[linux] 01/04: Update to 4.11-rc6
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Apr 19 23:53:32 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch master
in repository linux.
commit f26f2a520dba14faf15a49c868fe32a05cc4f26e
Author: Lukas Wunner <lukas at wunner.de>
Date: Wed Apr 19 11:30:57 2017 +0200
Update to 4.11-rc6
Remove merged patches and rebase remaining patches.
A portion of the secureboot patches have been upstreamed, but were
changed substantially during review, primarily to avoid code
duplication among arches. I've stripped the patches of the merged
bits and rebased the remainder.
Signed-off-by: Lukas Wunner <lukas at wunner.de>
[bwh: Undo some incorrect context changes in
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch]
---
debian/changelog | 6 +
...-busy-polling-mode-when-GPE-is-not-enable.patch | 167 ---------------------
...emove-redundant-log-messages-from-drivers.patch | 106 ++++++-------
...le_softdep-declarations-for-hard-coded-cr.patch | 16 --
...-fix-overflow-in-check-for-priv-area-size.patch | 34 -----
...ket-fix-overflow-in-check-for-tp_frame_nr.patch | 31 ----
...cket-fix-overflow-in-check-for-tp_reserve.patch | 27 ----
...sg-check-length-passed-to-sg_next_cmd_len.patch | 29 ----
...eevent-fix-use-of-uninitialized-variables.patch | 20 ---
...e-xfrm_msg_newae-incoming-esn-size-harder.patch | 34 -----
..._newae-xfrma_replay_esn_val-replay_window.patch | 42 ------
...-alpha-move-exports-to-actual-definitions.patch | 2 +-
.../arm64/rtc-tegra-implement-clock-handling.patch | 120 ---------------
.../revert-m68k-move-exports-to-definitions.patch | 6 +-
...4.h-fix-condition-for-including-cpudata.h.patch | 30 ----
...-select-dw_dmac_core-since-it-s-mandatory.patch | 107 -------------
...eger-overflow-in-vmw_surface_define_ioctl.patch | 33 ----
.../kvm-fix-page-struct-leak-in-handle_vmon.patch | 40 -----
...6-acer-wmi-setup-accelerometer-when-machi.patch | 79 ----------
...r-dereference-in-vmw_surface_define_ioctl.patch | 29 ----
...xen-fix-apic-id-mismatch-warning-on-intel.patch | 57 -------
...on-t-warn-about-expected-w+x-pages-on-xen.patch | 2 +-
debian/patches/debian/fjes-disable-autoload.patch | 2 +-
debian/patches/debian/kernelvariables.patch | 2 +-
.../patches/debian/sched-autogroup-disabled.patch | 4 +-
.../debian/time-mark-timer_stats-as-broken.patch | 21 ---
debian/patches/debian/tools-perf-version.patch | 5 +-
debian/patches/debian/version.patch | 8 +-
.../patches/debian/yama-disable-by-default.patch | 2 +-
debian/patches/features/all/aufs4/aufs4-mmap.patch | 8 +-
...e-acpi-table-override-if-securelevel-is-s.patch | 8 +-
...to-automatically-set-securelevel-when-in-.patch | 74 +--------
...ernel-config-option-to-set-securelevel-wh.patch | 19 ---
...isable-secure-boot-if-shim-is-in-insecure.patch | 59 --------
...e-secure-boot-if-shim-is-in-insecure-mode.patch | 66 --------
.../enable-cold-boot-attack-mitigation.patch | 8 +-
...wn-io-port-access-when-securelevel-is-ena.patch | 2 +-
...ris-omnia-add-support-for-ethernet-switch.patch | 102 -------------
debian/patches/series | 19 ---
39 files changed, 93 insertions(+), 1333 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index cf44423..da354eb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+linux (4.11~rc6-1~exp1) UNRELEASED; urgency=medium
+
+ * New upstream release candidate
+
+ -- Lukas Wunner <lukas at wunner.de> Sun, 16 Apr 2017 16:09:27 +0200
+
linux (4.10.7-1~exp1) experimental; urgency=medium
* New upstream stable update:
diff --git a/debian/patches/bugfix/all/ACPI-EC-Use-busy-polling-mode-when-GPE-is-not-enable.patch b/debian/patches/bugfix/all/ACPI-EC-Use-busy-polling-mode-when-GPE-is-not-enable.patch
deleted file mode 100644
index ad94bb5..0000000
--- a/debian/patches/bugfix/all/ACPI-EC-Use-busy-polling-mode-when-GPE-is-not-enable.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-From: Lv Zheng <lv.zheng at intel.com>
-Date: Fri, 20 Jan 2017 16:42:48 +0800
-Subject: ACPI / EC: Use busy polling mode when GPE is not enabled
-Origin: https://git.kernel.org/linus/c3a696b6e8f8f75f9f75e556a9f9f6472eae2655
-Bug: https://bugzilla.kernel.org/show_bug.cgi?id=191561
-Bug-Debian: https://bugs.debian.org/846792
-
-When GPE is not enabled, it is not efficient to use the wait polling mode
-as it introduces an unexpected scheduler delay.
-So before the GPE handler is installed, this patch uses busy polling mode
-for all EC(s) and the logic can be applied to non boot EC(s) during the
-suspend/resume process.
-
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=191561
-Tested-by: Jakobus Schurz <jakobus.schurz at gmail.com>
-Tested-by: Chen Yu <yu.c.chen at intel.com>
-Signed-off-by: Lv Zheng <lv.zheng at intel.com>
-Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki at intel.com>
----
- drivers/acpi/ec.c | 62 ++++++++++++++++++++++++-------------------------
- drivers/acpi/internal.h | 4 ++--
- 2 files changed, 32 insertions(+), 34 deletions(-)
-
-diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
-index 6a32cd4ec9da..c24235d8fb52 100644
---- a/drivers/acpi/ec.c
-+++ b/drivers/acpi/ec.c
-@@ -704,12 +704,12 @@ static void start_transaction(struct acpi_ec *ec)
-
- static int ec_guard(struct acpi_ec *ec)
- {
-- unsigned long guard = usecs_to_jiffies(ec_polling_guard);
-+ unsigned long guard = usecs_to_jiffies(ec->polling_guard);
- unsigned long timeout = ec->timestamp + guard;
-
- /* Ensure guarding period before polling EC status */
- do {
-- if (ec_busy_polling) {
-+ if (ec->busy_polling) {
- /* Perform busy polling */
- if (ec_transaction_completed(ec))
- return 0;
-@@ -973,6 +973,28 @@ static void acpi_ec_stop(struct acpi_ec *ec, bool suspending)
- spin_unlock_irqrestore(&ec->lock, flags);
- }
-
-+static void acpi_ec_enter_noirq(struct acpi_ec *ec)
-+{
-+ unsigned long flags;
-+
-+ spin_lock_irqsave(&ec->lock, flags);
-+ ec->busy_polling = true;
-+ ec->polling_guard = 0;
-+ ec_log_drv("interrupt blocked");
-+ spin_unlock_irqrestore(&ec->lock, flags);
-+}
-+
-+static void acpi_ec_leave_noirq(struct acpi_ec *ec)
-+{
-+ unsigned long flags;
-+
-+ spin_lock_irqsave(&ec->lock, flags);
-+ ec->busy_polling = ec_busy_polling;
-+ ec->polling_guard = ec_polling_guard;
-+ ec_log_drv("interrupt unblocked");
-+ spin_unlock_irqrestore(&ec->lock, flags);
-+}
-+
- void acpi_ec_block_transactions(void)
- {
- struct acpi_ec *ec = first_ec;
-@@ -1253,7 +1275,7 @@ acpi_ec_space_handler(u32 function, acpi_physical_address address,
- if (function != ACPI_READ && function != ACPI_WRITE)
- return AE_BAD_PARAMETER;
-
-- if (ec_busy_polling || bits > 8)
-+ if (ec->busy_polling || bits > 8)
- acpi_ec_burst_enable(ec);
-
- for (i = 0; i < bytes; ++i, ++address, ++value)
-@@ -1261,7 +1283,7 @@ acpi_ec_space_handler(u32 function, acpi_physical_address address,
- acpi_ec_read(ec, address, value) :
- acpi_ec_write(ec, address, *value);
-
-- if (ec_busy_polling || bits > 8)
-+ if (ec->busy_polling || bits > 8)
- acpi_ec_burst_disable(ec);
-
- switch (result) {
-@@ -1304,6 +1326,8 @@ static struct acpi_ec *acpi_ec_alloc(void)
- spin_lock_init(&ec->lock);
- INIT_WORK(&ec->work, acpi_ec_event_handler);
- ec->timestamp = jiffies;
-+ ec->busy_polling = true;
-+ ec->polling_guard = 0;
- return ec;
- }
-
-@@ -1365,6 +1389,7 @@ static int ec_install_handlers(struct acpi_ec *ec, bool handle_events)
- acpi_ec_start(ec, false);
-
- if (!test_bit(EC_FLAGS_EC_HANDLER_INSTALLED, &ec->flags)) {
-+ acpi_ec_enter_noirq(ec);
- status = acpi_install_address_space_handler(ec->handle,
- ACPI_ADR_SPACE_EC,
- &acpi_ec_space_handler,
-@@ -1404,6 +1429,7 @@ static int ec_install_handlers(struct acpi_ec *ec, bool handle_events)
- /* This is not fatal as we can poll EC events */
- if (ACPI_SUCCESS(status)) {
- set_bit(EC_FLAGS_GPE_HANDLER_INSTALLED, &ec->flags);
-+ acpi_ec_leave_noirq(ec);
- if (test_bit(EC_FLAGS_STARTED, &ec->flags) &&
- ec->reference_count >= 1)
- acpi_ec_enable_gpe(ec, true);
-@@ -1786,34 +1812,6 @@ int __init acpi_ec_ecdt_probe(void)
- }
-
- #ifdef CONFIG_PM_SLEEP
--static void acpi_ec_enter_noirq(struct acpi_ec *ec)
--{
-- unsigned long flags;
--
-- if (ec == first_ec) {
-- spin_lock_irqsave(&ec->lock, flags);
-- ec->saved_busy_polling = ec_busy_polling;
-- ec->saved_polling_guard = ec_polling_guard;
-- ec_busy_polling = true;
-- ec_polling_guard = 0;
-- ec_log_drv("interrupt blocked");
-- spin_unlock_irqrestore(&ec->lock, flags);
-- }
--}
--
--static void acpi_ec_leave_noirq(struct acpi_ec *ec)
--{
-- unsigned long flags;
--
-- if (ec == first_ec) {
-- spin_lock_irqsave(&ec->lock, flags);
-- ec_busy_polling = ec->saved_busy_polling;
-- ec_polling_guard = ec->saved_polling_guard;
-- ec_log_drv("interrupt unblocked");
-- spin_unlock_irqrestore(&ec->lock, flags);
-- }
--}
--
- static int acpi_ec_suspend_noirq(struct device *dev)
- {
- struct acpi_ec *ec =
-diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h
-index 0c452265c111..219b90bc0922 100644
---- a/drivers/acpi/internal.h
-+++ b/drivers/acpi/internal.h
-@@ -172,8 +172,8 @@ struct acpi_ec {
- struct work_struct work;
- unsigned long timestamp;
- unsigned long nr_pending_queries;
-- bool saved_busy_polling;
-- unsigned int saved_polling_guard;
-+ bool busy_polling;
-+ unsigned int polling_guard;
- };
-
- extern struct acpi_ec *first_ec;
---
-2.11.0
-
diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
index 2e36aee..fe0d5f1 100644
--- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
+++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
@@ -53,7 +53,7 @@ upstream submission.
