Merge branch 'master' of ssh://pkgs.fedoraproject.org/kernel into baytrail
3.17 merge. Conflicts: Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch config-armv7 config-armv7-generic config-armv7-lpae config-nodebug kernel-arm64.patch kernel.spec secure-modules.patch sources
This commit is contained in:
commit
a18b584961
@ -1,138 +0,0 @@
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1021036
|
||||
Upstream-status: Send upstream for 3.17
|
||||
|
||||
From 0ad19912cb324f0a356a212433ec0b2a31f61acc Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 20 Jun 2014 10:29:16 +0200
|
||||
Subject: [PATCH] ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling
|
||||
|
||||
It seems that the same problems which lead to adding an rfkill blacklist and
|
||||
putting the Lenovo Yoga 2 11 on it are also present on the Lenovo Yoga 2 13
|
||||
and Lenovo Yoga 2 Pro too:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1021036
|
||||
https://forums.lenovo.com/t5/Linux-Discussion/Yoga-2-13-not-Pro-Linux-Warning/m-p/1517612
|
||||
|
||||
Testing has shown that the firmware rfkill settings are persistent over
|
||||
reboots. So blacklisting the driver is not good enough, if the wifi is blocked
|
||||
at the firmware level the wifi needs to be explictly unblocked through the
|
||||
ideapad-laptop interface.
|
||||
|
||||
And at least on the Lenovo Yoga 2 13 the VPCCMD_RF register which on devices
|
||||
with hardware kill switch reports the hardware switch state, needs to be
|
||||
explictly set to 1 (radio enabled / not blocked).
|
||||
|
||||
So this patch does 3 things to get proper rfkill handling on these models:
|
||||
|
||||
1) Instead of blacklisting the rfkill functionality, which means that people
|
||||
with a firmware blocked wifi get stuck in that situation, ignore the value
|
||||
reported by the not present hardware rfkill switch, as this is what is causing
|
||||
ideapad-laptop to wrongly report all radios as hardware blocks. But do register
|
||||
the rfkill interfaces so that the user can soft [un]block them.
|
||||
|
||||
2) On models without a hardware rfkill switch, explictly set VPCCMD_RF to 1
|
||||
|
||||
3) Drop the " 11" postfix from the dmi match string, as the entire Yoga 2
|
||||
series is affected.
|
||||
|
||||
Yoga 2 11:
|
||||
Reported-and-tested-by: Vincent Gerris <vgerris@gmail.com>
|
||||
|
||||
Yoga 2 13:
|
||||
Tested-by: madls05 <http://ubuntuforums.org/showthread.php?t=2215044>
|
||||
|
||||
Yoga 2 Pro:
|
||||
Reported-and-tested-by: Peter F. Patel-Schneider <pfpschneider@gmail.com>
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/ideapad-laptop.c | 41 +++++++++++++++++++++++------------
|
||||
1 file changed, 27 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
|
||||
index b4c495a..b0e3a2e 100644
|
||||
--- a/drivers/platform/x86/ideapad-laptop.c
|
||||
+++ b/drivers/platform/x86/ideapad-laptop.c
|
||||
@@ -87,6 +87,7 @@ struct ideapad_private {
|
||||
struct backlight_device *blightdev;
|
||||
struct dentry *debug;
|
||||
unsigned long cfg;
|
||||
+ bool has_hw_rfkill_switch;
|
||||
};
|
||||
|
||||
static bool no_bt_rfkill;
|
||||
@@ -473,12 +474,14 @@ static struct rfkill_ops ideapad_rfk_ops = {
|
||||
|
||||
static void ideapad_sync_rfk_state(struct ideapad_private *priv)
|
||||
{
|
||||
- unsigned long hw_blocked;
|
||||
+ unsigned long hw_blocked = 0;
|
||||
int i;
|
||||
|
||||
- if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
|
||||
- return;
|
||||
- hw_blocked = !hw_blocked;
|
||||
+ if (priv->has_hw_rfkill_switch) {
|
||||
+ if (read_ec_data(priv->adev->handle, VPCCMD_R_RF, &hw_blocked))
|
||||
+ return;
|
||||
+ hw_blocked = !hw_blocked;
|
||||
+ }
|
||||
|
||||
for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
|
||||
if (priv->rfk[i])
|
||||
@@ -821,14 +824,17 @@ static void ideapad_acpi_notify(acpi_handle handle, u32 event, void *data)
|
||||
}
|
||||
}
|
||||
|
||||
-/* Blacklist for devices where the ideapad rfkill interface does not work */
|
||||
-static struct dmi_system_id rfkill_blacklist[] = {
|
||||
- /* The Lenovo Yoga 2 11 always reports everything as blocked */
|
||||
+/*
|
||||
+ * Some ideapads don't have a hardware rfkill switch, reading VPCCMD_R_RF
|
||||
+ * always results in 0 on these models, causing ideapad_laptop to wrongly
|
||||
+ * report all radios as hardware-blocked.
|
||||
+ */
|
||||
+static struct dmi_system_id no_hw_rfkill_list[] = {
|
||||
{
|
||||
- .ident = "Lenovo Yoga 2 11",
|
||||
+ .ident = "Lenovo Yoga 2 11 / 13 / Pro",
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
- DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2 11"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 2"),
|
||||
},
|
||||
},
|
||||
{}
|
||||
@@ -856,6 +862,7 @@ static int ideapad_acpi_add(struct platform_device *pdev)
|
||||
priv->cfg = cfg;
|
||||
priv->adev = adev;
|
||||
priv->platform_device = pdev;
|
||||
+ priv->has_hw_rfkill_switch = !dmi_check_system(no_hw_rfkill_list);
|
||||
|
||||
ret = ideapad_sysfs_init(priv);
|
||||
if (ret)
|
||||
@@ -869,11 +876,17 @@ static int ideapad_acpi_add(struct platform_device *pdev)
|
||||
if (ret)
|
||||
goto input_failed;
|
||||
|
||||
- if (!dmi_check_system(rfkill_blacklist)) {
|
||||
- for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
|
||||
- if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
|
||||
- ideapad_register_rfkill(priv, i);
|
||||
- }
|
||||
+ /*
|
||||
+ * On some models without a hw-switch (the yoga 2 13 at least)
|
||||
+ * VPCCMD_W_RF must be explicitly set to 1 for the wifi to work.
|
||||
+ */
|
||||
+ if (!priv->has_hw_rfkill_switch)
|
||||
+ write_ec_cmd(priv->adev->handle, VPCCMD_W_RF, 1);
|
||||
+
|
||||
+ for (i = 0; i < IDEAPAD_RFKILL_DEV_NUM; i++)
|
||||
+ if (test_bit(ideapad_rfk_data[i].cfgbit, &priv->cfg))
|
||||
+ ideapad_register_rfkill(priv, i);
|
||||
+
|
||||
ideapad_sync_rfk_state(priv);
|
||||
ideapad_sync_touchpad_state(priv);
|
||||
|
||||
--
|
||||
2.0.0
|
||||
|
31
ACPI-Limit-access-to-custom_method.patch
Normal file
31
ACPI-Limit-access-to-custom_method.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 70b5ad494c01fce2f3d3284affaefa8f581b21e8 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
Disable it if any such restrictions have been enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/acpi/custom_method.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
||||
index c68e72414a67..4277938af700 100644
|
||||
--- a/drivers/acpi/custom_method.c
|
||||
+++ b/drivers/acpi/custom_method.c
|
||||
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||
struct acpi_table_header table;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
1.9.3
|
||||
|
32
ARM-tegra-usb-no-reset.patch
Normal file
32
ARM-tegra-usb-no-reset.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 4efca4da7b99c99095a6390d5f20aee30bdb6d67 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Thu, 3 May 2012 20:27:11 +0100
|
||||
Subject: [PATCH] ARM: tegra: usb no reset
|
||||
|
||||
Patch for disconnect issues with storage attached to a
|
||||
tegra-ehci controller
|
||||
---
|
||||
drivers/usb/core/hub.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
|
||||
index 46f5161c7891..be0877ff88b3 100644
|
||||
--- a/drivers/usb/core/hub.c
|
||||
+++ b/drivers/usb/core/hub.c
|
||||
@@ -5035,6 +5035,13 @@ static void hub_events(void)
|
||||
(u16) hub->change_bits[0],
|
||||
(u16) hub->event_bits[0]);
|
||||
|
||||
+ /* Don't disconnect USB-SATA on TrimSlice */
|
||||
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
|
||||
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
|
||||
+ (hub->event_bits[0] == 0x2))
|
||||
+ hub->event_bits[0] = 0;
|
||||
+ }
|
||||
+
|
||||
/* Lock the device, then check to see if we were
|
||||
* disconnected while waiting for the lock to succeed. */
|
||||
usb_lock_device(hdev);
|
||||
--
|
||||
1.9.3
|
||||
|
57
Add-EFI-signature-data-types.patch
Normal file
57
Add-EFI-signature-data-types.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From fefd3c3f983024a88af6e80f03d999ca5f9314e2 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||
Subject: [PATCH] Add EFI signature data types
|
||||
|
||||
Add the data types that are used for containing hashes, keys and certificates
|
||||
for cryptographic verification.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
include/linux/efi.h | 20 ++++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index ebe6a24cc1e1..5ce40e215f15 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -581,6 +581,12 @@ void efi_native_runtime_setup(void);
|
||||
#define DEVICE_TREE_GUID \
|
||||
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
|
||||
|
||||
+#define EFI_CERT_SHA256_GUID \
|
||||
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
|
||||
+
|
||||
+#define EFI_CERT_X509_GUID \
|
||||
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
@@ -796,6 +802,20 @@ typedef struct _efi_file_io_interface {
|
||||
|
||||
#define EFI_INVALID_TABLE_ADDR (~0UL)
|
||||
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_owner;
|
||||
+ u8 signature_data[];
|
||||
+} efi_signature_data_t;
|
||||
+
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_type;
|
||||
+ u32 signature_list_size;
|
||||
+ u32 signature_header_size;
|
||||
+ u32 signature_size;
|
||||
+ u8 signature_header[];
|
||||
+ /* efi_signature_data_t signatures[][] */
|
||||
+} efi_signature_list_t;
|
||||
+
|
||||
/*
|
||||
* All runtime access to EFI goes through this structure:
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
179
Add-an-EFI-signature-blob-parser-and-key-loader.patch
Normal file
179
Add-an-EFI-signature-blob-parser-and-key-loader.patch
Normal file
@ -0,0 +1,179 @@
|
||||
From 1e20708ec6d992ab178cc0c9cc6c51ae3b95f48d Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH] Add an EFI signature blob parser and key loader.
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
crypto/asymmetric_keys/Kconfig | 8 +++
|
||||
crypto/asymmetric_keys/Makefile | 1 +
|
||||
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
|
||||
include/linux/efi.h | 4 ++
|
||||
4 files changed, 122 insertions(+)
|
||||
create mode 100644 crypto/asymmetric_keys/efi_parser.c
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
|
||||
index 4870f28403f5..4a1b50d73b80 100644
|
||||
--- a/crypto/asymmetric_keys/Kconfig
|
||||
+++ b/crypto/asymmetric_keys/Kconfig
|
||||
@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION
|
||||
This option provides support for verifying the signature(s) on a
|
||||
signed PE binary.
|
||||
|
||||
+config EFI_SIGNATURE_LIST_PARSER
|
||||
+ bool "EFI signature list parser"
|
||||
+ depends on EFI
|
||||
+ select X509_CERTIFICATE_PARSER
|
||||
+ help
|
||||
+ This option provides support for parsing EFI signature lists for
|
||||
+ X.509 certificates and turning them into keys.
|
||||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index e47fcd9ac5e8..6512f6596785 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
|
||||
|
||||
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
|
||||
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
|
||||
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
|
||||
|
||||
#
|
||||
# X.509 Certificate handling
|
||||
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
|
||||
new file mode 100644
|
||||
index 000000000000..424896a0b169
|
||||
--- /dev/null
|
||||
+++ b/crypto/asymmetric_keys/efi_parser.c
|
||||
@@ -0,0 +1,109 @@
|
||||
+/* EFI signature/key/certificate list parser
|
||||
+ *
|
||||
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
||||
+ * Written by David Howells (dhowells@redhat.com)
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU General Public Licence
|
||||
+ * as published by the Free Software Foundation; either version
|
||||
+ * 2 of the Licence, or (at your option) any later version.
|
||||
+ */
|
||||
+
|
||||
+#define pr_fmt(fmt) "EFI: "fmt
|
||||
+#include <linux/module.h>
|
||||
+#include <linux/printk.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+
|
||||
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
|
||||
+
|
||||
+/**
|
||||
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
|
||||
+ * @data: The data blob to parse
|
||||
+ * @size: The size of the data blob
|
||||
+ * @keyring: The keyring to add extracted keys to
|
||||
+ */
|
||||
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
|
||||
+{
|
||||
+ unsigned offs = 0;
|
||||
+ size_t lsize, esize, hsize, elsize;
|
||||
+
|
||||
+ pr_devel("-->%s(,%zu)\n", __func__, size);
|
||||
+
|
||||
+ while (size > 0) {
|
||||
+ efi_signature_list_t list;
|
||||
+ const efi_signature_data_t *elem;
|
||||
+ key_ref_t key;
|
||||
+
|
||||
+ if (size < sizeof(list))
|
||||
+ return -EBADMSG;
|
||||
+
|
||||
+ memcpy(&list, data, sizeof(list));
|
||||
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
|
||||
+ offs,
|
||||
+ list.signature_type.b, list.signature_list_size,
|
||||
+ list.signature_header_size, list.signature_size);
|
||||
+
|
||||
+ lsize = list.signature_list_size;
|
||||
+ hsize = list.signature_header_size;
|
||||
+ esize = list.signature_size;
|
||||
+ elsize = lsize - sizeof(list) - hsize;
|
||||
+
|
||||
+ if (lsize > size) {
|
||||
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
|
||||
+ __func__, offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+ if (lsize < sizeof(list) ||
|
||||
+ lsize - sizeof(list) < hsize ||
|
||||
+ esize < sizeof(*elem) ||
|
||||
+ elsize < esize ||
|
||||
+ elsize % esize != 0) {
|
||||
+ pr_devel("- bad size combo @%x\n", offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+
|
||||
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
|
||||
+ data += lsize;
|
||||
+ size -= lsize;
|
||||
+ offs += lsize;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ data += sizeof(list) + hsize;
|
||||
+ size -= sizeof(list) + hsize;
|
||||
+ offs += sizeof(list) + hsize;
|
||||
+
|
||||
+ for (; elsize > 0; elsize -= esize) {
|
||||
+ elem = data;
|
||||
+
|
||||
+ pr_devel("ELEM[%04x]\n", offs);
|
||||
+
|
||||
+ key = key_create_or_update(
|
||||
+ make_key_ref(keyring, 1),
|
||||
+ "asymmetric",
|
||||
+ NULL,
|
||||
+ &elem->signature_data,
|
||||
+ esize - sizeof(*elem),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA |
|
||||
+ KEY_ALLOC_TRUSTED);
|
||||
+
|
||||
+ if (IS_ERR(key))
|
||||
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
|
||||
+ PTR_ERR(key));
|
||||
+ else
|
||||
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
|
||||
+ key_ref_to_ptr(key)->description,
|
||||
+ keyring->description);
|
||||
+
|
||||
+ data += esize;
|
||||
+ size -= esize;
|
||||
+ offs += esize;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 5ce40e215f15..41359e548bcb 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -906,6 +906,10 @@ extern bool efi_poweroff_required(void);
|
||||
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
|
||||
(md) = (void *)(md) + (m)->desc_size)
|
||||
|
||||
+struct key;
|
||||
+extern int __init parse_efi_signature_list(const void *data, size_t size,
|
||||
+ struct key *keyring);
|
||||
+
|
||||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
* @start: starting kvirt address
|
||||
--
|
||||
1.9.3
|
||||
|
186
Add-option-to-automatically-enforce-module-signature.patch
Normal file
186
Add-option-to-automatically-enforce-module-signature.patch
Normal file
@ -0,0 +1,186 @@
|
||||
From d9c97fea8a906281ee05486731746d648d8ff749 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
||||
Subject: [PATCH] Add option to automatically enforce module signatures when in
|
||||
Secure Boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
require that all kernel modules also be signed. Add a configuration option
|
||||
that enforces this automatically when enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
Documentation/x86/zero-page.txt | 2 ++
|
||||
arch/x86/Kconfig | 10 ++++++++++
|
||||
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
|
||||
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
|
||||
arch/x86/kernel/setup.c | 6 ++++++
|
||||
include/linux/module.h | 6 ++++++
|
||||
kernel/module.c | 7 +++++++
|
||||
7 files changed, 69 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||
index 199f453cb4de..ec38acf00b40 100644
|
||||
--- a/Documentation/x86/zero-page.txt
|
||||
+++ b/Documentation/x86/zero-page.txt
|
||||
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
|
||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||
(below)
|
||||
+1EB/001 ALL kbd_status Numlock is enabled
|
||||
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
|
||||
1EF/001 ALL sentinel Used to detect broken bootloaders
|
||||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||
2D0/A00 ALL e820_map E820 memory map table
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 778178f4c7d1..8899dc333793 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1565,6 +1565,16 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
+config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ def_bool n
|
||||
+ prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
+ ---help---
|
||||
+ UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
+ firmware will only load signed bootloaders and kernels. Certain
|
||||
+ use cases may also require that all kernel modules also be signed.
|
||||
+ Say Y here to automatically enable module signature enforcement
|
||||
+ when a system boots with UEFI Secure Boot enabled.
|
||||
+
|
||||
config SECCOMP
|
||||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index f277184e2ac1..88edd48f03e9 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <asm/efi.h>
|
||||
#include <asm/setup.h>
|
||||
#include <asm/desc.h>
|
||||
+#include <asm/bootparam_utils.h>
|
||||
|
||||
#undef memcpy /* Use memcpy from misc.c */
|
||||
|
||||
@@ -803,6 +804,37 @@ out:
|
||||
return status;
|
||||
}
|
||||
|
||||
+static int get_secure_boot(void)
|
||||
+{
|
||||
+ u8 sb, setup;
|
||||
+ unsigned long datasize = sizeof(sb);
|
||||
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
+ efi_status_t status;
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (sb == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SetupMode", &var_guid, NULL, &datasize,
|
||||
+ &setup);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (setup == 1)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*
|
||||
* See if we have Graphics Output Protocol
|
||||
*/
|
||||
@@ -1374,6 +1406,10 @@ struct boot_params *efi_main(struct efi_config *c,
|
||||
else
|
||||
setup_boot_services32(efi_early);
|
||||
|
||||
+ sanitize_boot_params(boot_params);
|
||||
+
|
||||
+ boot_params->secure_boot = get_secure_boot();
|
||||
+
|
||||
setup_graphics(boot_params);
|
||||
|
||||
status = setup_efi_pci(boot_params);
|
||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
||||
index 225b0988043a..90dbfb73e11f 100644
|
||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
||||
@@ -133,7 +133,8 @@ struct boot_params {
|
||||
__u8 eddbuf_entries; /* 0x1e9 */
|
||||
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
|
||||
__u8 kbd_status; /* 0x1eb */
|
||||
- __u8 _pad5[3]; /* 0x1ec */
|
||||
+ __u8 secure_boot; /* 0x1ec */
|
||||
+ __u8 _pad5[2]; /* 0x1ed */
|
||||
/*
|
||||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
||||
*
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 41ead8d3bc0b..5a5cf7395724 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
io_delay_init();
|
||||
|
||||
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ if (boot_params.secure_boot) {
|
||||
+ enforce_signed_modules();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
||||
*/
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 341a73ecea2e..cca08ac450e2 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
|
||||
struct notifier_block;
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+extern void enforce_signed_modules(void);
|
||||
+#else
|
||||
+static inline void enforce_signed_modules(void) {};
|
||||
+#endif
|
||||
+
|
||||
#ifdef CONFIG_MODULES
|
||||
|
||||
extern int modules_disabled; /* for sysctl */
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 1f7b4664300e..866417ecc76a 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3843,6 +3843,13 @@ void module_layout(struct module *mod,
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+void enforce_signed_modules(void)
|
||||
+{
|
||||
+ sig_enforce = true;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
bool secure_modules(void)
|
||||
{
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
--
|
||||
1.9.3
|
||||
|
64
Add-secure_modules-call.patch
Normal file
64
Add-secure_modules-call.patch
Normal file
@ -0,0 +1,64 @@
|
||||
From 3a2e996725c790c4a7db13246c312f3f5ed085e7 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
only modules signed with a trusted key.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
include/linux/module.h | 7 +++++++
|
||||
kernel/module.c | 10 ++++++++++
|
||||
2 files changed, 17 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 71f282a4e307..341a73ecea2e 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb);
|
||||
|
||||
extern void print_modules(void);
|
||||
|
||||
+extern bool secure_modules(void);
|
||||
+
|
||||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
/* Given an address, look for it in the exception tables. */
|
||||
@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
|
||||
static inline void print_modules(void)
|
||||
{
|
||||
}
|
||||
+
|
||||
+static inline bool secure_modules(void)
|
||||
+{
|
||||
+ return false;
|
||||
+}
|
||||
#endif /* CONFIG_MODULES */
|
||||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 03214bd288e9..1f7b4664300e 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3842,3 +3842,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
+
|
||||
+bool secure_modules(void)
|
||||
+{
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ return (sig_enforce || modules_disabled);
|
||||
+#else
|
||||
+ return modules_disabled;
|
||||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,11 +1,10 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
||||
From 603230771bdbca78e6530d29dbe8b239cdcc8473 Mon Sep 17 00:00:00 2001
|
||||
From 8e57a11b2016ad15653f55d2b0b799f94050cb8e Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@redhat.com>
|
||||
Date: Fri, 30 Aug 2013 09:28:51 -0400
|
||||
Subject: [PATCH] Add sysrq option to disable secure boot mode
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
arch/x86/kernel/setup.c | 36 ++++++++++++++++++++++++++++++++++++
|
||||
drivers/input/misc/uinput.c | 1 +
|
||||
@ -17,7 +16,7 @@ Subject: [PATCH] Add sysrq option to disable secure boot mode
|
||||
7 files changed, 65 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 5ce785fc9f05..2024cbb7169b 100644
|
||||
index fb282ff6a802..d291d16ba257 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -70,6 +70,11 @@
|
||||
@ -71,10 +70,10 @@ index 5ce785fc9f05..2024cbb7169b 100644
|
||||
.notifier_call = dump_kernel_offset
|
||||
};
|
||||
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
|
||||
index 856936247500..1e87a1ea704b 100644
|
||||
index 421e29e4cd81..61c1eb97806c 100644
|
||||
--- a/drivers/input/misc/uinput.c
|
||||
+++ b/drivers/input/misc/uinput.c
|
||||
@@ -353,6 +353,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
if (!udev->dev)
|
||||
return -ENOMEM;
|
||||
|
||||
@ -83,7 +82,7 @@ index 856936247500..1e87a1ea704b 100644
|
||||
input_set_drvdata(udev->dev, udev);
|
||||
|
||||
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
|
||||
index 454b65898e2c..19d67594a3b8 100644
|
||||
index 42bad18c66c9..496e073b09d7 100644
|
||||
--- a/drivers/tty/sysrq.c
|
||||
+++ b/drivers/tty/sysrq.c
|
||||
@@ -463,6 +463,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
@ -217,7 +216,7 @@ index 387fa7d05c98..4b07e30b3279 100644
|
||||
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
|
||||
struct sysrq_key_op *__sysrq_get_key_op(int key);
|
||||
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
|
||||
index 2f7c760305ca..abb29d9811af 100644
|
||||
index 379650b984f8..070f29fefdc2 100644
|
||||
--- a/kernel/debug/kdb/kdb_main.c
|
||||
+++ b/kernel/debug/kdb/kdb_main.c
|
||||
@@ -1924,7 +1924,7 @@ static int kdb_sr(int argc, const char **argv)
|
||||
@ -230,10 +229,10 @@ index 2f7c760305ca..abb29d9811af 100644
|
||||
|
||||
return 0;
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 452079124fb7..37dabbc1e902 100644
|
||||
index 866417ecc76a..d7ca95c5a349 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
|
||||
@@ -108,9 +108,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
|
||||
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
#ifdef CONFIG_MODULE_SIG_FORCE
|
47
HID-wacom-Add-support-for-the-Cintiq-Companion.patch
Normal file
47
HID-wacom-Add-support-for-the-Cintiq-Companion.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From bbe2ff3101aff1009fe9afbe17cb16a273797193 Mon Sep 17 00:00:00 2001
|
||||
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Date: Wed, 3 Sep 2014 15:43:25 -0400
|
||||
Subject: [PATCH] HID: wacom: Add support for the Cintiq Companion
|
||||
|
||||
The Wacom Cintiq Companion shares the same sensor than the Cintiq
|
||||
Companion Hybrid, with the exception of the different PIDs.
|
||||
|
||||
Bugzilla: 1134969
|
||||
Upstream-status: Queued for 3.18
|
||||
|
||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
---
|
||||
drivers/hid/wacom_wac.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
|
||||
index aa6a08eb7ad6..c3cbbfb5811f 100644
|
||||
--- a/drivers/hid/wacom_wac.c
|
||||
+++ b/drivers/hid/wacom_wac.c
|
||||
@@ -2573,6 +2573,14 @@ static const struct wacom_features wacom_features_0x309 =
|
||||
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
|
||||
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10,
|
||||
.check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
|
||||
+static const struct wacom_features wacom_features_0x30A =
|
||||
+ { "Wacom ISDv5 30A", 59352, 33648, 2047, 63,
|
||||
+ CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
|
||||
+static const struct wacom_features wacom_features_0x30C =
|
||||
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30A, .touch_max = 10,
|
||||
+ .check_for_hid_type = true, .hid_type = HID_TYPE_USBNONE };
|
||||
|
||||
#define USB_DEVICE_WACOM(prod) \
|
||||
HID_DEVICE(BUS_USB, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
|
||||
@@ -2708,6 +2716,8 @@ const struct hid_device_id wacom_ids[] = {
|
||||
{ USB_DEVICE_WACOM(0x304) },
|
||||
{ USB_DEVICE_WACOM(0x307) },
|
||||
{ USB_DEVICE_WACOM(0x309) },
|
||||
+ { USB_DEVICE_WACOM(0x30A) },
|
||||
+ { USB_DEVICE_WACOM(0x30C) },
|
||||
{ USB_DEVICE_WACOM(0x30E) },
|
||||
{ USB_DEVICE_WACOM(0x314) },
|
||||
{ USB_DEVICE_WACOM(0x315) },
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,46 +0,0 @@
|
||||
From bdfffc320102278edac2db5a397ffbfd89faeab3 Mon Sep 17 00:00:00 2001
|
||||
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Date: Wed, 3 Sep 2014 15:43:25 -0400
|
||||
Subject: [PATCH] Input: wacom: Add support for the Cintiq Companion
|
||||
|
||||
The Wacom Cintiq Companion shares the same sensor than the Cintiq
|
||||
Companion Hybrid, with the exception of the different PIDs.
|
||||
|
||||
Bugzilla: 1134969
|
||||
Upstream-status: Queued for 3.18
|
||||
|
||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
---
|
||||
drivers/input/tablet/wacom_wac.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/tablet/wacom_wac.c b/drivers/input/tablet/wacom_wac.c
|
||||
index e73cf2c71f35..7f6caf8c85fb 100644
|
||||
--- a/drivers/input/tablet/wacom_wac.c
|
||||
+++ b/drivers/input/tablet/wacom_wac.c
|
||||
@@ -2332,6 +2332,13 @@ static const struct wacom_features wacom_features_0x0307 =
|
||||
static const struct wacom_features wacom_features_0x0309 =
|
||||
{ "Wacom ISDv5 309", .type = WACOM_24HDT, /* Touch */
|
||||
.oVid = USB_VENDOR_ID_WACOM, .oPid = 0x0307, .touch_max = 10 };
|
||||
+static const struct wacom_features wacom_features_0x030A =
|
||||
+ { "Wacom ISDv5 30A", WACOM_PKGLEN_INTUOS, 59352, 33648, 2047,
|
||||
+ 63, CINTIQ_HYBRID, WACOM_INTUOS3_RES, WACOM_INTUOS3_RES, 200, 200,
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x30C };
|
||||
+static const struct wacom_features wacom_features_0x030C =
|
||||
+ { "Wacom ISDv5 30C", .type = WACOM_24HDT, /* Touch */
|
||||
+ .oVid = USB_VENDOR_ID_WACOM, .oPid = 0x030A, .touch_max = 10 };
|
||||
|
||||
#define USB_DEVICE_WACOM(prod) \
|
||||
USB_DEVICE(USB_VENDOR_ID_WACOM, prod), \
|
||||
@@ -2478,6 +2485,8 @@ const struct usb_device_id wacom_ids[] = {
|
||||
{ USB_DEVICE_WACOM(0xFA) },
|
||||
{ USB_DEVICE_WACOM(0xFB) },
|
||||
{ USB_DEVICE_WACOM(0x0307) },
|
||||
+ { USB_DEVICE_WACOM(0x030A) },
|
||||
+ { USB_DEVICE_DETAILED(0x030C, USB_CLASS_HID, 0, 0) },
|
||||
{ USB_DEVICE_DETAILED(0x0309, USB_CLASS_HID, 0, 0) },
|
||||
{ USB_DEVICE_LENOVO(0x6004) },
|
||||
{ }
|
||||
--
|
||||
1.9.3
|
||||
|
112
KEYS-Add-a-system-blacklist-keyring.patch
Normal file
112
KEYS-Add-a-system-blacklist-keyring.patch
Normal file
@ -0,0 +1,112 @@
|
||||
From 6aca93c96e067deab170188aea3edb0afd88e9a2 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||
Subject: [PATCH] KEYS: Add a system blacklist keyring
|
||||
|
||||
This adds an additional keyring that is used to store certificates that
|
||||
are blacklisted. This keyring is searched first when loading signed modules
|
||||
and if the module's certificate is found, it will refuse to load. This is
|
||||
useful in cases where third party certificates are used for module signing.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/keys/system_keyring.h | 4 ++++
|
||||
init/Kconfig | 9 +++++++++
|
||||
kernel/module_signing.c | 12 ++++++++++++
|
||||
kernel/system_keyring.c | 17 +++++++++++++++++
|
||||
4 files changed, 42 insertions(+)
|
||||
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 72665eb80692..2c7b80d31366 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index e84c6423a2e5..223b1a32bbcb 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1720,6 +1720,15 @@ config SYSTEM_TRUSTED_KEYRING
|
||||
|
||||
Keys in this keyring are used by module signature checking.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
|
||||
index be5b8fac4bd0..fed815fcdaf2 100644
|
||||
--- a/kernel/module_signing.c
|
||||
+++ b/kernel/module_signing.c
|
||||
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
|
||||
|
||||
pr_debug("Look up: \"%s\"\n", id);
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
|
||||
+ &key_type_asymmetric, id);
|
||||
+ if (!IS_ERR(key)) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key '%s' is in blacklist\n", id);
|
||||
+ key_ref_put(key);
|
||||
+ kfree(id);
|
||||
+ return ERR_PTR(-EKEYREJECTED);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
|
||||
&key_type_asymmetric, id);
|
||||
if (IS_ERR(key))
|
||||
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
|
||||
index 875f64e8935b..c15e93f5a418 100644
|
||||
--- a/kernel/system_keyring.c
|
||||
+++ b/kernel/system_keyring.c
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
struct key *system_trusted_keyring;
|
||||
EXPORT_SYMBOL_GPL(system_trusted_keyring);
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
|
||||
extern __initconst const u8 system_certificate_list[];
|
||||
extern __initconst const unsigned long system_certificate_list_size;
|
||||
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
|
||||
panic("Can't allocate system trusted keyring\n");
|
||||
|
||||
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
|
||||
+
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
|
||||
+ KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
+ current_cred(),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW | KEY_USR_READ,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
|
||||
+ if (IS_ERR(system_blacklist_keyring))
|
||||
+ panic("Can't allocate system blacklist keyring\n");
|
||||
+
|
||||
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
|
||||
+#endif
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
95
KEYS-Fix-termination-condition-in-assoc-array-garbag.patch
Normal file
95
KEYS-Fix-termination-condition-in-assoc-array-garbag.patch
Normal file
@ -0,0 +1,95 @@
|
||||
From 02c3c0f0c83483a79783b211ef1bbd79ef0bd360 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 9 Sep 2014 19:12:32 +0100
|
||||
Subject: [PATCH] KEYS: Fix termination condition in assoc array garbage
|
||||
collection
|
||||
|
||||
It is possible for an associative array to end up with a shortcut node at the
|
||||
root of the tree, if there are more than fan-out nodes in the tree, but they
|
||||
all crowd into the same slot in the lowest level (ie. they all have the same
|
||||
first nibble of their index keys).
|
||||
|
||||
When assoc_array_gc() returns back up the tree after scanning some leaves, it
|
||||
can fall off of the root and crash because it assumes that the back pointer
|
||||
from a shortcut (after label ascend_old_tree) must point to a normal node -
|
||||
which isn't true of a shortcut node at the root.
|
||||
|
||||
Should we find we're ascending rootwards over a shortcut, we should check to
|
||||
see if the backpointer is zero - and if it is, we have completed the scan.
|
||||
|
||||
This particular bug cannot occur if the root node is not a shortcut - ie. if
|
||||
you have fewer than 17 keys in a keyring or if you have at least two keys that
|
||||
sit into separate slots (eg. a keyring and a non keyring).
|
||||
|
||||
If we do fall off of the top of the tree, we get the following oops:
|
||||
|
||||
BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
|
||||
IP: [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
|
||||
PGD dae15067 PUD cfc24067 PMD 0
|
||||
Oops: 0000 [#1] SMP
|
||||
Modules linked in: xt_nat xt_mark nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_ni
|
||||
CPU: 0 PID: 26011 Comm: kworker/0:1 Not tainted 3.14.9-200.fc20.x86_64 #1
|
||||
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
|
||||
Workqueue: events key_garbage_collector
|
||||
task: ffff8800918bd580 ti: ffff8800aac14000 task.ti: ffff8800aac14000
|
||||
RIP: 0010:[<ffffffff8136cea7>] [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
|
||||
RSP: 0018:ffff8800aac15d40 EFLAGS: 00010206
|
||||
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8800aaecacc0
|
||||
RDX: ffff8800daecf440 RSI: 0000000000000001 RDI: ffff8800aadc2bc0
|
||||
RBP: ffff8800aac15da8 R08: 0000000000000001 R09: 0000000000000003
|
||||
R10: ffffffff8136ccc7 R11: 0000000000000000 R12: 0000000000000000
|
||||
R13: 0000000000000000 R14: 0000000000000070 R15: 0000000000000001
|
||||
FS: 0000000000000000(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
|
||||
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
|
||||
CR2: 0000000000000018 CR3: 00000000db10d000 CR4: 00000000000006f0
|
||||
Stack:
|
||||
ffff8800aac15d50 0000000000000011 ffff8800aac15db8 ffffffff812e2a70
|
||||
ffff880091a00600 0000000000000000 ffff8800aadc2bc3 00000000cd42c987
|
||||
ffff88003702df20 ffff88003702dfa0 0000000053b65c09 ffff8800aac15fd8
|
||||
Call Trace:
|
||||
[<ffffffff812e2a70>] ? keyring_detect_cycle_iterator+0x30/0x30
|
||||
[<ffffffff812e3e75>] keyring_gc+0x75/0x80
|
||||
[<ffffffff812e1424>] key_garbage_collector+0x154/0x3c0
|
||||
[<ffffffff810a67b6>] process_one_work+0x176/0x430
|
||||
[<ffffffff810a744b>] worker_thread+0x11b/0x3a0
|
||||
[<ffffffff810a7330>] ? rescuer_thread+0x3b0/0x3b0
|
||||
[<ffffffff810ae1a8>] kthread+0xd8/0xf0
|
||||
[<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
|
||||
[<ffffffff816ffb7c>] ret_from_fork+0x7c/0xb0
|
||||
[<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
|
||||
Code: 08 4c 8b 22 0f 84 bf 00 00 00 41 83 c7 01 49 83 e4 fc 41 83 ff 0f 4c 89 65 c0 0f 8f 5a fe ff ff 48 8b 45 c0 4d 63 cf 49 83 c1 02 <4e> 8b 34 c8 4d 85 f6 0f 84 be 00 00 00 41 f6 c6 01 0f 84 92
|
||||
RIP [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
|
||||
RSP <ffff8800aac15d40>
|
||||
CR2: 0000000000000018
|
||||
---[ end trace 1129028a088c0cbd ]---
|
||||
|
||||
Bugzilla: 1116347
|
||||
Upstream-status: ??
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
lib/assoc_array.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/assoc_array.c b/lib/assoc_array.c
|
||||
index ae146f0734eb..2404d03e251a 100644
|
||||
--- a/lib/assoc_array.c
|
||||
+++ b/lib/assoc_array.c
|
||||
@@ -1723,11 +1723,13 @@ ascend_old_tree:
|
||||
shortcut = assoc_array_ptr_to_shortcut(ptr);
|
||||
slot = shortcut->parent_slot;
|
||||
cursor = shortcut->back_pointer;
|
||||
+ if (!cursor)
|
||||
+ goto gc_complete;
|
||||
} else {
|
||||
slot = node->parent_slot;
|
||||
cursor = ptr;
|
||||
}
|
||||
- BUG_ON(!ptr);
|
||||
+ BUG_ON(!cursor);
|
||||
node = assoc_array_ptr_to_node(cursor);
|
||||
slot++;
|
||||
goto continue_node;
|
||||
--
|
||||
1.9.3
|
||||
|
186
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
Normal file
186
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
Normal file
@ -0,0 +1,186 @@
|
||||
From 728aa078f7fa819843c2eb68517d326cbf3947ea Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
||||
Secure Boot stores a list of allowed certificates in the 'db' variable.
|
||||
This imports those certificates into the system trusted keyring. This
|
||||
allows for a third party signing certificate to be used in conjunction
|
||||
with signed modules. By importing the public certificate into the 'db'
|
||||
variable, a user can allow a module signed with that certificate to
|
||||
load. The shim UEFI bootloader has a similar certificate list stored
|
||||
in the 'MokListRT' variable. We import those as well.
|
||||
|
||||
In the opposite case, Secure Boot maintains a list of disallowed
|
||||
certificates in the 'dbx' variable. We load those certificates into
|
||||
the newly introduced system blacklist keyring and forbid any module
|
||||
signed with those from loading.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/linux/efi.h | 6 ++++
|
||||
init/Kconfig | 9 +++++
|
||||
kernel/Makefile | 3 ++
|
||||
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 110 insertions(+)
|
||||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 41359e548bcb..db9e6118575e 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -587,6 +587,12 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
+
|
||||
+#define EFI_SHIM_LOCK_GUID \
|
||||
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 223b1a32bbcb..3bad458f1c68 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1874,6 +1874,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
+config MODULE_SIG_UEFI
|
||||
+ bool "Allow modules signed with certs stored in UEFI"
|
||||
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
|
||||
+ select EFI_SIGNATURE_LIST_PARSER
|
||||
+ help
|
||||
+ This will import certificates stored in UEFI and allow modules
|
||||
+ signed with those to be loaded. It will also disallow loading
|
||||
+ of modules stored in the UEFI dbx variable.
|
||||
+
|
||||
choice
|
||||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index dc5c77544fd6..95bdf3398880 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -45,6 +45,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
# config_data.h contains the same information as ikconfig.h but gzipped.
|
||||
# Info from config_data can be extracted from /proc/config*
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..94b0eb38a284
|
||||
--- /dev/null
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -0,0 +1,92 @@
|
||||
+#include <linux/kernel.h>
|
||||
+#include <linux/sched.h>
|
||||
+#include <linux/cred.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <linux/slab.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+#include <keys/system_keyring.h>
|
||||
+#include "module-internal.h"
|
||||
+
|
||||
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned long lsize = 4;
|
||||
+ unsigned long tmpdb[4];
|
||||
+ void *db = NULL;
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
|
||||
+ if (status != EFI_BUFFER_TOO_SMALL) {
|
||||
+ pr_err("Couldn't get size: 0x%lx\n", status);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ db = kmalloc(lsize, GFP_KERNEL);
|
||||
+ if (!db) {
|
||||
+ pr_err("Couldn't allocate memory for uefi cert list\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
|
||||
+ if (status != EFI_SUCCESS) {
|
||||
+ kfree(db);
|
||||
+ db = NULL;
|
||||
+ pr_err("Error reading db var: 0x%lx\n", status);
|
||||
+ }
|
||||
+out:
|
||||
+ *size = lsize;
|
||||
+ return db;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * * Load the certs contained in the UEFI databases
|
||||
+ * */
|
||||
+static int __init load_uefi_certs(void)
|
||||
+{
|
||||
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
|
||||
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
+ void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
+ int rc = 0;
|
||||
+
|
||||
+ /* Check if SB is enabled and just return if not */
|
||||
+ if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
+ * an error if we can't get them.
|
||||
+ */
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
+
|
||||
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
+ if (!mok) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
|
||||
+ kfree(mok);
|
||||
+ }
|
||||
+
|
||||
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
|
||||
+ if (!dbx) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(dbx, dbxsize,
|
||||
+ system_blacklist_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
|
||||
+ kfree(dbx);
|
||||
+ }
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+late_initcall(load_uefi_certs);
|
||||
--
|
||||
1.9.3
|
||||
|
84
MODSIGN-Support-not-importing-certs-from-db.patch
Normal file
84
MODSIGN-Support-not-importing-certs-from-db.patch
Normal file
@ -0,0 +1,84 @@
|
||||
From 423462db8b901e6cc936350a5e1f538d15aa5555 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH] MODSIGN: Support not importing certs from db
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
Have the uefi import code look for this and not import things from the db
|
||||
variable.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 31 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
index 94b0eb38a284..ae28b974d49a 100644
|
||||
--- a/kernel/modsign_uefi.c
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -8,6 +8,23 @@
|
||||
#include <keys/system_keyring.h>
|
||||
#include "module-internal.h"
|
||||
|
||||
+static __init int check_ignore_db(void)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned int db = 0;
|
||||
+ unsigned long size = sizeof(db);
|
||||
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
|
||||
+
|
||||
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
|
||||
+ * then we don't ignore DB. If it succeeds, we do.
|
||||
+ */
|
||||
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
{
|
||||
efi_status_t status;
|
||||
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
|
||||
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
- int rc = 0;
|
||||
+ int ignore_db, rc = 0;
|
||||
|
||||
/* Check if SB is enabled and just return if not */
|
||||
if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
return 0;
|
||||
|
||||
+ /* See if the user has setup Ignore DB mode */
|
||||
+ ignore_db = check_ignore_db();
|
||||
+
|
||||
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
* an error if we can't get them.
