16b
[ 1852.402034] [<ffffffff8129c73d>] nfs_fs_proc_net_exit+0x53/0x56
[ 1852.406136] [<ffffffff812a103b>] nfs_net_exit+0x12/0x1d
[ 1852.409774] [<ffffffff81785bc9>] ops_exit_list+0x44/0x55
[ 1852.413529] [<ffffffff81786389>] cleanup_net+0xee/0x182
[ 1852.417198] [<ffffffff81088c9e>] process_one_work+0x209/0x40d
[ 1852.502320] [<ffffffff81088bf7>] ? process_one_work+0x162/0x40d
[ 1852.587629] [<ffffffff810890c1>] worker_thread+0x1f0/0x2c7
[ 1852.673291] [<ffffffff81088ed1>] ? process_scheduled_works+0x2f/0x2f
[ 1852.759470] [<ffffffff8108e079>] kthread+0xc9/0xd1
[ 1852.843099] [<ffffffff8109427f>] ? finish_task_switch+0x3a/0xce
[ 1852.926518] [<ffffffff8108dfb0>] ? __kthread_parkme+0x61/0x61
[ 1853.008565] [<ffffffff819cbeac>] ret_from_fork+0x7c/0xb0
[ 1853.076477] [<ffffffff8108dfb0>] ? __kthread_parkme+0x61/0x61
[ 1853.140653] ---[ end trace 69c4c6617f78e32d ]---
It looks wrong that we add "/proc/net/nfsfs" in nfs_fs_proc_net_init()
while remove "/proc/fs/nfsfs" in nfs_fs_proc_net_exit().
Bugzilla: 1132368
Upstream-status: Sent for 3.17-rcX
Fixes: commit 65b38851a17 (NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes)
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Dan Aloni <dan@kernelim.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
---
fs/nfs/client.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 1c5ff6d58385..c117b96c7da9 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -1418,7 +1418,7 @@ int nfs_fs_proc_net_init(struct net *net)
error_2:
remove_proc_entry("servers", nn->proc_nfsfs);
error_1:
- remove_proc_entry("fs/nfsfs", NULL);
+ remove_proc_entry("nfsfs", net->proc_net);
error_0:
return -ENOMEM;
}
@@ -1429,7 +1429,7 @@ void nfs_fs_proc_net_exit(struct net *net)
remove_proc_entry("volumes", nn->proc_nfsfs);
remove_proc_entry("servers", nn->proc_nfsfs);
- remove_proc_entry("fs/nfsfs", NULL);
+ remove_proc_entry("nfsfs", net->proc_net);
}
/*
--
1.9.3

View File

@ -1,11 +1,19 @@
From 4152c0892d275b0109d7b38f7dbb274cdcedd9e1 Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Thu, 29 Jul 2010 16:46:31 -0700
Subject: [PATCH] no pcspkr modalias
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/input/misc/pcspkr.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/input/misc/pcspkr.c b/drivers/input/misc/pcspkr.c
index 34f4d2e..3e40c70 100644
index 674a2cfc3c0e..9a2807227c69 100644
--- a/drivers/input/misc/pcspkr.c
+++ b/drivers/input/misc/pcspkr.c
@@ -24,7 +24,6 @@
@@ -23,7 +23,6 @@
MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
MODULE_DESCRIPTION("PC Speaker beeper driver");
MODULE_LICENSE("GPL");
@ -13,3 +21,6 @@ index 34f4d2e..3e40c70 100644
static int pcspkr_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
{
--
1.9.3

View File

@ -0,0 +1,31 @@
From b4d5b24ff5ec0808968c393021ce88cbddce9fa3 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kmcmarti@redhat.com>
Date: Mon, 2 Jun 2014 15:11:01 -0400
Subject: [PATCH] perf: install trace-event plugins
perf hardcodes $libdir to be lib for all but x86_64, so kludge around it
until upstream gets their act together.
---
tools/perf/config/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
index 86c21a24da46..bf0fe97bd358 100644
--- a/tools/perf/config/Makefile
+++ b/tools/perf/config/Makefile
@@ -642,8 +642,12 @@ endif
ifeq ($(IS_X86_64),1)
lib = lib64
else
+ifdef MULTILIBDIR
+lib = $(MULTILIBDIR)
+else
lib = lib
endif
+endif
libdir = $(prefix)/$(lib)
# Shell quote (do not use $(call) to accommodate ancient setups);
--
1.9.3

View File

@ -1,17 +0,0 @@
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
index 802cf54..7f30bfa 100644
--- a/tools/perf/config/Makefile
+++ b/tools/perf/config/Makefile
@@ -621,8 +621,12 @@ endif
ifeq ($(IS_X86_64),1)
lib = lib64
else
+ifdef MULTILIBDIR
+lib = $(MULTILIBDIR)
+else
lib = lib
endif
+endif
libdir = $(prefix)/$(lib)
# Shell quote (do not use $(call) to accommodate ancient setups);