/* disable MPU */
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
-@@ -918,10 +918,8 @@ static enum ucode_state request_microcod
+@@ -734,10 +734,8 @@ static enum ucode_state request_microcod
if (c->x86 >= 0x15)
snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
@@ -96,7 +96,7 @@ upstream submission.
fw_size = firmware->size / sizeof(u32);
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
-@@ -422,10 +422,8 @@ static int ath3k_load_patch(struct usb_d
+@@ -424,10 +424,8 @@ static int ath3k_load_patch(struct usb_d
le32_to_cpu(fw_version.rom_version));
ret = request_firmware(&firmware, filename, &udev->dev);
@@ -108,7 +108,7 @@ upstream submission.
pt_rom_version = get_unaligned_le32(firmware->data +
firmware->size - 8);
-@@ -485,10 +483,8 @@ static int ath3k_load_syscfg(struct usb_
+@@ -487,10 +485,8 @@ static int ath3k_load_syscfg(struct usb_
le32_to_cpu(fw_version.rom_version), clk_value, ".dfu");
ret = request_firmware(&firmware, filename, &udev->dev);
@@ -233,7 +233,7 @@ upstream submission.
where = 0;
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
-@@ -1793,10 +1793,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr
+@@ -1821,10 +1821,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr
if (ret) {
snprintf(f, sizeof(f), "nouveau/%s", fwname);
ret = request_firmware(&fw, f, device->dev);
@@ -364,9 +364,9 @@ upstream submission.
+ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev))
return -ENODEV;
- } else {
-- deb_info("%s: firmware read %Zu bytes.\n", __func__, state->frontend_firmware->size);
+- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size);
- }
-+ deb_info("%s: firmware read %Zu bytes.\n", __func__, state->frontend_firmware->size);
++ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size);
stk9090m_config.microcode_B_fe_size = state->frontend_firmware->size;
stk9090m_config.microcode_B_fe_buffer = state->frontend_firmware->data;
@@ -379,15 +379,15 @@ upstream submission.
+ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev))
return -EIO;
- } else {
-- deb_info("%s: firmware read %Zu bytes.\n", __func__, state->frontend_firmware->size);
+- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size);
- }
-+ deb_info("%s: firmware read %Zu bytes.\n", __func__, state->frontend_firmware->size);
++ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size);
nim9090md_config[0].microcode_B_fe_size = state->frontend_firmware->size;
nim9090md_config[0].microcode_B_fe_buffer = state->frontend_firmware->data;
nim9090md_config[1].microcode_B_fe_size = state->frontend_firmware->size;
--- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
+++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
-@@ -79,13 +79,9 @@ int dvb_usb_download_firmware(struct usb
+@@ -88,13 +88,9 @@ int dvb_usb_download_firmware(struct usb
int ret;
const struct firmware *fw = NULL;
@@ -439,7 +439,7 @@ upstream submission.
p = kmalloc(fw->size, GFP_KERNEL);
--- a/drivers/media/dvb-frontends/af9013.c
+++ b/drivers/media/dvb-frontends/af9013.c
-@@ -1380,16 +1380,8 @@ static int af9013_download_firmware(stru
+@@ -1376,16 +1376,8 @@ static int af9013_download_firmware(stru
/* request the firmware, this will block and timeout */
ret = request_firmware(&fw, fw_file, state->i2c->dev.parent);
@@ -491,7 +491,7 @@ upstream submission.
* during loading */
--- a/drivers/media/dvb-frontends/drxd_hard.c
+++ b/drivers/media/dvb-frontends/drxd_hard.c
-@@ -905,10 +905,8 @@ static int load_firmware(struct drxd_sta
+@@ -901,10 +901,8 @@ static int load_firmware(struct drxd_sta
{
const struct firmware *fw;
@@ -505,7 +505,7 @@ upstream submission.
if (state->microcode == NULL) {
--- a/drivers/media/dvb-frontends/drxk_hard.c
+++ b/drivers/media/dvb-frontends/drxk_hard.c
-@@ -6284,10 +6284,6 @@ static void load_firmware_cb(const struc
+@@ -6280,10 +6280,6 @@ static void load_firmware_cb(const struc
dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded");
if (!fw) {
@@ -534,7 +534,7 @@ upstream submission.
if (ret)
--- a/drivers/media/dvb-frontends/nxt200x.c
+++ b/drivers/media/dvb-frontends/nxt200x.c
-@@ -890,12 +890,8 @@ static int nxt2002_init(struct dvb_front
+@@ -886,12 +886,8 @@ static int nxt2002_init(struct dvb_front
__func__, NXT2002_DEFAULT_FIRMWARE);
ret = request_firmware(&fw, NXT2002_DEFAULT_FIRMWARE,
state->i2c->dev.parent);
@@ -548,7 +548,7 @@ upstream submission.
ret = nxt2002_load_firmware(fe, fw);
release_firmware(fw);
-@@ -957,12 +953,8 @@ static int nxt2004_init(struct dvb_front
+@@ -953,12 +949,8 @@ static int nxt2004_init(struct dvb_front
__func__, NXT2004_DEFAULT_FIRMWARE);
ret = request_firmware(&fw, NXT2004_DEFAULT_FIRMWARE,
state->i2c->dev.parent);
@@ -564,7 +564,7 @@ upstream submission.
release_firmware(fw);
--- a/drivers/media/dvb-frontends/or51132.c
+++ b/drivers/media/dvb-frontends/or51132.c
-@@ -341,10 +341,8 @@ static int or51132_set_parameters(struct
+@@ -337,10 +337,8 @@ static int or51132_set_parameters(struct
printk("or51132: Waiting for firmware upload(%s)...\n",
fwname);
ret = request_firmware(&fw, fwname, state->i2c->dev.parent);
@@ -578,7 +578,7 @@ upstream submission.
if (ret) {
--- a/drivers/media/dvb-frontends/or51211.c
+++ b/drivers/media/dvb-frontends/or51211.c
-@@ -375,11 +375,8 @@ static int or51211_init(struct dvb_front
+@@ -371,11 +371,8 @@ static int or51211_init(struct dvb_front
OR51211_DEFAULT_FIRMWARE);
ret = config->request_firmware(fe, &fw,
OR51211_DEFAULT_FIRMWARE);
@@ -629,7 +629,7 @@ upstream submission.
- __func__);
return -EIO;
} else {
- printk(KERN_INFO "%s: firmware read %Zu bytes.\n",
+ printk(KERN_INFO "%s: firmware read %zu bytes.\n",
--- a/drivers/media/dvb-frontends/tda1004x.c
+++ b/drivers/media/dvb-frontends/tda1004x.c
@@ -401,10 +401,8 @@ static int tda10045_fwupload(struct dvb_
@@ -670,7 +670,7 @@ upstream submission.
for (i = 0; i < ARRAY_SIZE(tab2); i++) {
--- a/drivers/media/pci/ngene/ngene-core.c
+++ b/drivers/media/pci/ngene/ngene-core.c
-@@ -1260,13 +1260,8 @@ static int ngene_load_firm(struct ngene
+@@ -1256,13 +1256,8 @@ static int ngene_load_firm(struct ngene
break;
}
@@ -685,7 +685,7 @@ upstream submission.
if (size == 0)
size = fw->size;
if (size != fw->size) {
-@@ -1274,8 +1269,6 @@ static int ngene_load_firm(struct ngene
+@@ -1270,8 +1265,6 @@ static int ngene_load_firm(struct ngene
": Firmware %s has invalid size!", fw_name);
err = -1;
} else {
@@ -696,7 +696,7 @@ upstream submission.
}
--- a/drivers/media/common/siano/smscoreapi.c
+++ b/drivers/media/common/siano/smscoreapi.c
-@@ -1162,10 +1162,8 @@ static int smscore_load_firmware_from_fi
+@@ -1158,10 +1158,8 @@ static int smscore_load_firmware_from_fi
return -EINVAL;
rc = request_firmware(&fw, fw_filename, coredev->device);
@@ -710,7 +710,7 @@ upstream submission.
SMS_ALLOC_ALIGNMENT), GFP_KERNEL | GFP_DMA);
--- a/drivers/media/pci/ttpci/av7110.c
+++ b/drivers/media/pci/ttpci/av7110.c
-@@ -1513,13 +1513,8 @@ static int get_firmware(struct av7110* a
+@@ -1510,13 +1510,8 @@ static int get_firmware(struct av7110* a
/* request the av7110 firmware, this will block until someone uploads it */
ret = request_firmware(&fw, "dvb-ttpci-01.fw", &av7110->dev->pci->dev);
if (ret) {
@@ -728,7 +728,7 @@ upstream submission.