|
||||
*/
|
||||
- db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
- if (!db) {
|
||||
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
- } else {
|
||||
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
- if (rc)
|
||||
- pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
- kfree(db);
|
||||
+ if (!ignore_db) {
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
}
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
1.9.3
|
||||
|
@ -11,11 +11,10 @@ CONFIGFILES = \
|
||||
$(CFG)-s390x.config \
|
||||
$(CFG)-armv7hl.config $(CFG)-armv7hl-lpae.config \
|
||||
$(CFG)-aarch64.config \
|
||||
$(CFG)-ppc.config $(CFG)-ppc-smp.config \
|
||||
$(CFG)-ppc64.config $(CFG)-ppc64p7.config $(CFG)-ppc64-debug.config \
|
||||
$(CFG)-ppc64le.config
|
||||
|
||||
PLATFORMS = x86 x86_64 powerpc powerpc32 powerpc64 s390x arm arm64
|
||||
PLATFORMS = x86 x86_64 powerpc powerpc64 s390x arm arm64
|
||||
TEMPFILES = $(addprefix temp-, $(addsuffix -generic, $(PLATFORMS)))
|
||||
|
||||
configs: $(CONFIGFILES)
|
||||
@ -81,9 +80,6 @@ temp-powerpc-generic: config-powerpc-generic temp-generic
|
||||
temp-powerpc-debug-generic: config-powerpc-generic temp-debug-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
temp-powerpc32-generic: config-powerpc32-generic temp-powerpc-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
temp-powerpc64-generic: config-powerpc64 temp-powerpc-generic
|
||||
perl merge.pl $^ > $@
|
||||
|
||||
@ -134,9 +130,3 @@ $(CFG)-armv7hl-lpae.config: /dev/null temp-armv7-lpae
|
||||
|
||||
$(CFG)-aarch64.config: /dev/null temp-arm64
|
||||
perl merge.pl $^ arm64 > $@
|
||||
|
||||
$(CFG)-ppc.config: /dev/null temp-powerpc32-generic
|
||||
perl merge.pl $^ powerpc > $@
|
||||
|
||||
$(CFG)-ppc-smp.config: config-powerpc32-smp temp-powerpc32-generic
|
||||
perl merge.pl $^ powerpc > $@
|
||||
|
117
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
Normal file
117
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
Normal file
@ -0,0 +1,117 @@
|
||||
From 6f2298da3471189910506e3eec34c2a9b7c12761 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
kernel code, allowing them to circumvent disabled module loading or module
|
||||
signing. Default to paranoid - in future we can potentially relax this for
|
||||
sufficiently IOMMU-isolated devices.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/pci/pci-sysfs.c | 10 ++++++++++
|
||||
drivers/pci/proc.c | 8 +++++++-
|
||||
drivers/pci/syscall.c | 3 ++-
|
||||
3 files changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index 9ff0a901ecf7..8d0d5d92b8d9 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <linux/vgaarb.h>
|
||||
#include <linux/pm_runtime.h>
|
||||
#include <linux/of.h>
|
||||
+#include <linux/module.h>
|
||||
#include "pci.h"
|
||||
|
||||
static int sysfs_initialized; /* = 0 */
|
||||
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
loff_t init_off = off;
|
||||
u8 *data = (u8 *) buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (off > dev->cfg_size)
|
||||
return 0;
|
||||
if (off + count > dev->cfg_size) {
|
||||
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
resource_size_t start, end;
|
||||
int i;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
||||
if (res == &pdev->resource[i])
|
||||
break;
|
||||
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *attr, char *buf,
|
||||
loff_t off, size_t count)
|
||||
{
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
|
||||
}
|
||||
|
||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||
index 3f155e78513f..4265ea07e3b0 100644
|
||||
--- a/drivers/pci/proc.c
|
||||
+++ b/drivers/pci/proc.c
|
||||
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
|
||||
int size = dev->cfg_size;
|
||||
int cnt;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (pos >= size)
|
||||
return 0;
|
||||
if (nbytes >= size)
|
||||
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
|
||||
#endif /* HAVE_PCI_MMAP */
|
||||
int ret = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
switch (cmd) {
|
||||
case PCIIOC_CONTROLLER:
|
||||
ret = pci_domain_nr(dev->bus);
|
||||
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
struct pci_filp_private *fpriv = file->private_data;
|
||||
int i, ret;
|
||||
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
/* Make sure the caller is mapping a real resource for this device */
|
||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||
index b91c4da68365..98f5637304d1 100644
|
||||
--- a/drivers/pci/syscall.c
|
||||
+++ b/drivers/pci/syscall.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/errno.h>
|
||||
#include <linux/pci.h>
|
||||
#include <linux/syscalls.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include "pci.h"
|
||||
|
||||
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
||||
u32 dword;
|
||||
int err = 0;
|
||||
|
||||
- if (!capable(CAP_SYS_ADMIN))
|
||||
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
1.9.3
|
||||
|
42
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
Normal file
42
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From d999220356c7c2526cdaa1a9113784f95004d65e Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
to be subverted, avoiding module loading restrictions. Prevent this when
|
||||
any restrictions have been imposed on loading modules.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/char/mem.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index cdf839f9defe..c63cf93b00eb 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
if (p != *ppos)
|
||||
return -EFBIG;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!valid_phys_addr_range(p, count))
|
||||
return -EFAULT;
|
||||
|
||||
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
|
||||
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
|
||||
int err = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,23 +1,25 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Sigh. We almost got to drop this.
|
||||
|
||||
From 20e3f1e1b9341d233a11734c07c076caac9936ef Mon Sep 17 00:00:00 2001
|
||||
From 37a1b979a715b1c7e8247cfdfcc2eedc9aea1471 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 28 Jul 2014 12:59:48 -0400
|
||||
Subject: [PATCH] Revert "Revert "ACPI / video: change acpi-video
|
||||
brightness_switch_enabled default to 0""
|
||||
|
||||
This reverts commit 2843768b701971ab10e62c77d5c75ad7c306f1bd.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Sigh. We almost got to drop this.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
Documentation/kernel-parameters.txt | 2 +-
|
||||
drivers/acpi/video.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
|
||||
index b7fa2f599459..e8db409a7e3a 100644
|
||||
index 5ae8608ca9f5..8ffa8f91eeb2 100644
|
||||
--- a/Documentation/kernel-parameters.txt
|
||||
+++ b/Documentation/kernel-parameters.txt
|
||||
@@ -3532,7 +3532,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
||||
@@ -3595,7 +3595,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
||||
the allocated input device; If set to 0, video driver
|
||||
will only send out the event without touching backlight
|
||||
brightness level.
|
||||
@ -27,7 +29,7 @@ index b7fa2f599459..e8db409a7e3a 100644
|
||||
virtio_mmio.device=
|
||||
[VMMIO] Memory mapped virtio (platform) device.
|
||||
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
|
||||
index 350d52a8f781..44c89f705018 100644
|
||||
index fcbda105616e..2e0236af78b9 100644
|
||||
--- a/drivers/acpi/video.c
|
||||
+++ b/drivers/acpi/video.c
|
||||
@@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot");
|
||||
|
39
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
Normal file
39
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From e2b4ee7e99b8c0a0d48ed4aa76fd01e11bfe275d Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
|
||||
is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
loading modules. Disable it in that case.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||
---
|
||||
drivers/acpi/osl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index 3abe9b223ba7..ee8f11cf65da 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
- if (acpi_rsdp)
|
||||
+ if (acpi_rsdp && !secure_modules())
|
||||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,8 +1,8 @@
|
||||
From 5573624261ab5d54f2dea2a3e09a98729db9ecd9 Mon Sep 17 00:00:00 2001
|
||||
From 11ad2e84a328a6bc9861646044d4411352d82258 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Wed, 30 Apr 2014 15:24:19 +0200
|
||||
Subject: [PATCH 1/2] acpi-video: Add 4 new models to the use_native_backlight
|
||||
dmi list
|
||||
Subject: [PATCH] acpi-video: Add 4 new models to the use_native_backlight dmi
|
||||
list
|
||||
|
||||
Acer Aspire V5-171
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=983342
|
||||
@ -21,10 +21,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
1 file changed, 32 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
|
||||
index 8b6990e..48146fc 100644
|
||||
index 2e0236af78b9..df1626d2ba10 100644
|
||||
--- a/drivers/acpi/video.c
|
||||
+++ b/drivers/acpi/video.c
|
||||
@@ -488,6 +488,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
@@ -556,6 +556,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -39,7 +39,7 @@ index 8b6990e..48146fc 100644
|
||||
.callback = video_set_use_native_backlight,
|
||||
.ident = "Thinkpad Helix",
|
||||
.matches = {
|
||||
@@ -513,6 +521,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
@@ -597,6 +605,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
},
|
||||
{
|
||||
.callback = video_set_use_native_backlight,
|
||||
@ -54,7 +54,7 @@ index 8b6990e..48146fc 100644
|
||||
.ident = "Acer Aspire V5-431",
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "Acer"),
|
||||
@@ -520,6 +536,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
@@ -644,6 +660,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -69,7 +69,7 @@ index 8b6990e..48146fc 100644
|
||||
.callback = video_set_use_native_backlight,
|
||||
.ident = "HP ProBook 4340s",
|
||||
.matches = {
|
||||
@@ -571,6 +595,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
@@ -720,6 +744,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
},
|
||||
{
|
||||
.callback = video_set_use_native_backlight,
|
||||
@ -85,5 +85,5 @@ index 8b6990e..48146fc 100644
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
|
||||
--
|
||||
1.9.0
|
||||
1.9.3
|
||||
|
@ -1,11 +1,8 @@
|
||||
Bugzilla: 1093171
|
||||
Upstream-status: Queued for 3.16
|
||||
|
||||
From 7ac976d0109433d1ad0812f4f6889a904d9a0c40 Mon Sep 17 00:00:00 2001
|
||||
From f2516b128351bcc2856d39a8b2aa98f748becda5 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 17:41:10 +0200
|
||||
Subject: [PATCH 13/14] acpi-video: Add use native backlight quirk for the
|
||||
ThinkPad W530
|
||||
Subject: [PATCH] acpi-video: Add use native backlight quirk for the ThinkPad
|
||||
W530
|
||||
|
||||
Like all of the other *30 ThinkPad models, the W530 has a broken acpi-video
|
||||
backlight control. Note in order for this to actually fix things on the
|
||||
@ -15,6 +12,9 @@ is also needed.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1093171
|
||||
|
||||
Bugzilla: 1093171
|
||||
Upstream-status: Queued for 3.16
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
@ -22,10 +22,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
|
||||
index ab7cd65ce21e..dcb0ef4c22f6 100644
|
||||
index df1626d2ba10..caa4d8fc3458 100644
|
||||
--- a/drivers/acpi/video.c
|
||||
+++ b/drivers/acpi/video.c
|
||||
@@ -468,6 +468,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
@@ -469,6 +469,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
},
|
||||
{
|
||||
.callback = video_set_use_native_backlight,
|
||||
@ -41,5 +41,5 @@ index ab7cd65ce21e..dcb0ef4c22f6 100644
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
--
|
||||
1.9.0
|
||||
1.9.3
|
||||
|
||||
|
@ -1,16 +1,16 @@
|
||||
Bugzilla: 1025690
|
||||
Upstream-status: Waiting for feedback from reporter
|
||||
|
||||
From dfe2c6722a6f6cb45f6b336b094b26a77acd8393 Mon Sep 17 00:00:00 2001
|
||||
From d48552d47446ac0562a46bbafcb1ab396d9b8555 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 17:41:11 +0200
|
||||
Subject: [PATCH 14/14] acpi-video: Add use_native_backlight quirk for HP
|
||||
ProBook 4540s
|
||||
Subject: [PATCH] acpi-video: Add use_native_backlight quirk for HP ProBook
|
||||
4540s
|
||||
|
||||
As reported here:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1025690
|
||||
This is yet another model which needs this quirk.
|
||||
|
||||
Bugzilla: 1025690
|
||||
Upstream-status: Waiting for feedback from reporter
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
@ -18,10 +18,10 @@ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
|
||||
index dcb0ef4c22f6..3db16753f88a 100644
|
||||
index caa4d8fc3458..7e86097f7c2b 100644
|
||||
--- a/drivers/acpi/video.c
|
||||
+++ b/drivers/acpi/video.c
|
||||
@@ -548,6 +548,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
@@ -693,6 +693,14 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
|
||||
},
|
||||
{
|
||||
.callback = video_set_use_native_backlight,
|
||||
@ -37,5 +37,5 @@ index dcb0ef4c22f6..3db16753f88a 100644
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
|
||||
--
|
||||
1.9.0
|
||||
1.9.3
|
||||
|
||||
|
460
arm-beagle.patch
460
arm-beagle.patch
@ -1,460 +0,0 @@
|
||||
Bugzilla: 1012025
|
||||
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
|
||||
|
||||
From b5a2528c89fc8049b2a6a750634c14983e33d00f Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:05:09 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index 6b71ad9..09ffbd8 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -74,5 +74,18 @@
|
||||
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
|
||||
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
|
||||
status = "okay";
|
||||
+
|
||||
+ panel-info {
|
||||
+ bpp = <16>;
|
||||
+ ac-bias = <255>;
|
||||
+ ac-bias-intrpt = <0>;
|
||||
+ dma-burst-sz = <16>;
|
||||
+ fdd = <16>;
|
||||
+ sync-edge = <1>;
|
||||
+ sync-ctrl = <1>;
|
||||
+ raster-order = <0>;
|
||||
+ fifo-th = <0>;
|
||||
+ invert-pxl-clk;
|
||||
+ };
|
||||
};
|
||||
};
|
||||
--
|
||||
1.8.5.1
|
||||
|
||||
From 1da083a002581520dd358b8b8e097078000d12b9 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:14:19 -0600
|
||||
Subject: [PATCH 2/2] arm: dts: am335x-boneblack: add cpu0 opp points
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index 09ffbd8..f213ccd 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -67,6 +67,24 @@
|
||||
};
|
||||
|
||||
/ {
|
||||
+ cpus {
|
||||
+ cpu@0 {
|
||||
+ cpu0-supply = <&dcdc2_reg>;
|
||||
+ /*
|
||||
+ * To consider voltage drop between PMIC and SoC,
|
||||
+ * tolerance value is reduced to 2% from 4% and
|
||||
+ * voltage value is increased as a precaution.
|
||||
+ */
|
||||
+ operating-points = <
|
||||
+ /* kHz uV */
|
||||
+ 1000000 1325000
|
||||
+ 800000 1300000
|
||||
+ 600000 1112000
|
||||
+ 300000 969000
|
||||
+ >;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
hdmi {
|
||||
compatible = "ti,tilcdc,slave";
|
||||
i2c = <&i2c0>;
|
||||
--
|
||||
1.8.5.1
|
||||
|
||||
From 8551d8aa7d3e002da2097e7e902fb96fceb8694e Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 11:17:45 -0600
|
||||
Subject: [PATCH 3/3] arm: dts: am335x-bone-common: enable and use i2c2
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
|
||||
1 file changed, 39 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index e3f27ec..54366b6 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -84,6 +84,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ i2c2_pins: pinmux_i2c2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
|
||||
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
uart0_pins: pinmux_uart0_pins {
|
||||
pinctrl-single,pins = <
|
||||
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
|
||||
@@ -220,6 +227,38 @@
|
||||
reg = <0x24>;
|
||||
};
|
||||
|
||||
+ baseboard_eeprom: baseboard_eeprom@50 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x50>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&i2c2 {
|
||||
+ status = "okay";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c2_pins>;
|
||||
+
|
||||
+ clock-frequency = <100000>;
|
||||
+
|
||||
+ cape_eeprom0: cape_eeprom0@54 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x54>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom1: cape_eeprom1@55 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x55>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom2: cape_eeprom2@56 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x56>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom3: cape_eeprom3@57 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x57>;
|
||||
+ };
|
||||
};
|
||||
|
||||
/include/ "tps65217.dtsi"
|
||||
--
|
||||
1.8.5.2
|
||||
|
||||
From a3099dc53a47d1694a5b575580ec3406dc429bf8 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 14:18:00 -0600
|
||||
Subject: [PATCH 4/4] arm: dts: am335x-bone-common: setup default pinmux
|
||||
http://elinux.org/Basic_Proto_Cape
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
|
||||
1 file changed, 130 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index e4571af..f85cabc 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -98,6 +98,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart1_pins: pinmux_uart1_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
|
||||
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
@@ -178,6 +185,33 @@
|
||||
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
|
||||
>;
|
||||
};
|
||||
+
|
||||
+ spi0_pins: pinmux_spi0_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
|
||||
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
|
||||
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
|
||||
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
|
||||
+ >;
|
||||
+ };
|
||||
};
|
||||
|
||||
&uart0 {
|
||||
@@ -187,6 +221,13 @@
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
+&uart1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart1_pins>;
|
||||
+
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
&usb {
|
||||
status = "okay";
|
||||
|
||||
@@ -261,6 +302,56 @@
|
||||
};
|
||||
};
|
||||
|
||||
+&epwmss0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ecap@48300100 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&epwmss1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <
|
||||
+ &ehrpwm1_pin_p9_14
|
||||
+ &ehrpwm1_pin_p9_16
|
||||
+ >;
|
||||
+
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ehrpwm@48302200 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&spi0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&spi0_pins>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ spidev0: spi@0 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <0>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ spi-cpha;
|
||||
+ };
|
||||
+
|
||||
+ spidev1: spi@1 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <1>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&tscadc {
|
||||
+ status = "okay";
|
||||
+ adc {
|
||||
+ ti,adc-channels = <4 5 6>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
/include/ "tps65217.dtsi"
|
||||
|
||||
&tps {
|
||||
@@ -336,3 +427,42 @@
|
||||
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
|
||||
cd-inverted;
|
||||
};
|
||||
+
|
||||
+/ {
|
||||
+ ocp {
|
||||
+ //FIXME: these pwm's still need work, this guild isn't working..
|
||||
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
|
||||
+ pwm_test_P9_14@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_14";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_16@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_16";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_42 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ecap0 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_42";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+ };
|
||||
+};
|
||||
--
|
||||
1.8.5.2
|
||||
|
||||
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Thu, 13 Mar 2014 14:18:52 -0500
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: add
|
||||
uart2_pins/uart4_pins/uart5_pins
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index f85cabc..5270d18 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -105,6 +105,27 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart2_pins: pinmux_uart2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
|
||||
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart4_pins: pinmux_uart4_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
|
||||
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart5_pins: pinmux_uart5_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
|
||||
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
--
|
||||
1.9.0
|
||||
|
||||
From 72567452d5d6007010597158f6afd00e2bf07579 Mon Sep 17 00:00:00 2001
|
||||
From: Pantelis Antoniou <panto@antoniou-consulting.com>
|
||||
Date: Sat, 15 Sep 2012 12:00:41 +0300
|
||||
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
|
||||
|
||||
When using pinctrl-single to handle i2c initialization, it has
|
||||
to be done early. Whether this is the best way to do so, is an
|
||||
exercise left to the reader.
|
||||
---
|
||||
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
|
||||
index 829b98c..5107dcf 100644
|
||||
--- a/drivers/pinctrl/pinctrl-single.c
|
||||
+++ b/drivers/pinctrl/pinctrl-single.c
|
||||
@@ -2039,7 +2039,17 @@ static struct platform_driver pcs_driver = {
|
||||
#endif
|
||||
};
|
||||
|
||||
-module_platform_driver(pcs_driver);
|
||||
+static int __init pcs_init(void)
|
||||
+{
|
||||
+ return platform_driver_register(&pcs_driver);
|
||||
+}
|
||||
+postcore_initcall(pcs_init);
|
||||
+
|
||||
+static void __exit pcs_exit(void)
|
||||
+{
|
||||
+ platform_driver_unregister(&pcs_driver);
|
||||
+}
|
||||
+module_exit(pcs_exit);
|
||||
|
||||
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
|
||||
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
|
||||
--
|
||||
1.8.5.2
|
||||
|
||||
From b6e2c817edfc6d73874cf833daffe1be6c7ed8bb Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Thu, 13 Mar 2014 14:18:52 -0500
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: add
|
||||
uart2_pins/uart4_pins/uart5_pins
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index f85cabc..5270d18 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -105,6 +105,27 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart2_pins: pinmux_uart2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
|
||||
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart4_pins: pinmux_uart4_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
|
||||
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart5_pins: pinmux_uart5_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
|
||||
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
--
|
||||
1.9.0
|
46
arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
Normal file
46
arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From eff4447db91c46b6e638ceb0da832354e15e4502 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Thu, 13 Mar 2014 14:18:52 -0500
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: add
|
||||
uart2_pins/uart4_pins/uart5_pins
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index 86cdb52dbf8a..db4518ef755d 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -105,6 +105,27 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart2_pins: pinmux_uart2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 0x21 /* spi0_sclk.uart2_rxd | MODE1 */
|
||||
+ 0x154 0x01 /* spi0_d0.uart2_txd | MODE1 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart4_pins: pinmux_uart4_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x070 0x26 /* gpmc_wait0.uart4_rxd | MODE6 */
|
||||
+ 0x074 0x06 /* gpmc_wpn.uart4_txd | MODE6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ uart5_pins: pinmux_uart5_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x0C4 0x24 /* lcd_data9.uart5_rxd | MODE4 */
|
||||
+ 0x0C0 0x04 /* lcd_data8.uart5_txd | MODE4 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
--
|
||||
1.9.3
|
||||
|
70
arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
Normal file
70
arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
Normal file
@ -0,0 +1,70 @@
|
||||
From 1f781abfa691083a36dd0d255d190cdb0251725e Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 11:17:45 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: enable and use i2c2
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 39 +++++++++++++++++++++++++++++++
|
||||
1 file changed, 39 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index bde1777b62be..c7357bcc7d5c 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -84,6 +84,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ i2c2_pins: pinmux_i2c2_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x178 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_ctsn.i2c2_sda */
|
||||
+ 0x17c 0x73 /* (SLEWCTRL_SLOW | PIN_INPUT_PULLUP | MUX_MODE3) uart1_rtsn.i2c2_scl */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
uart0_pins: pinmux_uart0_pins {
|
||||
pinctrl-single,pins = <
|
||||
0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */
|
||||
@@ -220,6 +227,38 @@
|
||||
reg = <0x24>;
|
||||
};
|
||||
|
||||
+ baseboard_eeprom: baseboard_eeprom@50 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x50>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&i2c2 {
|
||||
+ status = "okay";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c2_pins>;
|
||||
+
|
||||
+ clock-frequency = <100000>;
|
||||
+
|
||||
+ cape_eeprom0: cape_eeprom0@54 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x54>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom1: cape_eeprom1@55 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x55>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom2: cape_eeprom2@56 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x56>;
|
||||
+ };
|
||||
+
|
||||
+ cape_eeprom3: cape_eeprom3@57 {
|
||||
+ compatible = "at,24c256";
|
||||
+ reg = <0x57>;
|
||||
+ };
|
||||
};
|
||||
|
||||
/include/ "tps65217.dtsi"
|
||||
--
|
||||
1.9.3
|
||||
|
180
arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
Normal file
180
arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
Normal file
@ -0,0 +1,180 @@
|
||||
From 3cdbaad2a041e42677e1e8137bb1a9f01fd37277 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Tue, 31 Dec 2013 14:18:00 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-bone-common: setup default pinmux
|
||||
http://elinux.org/Basic_Proto_Cape
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-bone-common.dtsi | 130 ++++++++++++++++++++++++++++++
|
||||
1 file changed, 130 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
index c7357bcc7d5c..86cdb52dbf8a 100644
|
||||
--- a/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
|
||||
@@ -98,6 +98,13 @@
|
||||
>;
|
||||
};
|
||||
|
||||
+ uart1_pins: pinmux_uart1_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x180 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart1_rxd.uart1_rxd */
|
||||
+ 0x184 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart1_txd.uart1_txd */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
clkout2_pin: pinmux_clkout2_pin {
|
||||
pinctrl-single,pins = <
|
||||
0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */
|
||||
@@ -178,6 +185,33 @@
|
||||
0x1c (PIN_INPUT_PULLUP | MUX_MODE1) /* gpmc_ad7.mmc1_dat7 */
|
||||
>;
|
||||
};
|
||||
+
|
||||
+ spi0_pins: pinmux_spi0_pins {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x150 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_sclk.spi0_sclk */
|
||||
+ 0x154 (PIN_INPUT_PULLUP | MUX_MODE0) /* spi0_d0.spi0_d0 */
|
||||
+ 0x158 (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_d1.spi0_d1 */
|
||||
+ 0x15c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* spi0_cs0.spi0_cs0 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_14: pinmux_ehrpwm1_pin_p9_14 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x048 0x6 /* P9_14 (ZCZ ball U14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ehrpwm1_pin_p9_16: pinmux_ehrpwm1_pin_p9_16 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x04c 0x6 /* P9_16 (ZCZ ball T14) | MODE 6 */
|
||||
+ >;
|
||||
+ };
|
||||
+
|
||||
+ ecap0_pin_p9_42: pinmux_ecap0_pin_p9_42 {
|
||||
+ pinctrl-single,pins = <
|
||||
+ 0x164 0x0 /* P9_42 (ZCZ ball C18) | MODE 0 */
|
||||
+ >;
|
||||
+ };
|
||||
};
|
||||
|
||||
&uart0 {
|
||||
@@ -187,6 +221,13 @@
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
+&uart1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart1_pins>;
|
||||
+
|
||||
+ status = "okay";
|
||||
+};
|
||||
+
|
||||
&usb {
|
||||
status = "okay";
|
||||
};
|
||||
@@ -261,6 +302,56 @@
|
||||
};
|
||||
};
|
||||
|
||||
+&epwmss0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ecap@48300100 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&epwmss1 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <
|
||||
+ &ehrpwm1_pin_p9_14
|
||||
+ &ehrpwm1_pin_p9_16
|
||||
+ >;
|
||||
+
|
||||
+ status = "okay";
|
||||
+
|
||||
+ ehrpwm@48302200 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&spi0 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&spi0_pins>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ spidev0: spi@0 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <0>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ spi-cpha;
|
||||
+ };
|
||||
+
|
||||
+ spidev1: spi@1 {
|
||||
+ compatible = "spidev";
|
||||
+ reg = <1>;
|
||||
+ spi-max-frequency = <16000000>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+&tscadc {
|
||||
+ status = "okay";
|
||||
+ adc {
|
||||
+ ti,adc-channels = <4 5 6>;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
/include/ "tps65217.dtsi"
|
||||
|
||||
&tps {
|
||||
@@ -337,3 +428,42 @@
|
||||
cd-gpios = <&gpio0 6 GPIO_ACTIVE_HIGH>;
|
||||
cd-inverted;
|
||||
};
|
||||
+
|
||||
+/ {
|
||||
+ ocp {
|
||||
+ //FIXME: these pwm's still need work, this guild isn't working..
|
||||
+ //http://elinux.org/EBC_Exercise_13_Pulse_Width_Modulation
|
||||
+ pwm_test_P9_14@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_14";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_14>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_16@0 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ehrpwm1 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_16";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ehrpwm1_pin_p9_16>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pwm_test_P9_42 {
|
||||
+ compatible = "pwm_test";
|
||||
+ pwms = <&ecap0 0 500000 1>;
|
||||
+ pwm-names = "PWM_P9_42";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ecap0_pin_p9_42>;
|
||||
+ enabled = <1>;
|
||||
+ duty = <0>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+ };
|
||||
+};
|
||||
--
|
||||
1.9.3
|
||||
|
42
arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
Normal file
42
arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 30cbae0ae84ca0e7f874517dc10e0ac218de4050 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:14:19 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-boneblack: add cpu0 opp points
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index bf5349165542..acfff3befff5 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -66,6 +66,24 @@
|
||||
};
|
||||
|
||||
/ {
|
||||
+ cpus {
|
||||
+ cpu@0 {
|
||||
+ cpu0-supply = <&dcdc2_reg>;
|
||||
+ /*
|
||||
+ * To consider voltage drop between PMIC and SoC,
|
||||
+ * tolerance value is reduced to 2% from 4% and
|
||||
+ * voltage value is increased as a precaution.
|
||||
+ */
|
||||
+ operating-points = <
|
||||
+ /* kHz uV */
|
||||
+ 1000000 1325000
|
||||
+ 800000 1300000
|
||||
+ 600000 1112000
|
||||
+ 300000 969000
|
||||
+ >;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
hdmi {
|
||||
compatible = "ti,tilcdc,slave";
|
||||
i2c = <&i2c0>;
|
||||
--
|
||||
1.9.3
|
||||
|
39
arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
Normal file
39
arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From dfbaa9d6f848714f27e4cb0e007e86c4ac650268 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Nelson <robertcnelson@gmail.com>
|
||||
Date: Fri, 27 Dec 2013 13:05:09 -0600
|
||||
Subject: [PATCH] arm: dts: am335x-boneblack: lcdc add panel-info
|
||||
|
||||
Bugzilla: 1012025
|
||||
Upstream-status: In beagle github repository https://github.com/beagleboard/kernel
|
||||
|
||||
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
|
||||
---
|
||||
arch/arm/boot/dts/am335x-boneblack.dts | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/am335x-boneblack.dts b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
index 305975d3f531..bf5349165542 100644
|
||||
--- a/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-boneblack.dts
|
||||
@@ -73,5 +73,18 @@
|
||||
pinctrl-0 = <&nxp_hdmi_bonelt_pins>;
|
||||
pinctrl-1 = <&nxp_hdmi_bonelt_off_pins>;
|
||||
status = "okay";
|
||||
+
|
||||
+ panel-info {
|
||||
+ bpp = <16>;
|
||||
+ ac-bias = <255>;
|
||||
+ ac-bias-intrpt = <0>;
|
||||
+ dma-burst-sz = <16>;
|
||||
+ fdd = <16>;
|
||||
+ sync-edge = <1>;
|
||||
+ sync-ctrl = <1>;
|
||||
+ raster-order = <0>;
|
||||
+ fifo-th = <0>;
|
||||
+ invert-pxl-clk;
|
||||
+ };
|
||||
};
|
||||
};
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,5 +1,14 @@
|
||||
From cb21611afe95c256214d50379279f8e79cd72cea Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Fri, 11 Jul 2014 00:10:56 +0100
|
||||
Subject: [PATCH] arm: i.MX6 Utilite device dtb
|
||||
|
||||
---
|
||||
arch/arm/boot/dts/imx6q-cm-fx6.dts | 38 ++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 38 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/imx6q-cm-fx6.dts b/arch/arm/boot/dts/imx6q-cm-fx6.dts
|
||||
index 99b46f8..8b6ddd1 100644
|
||||
index 99b46f8030ad..8b6ddd16dcc5 100644
|
||||
--- a/arch/arm/boot/dts/imx6q-cm-fx6.dts
|
||||
+++ b/arch/arm/boot/dts/imx6q-cm-fx6.dts
|
||||
@@ -97,11 +97,49 @@
|
||||
@ -52,3 +61,6 @@ index 99b46f8..8b6ddd1 100644
|
||||
+ pinctrl-0 = <&pinctrl_usdhc3>;
|
||||
+ status = "okay";
|
||||
+};
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,472 +0,0 @@
|
||||
commit d10715be03bd8bad59ddc50236cb140c3bd73c7b
|
||||
Author: Pawel Moll <pawel.moll@arm.com>
|
||||
Date: Tue Jun 24 12:55:11 2014 +0100
|
||||
|
||||
video: ARM CLCD: Add DT support
|
||||
|
||||
This patch adds basic DT bindings for the PL11x CLCD cells
|
||||
and make their fbdev driver use them.
|
||||
|
||||
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
|
||||
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
|
||||
|
||||
diff --git a/Documentation/devicetree/bindings/video/arm,pl11x.txt b/Documentation/devicetree/bindings/video/arm,pl11x.txt
|
||||
new file mode 100644
|
||||
index 0000000..3e3039a
|
||||
--- /dev/null
|
||||
+++ b/Documentation/devicetree/bindings/video/arm,pl11x.txt
|
||||
@@ -0,0 +1,109 @@
|
||||
+* ARM PrimeCell Color LCD Controller PL110/PL111
|
||||
+
|
||||
+See also Documentation/devicetree/bindings/arm/primecell.txt
|
||||
+
|
||||
+Required properties:
|
||||
+
|
||||
+- compatible: must be one of:
|
||||
+ "arm,pl110", "arm,primecell"
|
||||
+ "arm,pl111", "arm,primecell"
|
||||
+
|
||||
+- reg: base address and size of the control registers block
|
||||
+
|
||||
+- interrupt-names: either the single entry "combined" representing a
|
||||
+ combined interrupt output (CLCDINTR), or the four entries
|
||||
+ "mbe", "vcomp", "lnbu", "fuf" representing the individual
|
||||
+ CLCDMBEINTR, CLCDVCOMPINTR, CLCDLNBUINTR, CLCDFUFINTR interrupts
|
||||
+
|
||||
+- interrupts: contains an interrupt specifier for each entry in
|
||||
+ interrupt-names
|
||||
+
|
||||
+- clock-names: should contain "clcdclk" and "apb_pclk"
|
||||
+
|
||||
+- clocks: contains phandle and clock specifier pairs for the entries
|
||||
+ in the clock-names property. See
|
||||
+ Documentation/devicetree/binding/clock/clock-bindings.txt
|
||||
+
|
||||
+Optional properties:
|
||||
+
|
||||
+- memory-region: phandle to a node describing memory (see
|
||||
+ Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt)
|
||||
+ to be used for the framebuffer; if not present, the framebuffer
|
||||
+ may be located anywhere in the memory
|
||||
+
|
||||
+- max-memory-bandwidth: maximum bandwidth in bytes per second that the
|
||||
+ cell's memory interface can handle; if not present, the memory
|
||||
+ interface is fast enough to handle all possible video modes
|
||||
+
|
||||
+Required sub-nodes:
|
||||
+
|
||||
+- port: describes LCD panel signals, following the common binding
|
||||
+ for video transmitter interfaces; see
|
||||
+ Documentation/devicetree/bindings/media/video-interfaces.txt;
|
||||
+ when it is a TFT panel, the port's endpoint must define the
|
||||
+ following property:
|
||||
+
|
||||
+ - arm,pl11x,tft-r0g0b0-pads: an array of three 32-bit values,
|
||||
+ defining the way CLD pads are wired up; first value
|
||||
+ contains index of the "CLD" external pin (pad) used
|
||||
+ as R0 (first bit of the red component), second value
|
||||
+ index of the pad used as G0, third value index of the
|
||||
+ pad used as B0, see also "LCD panel signal multiplexing
|
||||
+ details" paragraphs in the PL110/PL111 Technical
|
||||
+ Reference Manuals; this implicitly defines available
|
||||
+ color modes, for example:
|
||||
+ - PL111 TFT 4:4:4 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <4 15 20>;
|
||||
+ - PL110 TFT (1:)5:5:5 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <1 7 13>;
|
||||
+ - PL111 TFT (1:)5:5:5 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <3 11 19>;
|
||||
+ - PL111 TFT 5:6:5 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <3 10 19>;
|
||||
+ - PL110 and PL111 TFT 8:8:8 panel:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
|
||||
+ - PL110 and PL111 TFT 8:8:8 panel, R & B components swapped:
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <16 8 0>;
|
||||
+
|
||||
+
|
||||
+Example:
|
||||
+
|
||||
+ clcd@10020000 {
|
||||
+ compatible = "arm,pl111", "arm,primecell";
|
||||
+ reg = <0x10020000 0x1000>;
|
||||
+ interrupt-names = "combined";
|
||||
+ interrupts = <0 44 4>;
|
||||
+ clocks = <&oscclk1>, <&oscclk2>;
|
||||
+ clock-names = "clcdclk", "apb_pclk";
|
||||
+ max-memory-bandwidth = <94371840>; /* Bps, 1024x768@60 16bpp */
|
||||
+
|
||||
+ port {
|
||||
+ clcd_pads: endpoint {
|
||||
+ remote-endpoint = <&clcd_panel>;
|
||||
+ arm,pl11x,tft-r0g0b0-pads = <0 8 16>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ };
|
||||
+
|
||||
+ panel {
|
||||
+ compatible = "panel-dpi";
|
||||
+
|
||||
+ port {
|
||||
+ clcd_panel: endpoint {
|
||||
+ remote-endpoint = <&clcd_pads>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ panel-timing {
|
||||
+ clock-frequency = <25175000>;
|
||||
+ hactive = <640>;
|
||||
+ hback-porch = <40>;
|
||||
+ hfront-porch = <24>;
|
||||
+ hsync-len = <96>;
|
||||
+ vactive = <480>;
|
||||
+ vback-porch = <32>;
|
||||
+ vfront-porch = <11>;
|
||||
+ vsync-len = <2>;
|
||||
+ };
|
||||
+ };
|
||||
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
|
||||
index 4a7098f..6f451ad 100644
|
||||
--- a/drivers/video/fbdev/Kconfig
|
||||
+++ b/drivers/video/fbdev/Kconfig
|
||||
@@ -280,6 +280,7 @@ config FB_ARMCLCD
|
||||
select FB_CFB_FILLRECT
|
||||
select FB_CFB_COPYAREA
|
||||
select FB_CFB_IMAGEBLIT
|
||||
+ select VIDEOMODE_HELPERS if OF
|
||||
help
|
||||
This framebuffer device driver is for the ARM PrimeCell PL110
|
||||
Colour LCD controller. ARM PrimeCells provide the building
|
||||
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
|
||||
index 14d6b37..23b3519 100644
|
||||
--- a/drivers/video/fbdev/amba-clcd.c
|
||||
+++ b/drivers/video/fbdev/amba-clcd.c
|
||||
@@ -26,6 +26,13 @@
|
||||
#include <linux/amba/clcd.h>
|
||||
#include <linux/clk.h>
|
||||
#include <linux/hardirq.h>
|
||||
+#include <linux/dma-mapping.h>
|
||||
+#include <linux/of.h>
|
||||
+#include <linux/of_address.h>
|
||||
+#include <linux/of_graph.h>
|
||||
+#include <video/display_timing.h>
|
||||
+#include <video/of_display_timing.h>
|
||||
+#include <video/videomode.h>
|
||||
|
||||
#include <asm/sizes.h>
|
||||
|
||||
@@ -543,6 +550,259 @@ static int clcdfb_register(struct clcd_fb *fb)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+#ifdef CONFIG_OF
|
||||
+static int clcdfb_of_get_dpi_panel_mode(struct device_node *node,
|
||||
+ struct fb_videomode *mode)
|
||||
+{
|
||||
+ int err;
|
||||
+ struct display_timing timing;
|
||||
+ struct videomode video;
|
||||
+
|
||||
+ err = of_get_display_timing(node, "panel-timing", &timing);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ videomode_from_timing(&timing, &video);
|
||||
+
|
||||
+ err = fb_videomode_from_videomode(&video, mode);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_snprintf_mode(char *buf, int size, struct fb_videomode *mode)
|
||||
+{
|
||||
+ return snprintf(buf, size, "%ux%u@%u", mode->xres, mode->yres,
|
||||
+ mode->refresh);
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_get_mode(struct device *dev, struct device_node *endpoint,
|
||||
+ struct fb_videomode *mode)
|
||||
+{
|
||||
+ int err;
|
||||
+ struct device_node *panel;
|
||||
+ char *name;
|
||||
+ int len;
|
||||
+
|
||||
+ panel = of_graph_get_remote_port_parent(endpoint);
|
||||
+ if (!panel)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ /* Only directly connected DPI panels supported for now */
|
||||
+ if (of_device_is_compatible(panel, "panel-dpi"))
|
||||
+ err = clcdfb_of_get_dpi_panel_mode(panel, mode);
|
||||
+ else
|
||||
+ err = -ENOENT;
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ len = clcdfb_snprintf_mode(NULL, 0, mode);
|
||||
+ name = devm_kzalloc(dev, len + 1, GFP_KERNEL);
|
||||
+ clcdfb_snprintf_mode(name, len + 1, mode);
|
||||
+ mode->name = name;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_init_tft_panel(struct clcd_fb *fb, u32 r0, u32 g0, u32 b0)
|
||||
+{
|
||||
+ static struct {
|
||||
+ unsigned int part;
|
||||
+ u32 r0, g0, b0;
|
||||
+ u32 caps;
|
||||
+ } panels[] = {
|
||||
+ { 0x110, 1, 7, 13, CLCD_CAP_5551 },
|
||||
+ { 0x110, 0, 8, 16, CLCD_CAP_888 },
|
||||
+ { 0x111, 4, 14, 20, CLCD_CAP_444 },
|
||||
+ { 0x111, 3, 11, 19, CLCD_CAP_444 | CLCD_CAP_5551 },
|
||||
+ { 0x111, 3, 10, 19, CLCD_CAP_444 | CLCD_CAP_5551 |
|
||||
+ CLCD_CAP_565 },
|
||||
+ { 0x111, 0, 8, 16, CLCD_CAP_444 | CLCD_CAP_5551 |
|
||||
+ CLCD_CAP_565 | CLCD_CAP_888 },
|
||||
+ };
|
||||
+ int i;
|
||||
+
|
||||
+ /* Bypass pixel clock divider, data output on the falling edge */
|
||||
+ fb->panel->tim2 = TIM2_BCD | TIM2_IPC;
|
||||
+
|
||||
+ /* TFT display, vert. comp. interrupt at the start of the back porch */
|
||||
+ fb->panel->cntl |= CNTL_LCDTFT | CNTL_LCDVCOMP(1);
|
||||
+
|
||||
+ fb->panel->caps = 0;
|
||||
+
|
||||
+ /* Match the setup with known variants */
|
||||
+ for (i = 0; i < ARRAY_SIZE(panels) && !fb->panel->caps; i++) {
|
||||
+ if (amba_part(fb->dev) != panels[i].part)
|
||||
+ continue;
|
||||
+ if (g0 != panels[i].g0)
|
||||
+ continue;
|
||||
+ if (r0 == panels[i].r0 && b0 == panels[i].b0)
|
||||
+ fb->panel->caps = panels[i].caps & CLCD_CAP_RGB;
|
||||
+ if (r0 == panels[i].b0 && b0 == panels[i].r0)
|
||||
+ fb->panel->caps = panels[i].caps & CLCD_CAP_BGR;
|
||||
+ }
|
||||
+
|
||||
+ return fb->panel->caps ? 0 : -EINVAL;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_init_display(struct clcd_fb *fb)
|
||||
+{
|
||||
+ struct device_node *endpoint;
|
||||
+ int err;
|
||||
+ u32 max_bandwidth;
|
||||
+ u32 tft_r0b0g0[3];
|
||||
+
|
||||
+ fb->panel = devm_kzalloc(&fb->dev->dev, sizeof(*fb->panel), GFP_KERNEL);
|
||||
+ if (!fb->panel)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ endpoint = of_graph_get_next_endpoint(fb->dev->dev.of_node, NULL);
|
||||
+ if (!endpoint)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ err = clcdfb_of_get_mode(&fb->dev->dev, endpoint, &fb->panel->mode);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ err = of_property_read_u32(fb->dev->dev.of_node, "max-memory-bandwidth",
|
||||
+ &max_bandwidth);
|
||||
+ if (!err)
|
||||
+ fb->panel->bpp = 8 * max_bandwidth / (fb->panel->mode.xres *
|
||||
+ fb->panel->mode.yres * fb->panel->mode.refresh);
|
||||
+ else
|
||||
+ fb->panel->bpp = 32;
|
||||
+
|
||||
+#ifdef CONFIG_CPU_BIG_ENDIAN
|
||||
+ fb->panel->cntl |= CNTL_BEBO;
|
||||
+#endif
|
||||
+ fb->panel->width = -1;
|
||||
+ fb->panel->height = -1;
|
||||
+
|
||||
+ if (of_property_read_u32_array(endpoint,
|
||||
+ "arm,pl11x,tft-r0g0b0-pads",
|
||||
+ tft_r0b0g0, ARRAY_SIZE(tft_r0b0g0)) == 0)
|
||||
+ return clcdfb_of_init_tft_panel(fb, tft_r0b0g0[0],
|
||||
+ tft_r0b0g0[1], tft_r0b0g0[2]);
|
||||
+
|
||||
+ return -ENOENT;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_vram_setup(struct clcd_fb *fb)
|
||||
+{
|
||||
+ int err;
|
||||
+ struct device_node *memory;
|
||||
+ u64 size;
|
||||
+
|
||||
+ err = clcdfb_of_init_display(fb);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ memory = of_parse_phandle(fb->dev->dev.of_node, "memory-region", 0);
|
||||
+ if (!memory)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ fb->fb.screen_base = of_iomap(memory, 0);
|
||||
+ if (!fb->fb.screen_base)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ fb->fb.fix.smem_start = of_translate_address(memory,
|
||||
+ of_get_address(memory, 0, &size, NULL));
|
||||
+ fb->fb.fix.smem_len = size;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_vram_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
|
||||
+{
|
||||
+ unsigned long off, user_size, kernel_size;
|
||||
+
|
||||
+
|
||||
+ off = vma->vm_pgoff << PAGE_SHIFT;
|
||||
+ user_size = vma->vm_end - vma->vm_start;
|
||||
+ kernel_size = fb->fb.fix.smem_len;
|
||||
+
|
||||
+ if (off >= kernel_size || user_size > (kernel_size - off))
|
||||
+ return -ENXIO;
|
||||
+
|
||||
+ return remap_pfn_range(vma, vma->vm_start,
|
||||
+ __phys_to_pfn(fb->fb.fix.smem_start) + vma->vm_pgoff,
|
||||
+ user_size,
|
||||
+ pgprot_writecombine(vma->vm_page_prot));
|
||||
+}
|
||||
+
|
||||
+static void clcdfb_of_vram_remove(struct clcd_fb *fb)
|
||||
+{
|
||||
+ iounmap(fb->fb.screen_base);
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_dma_setup(struct clcd_fb *fb)
|
||||
+{
|
||||
+ unsigned long framesize;
|
||||
+ dma_addr_t dma;
|
||||
+ int err;
|
||||
+
|
||||
+ err = clcdfb_of_init_display(fb);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+
|
||||
+ framesize = fb->panel->mode.xres * fb->panel->mode.yres *
|
||||
+ fb->panel->bpp / 8;
|
||||
+ fb->fb.screen_base = dma_alloc_coherent(&fb->dev->dev, framesize,
|
||||
+ &dma, GFP_KERNEL);
|
||||
+ if (!fb->fb.screen_base)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ fb->fb.fix.smem_start = dma;
|
||||
+ fb->fb.fix.smem_len = framesize;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int clcdfb_of_dma_mmap(struct clcd_fb *fb, struct vm_area_struct *vma)
|
||||
+{
|
||||
+ return dma_mmap_writecombine(&fb->dev->dev, vma, fb->fb.screen_base,
|
||||
+ fb->fb.fix.smem_start, fb->fb.fix.smem_len);
|
||||
+}
|
||||
+
|
||||
+static void clcdfb_of_dma_remove(struct clcd_fb *fb)
|
||||
+{
|
||||
+ dma_free_coherent(&fb->dev->dev, fb->fb.fix.smem_len,
|
||||
+ fb->fb.screen_base, fb->fb.fix.smem_start);
|
||||
+}
|
||||
+
|
||||
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
|
||||
+{
|
||||
+ struct clcd_board *board = devm_kzalloc(&dev->dev, sizeof(*board),
|
||||
+ GFP_KERNEL);
|
||||
+ struct device_node *node = dev->dev.of_node;
|
||||
+
|
||||
+ if (!board)
|
||||
+ return NULL;
|
||||
+
|
||||
+ board->name = of_node_full_name(node);
|
||||
+ board->caps = CLCD_CAP_ALL;
|
||||
+ board->check = clcdfb_check;
|
||||
+ board->decode = clcdfb_decode;
|
||||
+ if (of_find_property(node, "memory-region", NULL)) {
|
||||
+ board->setup = clcdfb_of_vram_setup;
|
||||
+ board->mmap = clcdfb_of_vram_mmap;
|
||||
+ board->remove = clcdfb_of_vram_remove;
|
||||
+ } else {
|
||||
+ board->setup = clcdfb_of_dma_setup;
|
||||
+ board->mmap = clcdfb_of_dma_mmap;
|
||||
+ board->remove = clcdfb_of_dma_remove;
|
||||
+ }
|
||||
+
|
||||
+ return board;
|
||||
+}
|
||||
+#else
|
||||
+static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
|
||||
{
|
||||
struct clcd_board *board = dev_get_platdata(&dev->dev);
|
||||
@@ -550,6 +810,9 @@ static int clcdfb_probe(struct amba_device *dev, const struct amba_id *id)
|
||||
int ret;
|
||||
|
||||
if (!board)
|
||||
+ board = clcdfb_of_get_board(dev);
|
||||
+
|
||||
+ if (!board)
|
||||
return -EINVAL;
|
||||
|
||||
ret = dma_set_mask_and_coherent(&dev->dev, DMA_BIT_MASK(32));
|
||||
commit 1d5167b72ca05b2096760e1200fcd53b5f9a7562
|
||||
Author: Pawel Moll <pawel.moll@arm.com>
|
||||
Date: Fri Aug 1 15:43:34 2014 +0100
|
||||
|
||||
video: ARM CLCD: Fix DT-related build problems
|
||||
|
||||
This patch fixes the following error when !CONFIG_OF:
|
||||
|
||||
drivers/video/fbdev/amba-clcd.c:800:54: warning: ‘struct amba_dev’ declared inside parameter list [enabled by default]
|
||||
static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
|
||||
^
|
||||
and adds a missing Kconfig select causing this
|
||||
when CONFIG_OF && !CONFIG_FB_MODE_HELPERS:
|
||||
|
||||
drivers/video/fbdev/amba-clcd.c:567: undefined reference to `fb_videomode_from_videomode'
|
||||
|
||||
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
|
||||
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
|
||||
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
|
||||
|
||||
diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
|
||||
index 6f451ad..ef94623 100644
|
||||
--- a/drivers/video/fbdev/Kconfig
|
||||
+++ b/drivers/video/fbdev/Kconfig
|
||||
@@ -280,6 +280,7 @@ config FB_ARMCLCD
|
||||
select FB_CFB_FILLRECT
|
||||
select FB_CFB_COPYAREA
|
||||
select FB_CFB_IMAGEBLIT
|
||||
+ select FB_MODE_HELPERS if OF
|
||||
select VIDEOMODE_HELPERS if OF
|
||||
help
|
||||
This framebuffer device driver is for the ARM PrimeCell PL110
|
||||
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
|
||||
index 23b3519..beadd3e 100644
|
||||
--- a/drivers/video/fbdev/amba-clcd.c
|
||||
+++ b/drivers/video/fbdev/amba-clcd.c
|
||||
@@ -797,7 +797,7 @@ static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
|
||||
return board;
|
||||
}
|
||||
#else
|
||||
-static struct clcd_board *clcdfb_of_get_board(struct amba_dev *dev)
|
||||
+static struct clcd_board *clcdfb_of_get_board(struct amba_device *dev)
|
||||
{
|
||||
return NULL;
|
||||
}
|
@ -1,111 +0,0 @@
|
||||
From: Stephen Warren <swarren@xxxxxxxxxx>
|
||||
|
||||
When tegra-drm.ko is built as a module, these MODULE_DEVICE_TABLEs allow
|
||||
the module to be auto-loaded since the module will match the devices
|
||||
instantiated from device tree.