View File

@ -0,0 +1,38 @@
From 29486eeff20681c8523bf86915358c0790a2b7a0 Mon Sep 17 00:00:00 2001
From: Pantelis Antoniou <panto@antoniou-consulting.com>
Date: Sat, 15 Sep 2012 12:00:41 +0300
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
When using pinctrl-single to handle i2c initialization, it has
to be done early. Whether this is the best way to do so, is an
exercise left to the reader.
---
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index 95dd9cf55cb3..800fc34d7ea9 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -2012,7 +2012,17 @@ static struct platform_driver pcs_driver = {
#endif
};
-module_platform_driver(pcs_driver);
+static int __init pcs_init(void)
+{
+ return platform_driver_register(&pcs_driver);
+}
+postcore_initcall(pcs_init);
+
+static void __exit pcs_exit(void)
+{
+ platform_driver_unregister(&pcs_driver);
+}
+module_exit(pcs_exit);
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
--
1.9.3

12
ppc64-fixtools.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/tools/perf/arch/powerpc/util/skip-callchain-idx.c b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
index a7c23a4..d73ef8b 100644
--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c
+++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
@@ -15,6 +15,7 @@
#include "util/thread.h"
#include "util/callchain.h"
+#include "util/debug.h"
/*
* When saving the callchain on Power, the kernel conservatively saves

View File

@ -0,0 +1,100 @@
From cfbd9cc79483f4c8fb9c061724249136757ab727 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 27 Jun 2014 18:46:42 +0200
Subject: [PATCH] psmouse: Add psmouse_matches_pnp_id helper function
The matches_pnp_id function from the synaptics driver is useful for other
drivers too. Make it a generic psmouse helper function.
Bugzilla: 1110011
Upstream-status: sent for 3.17/3.18
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/input/mouse/psmouse-base.c | 14 ++++++++++++++
drivers/input/mouse/psmouse.h | 1 +
drivers/input/mouse/synaptics.c | 17 +++--------------
3 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
index b4e1f014ddc2..02e68c3008a3 100644
--- a/drivers/input/mouse/psmouse-base.c
+++ b/drivers/input/mouse/psmouse-base.c
@@ -462,6 +462,20 @@ static int psmouse_poll(struct psmouse *psmouse)
PSMOUSE_CMD_POLL | (psmouse->pktsize << 8));
}
+/*
+ * psmouse_matches_pnp_id - check if psmouse matches one of the passed in ids.
+ */
+bool psmouse_matches_pnp_id(struct psmouse *psmouse, const char * const ids[])
+{
+ int i;
+
+ if (!strncmp(psmouse->ps2dev.serio->firmware_id, "PNP:", 4))
+ for (i = 0; ids[i]; i++)
+ if (strstr(psmouse->ps2dev.serio->firmware_id, ids[i]))
+ return true;
+
+ return false;
+}
/*
* Genius NetMouse magic init.
diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h
index 2f0b39d59a9b..f4cf664c7db3 100644
--- a/drivers/input/mouse/psmouse.h
+++ b/drivers/input/mouse/psmouse.h
@@ -108,6 +108,7 @@ void psmouse_set_resolution(struct psmouse *psmouse, unsigned int resolution);
psmouse_ret_t psmouse_process_byte(struct psmouse *psmouse);
int psmouse_activate(struct psmouse *psmouse);
int psmouse_deactivate(struct psmouse *psmouse);
+bool psmouse_matches_pnp_id(struct psmouse *psmouse, const char * const ids[]);
struct psmouse_attribute {
struct device_attribute dattr;
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
index fd23181c1fb7..6394d9b5bfd3 100644
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -185,18 +185,6 @@ static const char * const topbuttonpad_pnp_ids[] = {
NULL
};
-static bool matches_pnp_id(struct psmouse *psmouse, const char * const ids[])
-{
- int i;
-
- if (!strncmp(psmouse->ps2dev.serio->firmware_id, "PNP:", 4))
- for (i = 0; ids[i]; i++)
- if (strstr(psmouse->ps2dev.serio->firmware_id, ids[i]))
- return true;
-
- return false;
-}
-
/*****************************************************************************
* Synaptics communications functions
****************************************************************************/
@@ -362,7 +350,8 @@ static int synaptics_resolution(struct psmouse *psmouse)
}
for (i = 0; min_max_pnpid_table[i].pnp_ids; i++) {
- if (matches_pnp_id(psmouse, min_max_pnpid_table[i].pnp_ids)) {
+ if (psmouse_matches_pnp_id(psmouse,
+ min_max_pnpid_table[i].pnp_ids)) {
priv->x_min = min_max_pnpid_table[i].x_min;
priv->x_max = min_max_pnpid_table[i].x_max;
priv->y_min = min_max_pnpid_table[i].y_min;
@@ -1492,7 +1481,7 @@ static void set_input_params(struct psmouse *psmouse,
if (SYN_CAP_CLICKPAD(priv->ext_cap_0c)) {
__set_bit(INPUT_PROP_BUTTONPAD, dev->propbit);
- if (matches_pnp_id(psmouse, topbuttonpad_pnp_ids))
+ if (psmouse_matches_pnp_id(psmouse, topbuttonpad_pnp_ids))
__set_bit(INPUT_PROP_TOPBUTTONPAD, dev->propbit);
/* Clickpads report only left button */
__clear_bit(BTN_RIGHT, dev->keybit);
--
1.9.3