--- a/drivers/media/pci/ttpci/av7110_hw.c
+++ b/drivers/media/pci/ttpci/av7110_hw.c
-@@ -250,11 +250,8 @@ int av7110_bootarm(struct av7110 *av7110
+@@ -247,11 +247,8 @@ int av7110_bootarm(struct av7110 *av7110
//saa7146_setgpio(dev, 3, SAA7146_GPIO_INPUT);
ret = request_firmware(&fw, fw_name, &dev->pci->dev);
@@ -757,7 +757,7 @@ upstream submission.
b[0] = 0xaa;
--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c
+++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c
-@@ -1348,11 +1348,8 @@ static int ttusb_dec_boot_dsp(struct ttu
+@@ -1344,11 +1344,8 @@ static int ttusb_dec_boot_dsp(struct ttu
dprintk("%s\n", __func__);
result = request_firmware(&fw_entry, dec->firmware_name, &dec->udev->dev);
@@ -772,7 +772,7 @@ upstream submission.
firmware_size = fw_entry->size;
--- a/drivers/media/radio/radio-wl1273.c
+++ b/drivers/media/radio/radio-wl1273.c
-@@ -514,11 +514,8 @@ static int wl1273_fm_upload_firmware_pat
+@@ -510,11 +510,8 @@ static int wl1273_fm_upload_firmware_pat
* Uploading the firmware patch is not always necessary,
* so we only print an info message.
*/
@@ -787,7 +787,7 @@ upstream submission.
packet_num = ptr[0];
--- a/drivers/media/radio/wl128x/fmdrv_common.c
+++ b/drivers/media/radio/wl128x/fmdrv_common.c
-@@ -1246,10 +1246,8 @@ static int fm_download_firmware(struct f
+@@ -1242,10 +1242,8 @@ static int fm_download_firmware(struct f
ret = request_firmware(&fw_entry, fw_name,
&fmdev->radio_dev->dev);
@@ -815,7 +815,7 @@ upstream submission.
btv->c.nr, (rc < 0) ? "failed" : "ok");
--- a/drivers/media/usb/cpia2/cpia2_core.c
+++ b/drivers/media/usb/cpia2/cpia2_core.c
-@@ -907,11 +907,8 @@ static int apply_vp_patch(struct camera_
+@@ -904,11 +904,8 @@ static int apply_vp_patch(struct camera_
struct cpia2_command cmd;
ret = request_firmware(&fw, fw_name, &cam->dev->dev);
@@ -830,7 +830,7 @@ upstream submission.
cmd.direction = TRANSFER_WRITE;
--- a/drivers/media/pci/cx18/cx18-av-firmware.c
+++ b/drivers/media/pci/cx18/cx18-av-firmware.c
-@@ -84,10 +84,8 @@ int cx18_av_loadfw(struct cx18 *cx)
+@@ -79,10 +79,8 @@ int cx18_av_loadfw(struct cx18 *cx)
int i;
int retries1 = 0;
@@ -844,7 +844,7 @@ upstream submission.
retries, both at byte level and at the firmware load level. */
--- a/drivers/media/pci/cx18/cx18-dvb.c
+++ b/drivers/media/pci/cx18/cx18-dvb.c
-@@ -141,9 +141,7 @@ static int yuan_mpc718_mt352_reqfw(struc
+@@ -137,9 +137,7 @@ static int yuan_mpc718_mt352_reqfw(struc
int ret;
ret = request_firmware(fw, fn, &cx->pci_dev->dev);
@@ -857,7 +857,7 @@ upstream submission.
CX18_ERR("Firmware %s has a bad size: %lu bytes\n",
--- a/drivers/media/pci/cx18/cx18-firmware.c
+++ b/drivers/media/pci/cx18/cx18-firmware.c
-@@ -106,11 +106,8 @@ static int load_cpu_fw_direct(const char
+@@ -101,11 +101,8 @@ static int load_cpu_fw_direct(const char
u32 __iomem *dst = (u32 __iomem *)mem;
const u32 *src;
@@ -870,7 +870,7 @@ upstream submission.
src = (const u32 *)fw->data;
-@@ -151,8 +148,6 @@ static int load_apu_fw_direct(const char
+@@ -146,8 +143,6 @@ static int load_apu_fw_direct(const char
int sz;
if (request_firmware(&fw, fn, &cx->pci_dev->dev)) {
@@ -881,7 +881,7 @@ upstream submission.
}
--- a/drivers/media/usb/cx231xx/cx231xx-417.c
+++ b/drivers/media/usb/cx231xx/cx231xx-417.c
-@@ -999,11 +999,6 @@ static int cx231xx_load_firmware(struct
+@@ -995,11 +995,6 @@ static int cx231xx_load_firmware(struct
dev->dev);
if (retval != 0) {
@@ -925,7 +925,7 @@ upstream submission.
release_firmware(fw);
--- a/drivers/media/i2c/cx25840/cx25840-firmware.c
+++ b/drivers/media/i2c/cx25840/cx25840-firmware.c
-@@ -126,10 +126,8 @@ int cx25840_loadfw(struct i2c_client *cl
+@@ -122,10 +122,8 @@ int cx25840_loadfw(struct i2c_client *cl
if (is_cx231xx(state) && max_buf_size > 16)
max_buf_size = 16;
@@ -955,7 +955,7 @@ upstream submission.
pr_err("Firmware size mismatch (have %zd, expected %d)\n",
--- a/drivers/media/usb/gspca/vicam.c
+++ b/drivers/media/usb/gspca/vicam.c
-@@ -243,10 +243,8 @@ static int sd_init(struct gspca_dev *gsp
+@@ -239,10 +239,8 @@ static int sd_init(struct gspca_dev *gsp
ret = request_ihex_firmware(&fw, VICAM_FIRMWARE,
&gspca_dev->dev->dev);
@@ -980,7 +980,7 @@ upstream submission.
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
-@@ -1381,25 +1381,6 @@ static int pvr2_locate_firmware(struct p
+@@ -1377,25 +1377,6 @@ static int pvr2_locate_firmware(struct p
"request_firmware fatal error with code=%d",ret);
return ret;
}
@@ -1008,7 +1008,7 @@ upstream submission.
--- a/drivers/media/usb/s2255/s2255drv.c
+++ b/drivers/media/usb/s2255/s2255drv.c
-@@ -2308,10 +2308,8 @@ static int s2255_probe(struct usb_interf
+@@ -2304,10 +2304,8 @@ static int s2255_probe(struct usb_interf
}
/* load the first chunk */
if (request_firmware(&dev->fw_data->fw,
@@ -1036,7 +1036,7 @@ upstream submission.
release_firmware(fw_blob);
--- a/drivers/media/pci/saa7164/saa7164-fw.c
+++ b/drivers/media/pci/saa7164/saa7164-fw.c
-@@ -420,11 +420,8 @@ int saa7164_downloadfirmware(struct saa7
+@@ -416,11 +416,8 @@ int saa7164_downloadfirmware(struct saa7
__func__, fwname);
ret = request_firmware(&fw, fwname, &dev->pci->dev);
@@ -1047,7 +1047,7 @@ upstream submission.
return -ENOMEM;
- }
- printk(KERN_INFO "%s() firmware read %Zu bytes.\n",
+ printk(KERN_INFO "%s() firmware read %zu bytes.\n",
__func__, fw->size);
--- a/drivers/misc/ti-st/st_kim.c
+++ b/drivers/misc/ti-st/st_kim.c
@@ -1161,7 +1161,7 @@ upstream submission.
if (bp->mips_firmware->size < sizeof(*mips_fw) ||
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
-@@ -13492,11 +13492,8 @@ static int bnx2x_init_firmware(struct bn
+@@ -13490,11 +13490,8 @@ static int bnx2x_init_firmware(struct bn
BNX2X_DEV_INFO("Loading %s\n", fw_file_name);
rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev);
@@ -1176,7 +1176,7 @@ upstream submission.
if (rc) {
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
-@@ -11349,11 +11349,8 @@ static int tg3_request_firmware(struct t
+@@ -11350,11 +11350,8 @@ static int tg3_request_firmware(struct t
{
const struct tg3_firmware_hdr *fw_hdr;
@@ -1259,7 +1259,7 @@ upstream submission.
netif_info(nic, probe, nic->netdev,
--- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
+++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
-@@ -596,8 +596,6 @@ static int myri10ge_load_hotplug_firmwar
+@@ -581,8 +581,6 @@ static int myri10ge_load_hotplug_firmwar
unsigned i;
if ((status = request_firmware(&fw, mgp->fw_name, dev)) < 0) {
@@ -1270,7 +1270,7 @@ upstream submission.
}
--- a/drivers/net/ethernet/smsc/smc91c92_cs.c
+++ b/drivers/net/ethernet/smsc/smc91c92_cs.c
-@@ -646,10 +646,8 @@ static int osi_load_firmware(struct pcmc
+@@ -647,10 +647,8 @@ static int osi_load_firmware(struct pcmc
int i, err;
err = request_firmware(&fw, FIRMWARE_NAME, &link->dev);
@@ -1509,13 +1509,13 @@ upstream submission.
else
--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
-@@ -224,10 +224,8 @@ static int iwl_request_firmware(struct i
+@@ -222,10 +222,8 @@ static int iwl_request_firmware(struct i
sprintf(tag, "%d", drv->fw_index);
}
-- if (drv->fw_index < drv->cfg->ucode_api_min) {
+- if (drv->fw_index < drv->trans->cfg->ucode_api_min) {
- IWL_ERR(drv, "no suitable firmware found!\n");
-+ if (drv->fw_index < drv->cfg->ucode_api_min)
++ if (drv->fw_index < drv->trans->cfg->ucode_api_min)
return -ENOENT;
- }
@@ -1534,7 +1534,7 @@ upstream submission.
}
--- a/drivers/net/wireless/marvell/mwifiex/main.c
+++ b/drivers/net/wireless/marvell/mwifiex/main.c
-@@ -524,11 +524,8 @@ static void mwifiex_fw_dpc(const struct
+@@ -521,11 +521,8 @@ static void mwifiex_fw_dpc(const struct
struct wireless_dev *wdev;
struct completion *fw_done = adapter->fw_done;
@@ -1628,7 +1628,7 @@ upstream submission.
--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
-@@ -1667,7 +1667,6 @@ static int ezusb_probe(struct usb_interf
+@@ -1665,7 +1665,6 @@ static int ezusb_probe(struct usb_interf
if (ezusb_firmware_download(upriv, &firmware) < 0)
goto error;
} else {
@@ -1906,7 +1906,7 @@ upstream submission.