|
||||
|
||||
(Notes for stable: in 3.14+, just git rm any conflicting file, since they
|
||||
are added in later kernels. For 3.13 and below, manual merging will be
|
||||
needed)
|
||||
|
||||
Cc: <stable@xxxxxxxxxxxxxxx>
|
||||
Signed-off-by: Stephen Warren <swarren@xxxxxxxxxx>
|
||||
---
|
||||
v2: Remove change to drm.c, since the match table there isn't used for
|
||||
probing.
|
||||
---
|
||||
drivers/gpu/drm/tegra/dc.c | 1 +
|
||||
drivers/gpu/drm/tegra/dpaux.c | 1 +
|
||||
drivers/gpu/drm/tegra/dsi.c | 1 +
|
||||
drivers/gpu/drm/tegra/gr2d.c | 1 +
|
||||
drivers/gpu/drm/tegra/gr3d.c | 1 +
|
||||
drivers/gpu/drm/tegra/hdmi.c | 1 +
|
||||
drivers/gpu/drm/tegra/sor.c | 1 +
|
||||
7 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
|
||||
index ef40381f3909..48c3bc460eef 100644
|
||||
--- a/drivers/gpu/drm/tegra/dc.c
|
||||
+++ b/drivers/gpu/drm/tegra/dc.c
|
||||
@@ -1303,6 +1303,7 @@ static const struct of_device_id tegra_dc_of_match[] = {
|
||||
/* sentinel */
|
||||
}
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, tegra_dc_of_match);
|
||||
|
||||
static int tegra_dc_parse_dt(struct tegra_dc *dc)
|
||||
{
|
||||
diff --git a/drivers/gpu/drm/tegra/dpaux.c b/drivers/gpu/drm/tegra/dpaux.c
|
||||
index 3f132e356e9c..708f783ead47 100644
|
||||
--- a/drivers/gpu/drm/tegra/dpaux.c
|
||||
+++ b/drivers/gpu/drm/tegra/dpaux.c
|
||||
@@ -382,6 +382,7 @@ static const struct of_device_id tegra_dpaux_of_match[] = {
|
||||
{ .compatible = "nvidia,tegra124-dpaux", },
|
||||
{ },
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, tegra_dpaux_of_match);
|
||||
|
||||
struct platform_driver tegra_dpaux_driver = {
|
||||
.driver = {
|
||||
diff --git a/drivers/gpu/drm/tegra/dsi.c b/drivers/gpu/drm/tegra/dsi.c
|
||||
index bd56f2affa78..97c409f10456 100644
|
||||
--- a/drivers/gpu/drm/tegra/dsi.c
|
||||
+++ b/drivers/gpu/drm/tegra/dsi.c
|
||||
@@ -982,6 +982,7 @@ static const struct of_device_id tegra_dsi_of_match[] = {
|
||||
{ .compatible = "nvidia,tegra114-dsi", },
|
||||
{ },
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, tegra_dsi_of_match);
|
||||
|
||||
struct platform_driver tegra_dsi_driver = {
|
||||
.driver = {
|
||||
diff --git a/drivers/gpu/drm/tegra/gr2d.c b/drivers/gpu/drm/tegra/gr2d.c
|
||||
index 7c53941f2a9e..02cd3e37a6ec 100644
|
||||
--- a/drivers/gpu/drm/tegra/gr2d.c
|
||||
+++ b/drivers/gpu/drm/tegra/gr2d.c
|
||||
@@ -121,6 +121,7 @@ static const struct of_device_id gr2d_match[] = {
|
||||
{ .compatible = "nvidia,tegra20-gr2d" },
|
||||
{ },
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, gr2d_match);
|
||||
|
||||
static const u32 gr2d_addr_regs[] = {
|
||||
GR2D_UA_BASE_ADDR,
|
||||
diff --git a/drivers/gpu/drm/tegra/gr3d.c b/drivers/gpu/drm/tegra/gr3d.c
|
||||
index 30f5ba9bd6d0..2bea2b2d204e 100644
|
||||
--- a/drivers/gpu/drm/tegra/gr3d.c
|
||||
+++ b/drivers/gpu/drm/tegra/gr3d.c
|
||||
@@ -130,6 +130,7 @@ static const struct of_device_id tegra_gr3d_match[] = {
|
||||
{ .compatible = "nvidia,tegra20-gr3d" },
|
||||
{ }
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, tegra_gr3d_match);
|
||||
|
||||
static const u32 gr3d_addr_regs[] = {
|
||||
GR3D_IDX_ATTRIBUTE( 0),
|
||||
diff --git a/drivers/gpu/drm/tegra/hdmi.c b/drivers/gpu/drm/tegra/hdmi.c
|
||||
index a0b8d8539d07..84ea0c8b47f7 100644
|
||||
--- a/drivers/gpu/drm/tegra/hdmi.c
|
||||
+++ b/drivers/gpu/drm/tegra/hdmi.c
|
||||
@@ -1370,6 +1370,7 @@ static const struct of_device_id tegra_hdmi_of_match[] = {
|
||||
{ .compatible = "nvidia,tegra20-hdmi", .data = &tegra20_hdmi_config },
|
||||
{ },
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, tegra_hdmi_of_match);
|
||||
|
||||
static int tegra_hdmi_probe(struct platform_device *pdev)
|
||||
{
|
||||
diff --git a/drivers/gpu/drm/tegra/sor.c b/drivers/gpu/drm/tegra/sor.c
|
||||
index 27c979b50111..061a5c501124 100644
|
||||
--- a/drivers/gpu/drm/tegra/sor.c
|
||||
+++ b/drivers/gpu/drm/tegra/sor.c
|
||||
@@ -1455,6 +1455,7 @@ static const struct of_device_id tegra_sor_of_match[] = {
|
||||
{ .compatible = "nvidia,tegra124-sor", },
|
||||
{ },
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, tegra_sor_of_match);
|
||||
|
||||
struct platform_driver tegra_sor_driver = {
|
||||
.driver = {
|
||||
--
|
||||
1.8.1.5
|
@ -1,16 +0,0 @@
|
||||
--- linux-3.3.4-3.fc17.x86_64_orig/drivers/usb/core/hub.c 2012-05-02 20:08:18.421685932 -0400
|
||||
+++ linux-3.3.4-3.fc17.x86_64/drivers/usb/core/hub.c 2012-05-02 20:30:36.565865425 -0400
|
||||
@@ -3484,6 +3484,13 @@ static void hub_events(void)
|
||||
(u16) hub->change_bits[0],
|
||||
(u16) hub->event_bits[0]);
|
||||
|
||||
+ /* Don't disconnect USB-SATA on TrimSlice */
|
||||
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
|
||||
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
|
||||
+ (hub->event_bits[0] == 0x2))
|
||||
+ hub->event_bits[0] = 0;
|
||||
+ }
|
||||
+
|
||||
/* Lock the device, then check to see if we were
|
||||
* disconnected while waiting for the lock to succeed. */
|
||||
usb_lock_device(hdev);
|
@ -1,69 +0,0 @@
|
||||
Bugzilla: 1097436
|
||||
Upstream-status: Sent upstream for 3.16
|
||||
|
||||
From f6fad201a0e4584e9826a2deb8ebbfccdb8cb13b Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 17:41:01 +0200
|
||||
Subject: [PATCH 04/14] asus-wmi: Add a no backlight quirk
|
||||
|
||||
Some Asus motherboards for desktop PC-s export an acpi-video and
|
||||
an asus-wmi interface advertising backlight support. Add a quirk to allow
|
||||
to blacklist these so that desktop environments such as gnome don't start
|
||||
showing nonsense brightness controls.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/asus-wmi.c | 8 ++++++--
|
||||
drivers/platform/x86/asus-wmi.h | 1 +
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index c5e082fb82fa..6f73dc5125ca 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1272,6 +1272,9 @@ static int asus_wmi_backlight_init(struct asus_wmi *asus)
|
||||
int max;
|
||||
int power;
|
||||
|
||||
+ if (asus->driver->quirks->no_backlight)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
max = read_brightness_max(asus);
|
||||
|
||||
if (max == -ENODEV)
|
||||
@@ -1370,7 +1373,7 @@ static void asus_wmi_notify(u32 value, void *context)
|
||||
code = ASUS_WMI_BRN_DOWN;
|
||||
|
||||
if (code == ASUS_WMI_BRN_DOWN || code == ASUS_WMI_BRN_UP) {
|
||||
- if (!acpi_video_backlight_support()) {
|
||||
+ if (asus->backlight_device) {
|
||||
asus_wmi_backlight_notify(asus, orig_code);
|
||||
goto exit;
|
||||
}
|
||||
@@ -1773,7 +1776,8 @@ static int asus_wmi_add(struct platform_device *pdev)
|
||||
if (err)
|
||||
goto fail_rfkill;
|
||||
|
||||
- if (asus->driver->quirks->wmi_backlight_power)
|
||||
+ if (asus->driver->quirks->wmi_backlight_power ||
|
||||
+ asus->driver->quirks->no_backlight)
|
||||
acpi_video_dmi_promote_vendor();
|
||||
if (!acpi_video_backlight_support()) {
|
||||
pr_info("Disabling ACPI video driver\n");
|
||||
diff --git a/drivers/platform/x86/asus-wmi.h b/drivers/platform/x86/asus-wmi.h
|
||||
index 4da4c8bafe70..cc47efe14974 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.h
|
||||
+++ b/drivers/platform/x86/asus-wmi.h
|
||||
@@ -42,6 +42,7 @@ struct quirk_entry {
|
||||
bool scalar_panel_brightness;
|
||||
bool store_backlight_power;
|
||||
bool wmi_backlight_power;
|
||||
+ bool no_backlight;
|
||||
int wapf;
|
||||
/*
|
||||
* For machines with AMD graphic chips, it will send out WMI event
|
||||
--
|
||||
1.9.0
|
||||
|
54
asus-wmi-Restrict-debugfs-interface-when-module-load.patch
Normal file
54
asus-wmi-Restrict-debugfs-interface-when-module-load.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From f04bd0bd583d4b531b2adc7299c85b4e9934a133 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
|
||||
restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
be manipulated in such a way that arbitrary code can be executed in the
|
||||
kernel, circumventing module loading restrictions. Prevent that if any of
|
||||
these features are enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/platform/x86/asus-wmi.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index 21fc932da3a1..c6d42ad95c08 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1590,6 +1590,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
||||
|
||||
if (err < 0)
|
||||
@@ -1606,6 +1609,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
||||
&retval);
|
||||
|
||||
@@ -1630,6 +1636,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||
union acpi_object *obj;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,6 +1,17 @@
|
||||
From d57ac23df8a6f1b21bd55d0884ae81f6e8e3bb8f Mon Sep 17 00:00:00 2001
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Wed, 6 Feb 2013 09:57:47 -0500
|
||||
Subject: [PATCH] ath9k: rx dma stop check
|
||||
|
||||
---
|
||||
drivers/net/wireless/ath/ath9k/mac.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c
|
||||
index 275205ab5f15..bb842623bdf6 100644
|
||||
--- a/drivers/net/wireless/ath/ath9k/mac.c
|
||||
+++ b/drivers/net/wireless/ath/ath9k/mac.c
|
||||
@@ -689,7 +689,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
|
||||
@@ -700,7 +700,7 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
|
||||
{
|
||||
#define AH_RX_STOP_DMA_TIMEOUT 10000 /* usec */
|
||||
struct ath_common *common = ath9k_hw_common(ah);
|
||||
@ -9,7 +20,7 @@
|
||||
int i;
|
||||
|
||||
/* Enable access to the DMA observation bus */
|
||||
@@ -719,6 +719,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw
|
||||
@@ -730,6 +730,16 @@ bool ath9k_hw_stopdmarecv(struct ath_hw *ah, bool *reset)
|
||||
}
|
||||
|
||||
if (i == 0) {
|
||||
@ -26,3 +37,6 @@
|
||||
ath_err(common,
|
||||
"DMA failed to stop in %d ms AR_CR=0x%08x AR_DIAG_SW=0x%08x DMADBG_7=0x%08x\n",
|
||||
AH_RX_STOP_DMA_TIMEOUT / 1000,
|
||||
--
|
||||
1.9.3
|
||||
|
@ -8,6 +8,7 @@ CONFIG_HW_PERF_EVENTS=y
|
||||
CONFIG_NFS_FS=y
|
||||
|
||||
CONFIG_CRASH=m
|
||||
CONFIG_CC_STACKPROTECTOR=y
|
||||
|
||||
# CONFIG_PID_IN_CONTEXTIDR is not set
|
||||
|
||||
@ -42,6 +43,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y
|
||||
# ARM AMBA generic HW
|
||||
CONFIG_ARM_AMBA=y
|
||||
CONFIG_ARM_CCI=y
|
||||
CONFIG_ARM_CCN=y
|
||||
CONFIG_ARM_DMA_USE_IOMMU=y
|
||||
CONFIG_ARM_DMA_IOMMU_ALIGNMENT=8
|
||||
CONFIG_ARM_GIC=y
|
||||
@ -104,6 +106,7 @@ CONFIG_EXTCON=m
|
||||
CONFIG_OF_EXTCON=m
|
||||
CONFIG_EXTCON_GPIO=m
|
||||
CONFIG_EXTCON_ADC_JACK=m
|
||||
# CONFIG_EXTCON_SM5502 is not set
|
||||
|
||||
# MTD
|
||||
CONFIG_MTD_BLKDEVS=m
|
||||
@ -177,18 +180,29 @@ CONFIG_CMA_AREAS=7
|
||||
# CONFIG_CRYPTO_TEST is not set
|
||||
# CONFIG_TRANSPARENT_HUGEPAGE is not set
|
||||
# CONFIG_XEN is not set
|
||||
|
||||
# CONFIG_DRM_RCAR_DU is not set
|
||||
# CONFIG_I2C_RCAR is not set
|
||||
# CONFIG_DRM_SHMOBILE is not set
|
||||
# CONFIG_I2C_SH_MOBILE is not set
|
||||
# CONFIG_MMC_DW_SOCFPGA is not set
|
||||
# CONFIG_I2C_NOMADIK is not set
|
||||
# CONFIG_IRQ_DOMAIN_DEBUG is not set
|
||||
# CONFIG_LEDS_RENESAS_TPU is not set
|
||||
# CONFIG_LOCK_STAT is not set
|
||||
|
||||
# CONFIG_DRM_ARMADA is not set
|
||||
# CONFIG_DRM_TEGRA is not set
|
||||
# CONFIG_SHMOBILE_IOMMU is not set
|
||||
|
||||
# CONFIG_COMMON_CLK_SI570 is not set
|
||||
# CONFIG_COMMON_CLK_QCOM is not set
|
||||
|
||||
# CONFIG_IRQ_DOMAIN_DEBUG is not set
|
||||
# CONFIG_ARM_PTDUMP is not set
|
||||
|
||||
### turn off things which make no sense on ARM
|
||||
# CONFIG_PATA_PLATFORM is not set
|
||||
# CONFIG_USB_ULPI is not set
|
||||
|
||||
### turn off things which make no sense on embedded SoC
|
||||
|
||||
# core
|
||||
|
||||
@ -201,8 +215,6 @@ CONFIG_CMA_AREAS=7
|
||||
# CONFIG_ISDN is not set
|
||||
# CONFIG_GAMEPORT is not set
|
||||
# CONFIG_AGP is not set
|
||||
# CONFIG_PATA_PLATFORM is not set
|
||||
# CONFIG_USB_ULPI is not set
|
||||
|
||||
# netdrv
|
||||
|
||||
@ -241,10 +253,17 @@ CONFIG_CMA_AREAS=7
|
||||
# CONFIG_SCSI_MPT3SAS is not set
|
||||
|
||||
# serial
|
||||
# CONFIG_SERIAL_SH_SCI is not set
|
||||
# CONFIG_SERIAL_MAX3100 is not set
|
||||
# CONFIG_SERIAL_MAX310X is not set
|
||||
# CONFIG_SERIAL_IFX6X60 is not set
|
||||
|
||||
# drm
|
||||
# CONFIG_DRM_VMWGFX is not set
|
||||
# CONFIG_IMX_IPUV3_CORE is not set
|
||||
|
||||
# CONFIG_DEBUG_SET_MODULE_RONX is not set
|
||||
|
||||
# CONFIG_LATTICE_ECP3_CONFIG is not set
|
||||
# CONFIG_BMP085_SPI is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
# CONFIG_SPI_ROCKCHIP is not set
|
||||
|
@ -30,7 +30,6 @@ CONFIG_GENERIC_ACL=y
|
||||
CONFIG_GENERIC_CALIBRATE_DELAY=y
|
||||
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
|
||||
CONFIG_GENERIC_CSUM=y
|
||||
CONFIG_GENERIC_HARDIRQS=y
|
||||
CONFIG_GENERIC_HWEIGHT=y
|
||||
CONFIG_GENERIC_IO=y
|
||||
CONFIG_GENERIC_PCI_IOMAP=y
|
||||
@ -81,6 +80,11 @@ CONFIG_CRYPTO_AES_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
|
||||
CONFIG_CRYPTO_DEV_CCP=y
|
||||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
|
||||
|
||||
CONFIG_I2C_ACPI=y
|
||||
|
||||
# APM Xgene
|
||||
CONFIG_POWER_RESET_XGENE=y
|
||||
@ -111,3 +115,5 @@ CONFIG_PCI_XGENE=y
|
||||
CONFIG_HOTPLUG_PCI=y
|
||||
# CONFIG_HOTPLUG_PCI_CPCI is not set
|
||||
# CONFIG_HOTPLUG_PCI_SHPC is not set
|
||||
|
||||
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
|
||||
|
19
config-armv7
19
config-armv7
@ -10,7 +10,6 @@ CONFIG_ARCH_OMAP4=y
|
||||
CONFIG_ARCH_PICOXCELL=y
|
||||
CONFIG_ARCH_QCOM=y
|
||||
CONFIG_ARCH_ROCKCHIP=y
|
||||
# CONFIG_ARCH_SOCFPGA is not set
|
||||
CONFIG_ARCH_TEGRA=y
|
||||
CONFIG_ARCH_U8500=y
|
||||
# CONFIG_ARCH_VIRT is not set
|
||||
@ -39,7 +38,7 @@ CONFIG_MV643XX_ETH=m
|
||||
CONFIG_PINCTRL_MVEBU=y
|
||||
CONFIG_PINCTRL_ARMADA_370=y
|
||||
CONFIG_PINCTRL_ARMADA_XP=y
|
||||
# CONFIG_ARM_ARMADA_370_XP_CPUIDLE is not set
|
||||
# CONFIG_ARM_MVEBU_V7_CPUIDLE is not set
|
||||
CONFIG_PINCTRL_DOVE=y
|
||||
CONFIG_EDAC_MV64X60=m
|
||||
CONFIG_RTC_DRV_S35390A=m
|
||||
@ -115,7 +114,6 @@ CONFIG_OMAP_DM_TIMER=y
|
||||
CONFIG_OMAP_PM_NOOP=y
|
||||
CONFIG_DMA_OMAP=y
|
||||
CONFIG_OMAP_IOMMU=y
|
||||
CONFIG_OMAP_IOVMM=m
|
||||
CONFIG_HWSPINLOCK_OMAP=m
|
||||
CONFIG_OMAP3_EMU=y
|
||||
# CONFIG_OMAP3_SDRC_AC_TIMING is not set
|
||||
@ -136,6 +134,7 @@ CONFIG_BATTERY_TWL4030_MADC=m
|
||||
CONFIG_OMAP_USB2=m
|
||||
CONFIG_OMAP_CONTROL_PHY=m
|
||||
CONFIG_TI_PIPE3=m
|
||||
CONFIG_PCI_DRA7XX=y
|
||||
CONFIG_TWL4030_USB=m
|
||||
CONFIG_TWL6030_USB=m
|
||||
CONFIG_TWL6030_PWM=m
|
||||
@ -173,6 +172,7 @@ CONFIG_REGULATOR_PBIAS=m
|
||||
CONFIG_RTC_DRV_PALMAS=m
|
||||
CONFIG_OMAP5_DSS_HDMI=y
|
||||
CONFIG_OMAP5_DSS_HDMI_AUDIO=y
|
||||
CONFIG_COMMON_CLK_PALMAS=m
|
||||
|
||||
CONFIG_WL_TI=y
|
||||
CONFIG_WLCORE_SDIO=m
|
||||
@ -301,7 +301,6 @@ CONFIG_RADIO_WL128X=m
|
||||
|
||||
CONFIG_OMAP_REMOTEPROC=m
|
||||
|
||||
# CONFIG_TIDSPBRIDGE is not set
|
||||
# CONFIG_OMAP2_DSS_DEBUGFS is not set
|
||||
# CONFIG_OMAP_IOMMU_DEBUG is not set
|
||||
# CONFIG_OMAP_MUX_DEBUG is not set
|
||||
@ -334,6 +333,7 @@ CONFIG_SND_DAVINCI_SOC_I2S=m
|
||||
CONFIG_SND_DAVINCI_SOC_MCASP=m
|
||||
CONFIG_SND_DAVINCI_SOC_VCIF=m
|
||||
CONFIG_SND_DAVINCI_SOC_GENERIC_EVM=m
|
||||
CONFIG_SND_EDMA_SOC=m
|
||||
CONFIG_SND_AM33XX_SOC_EVM=m
|
||||
CONFIG_REGULATOR_TI_ABB=m
|
||||
CONFIG_TI_ADC081C=m
|
||||
@ -351,7 +351,6 @@ CONFIG_SERIAL_MSM_CONSOLE=y
|
||||
CONFIG_PINCTRL_APQ8064=m
|
||||
CONFIG_PINCTRL_IPQ8064=m
|
||||
CONFIG_PINCTRL_MSM8960=m
|
||||
CONFIG_PINCTRL_MSM8960=m
|
||||
CONFIG_COMMON_CLK_QCOM=m
|
||||
CONFIG_APQ_GCC_8084=m
|
||||
CONFIG_APQ_MMCC_8084=m
|
||||
@ -370,6 +369,9 @@ CONFIG_USB_MSM_OTG=m
|
||||
CONFIG_MMC_SDHCI_MSM=m
|
||||
CONFIG_QCOM_BAM_DMA=m
|
||||
CONFIG_QCOM_GSBI=m
|
||||
CONFIG_PHY_QCOM_APQ8064_SATA=m
|
||||
CONFIG_PHY_QCOM_IPQ806X_SATA=m
|
||||
CONFIG_CRYPTO_DEV_QCE=m
|
||||
CONFIG_MSM_IOMMU=y
|
||||
CONFIG_DRM_MSM=m
|
||||
CONFIG_DRM_MSM_FBDEV=y
|
||||
@ -386,7 +388,6 @@ CONFIG_SOC_IMX6Q=y
|
||||
CONFIG_SOC_IMX6SL=y
|
||||
CONFIG_SOC_IMX6SX=y
|
||||
# CONFIG_SOC_VF610 is not set
|
||||
CONFIG_MACH_IMX51_DT=y
|
||||
CONFIG_ARM_IMX6Q_CPUFREQ=m
|
||||
CONFIG_PCI_IMX6=y
|
||||
CONFIG_IMX_THERMAL=m
|
||||
@ -428,6 +429,7 @@ CONFIG_RTC_DRV_SNVS=m
|
||||
# CONFIG_FB_IMX is not set
|
||||
|
||||
CONFIG_SND_IMX_SOC=m
|
||||
CONFIG_SND_SOC_FSL_ASRC=m
|
||||
CONFIG_SND_SOC_FSL_ESAI=m
|
||||
CONFIG_SND_SOC_FSL_SAI=m
|
||||
CONFIG_SND_SOC_FSL_SPDIF=m
|
||||
@ -507,6 +509,9 @@ CONFIG_REGULATOR_DA9055=m
|
||||
|
||||
# Rockchips
|
||||
CONFIG_I2C_RK3X=m
|
||||
CONFIG_SPI_ROCKCHIP=m
|
||||
CONFIG_SND_SOC_ROCKCHIP=m
|
||||
CONFIG_PWM_ROCKCHIP=m
|
||||
|
||||
# ST Ericsson
|
||||
CONFIG_MACH_HREFV60=y
|
||||
@ -605,6 +610,8 @@ CONFIG_LATTICE_ECP3_CONFIG=m
|
||||
CONFIG_NET_VENDOR_XILINX=y
|
||||
CONFIG_XILINX_EMACLITE=m
|
||||
CONFIG_GPIO_XILINX=y
|
||||
# Broken
|
||||
# CONFIG_GPIO_ZYNQ is not set
|
||||
CONFIG_I2C_XILINX=m
|
||||
CONFIG_SPI_XILINX=m
|
||||
CONFIG_SPI_CADENCE=m
|
||||
|
@ -60,9 +60,13 @@ CONFIG_ARCH_VEXPRESS_CORTEX_A5_A9_ERRATA=y
|
||||
# CONFIG_ARCH_BCM is not set
|
||||
# CONFIG_ARCH_BERLIN is not set
|
||||
# CONFIG_ARCH_HI3xxx is not set
|
||||
# CONFIG_ARCH_HISI is not set
|
||||
# CONFIG_ARCH_MEDIATEK is not set
|
||||
# CONFIG_ARCH_QCOM is not set
|
||||
# CONFIG_ARCH_S5PV210 is not set
|
||||
# CONFIG_ARCH_SHMOBILE_MULTI is not set
|
||||
# CONFIG_ARCH_SIRF is not set
|
||||
# CONFIG_ARCH_SOCFPGA is not set
|
||||
# CONFIG_PLAT_SPEAR is not set
|
||||
# CONFIG_ARCH_STI is not set
|
||||
# CONFIG_ARCH_U8500 is not set
|
||||
@ -122,7 +126,6 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768
|
||||
CONFIG_XZ_DEC_ARM=y
|
||||
|
||||
CONFIG_UACCESS_WITH_MEMCPY=y
|
||||
CONFIG_CC_STACKPROTECTOR=y
|
||||
|
||||
CONFIG_PCI_HOST_GENERIC=y
|
||||
|
||||
@ -165,11 +168,11 @@ CONFIG_ARM_HIGHBANK_CPUFREQ=m
|
||||
# CONFIG_MACH_SUN5I is not set
|
||||
CONFIG_MACH_SUN6I=y
|
||||
CONFIG_MACH_SUN7I=y
|
||||
CONFIG_PINCTRL_SUNXI=y
|
||||
# CONFIG_MACH_SUN8I is not set
|
||||
CONFIG_DMA_SUN6I=m
|
||||
CONFIG_SUNXI_WATCHDOG=m
|
||||
CONFIG_NET_VENDOR_ALLWINNER=y
|
||||
CONFIG_STMMAC_PLATFORM=y
|
||||
CONFIG_DWMAC_SOCFPGA=y
|
||||
CONFIG_DWMAC_SUNXI=y
|
||||
CONFIG_EEPROM_SUNXI_SID=m
|
||||
CONFIG_RTC_DRV_SUNXI=m
|
||||
@ -184,11 +187,10 @@ CONFIG_POWER_RESET_SUN6I=y
|
||||
CONFIG_TOUCHSCREEN_SUN4I=m
|
||||
CONFIG_MFD_AXP20X=y
|
||||
CONFIG_REGULATOR_AXP20X=m
|
||||
CONFIG_IR_SUNXI=m
|
||||
CONFIG_MDIO_SUN4I=m
|
||||
CONFIG_SUN4I_EMAC=m
|
||||
|
||||
CONFIG_MDIO_SUN4I=m
|
||||
CONFIG_SUN4I_EMAC=m
|
||||
# Exynos
|
||||
CONFIG_ARCH_EXYNOS3=y
|
||||
CONFIG_ARCH_EXYNOS4=y
|
||||
@ -427,6 +429,7 @@ CONFIG_MFD_TPS65912_SPI=y
|
||||
# CONFIG_MFD_TPS80031 is not set
|
||||
# CONFIG_TWL4030_CORE is not set
|
||||
# CONFIG_TWL6040_CORE is not set
|
||||
#
|
||||
|
||||
# Pin stuff
|
||||
CONFIG_PINMUX=y
|
||||
@ -440,6 +443,7 @@ CONFIG_GENERIC_PINCONF=y
|
||||
# CONFIG_PINCTRL_BCM281XX is not set
|
||||
# CONFIG_PINCTRL_APQ8064 is not set
|
||||
# CONFIG_PINCTRL_IPQ8064 is not set
|
||||
# CONFIG_PINCTRL_MSM8960 is not set
|
||||
|
||||
# GPIO
|
||||
# CONFIG_GPIO_EM is not set
|
||||
@ -478,7 +482,6 @@ CONFIG_SPI_OC_TINY=m
|
||||
CONFIG_SPI_SC18IS602=m
|
||||
CONFIG_SPI_TLE62X0=m
|
||||
CONFIG_SPI_XCOMM=m
|
||||
CONFIG_SPI_XILINX=m
|
||||
# CONFIG_SPI_FSL_SPI is not set
|
||||
# CONFIG_SPI_CADENCE is not set
|
||||
|
||||
@ -493,6 +496,8 @@ CONFIG_I2C_MV64XXX=m
|
||||
CONFIG_CRYPTO_SHA1_ARM=m
|
||||
CONFIG_CRYPTO_AES_ARM=m
|
||||
# CONFIG_CRYPTO_AES_ARM_BS is not set
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=m
|
||||
|
||||
# DMA
|
||||
CONFIG_TI_PRIV_EDMA=y
|
||||
@ -550,7 +555,6 @@ CONFIG_MMC_DW_PLTFM=m
|
||||
CONFIG_MMC_DW_PCI=m
|
||||
CONFIG_SPI_DW_MMIO=m
|
||||
CONFIG_SPI_DW_PCI=m
|
||||
# CONFIG_MMC_DW_SOCFPGA is not set
|
||||
# CONFIG_MMC_DW_IDMAC is not set
|
||||
# CONFIG_MMC_DW_K3 is not set
|
||||
CONFIG_USB_DWC2=y
|
||||
@ -565,6 +569,7 @@ CONFIG_USB_DWC3_OMAP=m
|
||||
CONFIG_USB_DWC3_PCI=m
|
||||
# CONFIG_USB_DWC3_DEBUG is not set
|
||||
# CONFIG_USB_DWC3_KEYSTONE is not set
|
||||
# CONFIG_DWC3_HOST_USB3_LPM_ENABLE is not set
|
||||
CONFIG_DW_WATCHDOG=m
|
||||
CONFIG_PCIE_DW=y
|
||||
|
||||
@ -618,15 +623,21 @@ CONFIG_SND_SOC_SPDIF=m
|
||||
# CONFIG_SND_SOC_WM8903 is not set
|
||||
# CONFIG_SND_SOC_WM8962 is not set
|
||||
# CONFIG_SND_SOC_TPA6130A2 is not set
|
||||
# CONFIG_SND_SOC_FSL_SAI is not set
|
||||
# CONFIG_SND_SOC_FSL_SSI is not set
|
||||
# CONFIG_SND_SOC_FSL_SPDIF is not set
|
||||
# CONFIG_SND_SOC_FSL_ASRC is not set
|
||||
# CONFIG_SND_SOC_FSL_ESAI is not set
|
||||
# CONFIG_SND_SOC_FSL_SAI is not set
|
||||
# CONFIG_SND_SOC_FSL_SPDIF is not set
|
||||
# CONFIG_SND_SOC_FSL_SSI is not set
|
||||
# CONFIG_SND_SOC_IMX_AUDMUX is not set
|
||||
# CONFIG_SND_SOC_ALC5623 is not set
|
||||
# CONFIG_SND_SOC_CS42L56 is not set
|
||||
# CONFIG_SND_SOC_STA350 is not set
|
||||
# CONFIG_SND_ATMEL_SOC is not set
|
||||
# CONFIG_SND_SOC_TLV320AIC31XX is not set
|
||||
# CONFIG_SND_SOC_TAS2552 is not set
|
||||
# CONFIG_SND_SOC_CS4265 is not set
|
||||
# CONFIG_SND_EDMA_SOC is not set
|
||||
# CONFIG_SND_SOC_ROCKCHIP is not set
|
||||
|
||||
# Displays
|
||||
CONFIG_BACKLIGHT_TPS65217=m
|
||||
@ -685,6 +696,7 @@ CONFIG_REGULATOR_TPS65912=m
|
||||
CONFIG_REGULATOR_TPS80031=m
|
||||
CONFIG_REGULATOR_LTC3589=m
|
||||
CONFIG_REGULATOR_ANATOP=m
|
||||
CONFIG_REGULATOR_DA9211=m
|
||||
|
||||
CONFIG_CHARGER_MANAGER=y
|
||||
CONFIG_CHARGER_BQ2415X=m
|
||||
@ -792,6 +804,7 @@ CONFIG_BPF_JIT=y
|
||||
# HW Enabled in armv7 not lpae
|
||||
# CONFIG_DRM_TILCDC is not set
|
||||
# CONFIG_DRM_IMX is not set
|
||||
# CONFIG_DRM_STI is not set
|
||||
# CONFIG_AHCI_IMX is not set
|
||||
# CONFIG_IMX_THERMAL is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
@ -828,6 +841,8 @@ CONFIG_BPF_JIT=y
|
||||
# CONFIG_MMC_TMIO is not set
|
||||
# CONFIG_PINCTRL_IMX35 is not set
|
||||
# CONFIG_DVB_USB_PCTV452E is not set
|
||||
# CONFIG_DWMAC_SOCFPGA is not set
|
||||
# CONFIG_MMC_DW_SOCFPGA is not set
|
||||
|
||||
# CONFIG_MFD_LP8788 is not set
|
||||
# CONFIG_MFD_MAX77693 is not set
|
||||
|
@ -11,7 +11,6 @@ CONFIG_ARCH_VIRT=y
|
||||
# CONFIG_SOC_AM43XX is not set
|
||||
# CONFIG_SOC_DRA7XX is not set
|
||||
# CONFIG_ARCH_ROCKCHIP is not set
|
||||
# CONFIG_ARCH_SOCFPGA is not set
|
||||
# CONFIG_ARCH_ZYNQ is not set
|
||||
# CONFIG_ARCH_AXXIA is not set
|
||||
|
||||
@ -62,6 +61,7 @@ CONFIG_TI_AEMIF=m
|
||||
CONFIG_POWER_RESET_KEYSTONE=y
|
||||
CONFIG_DAVINCI_WATCHDOG=m
|
||||
CONFIG_SPI_DAVINCI=m
|
||||
CONFIG_TI_DAVINCI_MDIO=m
|
||||
# CONFIG_TI_SOC_THERMAL is not set
|
||||
|
||||
# Tegra (non A15 device options)
|
||||
|
@ -123,6 +123,8 @@ CONFIG_MAC80211_MESSAGE_TRACING=y
|
||||
|
||||
CONFIG_EDAC_DEBUG=y
|
||||
|
||||
CONFIG_SPI_DEBUG=y
|
||||
|
||||
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
|
||||
CONFIG_LATENCYTOP=y
|
||||
CONFIG_SCHEDSTATS=y
|
||||
|
160
config-generic
160
config-generic
@ -44,6 +44,7 @@ CONFIG_TASK_XACCT=y
|
||||
CONFIG_TASK_IO_ACCOUNTING=y
|
||||
CONFIG_SYSCTL=y
|
||||
CONFIG_LOG_BUF_SHIFT=18
|
||||
CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
|
||||
# CONFIG_IKCONFIG is not set
|
||||
# CONFIG_EMBEDDED is not set
|
||||
# CONFIG_EXPERT is not set
|
||||
@ -149,6 +150,7 @@ CONFIG_MMC_USHC=m
|
||||
CONFIG_MMC_REALTEK_PCI=m
|
||||
CONFIG_MMC_REALTEK_USB=m
|
||||
CONFIG_MMC_VUB300=m
|
||||
# CONFIG_MMC_SPI is not set
|
||||
# CONFIG_MMC_SDHCI_PXAV2 is not set
|
||||
# CONFIG_MMC_SDHCI_PXAV3 is not set
|
||||
# CONFIG_MMC_SDHCI_OF_ARASAN is not set
|
||||
@ -208,16 +210,34 @@ CONFIG_BINFMT_MISC=m
|
||||
# Generic Driver Options
|
||||
#
|
||||
CONFIG_FW_LOADER=y
|
||||
# CONFIG_TEST_FIRMWARE is not set
|
||||
# CONFIG_FIRMWARE_IN_KERNEL is not set
|
||||
CONFIG_EXTRA_FIRMWARE=""
|
||||
|
||||
# Give this a try in rawhide for now
|
||||
# CONFIG_FW_LOADER_USER_HELPER is not set
|
||||
# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
|
||||
|
||||
# CONFIG_CMA is not set
|
||||
# CONFIG_DMA_CMA is not set
|
||||
# CONFIG_FENCE_TRACE is not set
|
||||
|
||||
# CONFIG_SPI is not set
|
||||
# CONFIG_SPI_ALTERA is not set
|
||||
# CONFIG_SPI_BITBANG is not set
|
||||
# CONFIG_SPI_BUTTERFLY is not set
|
||||
# CONFIG_SPI_GPIO is not set
|
||||
# CONFIG_SPI_LM70_LLP is not set
|
||||
# CONFIG_SPI_OC_TINY is not set
|
||||
# CONFIG_SPI_PXA2XX is not set
|
||||
# CONFIG_SPI_SC18IS602 is not set
|
||||
# CONFIG_SPI_TOPCLIFF_PCH is not set
|
||||
# CONFIG_SPI_XCOMM is not set
|
||||
# CONFIG_SPI_XILINX is not set
|
||||
# CONFIG_SPI_DESIGNWARE is not set
|
||||
# CONFIG_SPI_SPIDEV is not set
|
||||
# CONFIG_SPI_TLE62X0 is not set
|
||||
# CONFIG_SPI_FSL_SPI is not set
|
||||
|
||||
# CONFIG_SPMI is not set
|
||||
|
||||
@ -272,6 +292,8 @@ CONFIG_MTD_CFI_I2=y
|
||||
# CONFIG_MTD_TS5500 is not set
|
||||
# CONFIG_MTD_INTEL_VR_NOR is not set
|
||||
# CONFIG_MTD_PLATRAM is not set
|
||||
# CONFIG_MTD_SST25L is not set
|
||||
# CONFIG_MTD_DATAFLASH is not set
|
||||
|
||||
# Self-contained MTD device drivers
|
||||
# CONFIG_MTD_PMC551 is not set
|
||||
@ -860,10 +882,13 @@ CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
|
||||
CONFIG_NETFILTER_XT_TARGET_LED=m
|
||||
CONFIG_NETFILTER_XT_TARGET_LOG=m
|
||||
CONFIG_NETFILTER_XT_TARGET_MARK=m
|
||||
CONFIG_NETFILTER_XT_NAT=m
|
||||
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
|
||||
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
|
||||
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
|
||||
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
|
||||
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
|
||||
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
|
||||
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
|
||||
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
|
||||
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
|
||||
@ -954,6 +979,11 @@ CONFIG_NF_CT_NETLINK=m
|
||||
CONFIG_NF_CT_NETLINK_HELPER=m
|
||||
CONFIG_NF_CT_PROTO_UDPLITE=m
|
||||
|
||||
CONFIG_NF_LOG_ARP=m
|
||||
CONFIG_NF_LOG_IPV4=m
|
||||
CONFIG_NF_LOG_IPV6=m
|
||||
CONFIG_NF_LOG_BRIDGE=m
|
||||
|
||||
CONFIG_IP_NF_MATCH_AH=m
|
||||
CONFIG_IP_NF_MATCH_ECN=m
|
||||
CONFIG_IP_NF_MATCH_RPFILTER=m
|
||||
@ -967,7 +997,7 @@ CONFIG_IP_NF_TARGET_ULOG=m
|
||||
CONFIG_IP_NF_TARGET_REJECT=y
|
||||
CONFIG_IP_NF_TARGET_SYNPROXY=m
|
||||
CONFIG_IP_NF_TARGET_TTL=m
|
||||
CONFIG_NF_NAT_IPV4=m
|
||||
CONFIG_IP_NF_NAT=m
|