View File

@ -0,0 +1,158 @@
From 9f60e7ea169aff31a737ef1be3ed8cfe11eab8d3 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 27 Jun 2014 18:50:33 +0200
Subject: [PATCH] psmouse: Add support for detecting FocalTech PS/2 touchpads
The Asus X450 and X550 laptops use a PS/2 touchpad from a new manufacturer
called FocalTech:
https://bugzilla.kernel.org/show_bug.cgi?id=77391
https://bugzilla.redhat.com/show_bug.cgi?id=1110011
The protocol for these devices is not known at this time, but even without
knowing the protocol they need some special handling. They get upset by some
of our other PS/2 device probing, and once upset generate random mouse events
making things unusable even with an external mouse.
This patch adds detection of these devices based on their pnp ids, and when
they are detected, treats them as a bare ps/2 mouse. Doing things this way
they at least work in their ps/2 mouse emulation mode.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/input/mouse/Makefile | 2 +-
drivers/input/mouse/focaltech.c | 44 ++++++++++++++++++++++++++++++++++++++
drivers/input/mouse/focaltech.h | 21 ++++++++++++++++++
drivers/input/mouse/psmouse-base.c | 10 +++++++++
4 files changed, 76 insertions(+), 1 deletion(-)
create mode 100644 drivers/input/mouse/focaltech.c
create mode 100644 drivers/input/mouse/focaltech.h
diff --git a/drivers/input/mouse/Makefile b/drivers/input/mouse/Makefile
index c25efdb3f288..dda507f8b3a2 100644
--- a/drivers/input/mouse/Makefile
+++ b/drivers/input/mouse/Makefile
@@ -23,7 +23,7 @@ obj-$(CONFIG_MOUSE_SYNAPTICS_I2C) += synaptics_i2c.o
obj-$(CONFIG_MOUSE_SYNAPTICS_USB) += synaptics_usb.o
obj-$(CONFIG_MOUSE_VSXXXAA) += vsxxxaa.o
-psmouse-objs := psmouse-base.o synaptics.o
+psmouse-objs := psmouse-base.o synaptics.o focaltech.o
psmouse-$(CONFIG_MOUSE_PS2_ALPS) += alps.o
psmouse-$(CONFIG_MOUSE_PS2_ELANTECH) += elantech.o
diff --git a/drivers/input/mouse/focaltech.c b/drivers/input/mouse/focaltech.c
new file mode 100644
index 000000000000..d83a23554d63
--- /dev/null
+++ b/drivers/input/mouse/focaltech.c
@@ -0,0 +1,44 @@
+/*
+ * Focaltech TouchPad PS/2 mouse driver
+ *
+ * Copyright (c) 2014 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Red Hat authors:
+ *
+ * Hans de Goede <hdegoede@redhat.com>
+ */
+
+/*
+ * The Focaltech PS/2 touchpad protocol is unknown. This drivers deals with
+ * detection only, to avoid further detection attempts confusing the touchpad
+ * this way it at least works in PS/2 mouse compatibility mode.
+ */
+
+#include <linux/device.h>
+#include <linux/libps2.h>
+#include "psmouse.h"
+
+static const char * const focaltech_pnp_ids[] = {
+ "FLT0101",
+ "FLT0102",
+ "FLT0103",
+ NULL
+};
+
+int focaltech_detect(struct psmouse *psmouse, bool set_properties)
+{
+ if (!psmouse_matches_pnp_id(psmouse, focaltech_pnp_ids))
+ return -ENODEV;
+
+ if (set_properties) {
+ psmouse->vendor = "FocalTech";
+ psmouse->name = "FocalTech Touchpad in mouse emulation mode";
+ }
+
+ return 0;
+}
diff --git a/drivers/input/mouse/focaltech.h b/drivers/input/mouse/focaltech.h
new file mode 100644
index 000000000000..0d0fc49451fe
--- /dev/null
+++ b/drivers/input/mouse/focaltech.h
@@ -0,0 +1,21 @@
+/*
+ * Focaltech TouchPad PS/2 mouse driver
+ *
+ * Copyright (c) 2014 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Red Hat authors:
+ *
+ * Hans de Goede <hdegoede@redhat.com>
+ */
+
+#ifndef _FOCALTECH_H
+#define _FOCALTECH_H
+
+int focaltech_detect(struct psmouse *psmouse, bool set_properties);
+
+#endif
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
index 02e68c3008a3..2c8c8e2172a2 100644
--- a/drivers/input/mouse/psmouse-base.c
+++ b/drivers/input/mouse/psmouse-base.c
@@ -35,6 +35,7 @@
#include "elantech.h"
#include "sentelic.h"
#include "cypress_ps2.h"
+#include "focaltech.h"
#define DRIVER_DESC "PS/2 mouse driver"
@@ -722,6 +723,13 @@ static int psmouse_extensions(struct psmouse *psmouse,
{
bool synaptics_hardware = false;
+/* Always check for focaltech, this is safe as it uses pnp-id matching */
+ if (psmouse_do_detect(focaltech_detect, psmouse, set_properties) == 0) {
+ /* Not supported yet, use bare protocol */
+ psmouse_max_proto = max_proto = PSMOUSE_PS2;
+ goto reset_to_defaults;
+ }
+
/*
* We always check for lifebook because it does not disturb mouse
* (it only checks DMI information).
@@ -873,6 +881,8 @@ static int psmouse_extensions(struct psmouse *psmouse,
}
}
+reset_to_defaults:
+
/*
* Reset to defaults in case the device got confused by extended
* protocol probes. Note that we follow up with full reset because
--
1.9.3