}
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
-@@ -5652,8 +5652,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
+@@ -6420,8 +6420,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
/* Load firmware blob. */
blob = qla2x00_request_firmware(vha);
if (!blob) {
@@ -1915,7 +1915,7 @@ upstream submission.
ql_log(ql_log_info, vha, 0x0084,
"Firmware images can be retrieved from: "QLA_FW_URL ".\n");
return QLA_FUNCTION_FAILED;
-@@ -5755,8 +5753,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
+@@ -6523,8 +6521,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
/* Load firmware blob. */
blob = qla2x00_request_firmware(vha);
if (!blob) {
@@ -1941,7 +1941,7 @@ upstream submission.
if (qla82xx_validate_firmware_blob(vha,
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
-@@ -5841,8 +5841,6 @@ qla2x00_request_firmware(scsi_qla_host_t
+@@ -5956,8 +5956,6 @@ qla2x00_request_firmware(scsi_qla_host_t
goto out;
if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) {
@@ -2316,7 +2316,7 @@ upstream submission.
}
--- a/drivers/usb/serial/io_edgeport.c
+++ b/drivers/usb/serial/io_edgeport.c
-@@ -299,11 +299,8 @@ static void update_edgeport_E2PROM(struc
+@@ -379,11 +379,8 @@ static void update_edgeport_E2PROM(struc
response = request_ihex_firmware(&fw, fw_name,
&edge_serial->serial->dev->dev);
@@ -2342,7 +2342,7 @@ upstream submission.
--- a/drivers/usb/serial/ti_usb_3410_5052.c
+++ b/drivers/usb/serial/ti_usb_3410_5052.c
-@@ -1706,10 +1706,8 @@ static int ti_download_firmware(struct t
+@@ -1702,10 +1702,8 @@ static int ti_download_firmware(struct t
}
check_firmware:
@@ -2445,7 +2445,7 @@ upstream submission.
snd_printk(KERN_INFO "sscape: MIDI firmware loaded %zu KBs\n",
--- a/sound/isa/wavefront/wavefront_synth.c
+++ b/sound/isa/wavefront/wavefront_synth.c
-@@ -1956,10 +1956,8 @@ wavefront_download_firmware (snd_wavefro
+@@ -1957,10 +1957,8 @@ wavefront_download_firmware (snd_wavefro
const struct firmware *firmware;
err = request_firmware(&firmware, path, dev->card->dev);
@@ -2499,7 +2499,7 @@ upstream submission.
snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®);
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
-@@ -1815,10 +1815,8 @@ static void azx_firmware_cb(const struct
+@@ -1827,10 +1827,8 @@ static void azx_firmware_cb(const struct
struct azx *chip = card->private_data;
struct pci_dev *pci = chip->pci;
diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
index 83360e9..af00757 100644
--- a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
+++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
@@ -16,22 +16,6 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
MODULE_LICENSE("GPL");
+MODULE_SOFTDEP("pre: crypto-crc32c");
---- a/fs/cifs/cifsfs.c
-+++ b/fs/cifs/cifsfs.c
-@@ -1365,5 +1365,13 @@ MODULE_DESCRIPTION
- ("VFS to access servers complying with the SNIA CIFS Specification "
- "e.g. Samba and Windows");
- MODULE_VERSION(CIFS_VERSION);
-+
-+#ifdef CONFIG_CIFS_SMB2
-+#define CIFS_SMB2_EXTRA_SOFTDEPS " crypto-aes crypto-cmac crypto-sha256"
-+#else
-+#define CIFS_SMB2_EXTRA_SOFTDEPS ""
-+#endif
-+MODULE_SOFTDEP("pre: crypto-arc4 crypto-des crypto-ecb crypto-hmac crypto-md4 crypto-md5" CIFS_SMB2_EXTRA_SOFTDEPS);
-+
- module_init(init_cifs)
- module_exit(exit_cifs)
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -614,3 +614,4 @@ static void __exit fscrypt_exit(void)
diff --git a/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch b/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch
deleted file mode 100644
index 51b6937..0000000
--- a/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Andrey Konovalov <andreyknvl at google.com>
-Date: Wed, 29 Mar 2017 16:11:20 +0200
-Subject: net/packet: fix overflow in check for priv area size
-Origin: https://patchwork.ozlabs.org/patch/744811/
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7308
-
-Subtracting tp_sizeof_priv from tp_block_size and casting to int
-to check whether one is less then the other doesn't always work
-(both of them are unsigned ints).
-
-Compare them as is instead.
-
-Also cast tp_sizeof_priv to u64 before using BLK_PLUS_PRIV, as
-it can overflow inside BLK_PLUS_PRIV otherwise.
-
-Signed-off-by: Andrey Konovalov <andreyknvl at google.com>
-Acked-by: Eric Dumazet <edumazet at google.com>
----
- net/packet/af_packet.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-@@ -4235,8 +4235,8 @@ static int packet_set_ring(struct sock *
- if (unlikely(!PAGE_ALIGNED(req->tp_block_size)))
- goto out;
- if (po->tp_version >= TPACKET_V3 &&
-- (int)(req->tp_block_size -
-- BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
-+ req->tp_block_size <=
-+ BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv))
- goto out;
- if (unlikely(req->tp_frame_size < po->tp_hdrlen +
- po->tp_reserve))
diff --git a/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch b/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch
deleted file mode 100644
index 02434c8..0000000
--- a/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Andrey Konovalov <andreyknvl at google.com>
-Date: Wed, 29 Mar 2017 16:11:21 +0200
-Subject: net/packet: fix overflow in check for tp_frame_nr
-Origin: https://patchwork.ozlabs.org/patch/744812/
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7308
-
-When calculating rb->frames_per_block * req->tp_block_nr the result
-can overflow.
-
-Add a check that tp_block_size * tp_block_nr <= UINT_MAX.
-
-Since frames_per_block <= tp_block_size, the expression would
-never overflow.
-
-Signed-off-by: Andrey Konovalov <andreyknvl at google.com>
-Acked-by: Eric Dumazet <edumazet at google.com>
----
- net/packet/af_packet.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-@@ -4247,6 +4247,8 @@ static int packet_set_ring(struct sock *
- rb->frames_per_block = req->tp_block_size / req->tp_frame_size;
- if (unlikely(rb->frames_per_block == 0))
- goto out;
-+ if (unlikely(req->tp_block_size > UINT_MAX / req->tp_block_nr))
-+ goto out;
- if (unlikely((rb->frames_per_block * req->tp_block_nr) !=
- req->tp_frame_nr))
- goto out;
diff --git a/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch b/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch
deleted file mode 100644
index 491c30a..0000000
--- a/debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Andrey Konovalov <andreyknvl at google.com>
-Date: Wed, 29 Mar 2017 16:11:22 +0200
-Subject: net/packet: fix overflow in check for tp_reserve
-Origin: https://patchwork.ozlabs.org/patch/744813/
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7308
-
-When calculating po->tp_hdrlen + po->tp_reserve the result can overflow.
-
-Fix by checking that tp_reserve <= INT_MAX on assign.
-
-Signed-off-by: Andrey Konovalov <andreyknvl at google.com>
-Acked-by: Eric Dumazet <edumazet at google.com>
----
- net/packet/af_packet.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-@@ -3702,6 +3702,8 @@ packet_setsockopt(struct socket *sock, i
- return -EBUSY;
- if (copy_from_user(&val, optval, sizeof(val)))
- return -EFAULT;
-+ if (val > INT_MAX)
-+ return -EINVAL;
- po->tp_reserve = val;
- return 0;
- }
diff --git a/debian/patches/bugfix/all/scsi-sg-check-length-passed-to-sg_next_cmd_len.patch b/debian/patches/bugfix/all/scsi-sg-check-length-passed-to-sg_next_cmd_len.patch
deleted file mode 100644
index 7def878..0000000
--- a/debian/patches/bugfix/all/scsi-sg-check-length-passed-to-sg_next_cmd_len.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: peter chang <dpf at google.com>
-Date: Wed, 15 Feb 2017 14:11:54 -0800
-Subject: scsi: sg: check length passed to SG_NEXT_CMD_LEN
-Origin: https://git.kernel.org/cgit/linux/kernel/git/mkp/scsi.git/commit?id=bf33f87dd04c371ea33feb821b60d63d754e3124
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7187
-
-The user can control the size of the next command passed along, but the
-value passed to the ioctl isn't checked against the usable max command
-size.
-
-Cc: <stable at vger.kernel.org>
-Signed-off-by: Peter Chang <dpf at google.com>
-Acked-by: Douglas Gilbert <dgilbert at interlog.com>
-Signed-off-by: Martin K. Petersen <martin.petersen at oracle.com>
----
- drivers/scsi/sg.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/drivers/scsi/sg.c
-+++ b/drivers/scsi/sg.c
-@@ -998,6 +998,8 @@ sg_ioctl(struct file *filp, unsigned int
- result = get_user(val, ip);
- if (result)
- return result;
-+ if (val > SG_MAX_CDB_SIZE)
-+ return -ENOMEM;
- sfp->next_cmd_len = (val > 0) ? val : 0;
- return 0;
- case SG_GET_VERSION_NUM:
diff --git a/debian/patches/bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch b/debian/patches/bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
index a3564d7..a9f91a3 100644
--- a/debian/patches/bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
+++ b/debian/patches/bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
@@ -12,16 +12,6 @@ Fix a number of correct warnings from gcc:
'index' is initialized only if indentation is wanted. Move the
printing of indentation using 'index' into the same if-statement.
-> kbuffer-parse.c:339:27: warning: 'length' may be used uninitialized in this function [-Wmaybe-uninitialized]
-> kbuf->next = kbuf->index + length;
-> ^
-> kbuffer-parse.c:297:15: note: 'length' was declared here
-> unsigned int length;
-> ^
-
-'length' is not initialized when handling an OLD_RINGBUF_TYPE_TIME_EXTEND
-record. Based on what trace-cmd does, set length = 0 in this case.
-
> kbuffer-parse.c: In function 'kbuffer_read_at_offset':
> kbuffer-parse.c:632:9: warning: 'data' may be used uninitialized in this function [-Wmaybe-uninitialized]
> return data;
@@ -33,16 +23,6 @@ large.