||||
CONFIG_IP_NF_TARGET_MASQUERADE=m
|
||||
CONFIG_IP_NF_MANGLE=m
|
||||
CONFIG_IP_NF_ARPTABLES=m
|
||||
@ -1001,7 +1031,7 @@ CONFIG_IP6_NF_TARGET_LOG=m
|
||||
CONFIG_IP6_NF_TARGET_REJECT=m
|
||||
CONFIG_IP6_NF_TARGET_SYNPROXY=m
|
||||
CONFIG_IP6_NF_TARGET_HL=m
|
||||
CONFIG_NF_NAT_IPV6=m
|
||||
CONFIG_IP6_NF_NAT=m
|
||||
CONFIG_IP6_NF_TARGET_MASQUERADE=m
|
||||
# CONFIG_IP6_NF_TARGET_NPT is not set
|
||||
|
||||
@ -1058,6 +1088,7 @@ CONFIG_BRIDGE_EBT_T_NAT=m
|
||||
CONFIG_BRIDGE_EBT_ULOG=m
|
||||
CONFIG_BRIDGE_EBT_VLAN=m
|
||||
CONFIG_NFT_BRIDGE_META=m
|
||||
CONFIG_NFT_BRIDGE_REJECT=m
|
||||
CONFIG_XFRM=y
|
||||
CONFIG_XFRM_MIGRATE=y
|
||||
CONFIG_XFRM_SUB_POLICY=y
|
||||
@ -1347,6 +1378,7 @@ CONFIG_CHELSIO_T1_1G=y
|
||||
CONFIG_CHELSIO_T3=m
|
||||
CONFIG_CHELSIO_T4=m
|
||||
CONFIG_CHELSIO_T4VF=m
|
||||
# CONFIG_CHELSIO_T4_DCB is not set
|
||||
|
||||
CONFIG_NET_VENDOR_CISCO=y
|
||||
CONFIG_ENIC=m
|
||||
@ -1398,7 +1430,6 @@ CONFIG_E1000E=m
|
||||
CONFIG_IGB=m
|
||||
CONFIG_IGB_HWMON=y
|
||||
CONFIG_IGB_DCA=y
|
||||
CONFIG_IGB_PTP=y
|
||||
CONFIG_IGBVF=m
|
||||
CONFIG_IXGB=m
|
||||
CONFIG_IXGBEVF=m
|
||||
@ -1425,8 +1456,11 @@ CONFIG_SKY2=m
|
||||
CONFIG_NET_VENDOR_MICREL=y
|
||||
CONFIG_KSZ884X_PCI=m
|
||||
# CONFIG_KS8842 is not set
|
||||
# CONFIG_KS8851 is not set
|
||||
# CONFIG_KS8851_MLL is not set
|
||||
|
||||
# CONFIG_NET_VENDOR_MICROCHIP is not set
|
||||
# CONFIG_ENC28J60 is not set
|
||||
CONFIG_NET_VENDOR_MYRI=y
|
||||
CONFIG_MYRI10GE=m
|
||||
CONFIG_MYRI10GE_DCA=y
|
||||
@ -1550,6 +1584,7 @@ CONFIG_SMSC_PHY=m
|
||||
CONFIG_STE10XP=m
|
||||
CONFIG_VITESSE_PHY=m
|
||||
CONFIG_MICREL_PHY=m
|
||||
# CONFIG_MICREL_KS8995MA is not set
|
||||
# CONFIG_OMAP_CONTROL_PHY is not set
|
||||
# CONFIG_PHY_SAMSUNG_USB2 is not set
|
||||
|
||||
@ -1695,13 +1730,14 @@ CONFIG_B43_SDIO=y
|
||||
CONFIG_B43_BCMA=y
|
||||
# CONFIG_B43_BCMA_EXTRA is not set
|
||||
CONFIG_B43_BCMA_PIO=y
|
||||
# CONFIG_B43_DEBUG is not set
|
||||
CONFIG_B43_DEBUG=y
|
||||
CONFIG_B43_PHY_LP=y
|
||||
CONFIG_B43_PHY_N=y
|
||||
CONFIG_B43_PHY_HT=y
|
||||
# CONFIG_B43_PHY_G is not set
|
||||
# CONFIG_B43_FORCE_PIO is not set
|
||||
CONFIG_B43LEGACY=m
|
||||
# CONFIG_B43LEGACY_DEBUG is not set
|
||||
CONFIG_B43LEGACY_DEBUG=y
|
||||
CONFIG_B43LEGACY_DMA=y
|
||||
CONFIG_B43LEGACY_PIO=y
|
||||
CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
|
||||
@ -1712,6 +1748,7 @@ CONFIG_BRCMFMAC=m
|
||||
CONFIG_BRCMFMAC_SDIO=y
|
||||
CONFIG_BRCMFMAC_SDIO_OOB=y
|
||||
CONFIG_BRCMFMAC_USB=y
|
||||
CONFIG_BRCMFMAC_PCIE=y
|
||||
# CONFIG_BRCM_TRACING is not set
|
||||
# CONFIG_BRCMISCAN is not set
|
||||
# CONFIG_BRCMDBG is not set
|
||||
@ -1741,6 +1778,7 @@ CONFIG_LIBERTAS_CS=m
|
||||
CONFIG_LIBERTAS_SDIO=m
|
||||
# CONFIG_LIBERTAS_DEBUG is not set
|
||||
# CONFIG_LIBERTAS_THINFIRM is not set
|
||||
# CONFIG_LIBERTAS_SPI is not set
|
||||
CONFIG_LIBERTAS_MESH=y
|
||||
CONFIG_IWLWIFI=m
|
||||
CONFIG_IWLDVM=m
|
||||
@ -1764,6 +1802,7 @@ CONFIG_MAC80211_HWSIM=m
|
||||
CONFIG_P54_COMMON=m
|
||||
CONFIG_P54_USB=m
|
||||
CONFIG_P54_PCI=m
|
||||
# CONFIG_P54_SPI is not set
|
||||
CONFIG_MWL8K=m
|
||||
# CONFIG_PRISM54 is not set
|
||||
# CONFIG_PCMCIA_WL3501 is not set
|
||||
@ -1888,6 +1927,9 @@ CONFIG_NFC_MICROREAD_I2C=m
|
||||
CONFIG_NFC_TRF7970A=m
|
||||
CONFIG_NFC_ST21NFCA=m
|
||||
CONFIG_NFC_ST21NFCA_I2C=m
|
||||
# CONFIG_NFC_ST21NFCB is not set
|
||||
# CONFIG_NFC_ST21NFCB_I2C is not set
|
||||
# CONFIG_NFC_NCI_SPI is not set
|
||||
|
||||
|
||||
#
|
||||
@ -2118,6 +2160,7 @@ CONFIG_TABLET_USB_GTCO=m
|
||||
CONFIG_TABLET_USB_HANWANG=m
|
||||
CONFIG_TABLET_USB_KBTAB=m
|
||||
CONFIG_TABLET_USB_WACOM=m
|
||||
CONFIG_TABLET_SERIAL_WACOM4=m
|
||||
|
||||
CONFIG_INPUT_POWERMATE=m
|
||||
CONFIG_INPUT_YEALINK=m
|
||||
@ -2180,6 +2223,7 @@ CONFIG_KEYBOARD_ATKBD=y
|
||||
# CONFIG_KEYBOARD_TCA6416 is not set
|
||||
# CONFIG_KEYBOARD_TCA8418 is not set
|
||||
# CONFIG_KEYBOARD_OMAP4 is not set
|
||||
# CONFIG_KEYBOARD_CAP1106 is not set
|
||||
CONFIG_INPUT_MOUSE=y
|
||||
CONFIG_MOUSE_PS2=y
|
||||
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
|
||||
@ -2267,6 +2311,9 @@ CONFIG_TOUCHSCREEN_ATMEL_MXT=m
|
||||
CONFIG_TOUCHSCREEN_AUO_PIXCIR=m
|
||||
CONFIG_TOUCHSCREEN_TI_AM335X_TSC=m
|
||||
CONFIG_TOUCHSCREEN_ZFORCE=m
|
||||
# CONFIG_TOUCHSCREEN_ADS7846 is not set
|
||||
# CONFIG_TOUCHSCREEN_AD7877 is not set
|
||||
# CONFIG_TOUCHSCREEN_TSC2005 is not set
|
||||
|
||||
CONFIG_INPUT_MISC=y
|
||||
CONFIG_INPUT_PCSPKR=m
|
||||
@ -2368,6 +2415,9 @@ CONFIG_SERIAL_ARC_NR_PORTS=1
|
||||
# CONFIG_SERIAL_FSL_LPUART is not set
|
||||
# CONFIG_SERIAL_ST_ASC is not set
|
||||
# CONFIG_SERIAL_PCH_UART is not set
|
||||
# CONFIG_SERIAL_MAX3100 is not set
|
||||
# CONFIG_SERIAL_MAX310X is not set
|
||||
# CONFIG_SERIAL_IFX6X60 is not set
|
||||
|
||||
CONFIG_UNIX98_PTYS=y
|
||||
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
|
||||
@ -2423,6 +2473,8 @@ CONFIG_EEPROM_AT24=m
|
||||
CONFIG_EEPROM_LEGACY=m
|
||||
CONFIG_EEPROM_93CX6=m
|
||||
CONFIG_EEPROM_MAX6875=m
|
||||
# CONFIG_EEPROM_AT25 is not set
|
||||
# CONFIG_EEPROM_93XX46 is not set
|
||||
|
||||
CONFIG_I2C_NFORCE2=m
|
||||
# CONFIG_I2C_OCORES is not set
|
||||
@ -2497,6 +2549,7 @@ CONFIG_SENSORS_K8TEMP=m
|
||||
CONFIG_SENSORS_K10TEMP=m
|
||||
CONFIG_SENSORS_LIS3LV02D=m
|
||||
CONFIG_SENSORS_LIS3_I2C=m
|
||||
# CONFIG_SENSORS_LIS3_SPI is not set
|
||||
CONFIG_SENSORS_LM63=m
|
||||
CONFIG_SENSORS_LM75=m
|
||||
CONFIG_SENSORS_LM77=m
|
||||
@ -2588,6 +2641,15 @@ CONFIG_SENSORS_UCD9200=m
|
||||
CONFIG_SENSORS_ZL6100=m
|
||||
CONFIG_SENSORS_EMC6W201=m
|
||||
|
||||
CONFIG_SENSORS_TMP103=m
|
||||
CONFIG_SENSORS_ADS7871=m
|
||||
CONFIG_SENSORS_PWM_FAN=m
|
||||
CONFIG_SENSORS_LM70=m
|
||||
CONFIG_SENSORS_ADCXX=m
|
||||
CONFIG_SENSORS_MAX1111=m
|
||||
CONFIG_SENSORS_POWR1220=m
|
||||
CONFIG_SENSORS_AD7314=m
|
||||
|
||||
CONFIG_PMBUS=m
|
||||
CONFIG_SENSORS_PMBUS=m
|
||||
CONFIG_SENSORS_MAX16064=m
|
||||
@ -2597,6 +2659,7 @@ CONFIG_SENSORS_MAX34440=m
|
||||
CONFIG_SENSORS_MAX8688=m
|
||||
CONFIG_SENSORS_MAX1668=m
|
||||
CONFIG_SENSORS_MAX197=m
|
||||
CONFIG_SENSORS_TPS40422=m
|
||||
|
||||
# Industrial I/O subsystem configuration
|
||||
CONFIG_IIO=m
|
||||
@ -2642,6 +2705,7 @@ CONFIG_HID_SENSOR_INCLINOMETER_3D=m
|
||||
CONFIG_HID_SENSOR_DEVICE_ROTATION=m
|
||||
# CONFIG_ADJD_S311 is not set
|
||||
# CONFIG_SENSORS_TSL2563 is not set
|
||||
# CONFIG_SENSORS_HMC5843_I2C is not set
|
||||
# CONFIG_VCNL4000 is not set
|
||||
# CONFIG_AK8975 is not set
|
||||
# CONFIG_MAG3110 is not set
|
||||
@ -2685,6 +2749,13 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
|
||||
# CONFIG_MPL115 is not set
|
||||
# CONFIG_SI7005 is not set
|
||||
# CONFIG_AS3935 is not set
|
||||
# CONFIG_KXCJK1013 is not set
|
||||
# CONFIG_ISL29125 is not set
|
||||
# CONFIG_TCS3414 is not set
|
||||
# CONFIG_AK09911 is not set
|
||||
# CONFIG_T5403 is not set
|
||||
# CONFIG_MCP4922 is not set
|
||||
# CONFIG_MAX1027 is not set
|
||||
|
||||
# staging IIO drivers
|
||||
# CONFIG_AD7291 is not set
|
||||
@ -2699,6 +2770,7 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
|
||||
# CONFIG_SENSORS_ISL29018 is not set
|
||||
# CONFIG_SENSORS_ISL29028 is not set
|
||||
# CONFIG_SENSORS_HMC5843 is not set
|
||||
# CONFIG_SENSORS_HMC5843_SPI is not set
|
||||
# CONFIG_IIO_PERIODIC_RTC_TRIGGER is not set
|
||||
# CONFIG_IIO_SIMPLE_DUMMY is not set
|
||||
# CONFIG_ADIS16201 is not set
|
||||
@ -2737,6 +2809,9 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
|
||||
# CONFIG_PCH_PHUB is not set
|
||||
# CONFIG_USB_SWITCH_FSA9480 is not set
|
||||
# CONFIG_SRAM is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
# CONFIG_BMP085_SPI is not set
|
||||
# CONFIG_LATTICE_ECP3_CONFIG is not set
|
||||
|
||||
CONFIG_W1=m
|
||||
CONFIG_W1_CON=y
|
||||
@ -2758,6 +2833,7 @@ CONFIG_W1_SLAVE_DS2780=m
|
||||
CONFIG_W1_SLAVE_DS2781=m
|
||||
CONFIG_W1_SLAVE_DS28E04=m
|
||||
CONFIG_W1_SLAVE_BQ27000=m
|
||||
CONFIG_W1_SLAVE_DS2406=m
|
||||
|
||||
#
|
||||
# Mice
|
||||
@ -2879,6 +2955,20 @@ CONFIG_RTC_DRV_RV3029C2=m
|
||||
CONFIG_RTC_DRV_PCF50633=m
|
||||
CONFIG_RTC_DRV_DS3232=m
|
||||
CONFIG_RTC_DRV_ISL12022=m
|
||||
CONFIG_RTC_DRV_MCP795=m
|
||||
CONFIG_RTC_DRV_RX4581=m
|
||||
CONFIG_RTC_DRV_PCF2123=m
|
||||
CONFIG_RTC_DRV_DS3234=m
|
||||
CONFIG_RTC_DRV_RS5C348=m
|
||||
CONFIG_RTC_DRV_R9701=m
|
||||
CONFIG_RTC_DRV_MAX6902=m
|
||||
CONFIG_RTC_DRV_DS1390=m
|
||||
CONFIG_RTC_DRV_DS1347=m
|
||||
CONFIG_RTC_DRV_DS1343=m
|
||||
CONFIG_RTC_DRV_DS1305=m
|
||||
CONFIG_RTC_DRV_M41T94=m
|
||||
CONFIG_RTC_DRV_M41T93=m
|
||||
CONFIG_RTC_DRV_PCF85063=m
|
||||
# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set
|
||||
# CONFIG_RTC_DRV_MOXART is not set
|
||||
# CONFIG_RTC_DRV_ISL12057 is not set
|
||||
@ -2969,6 +3059,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y
|
||||
CONFIG_MEDIA_RADIO_SUPPORT=y
|
||||
CONFIG_MEDIA_RC_SUPPORT=y
|
||||
CONFIG_MEDIA_CONTROLLER=y
|
||||
# CONFIG_MEDIA_SDR_SUPPORT is not set
|
||||
CONFIG_VIDEO_DEV=m
|
||||
# CONFIG_VIDEO_ADV_DEBUG is not set
|
||||
CONFIG_VIDEO_HELPER_CHIPS_AUTO=y
|
||||
@ -3035,6 +3126,7 @@ CONFIG_VIDEO_SAA7134=m
|
||||
CONFIG_VIDEO_SAA7134_ALSA=m
|
||||
CONFIG_VIDEO_SAA7134_DVB=m
|
||||
CONFIG_VIDEO_SAA7134_RC=y
|
||||
CONFIG_VIDEO_SOLO6X10=m
|
||||
CONFIG_VIDEO_USBVISION=m
|
||||
CONFIG_VIDEO_STK1160_COMMON=m
|
||||
CONFIG_VIDEO_STK1160=m
|
||||
@ -3059,6 +3151,7 @@ CONFIG_VIDEO_TLG2300=m
|
||||
# CONFIG_VIDEO_M5MOLS is not set
|
||||
# CONFIG_EXYNOS_VIDEO is not set
|
||||
CONFIG_VIDEO_USBTV=m
|
||||
# CONFIG_VIDEO_AU0828_RC is not set
|
||||
|
||||
CONFIG_USB_VIDEO_CLASS=m
|
||||
CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y
|
||||
@ -3214,6 +3307,7 @@ CONFIG_IR_WINBOND_CIR=m
|
||||
CONFIG_IR_IGUANA=m
|
||||
CONFIG_IR_TTUSBIR=m
|
||||
CONFIG_IR_GPIO_CIR=m
|
||||
CONFIG_IR_XMP_DECODER=m
|
||||
|
||||
CONFIG_V4L_MEM2MEM_DRIVERS=y
|
||||
# CONFIG_VIDEO_MEM2MEM_DEINTERLACE is not set
|
||||
@ -3356,6 +3450,7 @@ CONFIG_SND_RTCTIMER=y
|
||||
CONFIG_SND_DYNAMIC_MINORS=y
|
||||
CONFIG_SND_MAX_CARDS=32
|
||||
# CONFIG_SND_SUPPORT_OLD_API is not set
|
||||
# CONFIG_SND_SPI is not set
|
||||
|
||||
#
|
||||
# Generic devices
|
||||
@ -3659,6 +3754,7 @@ CONFIG_HID_ROCCAT_KOVAPLUS=m
|
||||
CONFIG_HID_HOLTEK=m
|
||||
CONFIG_HOLTEK_FF=y
|
||||
CONFIG_HID_HUION=m
|
||||
CONFIG_HID_GT683R=m
|
||||
CONFIG_HID_SPEEDLINK=m
|
||||
CONFIG_HID_WIIMOTE=m
|
||||
CONFIG_HID_WIIMOTE_EXT=y
|
||||
@ -3669,6 +3765,7 @@ CONFIG_HID_GENERIC=y
|
||||
CONFIG_HID_AUREAL=m
|
||||
CONFIG_HID_APPLEIR=m
|
||||
# CONFIG_HID_CP2112 is not set
|
||||
CONFIG_HID_LENOVO=m
|
||||
|
||||
|
||||
#
|
||||
@ -3743,6 +3840,7 @@ CONFIG_USB_ZR364XX=m
|
||||
#
|
||||
# USB Network adaptors
|
||||
#
|
||||
CONFIG_USB_NET_DRIVERS=y
|
||||
CONFIG_USB_CATC=m
|
||||
CONFIG_USB_HSO=m
|
||||
CONFIG_USB_KAWETH=m
|
||||
@ -3897,6 +3995,8 @@ CONFIG_USB_PHY=y
|
||||
# CONFIG_GENERIC_PHY is not set
|
||||
# CONFIG_PHY_EXYNOS_MIPI_VIDEO is not set
|
||||
# CONFIG_PHY_EXYNOS_DP_VIDEO is not set
|
||||
# CONFIG_PHY_ST_SPEAR1310_MIPHY is not set
|
||||
# CONFIG_PHY_ST_SPEAR1340_MIPHY is not set
|
||||
# CONFIG_AM335X_PHY_USB is not set
|
||||
# CONFIG_SAMSUNG_USBPHY is not set
|
||||
# CONFIG_SAMSUNG_USB2PHY is not set
|
||||
@ -3920,6 +4020,7 @@ CONFIG_USB_ISIGHTFW=m
|
||||
CONFIG_USB_YUREX=m
|
||||
CONFIG_USB_EZUSB_FX2=m
|
||||
CONFIG_USB_HSIC_USB3503=m
|
||||
# CONFIG_USB_LINK_LAYER_TEST is not set
|
||||
CONFIG_USB_LCD=m
|
||||
CONFIG_USB_LD=m
|
||||
CONFIG_USB_LEGOTOWER=m
|
||||
@ -3947,13 +4048,11 @@ CONFIG_USB_UEAGLEATM=m
|
||||
CONFIG_USB_XUSBATM=m
|
||||
|
||||
# CONFIG_USB_DWC2 is not set
|
||||
# CONFIG_USB_ISP1301 is not set
|
||||
# CONFIG_USB_OTG is not set
|
||||
|
||||
CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
|
||||
|
||||
# CONFIG_USB_ISP1301 is not set
|
||||
|
||||
# CONFIG_USB_OTG is not set
|
||||
|
||||
#
|
||||
# Sonics Silicon Backplane
|
||||
#
|
||||
@ -4024,6 +4123,13 @@ CONFIG_MFD_VIPERBOARD=m
|
||||
# CONFIG_MFD_LP3943 is not set
|
||||
# CONFIG_MFD_BCM590XX is not set
|
||||
# CONFIG_MFD_TPS65218 is not set
|
||||
# CONFIG_MFD_WM831X_SPI is not set
|
||||
# CONFIG_MFD_ARIZONA_SPI is not set
|
||||
# CONFIG_MFD_TPS65912_SPI is not set
|
||||
# CONFIG_MFD_MC13XXX_SPI is not set
|
||||
# CONFIG_MFD_DA9052_SPI is not set
|
||||
# CONFIG_EZX_PCAP is not set
|
||||
# CONFIG_INTEL_SOC_PMIC is not set
|
||||
|
||||
|
||||
#
|
||||
@ -4345,6 +4451,9 @@ CONFIG_FRAME_WARN=1024
|
||||
CONFIG_MAGIC_SYSRQ=y
|
||||
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
|
||||
CONFIG_DEBUG_INFO=y
|
||||
# Revisit both of these options
|
||||
# CONFIG_DEBUG_INFO_SPLIT is not set
|
||||
# CONFIG_DEBUG_INFO_DWARF4 is not set
|
||||
CONFIG_FRAME_POINTER=y
|
||||
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
|
||||
# CONFIG_DEBUG_DRIVER is not set
|
||||
@ -4514,6 +4623,7 @@ CONFIG_LIBCRC32C=m
|
||||
CONFIG_CRYPTO_CRC32C_INTEL=m
|
||||
CONFIG_CRYPTO_GHASH=m
|
||||
CONFIG_CRYPTO_ANSI_CPRNG=m
|
||||
# CONFIG_CRYPTO_DRBG_MENU is not set
|
||||
CONFIG_CRYPTO_DEV_HIFN_795X=m
|
||||
CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
|
||||
CONFIG_CRYPTO_PCRYPT=m
|
||||
@ -4576,6 +4686,19 @@ CONFIG_BACKLIGHT_LP855X=m
|
||||
|
||||
CONFIG_LCD_CLASS_DEVICE=m
|
||||
CONFIG_LCD_PLATFORM=m
|
||||
# CONFIG_LCD_ILI922X is not set
|
||||
# CONFIG_LCD_ILI9320 is not set
|
||||
# CONFIG_LCD_TDO24M is not set
|
||||
# CONFIG_LCD_VGG2432A4 is not set
|
||||
# CONFIG_LCD_S6E63M0 is not set
|
||||
# CONFIG_LCD_LD9040 is not set
|
||||
# CONFIG_LCD_AMS369FG06 is not set
|
||||
# CONFIG_LCD_LMS501KF03 is not set
|
||||
# CONFIG_LCD_HX8357 is not set
|
||||
# CONFIG_LCD_L4F00242T03 is not set
|
||||
# CONFIG_LCD_LMS283GF05 is not set
|
||||
# CONFIG_LCD_LTV350QV is not set
|
||||
|
||||
|
||||
CONFIG_SCHED_DEBUG=y
|
||||
CONFIG_FAIR_GROUP_SCHED=y
|
||||
@ -4608,6 +4731,7 @@ CONFIG_BLK_CGROUP=y
|
||||
|
||||
CONFIG_RELAY=y
|
||||
CONFIG_PRINTK_TIME=y
|
||||
CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
|
||||
|
||||
CONFIG_ENABLE_MUST_CHECK=y
|
||||
# CONFIG_ENABLE_WARN_DEPRECATED is not set
|
||||
@ -4643,7 +4767,7 @@ CONFIG_PM_DEBUG=y
|
||||
# CONFIG_DPM_WATCHDOG is not set # revisit this in debug
|
||||
CONFIG_PM_TRACE=y
|
||||
CONFIG_PM_TRACE_RTC=y
|
||||
# CONFIG_PM_TEST_SUSPEND is not set
|
||||
CONFIG_PM_TEST_SUSPEND=y
|
||||
CONFIG_PM_RUNTIME=y
|
||||
# CONFIG_PM_OPP is not set
|
||||
# CONFIG_PM_AUTOSLEEP is not set
|
||||
@ -4753,6 +4877,7 @@ CONFIG_LEDS_REGULATOR=m
|
||||
CONFIG_LEDS_TRIGGER_GPIO=m
|
||||
CONFIG_LEDS_WM8350=m
|
||||
CONFIG_LEDS_WM831X_STATUS=m
|
||||
# CONFIG_LEDS_DAC124S085 is not set
|
||||
|
||||
CONFIG_DMADEVICES=y
|
||||
CONFIG_DMA_ENGINE=y
|
||||
@ -4763,6 +4888,7 @@ CONFIG_DW_DMAC_PCI=m
|
||||
# CONFIG_TIMB_DMA is not set
|
||||
# CONFIG_DMATEST is not set
|
||||
# CONFIG_FSL_EDMA is not set
|
||||
# CONFIG_NBPFAXI_DMA is not set
|
||||
CONFIG_ASYNC_TX_DMA=y
|
||||
|
||||
CONFIG_UNUSED_SYMBOLS=y
|
||||
@ -4929,6 +5055,8 @@ CONFIG_NET_DSA_MV88E6123_61_65=m
|
||||
# Used by Maemo, we don't care.
|
||||
# CONFIG_PHONET is not set
|
||||
|
||||
# CONFIG_6LOWPAN is not set
|
||||
|
||||
# CONFIG_ICS932S401 is not set
|
||||
# CONFIG_ATMEL_SSC is not set
|
||||
|
||||
@ -5098,6 +5226,9 @@ CONFIG_IEEE802154_6LOWPAN=m
|
||||
CONFIG_IEEE802154_DRIVERS=m
|
||||
CONFIG_IEEE802154_FAKEHARD=m
|
||||
CONFIG_IEEE802154_FAKELB=m
|
||||
# CONFIG_IEEE802154_AT86RF230 is not set
|
||||
# CONFIG_IEEE802154_MRF24J40 is not set
|
||||
# CONFIG_IEEE802154_CC2520 is not set
|
||||
|
||||
CONFIG_MAC802154=m
|
||||
CONFIG_NET_MPLS_GSO=m
|
||||
@ -5123,6 +5254,7 @@ CONFIG_PTP_1588_CLOCK_PCH=m
|
||||
CONFIG_CLEANCACHE=y
|
||||
CONFIG_FRONTSWAP=y
|
||||
CONFIG_ZSWAP=y
|
||||
# CONFIG_ZBUD is not set
|
||||
CONFIG_ZSMALLOC=y
|
||||
# CONFIG_PGTABLE_MAPPING is not set
|
||||
|
||||
@ -5167,6 +5299,9 @@ CONFIG_GPIO_VIPERBOARD=m
|
||||
# CONFIG_GPIO_BCM_KONA is not set
|
||||
# CONFIG_GPIO_SCH311X is not set
|
||||
# CONFIG_GPIO_DWAPB is not set
|
||||
# CONFIG_GPIO_74X164 is not set
|
||||
# CONFIG_GPIO_MAX7301 is not set
|
||||
# CONFIG_GPIO_MC33880 is not set
|
||||
|
||||
# FIXME: Why?
|
||||
CONFIG_EVENT_POWER_TRACING_DEPRECATED=y
|
||||
@ -5202,6 +5337,8 @@ CONFIG_PSTORE_RAM=m
|
||||
# CONFIG_TEST_MODULE is not set
|
||||
# CONFIG_TEST_USER_COPY is not set
|
||||
# CONFIG_TEST_BPF is not set
|
||||
# CONFIG_TEST_UDELAY is not set
|
||||
# CONFIG_TEST_RHASHTABLE is not set
|
||||
|
||||
# CONFIG_AVERAGE is not set
|
||||
# CONFIG_VMXNET3 is not set
|
||||
@ -5236,6 +5373,7 @@ CONFIG_FMC_CHARDEV=m
|
||||
# CONFIG_GENWQE is not set
|
||||
|
||||
# CONFIG_POWERCAP is not set
|
||||
# CONFIG_THUNDERBOLT is not set
|
||||
|
||||
# CONFIG_HSI is not set
|
||||
|
||||
@ -5254,3 +5392,5 @@ CONFIG_FMC_CHARDEV=m
|
||||
|
||||
# CONFIG_RTC_DRV_EFI is not set
|
||||
# CONFIG_NET_XGENE is not set
|
||||
|
||||
# CONFIG_GLOB_SELFTEST is not set
|
||||
|
116
config-nodebug
116
config-nodebug
@ -2,100 +2,100 @@ CONFIG_SND_VERBOSE_PRINTK=y
|
||||
CONFIG_SND_DEBUG=y
|
||||
CONFIG_SND_PCM_XRUN_DEBUG=y
|
||||
|
||||
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
|
||||
CONFIG_DEBUG_ATOMIC_SLEEP=y
|
||||
|
||||
# CONFIG_DEBUG_MUTEXES is not set
|
||||
# CONFIG_DEBUG_RT_MUTEXES is not set
|
||||
# CONFIG_DEBUG_LOCK_ALLOC is not set
|
||||
# CONFIG_LOCK_TORTURE_TEST is not set
|
||||
# CONFIG_PROVE_LOCKING is not set
|
||||
# CONFIG_DEBUG_SPINLOCK is not set
|
||||
# CONFIG_PROVE_RCU is not set
|
||||
CONFIG_DEBUG_MUTEXES=y
|
||||
CONFIG_DEBUG_RT_MUTEXES=y
|
||||
CONFIG_DEBUG_LOCK_ALLOC=y
|
||||
CONFIG_LOCK_TORTURE_TEST=m
|
||||
CONFIG_PROVE_LOCKING=y
|
||||
CONFIG_DEBUG_SPINLOCK=y
|
||||
CONFIG_PROVE_RCU=y
|
||||
# CONFIG_PROVE_RCU_REPEATEDLY is not set
|
||||
# CONFIG_DEBUG_PER_CPU_MAPS is not set
|
||||
CONFIG_DEBUG_PER_CPU_MAPS=y
|
||||
CONFIG_CPUMASK_OFFSTACK=y
|
||||
|
||||
# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set
|
||||
CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
|
||||
|
||||
# CONFIG_FAULT_INJECTION is not set
|
||||
# CONFIG_FAILSLAB is not set
|
||||
# CONFIG_FAIL_PAGE_ALLOC is not set
|
||||
# CONFIG_FAIL_MAKE_REQUEST is not set
|
||||
# CONFIG_FAULT_INJECTION_DEBUG_FS is not set
|
||||
# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set
|
||||
# CONFIG_FAIL_IO_TIMEOUT is not set
|
||||
# CONFIG_FAIL_MMC_REQUEST is not set
|
||||
CONFIG_FAULT_INJECTION=y
|
||||
CONFIG_FAILSLAB=y
|
||||
CONFIG_FAIL_PAGE_ALLOC=y
|
||||
CONFIG_FAIL_MAKE_REQUEST=y
|
||||
CONFIG_FAULT_INJECTION_DEBUG_FS=y
|
||||
CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
|
||||
CONFIG_FAIL_IO_TIMEOUT=y
|
||||
CONFIG_FAIL_MMC_REQUEST=y
|
||||
|
||||
# CONFIG_LOCK_STAT is not set
|
||||
CONFIG_LOCK_STAT=y
|
||||
|
||||
# CONFIG_DEBUG_STACK_USAGE is not set
|
||||
CONFIG_DEBUG_STACK_USAGE=y
|
||||
|
||||
# CONFIG_ACPI_DEBUG is not set
|
||||
CONFIG_ACPI_DEBUG=y
|
||||
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
|
||||
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
# CONFIG_DEBUG_PI_LIST is not set
|
||||
CONFIG_DEBUG_SG=y
|
||||
CONFIG_DEBUG_PI_LIST=y
|
||||
|
||||
# CONFIG_DEBUG_PAGEALLOC is not set
|
||||
|
||||
# CONFIG_DEBUG_WRITECOUNT is not set
|
||||
# CONFIG_DEBUG_OBJECTS is not set
|
||||
CONFIG_DEBUG_WRITECOUNT=y
|
||||
CONFIG_DEBUG_OBJECTS=y
|
||||
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
|
||||
# CONFIG_DEBUG_OBJECTS_FREE is not set
|
||||
# CONFIG_DEBUG_OBJECTS_TIMERS is not set
|
||||
# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
|
||||
CONFIG_DEBUG_OBJECTS_FREE=y
|
||||
CONFIG_DEBUG_OBJECTS_TIMERS=y
|
||||
CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
|
||||
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
|
||||
|
||||
# CONFIG_X86_PTDUMP is not set
|
||||
# CONFIG_EFI_PGT_DUMP is not set
|
||||
CONFIG_X86_PTDUMP=y
|
||||
CONFIG_EFI_PGT_DUMP=y
|
||||
|
||||
# CONFIG_CAN_DEBUG_DEVICES is not set
|
||||
CONFIG_CAN_DEBUG_DEVICES=y
|
||||
|
||||
# CONFIG_MODULE_FORCE_UNLOAD is not set
|
||||
CONFIG_MODULE_FORCE_UNLOAD=y
|
||||
|
||||
# CONFIG_SYSCTL_SYSCALL_CHECK is not set
|
||||
CONFIG_SYSCTL_SYSCALL_CHECK=y
|
||||
|
||||
# CONFIG_DEBUG_NOTIFIERS is not set
|
||||
CONFIG_DEBUG_NOTIFIERS=y
|
||||
|
||||
# CONFIG_DMA_API_DEBUG is not set
|
||||
CONFIG_DMA_API_DEBUG=y
|
||||
|
||||
# CONFIG_MMIOTRACE is not set
|
||||
CONFIG_MMIOTRACE=y
|
||||
|
||||
# CONFIG_DEBUG_CREDENTIALS is not set
|
||||
CONFIG_DEBUG_CREDENTIALS=y
|
||||
|
||||
# off in both production debug and nodebug builds,
|
||||
# on in rawhide nodebug builds
|
||||
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
|
||||
CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
|
||||
|
||||
# CONFIG_EXT4_DEBUG is not set
|
||||
CONFIG_EXT4_DEBUG=y
|
||||
|
||||
# CONFIG_XFS_WARN is not set
|
||||
|
||||
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
|
||||
CONFIG_DEBUG_PERF_USE_VMALLOC=y
|
||||
|
||||
# CONFIG_JBD2_DEBUG is not set
|
||||
CONFIG_JBD2_DEBUG=y
|
||||
|
||||
# CONFIG_NFSD_FAULT_INJECTION is not set
|
||||
CONFIG_NFSD_FAULT_INJECTION=y
|
||||
|
||||
# CONFIG_DEBUG_BLK_CGROUP is not set
|
||||
CONFIG_DEBUG_BLK_CGROUP=y
|
||||
|
||||
# CONFIG_DRBD_FAULT_INJECTION is not set
|
||||
CONFIG_DRBD_FAULT_INJECTION=y
|
||||
|
||||
# CONFIG_ATH_DEBUG is not set
|
||||
# CONFIG_CARL9170_DEBUGFS is not set
|
||||
# CONFIG_IWLWIFI_DEVICE_TRACING is not set
|
||||
CONFIG_ATH_DEBUG=y
|
||||
CONFIG_CARL9170_DEBUGFS=y
|
||||
CONFIG_IWLWIFI_DEVICE_TRACING=y
|
||||
|
||||
# CONFIG_RTLWIFI_DEBUG is not set
|
||||
|
||||
# CONFIG_DEBUG_OBJECTS_WORK is not set
|
||||
CONFIG_DEBUG_OBJECTS_WORK=y
|
||||
|
||||
# CONFIG_DMADEVICES_DEBUG is not set
|
||||
# CONFIG_DMADEVICES_VDEBUG is not set
|
||||
CONFIG_DMADEVICES_DEBUG=y
|
||||
CONFIG_DMADEVICES_VDEBUG=y
|
||||
|
||||
CONFIG_PM_ADVANCED_DEBUG=y
|
||||
|
||||
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
|
||||
# CONFIG_QUOTA_DEBUG is not set
|
||||
CONFIG_CEPH_LIB_PRETTYDEBUG=y
|
||||
CONFIG_QUOTA_DEBUG=y
|
||||
|
||||
CONFIG_PCI_DEFAULT_USE_CRS=y
|
||||
|
||||
@ -103,18 +103,18 @@ CONFIG_KGDB_KDB=y
|
||||
CONFIG_KDB_KEYBOARD=y
|
||||
CONFIG_KDB_CONTINUE_CATASTROPHIC=0
|
||||
|
||||
# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
|
||||
CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
|
||||
# CONFIG_PERCPU_TEST is not set
|
||||
# CONFIG_TEST_LIST_SORT is not set
|
||||
CONFIG_TEST_LIST_SORT=y
|
||||
# CONFIG_TEST_STRING_HELPERS is not set
|
||||
|
||||
# CONFIG_DETECT_HUNG_TASK is not set
|
||||
CONFIG_DETECT_HUNG_TASK=y
|
||||
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
|
||||
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
|
||||
|
||||
# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set
|
||||
CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
|
||||
|
||||
# CONFIG_DEBUG_KMEMLEAK is not set
|
||||
CONFIG_DEBUG_KMEMLEAK=y
|
||||
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
|
||||
# CONFIG_DEBUG_KMEMLEAK_TEST is not set
|
||||
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
|
||||
@ -125,7 +125,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
|
||||
|
||||
# CONFIG_SPI_DEBUG is not set
|
||||
|
||||
# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
|
||||
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
|
||||
|
||||
# CONFIG_SCHEDSTATS is not set
|
||||
# CONFIG_LATENCYTOP is not set
|
||||
|
@ -61,7 +61,6 @@ CONFIG_CAPI_EICON=y
|
||||
|
||||
CONFIG_NVRAM=y
|
||||
|
||||
# CONFIG_PCMCIA_M8XX is not set
|
||||
# CONFIG_SCSI_AHA1542 is not set
|
||||
# CONFIG_SCSI_IN2000 is not set
|
||||
# CONFIG_SCSI_IPS is not set
|
||||
|
@ -1,180 +0,0 @@
|
||||
# CONFIG_SMP is not set
|
||||
CONFIG_PPC32=y
|
||||
# CONFIG_PPC64 is not set
|
||||
# CONFIG_RTAS_PROC is not set
|
||||
# CONFIG_PCMCIA_M8XX is not set
|
||||
# CONFIG_HOTPLUG_PCI is not set
|
||||
CONFIG_CPU_FREQ_PMAC=y
|
||||
CONFIG_PPC_CHRP=y
|
||||
CONFIG_PPC_PMAC=y
|
||||
# CONFIG_PPC_MPC52xx is not set
|
||||
CONFIG_PPC_PREP=y
|
||||
|
||||
# CONFIG_PPC_MPC5200_SIMPLE is not set
|
||||
# CONFIG_SATA_FSL is not set
|
||||
# CONFIG_SATA_NV is not set
|
||||
|
||||
# busted in .28git1
|
||||
# ERROR: "cacheable_memzero" [drivers/net/gianfar_driver.ko] undefined!
|
||||
# CONFIG_GIANFAR is not set
|
||||
# CONFIG_USB_EHCI_FSL is not set
|
||||
|
||||
CONFIG_PMAC_APM_EMU=y
|
||||
CONFIG_PMAC_BACKLIGHT=y
|
||||
|
||||
CONFIG_HIGHMEM=y
|
||||
# CONFIG_HIGHMEM_START_BOOL is not set
|
||||
# CONFIG_LOWMEM_SIZE_BOOL is not set
|
||||
# CONFIG_TASK_SIZE_BOOL is not set
|
||||
# CONFIG_KERNEL_START_BOOL is not set
|
||||
# CONFIG_PPC601_SYNC_FIX is not set
|
||||
CONFIG_ADVANCED_OPTIONS=y
|
||||
CONFIG_SCSI_MESH=m
|
||||
CONFIG_SCSI_MESH_SYNC_RATE=5
|
||||
CONFIG_SCSI_MESH_RESET_DELAY_MS=4000
|
||||
|
||||
CONFIG_LBDAF=y
|
||||
|
||||
CONFIG_SCSI_MAC53C94=m
|
||||
CONFIG_ADB_CUDA=y
|
||||
CONFIG_ADB_MACIO=y
|
||||
CONFIG_INPUT_ADBHID=y
|
||||
CONFIG_ADB_PMU_LED=y
|
||||
CONFIG_ADB_PMU_LED_IDE=y
|
||||
|
||||
CONFIG_PMAC_MEDIABAY=y
|
||||
CONFIG_NET_VENDOR_APPLE=y
|
||||
CONFIG_BMAC=m
|
||||
CONFIG_MACE=m
|
||||
# CONFIG_MACE_AAUI_PORT is not set
|
||||
# CONFIG_MV643XX_ETH is not set
|
||||
CONFIG_I2C_HYDRA=m
|
||||
CONFIG_I2C_MPC=m
|
||||
CONFIG_THERM_WINDTUNNEL=m
|
||||
CONFIG_THERM_ADT746X=m
|
||||
# CONFIG_ANSLCD is not set
|
||||
|
||||
CONFIG_FB_PLATINUM=y
|
||||
CONFIG_FB_VALKYRIE=y
|
||||
CONFIG_FB_CT65550=y
|
||||
# CONFIG_BDI_SWITCH is not set
|
||||
|
||||
CONFIG_MAC_FLOPPY=m
|
||||
# CONFIG_BLK_DEV_FD is not set
|
||||
|
||||
CONFIG_FB_ATY128=y
|
||||
CONFIG_FB_ATY=y
|
||||
CONFIG_FB_MATROX=y
|
||||
# CONFIG_KEXEC is not set
|
||||
|
||||
# CONFIG_HVC_RTAS is not set
|
||||
|
||||
# CONFIG_UDBG_RTAS_CONSOLE is not set
|
||||
CONFIG_BRIQ_PANEL=m
|
||||
|
||||
# CONFIG_ATA_PIIX is not set
|
||||
# CONFIG_PATA_AMD is not set
|
||||
# CONFIG_PATA_ATIIXP is not set
|
||||
# CONFIG_PATA_MPC52xx is not set
|
||||
# CONFIG_PATA_MPIIX is not set
|
||||
# CONFIG_PATA_OLDPIIX is not set
|
||||
# CONFIG_PATA_OPTI is not set
|
||||
# CONFIG_PATA_SERVERWORKS is not set
|
||||
|
||||
# CONFIG_SERIAL_MPC52xx is not set
|
||||
# CONFIG_MPC5200_WDT is not set
|
||||
CONFIG_8xxx_WDT=m
|
||||
CONFIG_GEF_WDT=m
|
||||
|
||||
# CONFIG_PPC_MPC5200_BUGFIX is not set
|
||||
# CONFIG_NET_VENDOR_FREESCALE is not set
|
||||
#CHECK: This may later become a tristate.