View File

@ -1,40 +0,0 @@
Bugzilla: N/A
Upstream-status: Sent upstream
This reverts commit 1b2faaf7e219fc2905d75afcd4c815e5d39eda80.
The Intuos4 series presents a bug in which it hangs if it receives
a set feature command while switching to the enhanced mode.
This bug is triggered when plugging an Intuos 4 while having
a gnome user session up and running.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>
---
Hi Aris,
actually, you bisected the bug, so can I consider that I have your signed-off-by?
Cheers,
Benjamin
drivers/input/tablet/wacom_sys.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/input/tablet/wacom_sys.c b/drivers/input/tablet/wacom_sys.c
index 7087b33..319a3ff 100644
--- a/drivers/input/tablet/wacom_sys.c
+++ b/drivers/input/tablet/wacom_sys.c
@@ -536,6 +536,9 @@ static int wacom_set_device_mode(struct usb_interface *intf, int report_id, int
error = wacom_set_report(intf, WAC_HID_FEATURE_REPORT,
report_id, rep_data, length, 1);
+ if (error >= 0)
+ error = wacom_get_report(intf, WAC_HID_FEATURE_REPORT,
+ report_id, rep_data, length, 1);
} while ((error < 0 || rep_data[1] != mode) && limit++ < WAC_MSG_RETRIES);
kfree(rep_data);
--
1.9.0

View File

@ -1,21 +1,19 @@
Bugzilla: 861573
Upstream-status: Waiting for feedback from reporter
From 2fa2078cdd4198b49c02cb03087158d398476463 Mon Sep 17 00:00:00 2001
From b918716b8ee213a9e4eba5a019c93b078e3df58c Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 2 Jun 2014 17:40:59 +0200
Subject: [PATCH 02/14] samsung-laptop: Add broken-acpi-video quirk for
NC210/NC110
Subject: [PATCH] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110
Reported (and tested) here:
https://bugzilla.redhat.com/show_bug.cgi?id=861573
Bugzilla: 861573
Upstream-status: Waiting for feedback from reporter
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/samsung-laptop.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c
index 5a5966512277..0d7954e0fc74 100644
--- a/drivers/platform/x86/samsung-laptop.c
@ -37,3 +35,6 @@ index 5a5966512277..0d7954e0fc74 100644
{ },
};
MODULE_DEVICE_TABLE(dmi, samsung_dmi_table);
--
1.9.3

View File

@ -1,115 +0,0 @@
Bugzilla: N/A
Upstream-status: Fedora mustard
From 9cdffb6980a2c573844b4b87f907da24d68fb916 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 14:02:09 -0400
Subject: [PATCH] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.com>
---
kernel/power/hibernate.c | 16 +++++++++++++++-
kernel/power/main.c | 7 ++++++-
kernel/power/user.c | 1 +
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index 49e0a20fd010..777eff68e8ef 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -29,6 +29,8 @@
#include <linux/ctype.h>
#include <linux/genhd.h>
#include <trace/events/power.h>
+#include <linux/module.h>
+#include <linux/efi.h>
#include "power.h"
@@ -642,6 +644,10 @@ int hibernate(void)
{
int error;
+ if (secure_modules()) {
+ return -EPERM;
+ }
+
lock_system_sleep();
/* The snapshot device should not be opened while we're running */
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
@@ -734,7 +740,7 @@ static int software_resume(void)
/*
* If the user said "noresume".. bail out early.
*/
- if (noresume)
+ if (noresume || secure_modules())
return 0;
/*
@@ -900,6 +906,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
int i;
char *start = buf;
+ if (efi_enabled(EFI_SECURE_BOOT)) {
+ buf += sprintf(buf, "[%s]\n", "disabled");
+ return buf-start;
+ }
+
for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
if (!hibernation_modes[i])
continue;
@@ -934,6 +945,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
char *p;
int mode = HIBERNATION_INVALID;
+ if (secure_modules())
+ return -EPERM;
+
p = memchr(buf, '\n', n);
len = p ? p - buf : n;
diff --git a/kernel/power/main.c b/kernel/power/main.c
index 573410d6647e..f5201093adc4 100644
--- a/kernel/power/main.c
+++ b/kernel/power/main.c
@@ -15,6 +15,7 @@
#include <linux/workqueue.h>
#include <linux/debugfs.h>
#include <linux/seq_file.h>
+#include <linux/efi.h>
#include "power.h"
@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
#endif
#ifdef CONFIG_HIBERNATION
- s += sprintf(s, "%s\n", "disk");
+ if (!efi_enabled(EFI_SECURE_BOOT)) {
+ s += sprintf(s, "%s\n", "disk");
+ } else {
+ s += sprintf(s, "\n");
+ }
#else
if (s != buf)
/* convert the last space to a newline */
diff --git a/kernel/power/user.c b/kernel/power/user.c
index efe99dee9510..5f5d1026f1e2 100644
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -25,6 +25,7 @@
#include <linux/cpu.h>
#include <linux/freezer.h>
#include <linux/module.h>
+#include <linux/efi.h>
#include <asm/uaccess.h>
--
1.9.3