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
---- a/tools/lib/traceevent/kbuffer-parse.c
-+++ b/tools/lib/traceevent/kbuffer-parse.c
-@@ -314,6 +314,7 @@ static unsigned int old_update_pointers(
- extend <<= TS_SHIFT;
- extend += delta;
- delta = extend;
-+ length = 0;
- ptr += 4;
- break;
-
@@ -613,7 +614,7 @@ unsigned long long kbuffer_timestamp(str
void *kbuffer_read_at_offset(struct kbuffer *kbuf, int offset,
unsigned long long *ts)
diff --git a/debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch b/debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch
deleted file mode 100644
index faf3861..0000000
--- a/debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Andy Whitcroft <apw at canonical.com>
-Date: Thu, 23 Mar 2017 07:45:44 +0000
-Subject: [PATCH 2/2] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size
- harder
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7184
-
-Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to
-wrapping issues. To ensure we are correctly ensuring that the two ESN
-structures are the same size compare both the overall size as reported
-by xfrm_replay_state_esn_len() and the internal length are the same.
-
-CVE-2017-7184
-Signed-off-by: Andy Whitcroft <apw at canonical.com>
----
- net/xfrm/xfrm_user.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
-index 81c4112..87e0c22 100644
---- a/net/xfrm/xfrm_user.c
-+++ b/net/xfrm/xfrm_user.c
-@@ -412,7 +412,11 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es
- up = nla_data(rp);
- ulen = xfrm_replay_state_esn_len(up);
-
-- if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
-+ /* Check the overall length and the internal bitmap length to avoid
-+ * potential overflow. */
-+ if (nla_len(rp) < ulen ||
-+ xfrm_replay_state_esn_len(replay_esn) != ulen ||
-+ replay_esn->bmp_len != up->bmp_len)
- return -EINVAL;
-
- if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)
diff --git a/debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch b/debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch
deleted file mode 100644
index 758973e..0000000
--- a/debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Andy Whitcroft <apw at canonical.com>
-Date: Wed, 22 Mar 2017 07:29:31 +0000
-Subject: [PATCH 1/2] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL
- replay_window
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7184
-
-When a new xfrm state is created during an XFRM_MSG_NEWSA call we validate
-the user supplied replay_esn to ensure that the size is valid and to ensure
-that the replay_window size is within the allocated buffer. However later
-it is possible to update this replay_esn via a XFRM_MSG_NEWAE call.
-There we again validate the size of the supplied buffer matches the
-existing state and if so inject the contents. We do not at this point
-check that the replay_window is within the allocated memory. This leads
-to out-of-bounds reads and writes triggered by netlink packets. This leads
-to memory corruption and the potential for priviledge escalation.
-
-We already attempt to validate the incoming replay information in
-xfrm_new_ae() via xfrm_replay_verify_len(). This confirms that the
-user is not trying to change the size of the replay state buffer which
-includes the replay_esn. It however does not check the replay_window
-remains within that buffer. Add validation of the contained replay_window.
-
-CVE-2017-7184
-Signed-off-by: Andy Whitcroft <apw at canonical.com>
----
- net/xfrm/xfrm_user.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
-index 0889209..81c4112 100644
---- a/net/xfrm/xfrm_user.c
-+++ b/net/xfrm/xfrm_user.c
-@@ -415,6 +415,9 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es
- if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
- return -EINVAL;
-
-+ if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)
-+ return -EINVAL;
-+
- return 0;
- }
-
diff --git a/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch b/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
index aec9cb5..18998a5 100644
--- a/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
+++ b/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
@@ -56,8 +56,8 @@ index bf8475ce85ee..ffd9cf5ec8c4 100644
--- a/arch/alpha/include/asm/Kbuild
+++ b/arch/alpha/include/asm/Kbuild
@@ -3,7 +3,6 @@
+
generic-y += clkdev.h
- generic-y += cputime.h
generic-y += exec.h
-generic-y += export.h
generic-y += irq_work.h
diff --git a/debian/patches/bugfix/arm64/rtc-tegra-implement-clock-handling.patch b/debian/patches/bugfix/arm64/rtc-tegra-implement-clock-handling.patch
deleted file mode 100644
index 178573f..0000000
--- a/debian/patches/bugfix/arm64/rtc-tegra-implement-clock-handling.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From: Thierry Reding <treding at nvidia.com>
-Date: Thu, 12 Jan 2017 17:07:43 +0100
-Subject: rtc: tegra: Implement clock handling
-Origin: https://git.kernel.org/linus/5fa4086987506b2ab8c92f8f99f2295db9918856
-Bug-Debian: https://bugs.debian.org/858514
-
-Accessing the registers of the RTC block on Tegra requires the module
-clock to be enabled. This only works because the RTC module clock will
-be enabled by default during early boot. However, because the clock is
-unused, the CCF will disable it at late_init time. This causes the RTC
-to become unusable afterwards. This can easily be reproduced by trying
-to use the RTC:
-
- $ hwclock --rtc /dev/rtc1
-
-This will hang the system. I ran into this by following up on a report
-by Martin Michlmayr that reboot wasn't working on Tegra210 systems. It
-turns out that the rtc-tegra driver's ->shutdown() implementation will
-hang the CPU, because of the disabled clock, before the system can be
-rebooted.
-
-What confused me for a while is that the same driver is used on prior
-Tegra generations where the hang can not be observed. However, as Peter
-De Schrijver pointed out, this is because on 32-bit Tegra chips the RTC
-clock is enabled by the tegra20_timer.c clocksource driver, which uses
-the RTC to provide a persistent clock. This code is never enabled on
-64-bit Tegra because the persistent clock infrastructure does not exist
-on 64-bit ARM.
-
-The proper fix for this is to add proper clock handling to the RTC
-driver in order to ensure that the clock is enabled when the driver
-requires it. All device trees contain the clock already, therefore
-no additional changes are required.
-
-Reported-by: Martin Michlmayr <tbm at cyrius.com>
-Acked-By Peter De Schrijver <pdeschrijver at nvidia.com>
-Signed-off-by: Thierry Reding <treding at nvidia.com>
-Signed-off-by: Alexandre Belloni <alexandre.belloni at free-electrons.com>
-[bwh: Backported to 4.9: adjust context]
----
- drivers/rtc/rtc-tegra.c | 28 ++++++++++++++++++++++++++--
- 1 file changed, 26 insertions(+), 2 deletions(-)
-
---- a/drivers/rtc/rtc-tegra.c
-+++ b/drivers/rtc/rtc-tegra.c
-@@ -18,6 +18,7 @@
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
- #include <linux/kernel.h>
-+#include <linux/clk.h>
- #include <linux/init.h>
- #include <linux/module.h>
- #include <linux/slab.h>
-@@ -59,6 +60,7 @@ struct tegra_rtc_info {
- struct platform_device *pdev;
- struct rtc_device *rtc_dev;
- void __iomem *rtc_base; /* NULL if not initialized. */
-+ struct clk *clk;
- int tegra_rtc_irq; /* alarm and periodic irq */
- spinlock_t tegra_rtc_lock;
- };
-@@ -326,6 +328,14 @@ static int __init tegra_rtc_probe(struct
- if (info->tegra_rtc_irq <= 0)
- return -EBUSY;
-
-+ info->clk = devm_clk_get(&pdev->dev, NULL);
-+ if (IS_ERR(info->clk))
-+ return PTR_ERR(info->clk);
-+
-+ ret = clk_prepare_enable(info->clk);
-+ if (ret < 0)
-+ return ret;
-+
- /* set context info. */
- info->pdev = pdev;
- spin_lock_init(&info->tegra_rtc_lock);
-@@ -346,7 +356,7 @@ static int __init tegra_rtc_probe(struct
- ret = PTR_ERR(info->rtc_dev);
- dev_err(&pdev->dev, "Unable to register device (err=%d).\n",
- ret);
-- return ret;
-+ goto disable_clk;
- }
-
- ret = devm_request_irq(&pdev->dev, info->tegra_rtc_irq,
-@@ -356,12 +366,25 @@ static int __init tegra_rtc_probe(struct
- dev_err(&pdev->dev,
- "Unable to request interrupt for device (err=%d).\n",
- ret);
-- return ret;
-+ goto disable_clk;
- }
-
- dev_notice(&pdev->dev, "Tegra internal Real Time Clock\n");
-
- return 0;
-+
-+disable_clk:
-+ clk_disable_unprepare(info->clk);
-+ return ret;
-+}
-+
-+static int tegra_rtc_remove(struct platform_device *pdev)
-+{
-+ struct tegra_rtc_info *info = platform_get_drvdata(pdev);
-+
-+ clk_disable_unprepare(info->clk);
-+
-+ return 0;
- }
-
- #ifdef CONFIG_PM_SLEEP
-@@ -413,6 +436,7 @@ static void tegra_rtc_shutdown(struct pl
-
- MODULE_ALIAS("platform:tegra_rtc");
- static struct platform_driver tegra_rtc_driver = {
-+ .remove = tegra_rtc_remove,
- .shutdown = tegra_rtc_shutdown,
- .driver = {
- .name = "tegra_rtc",
diff --git a/debian/patches/bugfix/m68k/revert-m68k-move-exports-to-definitions.patch b/debian/patches/bugfix/m68k/revert-m68k-move-exports-to-definitions.patch
index 844375b..b0ed3f4 100644
--- a/debian/patches/bugfix/m68k/revert-m68k-move-exports-to-definitions.patch
+++ b/debian/patches/bugfix/m68k/revert-m68k-move-exports-to-definitions.patch
@@ -96,7 +96,7 @@ index 8dffd36ec4f2..37234c2df47f 100644
-
#define BITS_PER_UNIT 8
- typedef int SItype __attribute__ ((mode (SI)));
+ typedef int SItype __mode(SI);
@@ -58,4 +55,3 @@ __ashldi3 (DItype u, word_type b)
return w.ll;
@@ -115,7 +115,7 @@ index e6565a3ee2c3..1d59345f36c6 100644
-
#define BITS_PER_UNIT 8
- typedef int SItype __attribute__ ((mode (SI)));
+ typedef int SItype __mode(SI);
@@ -59,4 +56,3 @@ __ashrdi3 (DItype u, word_type b)
return w.ll;
@@ -152,7 +152,7 @@ index 039779737c7d..49e1ec8f2cc2 100644
-
#define BITS_PER_UNIT 8
- typedef int SItype __attribute__ ((mode (SI)));
+ typedef int SItype __mode(SI);
@@ -58,4 +55,3 @@ __lshrdi3 (DItype u, word_type b)
return w.ll;
diff --git a/debian/patches/bugfix/sparc/sparc-topology_64.h-fix-condition-for-including-cpudata.h.patch b/debian/patches/bugfix/sparc/sparc-topology_64.h-fix-condition-for-including-cpudata.h.patch
deleted file mode 100644
index 040f1ed..0000000
--- a/debian/patches/bugfix/sparc/sparc-topology_64.h-fix-condition-for-including-cpudata.h.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Wed, 01 Feb 2017 22:45:06 +0000
-Subject: sparc: topology_64.h: Fix condition for including cpudata.h
-
-We currently define macros referring to cpu_data if CONFIG_SMP is
-defined, but only include the declaration if CONFIG_NUMA is defined.