|
||||
CONFIG_MDIO_GPIO=m
|
||||
|
||||
CONFIG_SERIAL_OF_PLATFORM=y
|
||||
CONFIG_DEBUG_STACKOVERFLOW=y
|
||||
|
||||
# CONFIG_EMBEDDED6xx is not set
|
||||
|
||||
# CONFIG_BLK_DEV_PLATFORM is not set
|
||||
# CONFIG_BLK_DEV_4DRIVES is not set
|
||||
# CONFIG_BLK_DEV_ALI14XX is not set
|
||||
# CONFIG_BLK_DEV_DTC2278 is not set
|
||||
# CONFIG_BLK_DEV_HT6560B is not set
|
||||
# CONFIG_BLK_DEV_QD65XX is not set
|
||||
# CONFIG_BLK_DEV_UMC8672 is not set
|
||||
|
||||
# CONFIG_VIRQ_DEBUG is not set
|
||||
|
||||
CONFIG_PPC_BESTCOMM_ATA=m
|
||||
CONFIG_PPC_BESTCOMM_FEC=m
|
||||
CONFIG_PPC_BESTCOMM_GEN_BD=m
|
||||
|
||||
CONFIG_FORCE_MAX_ZONEORDER=11
|
||||
# CONFIG_PAGE_OFFSET_BOOL is not set
|
||||
# CONFIG_FB_FSL_DIU is not set
|
||||
CONFIG_IRQSTACKS=y
|
||||
CONFIG_VIRTUALIZATION=y
|
||||
|
||||
# CONFIG_DEBUG_GPIO is not set
|
||||
# CONFIG_GPIO_PCA953X is not set
|
||||
# CONFIG_GPIO_PCF857X is not set
|
||||
# CONFIG_HTC_EGPIO is not set
|
||||
|
||||
# CONFIG_TIFM_CORE is not set
|
||||
|
||||
# CONFIG_BLK_CPQ_CISS_DA is not set
|
||||
# CONFIG_CISS_SCSI_TAPE is not set
|
||||
|
||||
# CONFIG_I2C_NFORCE2 is not set
|
||||
|
||||
# CONFIG_SND_INTEL8X0 is not set
|
||||
# CONFIG_SND_INTEL8X0M is not set
|
||||
|
||||
# CONFIG_MEMSTICK is not set
|
||||
|
||||
# CONFIG_IPMI_HANDLER is not set
|
||||
|
||||
# PPC gets sad with debug alloc (bz 448598)
|
||||
# CONFIG_DEBUG_PAGEALLOC is not set
|
||||
|
||||
CONFIG_CRYPTO_DEV_TALITOS=m
|
||||
|
||||
# CONFIG_FSL_EMB_PERFMON is not set
|
||||
# CONFIG_MPC8272_ADS is not set
|
||||
# CONFIG_PQ2FADS is not set
|
||||
# CONFIG_EP8248E is not set
|
||||
# CONFIG_MPC830x_RDB is not set
|
||||
# CONFIG_MPC831x_RDB is not set
|
||||
# CONFIG_MPC832x_MDS is not set
|
||||
# CONFIG_MPC832x_RDB is not set
|
||||
# CONFIG_MPC834x_MDS is not set
|
||||
# CONFIG_MPC834x_ITX is not set
|
||||
# CONFIG_MPC836x_MDS is not set
|
||||
# CONFIG_MPC836x_RDK is not set
|
||||
# CONFIG_MPC837x_MDS is not set
|
||||
# CONFIG_MPC837x_RDB is not set
|
||||
# CONFIG_SBC834x is not set
|
||||
# CONFIG_ASP834x is not set
|
||||
# CONFIG_KMETER1 is not set
|
||||
# CONFIG_MPC8641_HPCN is not set
|
||||
# CONFIG_SBC8641D is not set
|
||||
# CONFIG_MPC8610_HPCD is not set
|
||||
# CONFIG_FSL_LBC is not set
|
||||
# CONFIG_MTD_NAND_FSL_UPM is not set
|
||||
|
||||
# CONFIG_USB_MUSB_HDRC is not set
|
||||
|
||||
# busted in 2.6.27
|
||||
# drivers/mtd/maps/sbc8240.c: In function 'init_sbc8240_mtd':
|
||||
# drivers/mtd/maps/sbc8240.c:172: warning: passing argument 1 of 'simple_map_init' from incompatible pointer type
|
||||
# drivers/mtd/maps/sbc8240.c:177: error: 'struct mtd_info' has no member named 'module'
|
||||
|
||||
CONFIG_RCU_FANOUT=32
|
||||
|
||||
CONFIG_KVM_BOOK3S_32=m
|
||||
|
||||
# CONFIG_SCSI_QLA_ISCSI is not set
|
||||
|
||||
CONFIG_BATTERY_PMU=m
|
||||
|
@ -1,3 +0,0 @@
|
||||
# CONFIG_HOTPLUG_CPU is not set
|
||||
CONFIG_NR_CPUS=4
|
||||
# CONFIG_BATTERY_PMU is not set
|
@ -146,6 +146,7 @@ CONFIG_RCU_FANOUT=64
|
||||
|
||||
CONFIG_CMA=y
|
||||
# CONFIG_CMA_DEBUG is not set
|
||||
CONFIG_CMA_AREAS=7
|
||||
CONFIG_KVM_BOOK3S_64=m
|
||||
CONFIG_KVM_BOOK3S_64_HV=m
|
||||
CONFIG_KVM_BOOK3S_64_PR=m
|
||||
|
@ -137,6 +137,7 @@ CONFIG_RCU_FANOUT=64
|
||||
|
||||
CONFIG_CMA=y
|
||||
# CONFIG_CMA_DEBUG is not set
|
||||
CONFIG_CMA_AREAS=7
|
||||
CONFIG_KVM_BOOK3S_64=m
|
||||
CONFIG_KVM_BOOK3S_64_HV=m
|
||||
CONFIG_KVM_BOOK3S_64_PR=m
|
||||
|
@ -119,6 +119,7 @@ CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
|
||||
CONFIG_CRYPTO_DEV_CCP=y
|
||||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
|
||||
|
||||
CONFIG_GENERIC_ISA_DMA=y
|
||||
|
||||
@ -142,6 +143,9 @@ CONFIG_IPW2200_QOS=y
|
||||
|
||||
CONFIG_BLK_DEV_AMD74XX=y
|
||||
|
||||
# I2C_ACPI casues I2C to be built in. This should probably be fixed.
|
||||
CONFIG_I2C=y
|
||||
CONFIG_ACPI_I2C_OPREGION=y
|
||||
CONFIG_I2C_AMD756=m
|
||||
CONFIG_I2C_AMD756_S4882=m
|
||||
CONFIG_I2C_AMD8111=m
|
||||
@ -183,6 +187,7 @@ CONFIG_EDAC_X38=m
|
||||
CONFIG_EDAC_MCE_INJ=m
|
||||
CONFIG_EDAC_DECODE_MCE=m
|
||||
CONFIG_EDAC_LEGACY_SYSFS=y
|
||||
CONFIG_EDAC_IE31200=m
|
||||
|
||||
CONFIG_SCHED_MC=y
|
||||
|
||||
@ -404,7 +409,7 @@ CONFIG_SP5100_TCO=m
|
||||
|
||||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_DEBUG_TLBFLUSH is not set
|
||||
# CONFIG_MAXSMP is not set
|
||||
CONFIG_MAXSMP=y
|
||||
|
||||
|
||||
CONFIG_HP_ILO=m
|
||||
@ -437,6 +442,7 @@ CONFIG_X86_DECODER_SELFTEST=y
|
||||
CONFIG_ACPI_CMPC=m
|
||||
CONFIG_MSI_WMI=m
|
||||
CONFIG_TOSHIBA_BT_RFKILL=m
|
||||
CONFIG_TOSHIBA_HAPS=m
|
||||
|
||||
CONFIG_VGA_SWITCHEROO=y
|
||||
CONFIG_LPC_SCH=m
|
||||
@ -447,6 +453,33 @@ CONFIG_GPIO_ICH=m
|
||||
# CONFIG_GPIO_MCP23S08 is not set
|
||||
# CONFIG_GPIO_F7188X is not set
|
||||
|
||||
# These should all go away with IC2_ACPI is fixed
|
||||
# CONFIG_MFD_AS3711 is not set
|
||||
# CONFIG_PMIC_ADP5520 is not set
|
||||
# CONFIG_MFD_AAT2870_CORE is not set
|
||||
# CONFIG_MFD_AXP20X is not set
|
||||
# CONFIG_PMIC_DA903X is not set
|
||||
# CONFIG_MFD_DA9052_I2C is not set
|
||||
# CONFIG_MFD_DA9055 is not set
|
||||
# CONFIG_MFD_88PM800 is not set
|
||||
# CONFIG_MFD_88PM805 is not set
|
||||
# CONFIG_MFD_MAX14577 is not set
|
||||
# CONFIG_MFD_MAX77686 is not set
|
||||
# CONFIG_MFD_MAX77693 is not set
|
||||
# CONFIG_MFD_MAX8907 is not set
|
||||
# CONFIG_MFD_MAX8997 is not set
|
||||
# CONFIG_MFD_RC5T583 is not set
|
||||
# CONFIG_MFD_SEC_CORE is not set
|
||||
# CONFIG_MFD_SMSC is not set
|
||||
# CONFIG_MFD_LP8788 is not set
|
||||
# CONFIG_MFD_PALMAS is not set
|
||||
# CONFIG_MFD_TPS65090 is not set
|
||||
# CONFIG_MFD_TPS65910 is not set
|
||||
# CONFIG_MFD_TPS65912_I2C is not set
|
||||
# CONFIG_MFD_TPS80031 is not set
|
||||
# CONFIG_TWL4030_CORE is not set
|
||||
# CONFIG_TWL6040_CORE is not set
|
||||
|
||||
|
||||
CONFIG_PCI_CNB20LE_QUIRK=y
|
||||
|
||||
@ -537,6 +570,9 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
|
||||
CONFIG_XZ_DEC_X86=y
|
||||
|
||||
CONFIG_MPILIB=y
|
||||
CONFIG_PKCS7_MESSAGE_PARSER=y
|
||||
# CONFIG_PKCS7_TEST_KEY is not set
|
||||
CONFIG_SIGNED_PE_FILE_VERIFICATION=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
|
||||
CONFIG_MODULE_SIG=y
|
||||
@ -547,6 +583,9 @@ CONFIG_MODULE_SIG_SHA256=y
|
||||
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
|
||||
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
||||
|
||||
# CONFIG_KEXEC_FILE is not set
|
||||
# CONFIG_KEXEC_VERIFY_SIG is not set
|
||||
|
||||
CONFIG_MODULE_SIG_UEFI=y
|
||||
|
||||
CONFIG_VMXNET3=m
|
||||
|
@ -42,6 +42,9 @@ CONFIG_CGROUP_HUGETLB=y
|
||||
CONFIG_MEM_SOFT_DIRTY=y
|
||||
|
||||
CONFIG_KEXEC_JUMP=y
|
||||
CONFIG_KEXEC_FILE=y
|
||||
CONFIG_KEXEC_VERIFY_SIG=y
|
||||
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
|
||||
|
||||
CONFIG_ACPI_HOTPLUG_MEMORY=y
|
||||
|
||||
@ -49,6 +52,8 @@ CONFIG_ACPI_HOTPLUG_MEMORY=y
|
||||
|
||||
CONFIG_INTEL_MIC_HOST=m
|
||||
CONFIG_INTEL_MIC_CARD=m
|
||||
CONFIG_INTEL_MIC_BUS=m
|
||||
CONFIG_INTEL_MIC_X100_DMA=m
|
||||
|
||||
# SHPC has half-arsed PCI probing, which makes it load on too many systems
|
||||
CONFIG_HOTPLUG_PCI_SHPC=m
|
||||
@ -74,6 +79,7 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_DES3_EDE_X86_64=m
|
||||
# staging crypto
|
||||
# CONFIG_CRYPTO_SKEIN is not set
|
||||
# CONFIG_CRYPTO_THREEFISH is not set
|
||||
@ -158,6 +164,8 @@ CONFIG_CHECKPOINT_RESTORE=y
|
||||
# Should be 32bit only, but lacks KConfig depends
|
||||
# CONFIG_XO15_EBOOK is not set
|
||||
|
||||
CONFIG_THUNDERBOLT=m
|
||||
|
||||
CONFIG_NTB=m
|
||||
CONFIG_NTB_NETDEV=m
|
||||
|
||||
|
@ -1,69 +1,68 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
||||
From 1786bc697d34af944e29437ce44337b0eb8b6799 Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@dreadnought.bos.jkkm.org>
|
||||
From cd5c274ee73762b5616bf36fab3a2df50bceb203 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Anderson <anderson@redhat.com>
|
||||
Date: Tue, 26 Nov 2013 12:42:46 -0500
|
||||
Subject: [PATCH] crash-driver
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
arch/arm/include/asm/crash.h | 6 ++
|
||||
arch/arm64/include/asm/crash.h | 6 ++
|
||||
arch/ia64/include/asm/crash.h | 90 +++++++++++++++++++++++++++
|
||||
arch/arm/include/asm/crash-driver.h | 6 ++
|
||||
arch/arm64/include/asm/crash-driver.h | 6 ++
|
||||
arch/ia64/include/asm/crash-driver.h | 90 ++++++++++++++++++++++
|
||||
arch/ia64/kernel/ia64_ksyms.c | 3 +
|
||||
arch/powerpc/include/asm/crash.h | 6 ++
|
||||
arch/s390/include/asm/crash.h | 60 ++++++++++++++++++
|
||||
arch/powerpc/include/asm/crash-driver.h | 6 ++
|
||||
arch/s390/include/asm/crash-driver.h | 60 +++++++++++++++
|
||||
arch/s390/mm/maccess.c | 2 +
|
||||
arch/x86/include/asm/crash.h | 6 ++
|
||||
arch/x86/include/asm/crash-driver.h | 6 ++
|
||||
drivers/char/Kconfig | 3 +
|
||||
drivers/char/Makefile | 2 +
|
||||
drivers/char/crash.c | 128 +++++++++++++++++++++++++++++++++++++++
|
||||
include/asm-generic/crash.h | 72 ++++++++++++++++++++++
|
||||
drivers/char/crash.c | 128 ++++++++++++++++++++++++++++++++
|
||||
include/asm-generic/crash-driver.h | 72 ++++++++++++++++++
|
||||
12 files changed, 384 insertions(+)
|
||||
create mode 100644 arch/arm/include/asm/crash.h
|
||||
create mode 100644 arch/arm64/include/asm/crash.h
|
||||
create mode 100644 arch/ia64/include/asm/crash.h
|
||||
create mode 100644 arch/powerpc/include/asm/crash.h
|
||||
create mode 100644 arch/s390/include/asm/crash.h
|
||||
create mode 100644 arch/x86/include/asm/crash.h
|
||||
create mode 100644 arch/arm/include/asm/crash-driver.h
|
||||
create mode 100644 arch/arm64/include/asm/crash-driver.h
|
||||
create mode 100644 arch/ia64/include/asm/crash-driver.h
|
||||
create mode 100644 arch/powerpc/include/asm/crash-driver.h
|
||||
create mode 100644 arch/s390/include/asm/crash-driver.h
|
||||
create mode 100644 arch/x86/include/asm/crash-driver.h
|
||||
create mode 100644 drivers/char/crash.c
|
||||
create mode 100644 include/asm-generic/crash.h
|
||||
create mode 100644 include/asm-generic/crash-driver.h
|
||||
|
||||
diff --git a/arch/arm/include/asm/crash.h b/arch/arm/include/asm/crash.h
|
||||
diff --git a/arch/arm/include/asm/crash-driver.h b/arch/arm/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..1d2e537
|
||||
index 000000000000..06e7ae916601
|
||||
--- /dev/null
|
||||
+++ b/arch/arm/include/asm/crash.h
|
||||
+++ b/arch/arm/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _ARM_CRASH_H
|
||||
+#define _ARM_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _ARM_CRASH_H */
|
||||
diff --git a/arch/arm64/include/asm/crash.h b/arch/arm64/include/asm/crash.h
|
||||
diff --git a/arch/arm64/include/asm/crash-driver.h b/arch/arm64/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..a7fcc28
|
||||
index 000000000000..43b26da0c5d6
|
||||
--- /dev/null
|
||||
+++ b/arch/arm64/include/asm/crash.h
|
||||
+++ b/arch/arm64/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _ARM64_CRASH_H
|
||||
+#define _ARM64_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _ARM64_CRASH_H */
|
||||
diff --git a/arch/ia64/include/asm/crash.h b/arch/ia64/include/asm/crash.h
|
||||
diff --git a/arch/ia64/include/asm/crash-driver.h b/arch/ia64/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..28bd955
|
||||
index 000000000000..404bcb93c112
|
||||
--- /dev/null
|
||||
+++ b/arch/ia64/include/asm/crash.h
|
||||
+++ b/arch/ia64/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,90 @@
|
||||
+#ifndef _ASM_IA64_CRASH_H
|
||||
+#define _ASM_IA64_CRASH_H
|
||||
+
|
||||
+/*
|
||||
+ * linux/include/asm-ia64/crash.h
|
||||
+ * linux/include/asm-ia64/crash-driver.h
|
||||
+ *
|
||||
+ * Copyright (c) 2004 Red Hat, Inc. All rights reserved.
|
||||
+ *
|
||||
@ -150,7 +149,7 @@ index 0000000..28bd955
|
||||
+
|
||||
+#endif /* _ASM_IA64_CRASH_H */
|
||||
diff --git a/arch/ia64/kernel/ia64_ksyms.c b/arch/ia64/kernel/ia64_ksyms.c
|
||||
index 5b7791d..aee4b87 100644
|
||||
index 5b7791dd3965..aee4b870c763 100644
|
||||
--- a/arch/ia64/kernel/ia64_ksyms.c
|
||||
+++ b/arch/ia64/kernel/ia64_ksyms.c
|
||||
@@ -84,6 +84,9 @@ EXPORT_SYMBOL(ia64_save_scratch_fpregs);
|
||||
@ -163,23 +162,23 @@ index 5b7791d..aee4b87 100644
|
||||
#if defined(CONFIG_IA64_ESI) || defined(CONFIG_IA64_ESI_MODULE)
|
||||
extern void esi_call_phys (void);
|
||||
EXPORT_SYMBOL_GPL(esi_call_phys);
|
||||
diff --git a/arch/powerpc/include/asm/crash.h b/arch/powerpc/include/asm/crash.h
|
||||
diff --git a/arch/powerpc/include/asm/crash-driver.h b/arch/powerpc/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..daa8c4d
|
||||
index 000000000000..50092d965dc5
|
||||
--- /dev/null
|
||||
+++ b/arch/powerpc/include/asm/crash.h
|
||||
+++ b/arch/powerpc/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _PPC64_CRASH_H
|
||||
+#define _PPC64_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _PPC64_CRASH_H */
|
||||
diff --git a/arch/s390/include/asm/crash.h b/arch/s390/include/asm/crash.h
|
||||
diff --git a/arch/s390/include/asm/crash-driver.h b/arch/s390/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..552be5e
|
||||
index 000000000000..552be5e2c571
|
||||
--- /dev/null
|
||||
+++ b/arch/s390/include/asm/crash.h
|
||||
+++ b/arch/s390/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,60 @@
|
||||
+#ifndef _S390_CRASH_H
|
||||
+#define _S390_CRASH_H
|
||||
@ -242,10 +241,10 @@ index 0000000..552be5e
|
||||
+
|
||||
+#endif /* _S390_CRASH_H */
|
||||
diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c
|
||||
index d1e0e0c..a2be459 100644
|
||||
index 2a2e35416d2f..a529181429bb 100644
|
||||
--- a/arch/s390/mm/maccess.c
|
||||
+++ b/arch/s390/mm/maccess.c
|
||||
@@ -219,6 +219,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
|
||||
@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(unsigned long addr)
|
||||
put_online_cpus();
|
||||
return bounce;
|
||||
}
|
||||
@ -253,25 +252,25 @@ index d1e0e0c..a2be459 100644
|
||||
|
||||
/*
|
||||
* Free converted buffer for /dev/mem access (if necessary)
|
||||
@@ -228,3 +229,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
|
||||
@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(unsigned long addr, void *buf)
|
||||
if ((void *) addr != buf)
|
||||
free_page((unsigned long) buf);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(unxlate_dev_mem_ptr);
|
||||
diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h
|
||||
diff --git a/arch/x86/include/asm/crash-driver.h b/arch/x86/include/asm/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..27a4156
|
||||
index 000000000000..fd4736ec99f5
|
||||
--- /dev/null
|
||||
+++ b/arch/x86/include/asm/crash.h
|
||||
+++ b/arch/x86/include/asm/crash-driver.h
|
||||
@@ -0,0 +1,6 @@
|
||||
+#ifndef _X86_CRASH_H
|
||||
+#define _X86_CRASH_H
|
||||
+
|
||||
+#include <asm-generic/crash.h>
|
||||
+#include <asm-generic/crash-driver.h>
|
||||
+
|
||||
+#endif /* _X86_CRASH_H */
|
||||
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
|
||||
index fa3243d..83643e5b 100644
|
||||
index 6e9f74a5c095..ee6bae16b04c 100644
|
||||
--- a/drivers/char/Kconfig
|
||||
+++ b/drivers/char/Kconfig
|
||||
@@ -4,6 +4,9 @@
|
||||
@ -285,10 +284,10 @@ index fa3243d..83643e5b 100644
|
||||
|
||||
config DEVKMEM
|
||||
diff --git a/drivers/char/Makefile b/drivers/char/Makefile
|
||||
index 7ff1d0d..3ed67af 100644
|
||||
index a324f9303e36..33ce2fb1d0a3 100644
|
||||
--- a/drivers/char/Makefile
|
||||
+++ b/drivers/char/Makefile
|
||||
@@ -62,3 +62,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
|
||||
@@ -61,3 +61,5 @@ obj-$(CONFIG_JS_RTC) += js-rtc.o
|
||||
js-rtc-y = rtc.o
|
||||
|
||||
obj-$(CONFIG_TILE_SROM) += tile-srom.o
|
||||
@ -296,7 +295,7 @@ index 7ff1d0d..3ed67af 100644
|
||||
+obj-$(CONFIG_CRASH) += crash.o
|
||||
diff --git a/drivers/char/crash.c b/drivers/char/crash.c
|
||||
new file mode 100644
|
||||
index 0000000..a142bb3
|
||||
index 000000000000..085378a1d539
|
||||
--- /dev/null
|
||||
+++ b/drivers/char/crash.c
|
||||
@@ -0,0 +1,128 @@
|
||||
@ -332,7 +331,7 @@ index 0000000..a142bb3
|
||||
+#include <asm/io.h>
|
||||
+#include <asm/uaccess.h>
|
||||
+#include <asm/types.h>
|
||||
+#include <asm/crash.h>
|
||||
+#include <asm/crash-driver.h>
|
||||
+
|
||||
+#define CRASH_VERSION "1.0"
|
||||
+
|
||||
@ -428,17 +427,17 @@ index 0000000..a142bb3
|
||||
+module_exit(crash_cleanup_module);
|
||||
+
|
||||
+MODULE_LICENSE("GPL");
|
||||
diff --git a/include/asm-generic/crash.h b/include/asm-generic/crash.h
|
||||
diff --git a/include/asm-generic/crash-driver.h b/include/asm-generic/crash-driver.h
|
||||
new file mode 100644
|
||||
index 0000000..8a0a69a
|
||||
index 000000000000..25ab9869d566
|
||||
--- /dev/null
|
||||
+++ b/include/asm-generic/crash.h
|
||||
+++ b/include/asm-generic/crash-driver.h
|
||||
@@ -0,0 +1,72 @@
|
||||
+#ifndef __CRASH_H__
|
||||
+#define __CRASH_H__
|
||||
+
|
||||
+/*
|
||||
+ * include/linux/crash.h
|
||||
+ * include/linux/crash-driver.h
|
||||
+ *
|
||||
+ * Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
+ *
|
||||
@ -507,5 +506,5 @@ index 0000000..8a0a69a
|
||||
+
|
||||
+#endif /* __CRASH_H__ */
|
||||
--
|
||||
1.8.3.1
|
||||
1.9.3
|
||||
|
||||
|
@ -1,11 +1,19 @@
|
||||
From feb3b6774ce9a5b11aec2602961eee0017349534 Mon Sep 17 00:00:00 2001
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Wed, 30 Jan 2013 10:55:31 -0500
|
||||
Subject: [PATCH] criu: no expert
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
init/Kconfig | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index be8b7f5..7461760 100644
|
||||
index 3bad458f1c68..aee58b9fedfc 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -989,7 +989,7 @@ config DEBUG_BLK_CGROUP
|
||||
@@ -1147,7 +1147,7 @@ config DEBUG_BLK_CGROUP
|
||||
endif # CGROUPS
|
||||
|
||||
config CHECKPOINT_RESTORE
|
||||
@ -14,7 +22,7 @@ index be8b7f5..7461760 100644
|
||||
default n
|
||||
help
|
||||
Enables additional kernel features in a sake of checkpoint/restore.
|
||||
@@ -1000,7 +1000,7 @@ config CHECKPOINT_RESTORE
|
||||
@@ -1158,7 +1158,7 @@ config CHECKPOINT_RESTORE
|
||||
If unsure, say N here.
|
||||
|
||||
menuconfig NAMESPACES
|
||||
@ -23,3 +31,6 @@ index be8b7f5..7461760 100644
|
||||
default !EXPERT
|
||||
help
|
||||
Provides the way to make tasks work with different objects using
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
@ -1,24 +1,24 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
||||
From 4ff58b642f80dedb20533978123d89b5ac9b1ed5 Mon Sep 17 00:00:00 2001
|
||||
From d8889580d123fefd57c25681a39de089bedf42ba Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@phobos.i.jkkm.org>
|
||||
Date: Tue, 30 Mar 2010 00:04:29 -0400
|
||||
Subject: die-floppy-die
|
||||
Subject: [PATCH] die-floppy-die
|
||||
|
||||
Kill the floppy.ko pnp modalias. We were surviving just fine without
|
||||
autoloading floppy drivers, tyvm.
|
||||
|
||||
Please feel free to register all complaints in the wastepaper bin.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
drivers/block/floppy.c | 3 +--
|
||||
1 files changed, 1 insertions(+), 2 deletions(-)
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
|
||||
index 90c4038..f4a0b90 100644
|
||||
index 56d46ffb08e1..1c8db250df88 100644
|
||||
--- a/drivers/block/floppy.c
|
||||
+++ b/drivers/block/floppy.c
|
||||
@@ -4619,8 +4619,7 @@ static const struct pnp_device_id floppy_pnpids[] = {
|
||||
@@ -4634,8 +4634,7 @@ static const struct pnp_device_id floppy_pnpids[] = {
|
||||
{"PNP0700", 0},
|
||||
{}
|
||||
};
|
||||
@ -29,5 +29,5 @@ index 90c4038..f4a0b90 100644
|
||||
#else
|
||||
|
||||
--
|
||||
1.7.0.1
|
||||
1.9.3
|
||||
|
||||
|
@ -1,10 +1,7 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: http://lkml.indiana.edu/hypermail/linux/kernel/1005.0/00938.html (and pinged on Dec 17, 2013)
|
||||
|
||||
From 2a79554c864ac58fa2ad982f0fcee2cc2aa33eb5 Mon Sep 17 00:00:00 2001
|
||||
From 9eeae62a9c758b843ac7dac5ee67248d3ad282a1 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Thu, 20 May 2010 10:30:31 -0400
|
||||
Subject: Disable i8042 checks on Intel Apple Macs
|
||||
Subject: [PATCH] disable i8042 check on apple mac
|
||||
|
||||
As those computers never had any i8042 controllers, and the
|
||||
current lookup code could potentially lock up/hang/wait for
|
||||
@ -12,16 +9,19 @@ timeout for long periods of time.
|
||||
|
||||
Fixes intermittent hangs on boot on a MacbookAir1,1
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: http://lkml.indiana.edu/hypermail/linux/kernel/1005.0/00938.html (and pinged on Dec 17, 2013)
|
||||
|
||||
Signed-off-by: Bastien Nocera <hadess@hadess.net>
|
||||
---
|
||||
drivers/input/serio/i8042.c | 22 ++++++++++++++++++++++
|
||||
1 files changed, 22 insertions(+), 0 deletions(-)
|
||||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index 6440a8f..4d7cf98 100644
|
||||
index 612f855c340f..f1aeb0240d6e 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -1451,6 +1451,22 @@ static struct platform_driver i8042_driver = {
|
||||
@@ -1469,6 +1469,22 @@ static struct platform_driver i8042_driver = {
|
||||
.shutdown = i8042_shutdown,
|
||||
};
|
||||
|
||||
@ -44,7 +44,7 @@ index 6440a8f..4d7cf98 100644
|
||||
static int __init i8042_init(void)
|
||||
{
|
||||
struct platform_device *pdev;
|
||||
@@ -1458,6 +1474,12 @@ static int __init i8042_init(void)
|
||||
@@ -1476,6 +1492,12 @@ static int __init i8042_init(void)
|
||||
|
||||
dbg_init();
|
||||
|
||||
@ -58,5 +58,5 @@ index 6440a8f..4d7cf98 100644
|
||||
if (err)
|
||||
return err;
|
||||
--
|
||||
1.7.0.1
|
||||
1.9.3
|
||||
|
||||
|
@ -1,9 +1,20 @@
|
||||
From b729efbc480486186d8916a87f58f6114220a7cb Mon Sep 17 00:00:00 2001
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Fri, 18 Apr 2014 06:58:29 -0400
|
||||
Subject: [PATCH] disable libdw unwind on non-x86
|
||||
|
||||
Bugzilla: 1025603
|
||||
Upstream-status: ??
|
||||
---
|
||||
tools/perf/config/Makefile | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
|
||||
index ee21fa9..19ee413 100644
|
||||
index 1f67aa02d240..86c21a24da46 100644
|
||||
--- a/tools/perf/config/Makefile
|
||||
+++ b/tools/perf/config/Makefile
|
||||
@@ -34,6 +34,10 @@ ifeq ($(ARCH),arm)
|
||||
LIBUNWIND_LIBS = -lunwind -lunwind-arm
|
||||
@@ -52,6 +52,10 @@ ifeq ($(ARCH),powerpc)
|
||||
CFLAGS += -DHAVE_SKIP_CALLCHAIN_IDX
|
||||
endif
|
||||
|
||||
+ifneq ($(ARCH),x86)
|
||||
@ -13,3 +24,6 @@ index ee21fa9..19ee413 100644
|
||||
ifeq ($(LIBUNWIND_LIBS),)
|
||||
NO_LIBUNWIND := 1
|
||||
else
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
@ -1,15 +1,24 @@
|
||||
Bugzilla: 1027037 1028785
|
||||
Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/035948.html
|
||||
From 395528c008e2d49c9bf8f02d6cb071aa11742755 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Jackson <ajax@redhat.com>
|
||||
Date: Wed, 13 Nov 2013 10:17:24 -0500
|
||||
Subject: [PATCH] drm/i915: hush check crtc state
|
||||
|
||||
This is _by far_ the most common backtrace for i915 on retrace.fp.o, and
|
||||
it's mostly useless noise. There's not enough context when it's generated
|
||||
to know if something actually went wrong. Downgrade the message to
|
||||
KMS debugging so we can still get it if we want it.
|
||||
|
||||
diff -up linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c.jx linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c
|
||||
--- linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c.jx 2013-11-03 18:41:51.000000000 -0500
|
||||
+++ linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_display.c 2013-11-13 10:12:05.781301624 -0500
|
||||
@@ -8803,7 +8803,7 @@ check_crtc_state(struct drm_device *dev)
|
||||
Bugzilla: 1027037 1028785
|
||||
Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/035948.html
|
||||
---
|
||||
drivers/gpu/drm/i915/intel_display.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
|
||||
index d8324c69fa86..ee0ca36930f8 100644
|
||||
--- a/drivers/gpu/drm/i915/intel_display.c
|
||||
+++ b/drivers/gpu/drm/i915/intel_display.c
|
||||
@@ -10656,7 +10656,7 @@ check_crtc_state(struct drm_device *dev)
|
||||
|
||||
if (active &&
|
||||
!intel_pipe_config_compare(dev, &crtc->config, &pipe_config)) {
|
||||
@ -18,3 +27,6 @@ diff -up linux-3.13.0-0.rc0.git2.1.fc21.x86_64/drivers/gpu/drm/i915/intel_displa
|
||||
intel_dump_pipe_config(crtc, &pipe_config,
|
||||
"[hw state]");
|
||||
intel_dump_pipe_config(crtc, &crtc->config,
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
@ -1,50 +0,0 @@
|
||||
Bugzilla: 1097463
|
||||
Upstream-status: Sent for 3.16
|
||||
|
||||
From 7ad066ecd4dfb4c36fb00f9f9eb1a5d6099db834 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 17:41:02 +0200
|
||||
Subject: [PATCH 05/14] eeepc-wmi: Add no backlight quirk for Asus H87I-PLUS
|
||||
Motherboard
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1097436
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/eeepc-wmi.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/eeepc-wmi.c b/drivers/platform/x86/eeepc-wmi.c
|
||||
index 6112933f6278..a7286bbfe28e 100644
|
||||
--- a/drivers/platform/x86/eeepc-wmi.c
|
||||
+++ b/drivers/platform/x86/eeepc-wmi.c
|
||||
@@ -114,6 +114,10 @@ static struct quirk_entry quirk_asus_x101ch = {
|
||||
.wmi_backlight_power = true,
|
||||
};
|
||||
|
||||
+static struct quirk_entry quirk_asus_no_backlight = {
|
||||
+ .no_backlight = true,
|
||||
+};
|
||||
+
|
||||
static struct quirk_entry *quirks;
|
||||
|
||||
static void et2012_quirks(void)
|
||||
@@ -182,6 +186,15 @@ static struct dmi_system_id asus_quirks[] = {
|
||||
},
|
||||
.driver_data = &quirk_asus_x101ch,
|
||||
},
|
||||
+ {
|
||||
+ .callback = dmi_matched,
|
||||
+ .ident = "ASUSTeK Computer INC. H87I-PLUS",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK COMPUTER INC."),
|
||||
+ DMI_MATCH(DMI_BOARD_NAME, "H87I-PLUS"),
|
||||
+ },
|
||||
+ .driver_data = &quirk_asus_no_backlight,
|
||||
+ },
|
||||
{},
|
||||
};
|
||||
|
||||
--
|
||||
1.9.0
|
||||
|
43
efi-Add-EFI_SECURE_BOOT-bit.patch
Normal file
43
efi-Add-EFI_SECURE_BOOT-bit.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 5a8578dc90626d4bc4d9dca2311fcdb2b75a3a87 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:33:03 -0400
|
||||
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
for use with efi_enabled.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/kernel/setup.c | 2 ++
|
||||
include/linux/efi.h | 1 +
|
||||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 5a5cf7395724..fb282ff6a802 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
if (boot_params.secure_boot) {
|
||||
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
|
||||
enforce_signed_modules();
|
||||
+ pr_info("Secure boot enabled\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 45cb4ffdea62..ebe6a24cc1e1 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -923,6 +923,7 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
|
||||
#define EFI_PARAVIRT 6 /* Access is via a paravirt interface */
|
||||
#define EFI_ARCH_1 7 /* First arch-specific bit */
|
||||
+#define EFI_SECURE_BOOT 8 /* Are we in Secure Boot mode? */
|
||||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
1.9.3
|
||||
|
58
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
Normal file
58
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From bb5d57cb1278a0ca3ba6d904c3698d308c12b3be Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
|
||||
|
||||
A user can manually tell the shim boot loader to disable validation of
|
||||
images it loads. When a user does this, it creates a UEFI variable called
|
||||
MokSBState that does not have the runtime attribute set. Given that the
|
||||
user explicitly disabled validation, we can honor that and not enable
|
||||
secure boot mode if that variable is set.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
|
||||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 88edd48f03e9..3b18ef2b534c 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -806,8 +806,9 @@ out:
|
||||
|
||||
static int get_secure_boot(void)
|
||||
{
|
||||
- u8 sb, setup;
|
||||
+ u8 sb, setup, moksbstate;
|
||||
unsigned long datasize = sizeof(sb);
|
||||
+ u32 attr;
|
||||
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
efi_status_t status;
|
||||
|
||||
@@ -831,6 +832,23 @@ static int get_secure_boot(void)
|
||||
if (setup == 1)
|
||||
return 0;
|
||||
|
||||
+ /* See if a user has put shim into insecure_mode. If so, and the variable
|
||||
+ * doesn't have the runtime attribute set, we might as well honor that.
|
||||
+ */
|
||||
+ var_guid = EFI_SHIM_LOCK_GUID;
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"MokSBState", &var_guid, &attr, &datasize,
|
||||
+ &moksbstate);
|
||||
+
|
||||
+ /* If it fails, we don't care why. Default to secure */
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
|
||||
+ if (moksbstate == 1)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
30
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
Normal file
30
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 27c9c6fc3c570ac29db93262d712ce1557b90128 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:28:43 -0400
|
||||
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
|
||||
The functionality of the config option is dependent upon the platform being
|
||||
UEFI based. Reflect this in the config deps.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/Kconfig | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 8899dc333793..33dfa4ce8c09 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1566,7 +1566,8 @@ config EFI_MIXED
|
||||
If unsure, say N.
|
||||
|
||||
config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
- def_bool n
|
||||
+ def_bool n
|
||||
+ depends on EFI
|
||||
prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
---help---
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,14 +0,0 @@
|
||||
#! /bin/bash
|
||||
|
||||
# This is the ppc override file for the core/drivers package split. The
|
||||
# module directories listed here and in the generic list in filter-modules.sh
|
||||
# will be moved to the resulting kernel-modules package for this arch.
|
||||
# Anything not listed in those files will be in the kernel-core package.
|
||||
#
|
||||
# Please review the default list in filter-modules.sh before making
|
||||
# modifications to the overrides below. If something should be removed across
|
||||
# all arches, remove it in the default instead of per-arch.
|
||||
|
||||
driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
|
||||
|
||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma svcrdma xprtrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject"
|
39
hibernate-Disable-in-a-signed-modules-environment.patch
Normal file
39
hibernate-Disable-in-a-signed-modules-environment.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 1ed340b9f2da1a8f5a38c7bf9b181feae8580eb5 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 20 Jun 2014 08:53:24 -0400
|
||||
Subject: [PATCH] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
so until we can work with signed hibernate images we disable it in
|
||||
a secure modules environment.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/power/hibernate.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index a9dfa79b6bab..14c7356ff53a 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/genhd.h>
|
||||
+#include <linux/module.h>
|
||||
#include <trace/events/power.h>
|
||||
|
||||
#include "power.h"
|
||||
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
|
||||
bool hibernation_available(void)
|
||||
{
|
||||
- return (nohibernate == 0);
|
||||
+ return ((nohibernate == 0) && !secure_modules());
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
1.9.3
|
||||
|
32
i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
Normal file
32
i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 6fd77b0f76b946fd6de55c0a1acff4eee191e5ed Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Wed, 30 Jul 2014 17:56:05 +0200
|
||||
Subject: [PATCH] i8042: Also store the aux firmware id in multi-plexed aux
|
||||
ports
|
||||
|
||||
So that firmware-id matching can be used with multiplexed aux ports too.
|
||||
|
||||
Bugzilla: 1110011
|
||||
Upstream-status: sent for 3.17/3.18
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/input/serio/i8042.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index f1aeb0240d6e..4b5015f27f9e 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -1253,6 +1253,8 @@ static int __init i8042_create_aux_port(int idx)
|
||||
} else {
|
||||
snprintf(serio->name, sizeof(serio->name), "i8042 AUX%d port", idx);
|
||||
snprintf(serio->phys, sizeof(serio->phys), I8042_MUX_PHYS_DESC, idx + 1);
|
||||
+ strlcpy(serio->firmware_id, i8042_aux_firmware_id,
|
||||
+ sizeof(serio->firmware_id));
|
||||
}
|
||||
|
||||
port->serio = serio;
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,11 +1,19 @@
|
||||
From f10b526aee84af2e6de026ea7300e325e117705f Mon Sep 17 00:00:00 2001
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Thu, 29 Jul 2010 16:46:31 -0700
|
||||
Subject: [PATCH] input: kill stupid messages
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
drivers/input/keyboard/atkbd.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c
|
||||
index add5ffd..5eb2f03 100644
|
||||
index 2dd1d0dd4f7d..7116b70074bf 100644
|
||||
--- a/drivers/input/keyboard/atkbd.c
|
||||
+++ b/drivers/input/keyboard/atkbd.c
|
||||
@@ -430,11 +430,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,
|
||||
@@ -436,11 +436,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,
|
||||
goto out;
|
||||
case ATKBD_RET_ACK:
|
||||
case ATKBD_RET_NAK:
|
||||
@ -21,3 +29,6 @@ index add5ffd..5eb2f03 100644
|
||||
goto out;
|
||||
case ATKBD_RET_ERR:
|
||||
atkbd->err_count++;
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
@ -1,20 +1,39 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
||||
From b4e96f34c17e5a79cd28774cc722bb33e7e02c6e Mon Sep 17 00:00:00 2001
|
||||
From 8be33914661d87ef0e644dc23d10ead4bc1c68c9 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Thu, 25 Sep 2008 16:23:33 -0400
|
||||
Subject: [PATCH] Don't print an error message just because there's no i8042 chip.
|
||||
Subject: [PATCH] input: silence i8042 noise
|
||||
|
||||
Don't print an error message just because there's no i8042 chip.
|
||||
Some systems, such as EFI-based Apple systems, won't necessarily have an
|
||||
i8042 to initialize. We shouldn't be printing an error message in this
|
||||
case, since not detecting the chip is the correct behavior.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
drivers/base/power/main.c | 2 --
|
||||
drivers/input/serio/i8042.c | 1 -
|
||||
net/can/af_can.c | 8 ++------
|
||||
3 files changed, 2 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
|
||||
index b67d9aef9fe4..dd58b0fdaafd 100644
|
||||
--- a/drivers/base/power/main.c
|
||||
+++ b/drivers/base/power/main.c
|
||||
@@ -122,8 +122,6 @@ void device_pm_unlock(void)
|
||||
*/
|
||||
void device_pm_add(struct device *dev)
|
||||
{
|
||||
- pr_debug("PM: Adding info for %s:%s\n",
|
||||
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
|
||||
mutex_lock(&dpm_list_mtx);
|
||||
if (dev->parent && dev->parent->power.is_prepared)
|
||||
dev_warn(dev, "parent %s should not be sleeping\n",
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index 52c9ebf..c374a96 100644
|
||||
index 3807c3e971cc..612f855c340f 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -855,7 +855,6 @@ static int __init i8042_check_aux(void)
|
||||
@@ -857,7 +857,6 @@ static int __init i8042_check_aux(void)
|
||||
static int i8042_controller_check(void)
|
||||
{
|
||||
if (i8042_flush()) {
|
||||
@ -22,16 +41,11 @@ index 52c9ebf..c374a96 100644
|
||||
return -ENODEV;
|
||||
}
|
||||
|
||||
--
|
||||
|
||||
Socket fuzzers like sfuzz will trigger this printk a lot, even though it's
|
||||
ratelimited. It isn't particularly useful, so just remove it.
|
||||
|
||||
Signed-off-by: Dave Jones <davej@redhat.com>
|
||||
|
||||
diff --git a/net/can/af_can.c b/net/can/af_can.c
|
||||
index ce82337521f6..a3fee4becc93 100644
|
||||
--- a/net/can/af_can.c
|
||||
+++ b/net/can/af_can.c
|
||||
@@ -157,13 +157,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
|
||||
@@ -158,13 +158,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
|
||||
err = request_module("can-proto-%d", protocol);
|
||||
|
||||
/*
|
||||
@ -47,22 +61,6 @@ Signed-off-by: Dave Jones <davej@redhat.com>
|
||||
|
||||
cp = can_get_proto(protocol);
|
||||
}
|
||||
--
|
||||
1.9.3
|
||||
|
||||
This was removed in revision 1.6 of linux-2.6-silence-noise.patch
|
||||
in ye olde CVS tree. I have no idea why. Originally the pr_debug in
|
||||
device_pm_remove was nuked as well, but that seems to have gotten lost in
|
||||
the r1.634 of kernel.spec (2.6.26-rc2-git5.)
|
||||
|
||||
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
|
||||
index 2a52270..bacbdd2 100644
|
||||
--- a/drivers/base/power/main.c
|
||||
+++ b/drivers/base/power/main.c
|
||||
@@ -87,8 +87,6 @@ void device_pm_unlock(void)
|
||||
*/
|
||||
void device_pm_add(struct device *dev)
|
||||
{
|
||||
- pr_debug("PM: Adding info for %s:%s\n",
|
||||
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
|
||||
mutex_lock(&dpm_list_mtx);
|
||||
if (dev->parent && dev->parent->power.is_prepared)
|
||||
dev_warn(dev, "parent %s should not be sleeping\n",
|
@ -1,7 +1,4 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: ??
|
||||
|
||||
From fd4e7f06ecc891474dea3a93df083de5f8c50cdc Mon Sep 17 00:00:00 2001
|
||||
From 4ce7b2f872d8fc2520f05dae5e1c523e20cda894 Mon Sep 17 00:00:00 2001
|
||||
From: Roland McGrath <roland@redhat.com>
|
||||
Date: Mon, 6 Oct 2008 23:03:03 -0700
|
||||
Subject: [PATCH] kbuild: AFTER_LINK
|
||||
@ -9,6 +6,9 @@ Subject: [PATCH] kbuild: AFTER_LINK
|
||||
If the make variable AFTER_LINK is set, it is a command line to run
|
||||
after each final link. This includes vmlinux itself and vDSO images.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: ??