View File

@ -1,16 +1,26 @@
From b03234b1664e0508e2170df5679fcbacec72f4a6 Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Fri, 10 Feb 2012 14:56:13 -0500
Subject: [PATCH] scsi: sd_revalidate_disk prevent NULL ptr deref
Bugzilla: 754518
Upstream-status: Fedora mustard (might be worth dropping...)
---
drivers/scsi/sd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 2c2041ca4b70..e10812d985af 100644
--- a/drivers/scsi/sd.c
+++ a/drivers/scsi/sd.c
@@ -2362,13 +2362,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
+++ b/drivers/scsi/sd.c
@@ -2749,13 +2749,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
static int sd_revalidate_disk(struct gendisk *disk)
{
struct scsi_disk *sdkp = scsi_disk(disk);
- struct scsi_device *sdp = sdkp->device;
+ struct scsi_device *sdp;
unsigned char *buffer;
unsigned flush = 0;
unsigned int max_xfer;
SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
"sd_revalidate_disk\n"));
@ -23,3 +33,6 @@ Upstream-status: Fedora mustard (might be worth dropping...)
/*
* If the device is offline, don't try and read capacity or any
* of the other niceties.
--
1.9.3

View File

@ -1,877 +0,0 @@
Bugzilla: N/A
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
From 952dbcbea4cffb1a05773af3b5f41e8ed477c5fe Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH 01/14] Add secure_modules() call
Provide a single call to allow kernel code to determine whether the system
has been configured to either disable module loading entirely or to load
only modules signed with a trusted key.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
include/linux/module.h | 7 +++++++
kernel/module.c | 10 ++++++++++
2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index f520a767c86c..fc9b54eb779e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -509,6 +509,8 @@ int unregister_module_notifier(struct notifier_block *nb);
extern void print_modules(void);
+extern bool secure_modules(void);
+
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
@@ -619,6 +621,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
static inline void print_modules(void)
{
}
+
+static inline bool secure_modules(void)
+{
+ return false;
+}
#endif /* CONFIG_MODULES */
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
index 81e727cf6df9..fc14f48915dd 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3843,3 +3843,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
+
+bool secure_modules(void)
+{
+#ifdef CONFIG_MODULE_SIG
+ return (sig_enforce || modules_disabled);
+#else
+ return modules_disabled;
+#endif
+}
+EXPORT_SYMBOL(secure_modules);
--
1.9.3
From 3b451a12e60a47d152ecce1c02634c4d7320b024 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
enabled
Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
kernel code, allowing them to circumvent disabled module loading or module
signing. Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/pci/pci-sysfs.c | 10 ++++++++++
drivers/pci/proc.c | 8 +++++++-
drivers/pci/syscall.c | 3 ++-
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 9ff0a901ecf7..8d0d5d92b8d9 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -30,6 +30,7 @@
#include <linux/vgaarb.h>
#include <linux/pm_runtime.h>
#include <linux/of.h>
+#include <linux/module.h>
#include "pci.h"
static int sysfs_initialized; /* = 0 */
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
loff_t init_off = off;
u8 *data = (u8 *) buf;
+ if (secure_modules())
+ return -EPERM;
+
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
resource_size_t start, end;
int i;
+ if (secure_modules())
+ return -EPERM;
+
for (i = 0; i < PCI_ROM_RESOURCE; i++)
if (res == &pdev->resource[i])
break;
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{
+ if (secure_modules())
+ return -EPERM;
+
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
}
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
index 3f155e78513f..4265ea07e3b0 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
int size = dev->cfg_size;
int cnt;
+ if (secure_modules())
+ return -EPERM;
+
if (pos >= size)
return 0;
if (nbytes >= size)
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
#endif /* HAVE_PCI_MMAP */
int ret = 0;
+ if (secure_modules())
+ return -EPERM;
+
switch (cmd) {
case PCIIOC_CONTROLLER:
ret = pci_domain_nr(dev->bus);
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
struct pci_filp_private *fpriv = file->private_data;
int i, ret;
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
/* Make sure the caller is mapping a real resource for this device */
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
index b91c4da68365..98f5637304d1 100644
--- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c
@@ -10,6 +10,7 @@
#include <linux/errno.h>
#include <linux/pci.h>
#include <linux/syscalls.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
#include "pci.h"
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
u32 dword;
int err = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
return -EPERM;
dev = pci_get_bus_and_slot(bus, dfn);
--
1.9.3
From 42a620055ac873fb378ec69731c7a2200f6779cc Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
enabled
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO register
space. This would potentially permit root to trigger arbitrary DMA, so lock
it down by default.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/ioport.c | 5 +++--
drivers/char/mem.c | 4 ++++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 4ddaf66ea35f..00b440307419 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -15,6 +15,7 @@
#include <linux/thread_info.h>
#include <linux/syscalls.h>
#include <linux/bitmap.h>
+#include <linux/module.h>
#include <asm/syscalls.h>
/*
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
return -EINVAL;
- if (turn_on && !capable(CAP_SYS_RAWIO))
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
return -EPERM;
/*
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 917403fe10da..cdf839f9defe 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -27,6 +27,7 @@
#include <linux/export.h>
#include <linux/io.h>
#include <linux/aio.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
unsigned long i = *ppos;
const char __user *tmp = buf;