-
-Fixes: 541cc39433a8 ("sparc: fix a building error reported by kbuild")
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
----
---- a/arch/sparc/include/asm/topology_64.h
-+++ b/arch/sparc/include/asm/topology_64.h
-@@ -4,7 +4,6 @@
- #ifdef CONFIG_NUMA
-
- #include <asm/mmzone.h>
--#include <asm/cpudata.h>
-
- static inline int cpu_to_node(int cpu)
- {
-@@ -42,6 +41,9 @@ int __node_distance(int, int);
- #endif /* !(CONFIG_NUMA) */
-
- #ifdef CONFIG_SMP
-+
-+#include <asm/cpudata.h>
-+
- #define topology_physical_package_id(cpu) (cpu_data(cpu).proc_id)
- #define topology_core_id(cpu) (cpu_data(cpu).core_id)
- #define topology_core_cpumask(cpu) (&cpu_core_sib_map[cpu])
diff --git a/debian/patches/bugfix/x86/asoc-intel-select-dw_dmac_core-since-it-s-mandatory.patch b/debian/patches/bugfix/x86/asoc-intel-select-dw_dmac_core-since-it-s-mandatory.patch
deleted file mode 100644
index 17c54ad..0000000
--- a/debian/patches/bugfix/x86/asoc-intel-select-dw_dmac_core-since-it-s-mandatory.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From: Andy Shevchenko <andriy.shevchenko at linux.intel.com>
-Date: Mon, 16 Jan 2017 15:12:26 +0200
-Subject: ASoC: Intel: select DW_DMAC_CORE since it's mandatory
-Origin: https://git.kernel.org/linus/ebf79091bf85d9b2270ab29191de9cd3aaf888c5
-Bug-Debian: https://bugs.debian.org/851916
-
-Select DW_DMAC_CORE like the rest of glue drivers do, e.g.
-drivers/dma/dw/Kconfig.
-
-While here group selectors under SND_SOC_INTEL_HASWELL and
-SND_SOC_INTEL_BAYTRAIL.
-
-Make platforms, which are using a common SST firmware driver, to be
-dependent on DMADEVICES.
-
-Signed-off-by: Andy Shevchenko <andriy.shevchenko at linux.intel.com>
-Acked-by: Liam Girdwood <liam.r.girdwood at linux.intel.com>
-Signed-off-by: Mark Brown <broonie at kernel.org>
----
- sound/soc/intel/Kconfig | 31 +++++++++++++------------------
- 1 file changed, 13 insertions(+), 18 deletions(-)
-
---- a/sound/soc/intel/Kconfig
-+++ b/sound/soc/intel/Kconfig
-@@ -33,11 +33,9 @@ config SND_SOC_INTEL_SST
- select SND_SOC_INTEL_SST_MATCH if ACPI
- depends on (X86 || COMPILE_TEST)
-
--# firmware stuff depends DW_DMAC_CORE; since there is no depends-on from
--# the reverse selection, each machine driver needs to select
--# SND_SOC_INTEL_SST_FIRMWARE carefully depending on DW_DMAC_CORE
- config SND_SOC_INTEL_SST_FIRMWARE
- tristate
-+ select DW_DMAC_CORE
-
- config SND_SOC_INTEL_SST_ACPI
- tristate
-@@ -47,16 +45,18 @@ config SND_SOC_INTEL_SST_MATCH
-
- config SND_SOC_INTEL_HASWELL
- tristate
-+ select SND_SOC_INTEL_SST
- select SND_SOC_INTEL_SST_FIRMWARE
-
- config SND_SOC_INTEL_BAYTRAIL
- tristate
-+ select SND_SOC_INTEL_SST
-+ select SND_SOC_INTEL_SST_FIRMWARE
-
- config SND_SOC_INTEL_HASWELL_MACH
- tristate "ASoC Audio DSP support for Intel Haswell Lynxpoint"
- depends on X86_INTEL_LPSS && I2C && I2C_DESIGNWARE_PLATFORM
-- depends on DW_DMAC_CORE
-- select SND_SOC_INTEL_SST
-+ depends on DMADEVICES
- select SND_SOC_INTEL_HASWELL
- select SND_SOC_RT5640
- help
-@@ -99,9 +99,8 @@ config SND_SOC_INTEL_BXT_RT298_MACH
- config SND_SOC_INTEL_BYT_RT5640_MACH
- tristate "ASoC Audio driver for Intel Baytrail with RT5640 codec"
- depends on X86_INTEL_LPSS && I2C
-- depends on DW_DMAC_CORE && (SND_SST_IPC_ACPI = n)
-- select SND_SOC_INTEL_SST
-- select SND_SOC_INTEL_SST_FIRMWARE
-+ depends on DMADEVICES
-+ depends on SND_SST_IPC_ACPI = n
- select SND_SOC_INTEL_BAYTRAIL
- select SND_SOC_RT5640
- help
-@@ -112,9 +111,8 @@ config SND_SOC_INTEL_BYT_RT5640_MACH
- config SND_SOC_INTEL_BYT_MAX98090_MACH
- tristate "ASoC Audio driver for Intel Baytrail with MAX98090 codec"
- depends on X86_INTEL_LPSS && I2C
-- depends on DW_DMAC_CORE && (SND_SST_IPC_ACPI = n)
-- select SND_SOC_INTEL_SST
-- select SND_SOC_INTEL_SST_FIRMWARE
-+ depends on DMADEVICES
-+ depends on SND_SST_IPC_ACPI = n
- select SND_SOC_INTEL_BAYTRAIL
- select SND_SOC_MAX98090
- help
-@@ -123,9 +121,8 @@ config SND_SOC_INTEL_BYT_MAX98090_MACH
-
- config SND_SOC_INTEL_BDW_RT5677_MACH
- tristate "ASoC Audio driver for Intel Broadwell with RT5677 codec"
-- depends on X86_INTEL_LPSS && GPIOLIB && I2C && DW_DMAC
-- depends on DW_DMAC_CORE=y
-- select SND_SOC_INTEL_SST
-+ depends on X86_INTEL_LPSS && GPIOLIB && I2C
-+ depends on DMADEVICES
- select SND_SOC_INTEL_HASWELL
- select SND_SOC_RT5677
- help
-@@ -134,10 +131,8 @@ config SND_SOC_INTEL_BDW_RT5677_MACH
-
- config SND_SOC_INTEL_BROADWELL_MACH
- tristate "ASoC Audio DSP support for Intel Broadwell Wildcatpoint"
-- depends on X86_INTEL_LPSS && I2C && DW_DMAC && \
-- I2C_DESIGNWARE_PLATFORM
-- depends on DW_DMAC_CORE
-- select SND_SOC_INTEL_SST
-+ depends on X86_INTEL_LPSS && I2C && I2C_DESIGNWARE_PLATFORM
-+ depends on DMADEVICES
- select SND_SOC_INTEL_HASWELL
- select SND_SOC_RT286
- help
diff --git a/debian/patches/bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch b/debian/patches/bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch
deleted file mode 100644
index 8514670..0000000
--- a/debian/patches/bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Subject: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
-From: Li Qiang <liq3ea at gmail.com>
-Date: Tue, 28 Mar 2017 03:10:53 +0000
-Origin: https://lists.freedesktop.org/archives/dri-devel/2017-March/137124.html
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7294
-
-In vmw_surface_define_ioctl(), the 'num_sizes' is the sum of the
-'req->mip_levels' array. This array can be assigned any value from
-the user space. As both the 'num_sizes' and the array is uint32_t,
-it is easy to make 'num_sizes' overflow. The later 'mip_levels' is
-used as the loop count. This can lead an oob write. Add the check of
-'req->mip_levels' to avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s at 360.cn>
----
- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
-@@ -713,8 +713,11 @@ int vmw_surface_define_ioctl(struct drm_
- 128;
-
- num_sizes = 0;
-- for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i)
-+ for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) {
-+ if (req->mip_levels[i] > DRM_VMW_MAX_MIP_LEVELS)
-+ return -EINVAL;
- num_sizes += req->mip_levels[i];
-+ }
-
- if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS ||
- num_sizes == 0)
diff --git a/debian/patches/bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch b/debian/patches/bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch
deleted file mode 100644
index f83a523..0000000
--- a/debian/patches/bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Paolo Bonzini <pbonzini at redhat.com>
-Date: Tue, 24 Jan 2017 11:56:21 +0100
-Subject: kvm: fix page struct leak in handle_vmon
-Origin: https://git.kernel.org/linus/06ce521af9558814b8606c0476c54497cf83a653
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-2596
-
-handle_vmon gets a reference on VMXON region page,
-but does not release it. Release the reference.
-
-Found by syzkaller; based on a patch by Dmitry.