|
||||
|
||||
Signed-off-by: Roland McGrath <roland@redhat.com>
|
||||
---
|
||||
arch/arm64/kernel/vdso/Makefile | 3 ++-
|
||||
@ -21,10 +21,10 @@ Signed-off-by: Roland McGrath <roland@redhat.com>
|
||||
7 files changed, 17 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
|
||||
index 6d20b7d162d8..863a01bde0bf 100644
|
||||
index ff3bddea482d..d8a439dd6351 100644
|
||||
--- a/arch/arm64/kernel/vdso/Makefile
|
||||
+++ b/arch/arm64/kernel/vdso/Makefile
|
||||
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S
|
||||
@@ -48,7 +48,8 @@ $(obj-vdso): %.o: %.S FORCE
|
||||
|
||||
# Actual build commands
|
||||
quiet_cmd_vdsold = VDSOL $@
|
||||
@ -91,10 +91,10 @@ index 2a8ddfd12a5b..452ca53561fe 100644
|
||||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
|
||||
index 9206ac7961a5..3d7f533f6757 100644
|
||||
index 5a4affe025e8..8ff38ce94c8e 100644
|
||||
--- a/arch/x86/vdso/Makefile
|
||||
+++ b/arch/x86/vdso/Makefile
|
||||
@@ -181,8 +181,9 @@ $(obj)/vdso32-syms.lds: $(vdso32.so-y:%=$(obj)/vdso32-%-syms.lds) FORCE
|
||||
@@ -171,8 +171,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
|
||||
quiet_cmd_vdso = VDSO $@
|
||||
cmd_vdso = $(CC) -nostdlib -o $@ \
|
||||
$(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
|
||||
@ -105,9 +105,9 @@ index 9206ac7961a5..3d7f533f6757 100644
|
||||
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
|
||||
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
|
||||
$(LTO_CFLAGS)
|
||||
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
|
||||
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
|
||||
index 2dcb37736d84..25e170e92ef1 100644
|
||||
index 86a4fe75f453..161637ed5611 100644
|
||||
--- a/scripts/link-vmlinux.sh
|
||||
+++ b/scripts/link-vmlinux.sh
|
||||
@@ -65,6 +65,10 @@ vmlinux_link()
|
||||
@ -122,5 +122,5 @@ index 2dcb37736d84..25e170e92ef1 100644
|
||||
|
||||
|
||||
--
|
||||
1.8.5.3
|
||||
1.9.3
|
||||
|
8121
kernel-arm64.patch
8121
kernel-arm64.patch
File diff suppressed because it is too large
Load Diff
366
kernel.spec
366
kernel.spec
@ -6,7 +6,7 @@ Summary: The Linux kernel
|
||||
# For a stable, released kernel, released_kernel should be 1. For rawhide
|
||||
# and/or a kernel built from an rc or git snapshot, released_kernel should
|
||||
# be 0.
|
||||
%global released_kernel 1
|
||||
%global released_kernel 0
|
||||
|
||||
%global aarch64patches 1
|
||||
|
||||
@ -43,7 +43,7 @@ Summary: The Linux kernel
|
||||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 300
|
||||
%global baserelease 1
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
@ -55,7 +55,7 @@ Summary: The Linux kernel
|
||||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 2
|
||||
%define stable_update 0
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
@ -68,9 +68,9 @@ Summary: The Linux kernel
|
||||
# The next upstream release sublevel (base_sublevel+1)
|
||||
%define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
|
||||
# The rc snapshot level
|
||||
%define rcrev 0
|
||||
%define rcrev 4
|
||||
# The git snapshot level
|
||||
%define gitrev 0
|
||||
%define gitrev 4
|
||||
# Set rpm version accordingly
|
||||
%define rpmversion 3.%{upstream_sublevel}.0
|
||||
%endif
|
||||
@ -87,8 +87,6 @@ Summary: The Linux kernel
|
||||
#
|
||||
# standard kernel
|
||||
%define with_up %{?_without_up: 0} %{?!_without_up: 1}
|
||||
# kernel-smp (only valid for ppc 32-bit)
|
||||
%define with_smp %{?_without_smp: 0} %{?!_without_smp: 1}
|
||||
# kernel PAE (only valid for i686 (PAE) and ARM (lpae))
|
||||
%define with_pae %{?_without_pae: 0} %{?!_without_pae: 1}
|
||||
# kernel-debug
|
||||
@ -110,8 +108,6 @@ Summary: The Linux kernel
|
||||
#
|
||||
# Only build the base kernel (--with baseonly):
|
||||
%define with_baseonly %{?_with_baseonly: 1} %{?!_with_baseonly: 0}
|
||||
# Only build the smp kernel (--with smponly):
|
||||
%define with_smponly %{?_with_smponly: 1} %{?!_with_smponly: 0}
|
||||
# Only build the pae kernel (--with paeonly):
|
||||
%define with_paeonly %{?_with_paeonly: 1} %{?!_with_paeonly: 0}
|
||||
# Only build the debug kernel (--with dbgonly):
|
||||
@ -129,7 +125,7 @@ Summary: The Linux kernel
|
||||
# Set debugbuildsenabled to 1 for production (build separate debug kernels)
|
||||
# and 0 for rawhide (all kernels are debug kernels).
|
||||
# See also 'make debug' and 'make release'.
|
||||
%define debugbuildsenabled 1
|
||||
%define debugbuildsenabled 0
|
||||
|
||||
# Want to build a vanilla kernel build without any non-upstream patches?
|
||||
%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
|
||||
@ -194,14 +190,6 @@ Summary: The Linux kernel
|
||||
|
||||
# if requested, only build base kernel
|
||||
%if %{with_baseonly}
|
||||
%define with_smp 0
|
||||
%define with_pae 0
|
||||
%define with_debug 0
|
||||
%endif
|
||||
|
||||
# if requested, only build smp kernel
|
||||
%if %{with_smponly}
|
||||
%define with_up 0
|
||||
%define with_pae 0
|
||||
%define with_debug 0
|
||||
%endif
|
||||
@ -209,7 +197,6 @@ Summary: The Linux kernel
|
||||
# if requested, only build pae kernel
|
||||
%if %{with_paeonly}
|
||||
%define with_up 0
|
||||
%define with_smp 0
|
||||
%define with_debug 0
|
||||
%endif
|
||||
|
||||
@ -219,7 +206,6 @@ Summary: The Linux kernel
|
||||
%define with_up 0
|
||||
%define with_pae 0
|
||||
%endif
|
||||
%define with_smp 0
|
||||
%define with_pae 0
|
||||
%define with_tools 0
|
||||
%define with_perf 0
|
||||
@ -229,16 +215,11 @@ Summary: The Linux kernel
|
||||
|
||||
%if %{with_vdso_install}
|
||||
# These arches install vdso/ directories.
|
||||
%define vdso_arches %{all_x86} x86_64 ppc %{power64} s390 s390x aarch64
|
||||
%define vdso_arches %{all_x86} x86_64 %{power64} s390 s390x aarch64
|
||||
%endif
|
||||
|
||||
# Overrides for generic default options
|
||||
|
||||
# only ppc needs a separate smp kernel
|
||||
%ifnarch ppc
|
||||
%define with_smp 0
|
||||
%endif
|
||||
|
||||
# don't do debug builds on anything but i686 and x86_64
|
||||
%ifnarch i686 x86_64
|
||||
%define with_debug 0
|
||||
@ -255,7 +236,7 @@ Summary: The Linux kernel
|
||||
|
||||
# bootwrapper is only on ppc
|
||||
# sparse blows up on ppc
|
||||
%ifnarch ppc %{power64}
|
||||
%ifnarch %{power64}
|
||||
%define with_bootwrapper 0
|
||||
%define with_sparse 0
|
||||
%endif
|
||||
@ -303,16 +284,6 @@ Summary: The Linux kernel
|
||||
%define with_tools 0
|
||||
%endif
|
||||
|
||||
%ifarch ppc
|
||||
%define asmarch powerpc
|
||||
%define hdrarch powerpc
|
||||
%define all_arch_configs kernel-%{version}-ppc{-,.}*config
|
||||
%define image_install_path boot
|
||||
%define make_target vmlinux
|
||||
%define kernel_image vmlinux
|
||||
%define kernel_image_elf 1
|
||||
%endif
|
||||
|
||||
%ifarch %{arm}
|
||||
%define all_arch_configs kernel-%{version}-arm*.config
|
||||
%define image_install_path boot
|
||||
@ -364,7 +335,6 @@ Summary: The Linux kernel
|
||||
|
||||
%ifarch %nobuildarches
|
||||
%define with_up 0
|
||||
%define with_smp 0
|
||||
%define with_pae 0
|
||||
%define with_debuginfo 0
|
||||
%define with_perf 0
|
||||
@ -378,7 +348,7 @@ Summary: The Linux kernel
|
||||
%endif
|
||||
|
||||
# Architectures we build tools/cpupower on
|
||||
%define cpupowerarchs %{ix86} x86_64 ppc %{power64} %{arm} aarch64
|
||||
%define cpupowerarchs %{ix86} x86_64 %{power64} %{arm} aarch64
|
||||
|
||||
#
|
||||
# Packages that need to be installed before the kernel is, because the %%post
|
||||
@ -396,7 +366,7 @@ Version: %{rpmversion}
|
||||
Release: %{pkg_release}
|
||||
# DO NOT CHANGE THE 'ExclusiveArch' LINE TO TEMPORARILY EXCLUDE AN ARCHITECTURE BUILD.
|
||||
# SET %%nobuildarches (ABOVE) INSTEAD
|
||||
ExclusiveArch: %{all_x86} x86_64 ppc ppc64 ppc64p7 s390 s390x %{arm} aarch64 ppc64le
|
||||
ExclusiveArch: %{all_x86} x86_64 ppc64 ppc64p7 s390 s390x %{arm} aarch64 ppc64le
|
||||
ExclusiveOS: Linux
|
||||
%ifnarch %{nobuildarches}
|
||||
Requires: kernel-%{?variant:%{variant}-}core-uname-r = %{KVERREL}%{?variant}
|
||||
@ -450,7 +420,6 @@ Source90: filter-x86_64.sh
|
||||
Source91: filter-armv7hl.sh
|
||||
Source92: filter-i686.sh
|
||||
Source93: filter-aarch64.sh
|
||||
Source94: filter-ppc.sh
|
||||
Source95: filter-ppc64.sh
|
||||
Source96: filter-ppc64le.sh
|
||||
Source97: filter-s390x.sh
|
||||
@ -472,8 +441,6 @@ Source32: config-x86-32-generic
|
||||
Source40: config-x86_64-generic
|
||||
|
||||
Source50: config-powerpc-generic
|
||||
Source51: config-powerpc32-generic
|
||||
Source52: config-powerpc32-smp
|
||||
Source53: config-powerpc64
|
||||
Source54: config-powerpc64p7
|
||||
Source55: config-powerpc64le
|
||||
@ -527,7 +494,7 @@ Patch00: patch-3.%{base_sublevel}-git%{gitrev}.xz
|
||||
Patch04: compile-fixes.patch
|
||||
|
||||
# build tweak for build ID magic, even for -vanilla
|
||||
Patch05: makefile-after_link.patch
|
||||
Patch05: kbuild-AFTER_LINK.patch
|
||||
|
||||
%if !%{nopatches}
|
||||
|
||||
@ -545,20 +512,38 @@ Patch470: die-floppy-die.patch
|
||||
|
||||
Patch500: Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
|
||||
|
||||
Patch510: silence-noise.patch
|
||||
Patch510: input-silence-i8042-noise.patch
|
||||
Patch530: silence-fbcon-logo.patch
|
||||
|
||||
Patch600: 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
Patch600: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
|
||||
Patch800: crash-driver.patch
|
||||
|
||||
# crypto/
|
||||
|
||||
# secure boot
|
||||
Patch1000: secure-modules.patch
|
||||
Patch1001: modsign-uefi.patch
|
||||
# atch1002: sb-hibernate.patch
|
||||
Patch1003: sysrq-secure-boot.patch
|
||||
Patch1000: Add-secure_modules-call.patch
|
||||
Patch1001: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
|
||||
Patch1002: x86-Lock-down-IO-port-access-when-module-security-is.patch
|
||||
Patch1003: ACPI-Limit-access-to-custom_method.patch
|
||||
Patch1004: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
|
||||
Patch1005: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
|
||||
Patch1006: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
|
||||
Patch1007: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
|
||||
Patch1008: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
|
||||
Patch1009: Add-option-to-automatically-enforce-module-signature.patch
|
||||
Patch1010: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
|
||||
Patch1011: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
|
||||
Patch1012: efi-Add-EFI_SECURE_BOOT-bit.patch
|
||||
Patch1013: hibernate-Disable-in-a-signed-modules-environment.patch
|
||||
|
||||
Patch1014: Add-EFI-signature-data-types.patch
|
||||
Patch1015: Add-an-EFI-signature-blob-parser-and-key-loader.patch
|
||||
Patch1016: KEYS-Add-a-system-blacklist-keyring.patch
|
||||
Patch1017: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
|
||||
Patch1018: MODSIGN-Support-not-importing-certs-from-db.patch
|
||||
|
||||
Patch1019: Add-sysrq-option-to-disable-secure-boot-mode.patch
|
||||
|
||||
# virt + ksm patches
|
||||
|
||||
@ -581,17 +566,22 @@ Patch14000: hibernate-freeze-filesystems.patch
|
||||
|
||||
Patch14010: lis3-improve-handling-of-null-rate.patch
|
||||
|
||||
Patch15000: nowatchdog-on-virt.patch
|
||||
Patch15000: watchdog-Disable-watchdog-on-virtual-machines.patch
|
||||
|
||||
# PPC
|
||||
Patch18000: ppc64-fixtools.patch
|
||||
# ARM64
|
||||
|
||||
# ARMv7
|
||||
Patch21020: arm-tegra-usb-no-reset-linux33.patch
|
||||
Patch21021: arm-beagle.patch
|
||||
Patch21022: arm-imx6-utilite.patch
|
||||
# http://www.spinics.net/lists/linux-tegra/msg17948.html
|
||||
Patch21023: arm-tegra-drmdetection.patch
|
||||
Patch21024: arm-qemu-fixdisplay.patch
|
||||
Patch21020: ARM-tegra-usb-no-reset.patch
|
||||
Patch21021: arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
|
||||
Patch21022: arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
|
||||
Patch21023: arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
|
||||
Patch21024: arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
|
||||
Patch21025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
|
||||
Patch21026: pinctrl-pinctrl-single-must-be-initialized-early.patch
|
||||
|
||||
Patch21028: arm-i.MX6-Utilite-device-dtb.patch
|
||||
|
||||
#rhbz 754518
|
||||
Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
@ -600,7 +590,7 @@ Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
Patch21242: criu-no-expert.patch
|
||||
|
||||
#rhbz 892811
|
||||
Patch21247: ath9k_rx_dma_stop_check.patch
|
||||
Patch21247: ath9k-rx-dma-stop-check.patch
|
||||
|
||||
Patch22000: weird-root-dentry-name-debug.patch
|
||||
|
||||
@ -608,27 +598,28 @@ Patch22000: weird-root-dentry-name-debug.patch
|
||||
Patch25063: disable-libdw-unwind-on-non-x86.patch
|
||||
|
||||
#rhbz 983342 1093120
|
||||
Patch25069: 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
|
||||
Patch25069: acpi-video-Add-4-new-models-to-the-use_native_backli.patch
|
||||
|
||||
Patch26000: perf-lib64.patch
|
||||
Patch26000: perf-install-trace-event-plugins.patch
|
||||
|
||||
# Patch series from Hans for various backlight and platform driver fixes
|
||||
Patch26002: samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
|
||||
Patch26004: asus-wmi-Add-a-no-backlight-quirk.patch
|
||||
Patch26005: eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
|
||||
Patch26013: acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch
|
||||
Patch26014: acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
|
||||
|
||||
Patch25109: revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
|
||||
|
||||
#rhbz 1021036, submitted upstream
|
||||
Patch25110: 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
|
||||
|
||||
#CVE-2014-{5206,5207} rhbz 1129662 1129669
|
||||
Patch25119: namespaces-remount-fixes.patch
|
||||
#rhbz 1132368
|
||||
Patch26015: nfs-fix-kernel-warning-when-removing-proc-entry.patch
|
||||
|
||||
#rhbz 1134969
|
||||
Patch26019: Input-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
Patch26016: HID-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
|
||||
#rhbz 1116347
|
||||
Patch26017: KEYS-Fix-termination-condition-in-assoc-array-garbag.patch
|
||||
|
||||
#rhbz 1110011
|
||||
Patch26018: i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
|
||||
Patch26019: psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
|
||||
Patch26020: psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
|
||||
|
||||
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
|
||||
Patch30000: kernel-arm64.patch
|
||||
@ -950,15 +941,6 @@ Provides: kernel-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?1:+%{1}}\
|
||||
|
||||
# Now, each variant package.
|
||||
|
||||
%define variant_summary The Linux kernel compiled for SMP machines
|
||||
%kernel_variant_package -n SMP smp
|
||||
%description smp-core
|
||||
This package includes a SMP version of the Linux kernel. It is
|
||||
required only on machines with two or more CPUs as well as machines with
|
||||
hyperthreading technology.
|
||||
|
||||
Install the kernel-smp package if your machine uses two or more CPUs.
|
||||
|
||||
%ifnarch armv7hl
|
||||
%define variant_summary The Linux kernel compiled for PAE capable machines
|
||||
%kernel_variant_package %{pae}
|
||||
@ -1022,13 +1004,6 @@ exit 1
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if %{with_smponly}
|
||||
%if !%{with_smp}
|
||||
echo "Cannot build --with smponly, smp build is disabled"
|
||||
exit 1
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if "%{baserelease}" == "0"
|
||||
echo "baserelease must be greater than zero"
|
||||
exit 1
|
||||
@ -1242,7 +1217,7 @@ do
|
||||
done
|
||||
%endif
|
||||
|
||||
ApplyPatch makefile-after_link.patch
|
||||
ApplyPatch kbuild-AFTER_LINK.patch
|
||||
|
||||
#
|
||||
# misc small stuff to make things compile
|
||||
@ -1256,18 +1231,24 @@ ApplyOptionalPatch upstream-reverts.patch -R
|
||||
|
||||
# Architecture patches
|
||||
# x86(-64)
|
||||
ApplyPatch 0001-lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
ApplyPatch lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
|
||||
|
||||
# PPC
|
||||
ApplyPatch ppc64-fixtools.patch
|
||||
# ARM64
|
||||
|
||||
#
|
||||
# ARM
|
||||
#
|
||||
ApplyPatch arm-tegra-usb-no-reset-linux33.patch
|
||||
ApplyPatch arm-beagle.patch
|
||||
ApplyPatch arm-imx6-utilite.patch
|
||||
ApplyPatch arm-tegra-drmdetection.patch
|
||||
ApplyPatch arm-qemu-fixdisplay.patch
|
||||
ApplyPatch ARM-tegra-usb-no-reset.patch
|
||||
ApplyPatch arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
|
||||
ApplyPatch arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
|
||||
ApplyPatch arm-dts-am335x-bone-common-enable-and-use-i2c2.patch
|
||||
ApplyPatch arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
|
||||
ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
|
||||
ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
|
||||
|
||||
ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
|
||||
|
||||
#
|
||||
# bugfixes to drivers and filesystems
|
||||
@ -1315,7 +1296,7 @@ ApplyPatch die-floppy-die.patch
|
||||
ApplyPatch no-pcspkr-modalias.patch
|
||||
|
||||
# Silence some useless messages that still get printed with 'quiet'
|
||||
ApplyPatch silence-noise.patch
|
||||
ApplyPatch input-silence-i8042-noise.patch
|
||||
|
||||
# Make fbcon not show the penguins with 'quiet'
|
||||
ApplyPatch silence-fbcon-logo.patch
|
||||
@ -1328,10 +1309,28 @@ ApplyPatch crash-driver.patch
|
||||
# crypto/
|
||||
|
||||
# secure boot
|
||||
ApplyPatch secure-modules.patch
|
||||
ApplyPatch modsign-uefi.patch
|
||||
# pplyPatch sb-hibernate.patch
|
||||
ApplyPatch sysrq-secure-boot.patch
|
||||
ApplyPatch Add-secure_modules-call.patch
|
||||
ApplyPatch PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
|
||||
ApplyPatch x86-Lock-down-IO-port-access-when-module-security-is.patch
|
||||
ApplyPatch ACPI-Limit-access-to-custom_method.patch
|
||||
ApplyPatch asus-wmi-Restrict-debugfs-interface-when-module-load.patch
|
||||
ApplyPatch Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
|
||||
ApplyPatch acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
|
||||
ApplyPatch kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
|
||||
ApplyPatch x86-Restrict-MSR-access-when-module-loading-is-restr.patch
|
||||
ApplyPatch Add-option-to-automatically-enforce-module-signature.patch
|
||||
ApplyPatch efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
|
||||
ApplyPatch efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
|
||||
ApplyPatch efi-Add-EFI_SECURE_BOOT-bit.patch
|
||||
ApplyPatch hibernate-Disable-in-a-signed-modules-environment.patch
|
||||
|
||||
ApplyPatch Add-EFI-signature-data-types.patch
|
||||
ApplyPatch Add-an-EFI-signature-blob-parser-and-key-loader.patch
|
||||
ApplyPatch KEYS-Add-a-system-blacklist-keyring.patch
|
||||
ApplyPatch MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
|
||||
ApplyPatch MODSIGN-Support-not-importing-certs-from-db.patch
|
||||
|
||||
ApplyPatch Add-sysrq-option-to-disable-secure-boot-mode.patch
|
||||
|
||||
# Assorted Virt Fixes
|
||||
|
||||
@ -1353,7 +1352,7 @@ ApplyPatch disable-i8042-check-on-apple-mac.patch
|
||||
ApplyPatch lis3-improve-handling-of-null-rate.patch
|
||||
|
||||
# Disable watchdog on virtual machines.
|
||||
ApplyPatch nowatchdog-on-virt.patch
|
||||
ApplyPatch watchdog-Disable-watchdog-on-virtual-machines.patch
|
||||
|
||||
#rhbz 754518
|
||||
ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
@ -1364,33 +1363,34 @@ ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||
ApplyPatch criu-no-expert.patch
|
||||
|
||||
#rhbz 892811
|
||||
ApplyPatch ath9k_rx_dma_stop_check.patch
|
||||
ApplyPatch ath9k-rx-dma-stop-check.patch
|
||||
|
||||
#rhbz 1025603
|
||||
ApplyPatch disable-libdw-unwind-on-non-x86.patch
|
||||
|
||||
#rhbz 983342 1093120
|
||||
ApplyPatch 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
|
||||
ApplyPatch acpi-video-Add-4-new-models-to-the-use_native_backli.patch
|
||||
|
||||
ApplyPatch perf-lib64.patch
|
||||
ApplyPatch perf-install-trace-event-plugins.patch
|
||||
|
||||
# Patch series from Hans for various backlight and platform driver fixes
|
||||
ApplyPatch samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
|
||||
ApplyPatch asus-wmi-Add-a-no-backlight-quirk.patch
|
||||
ApplyPatch eeepc-wmi-Add-no-backlight-quirk-for-Asus-H87I-PLUS-.patch
|
||||
ApplyPatch acpi-video-Add-use-native-backlight-quirk-for-the-Th.patch
|
||||
ApplyPatch acpi-video-Add-use_native_backlight-quirk-for-HP-Pro.patch
|
||||
|
||||
ApplyPatch revert-input-wacom-testing-result-shows-get_report-is-unnecessary.patch
|
||||
|
||||
#rhbz 1021036, submitted upstream
|
||||
ApplyPatch 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
|
||||
|
||||
#CVE-2014-{5206,5207} rhbz 1129662 1129669
|
||||
ApplyPatch namespaces-remount-fixes.patch
|
||||
#rhbz 1132368
|
||||
ApplyPatch nfs-fix-kernel-warning-when-removing-proc-entry.patch
|
||||
|
||||
#rhbz 1134969
|
||||
ApplyPatch Input-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
ApplyPatch HID-wacom-Add-support-for-the-Cintiq-Companion.patch
|
||||
|
||||
#rhbz 1116347
|
||||
ApplyPatch KEYS-Fix-termination-condition-in-assoc-array-garbag.patch
|
||||
|
||||
#rhbz 1110011
|
||||
ApplyPatch i8042-Also-store-the-aux-firmware-id-in-multi-plexed.patch
|
||||
ApplyPatch psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
|
||||
ApplyPatch psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
|
||||
|
||||
%if 0%{?aarch64patches}
|
||||
ApplyPatch kernel-arm64.patch
|
||||
@ -1648,7 +1648,7 @@ BuildKernel() {
|
||||
fi
|
||||
rm -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts/*.o
|
||||
rm -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts/*/*.o
|
||||
%ifarch ppc %{power64}
|
||||
%ifarch %{power64}
|
||||
cp -a --parents arch/powerpc/lib/crtsavres.[So] $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/
|
||||
%endif
|
||||
if [ -d arch/%{asmarch}/include ]; then
|
||||
@ -1831,10 +1831,6 @@ BuildKernel %make_target %kernel_image %{pae}
|
||||
BuildKernel %make_target %kernel_image
|
||||
%endif
|
||||
|
||||
%if %{with_smp}
|
||||
BuildKernel %make_target %kernel_image smp
|
||||
%endif
|
||||
|
||||
%global perf_make \
|
||||
make -s %{?cross_opts} %{?_smp_mflags} -C tools/perf V=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_LIBNUMA=1 NO_STRLCPY=1 NO_BIONIC=1 prefix=%{_prefix}
|
||||
%if %{with_perf}
|
||||
@ -2118,9 +2114,6 @@ fi}\
|
||||
%kernel_variant_preun
|
||||
%kernel_variant_post -r kernel-smp
|
||||
|
||||
%kernel_variant_preun smp
|
||||
%kernel_variant_post -v smp
|
||||
|
||||
%kernel_variant_preun %{pae}
|
||||
%kernel_variant_post -v %{pae} -r (kernel|kernel-smp)
|
||||
|
||||
@ -2275,7 +2268,6 @@ fi
|
||||
|
||||
|
||||
%kernel_variant_files %{with_up}
|
||||
%kernel_variant_files %{with_smp} smp
|
||||
%kernel_variant_files %{with_debug} debug
|
||||
%kernel_variant_files %{with_pae} %{pae}
|
||||
%kernel_variant_files %{with_pae_debug} %{pae}debug
|
||||
@ -2294,56 +2286,146 @@ fi
|
||||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Fri Sep 12 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git4.1
|
||||
- Linux v3.17-rc4-244-g5874cfed0b04
|
||||
|
||||
* Thu Sep 11 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Enable ACPI_I2C_OPREGION
|
||||
|
||||
* Thu Sep 11 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git3.1
|
||||
- Linux v3.17-rc4-168-g7ec62d421bdf
|
||||
- Add support for touchpad in Asus X450 and X550 (rhbz 1110011)
|
||||
|
||||
* Wed Sep 10 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git2.1
|
||||
- Linux v3.17-rc4-158-ge874a5fe3efa
|
||||
- Add patch to fix oops on keyring gc (rhbz 1116347)
|
||||
|
||||
* Tue Sep 09 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git1.1
|
||||
- Linux v3.17-rc4-140-g8c68face5548
|
||||
- Reenable debugging options.
|
||||
|
||||
* Mon Sep 08 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Remove ppc32 support
|
||||
|
||||
* Mon Sep 8 2014 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Build tools on ppc64le (rhbz 1138884)
|
||||
- Some minor ppc64 cleanups
|
||||
|
||||
* Fri Sep 05 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.2-300
|
||||
- Linux v3.16.2
|
||||
* Mon Sep 08 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc4.git0.1
|
||||
- Linux v3.17-rc4
|
||||
- Disable debugging options.
|
||||
|
||||
* Thu Sep 04 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
* Fri Sep 05 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git3.1
|
||||
- Linux v3.17-rc3-94-gb7fece1be8b1
|
||||
|
||||
* Thu Sep 04 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git2.1
|
||||
- Linux v3.17-rc3-63-g44bf091f5089
|
||||
- Enable kexec bzImage signature verification (from Vivek Goyal)
|
||||
- Add support for Wacom Cintiq Companion from Benjamin Tissoires (rhbz 1134969)
|
||||
|
||||
* Wed Sep 03 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git1.1
|
||||
- Linux v3.17-rc3-16-g955837d8f50e
|
||||
- Reenable debugging options.
|
||||
|
||||
* Tue Sep 02 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Remove with_extra switch
|
||||
|
||||
* Mon Sep 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc3.git0.1
|
||||
- Linux v3.17-rc3
|
||||
- Disable debugging options.
|
||||
|
||||
* Fri Aug 29 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git3.1
|
||||
- Linux v3.17-rc2-89-g59753a805499
|
||||
|
||||
* Thu Aug 28 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix NFSv3 ACL regression (rhbz 1132786)
|
||||
|
||||
* Thu Aug 28 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git2.1
|
||||
- Linux v3.17-rc2-42-gf1bd473f95e0
|
||||
- Don't enable CONFIG_DEBUG_WW_MUTEX_SLOWPATH (rhbz 1114160)
|
||||
|
||||
* Wed Aug 27 2014 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- CVE-2014-{5471,5472} isofs: Fix unbounded recursion when processing relocated
|
||||
directories (rhbz 1134099 1134101)
|
||||
|
||||
* Wed Aug 27 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
* Wed Aug 27 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git1.1
|
||||
- Disable streams on via XHCI (rhbz 1132666)
|
||||
- Linux v3.17-rc2-9-g68e370289c29
|
||||
- Reenable debugging options.
|
||||
|
||||
* Tue Aug 26 2014 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Minor tegra updates due to incorrect nvidia kernel config options
|
||||
|
||||
* Tue Aug 26 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc2.git0.1
|
||||
- Linux v3.17-rc2
|
||||
- Fixup ARM MFD options after I2C=y change
|
||||
- Disable debugging options.
|
||||
|
||||
* Tue Aug 26 2014 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Minor generic ARMv7 updates
|
||||
- Build tegra on both LPAE and general ARMv7 kernels (thank srwarren RHBZ 1110963)
|
||||
- Set CMA to 64mb on LPAE kernel (RHBZ 1127000)
|
||||
|
||||
* Fri Aug 22 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.1-301
|
||||
* Mon Aug 25 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git4.1
|
||||
- Linux v3.17-rc1-231-g7be141d05549
|
||||
- Add patch to fix NFS oops on /proc removal (rhbz 1132368)
|
||||
|
||||
* Fri Aug 22 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Drop userns revert patch (rhbz 917708)
|
||||
|
||||
* Tue Aug 19 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix NFSv3 oops (rhbz 1131551)
|
||||
* Fri Aug 22 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git3.1
|
||||
- Linux v3.17-rc1-99-g5317821c0853
|
||||
|
||||
* Fri Aug 15 2014 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- ARM updates for 3.16
|
||||
* Thu Aug 21 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git2.1
|
||||
- Linux v3.17-rc1-51-g372b1dbdd1fb
|
||||
|
||||
* Wed Aug 20 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git1.1
|
||||
- Linux v3.17-rc1-22-g480cadc2b7e0
|
||||
- Reenable debugging options.
|
||||
|
||||
* Mon Aug 18 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc1.git0.1
|
||||
- Linux v3.17-rc1
|
||||
- Disable debugging options.
|
||||
|
||||
* Sat Aug 16 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git7.1
|
||||
- Linux v3.16-11452-g88ec63d6f85c
|
||||
|
||||
* Fri Aug 15 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git6.1
|
||||
- Linux v3.16-11383-gc9d26423e56c
|
||||
|
||||
* Thu Aug 14 2014 Kyle McMartin <kyle@fedoraproject.org>
|
||||
- kernel-arm64: resynch with git head (no functional change)
|
||||
|
||||
* Thu Aug 14 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git5.1
|
||||
- Linux v3.16-10959-gf0094b28f303
|
||||
|
||||
* Wed Aug 13 2014 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- 3.17 ARMv7 updates
|
||||
- Cleanup some old removed options
|
||||
- Disable legacy USB OTG (using new configfs equivilents)
|
||||
- Upstream patch to fix display on qemu (VExpress A9)
|
||||
|
||||
* Thu Aug 14 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.1-300
|
||||
- Linux v3.16.1
|
||||
* Tue Aug 12 2014 Kyle McMartin <kyle@fedoraproject.org> 3.17.0-0.rc0.git4.2
|
||||
- tegra-powergate-header-move.patch: deal with armv7hl breakage
|
||||
- nouveau_platform-fix.patch: handle nouveau_dev() removal
|
||||
|
||||
* Thu Aug 14 2014 Hans de Goede <hdegoede@redhat.com>
|
||||
- Blacklist usb bulk streams on Etron EJ168 xhci controllers (rhbz#1121288)
|
||||
- UAS: Limit max number of requests over USB-2 to 32 (rhbz#1128472)
|
||||
* Tue Aug 12 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git4.1
|
||||
- Add updated crash driver from Dave Anderson and re-enable
|
||||
|
||||
* Wed Aug 13 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2014-{5206,5207} ro bind mount bypass with namespaces (rhbz 1129662 1129669)
|
||||
* Tue Aug 12 2014 Kyle McMartin <kyle@fedoraproject.org>
|
||||
- kernel-arm64.patch: fix up merge conflict and re-enable
|
||||
|
||||
* Tue Aug 12 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Linux v3.16-10473-gc8d6637d0497
|
||||
|
||||
* Sat Aug 09 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git3.1
|
||||
- Linux v3.16-10013-gc309bfa9b481
|
||||
- Temporarily don't apply crash driver patch
|
||||
|
||||
* Thu Aug 07 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.17.0-0.rc0.git2.1
|
||||
- Linux v3.16-7503-g33caee39925b
|
||||
|
||||
* Tue Aug 05 2014 Kyle McMartin <kyle@fedoraproject.org>
|
||||
- kernel-arm64.patch: fix up merge conflict and re-enable
|
||||
|
||||
* Tue Aug 05 2014 Josh Boyer <jwboyer@gmail.com> - 3.17.0-0.rc0.git1.1
|
||||
- Linux v3.16-3652-gf19107379dbc
|
||||
- Reenable debugging options.
|
||||
|
||||
* Mon Aug 04 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.16.0-1
|
||||
- Linux v3.16
|
||||
|
44
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
Normal file
44
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From 1f5d1a446393a33490fe50d4ae6dd3e67d06e7e5 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
|
||||
loading restrictions
|
||||
|
||||
kexec permits the loading and execution of arbitrary code in ring 0, which
|
||||
is something that module signing enforcement is meant to prevent. It makes
|
||||
sense to disable kexec in this situation.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
kernel/kexec.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index 2bee072268d9..891477dbfee0 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -1251,6 +1252,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
+ * kexec can be used to circumvent module loading restrictions, so
|
||||
+ * prevent loading in that case
|
||||
+ */
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
+ /*
|
||||
* Verify we have a legal set of flags
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,7 +1,4 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Nak'd, supposedly replacement coming to auto-select
|
||||
|
||||
From 0f3f5c5b4ca2eb1f41947c50bedb9b17aa1a1f80 Mon Sep 17 00:00:00 2001
|
||||
From be4d9ecdaa91bd4dcc38e6082c5e48c5c88ec3ee Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 11 Nov 2013 08:39:16 -0500
|
||||
Subject: [PATCH] lib/cpumask: Make CPUMASK_OFFSTACK usable without debug
|
||||
@ -14,16 +11,19 @@ operation of the feature, and we need CPUMASK_OFFSTACK to increase the
|
||||
NR_CPUS value beyond 512 on x86. We drop the current dependency and make
|
||||
sure SMP is set.
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Nak'd, supposedly replacement coming to auto-select
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
lib/Kconfig | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/Kconfig b/lib/Kconfig
|
||||
index b3c8be0..50b47cd 100644
|
||||
index a5ce0c7f6c30..54cef46c99d7 100644
|
||||
--- a/lib/Kconfig
|
||||
+++ b/lib/Kconfig
|
||||
@@ -342,7 +342,8 @@ config CHECK_SIGNATURE
|
||||
@@ -379,7 +379,8 @@ config CHECK_SIGNATURE
|
||||
bool
|
||||
|
||||
config CPUMASK_OFFSTACK
|
||||
@ -34,5 +34,5 @@ index b3c8be0..50b47cd 100644
|
||||
Use dynamic allocation for cpumask_var_t, instead of putting
|
||||
them on the stack. This is a bit more expensive, but avoids
|
||||
--
|
||||
1.8.3.1
|
||||
1.9.3
|
||||
|
@ -1,13 +1,7 @@
|
||||
Bugzilla: 785814
|
||||
Upstream-status: ??
|
||||
|
||||
>From 56fb161a9ca0129f8e266e4dbe79346552ff8089 Mon Sep 17 00:00:00 2001
|
||||
From 913036cdc44e936c194294184853e4844af0494b Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?=C3=89ric=20Piel?= <eric.piel@tremplin-utc.net>
|
||||
Date: Thu, 3 Nov 2011 16:22:40 +0100
|
||||
Subject: [PATCH] lis3: Improve handling of null rate
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Subject: [PATCH] lis3: improve handling of null rate
|
||||
|
||||
When obtaining a rate of 0, we would disable the device supposely
|
||||
because it seems to behave incorectly. It actually only comes from the
|
||||
@ -15,16 +9,19 @@ fact that the device is off and on lis3dc it's reflected in the rate.
|
||||
So handle this nicely by just waiting a safe time, and then using the
|
||||
device as normally.
|
||||
|
||||
Bugzilla: 785814
|
||||
Upstream-status: ??
|
||||
|
||||
Signed-off-by: ??ric Piel <eric.piel@tremplin-utc.net>
|
||||
---
|
||||
drivers/misc/lis3lv02d/lis3lv02d.c | 16 ++++++++--------
|
||||
1 files changed, 8 insertions(+), 8 deletions(-)
|
||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
|
||||
index 35c67e0..42dce2a 100644
|
||||
index 3ef4627f9cb1..2b2d2e8e5eeb 100644
|
||||
--- a/drivers/misc/lis3lv02d/lis3lv02d.c
|
||||
+++ b/drivers/misc/lis3lv02d/lis3lv02d.c
|
||||
@@ -188,7 +188,8 @@ static void lis3lv02d_get_xyz(struct lis3lv02d *lis3, int *x, int *y, int *z)
|
||||
@@ -216,7 +216,8 @@ static void lis3lv02d_get_xyz(struct lis3lv02d *lis3, int *x, int *y, int *z)
|
||||
/* conversion btw sampling rate and the register values */
|
||||
static int lis3_12_rates[4] = {40, 160, 640, 2560};
|
||||
static int lis3_8_rates[2] = {100, 400};
|
||||
@ -34,7 +31,7 @@ index 35c67e0..42dce2a 100644
|
||||
static int lis3_3dlh_rates[4] = {50, 100, 400, 1000};
|
||||
|
||||
/* ODR is Output Data Rate */
|
||||
@@ -202,12 +203,11 @@ static int lis3lv02d_get_odr(struct lis3lv02d *lis3)
|
||||
@@ -231,12 +232,11 @@ static int lis3lv02d_get_odr(struct lis3lv02d *lis3)
|
||||
return lis3->odrs[(ctrl >> shift)];
|
||||
}
|
||||
|
||||
@ -50,7 +47,7 @@ index 35c67e0..42dce2a 100644
|
||||
|
||||
/* LIS3 power on delay is quite long */
|
||||
msleep(lis3->pwron_delay / div);
|
||||
@@ -274,7 +274,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
|
||||
@@ -303,7 +303,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
|
||||
|
||||
lis3->read(lis3, ctlreg, ®);
|
||||
lis3->write(lis3, ctlreg, (reg | selftest));
|
||||
@ -59,7 +56,7 @@ index 35c67e0..42dce2a 100644
|
||||
if (ret)
|
||||
goto fail;
|
||||
|
||||
@@ -285,7 +285,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
|
||||
@@ -314,7 +314,7 @@ static int lis3lv02d_selftest(struct lis3lv02d *lis3, s16 results[3])
|
||||
|
||||
/* back to normal settings */
|
||||
lis3->write(lis3, ctlreg, reg);
|
||||
@ -68,8 +65,8 @@ index 35c67e0..42dce2a 100644
|
||||
if (ret)
|
||||
goto fail;
|
||||
|
||||
@@ -397,7 +397,7 @@ int lis3lv02d_poweron(struct lis3lv02d *lis3)
|
||||
lis3->write(lis3, CTRL_REG2, reg);
|
||||
@@ -434,7 +434,7 @@ int lis3lv02d_poweron(struct lis3lv02d *lis3)
|
||||
}
|
||||
}
|
||||
|
||||
- err = lis3lv02d_get_pwron_wait(lis3);
|
||||
@ -78,5 +75,5 @@ index 35c67e0..42dce2a 100644
|
||||
return err;
|
||||
|
||||
--
|
||||
1.7.7.1
|
||||
1.9.3
|
||||
|
||||
|
@ -1,624 +0,0 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
From fa2bfe718da40bf24f92c85846577e9bc788882c Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||
Subject: [PATCH 1/5] Add EFI signature data types
|
||||
|
||||
Add the data types that are used for containing hashes, keys and certificates
|
||||
for cryptographic verification.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
include/linux/efi.h | 20 ++++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index e73f391fd3c8..3d66a61bbbca 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -578,6 +578,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
|
||||
#define DEVICE_TREE_GUID \
|
||||
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
|
||||
|
||||
+#define EFI_CERT_SHA256_GUID \
|
||||
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
|
||||
+
|
||||
+#define EFI_CERT_X509_GUID \
|
||||
+ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
@@ -793,6 +799,20 @@ typedef struct _efi_file_io_interface {
|
||||
|
||||
#define EFI_INVALID_TABLE_ADDR (~0UL)
|
||||
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_owner;
|
||||
+ u8 signature_data[];
|
||||
+} efi_signature_data_t;
|
||||
+
|
||||
+typedef struct {
|
||||
+ efi_guid_t signature_type;
|
||||
+ u32 signature_list_size;
|
||||
+ u32 signature_header_size;
|
||||
+ u32 signature_size;
|
||||
+ u8 signature_header[];
|
||||
+ /* efi_signature_data_t signatures[][] */
|
||||
+} efi_signature_list_t;
|
||||
+
|
||||
/*
|
||||
* All runtime access to EFI goes through this structure:
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 922e0512ce70101b596558d5bb075cd40a450322 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH 2/5] Add an EFI signature blob parser and key loader.
