The driver is needed for testing purposes, enable it on the architectures
where EFI is supported. Also, disallow access to the registered device if
the kernel is locked down.
Fedora has been carrying this patch for a very long time as
a workaround for MacBook Airs1,1. We've also gotten smarter
about detection (see d79e141c1c6e ("Input: i8042 - Trust
firmware a bit more when probing on X86")) so let's try
dropping this.
[ -n ] doesn't work on unquoted variables. The variable either needs to
get quoted or use [[ ]]. Without this the script always defines buildid.
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Upstream finally merged the lockdown patches, adjust the SysRq patch to
work with the upstreamed version.
Signed-off-by: Jeremy Cline <jcline@redhat.com>
This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.
Upstream renamed the setting to DEBUG_KMEMLEAK_MEM_POOL_SIZE in upstream
commit c5665868183f and changed the default to 16000 in upstream commit
b751c52bb587.
This patch from 2013 stops the i915 driver from spitting out WARNs in
some cases, but nearly the same thing can be achieved with the
``verbose_state_checks=false`` module option added in 2014. With the
module setting the issue results in a log message at error level rather
than the debug level set by this patch. However, it's not known if this
is still a common issue. It seems worth the cost of (maybe) a few more
bug reports about new error-level logs to drop the patch.
To start with, we're going to leave ``verbose_state_checks=true`` (the
default), but if we run into a lot of WARNs we will turn it off.
We've come a long way. Let's just leave these drivers alone.
Banish the drivers to mod-extra to ensure they really don't
get loaded.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've been carrying this patch for years. If someone wants to
do the work to get it upstream, they are welcome to do so.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've been carrying a patch to make CPUMASK_OFFSTACK selectable
without debugging for a long time now. The comment said this was
going to be replaced with something else but that never seemed
to happen. We're carrying it to have a higher number of CPUs but
at this point, adjusting NR_CPUS doesn't really get us that much
benfit. Drop the patch and just use 8192 or NR_CPUS on x86.
Signed-off-by: Laura Abbott <labbott@redhat.com>