+ if (secure_modules())
+ return -EPERM;
+
if (!access_ok(VERIFY_READ, buf, count))
return -EFAULT;
while (count-- > 0 && i < 65536) {
--
1.9.3
From 8019fb7c7b5f18b19f7c980987953680ee218c9f Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH 04/14] ACPI: Limit access to custom_method
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if any such restrictions have been enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/acpi/custom_method.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index c68e72414a67..4277938af700 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
struct acpi_table_header table;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
if (!(*ppos)) {
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
--
1.9.3
From bf84e9e1022b2d3d0c97ae48fb8b61e5336c50f8 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
loading is restricted
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
be manipulated in such a way that arbitrary code can be executed in the
kernel, circumventing module loading restrictions. Prevent that if any of
these features are enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/platform/x86/asus-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index 3c6ccedc82b6..960c46536c65 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1592,6 +1592,9 @@ static int show_dsts(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0)
@@ -1608,6 +1611,9 @@ static int show_devs(struct seq_file *m, void *data)
int err;
u32 retval = -1;
+ if (secure_modules())
+ return -EPERM;
+
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval);
@@ -1632,6 +1638,9 @@ static int show_call(struct seq_file *m, void *data)
union acpi_object *obj;
acpi_status status;
+ if (secure_modules())
+ return -EPERM;
+
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
1, asus->debug.method_id,
&input, &output);
--
1.9.3
From 9a56e8715d3b6dc84989997f34b6b5d407cabad2 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
restricted
Allowing users to write to address space makes it possible for the kernel
to be subverted, avoiding module loading restrictions. Prevent this when
any restrictions have been imposed on loading modules.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
drivers/char/mem.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index cdf839f9defe..c63cf93b00eb 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
if (p != *ppos)
return -EFBIG;
+ if (secure_modules())
+ return -EPERM;
+
if (!valid_phys_addr_range(p, count))
return -EFAULT;
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p);
--
1.9.3
From 8d6faa19bbbaa4df411becda7e40c4ea0684c134 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
loading is restricted
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules. Disable it in that case.
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
---
drivers/acpi/osl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index bad25b070fe0..0606585e8b93 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@
#include <linux/list.h>
#include <linux/jiffies.h>
#include <linux/semaphore.h>
+#include <linux/module.h>
#include <asm/io.h>
#include <asm/uaccess.h>
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
- if (acpi_rsdp)
+ if (acpi_rsdp && !secure_modules())
return acpi_rsdp;
#endif
--
1.9.3
From 1ff86ddea019f543f6668b56889f86811028f303 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
loading restrictions
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that module signing enforcement is meant to prevent. It makes
sense to disable kexec in this situation.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
kernel/kexec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 4b8f0c925884..df14daa323a9 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -34,6 +34,7 @@
#include <linux/syscore_ops.h>
#include <linux/compiler.h>
#include <linux/hugetlb.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -947,6 +948,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
+ if (secure_modules())
+ return -EPERM;
+
+ /*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
1.9.3
From 4d56368f1364b45c18067bab1d6abc5ce0f67183 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH 09/14] x86: Restrict MSR access when module loading is
restricted
Writing to MSRs should not be allowed if module loading is restricted,
since it could lead to execution of arbitrary code in kernel mode. Based
on a patch by Kees Cook.
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/msr.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index c9603ac80de5..8bef43fc3f40 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
ssize_t bytes = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (count % 8)
return -EINVAL; /* Invalid chunk size */
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
err = -EBADF;
break;
}
+ if (secure_modules()) {
+ err = -EPERM;
+ break;
+ }
if (copy_from_user(&regs, uregs, sizeof regs)) {
err = -EFAULT;
break;
--
1.9.3
From aab8ba85241a85a0b2ed622edd7874c74cafa496 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH 10/14] Add option to automatically enforce module signatures
when in Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that all kernel modules also be signed. Add a configuration option
that enforces this automatically when enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
Documentation/x86/zero-page.txt | 2 ++
arch/x86/Kconfig | 10 ++++++++++
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
arch/x86/kernel/setup.c | 6 ++++++
include/linux/module.h | 6 ++++++
kernel/module.c | 7 +++++++
7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 199f453cb4de..ec38acf00b40 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
(below)
+1EB/001 ALL kbd_status Numlock is enabled
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
1EF/001 ALL sentinel Used to detect broken bootloaders
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index d24887b645dc..870aac9520b3 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1557,6 +1557,16 @@ config EFI_MIXED
If unsure, say N.
+config EFI_SECURE_BOOT_SIG_ENFORCE
+ def_bool n
+ prompt "Force module signing when UEFI Secure Boot is enabled"