-
-Reported-by: Dmitry Vyukov <dvyukov at google.com>
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
----
- arch/x86/kvm/vmx.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -7085,13 +7085,18 @@ static int nested_vmx_check_vmptr(struct
- }
-
- page = nested_get_page(vcpu, vmptr);
-- if (page == NULL ||
-- *(u32 *)kmap(page) != VMCS12_REVISION) {
-+ if (page == NULL) {
- nested_vmx_failInvalid(vcpu);
-+ return kvm_skip_emulated_instruction(vcpu);
-+ }
-+ if (*(u32 *)kmap(page) != VMCS12_REVISION) {
- kunmap(page);
-+ nested_release_page_clean(page);
-+ nested_vmx_failInvalid(vcpu);
- return kvm_skip_emulated_instruction(vcpu);
- }
- kunmap(page);
-+ nested_release_page_clean(page);
- vmx->nested.vmxon_ptr = vmptr;
- break;
- case EXIT_REASON_VMCLEAR:
diff --git a/debian/patches/bugfix/x86/platform-x86-acer-wmi-setup-accelerometer-when-machi.patch b/debian/patches/bugfix/x86/platform-x86-acer-wmi-setup-accelerometer-when-machi.patch
deleted file mode 100644
index 4c7805c..0000000
--- a/debian/patches/bugfix/x86/platform-x86-acer-wmi-setup-accelerometer-when-machi.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From: "Lee, Chun-Yi" <joeyli.kernel at gmail.com>
-Date: Thu, 3 Nov 2016 08:18:52 +0800
-Subject: platform/x86: acer-wmi: setup accelerometer when machine has
- appropriate notify event
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/98d610c3739ac354319a6590b915f4624d9151e6
-Bug-Debian: https://bugs.debian.org/853067
-
-The accelerometer event relies on the ACERWMID_EVENT_GUID notify.
-So, this patch changes the codes to setup accelerometer input device
-when detected ACERWMID_EVENT_GUID. It avoids that the accel input
-device created on every Acer machines.
-
-In addition, patch adds a clearly parsing logic of accelerometer hid
-to acer_wmi_get_handle_cb callback function. It is positive matching
-the "SENR" name with "BST0001" device to avoid non-supported hardware.
-
-Reported-by: Bjørn Mork <bjorn at mork.no>
-Cc: Darren Hart <dvhart at infradead.org>
-Signed-off-by: Lee, Chun-Yi <jlee at suse.com>
-[andy: slightly massage commit message]
-Signed-off-by: Andy Shevchenko <andriy.shevchenko at linux.intel.com>
----
- drivers/platform/x86/acer-wmi.c | 22 ++++++++++++++++++----
- 1 file changed, 18 insertions(+), 4 deletions(-)
-
---- a/drivers/platform/x86/acer-wmi.c
-+++ b/drivers/platform/x86/acer-wmi.c
-@@ -1808,11 +1808,24 @@ static int __init acer_wmi_enable_lm(voi
- return status;
- }
-
-+#define ACER_WMID_ACCEL_HID "BST0001"
-+
- static acpi_status __init acer_wmi_get_handle_cb(acpi_handle ah, u32 level,
- void *ctx, void **retval)
- {
-+ struct acpi_device *dev;
-+
-+ if (!strcmp(ctx, "SENR")) {
-+ if (acpi_bus_get_device(ah, &dev))
-+ return AE_OK;
-+ if (!strcmp(ACER_WMID_ACCEL_HID, acpi_device_hid(dev)))
-+ return AE_OK;
-+ } else
-+ return AE_OK;
-+
- *(acpi_handle *)retval = ah;
-- return AE_OK;
-+
-+ return AE_CTRL_TERMINATE;
- }
-
- static int __init acer_wmi_get_handle(const char *name, const char *prop,
-@@ -1839,7 +1852,7 @@ static int __init acer_wmi_accel_setup(v
- {
- int err;
-
-- err = acer_wmi_get_handle("SENR", "BST0001", &gsensor_handle);
-+ err = acer_wmi_get_handle("SENR", ACER_WMID_ACCEL_HID, &gsensor_handle);
- if (err)
- return err;
-
-@@ -2177,10 +2190,11 @@ static int __init acer_wmi_init(void)
- err = acer_wmi_input_setup();
- if (err)
- return err;
-+ err = acer_wmi_accel_setup();
-+ if (err)
-+ return err;
- }
-
-- acer_wmi_accel_setup();
--
- err = platform_driver_register(&acer_platform_driver);
- if (err) {
- pr_err("Unable to register platform driver\n");
diff --git a/debian/patches/bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch b/debian/patches/bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch
deleted file mode 100644
index b4dac5c..0000000
--- a/debian/patches/bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Murray McAllister <murray.mcallister at insomniasec.com>
-Date: Fri, 24 Mar 2017 20:33:00 -0700
-Subject: vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
-Origin: https://cgit.freedesktop.org/mesa/vmwgfx/commit/?id=e904061d2c8968429954be87ad1cc45526510812
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7261
-
-Before memory allocations vmw_surface_define_ioctl() checks the
-upper-bounds of a user-supplied size, but does not check if the
-supplied size is 0.
-
-Add check to avoid NULL pointer dereferences.
-
-Signed-off-by: Murray McAllister <murray.mcallister at insomniasec.com>
-Reviewed-by: Sinclair Yeh <syeh at vmware.com>
-[bwh: Fix filename]
----
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
-@@ -716,8 +716,8 @@ int vmw_surface_define_ioctl(struct drm_
- for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i)
- num_sizes += req->mip_levels[i];
-
-- if (num_sizes > DRM_VMW_MAX_SURFACE_FACES *
-- DRM_VMW_MAX_MIP_LEVELS)
-+ if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS ||
-+ num_sizes == 0)
- return -EINVAL;
-
- size = vmw_user_surface_size + 128 +
diff --git a/debian/patches/bugfix/x86/x86-xen-fix-apic-id-mismatch-warning-on-intel.patch b/debian/patches/bugfix/x86/x86-xen-fix-apic-id-mismatch-warning-on-intel.patch
deleted file mode 100644
index 93830d1..0000000
--- a/debian/patches/bugfix/x86/x86-xen-fix-apic-id-mismatch-warning-on-intel.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From: Mohit Gambhir <mohit.gambhir at oracle.com>
-Date: Thu, 26 Jan 2017 13:12:27 -0500
-Subject: x86/xen: Fix APIC id mismatch warning on Intel
-Origin: https://git.kernel.org/linus/cc272163ea554a97dac180fa8dd6cd54c2810bd1
-Bug-Debian: https://bugs.debian.org/853193
-
-This patch fixes the following warning message seen when booting the
-kernel as Dom0 with Xen on Intel machines.
-
-[0.003000] [Firmware Bug]: CPU1: APIC id mismatch. Firmware: 0 APIC: 1]
-
-The code generating the warning in validate_apic_and_package_id() matches
-cpu_data(cpu).apicid (initialized in init_intel()->
-detect_extended_topology() using cpuid) against the apicid returned from
-xen_apic_read(). Now, xen_apic_read() makes a hypercall to retrieve apicid
-for the boot cpu but returns 0 otherwise. Hence the warning gets thrown
-for all but the boot cpu.
-
-The idea behind xen_apic_read() returning 0 for apicid is that the
-guests (even Dom0) should not need to know what physical processor their
-vcpus are running on. This is because we currently do not have topology
-information in Xen and also because xen allows more vcpus than physical
-processors. However, boot cpu's apicid is required for loading
-xen-acpi-processor driver on AMD machines. Look at following patch for
-details:
-
-commit 558daa289a40 ("xen/apic: Return the APIC ID (and version) for CPU
-0.")
-
-So to get rid of the warning, this patch modifies
-xen_cpu_present_to_apicid() to return cpu_data(cpu).apicid instead of
-calling xen_apic_read().
-
-The warning is not seen on AMD machines because init_amd() populates
-cpu_data(cpu).apicid by calling hard_smp_processor_id()->xen_apic_read()
-as opposed to using apicid from cpuid as is done on Intel machines.
-
-Signed-off-by: Mohit Gambhir <mohit.gambhir at oracle.com>
-Reviewed-by: Juergen Gross <jgross at suse.com>
-Signed-off-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
----
- arch/x86/xen/apic.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/xen/apic.c b/arch/x86/xen/apic.c
-index 44c88ad1841a..bcea81f36fc5 100644
---- a/arch/x86/xen/apic.c
-+++ b/arch/x86/xen/apic.c
-@@ -145,7 +145,7 @@ static void xen_silent_inquire(int apicid)
- static int xen_cpu_present_to_apicid(int cpu)
- {
- if (cpu_present(cpu))
-- return xen_get_apic_id(xen_apic_read(APIC_ID));
-+ return cpu_data(cpu).apicid;
- else
- return BAD_APICID;
- }
diff --git a/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch b/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
index e6225da..6cb31f9 100644
--- a/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
+++ b/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
@@ -19,8 +19,8 @@ other W+X cases. So add a condition to the WARN_ON.
#include <linux/seq_file.h>
+#include <xen/xen.h>
+ #include <asm/kasan.h>
#include <asm/pgtable.h>
-
@@ -220,7 +221,7 @@ static void note_page(struct seq_file *m
pgprotval_t pr = pgprot_val(st->current_prot);
diff --git a/debian/patches/debian/fjes-disable-autoload.patch b/debian/patches/debian/fjes-disable-autoload.patch
index 0461fad..be84502 100644
--- a/debian/patches/debian/fjes-disable-autoload.patch
+++ b/debian/patches/debian/fjes-disable-autoload.patch
@@ -13,7 +13,7 @@ auto-loading.
--- a/drivers/net/fjes/fjes_main.c
+++ b/drivers/net/fjes/fjes_main.c
@@ -81,7 +81,7 @@ static const struct acpi_device_id fjes_
- {"PNP0C02", 0},
+ {ACPI_MOTHERBOARD_RESOURCE_HID, 0},
{"", 0},
};
-MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids);
diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch
index f59d00b..d2bdec0 100644
--- a/debian/patches/debian/kernelvariables.patch
+++ b/debian/patches/debian/kernelvariables.patch
@@ -58,7 +58,7 @@ use of $(ARCH) needs to be moved after this.
export KCONFIG_CONFIG
@@ -373,6 +337,44 @@ LDFLAGS_vmlinux =
- CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
+ CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,)
CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,)
+-include $(obj)/.kernelvariables
diff --git a/debian/patches/debian/sched-autogroup-disabled.patch b/debian/patches/debian/sched-autogroup-disabled.patch
index f95389d..cc75a05 100644
--- a/debian/patches/debian/sched-autogroup-disabled.patch
+++ b/debian/patches/debian/sched-autogroup-disabled.patch
@@ -6,8 +6,8 @@ Forwarded: not-needed
We want to provide the option of autogrouping but without enabling
it by default yet.