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
crypto/asymmetric_keys/Kconfig | 8 +++
|
||||
crypto/asymmetric_keys/Makefile | 1 +
|
||||
crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
|
||||
include/linux/efi.h | 4 ++
|
||||
4 files changed, 122 insertions(+)
|
||||
create mode 100644 crypto/asymmetric_keys/efi_parser.c
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
|
||||
index 03a6eb95ab50..6306ffc2a7fe 100644
|
||||
--- a/crypto/asymmetric_keys/Kconfig
|
||||
+++ b/crypto/asymmetric_keys/Kconfig
|
||||
@@ -37,4 +37,12 @@ config X509_CERTIFICATE_PARSER
|
||||
data and provides the ability to instantiate a crypto key from a
|
||||
public key packet found inside the certificate.
|
||||
|
||||
+config EFI_SIGNATURE_LIST_PARSER
|
||||
+ bool "EFI signature list parser"
|
||||
+ depends on EFI
|
||||
+ select X509_CERTIFICATE_PARSER
|
||||
+ help
|
||||
+ This option provides support for parsing EFI signature lists for
|
||||
+ X.509 certificates and turning them into keys.
|
||||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index 0727204aab68..cd8388e5f2f1 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
|
||||
|
||||
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
|
||||
obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
|
||||
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
|
||||
|
||||
#
|
||||
# X.509 Certificate handling
|
||||
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
|
||||
new file mode 100644
|
||||
index 000000000000..424896a0b169
|
||||
--- /dev/null
|
||||
+++ b/crypto/asymmetric_keys/efi_parser.c
|
||||
@@ -0,0 +1,109 @@
|
||||
+/* EFI signature/key/certificate list parser
|
||||
+ *
|
||||
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
||||
+ * Written by David Howells (dhowells@redhat.com)
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU General Public Licence
|
||||
+ * as published by the Free Software Foundation; either version
|
||||
+ * 2 of the Licence, or (at your option) any later version.
|
||||
+ */
|
||||
+
|
||||
+#define pr_fmt(fmt) "EFI: "fmt
|
||||
+#include <linux/module.h>
|
||||
+#include <linux/printk.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+
|
||||
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
|
||||
+
|
||||
+/**
|
||||
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
|
||||
+ * @data: The data blob to parse
|
||||
+ * @size: The size of the data blob
|
||||
+ * @keyring: The keyring to add extracted keys to
|
||||
+ */
|
||||
+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
|
||||
+{
|
||||
+ unsigned offs = 0;
|
||||
+ size_t lsize, esize, hsize, elsize;
|
||||
+
|
||||
+ pr_devel("-->%s(,%zu)\n", __func__, size);
|
||||
+
|
||||
+ while (size > 0) {
|
||||
+ efi_signature_list_t list;
|
||||
+ const efi_signature_data_t *elem;
|
||||
+ key_ref_t key;
|
||||
+
|
||||
+ if (size < sizeof(list))
|
||||
+ return -EBADMSG;
|
||||
+
|
||||
+ memcpy(&list, data, sizeof(list));
|
||||
+ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
|
||||
+ offs,
|
||||
+ list.signature_type.b, list.signature_list_size,
|
||||
+ list.signature_header_size, list.signature_size);
|
||||
+
|
||||
+ lsize = list.signature_list_size;
|
||||
+ hsize = list.signature_header_size;
|
||||
+ esize = list.signature_size;
|
||||
+ elsize = lsize - sizeof(list) - hsize;
|
||||
+
|
||||
+ if (lsize > size) {
|
||||
+ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
|
||||
+ __func__, offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+ if (lsize < sizeof(list) ||
|
||||
+ lsize - sizeof(list) < hsize ||
|
||||
+ esize < sizeof(*elem) ||
|
||||
+ elsize < esize ||
|
||||
+ elsize % esize != 0) {
|
||||
+ pr_devel("- bad size combo @%x\n", offs);
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
+
|
||||
+ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
|
||||
+ data += lsize;
|
||||
+ size -= lsize;
|
||||
+ offs += lsize;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ data += sizeof(list) + hsize;
|
||||
+ size -= sizeof(list) + hsize;
|
||||
+ offs += sizeof(list) + hsize;
|
||||
+
|
||||
+ for (; elsize > 0; elsize -= esize) {
|
||||
+ elem = data;
|
||||
+
|
||||
+ pr_devel("ELEM[%04x]\n", offs);
|
||||
+
|
||||
+ key = key_create_or_update(
|
||||
+ make_key_ref(keyring, 1),
|
||||
+ "asymmetric",
|
||||
+ NULL,
|
||||
+ &elem->signature_data,
|
||||
+ esize - sizeof(*elem),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA |
|
||||
+ KEY_ALLOC_TRUSTED);
|
||||
+
|
||||
+ if (IS_ERR(key))
|
||||
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
|
||||
+ PTR_ERR(key));
|
||||
+ else
|
||||
+ pr_notice("Loaded cert '%s' linked to '%s'\n",
|
||||
+ key_ref_to_ptr(key)->description,
|
||||
+ keyring->description);
|
||||
+
|
||||
+ data += esize;
|
||||
+ size -= esize;
|
||||
+ offs += esize;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 3d66a61bbbca..7854ff3c0f11 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -901,6 +901,10 @@ extern struct efi_memory_map memmap;
|
||||
(md) <= (efi_memory_desc_t *)((m)->map_end - (m)->desc_size); \
|
||||
(md) = (void *)(md) + (m)->desc_size)
|
||||
|
||||
+struct key;
|
||||
+extern int __init parse_efi_signature_list(const void *data, size_t size,
|
||||
+ struct key *keyring);
|
||||
+
|
||||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
* @start: starting kvirt address
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 2534dedee545507c00973279d5db515e122b5104 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||
Subject: [PATCH 3/5] KEYS: Add a system blacklist keyring
|
||||
|
||||
This adds an additional keyring that is used to store certificates that
|
||||
are blacklisted. This keyring is searched first when loading signed modules
|
||||
and if the module's certificate is found, it will refuse to load. This is
|
||||
useful in cases where third party certificates are used for module signing.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/keys/system_keyring.h | 4 ++++
|
||||
init/Kconfig | 9 +++++++++
|
||||
kernel/module_signing.c | 12 ++++++++++++
|
||||
kernel/system_keyring.c | 17 +++++++++++++++++
|
||||
4 files changed, 42 insertions(+)
|
||||
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 8dabc399bd1d..e466de10ceec 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -18,6 +18,10 @@
|
||||
|
||||
extern struct key *system_trusted_keyring;
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif
|
||||
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 9d76b99af1b9..ac5f580437a0 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1677,6 +1677,15 @@ config SYSTEM_TRUSTED_KEYRING
|
||||
|
||||
Keys in this keyring are used by module signature checking.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
|
||||
index be5b8fac4bd0..fed815fcdaf2 100644
|
||||
--- a/kernel/module_signing.c
|
||||
+++ b/kernel/module_signing.c
|
||||
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
|
||||
|
||||
pr_debug("Look up: \"%s\"\n", id);
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
|
||||
+ &key_type_asymmetric, id);
|
||||
+ if (!IS_ERR(key)) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key '%s' is in blacklist\n", id);
|
||||
+ key_ref_put(key);
|
||||
+ kfree(id);
|
||||
+ return ERR_PTR(-EKEYREJECTED);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
|
||||
&key_type_asymmetric, id);
|
||||
if (IS_ERR(key))
|
||||
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
|
||||
index 52ebc70263f4..478c4f8ec908 100644
|
||||
--- a/kernel/system_keyring.c
|
||||
+++ b/kernel/system_keyring.c
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
struct key *system_trusted_keyring;
|
||||
EXPORT_SYMBOL_GPL(system_trusted_keyring);
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
|
||||
extern __initconst const u8 system_certificate_list[];
|
||||
extern __initconst const unsigned long system_certificate_list_size;
|
||||
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
|
||||
panic("Can't allocate system trusted keyring\n");
|
||||
|
||||
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
|
||||
+
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
|
||||
+ KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
+ current_cred(),
|
||||
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||
+ KEY_USR_VIEW | KEY_USR_READ,
|
||||
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
|
||||
+ if (IS_ERR(system_blacklist_keyring))
|
||||
+ panic("Can't allocate system blacklist keyring\n");
|
||||
+
|
||||
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
|
||||
+#endif
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From a72ed58241f0d62b7f9fbf4e1fbbcc1e02145098 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH 4/5] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
||||
Secure Boot stores a list of allowed certificates in the 'db' variable.
|
||||
This imports those certificates into the system trusted keyring. This
|
||||
allows for a third party signing certificate to be used in conjunction
|
||||
with signed modules. By importing the public certificate into the 'db'
|
||||
variable, a user can allow a module signed with that certificate to
|
||||
load. The shim UEFI bootloader has a similar certificate list stored
|
||||
in the 'MokListRT' variable. We import those as well.
|
||||
|
||||
In the opposite case, Secure Boot maintains a list of disallowed
|
||||
certificates in the 'dbx' variable. We load those certificates into
|
||||
the newly introduced system blacklist keyring and forbid any module
|
||||
signed with those from loading.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
include/linux/efi.h | 6 ++++
|
||||
init/Kconfig | 9 +++++
|
||||
kernel/Makefile | 3 ++
|
||||
kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 110 insertions(+)
|
||||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 7854ff3c0f11..31fd75e7230b 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -584,6 +584,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
+
|
||||
+#define EFI_SHIM_LOCK_GUID \
|
||||
+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
|
||||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index ac5f580437a0..ca7268b594aa 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1831,6 +1831,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
+config MODULE_SIG_UEFI
|
||||
+ bool "Allow modules signed with certs stored in UEFI"
|
||||
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
|
||||
+ select EFI_SIGNATURE_LIST_PARSER
|
||||
+ help
|
||||
+ This will import certificates stored in UEFI and allow modules
|
||||
+ signed with those to be loaded. It will also disallow loading
|
||||
+ of modules stored in the UEFI dbx variable.
|
||||
+
|
||||
choice
|
||||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index f2a8b6246ce9..706e7952bde5 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
# config_data.h contains the same information as ikconfig.h but gzipped.
|
||||
# Info from config_data can be extracted from /proc/config*
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..94b0eb38a284
|
||||
--- /dev/null
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -0,0 +1,92 @@
|
||||
+#include <linux/kernel.h>
|
||||
+#include <linux/sched.h>
|
||||
+#include <linux/cred.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <linux/efi.h>
|
||||
+#include <linux/slab.h>
|
||||
+#include <keys/asymmetric-type.h>
|
||||
+#include <keys/system_keyring.h>
|
||||
+#include "module-internal.h"
|
||||
+
|
||||
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned long lsize = 4;
|
||||
+ unsigned long tmpdb[4];
|
||||
+ void *db = NULL;
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
|
||||
+ if (status != EFI_BUFFER_TOO_SMALL) {
|
||||
+ pr_err("Couldn't get size: 0x%lx\n", status);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ db = kmalloc(lsize, GFP_KERNEL);
|
||||
+ if (!db) {
|
||||
+ pr_err("Couldn't allocate memory for uefi cert list\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ status = efi.get_variable(name, guid, NULL, &lsize, db);
|
||||
+ if (status != EFI_SUCCESS) {
|
||||
+ kfree(db);
|
||||
+ db = NULL;
|
||||
+ pr_err("Error reading db var: 0x%lx\n", status);
|
||||
+ }
|
||||
+out:
|
||||
+ *size = lsize;
|
||||
+ return db;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * * Load the certs contained in the UEFI databases
|
||||
+ * */
|
||||
+static int __init load_uefi_certs(void)
|
||||
+{
|
||||
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
|
||||
+ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
+ void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
+ int rc = 0;
|
||||
+
|
||||
+ /* Check if SB is enabled and just return if not */
|
||||
+ if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
+ * an error if we can't get them.
|
||||
+ */
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
+
|
||||
+ mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
+ if (!mok) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
|
||||
+ kfree(mok);
|
||||
+ }
|
||||
+
|
||||
+ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
|
||||
+ if (!dbx) {
|
||||
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(dbx, dbxsize,
|
||||
+ system_blacklist_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse dbx signatures: %d\n", rc);
|
||||
+ kfree(dbx);
|
||||
+ }
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+late_initcall(load_uefi_certs);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 11bb98e3a62de77fc66a3e2197578dd9d891b998 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH 5/5] MODSIGN: Support not importing certs from db
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
Have the uefi import code look for this and not import things from the db
|
||||
variable.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 31 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
index 94b0eb38a284..ae28b974d49a 100644
|
||||
--- a/kernel/modsign_uefi.c
|
||||
+++ b/kernel/modsign_uefi.c
|
||||
@@ -8,6 +8,23 @@
|
||||
#include <keys/system_keyring.h>
|
||||
#include "module-internal.h"
|
||||
|
||||
+static __init int check_ignore_db(void)
|
||||
+{
|
||||
+ efi_status_t status;
|
||||
+ unsigned int db = 0;
|
||||
+ unsigned long size = sizeof(db);
|
||||
+ efi_guid_t guid = EFI_SHIM_LOCK_GUID;
|
||||
+
|
||||
+ /* Check and see if the MokIgnoreDB variable exists. If that fails
|
||||
+ * then we don't ignore DB. If it succeeds, we do.
|
||||
+ */
|
||||
+ status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
|
||||
{
|
||||
efi_status_t status;
|
||||
@@ -47,23 +64,28 @@ static int __init load_uefi_certs(void)
|
||||
efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
|
||||
void *db = NULL, *dbx = NULL, *mok = NULL;
|
||||
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
|
||||
- int rc = 0;
|
||||
+ int ignore_db, rc = 0;
|
||||
|
||||
/* Check if SB is enabled and just return if not */
|
||||
if (!efi_enabled(EFI_SECURE_BOOT))
|
||||
return 0;
|
||||
|
||||
+ /* See if the user has setup Ignore DB mode */
|
||||
+ ignore_db = check_ignore_db();
|
||||
+
|
||||
/* Get db, MokListRT, and dbx. They might not exist, so it isn't
|
||||
* an error if we can't get them.
|
||||
*/
|
||||
- db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
- if (!db) {
|
||||
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
- } else {
|
||||
- rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
- if (rc)
|
||||
- pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
- kfree(db);
|
||||
+ if (!ignore_db) {
|
||||
+ db = get_cert_list(L"db", &secure_var, &dbsize);
|
||||
+ if (!db) {
|
||||
+ pr_err("MODSIGN: Couldn't get UEFI db list\n");
|
||||
+ } else {
|
||||
+ rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
|
||||
+ if (rc)
|
||||
+ pr_err("Couldn't parse db signatures: %d\n", rc);
|
||||
+ kfree(db);
|
||||
+ }
|
||||
}
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,625 +0,0 @@
|
||||
Bugzilla: 1129669
|
||||
Upstream-status: 3.17 and CC'd to stable
|
||||
|
||||
From a6138db815df5ee542d848318e5dae681590fccd Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Mon, 28 Jul 2014 16:26:53 -0700
|
||||
Subject: [PATCH 1/5] mnt: Only change user settable mount flags in remount
|
||||
|
||||
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
|
||||
read-only bind mount read-only in a user namespace the
|
||||
MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
|
||||
to the remount a read-only mount read-write.
|
||||
|
||||
Correct this by replacing the mask of mount flags to preserve
|
||||
with a mask of mount flags that may be changed, and preserve
|
||||
all others. This ensures that any future bugs with this mask and
|
||||
remount will fail in an easy to detect way where new mount flags
|
||||
simply won't change.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
---
|
||||
fs/namespace.c | 2 +-
|
||||
include/linux/mount.h | 4 +++-
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fs/namespace.c b/fs/namespace.c
|
||||
index 7187d01329c3..cb40449ea0df 100644
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -1937,7 +1937,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
|
||||
err = do_remount_sb(sb, flags, data, 0);
|
||||
if (!err) {
|
||||
lock_mount_hash();
|
||||
- mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK;
|
||||
+ mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
|
||||
mnt->mnt.mnt_flags = mnt_flags;
|
||||
touch_mnt_namespace(mnt->mnt_ns);
|
||||
unlock_mount_hash();
|
||||
diff --git a/include/linux/mount.h b/include/linux/mount.h
|
||||
index 839bac270904..b637a89e1fae 100644
|
||||
--- a/include/linux/mount.h
|
||||
+++ b/include/linux/mount.h
|
||||
@@ -42,7 +42,9 @@ struct mnt_namespace;
|
||||
* flag, consider how it interacts with shared mounts.
|
||||
*/
|
||||
#define MNT_SHARED_MASK (MNT_UNBINDABLE)
|
||||
-#define MNT_PROPAGATION_MASK (MNT_SHARED | MNT_UNBINDABLE)
|
||||
+#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
|
||||
+ | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
|
||||
+ | MNT_READONLY)
|
||||
|
||||
#define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \
|
||||
MNT_DOOMED | MNT_SYNC_UMOUNT | MNT_MARKED)
|
||||
--
|
||||
2.0.4
|
||||
|
||||
|
||||
From 07b645589dcda8b7a5249e096fece2a67556f0f4 Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Mon, 28 Jul 2014 17:10:56 -0700
|
||||
Subject: [PATCH 2/5] mnt: Move the test for MNT_LOCK_READONLY from
|
||||
change_mount_flags into do_remount
|
||||
|
||||
There are no races as locked mount flags are guaranteed to never change.
|
||||
|
||||
Moving the test into do_remount makes it more visible, and ensures all
|
||||
filesystem remounts pass the MNT_LOCK_READONLY permission check. This
|
||||
second case is not an issue today as filesystem remounts are guarded
|
||||
by capable(CAP_DAC_ADMIN) and thus will always fail in less privileged
|
||||
mount namespaces, but it could become an issue in the future.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
---
|
||||
fs/namespace.c | 13 ++++++++++---
|
||||
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/fs/namespace.c b/fs/namespace.c
|
||||
index cb40449ea0df..1105a577a14f 100644
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -1896,9 +1896,6 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags)
|
||||
if (readonly_request == __mnt_is_readonly(mnt))
|
||||
return 0;
|
||||
|
||||
- if (mnt->mnt_flags & MNT_LOCK_READONLY)
|
||||
- return -EPERM;
|
||||
-
|
||||
if (readonly_request)
|
||||
error = mnt_make_readonly(real_mount(mnt));
|
||||
else
|
||||
@@ -1924,6 +1921,16 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
|
||||
if (path->dentry != path->mnt->mnt_root)
|
||||
return -EINVAL;
|
||||
|
||||
+ /* Don't allow changing of locked mnt flags.
|
||||
+ *
|
||||
+ * No locks need to be held here while testing the various
|
||||
+ * MNT_LOCK flags because those flags can never be cleared
|
||||
+ * once they are set.
|
||||
+ */
|
||||
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) &&
|
||||
+ !(mnt_flags & MNT_READONLY)) {
|
||||
+ return -EPERM;
|
||||
+ }
|
||||
err = security_sb_remount(sb, data);
|
||||
if (err)
|
||||
return err;
|
||||
--
|
||||
2.0.4
|
||||
|
||||
|
||||
From 9566d6742852c527bf5af38af5cbb878dad75705 Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Mon, 28 Jul 2014 17:26:07 -0700
|
||||
Subject: [PATCH 3/5] mnt: Correct permission checks in do_remount
|
||||
|
||||
While invesgiating the issue where in "mount --bind -oremount,ro ..."
|
||||
would result in later "mount --bind -oremount,rw" succeeding even if
|
||||
the mount started off locked I realized that there are several
|
||||
additional mount flags that should be locked and are not.
|
||||
|
||||
In particular MNT_NOSUID, MNT_NODEV, MNT_NOEXEC, and the atime
|
||||
flags in addition to MNT_READONLY should all be locked. These
|
||||
flags are all per superblock, can all be changed with MS_BIND,
|
||||
and should not be changable if set by a more privileged user.
|
||||
|
||||
The following additions to the current logic are added in this patch.
|
||||
- nosuid may not be clearable by a less privileged user.
|
||||
- nodev may not be clearable by a less privielged user.
|
||||
- noexec may not be clearable by a less privileged user.
|
||||
- atime flags may not be changeable by a less privileged user.
|
||||
|
||||
The logic with atime is that always setting atime on access is a
|
||||
global policy and backup software and auditing software could break if
|
||||
atime bits are not updated (when they are configured to be updated),
|
||||
and serious performance degradation could result (DOS attack) if atime
|
||||
updates happen when they have been explicitly disabled. Therefore an
|
||||
unprivileged user should not be able to mess with the atime bits set
|
||||
by a more privileged user.
|
||||
|
||||
The additional restrictions are implemented with the addition of
|
||||
MNT_LOCK_NOSUID, MNT_LOCK_NODEV, MNT_LOCK_NOEXEC, and MNT_LOCK_ATIME
|
||||
mnt flags.
|
||||
|
||||
Taken together these changes and the fixes for MNT_LOCK_READONLY
|
||||
should make it safe for an unprivileged user to create a user
|
||||
namespace and to call "mount --bind -o remount,... ..." without
|
||||
the danger of mount flags being changed maliciously.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
---
|
||||
fs/namespace.c | 36 +++++++++++++++++++++++++++++++++---
|
||||
include/linux/mount.h | 5 +++++
|
||||
2 files changed, 38 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/fs/namespace.c b/fs/namespace.c
|
||||
index 1105a577a14f..dd9c93b5a9d5 100644
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -890,8 +890,21 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root,
|
||||
|
||||
mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~(MNT_WRITE_HOLD|MNT_MARKED);
|
||||
/* Don't allow unprivileged users to change mount flags */
|
||||
- if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY))
|
||||
- mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
|
||||
+ if (flag & CL_UNPRIVILEGED) {
|
||||
+ mnt->mnt.mnt_flags |= MNT_LOCK_ATIME;
|
||||
+
|
||||
+ if (mnt->mnt.mnt_flags & MNT_READONLY)
|
||||
+ mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
|
||||
+
|
||||
+ if (mnt->mnt.mnt_flags & MNT_NODEV)
|
||||
+ mnt->mnt.mnt_flags |= MNT_LOCK_NODEV;
|
||||
+
|
||||
+ if (mnt->mnt.mnt_flags & MNT_NOSUID)
|
||||
+ mnt->mnt.mnt_flags |= MNT_LOCK_NOSUID;
|
||||
+
|
||||
+ if (mnt->mnt.mnt_flags & MNT_NOEXEC)
|
||||
+ mnt->mnt.mnt_flags |= MNT_LOCK_NOEXEC;
|
||||
+ }
|
||||
|
||||
/* Don't allow unprivileged users to reveal what is under a mount */
|
||||
if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire))
|
||||
@@ -1931,6 +1944,23 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
|
||||
!(mnt_flags & MNT_READONLY)) {
|
||||
return -EPERM;
|
||||
}
|
||||
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
|
||||
+ !(mnt_flags & MNT_NODEV)) {
|
||||
+ return -EPERM;
|
||||
+ }
|
||||
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
|
||||
+ !(mnt_flags & MNT_NOSUID)) {
|
||||
+ return -EPERM;
|
||||
+ }
|
||||
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOEXEC) &&
|
||||
+ !(mnt_flags & MNT_NOEXEC)) {
|
||||
+ return -EPERM;
|
||||
+ }
|
||||
+ if ((mnt->mnt.mnt_flags & MNT_LOCK_ATIME) &&
|
||||
+ ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (mnt_flags & MNT_ATIME_MASK))) {
|
||||
+ return -EPERM;
|
||||
+ }
|
||||
+
|
||||
err = security_sb_remount(sb, data);
|
||||
if (err)
|
||||
return err;
|
||||
@@ -2129,7 +2159,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
|
||||
*/
|
||||
if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) {
|
||||
flags |= MS_NODEV;
|
||||
- mnt_flags |= MNT_NODEV;
|
||||
+ mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/include/linux/mount.h b/include/linux/mount.h
|
||||
index b637a89e1fae..b0c1e6574e7f 100644
|
||||
--- a/include/linux/mount.h
|
||||
+++ b/include/linux/mount.h
|
||||
@@ -45,12 +45,17 @@ struct mnt_namespace;
|
||||
#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
|
||||
| MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
|
||||
| MNT_READONLY)
|
||||
+#define MNT_ATIME_MASK (MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME )
|
||||
|
||||
#define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \
|
||||
MNT_DOOMED | MNT_SYNC_UMOUNT | MNT_MARKED)
|
||||
|
||||
#define MNT_INTERNAL 0x4000
|
||||
|
||||
+#define MNT_LOCK_ATIME 0x040000
|
||||
+#define MNT_LOCK_NOEXEC 0x080000
|
||||
+#define MNT_LOCK_NOSUID 0x100000
|
||||
+#define MNT_LOCK_NODEV 0x200000
|
||||
#define MNT_LOCK_READONLY 0x400000
|
||||
#define MNT_LOCKED 0x800000
|
||||
#define MNT_DOOMED 0x1000000
|
||||
--
|
||||
2.0.4
|
||||
|
||||
|
||||
From ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Mon, 28 Jul 2014 17:36:04 -0700
|
||||
Subject: [PATCH 4/5] mnt: Change the default remount atime from relatime to
|
||||
the existing value
|
||||
|
||||
Since March 2009 the kernel has treated the state that if no
|
||||
MS_..ATIME flags are passed then the kernel defaults to relatime.
|
||||
|
||||
Defaulting to relatime instead of the existing atime state during a
|
||||
remount is silly, and causes problems in practice for people who don't
|
||||
specify any MS_...ATIME flags and to get the default filesystem atime
|
||||
setting. Those users may encounter a permission error because the
|
||||
default atime setting does not work.
|
||||
|
||||
A default that does not work and causes permission problems is
|
||||
ridiculous, so preserve the existing value to have a default
|
||||
atime setting that is always guaranteed to work.
|
||||
|
||||
Using the default atime setting in this way is particularly
|
||||
interesting for applications built to run in restricted userspace
|
||||
environments without /proc mounted, as the existing atime mount
|
||||
options of a filesystem can not be read from /proc/mounts.
|
||||
|
||||
In practice this fixes user space that uses the default atime
|
||||
setting on remount that are broken by the permission checks
|
||||
keeping less privileged users from changing more privileged users
|
||||
atime settings.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
---
|
||||
fs/namespace.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/fs/namespace.c b/fs/namespace.c
|
||||
index dd9c93b5a9d5..7886176232c1 100644
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -2473,6 +2473,14 @@ long do_mount(const char *dev_name, const char *dir_name,
|
||||
if (flags & MS_RDONLY)
|
||||
mnt_flags |= MNT_READONLY;
|
||||
|
||||
+ /* The default atime for remount is preservation */
|
||||
+ if ((flags & MS_REMOUNT) &&
|
||||
+ ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
|
||||
+ MS_STRICTATIME)) == 0)) {
|
||||
+ mnt_flags &= ~MNT_ATIME_MASK;
|
||||
+ mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
|
||||
+ }
|
||||
+
|
||||
flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
|
||||
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
|
||||
MS_STRICTATIME);
|
||||
--
|
||||
2.0.4
|
||||
|
||||
|
||||
From db181ce011e3c033328608299cd6fac06ea50130 Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Tue, 29 Jul 2014 15:50:44 -0700
|
||||
Subject: [PATCH 5/5] mnt: Add tests for unprivileged remount cases that have
|
||||
found to be faulty
|
||||
|
||||
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
|
||||
read-only bind mount read-only in a user namespace the
|
||||
MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
|
||||
to the remount a read-only mount read-write.
|
||||
|
||||
Upon review of the code in remount it was discovered that the code allowed
|
||||
nosuid, noexec, and nodev to be cleared. It was also discovered that
|
||||
the code was allowing the per mount atime flags to be changed.
|
||||
|
||||
The first naive patch to fix these issues contained the flaw that using
|
||||
default atime settings when remounting a filesystem could be disallowed.
|
||||
|
||||
To avoid this problems in the future add tests to ensure unprivileged
|
||||
remounts are succeeding and failing at the appropriate times.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
---
|
||||
tools/testing/selftests/Makefile | 1 +
|
||||
tools/testing/selftests/mount/Makefile | 17 ++
|
||||
.../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++
|
||||
3 files changed, 260 insertions(+)
|
||||
create mode 100644 tools/testing/selftests/mount/Makefile
|
||||
create mode 100644 tools/testing/selftests/mount/unprivileged-remount-test.c
|
||||
|
||||
diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
|
||||
index e66e710cc595..0a8a9db43d34 100644
|
||||
--- a/tools/testing/selftests/Makefile
|
||||
+++ b/tools/testing/selftests/Makefile
|
||||
@@ -4,6 +4,7 @@ TARGETS += efivarfs
|
||||
TARGETS += kcmp
|
||||
TARGETS += memory-hotplug
|
||||
TARGETS += mqueue
|
||||
+TARGETS += mount
|
||||
TARGETS += net
|
||||
TARGETS += ptrace
|
||||
TARGETS += timers
|
||||
diff --git a/tools/testing/selftests/mount/Makefile b/tools/testing/selftests/mount/Makefile
|
||||
new file mode 100644
|
||||
index 000000000000..337d853c2b72
|
||||
--- /dev/null
|
||||
+++ b/tools/testing/selftests/mount/Makefile
|
||||
@@ -0,0 +1,17 @@
|
||||
+# Makefile for mount selftests.
|
||||
+
|
||||
+all: unprivileged-remount-test
|
||||
+
|
||||
+unprivileged-remount-test: unprivileged-remount-test.c
|
||||
+ gcc -Wall -O2 unprivileged-remount-test.c -o unprivileged-remount-test
|
||||
+
|
||||
+# Allow specific tests to be selected.
|
||||
+test_unprivileged_remount: unprivileged-remount-test
|
||||
+ @if [ -f /proc/self/uid_map ] ; then ./unprivileged-remount-test ; fi
|
||||
+
|
||||
+run_tests: all test_unprivileged_remount
|
||||
+
|
||||
+clean:
|
||||
+ rm -f unprivileged-remount-test
|
||||
+
|
||||
+.PHONY: all test_unprivileged_remount
|
||||
diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
|
||||
new file mode 100644
|
||||
index 000000000000..1b3ff2fda4d0
|
||||
--- /dev/null
|
||||
+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
|
||||
@@ -0,0 +1,242 @@
|
||||
+#define _GNU_SOURCE
|
||||
+#include <sched.h>
|
||||
+#include <stdio.h>
|
||||
+#include <errno.h>
|
||||
+#include <string.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/mount.h>
|
||||
+#include <sys/wait.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <unistd.h>
|
||||
+#include <fcntl.h>
|
||||
+#include <grp.h>
|
||||
+#include <stdbool.h>
|
||||
+#include <stdarg.h>
|
||||
+
|
||||
+#ifndef CLONE_NEWNS
|
||||
+# define CLONE_NEWNS 0x00020000
|
||||
+#endif
|
||||
+#ifndef CLONE_NEWUTS
|
||||
+# define CLONE_NEWUTS 0x04000000
|
||||
+#endif
|
||||
+#ifndef CLONE_NEWIPC
|
||||
+# define CLONE_NEWIPC 0x08000000
|
||||
+#endif
|
||||
+#ifndef CLONE_NEWNET
|
||||
+# define CLONE_NEWNET 0x40000000
|
||||
+#endif
|
||||
+#ifndef CLONE_NEWUSER
|
||||
+# define CLONE_NEWUSER 0x10000000
|
||||
+#endif
|
||||
+#ifndef CLONE_NEWPID
|
||||
+# define CLONE_NEWPID 0x20000000
|
||||
+#endif
|
||||
+
|
||||
+#ifndef MS_RELATIME
|
||||
+#define MS_RELATIME (1 << 21)
|
||||
+#endif
|
||||
+#ifndef MS_STRICTATIME
|
||||
+#define MS_STRICTATIME (1 << 24)
|
||||
+#endif
|
||||
+
|
||||
+static void die(char *fmt, ...)
|
||||
+{
|
||||
+ va_list ap;
|
||||
+ va_start(ap, fmt);
|
||||
+ vfprintf(stderr, fmt, ap);
|
||||
+ va_end(ap);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+}
|
||||
+
|
||||
+static void write_file(char *filename, char *fmt, ...)
|
||||
+{
|
||||
+ char buf[4096];
|
||||
+ int fd;
|
||||
+ ssize_t written;
|
||||
+ int buf_len;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+ buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
+ va_end(ap);
|
||||
+ if (buf_len < 0) {
|
||||
+ die("vsnprintf failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+ if (buf_len >= sizeof(buf)) {
|
||||
+ die("vsnprintf output truncated\n");
|
||||
+ }
|
||||
+
|
||||
+ fd = open(filename, O_WRONLY);
|
||||
+ if (fd < 0) {
|
||||
+ die("open of %s failed: %s\n",
|
||||
+ filename, strerror(errno));
|
||||
+ }
|
||||
+ written = write(fd, buf, buf_len);
|
||||
+ if (written != buf_len) {
|
||||
+ if (written >= 0) {
|
||||
+ die("short write to %s\n", filename);
|
||||
+ } else {
|
||||
+ die("write to %s failed: %s\n",
|
||||
+ filename, strerror(errno));
|
||||
+ }
|
||||
+ }
|
||||
+ if (close(fd) != 0) {
|
||||
+ die("close of %s failed: %s\n",
|
||||
+ filename, strerror(errno));
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void create_and_enter_userns(void)
|
||||
+{
|
||||
+ uid_t uid;
|
||||
+ gid_t gid;
|
||||
+
|
||||
+ uid = getuid();
|
||||
+ gid = getgid();
|
||||
+
|
||||
+ if (unshare(CLONE_NEWUSER) !=0) {
|
||||
+ die("unshare(CLONE_NEWUSER) failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
+ write_file("/proc/self/uid_map", "0 %d 1", uid);
|
||||
+ write_file("/proc/self/gid_map", "0 %d 1", gid);
|
||||
+
|
||||
+ if (setgroups(0, NULL) != 0) {
|
||||
+ die("setgroups failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+ if (setgid(0) != 0) {
|
||||
+ die ("setgid(0) failed %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+ if (setuid(0) != 0) {
|
||||
+ die("setuid(0) failed %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static
|
||||
+bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
|
||||
+{
|
||||
+ pid_t child;
|
||||
+
|
||||
+ child = fork();
|
||||
+ if (child == -1) {
|
||||
+ die("fork failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+ if (child != 0) { /* parent */
|
||||
+ pid_t pid;
|
||||
+ int status;
|
||||
+ pid = waitpid(child, &status, 0);
|
||||
+ if (pid == -1) {
|
||||
+ die("waitpid failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+ if (pid != child) {
|
||||
+ die("waited for %d got %d\n",
|
||||
+ child, pid);
|
||||
+ }
|
||||
+ if (!WIFEXITED(status)) {
|
||||
+ die("child did not terminate cleanly\n");
|
||||
+ }
|
||||
+ return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
|
||||
+ }
|
||||
+
|
||||
+ create_and_enter_userns();
|
||||
+ if (unshare(CLONE_NEWNS) != 0) {
|
||||
+ die("unshare(CLONE_NEWNS) failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
+ if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) {
|
||||
+ die("mount of /tmp failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
+ create_and_enter_userns();
|
||||
+
|
||||
+ if (unshare(CLONE_NEWNS) != 0) {
|
||||
+ die("unshare(CLONE_NEWNS) failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
+ if (mount("/tmp", "/tmp", "none",
|
||||
+ MS_REMOUNT | MS_BIND | remount_flags, NULL) != 0) {
|
||||
+ /* system("cat /proc/self/mounts"); */
|
||||
+ die("remount of /tmp failed: %s\n",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
+ if (mount("/tmp", "/tmp", "none",
|
||||
+ MS_REMOUNT | MS_BIND | invalid_flags, NULL) == 0) {
|
||||
+ /* system("cat /proc/self/mounts"); */
|
||||
+ die("remount of /tmp with invalid flags "
|
||||
+ "succeeded unexpectedly\n");
|
||||
+ }
|
||||
+ exit(EXIT_SUCCESS);
|
||||
+}
|
||||
+
|
||||
+static bool test_unpriv_remount_simple(int mount_flags)
|
||||
+{
|
||||
+ return test_unpriv_remount(mount_flags, mount_flags, 0);
|
||||
+}
|
||||
+
|
||||
+static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags)
|
||||
+{
|
||||
+ return test_unpriv_remount(mount_flags, mount_flags, invalid_flags);
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char **argv)
|
||||
+{
|
||||
+ if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) {
|
||||
+ die("MS_RDONLY malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_simple(MS_NODEV)) {
|
||||
+ die("MS_NODEV malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) {
|
||||
+ die("MS_NOSUID malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) {
|
||||
+ die("MS_NOEXEC malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV,
|
||||
+ MS_NOATIME|MS_NODEV))
|
||||
+ {
|
||||
+ die("MS_RELATIME malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV,
|
||||
+ MS_NOATIME|MS_NODEV))
|
||||
+ {
|
||||
+ die("MS_STRICTATIME malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV,
|
||||
+ MS_STRICTATIME|MS_NODEV))
|
||||
+ {
|
||||
+ die("MS_RELATIME malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV,
|
||||
+ MS_NOATIME|MS_NODEV))
|
||||
+ {
|
||||
+ die("MS_RELATIME malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV,
|
||||
+ MS_NOATIME|MS_NODEV))
|
||||
+ {
|
||||
+ die("MS_RELATIME malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV,
|
||||
+ MS_STRICTATIME|MS_NODEV))
|
||||
+ {
|
||||
+ die("MS_RELATIME malfunctions\n");
|
||||
+ }
|
||||
+ if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV,
|
||||
+ MS_NOATIME|MS_NODEV))
|
||||
+ {
|
||||
+ die("Default atime malfunctions\n");
|
||||
+ }
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
--
|
||||
2.0.4
|
||||
|
77
nfs-fix-kernel-warning-when-removing-proc-entry.patch
Normal file
77
nfs-fix-kernel-warning-when-removing-proc-entry.patch
Normal file
@ -0,0 +1,77 @@
|
||||
From 86b73a312f2d997ba0518674a221e026f127acd3 Mon Sep 17 00:00:00 2001
|
||||
From: Cong Wang <xiyou.wangcong@gmail.com>
|
||||
Date: Sat, 16 Aug 2014 12:36:46 -0700
|
||||
Subject: [PATCH] nfs: fix kernel warning when removing proc entry
|
||||
|
||||
I saw the following kernel warning:
|
||||
|
||||
[ 1852.321222] ------------[ cut here ]------------
|
||||
[ 1852.326527] WARNING: CPU: 0 PID: 118 at fs/proc/generic.c:521 remove_proc_entry+0x154/0x16b()
|
||||
[ 1852.335630] remove_proc_entry: removing non-empty directory 'fs/nfsfs', leaking at least 'volumes'
|
||||
[ 1852.344084] CPU: 0 PID: 118 Comm: kworker/u8:2 Not tainted 3.16.0+ #540
|
||||
[ 1852.350036] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
|
||||
[ 1852.354992] Workqueue: netns cleanup_net
|
||||
[ 1852.358701] 0000000000000000 ffff880116f2fbd0 ffffffff819c03e9 ffff880116f2fc18
|
||||
[ 1852.366474] ffff880116f2fc08 ffffffff810744ee ffffffff811e0e6e ffff8800d4e96238
|
||||
[ 1852.373507] ffffffff81dbe665 ffff8800d46a5948 0000000000000005 ffff880116f2fc68
|
||||
[ 1852.380224] Call Trace:
|
||||
[ 1852.381976] [<ffffffff819c03e9>] dump_stack+0x4d/0x66
|
||||
[ 1852.385495] [<ffffffff810744ee>] warn_slowpath_common+0x7a/0x93
|
||||
[ 1852.389869] [<ffffffff811e0e6e>] ? remove_proc_entry+0x154/0x16b
|
||||
[ 1852.393987] [<ffffffff8107457b>] warn_slowpath_fmt+0x4c/0x4e
|
||||
[ 1852.397999] [<ffffffff811e0e6e>] remove_proc_entry+0x154/0x16b
|
||||
[ 1852.402034] [<ffffffff8129c73d>] nfs_fs_proc_net_exit+0x53/0x56
|
||||
[ 1852.406136] [<ffffffff812a103b>] nfs_net_exit+0x12/0x1d
|
||||
[ 1852.409774] [<ffffffff81785bc9>] ops_exit_list+0x44/0x55
|
||||
[ 1852.413529] [<ffffffff81786389>] cleanup_net+0xee/0x182
|
||||
[ 1852.417198] [<ffffffff81088c9e>] process_one_work+0x209/0x40d
|
||||
[ 1852.502320] [<ffffffff81088bf7>] ? process_one_work+0x162/0x40d
|
||||
[ 1852.587629] [<ffffffff810890c1>] worker_thread+0x1f0/0x2c7
|
||||
[ 1852.673291] [<ffffffff81088ed1>] ? process_scheduled_works+0x2f/0x2f
|
||||
[ 1852.759470] [<ffffffff8108e079>] kthread+0xc9/0xd1
|
||||
[ 1852.843099] [<ffffffff8109427f>] ? finish_task_switch+0x3a/0xce
|
||||
[ 1852.926518] [<ffffffff8108dfb0>] ? __kthread_parkme+0x61/0x61
|
||||
[ 1853.008565] [<ffffffff819cbeac>] ret_from_fork+0x7c/0xb0
|
||||
[ 1853.076477] [<ffffffff8108dfb0>] ? __kthread_parkme+0x61/0x61
|
||||
[ 1853.140653] ---[ end trace 69c4c6617f78e32d ]---
|
||||
|
||||
It looks wrong that we add "/proc/net/nfsfs" in nfs_fs_proc_net_init()
|
||||
while remove "/proc/fs/nfsfs" in nfs_fs_proc_net_exit().
|
||||
|
||||
Bugzilla: 1132368
|
||||
Upstream-status: Sent for 3.17-rcX
|
||||
|
||||
Fixes: commit 65b38851a17 (NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes)
|
||||
Cc: Eric W. Biederman <ebiederm@xmission.com>
|
||||
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
|
||||
Cc: Dan Aloni <dan@kernelim.com>
|
||||
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
|
||||
---
|
||||
fs/nfs/client.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
|
||||
index 1c5ff6d58385..c117b96c7da9 100644
|
||||
--- a/fs/nfs/client.c
|
||||
+++ b/fs/nfs/client.c
|
||||
@@ -1418,7 +1418,7 @@ int nfs_fs_proc_net_init(struct net *net)
|
||||
error_2:
|
||||
remove_proc_entry("servers", nn->proc_nfsfs);
|
||||
error_1:
|
||||
- remove_proc_entry("fs/nfsfs", NULL);
|
||||
+ remove_proc_entry("nfsfs", net->proc_net);
|
||||
error_0:
|
||||
return -ENOMEM;
|
||||
}
|
||||
@@ -1429,7 +1429,7 @@ void nfs_fs_proc_net_exit(struct net *net)
|
||||
|
||||
remove_proc_entry("volumes", nn->proc_nfsfs);
|
||||
remove_proc_entry("servers", nn->proc_nfsfs);
|
||||
- remove_proc_entry("fs/nfsfs", NULL);
|
||||
+ remove_proc_entry("nfsfs", net->proc_net);
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,11 +1,19 @@
|
||||
From 4152c0892d275b0109d7b38f7dbb274cdcedd9e1 Mon Sep 17 00:00:00 2001
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Thu, 29 Jul 2010 16:46:31 -0700
|
||||
Subject: [PATCH] no pcspkr modalias
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
drivers/input/misc/pcspkr.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/input/misc/pcspkr.c b/drivers/input/misc/pcspkr.c
|
||||
index 34f4d2e..3e40c70 100644
|
||||
index 674a2cfc3c0e..9a2807227c69 100644
|
||||
--- a/drivers/input/misc/pcspkr.c
|
||||
+++ b/drivers/input/misc/pcspkr.c
|
||||
@@ -24,7 +24,6 @@
|
||||
@@ -23,7 +23,6 @@
|
||||
MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
|
||||
MODULE_DESCRIPTION("PC Speaker beeper driver");
|
||||
MODULE_LICENSE("GPL");
|
||||
@ -13,3 +21,6 @@ index 34f4d2e..3e40c70 100644
|
||||
|
||||
static int pcspkr_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
|
||||
{
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
31
perf-install-trace-event-plugins.patch
Normal file
31
perf-install-trace-event-plugins.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From b4d5b24ff5ec0808968c393021ce88cbddce9fa3 Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kmcmarti@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 15:11:01 -0400
|
||||
Subject: [PATCH] perf: install trace-event plugins
|
||||
|
||||
perf hardcodes $libdir to be lib for all but x86_64, so kludge around it
|
||||
until upstream gets their act together.
|
||||
---
|
||||
tools/perf/config/Makefile | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
|
||||
index 86c21a24da46..bf0fe97bd358 100644
|
||||
--- a/tools/perf/config/Makefile
|
||||
+++ b/tools/perf/config/Makefile
|
||||
@@ -642,8 +642,12 @@ endif
|
||||
ifeq ($(IS_X86_64),1)
|
||||
lib = lib64
|
||||
else
|
||||
+ifdef MULTILIBDIR
|
||||
+lib = $(MULTILIBDIR)
|
||||
+else
|
||||
lib = lib
|
||||
endif
|
||||
+endif
|
||||
libdir = $(prefix)/$(lib)
|
||||
|
||||
# Shell quote (do not use $(call) to accommodate ancient setups);
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,17 +0,0 @@
|
||||
diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
|
||||
index 802cf54..7f30bfa 100644
|
||||
--- a/tools/perf/config/Makefile
|
||||
+++ b/tools/perf/config/Makefile
|
||||
@@ -621,8 +621,12 @@ endif
|
||||
ifeq ($(IS_X86_64),1)
|
||||
lib = lib64
|
||||
else
|
||||
+ifdef MULTILIBDIR
|
||||
+lib = $(MULTILIBDIR)
|
||||
+else
|
||||
lib = lib
|
||||
endif
|
||||
+endif
|
||||
libdir = $(prefix)/$(lib)
|
||||
|
||||
# Shell quote (do not use $(call) to accommodate ancient setups);
|
38
pinctrl-pinctrl-single-must-be-initialized-early.patch
Normal file
38
pinctrl-pinctrl-single-must-be-initialized-early.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 29486eeff20681c8523bf86915358c0790a2b7a0 Mon Sep 17 00:00:00 2001
|
||||
From: Pantelis Antoniou <panto@antoniou-consulting.com>
|
||||
Date: Sat, 15 Sep 2012 12:00:41 +0300
|
||||
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
|
||||
|
||||
When using pinctrl-single to handle i2c initialization, it has
|
||||
to be done early. Whether this is the best way to do so, is an
|
||||
exercise left to the reader.