+ ---help---
+ UEFI Secure Boot provides a mechanism for ensuring that the
+ firmware will only load signed bootloaders and kernels. Certain
+ use cases may also require that all kernel modules also be signed.
+ Say Y here to automatically enable module signature enforcement
+ when a system boots with UEFI Secure Boot enabled.
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 0331d765c2bb..85defaf5a27c 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
#include <asm/efi.h>
#include <asm/setup.h>
#include <asm/desc.h>
+#include <asm/bootparam_utils.h>
#undef memcpy /* Use memcpy from misc.c */
@@ -809,6 +810,37 @@ out:
return status;
}
+static int get_secure_boot(void)
+{
+ u8 sb, setup;
+ unsigned long datasize = sizeof(sb);
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
+ efi_status_t status;
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (sb == 0)
+ return 0;
+
+
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"SetupMode", &var_guid, NULL, &datasize,
+ &setup);
+
+ if (status != EFI_SUCCESS)
+ return 0;
+
+ if (setup == 1)
+ return 0;
+
+ return 1;
+}
+
+
/*
* See if we have Graphics Output Protocol
*/
@@ -1372,6 +1404,10 @@ struct boot_params *efi_main(struct efi_config *c,
else
setup_boot_services32(efi_early);
+ sanitize_boot_params(boot_params);
+
+ boot_params->secure_boot = get_secure_boot();
+
setup_graphics(boot_params);
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 225b0988043a..90dbfb73e11f 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -133,7 +133,8 @@ struct boot_params {
__u8 eddbuf_entries; /* 0x1e9 */
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
__u8 kbd_status; /* 0x1eb */
- __u8 _pad5[3]; /* 0x1ec */
+ __u8 secure_boot; /* 0x1ec */
+ __u8 _pad5[2]; /* 0x1ed */
/*
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 78a0e6298922..8ecfec85e527 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
+ if (boot_params.secure_boot) {
+ enforce_signed_modules();
+ }
+#endif
+
/*
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index fc9b54eb779e..7377bc851461 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
struct notifier_block;
+#ifdef CONFIG_MODULE_SIG
+extern void enforce_signed_modules(void);
+#else
+static inline void enforce_signed_modules(void) {};
+#endif
+
#ifdef CONFIG_MODULES
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index fc14f48915dd..2d68d276f3b6 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3844,6 +3844,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
+#ifdef CONFIG_MODULE_SIG
+void enforce_signed_modules(void)
+{
+ sig_enforce = true;
+}
+#endif
+
bool secure_modules(void)
{
#ifdef CONFIG_MODULE_SIG
--
1.9.3
From eae8a80ddc185b3f233e2620dbfc6454b6f0c3a6 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH 11/14] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
MokSBState that does not have the runtime attribute set. Given that the
user explicitly disabled validation, we can honor that and not enable
secure boot mode if that variable is set.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 85defaf5a27c..b4013a4ba005 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -812,8 +812,9 @@ out:
static int get_secure_boot(void)
{
- u8 sb, setup;
+ u8 sb, setup, moksbstate;
unsigned long datasize = sizeof(sb);
+ u32 attr;
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
efi_status_t status;
@@ -837,6 +838,23 @@ static int get_secure_boot(void)
if (setup == 1)
return 0;
+ /* See if a user has put shim into insecure_mode. If so, and the variable
+ * doesn't have the runtime attribute set, we might as well honor that.
+ */
+ var_guid = EFI_SHIM_LOCK_GUID;
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
+ L"MokSBState", &var_guid, &attr, &datasize,
+ &moksbstate);
+
+ /* If it fails, we don't care why. Default to secure */
+ if (status != EFI_SUCCESS)
+ return 1;
+
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
+ if (moksbstate == 1)
+ return 0;
+ }
+
return 1;
}
--
1.9.3
From 9728a4f49b284b7354876e1d77174d5838306e21 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH 12/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
The functionality of the config option is dependent upon the platform being
UEFI based. Reflect this in the config deps.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 870aac9520b3..7aecd3f9f8ee 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1558,7 +1558,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE
- def_bool n
+ def_bool n
+ depends on EFI
prompt "Force module signing when UEFI Secure Boot is enabled"
---help---
UEFI Secure Boot provides a mechanism for ensuring that the
--
1.9.3
From 4211b4919b8ccecc4f4cdc0a46ead7294478b687 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 13/14] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
arch/x86/kernel/setup.c | 2 ++
include/linux/efi.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 8ecfec85e527..5ce785fc9f05 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
enforce_signed_modules();
+ pr_info("Secure boot enabled\n");
}
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 41bbf8ba4ba8..e73f391fd3c8 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -917,6 +917,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_MEMMAP 4 /* Can we use EFI memory map? */
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
#define EFI_ARCH_1 6 /* First arch-specific bit */
+#define EFI_SECURE_BOOT 7 /* Are we in Secure Boot mode? */
#ifdef CONFIG_EFI
/*
--
1.9.3
From 18b50c6f0597b606cb03cbd8a9fdef7478cb2b21 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH 14/14] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
kernel/power/hibernate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index fcc2611d3f14..61711801a9c4 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -28,6 +28,7 @@
#include <linux/syscore_ops.h>
#include <linux/ctype.h>
#include <linux/genhd.h>
+#include <linux/module.h>
#include <trace/events/power.h>
#include "power.h"
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
bool hibernation_available(void)
{
- return (nohibernate == 0);
+ return ((nohibernate == 0) && !secure_modules());
}
/**
--
1.9.3