|
||||
---
|
||||
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
|
||||
index 95dd9cf55cb3..800fc34d7ea9 100644
|
||||
--- a/drivers/pinctrl/pinctrl-single.c
|
||||
+++ b/drivers/pinctrl/pinctrl-single.c
|
||||
@@ -2012,7 +2012,17 @@ static struct platform_driver pcs_driver = {
|
||||
#endif
|
||||
};
|
||||
|
||||
-module_platform_driver(pcs_driver);
|
||||
+static int __init pcs_init(void)
|
||||
+{
|
||||
+ return platform_driver_register(&pcs_driver);
|
||||
+}
|
||||
+postcore_initcall(pcs_init);
|
||||
+
|
||||
+static void __exit pcs_exit(void)
|
||||
+{
|
||||
+ platform_driver_unregister(&pcs_driver);
|
||||
+}
|
||||
+module_exit(pcs_exit);
|
||||
|
||||
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
|
||||
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
|
||||
--
|
||||
1.9.3
|
||||
|
12
ppc64-fixtools.patch
Normal file
12
ppc64-fixtools.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git a/tools/perf/arch/powerpc/util/skip-callchain-idx.c b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
|
||||
index a7c23a4..d73ef8b 100644
|
||||
--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c
|
||||
+++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
|
||||
@@ -15,6 +15,7 @@
|
||||
|
||||
#include "util/thread.h"
|
||||
#include "util/callchain.h"
|
||||
+#include "util/debug.h"
|
||||
|
||||
/*
|
||||
* When saving the callchain on Power, the kernel conservatively saves
|
100
psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
Normal file
100
psmouse-Add-psmouse_matches_pnp_id-helper-function.patch
Normal file
@ -0,0 +1,100 @@
|
||||
From cfbd9cc79483f4c8fb9c061724249136757ab727 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 27 Jun 2014 18:46:42 +0200
|
||||
Subject: [PATCH] psmouse: Add psmouse_matches_pnp_id helper function
|
||||
|
||||
The matches_pnp_id function from the synaptics driver is useful for other
|
||||
drivers too. Make it a generic psmouse helper function.
|
||||
|
||||
Bugzilla: 1110011
|
||||
Upstream-status: sent for 3.17/3.18
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/input/mouse/psmouse-base.c | 14 ++++++++++++++
|
||||
drivers/input/mouse/psmouse.h | 1 +
|
||||
drivers/input/mouse/synaptics.c | 17 +++--------------
|
||||
3 files changed, 18 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
|
||||
index b4e1f014ddc2..02e68c3008a3 100644
|
||||
--- a/drivers/input/mouse/psmouse-base.c
|
||||
+++ b/drivers/input/mouse/psmouse-base.c
|
||||
@@ -462,6 +462,20 @@ static int psmouse_poll(struct psmouse *psmouse)
|
||||
PSMOUSE_CMD_POLL | (psmouse->pktsize << 8));
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * psmouse_matches_pnp_id - check if psmouse matches one of the passed in ids.
|
||||
+ */
|
||||
+bool psmouse_matches_pnp_id(struct psmouse *psmouse, const char * const ids[])
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ if (!strncmp(psmouse->ps2dev.serio->firmware_id, "PNP:", 4))
|
||||
+ for (i = 0; ids[i]; i++)
|
||||
+ if (strstr(psmouse->ps2dev.serio->firmware_id, ids[i]))
|
||||
+ return true;
|
||||
+
|
||||
+ return false;
|
||||
+}
|
||||
|
||||
/*
|
||||
* Genius NetMouse magic init.
|
||||
diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h
|
||||
index 2f0b39d59a9b..f4cf664c7db3 100644
|
||||
--- a/drivers/input/mouse/psmouse.h
|
||||
+++ b/drivers/input/mouse/psmouse.h
|
||||
@@ -108,6 +108,7 @@ void psmouse_set_resolution(struct psmouse *psmouse, unsigned int resolution);
|
||||
psmouse_ret_t psmouse_process_byte(struct psmouse *psmouse);
|
||||
int psmouse_activate(struct psmouse *psmouse);
|
||||
int psmouse_deactivate(struct psmouse *psmouse);
|
||||
+bool psmouse_matches_pnp_id(struct psmouse *psmouse, const char * const ids[]);
|
||||
|
||||
struct psmouse_attribute {
|
||||
struct device_attribute dattr;
|
||||
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
|
||||
index fd23181c1fb7..6394d9b5bfd3 100644
|
||||
--- a/drivers/input/mouse/synaptics.c
|
||||
+++ b/drivers/input/mouse/synaptics.c
|
||||
@@ -185,18 +185,6 @@ static const char * const topbuttonpad_pnp_ids[] = {
|
||||
NULL
|
||||
};
|
||||
|
||||
-static bool matches_pnp_id(struct psmouse *psmouse, const char * const ids[])
|
||||
-{
|
||||
- int i;
|
||||
-
|
||||
- if (!strncmp(psmouse->ps2dev.serio->firmware_id, "PNP:", 4))
|
||||
- for (i = 0; ids[i]; i++)
|
||||
- if (strstr(psmouse->ps2dev.serio->firmware_id, ids[i]))
|
||||
- return true;
|
||||
-
|
||||
- return false;
|
||||
-}
|
||||
-
|
||||
/*****************************************************************************
|
||||
* Synaptics communications functions
|
||||
****************************************************************************/
|
||||
@@ -362,7 +350,8 @@ static int synaptics_resolution(struct psmouse *psmouse)
|
||||
}
|
||||
|
||||
for (i = 0; min_max_pnpid_table[i].pnp_ids; i++) {
|
||||
- if (matches_pnp_id(psmouse, min_max_pnpid_table[i].pnp_ids)) {
|
||||
+ if (psmouse_matches_pnp_id(psmouse,
|
||||
+ min_max_pnpid_table[i].pnp_ids)) {
|
||||
priv->x_min = min_max_pnpid_table[i].x_min;
|
||||
priv->x_max = min_max_pnpid_table[i].x_max;
|
||||
priv->y_min = min_max_pnpid_table[i].y_min;
|
||||
@@ -1492,7 +1481,7 @@ static void set_input_params(struct psmouse *psmouse,
|
||||
|
||||
if (SYN_CAP_CLICKPAD(priv->ext_cap_0c)) {
|
||||
__set_bit(INPUT_PROP_BUTTONPAD, dev->propbit);
|
||||
- if (matches_pnp_id(psmouse, topbuttonpad_pnp_ids))
|
||||
+ if (psmouse_matches_pnp_id(psmouse, topbuttonpad_pnp_ids))
|
||||
__set_bit(INPUT_PROP_TOPBUTTONPAD, dev->propbit);
|
||||
/* Clickpads report only left button */
|
||||
__clear_bit(BTN_RIGHT, dev->keybit);
|
||||
--
|
||||
1.9.3
|
||||
|
158
psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
Normal file
158
psmouse-Add-support-for-detecting-FocalTech-PS-2-tou.patch
Normal file
@ -0,0 +1,158 @@
|
||||
From 9f60e7ea169aff31a737ef1be3ed8cfe11eab8d3 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 27 Jun 2014 18:50:33 +0200
|
||||
Subject: [PATCH] psmouse: Add support for detecting FocalTech PS/2 touchpads
|
||||
|
||||
The Asus X450 and X550 laptops use a PS/2 touchpad from a new manufacturer
|
||||
called FocalTech:
|
||||
|
||||
https://bugzilla.kernel.org/show_bug.cgi?id=77391
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1110011
|
||||
|
||||
The protocol for these devices is not known at this time, but even without
|
||||
knowing the protocol they need some special handling. They get upset by some
|
||||
of our other PS/2 device probing, and once upset generate random mouse events
|
||||
making things unusable even with an external mouse.
|
||||
|
||||
This patch adds detection of these devices based on their pnp ids, and when
|
||||
they are detected, treats them as a bare ps/2 mouse. Doing things this way
|
||||
they at least work in their ps/2 mouse emulation mode.
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/input/mouse/Makefile | 2 +-
|
||||
drivers/input/mouse/focaltech.c | 44 ++++++++++++++++++++++++++++++++++++++
|
||||
drivers/input/mouse/focaltech.h | 21 ++++++++++++++++++
|
||||
drivers/input/mouse/psmouse-base.c | 10 +++++++++
|
||||
4 files changed, 76 insertions(+), 1 deletion(-)
|
||||
create mode 100644 drivers/input/mouse/focaltech.c
|
||||
create mode 100644 drivers/input/mouse/focaltech.h
|
||||
|
||||
diff --git a/drivers/input/mouse/Makefile b/drivers/input/mouse/Makefile
|
||||
index c25efdb3f288..dda507f8b3a2 100644
|
||||
--- a/drivers/input/mouse/Makefile
|
||||
+++ b/drivers/input/mouse/Makefile
|
||||
@@ -23,7 +23,7 @@ obj-$(CONFIG_MOUSE_SYNAPTICS_I2C) += synaptics_i2c.o
|
||||
obj-$(CONFIG_MOUSE_SYNAPTICS_USB) += synaptics_usb.o
|
||||
obj-$(CONFIG_MOUSE_VSXXXAA) += vsxxxaa.o
|
||||
|
||||
-psmouse-objs := psmouse-base.o synaptics.o
|
||||
+psmouse-objs := psmouse-base.o synaptics.o focaltech.o
|
||||
|
||||
psmouse-$(CONFIG_MOUSE_PS2_ALPS) += alps.o
|
||||
psmouse-$(CONFIG_MOUSE_PS2_ELANTECH) += elantech.o
|
||||
diff --git a/drivers/input/mouse/focaltech.c b/drivers/input/mouse/focaltech.c
|
||||
new file mode 100644
|
||||
index 000000000000..d83a23554d63
|
||||
--- /dev/null
|
||||
+++ b/drivers/input/mouse/focaltech.c
|
||||
@@ -0,0 +1,44 @@
|
||||
+/*
|
||||
+ * Focaltech TouchPad PS/2 mouse driver
|
||||
+ *
|
||||
+ * Copyright (c) 2014 Red Hat Inc.
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation; either version 2 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * Red Hat authors:
|
||||
+ *
|
||||
+ * Hans de Goede <hdegoede@redhat.com>
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * The Focaltech PS/2 touchpad protocol is unknown. This drivers deals with
|
||||
+ * detection only, to avoid further detection attempts confusing the touchpad
|
||||
+ * this way it at least works in PS/2 mouse compatibility mode.
|
||||
+ */
|
||||
+
|
||||
+#include <linux/device.h>
|
||||
+#include <linux/libps2.h>
|
||||
+#include "psmouse.h"
|
||||
+
|
||||
+static const char * const focaltech_pnp_ids[] = {
|
||||
+ "FLT0101",
|
||||
+ "FLT0102",
|
||||
+ "FLT0103",
|
||||
+ NULL
|
||||
+};
|
||||
+
|
||||
+int focaltech_detect(struct psmouse *psmouse, bool set_properties)
|
||||
+{
|
||||
+ if (!psmouse_matches_pnp_id(psmouse, focaltech_pnp_ids))
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ if (set_properties) {
|
||||
+ psmouse->vendor = "FocalTech";
|
||||
+ psmouse->name = "FocalTech Touchpad in mouse emulation mode";
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/drivers/input/mouse/focaltech.h b/drivers/input/mouse/focaltech.h
|
||||
new file mode 100644
|
||||
index 000000000000..0d0fc49451fe
|
||||
--- /dev/null
|
||||
+++ b/drivers/input/mouse/focaltech.h
|
||||
@@ -0,0 +1,21 @@
|
||||
+/*
|
||||
+ * Focaltech TouchPad PS/2 mouse driver
|
||||
+ *
|
||||
+ * Copyright (c) 2014 Red Hat Inc.
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation; either version 2 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * Red Hat authors:
|
||||
+ *
|
||||
+ * Hans de Goede <hdegoede@redhat.com>
|
||||
+ */
|
||||
+
|
||||
+#ifndef _FOCALTECH_H
|
||||
+#define _FOCALTECH_H
|
||||
+
|
||||
+int focaltech_detect(struct psmouse *psmouse, bool set_properties);
|
||||
+
|
||||
+#endif
|
||||
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
|
||||
index 02e68c3008a3..2c8c8e2172a2 100644
|
||||
--- a/drivers/input/mouse/psmouse-base.c
|
||||
+++ b/drivers/input/mouse/psmouse-base.c
|
||||
@@ -35,6 +35,7 @@
|
||||
#include "elantech.h"
|
||||
#include "sentelic.h"
|
||||
#include "cypress_ps2.h"
|
||||
+#include "focaltech.h"
|
||||
|
||||
#define DRIVER_DESC "PS/2 mouse driver"
|
||||
|
||||
@@ -722,6 +723,13 @@ static int psmouse_extensions(struct psmouse *psmouse,
|
||||
{
|
||||
bool synaptics_hardware = false;
|
||||
|
||||
+/* Always check for focaltech, this is safe as it uses pnp-id matching */
|
||||
+ if (psmouse_do_detect(focaltech_detect, psmouse, set_properties) == 0) {
|
||||
+ /* Not supported yet, use bare protocol */
|
||||
+ psmouse_max_proto = max_proto = PSMOUSE_PS2;
|
||||
+ goto reset_to_defaults;
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* We always check for lifebook because it does not disturb mouse
|
||||
* (it only checks DMI information).
|
||||
@@ -873,6 +881,8 @@ static int psmouse_extensions(struct psmouse *psmouse,
|
||||
}
|
||||
}
|
||||
|
||||
+reset_to_defaults:
|
||||
+
|
||||
/*
|
||||
* Reset to defaults in case the device got confused by extended
|
||||
* protocol probes. Note that we follow up with full reset because
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,40 +0,0 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Sent upstream
|
||||
|
||||
This reverts commit 1b2faaf7e219fc2905d75afcd4c815e5d39eda80.
|
||||
|
||||
The Intuos4 series presents a bug in which it hangs if it receives
|
||||
a set feature command while switching to the enhanced mode.
|
||||
This bug is triggered when plugging an Intuos 4 while having
|
||||
a gnome user session up and running.
|
||||
|
||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>
|
||||
---
|
||||
|
||||
Hi Aris,
|
||||
|
||||
actually, you bisected the bug, so can I consider that I have your signed-off-by?
|
||||
|
||||
Cheers,
|
||||
Benjamin
|
||||
|
||||
drivers/input/tablet/wacom_sys.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/tablet/wacom_sys.c b/drivers/input/tablet/wacom_sys.c
|
||||
index 7087b33..319a3ff 100644
|
||||
--- a/drivers/input/tablet/wacom_sys.c
|
||||
+++ b/drivers/input/tablet/wacom_sys.c
|
||||
@@ -536,6 +536,9 @@ static int wacom_set_device_mode(struct usb_interface *intf, int report_id, int
|
||||
|
||||
error = wacom_set_report(intf, WAC_HID_FEATURE_REPORT,
|
||||
report_id, rep_data, length, 1);
|
||||
+ if (error >= 0)
|
||||
+ error = wacom_get_report(intf, WAC_HID_FEATURE_REPORT,
|
||||
+ report_id, rep_data, length, 1);
|
||||
} while ((error < 0 || rep_data[1] != mode) && limit++ < WAC_MSG_RETRIES);
|
||||
|
||||
kfree(rep_data);
|
||||
--
|
||||
1.9.0
|
||||
|
@ -1,21 +1,19 @@
|
||||
Bugzilla: 861573
|
||||
Upstream-status: Waiting for feedback from reporter
|
||||
|
||||
From 2fa2078cdd4198b49c02cb03087158d398476463 Mon Sep 17 00:00:00 2001
|
||||
From b918716b8ee213a9e4eba5a019c93b078e3df58c Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 2 Jun 2014 17:40:59 +0200
|
||||
Subject: [PATCH 02/14] samsung-laptop: Add broken-acpi-video quirk for
|
||||
NC210/NC110
|
||||
Subject: [PATCH] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110
|
||||
|
||||
Reported (and tested) here:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=861573
|
||||
|
||||
Bugzilla: 861573
|
||||
Upstream-status: Waiting for feedback from reporter
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/samsung-laptop.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
|
||||
diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c
|
||||
index 5a5966512277..0d7954e0fc74 100644
|
||||
--- a/drivers/platform/x86/samsung-laptop.c
|
||||
@ -37,3 +35,6 @@ index 5a5966512277..0d7954e0fc74 100644
|
||||
{ },
|
||||
};
|
||||
MODULE_DEVICE_TABLE(dmi, samsung_dmi_table);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
@ -1,115 +0,0 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
||||
From 9cdffb6980a2c573844b4b87f907da24d68fb916 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 14:02:09 -0400
|
||||
Subject: [PATCH] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
so until we can work with signed hibernate images we disable it in
|
||||
a secure modules environment.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.com>
|
||||
---
|
||||
kernel/power/hibernate.c | 16 +++++++++++++++-
|
||||
kernel/power/main.c | 7 ++++++-
|
||||
kernel/power/user.c | 1 +
|
||||
3 files changed, 22 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index 49e0a20fd010..777eff68e8ef 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -29,6 +29,8 @@
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/genhd.h>
|
||||
#include <trace/events/power.h>
|
||||
+#include <linux/module.h>
|
||||
+#include <linux/efi.h>
|
||||
|
||||
#include "power.h"
|
||||
|
||||
@@ -642,6 +644,10 @@ int hibernate(void)
|
||||
{
|
||||
int error;
|
||||
|
||||
+ if (secure_modules()) {
|
||||
+ return -EPERM;
|
||||
+ }
|
||||
+
|
||||
lock_system_sleep();
|
||||
/* The snapshot device should not be opened while we're running */
|
||||
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
|
||||
@@ -734,7 +740,7 @@ static int software_resume(void)
|
||||
/*
|
||||
* If the user said "noresume".. bail out early.
|
||||
*/
|
||||
- if (noresume)
|
||||
+ if (noresume || secure_modules())
|
||||
return 0;
|
||||
|
||||
/*
|
||||
@@ -900,6 +906,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
|
||||
int i;
|
||||
char *start = buf;
|
||||
|
||||
+ if (efi_enabled(EFI_SECURE_BOOT)) {
|
||||
+ buf += sprintf(buf, "[%s]\n", "disabled");
|
||||
+ return buf-start;
|
||||
+ }
|
||||
+
|
||||
for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
|
||||
if (!hibernation_modes[i])
|
||||
continue;
|
||||
@@ -934,6 +945,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
|
||||
char *p;
|
||||
int mode = HIBERNATION_INVALID;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
p = memchr(buf, '\n', n);
|
||||
len = p ? p - buf : n;
|
||||
|
||||
diff --git a/kernel/power/main.c b/kernel/power/main.c
|
||||
index 573410d6647e..f5201093adc4 100644
|
||||
--- a/kernel/power/main.c
|
||||
+++ b/kernel/power/main.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <linux/workqueue.h>
|
||||
#include <linux/debugfs.h>
|
||||
#include <linux/seq_file.h>
|
||||
+#include <linux/efi.h>
|
||||
|
||||
#include "power.h"
|
||||
|
||||
@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
|
||||
|
||||
#endif
|
||||
#ifdef CONFIG_HIBERNATION
|
||||
- s += sprintf(s, "%s\n", "disk");
|
||||
+ if (!efi_enabled(EFI_SECURE_BOOT)) {
|
||||
+ s += sprintf(s, "%s\n", "disk");
|
||||
+ } else {
|
||||
+ s += sprintf(s, "\n");
|
||||
+ }
|
||||
#else
|
||||
if (s != buf)
|
||||
/* convert the last space to a newline */
|
||||
diff --git a/kernel/power/user.c b/kernel/power/user.c
|
||||
index efe99dee9510..5f5d1026f1e2 100644
|
||||
--- a/kernel/power/user.c
|
||||
+++ b/kernel/power/user.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <linux/cpu.h>
|
||||
#include <linux/freezer.h>
|
||||
#include <linux/module.h>
|
||||
+#include <linux/efi.h>
|
||||
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,16 +1,26 @@
|
||||
From b03234b1664e0508e2170df5679fcbacec72f4a6 Mon Sep 17 00:00:00 2001
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Fri, 10 Feb 2012 14:56:13 -0500
|
||||
Subject: [PATCH] scsi: sd_revalidate_disk prevent NULL ptr deref
|
||||
|
||||
Bugzilla: 754518
|
||||
Upstream-status: Fedora mustard (might be worth dropping...)
|
||||
---
|
||||
drivers/scsi/sd.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
|
||||
index 2c2041ca4b70..e10812d985af 100644
|
||||
--- a/drivers/scsi/sd.c
|
||||
+++ a/drivers/scsi/sd.c
|
||||
@@ -2362,13 +2362,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
|
||||
+++ b/drivers/scsi/sd.c
|
||||
@@ -2749,13 +2749,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
|
||||
static int sd_revalidate_disk(struct gendisk *disk)
|
||||
{
|
||||
struct scsi_disk *sdkp = scsi_disk(disk);
|
||||
- struct scsi_device *sdp = sdkp->device;
|
||||
+ struct scsi_device *sdp;
|
||||
unsigned char *buffer;
|
||||
unsigned flush = 0;
|
||||
unsigned int max_xfer;
|
||||
|
||||
SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
|
||||
"sd_revalidate_disk\n"));
|
||||
@ -23,3 +33,6 @@ Upstream-status: Fedora mustard (might be worth dropping...)
|
||||
/*
|
||||
* If the device is offline, don't try and read capacity or any
|
||||
* of the other niceties.
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
@ -1,877 +0,0 @@
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
|
||||
|
||||
From 952dbcbea4cffb1a05773af3b5f41e8ed477c5fe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH 01/14] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
only modules signed with a trusted key.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
include/linux/module.h | 7 +++++++
|
||||
kernel/module.c | 10 ++++++++++
|
||||
2 files changed, 17 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index f520a767c86c..fc9b54eb779e 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -509,6 +509,8 @@ int unregister_module_notifier(struct notifier_block *nb);
|
||||
|
||||
extern void print_modules(void);
|
||||
|
||||
+extern bool secure_modules(void);
|
||||
+
|
||||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
/* Given an address, look for it in the exception tables. */
|
||||
@@ -619,6 +621,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
|
||||
static inline void print_modules(void)
|
||||
{
|
||||
}
|
||||
+
|
||||
+static inline bool secure_modules(void)
|
||||
+{
|
||||
+ return false;
|
||||
+}
|
||||
#endif /* CONFIG_MODULES */
|
||||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 81e727cf6df9..fc14f48915dd 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3843,3 +3843,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
+
|
||||
+bool secure_modules(void)
|
||||
+{
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ return (sig_enforce || modules_disabled);
|
||||
+#else
|
||||
+ return modules_disabled;
|
||||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 3b451a12e60a47d152ecce1c02634c4d7320b024 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
|
||||
enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
kernel code, allowing them to circumvent disabled module loading or module
|
||||
signing. Default to paranoid - in future we can potentially relax this for
|
||||
sufficiently IOMMU-isolated devices.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/pci/pci-sysfs.c | 10 ++++++++++
|
||||
drivers/pci/proc.c | 8 +++++++-
|
||||
drivers/pci/syscall.c | 3 ++-
|
||||
3 files changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index 9ff0a901ecf7..8d0d5d92b8d9 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <linux/vgaarb.h>
|
||||
#include <linux/pm_runtime.h>
|
||||
#include <linux/of.h>
|
||||
+#include <linux/module.h>
|
||||
#include "pci.h"
|
||||
|
||||
static int sysfs_initialized; /* = 0 */
|
||||
@@ -704,6 +705,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
loff_t init_off = off;
|
||||
u8 *data = (u8 *) buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (off > dev->cfg_size)
|
||||
return 0;
|
||||
if (off + count > dev->cfg_size) {
|
||||
@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
resource_size_t start, end;
|
||||
int i;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
||||
if (res == &pdev->resource[i])
|
||||
break;
|
||||
@@ -1099,6 +1106,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *attr, char *buf,
|
||||
loff_t off, size_t count)
|
||||
{
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
|
||||
}
|
||||
|
||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||
index 3f155e78513f..4265ea07e3b0 100644
|
||||
--- a/drivers/pci/proc.c
|
||||
+++ b/drivers/pci/proc.c
|
||||
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
|
||||
int size = dev->cfg_size;
|
||||
int cnt;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (pos >= size)
|
||||
return 0;
|
||||
if (nbytes >= size)
|
||||
@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
|
||||
#endif /* HAVE_PCI_MMAP */
|
||||
int ret = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
switch (cmd) {
|
||||
case PCIIOC_CONTROLLER:
|
||||
ret = pci_domain_nr(dev->bus);
|
||||
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
struct pci_filp_private *fpriv = file->private_data;
|
||||
int i, ret;
|
||||
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
/* Make sure the caller is mapping a real resource for this device */
|
||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||
index b91c4da68365..98f5637304d1 100644
|
||||
--- a/drivers/pci/syscall.c
|
||||
+++ b/drivers/pci/syscall.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/errno.h>
|
||||
#include <linux/pci.h>
|
||||
#include <linux/syscalls.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include "pci.h"
|
||||
|
||||
@@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
||||
u32 dword;
|
||||
int err = 0;
|
||||
|
||||
- if (!capable(CAP_SYS_ADMIN))
|
||||
+ if (!capable(CAP_SYS_ADMIN) || secure_modules())
|
||||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 42a620055ac873fb378ec69731c7a2200f6779cc Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
||||
Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
|
||||
enabled
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO register
|
||||
space. This would potentially permit root to trigger arbitrary DMA, so lock
|
||||
it down by default.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/ioport.c | 5 +++--
|
||||
drivers/char/mem.c | 4 ++++
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
||||
index 4ddaf66ea35f..00b440307419 100644
|
||||
--- a/arch/x86/kernel/ioport.c
|
||||
+++ b/arch/x86/kernel/ioport.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <linux/thread_info.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/bitmap.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/syscalls.h>
|
||||
|
||||
/*
|
||||
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||
|
||||
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
|
||||
return -EINVAL;
|
||||
- if (turn_on && !capable(CAP_SYS_RAWIO))
|
||||
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
|
||||
return -EINVAL;
|
||||
/* Trying to gain more privileges? */
|
||||
if (level > old) {
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
}
|
||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index 917403fe10da..cdf839f9defe 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -27,6 +27,7 @@
|
||||
#include <linux/export.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/aio.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
||||
unsigned long i = *ppos;
|
||||
const char __user *tmp = buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!access_ok(VERIFY_READ, buf, count))
|
||||
return -EFAULT;
|
||||
while (count-- > 0 && i < 65536) {
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 8019fb7c7b5f18b19f7c980987953680ee218c9f Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH 04/14] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
Disable it if any such restrictions have been enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/acpi/custom_method.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
||||
index c68e72414a67..4277938af700 100644
|
||||
--- a/drivers/acpi/custom_method.c
|
||||
+++ b/drivers/acpi/custom_method.c
|
||||
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||
struct acpi_table_header table;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From bf84e9e1022b2d3d0c97ae48fb8b61e5336c50f8 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
|
||||
loading is restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
be manipulated in such a way that arbitrary code can be executed in the
|
||||
kernel, circumventing module loading restrictions. Prevent that if any of
|
||||
these features are enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/platform/x86/asus-wmi.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index 3c6ccedc82b6..960c46536c65 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1592,6 +1592,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
||||
|
||||
if (err < 0)
|
||||
@@ -1608,6 +1611,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||
int err;
|
||||
u32 retval = -1;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
||||
&retval);
|
||||
|
||||
@@ -1632,6 +1638,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||
union acpi_object *obj;
|
||||
acpi_status status;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 9a56e8715d3b6dc84989997f34b6b5d407cabad2 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
to be subverted, avoiding module loading restrictions. Prevent this when
|
||||
any restrictions have been imposed on loading modules.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
drivers/char/mem.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index cdf839f9defe..c63cf93b00eb 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
if (p != *ppos)
|
||||
return -EFBIG;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!valid_phys_addr_range(p, count))
|
||||
return -EFAULT;
|
||||
|
||||
@@ -502,6 +505,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
|
||||
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
|
||||
int err = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 8d6faa19bbbaa4df411becda7e40c4ea0684c134 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
|
||||
loading is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
loading modules. Disable it in that case.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||
---
|
||||
drivers/acpi/osl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index bad25b070fe0..0606585e8b93 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
- if (acpi_rsdp)
|
||||
+ if (acpi_rsdp && !secure_modules())
|
||||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 1ff86ddea019f543f6668b56889f86811028f303 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
|
||||
loading restrictions
|
||||
|
||||
kexec permits the loading and execution of arbitrary code in ring 0, which
|
||||
is something that module signing enforcement is meant to prevent. It makes
|
||||
sense to disable kexec in this situation.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
kernel/kexec.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index 4b8f0c925884..df14daa323a9 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -34,6 +34,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -947,6 +948,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
+ * kexec can be used to circumvent module loading restrictions, so
|
||||
+ * prevent loading in that case
|
||||
+ */
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
+ /*
|
||||
* Verify we have a legal set of flags
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 4d56368f1364b45c18067bab1d6abc5ce0f67183 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||
Subject: [PATCH 09/14] x86: Restrict MSR access when module loading is
|
||||
restricted
|
||||
|
||||
Writing to MSRs should not be allowed if module loading is restricted,
|
||||
since it could lead to execution of arbitrary code in kernel mode. Based
|
||||
on a patch by Kees Cook.
|
||||
|
||||
Cc: Kees Cook <keescook@chromium.org>
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/msr.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
|
||||
index c9603ac80de5..8bef43fc3f40 100644
|
||||
--- a/arch/x86/kernel/msr.c
|
||||
+++ b/arch/x86/kernel/msr.c
|
||||
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
|
||||
int err = 0;
|
||||
ssize_t bytes = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (count % 8)
|
||||
return -EINVAL; /* Invalid chunk size */
|
||||
|
||||
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
|
||||
err = -EBADF;
|
||||
break;
|
||||
}
|
||||
+ if (secure_modules()) {
|
||||
+ err = -EPERM;
|
||||
+ break;
|
||||
+ }
|
||||
if (copy_from_user(®s, uregs, sizeof regs)) {
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From aab8ba85241a85a0b2ed622edd7874c74cafa496 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
||||
Subject: [PATCH 10/14] Add option to automatically enforce module signatures
|
||||
when in Secure Boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
require that all kernel modules also be signed. Add a configuration option
|
||||
that enforces this automatically when enabled.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
Documentation/x86/zero-page.txt | 2 ++
|
||||
arch/x86/Kconfig | 10 ++++++++++
|
||||
arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
|
||||
arch/x86/include/uapi/asm/bootparam.h | 3 ++-
|
||||
arch/x86/kernel/setup.c | 6 ++++++
|
||||
include/linux/module.h | 6 ++++++
|
||||
kernel/module.c | 7 +++++++
|
||||
7 files changed, 69 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||
index 199f453cb4de..ec38acf00b40 100644
|
||||
--- a/Documentation/x86/zero-page.txt
|
||||
+++ b/Documentation/x86/zero-page.txt
|
||||
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
|
||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||
(below)
|
||||
+1EB/001 ALL kbd_status Numlock is enabled
|
||||
+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
|
||||
1EF/001 ALL sentinel Used to detect broken bootloaders
|
||||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||
2D0/A00 ALL e820_map E820 memory map table
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index d24887b645dc..870aac9520b3 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1557,6 +1557,16 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
+config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ def_bool n
|
||||
+ prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
+ ---help---
|
||||
+ UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
+ firmware will only load signed bootloaders and kernels. Certain
|
||||
+ use cases may also require that all kernel modules also be signed.
|
||||
+ Say Y here to automatically enable module signature enforcement
|
||||
+ when a system boots with UEFI Secure Boot enabled.
|
||||
+
|
||||
config SECCOMP
|
||||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 0331d765c2bb..85defaf5a27c 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <asm/efi.h>
|
||||
#include <asm/setup.h>
|
||||
#include <asm/desc.h>
|
||||
+#include <asm/bootparam_utils.h>
|
||||
|
||||
#undef memcpy /* Use memcpy from misc.c */
|
||||
|
||||
@@ -809,6 +810,37 @@ out:
|
||||
return status;
|
||||
}
|
||||
|
||||
+static int get_secure_boot(void)
|
||||
+{
|
||||
+ u8 sb, setup;
|
||||
+ unsigned long datasize = sizeof(sb);
|
||||
+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
+ efi_status_t status;
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (sb == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"SetupMode", &var_guid, NULL, &datasize,
|
||||
+ &setup);
|
||||
+
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (setup == 1)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*
|
||||
* See if we have Graphics Output Protocol
|
||||
*/
|
||||
@@ -1372,6 +1404,10 @@ struct boot_params *efi_main(struct efi_config *c,
|
||||
else
|
||||
setup_boot_services32(efi_early);
|
||||
|
||||
+ sanitize_boot_params(boot_params);
|
||||
+
|
||||
+ boot_params->secure_boot = get_secure_boot();
|
||||
+
|
||||
setup_graphics(boot_params);
|
||||
|
||||
setup_efi_pci(boot_params);
|
||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
||||
index 225b0988043a..90dbfb73e11f 100644
|
||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
||||
@@ -133,7 +133,8 @@ struct boot_params {
|
||||
__u8 eddbuf_entries; /* 0x1e9 */
|
||||
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
|
||||
__u8 kbd_status; /* 0x1eb */
|
||||
- __u8 _pad5[3]; /* 0x1ec */
|
||||
+ __u8 secure_boot; /* 0x1ec */
|
||||
+ __u8 _pad5[2]; /* 0x1ed */
|
||||
/*
|
||||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
||||
*
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 78a0e6298922..8ecfec85e527 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1142,6 +1142,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
io_delay_init();
|
||||
|
||||
+#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
+ if (boot_params.secure_boot) {
|
||||
+ enforce_signed_modules();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
||||
*/
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index fc9b54eb779e..7377bc851461 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
|
||||
struct notifier_block;
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+extern void enforce_signed_modules(void);
|
||||
+#else
|
||||
+static inline void enforce_signed_modules(void) {};
|
||||
+#endif
|
||||
+
|
||||
#ifdef CONFIG_MODULES
|
||||
|
||||
extern int modules_disabled; /* for sysctl */
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index fc14f48915dd..2d68d276f3b6 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -3844,6 +3844,13 @@ void module_layout(struct module *mod,
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+void enforce_signed_modules(void)
|
||||
+{
|
||||
+ sig_enforce = true;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
bool secure_modules(void)
|
||||
{
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From eae8a80ddc185b3f233e2620dbfc6454b6f0c3a6 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||
Subject: [PATCH 11/14] efi: Disable secure boot if shim is in insecure mode
|
||||
|
||||
A user can manually tell the shim boot loader to disable validation of
|
||||
images it loads. When a user does this, it creates a UEFI variable called
|
||||
MokSBState that does not have the runtime attribute set. Given that the
|
||||
user explicitly disabled validation, we can honor that and not enable
|
||||
secure boot mode if that variable is set.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
|
||||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 85defaf5a27c..b4013a4ba005 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -812,8 +812,9 @@ out:
|
||||
|
||||
static int get_secure_boot(void)
|
||||
{
|
||||
- u8 sb, setup;
|
||||
+ u8 sb, setup, moksbstate;
|
||||
unsigned long datasize = sizeof(sb);
|
||||
+ u32 attr;
|
||||
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
|
||||
efi_status_t status;
|
||||
|
||||
@@ -837,6 +838,23 @@ static int get_secure_boot(void)
|
||||
if (setup == 1)
|
||||
return 0;
|
||||
|
||||
+ /* See if a user has put shim into insecure_mode. If so, and the variable
|
||||
+ * doesn't have the runtime attribute set, we might as well honor that.
|
||||
+ */
|
||||
+ var_guid = EFI_SHIM_LOCK_GUID;
|
||||
+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
|
||||
+ L"MokSBState", &var_guid, &attr, &datasize,
|
||||
+ &moksbstate);
|
||||
+
|
||||
+ /* If it fails, we don't care why. Default to secure */
|
||||
+ if (status != EFI_SUCCESS)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
|
||||
+ if (moksbstate == 1)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 9728a4f49b284b7354876e1d77174d5838306e21 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:28:43 -0400
|
||||
Subject: [PATCH 12/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
|
||||
The functionality of the config option is dependent upon the platform being
|
||||
UEFI based. Reflect this in the config deps.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/Kconfig | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 870aac9520b3..7aecd3f9f8ee 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1558,7 +1558,8 @@ config EFI_MIXED
|
||||
If unsure, say N.
|
||||
|
||||
config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
- def_bool n
|
||||
+ def_bool n
|
||||
+ depends on EFI
|
||||
prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
---help---
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 4211b4919b8ccecc4f4cdc0a46ead7294478b687 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:33:03 -0400
|
||||
Subject: [PATCH 13/14] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
for use with efi_enabled.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
arch/x86/kernel/setup.c | 2 ++
|
||||
include/linux/efi.h | 1 +
|
||||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 8ecfec85e527..5ce785fc9f05 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1144,7 +1144,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
if (boot_params.secure_boot) {
|
||||
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
|
||||
enforce_signed_modules();
|
||||
+ pr_info("Secure boot enabled\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 41bbf8ba4ba8..e73f391fd3c8 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -917,6 +917,7 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||
#define EFI_MEMMAP 4 /* Can we use EFI memory map? */
|
||||
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
|
||||
#define EFI_ARCH_1 6 /* First arch-specific bit */
|
||||
+#define EFI_SECURE_BOOT 7 /* Are we in Secure Boot mode? */
|
||||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
||||
From 18b50c6f0597b606cb03cbd8a9fdef7478cb2b21 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 20 Jun 2014 08:53:24 -0400
|
||||
Subject: [PATCH 14/14] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
so until we can work with signed hibernate images we disable it in
|
||||
a secure modules environment.
|
||||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
kernel/power/hibernate.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index fcc2611d3f14..61711801a9c4 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/genhd.h>
|
||||
+#include <linux/module.h>
|
||||
#include <trace/events/power.h>
|
||||
|
||||
#include "power.h"
|
||||
@@ -65,7 +66,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
|
||||
bool hibernation_available(void)
|
||||
{
|
||||
- return (nohibernate == 0);
|
||||
+ return ((nohibernate == 0) && !secure_modules());
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,11 +1,19 @@
|
||||
From 2709025677a0af31e59e8ab60fa1b32dfd7057cc Mon Sep 17 00:00:00 2001
|
||||
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
|
||||
Date: Thu, 29 Jul 2010 16:46:31 -0700
|
||||
Subject: [PATCH] silence fbcon logo
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
---
|
||||
drivers/video/console/fbcon.c | 24 +++++++++++++++++-------
|
||||
1 file changed, 17 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
|
||||
index 1657b96..4c5c2be 100644
|
||||
index 57b1d44acbfe..31048a85713d 100644
|
||||
--- a/drivers/video/console/fbcon.c
|
||||
+++ b/drivers/video/console/fbcon.c
|
||||
@@ -631,13 +631,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
|
||||
@@ -638,13 +638,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
|
||||
kfree(save);
|
||||
}
|
||||
|
||||
@ -28,7 +36,7 @@ index 1657b96..4c5c2be 100644
|
||||
}
|
||||
}
|
||||
#endif /* MODULE */
|
||||
@@ -3489,6 +3491,14 @@ static int __init fb_console_init(void)
|
||||
@@ -3625,6 +3627,14 @@ static int __init fb_console_init(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -43,3 +51,6 @@ index 1657b96..4c5c2be 100644
|
||||
module_init(fb_console_init);
|
||||
|
||||
#ifdef MODULE
|
||||
--
|
||||
1.9.3
|
||||
|
||||
|
3
sources
3
sources
@ -1,3 +1,4 @@
|
||||
5c569ed649a0c9711879f333e90c5386 linux-3.16.tar.xz
|
||||
49868ce6467b35cd9ffea1120d129462 perf-man-3.16.tar.gz
|
||||
926e6e2ee0634ce53730701da749b040 patch-3.16.2.xz
|
||||
31ccda15a838f060966fe4674c703d46 patch-3.17-rc4.xz
|
||||
b1a9732a1a1401b97712490123fcfb5f patch-3.17-rc4-git4.xz
|
||||
|
@ -1,10 +1,7 @@
|
||||
Bugzilla: 971139
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
From 17109685bfce322c73a816e097b137458fbd55ae Mon Sep 17 00:00:00 2001
|
||||
From 0b054268cfba32175c108c27ccb0a913c472f389 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Jones <davej@redhat.com>
|
||||
Date: Tue, 24 Jun 2014 08:43:34 -0400
|
||||
Subject: [PATCH] Disable watchdog on virtual machines.
|
||||
Subject: [PATCH] watchdog: Disable watchdog on virtual machines.
|
||||
|
||||
For various reasons, VMs seem to trigger the soft lockup detector a lot,
|
||||
in cases where it's just not possible for a lockup to occur.
|
||||
@ -15,13 +12,16 @@ the VM for a very long time (Could be the host was under heavy load).
|
||||
|
||||
Just disable the detector on VMs.
|
||||
|
||||
Bugzilla: 971139
|
||||
Upstream-status: Fedora mustard for now
|
||||
|
||||
Signed-off-by: Dave Jones <davej@redhat.com>
|
||||
---
|
||||
kernel/watchdog.c | 29 +++++++++++++++++++++++++++++
|
||||
1 file changed, 29 insertions(+)
|
||||
|
||||
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
|
||||
index c3319bd1b040..0e3687675aaa 100644
|
||||
index a8d6914030fe..d0a8c308170d 100644
|
||||
--- a/kernel/watchdog.c
|
||||
+++ b/kernel/watchdog.c
|
||||
@@ -24,6 +24,7 @@
|
||||
@ -65,7 +65,7 @@ index c3319bd1b040..0e3687675aaa 100644
|
||||
/*
|
||||
* Hard-lockup warnings should be triggered after just a few seconds. Soft-
|
||||
* lockups can have false positives under extreme conditions. So we generally
|
||||
@@ -641,6 +668,8 @@ out:
|
||||
@@ -644,6 +671,8 @@ out:
|
||||
|
||||
void __init lockup_detector_init(void)
|
||||
{
|
71
x86-Lock-down-IO-port-access-when-module-security-is.patch
Normal file
71
x86-Lock-down-IO-port-access-when-module-security-is.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From 2fc4f31acaaf5d0c32cf7f2b85b1a348e9300660 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
||||
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO register
|
||||
space. This would potentially permit root to trigger arbitrary DMA, so lock
|
||||
it down by default.
|
||||
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/ioport.c | 5 +++--
|
||||
drivers/char/mem.c | 4 ++++
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
||||
index 4ddaf66ea35f..00b440307419 100644
|
||||
--- a/arch/x86/kernel/ioport.c
|
||||
+++ b/arch/x86/kernel/ioport.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <linux/thread_info.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/bitmap.h>
|
||||
+#include <linux/module.h>
|
||||
#include <asm/syscalls.h>
|
||||
|
||||
/*
|
||||
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||
|
||||
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
|
||||
return -EINVAL;
|
||||
- if (turn_on && !capable(CAP_SYS_RAWIO))
|
||||
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || secure_modules()))
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
|
||||
return -EINVAL;
|
||||
/* Trying to gain more privileges? */
|
||||
if (level > old) {
|
||||
- if (!capable(CAP_SYS_RAWIO))
|
||||
+ if (!capable(CAP_SYS_RAWIO) || secure_modules())
|
||||
return -EPERM;
|
||||
}
|
||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index 917403fe10da..cdf839f9defe 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -27,6 +27,7 @@
|
||||
#include <linux/export.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/aio.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
@@ -568,6 +569,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
||||
unsigned long i = *ppos;
|
||||
const char __user *tmp = buf;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (!access_ok(VERIFY_READ, buf, count))
|
||||
return -EFAULT;
|
||||
while (count-- > 0 && i < 65536) {
|
||||
--
|
||||
1.9.3
|
||||
|
43
x86-Restrict-MSR-access-when-module-loading-is-restr.patch
Normal file
43
x86-Restrict-MSR-access-when-module-loading-is-restr.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 3b102b85e9730a71903dc45e0e7694fd0e6e5a8a Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
|
||||
|
||||
Writing to MSRs should not be allowed if module loading is restricted,
|
||||
since it could lead to execution of arbitrary code in kernel mode. Based
|
||||
on a patch by Kees Cook.
|
||||
|
||||
Cc: Kees Cook <keescook@chromium.org>
|
||||
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
---
|
||||
arch/x86/kernel/msr.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
|
||||
index c9603ac80de5..8bef43fc3f40 100644
|
||||
--- a/arch/x86/kernel/msr.c
|
||||
+++ b/arch/x86/kernel/msr.c
|
||||
@@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
|
||||
int err = 0;
|
||||
ssize_t bytes = 0;
|
||||
|
||||
+ if (secure_modules())
|
||||
+ return -EPERM;
|
||||
+
|
||||
if (count % 8)
|
||||
return -EINVAL; /* Invalid chunk size */
|
||||
|
||||
@@ -150,6 +153,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
|
||||
err = -EBADF;
|
||||
break;
|
||||
}
|
||||
+ if (secure_modules()) {
|
||||
+ err = -EPERM;
|
||||
+ break;
|
||||
+ }
|
||||
if (copy_from_user(®s, uregs, sizeof regs)) {
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
1.9.3
|
||||
|
Loading…
Reference in New Issue
Block a user