View File

@ -1,11 +1,19 @@
From 2709025677a0af31e59e8ab60fa1b32dfd7057cc Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Thu, 29 Jul 2010 16:46:31 -0700
Subject: [PATCH] silence fbcon logo
Bugzilla: N/A
Upstream-status: Fedora mustard
---
drivers/video/console/fbcon.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
index 1657b96..4c5c2be 100644
index 57b1d44acbfe..31048a85713d 100644
--- a/drivers/video/console/fbcon.c
+++ b/drivers/video/console/fbcon.c
@@ -631,13 +631,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
@@ -638,13 +638,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
kfree(save);
}
@ -28,7 +36,7 @@ index 1657b96..4c5c2be 100644
}
}
#endif /* MODULE */
@@ -3489,6 +3491,14 @@ static int __init fb_console_init(void)
@@ -3625,6 +3627,14 @@ static int __init fb_console_init(void)
return 0;
}
@ -43,3 +51,6 @@ index 1657b96..4c5c2be 100644
module_init(fb_console_init);
#ifdef MODULE
--
1.9.3

View File

@ -1,3 +1,4 @@
5c569ed649a0c9711879f333e90c5386 linux-3.16.tar.xz
49868ce6467b35cd9ffea1120d129462 perf-man-3.16.tar.gz
926e6e2ee0634ce53730701da749b040 patch-3.16.2.xz
31ccda15a838f060966fe4674c703d46 patch-3.17-rc4.xz
b1a9732a1a1401b97712490123fcfb5f patch-3.17-rc4-git4.xz

View File

@ -1,10 +1,7 @@
Bugzilla: 971139
Upstream-status: Fedora mustard for now
From 17109685bfce322c73a816e097b137458fbd55ae Mon Sep 17 00:00:00 2001
From 0b054268cfba32175c108c27ccb0a913c472f389 Mon Sep 17 00:00:00 2001
From: Dave Jones <davej@redhat.com>
Date: Tue, 24 Jun 2014 08:43:34 -0400
Subject: [PATCH] Disable watchdog on virtual machines.
Subject: [PATCH] watchdog: Disable watchdog on virtual machines.
For various reasons, VMs seem to trigger the soft lockup detector a lot,
in cases where it's just not possible for a lockup to occur.
@ -15,13 +12,16 @@ the VM for a very long time (Could be the host was under heavy load).
Just disable the detector on VMs.
Bugzilla: 971139
Upstream-status: Fedora mustard for now
Signed-off-by: Dave Jones <davej@redhat.com>
---
kernel/watchdog.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index c3319bd1b040..0e3687675aaa 100644
index a8d6914030fe..d0a8c308170d 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -24,6 +24,7 @@
@ -65,7 +65,7 @@ index c3319bd1b040..0e3687675aaa 100644
/*
* Hard-lockup warnings should be triggered after just a few seconds. Soft-
* lockups can have false positives under extreme conditions. So we generally
@@ -641,6 +668,8 @@ out:
@@ -644,6 +671,8 @@ out:
void __init lockup_detector_init(void)
{

View File

@ -0,0 +1,71 @@
From 2fc4f31acaaf5d0c32cf7f2b85b1a348e9300660 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO register
space. This would potentially permit root to trigger arbitrary DMA, so lock
it down by default.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/ioport.c | 5 +++--
drivers/char/mem.c | 4 ++++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 4ddaf66ea35f..00b440307419 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -15,6 +15,7 @@
#include <linux/thread_info.h>
#include <linux/syscalls.h>
#include <linux/bitmap.h>
+#include <linux/module.h>
#include <asm/syscalls.h>
/*
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
return -EINVAL;
- if (turn_on && !capable(CAP_SYS_RAWIO))
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
return -EPERM;
/*
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 917403fe10da..cdf839f9defe 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -27,6 +27,7 @@
#include <linux/export.h>
#include <linux/io.h>
#include <linux/aio.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
unsigned long i = *ppos;
const char __user *tmp = buf;
+ if (secure_modules())
+ return -EPERM;
+
if (!access_ok(VERIFY_READ, buf, count))
return -EFAULT;
while (count-- > 0 && i < 65536) {
--
1.9.3

View File

@ -0,0 +1,43 @@
From 3b102b85e9730a71903dc45e0e7694fd0e6e5a8a Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
Writing to MSRs should not be allowed if module loading is restricted,
since it could lead to execution of arbitrary code in kernel mode. Based
on a patch by Kees Cook.
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
arch/x86/kernel/msr.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index c9603ac80de5..8bef43fc3f40 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
ssize_t bytes = 0;
+ if (secure_modules())
+ return -EPERM;
+
if (count % 8)
return -EINVAL; /* Invalid chunk size */
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
err = -EBADF;
break;
}
+ if (secure_modules()) {
+ err = -EPERM;
+ break;
+ }
if (copy_from_user(&regs, uregs, sizeof regs)) {
err = -EFAULT;
break;
--
1.9.3