---- a/kernel/sched/auto_group.c
-+++ b/kernel/sched/auto_group.c
+--- a/kernel/sched/autogroup.c
++++ b/kernel/sched/autogroup.c
@@ -9,7 +9,7 @@
#include <linux/security.h>
#include <linux/export.h>
diff --git a/debian/patches/debian/time-mark-timer_stats-as-broken.patch b/debian/patches/debian/time-mark-timer_stats-as-broken.patch
deleted file mode 100644
index 4c35d73..0000000
--- a/debian/patches/debian/time-mark-timer_stats-as-broken.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Sun, 26 Feb 2017 21:01:50 +0000
-Subject: time: Mark TIMER_STATS as broken
-Forwarded: not-needed
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-5967
-
-This is a substitute for upstream commit dfb4357da6dd "time: Remove
-CONFIG_TIMER_STATS", which avoids the need to resolve conflicts with
-the PREEMPT_RT patch series.
-
----
---- a/lib/Kconfig.debug
-+++ b/lib/Kconfig.debug
-@@ -964,6 +964,7 @@ config DEBUG_TIMEKEEPING
- config TIMER_STATS
- bool "Collect kernel timers statistics"
- depends on DEBUG_KERNEL && PROC_FS
-+ depends on BROKEN
- help
- If you say Y here, additional code will be inserted into the
- timer routines to collect statistics about kernel timers being
diff --git a/debian/patches/debian/tools-perf-version.patch b/debian/patches/debian/tools-perf-version.patch
index aa5abc8..cb4bad6 100644
--- a/debian/patches/debian/tools-perf-version.patch
+++ b/debian/patches/debian/tools-perf-version.patch
@@ -9,7 +9,7 @@ version-dependent name. And do the same for trace.]
--- a/tools/perf/Makefile.perf
+++ b/tools/perf/Makefile.perf
-@@ -649,22 +649,22 @@ endif
+@@ -649,23 +649,23 @@ endif
install-tools: all install-gtk
$(call QUIET_INSTALL, binaries) \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(bindir_SQ)'; \
@@ -31,6 +31,7 @@ version-dependent name. And do the same for trace.]
endif
ifndef NO_JVMTI
$(call QUIET_INSTALL, $(LIBJVMTI)) \
+ $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(libdir_SQ)'; \
$(INSTALL) $(OUTPUT)$(LIBJVMTI) '$(DESTDIR_SQ)$(libdir_SQ)';
endif
- $(call QUIET_INSTALL, libexec) \
@@ -84,9 +85,9 @@ version-dependent name. And do the same for trace.]
--- a/tools/perf/util/Build
+++ b/tools/perf/util/Build
@@ -162,6 +162,7 @@ CFLAGS_rbtree.o += -Wno-unused-pa
- CFLAGS_libstring.o += -Wno-unused-parameter -DETC_PERFCONFIG="BUILD_STR($(ETC_PERFCONFIG_SQ))"
CFLAGS_hweight.o += -Wno-unused-parameter -DETC_PERFCONFIG="BUILD_STR($(ETC_PERFCONFIG_SQ))"
CFLAGS_parse-events.o += -Wno-redundant-decls
+ CFLAGS_header.o += -include $(OUTPUT)PERF-VERSION-FILE
+CFLAGS_vdso.o += -DPERFEXECDIR='"$(perfexec_instdir_SQ)"'
$(OUTPUT)util/kallsyms.o: ../lib/symbol/kallsyms.c FORCE
diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch
index ed327b2..46bd752 100644
--- a/debian/patches/debian/version.patch
+++ b/debian/patches/debian/version.patch
@@ -48,8 +48,8 @@ are set.
--- a/arch/x86/um/sysrq_64.c
+++ b/arch/x86/um/sysrq_64.c
@@ -8,6 +8,7 @@
- #include <linux/module.h>
#include <linux/sched.h>
+ #include <linux/sched/debug.h>
#include <linux/utsname.h>
+#include <generated/package.h>
#include <asm/current.h>
@@ -114,9 +114,9 @@ are set.
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -45,6 +45,7 @@
- #include <linux/utsname.h>
- #include <linux/ctype.h>
- #include <linux/uio.h>
+ #include <linux/sched/clock.h>
+ #include <linux/sched/debug.h>
+ #include <linux/sched/task_stack.h>
+#include <generated/package.h>
#include <linux/uaccess.h>
diff --git a/debian/patches/debian/yama-disable-by-default.patch b/debian/patches/debian/yama-disable-by-default.patch
index bbf8f21..270d903 100644
--- a/debian/patches/debian/yama-disable-by-default.patch
+++ b/debian/patches/debian/yama-disable-by-default.patch
@@ -21,6 +21,6 @@ Forwarded: not-needed
{
- pr_info("Yama: becoming mindful.\n");
+ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n");
- security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
+ security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama");
yama_init_sysctl();
}
diff --git a/debian/patches/features/all/aufs4/aufs4-mmap.patch b/debian/patches/features/all/aufs4/aufs4-mmap.patch
index 394dfac..0e27b79 100644
--- a/debian/patches/features/all/aufs4/aufs4-mmap.patch
+++ b/debian/patches/features/all/aufs4/aufs4-mmap.patch
@@ -150,7 +150,7 @@ index 295bd7a..14fa1c8 100644
+++ b/mm/Makefile
@@ -37,7 +37,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
mm_init.o mmu_context.o percpu.o slab_common.o \
- compaction.o vmacache.o \
+ compaction.o vmacache.o swap_slots.o \
interval_tree.o list_lru.o workingset.o \
- debug.o $(mmu-y)
+ prfile.o debug.o $(mmu-y)
@@ -165,8 +165,8 @@ index b772a33..1c11f45 100644
int ret = VM_FAULT_LOCKED;
sb_start_pagefault(inode->i_sb);
-- file_update_time(vma->vm_file);
-+ vma_file_update_time(vma);
+- file_update_time(vmf->vma->vm_file);
++ vma_file_update_time(vmf->vma);
lock_page(page);
if (page->mapping != inode->i_mapping) {
unlock_page(page);
@@ -238,7 +238,7 @@ index dc4291d..4b3a2aa 100644
+ file = vma->vm_file;
+ prfile = vma->vm_prfile;
ret = do_mmap_pgoff(vma->vm_file, start, size,
- prot, flags, pgoff, &populate);
+ prot, flags, pgoff, &populate, NULL);
+ if (!IS_ERR_VALUE(ret) && file && prfile) {
+ struct vm_area_struct *new_vma;
+
diff --git a/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch b/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch
index 0491b2f..fc914bd 100644
--- a/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch
+++ b/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch
@@ -24,11 +24,11 @@ Signed-off-by: Linn Crosetto <linn at hpe.com>
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1153,6 +1153,12 @@ void __init setup_arch(char **cmdline_p)
- /* Allocate bigger log buffer */
- setup_log_buf(1);
+ }
+ }
+#ifdef CONFIG_EFI_SECURE_BOOT_SECURELEVEL
-+ if (boot_params.secure_boot) {
++ if (boot_params.secure_boot == efi_secureboot_mode_enabled) {
+ set_securelevel(1);
+ }
+#endif
@@ -41,7 +41,7 @@ Signed-off-by: Linn Crosetto <linn at hpe.com>
io_delay_init();
-#ifdef CONFIG_EFI_SECURE_BOOT_SECURELEVEL
-- if (boot_params.secure_boot) {
+- if (boot_params.secure_boot == efi_secureboot_mode_enabled) {
- set_securelevel(1);
- }
-#endif
diff --git a/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch b/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch
index c76d6ed..2f35180 100644
--- a/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch
+++ b/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch
@@ -12,24 +12,10 @@ when enabled.
Signed-off-by: Matthew Garrett <mjg59 at srcf.ucam.org>
---
- Documentation/x86/zero-page.txt | 2 ++
arch/x86/Kconfig | 13 +++++++++++++
- arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
- arch/x86/include/uapi/asm/bootparam.h | 3 ++-
arch/x86/kernel/setup.c | 7 +++++++
5 files changed, 60 insertions(+), 1 deletion(-)
---- a/Documentation/x86/zero-page.txt
-+++ b/Documentation/x86/zero-page.txt
-@@ -31,6 +31,8 @@ Offset Proto Name Meaning
- 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
- 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
- (below)
-+1EB/001 ALL kbd_status Numlock is enabled
-+1EC/001 ALL secure_boot Secure boot is enabled in the firmware
- 1EF/001 ALL sentinel Used to detect broken bootloaders
- 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
- 2D0/A00 ALL e820_map E820 memory map table
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1754,6 +1754,19 @@ config EFI_MIXED
@@ -62,67 +48,15 @@ Signed-off-by: Matthew Garrett <mjg59 at srcf.ucam.org>
#include "../string.h"
#include "eboot.h"
-@@ -1050,6 +1051,37 @@ void setup_graphics(struct boot_params *
- }
- }
-
-+static int get_secure_boot(void)
-+{
-+ u8 sb, setup;
-+ unsigned long datasize = sizeof(sb);
-+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
-+ efi_status_t status;
-+
-+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
-+ L"SecureBoot", &var_guid, NULL, &datasize, &sb);
-+
-+ if (status != EFI_SUCCESS)
-+ return 0;
-+
-+ if (sb == 0)
-+ return 0;
-+
-+
-+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
-+ L"SetupMode", &var_guid, NULL, &datasize,
-+ &setup);
-+
-+ if (status != EFI_SUCCESS)
-+ return 0;
-+
-+ if (setup == 1)
-+ return 0;
-+
-+ return 1;
-+}
-+
-+
- /*
- * Because the x86 boot code expects to be passed a boot_params we
- * need to create one ourselves (usually the bootloader would create
-@@ -1432,6 +1464,10 @@ struct boot_params *efi_main(struct efi_
+@@ -1432,6 +1464,8 @@ struct boot_params *efi_main(struct efi_
else
setup_boot_services32(efi_early);
+ sanitize_boot_params(boot_params);
+
-+ boot_params->secure_boot = get_secure_boot();
-+
- setup_graphics(boot_params);
-
- setup_efi_pci(boot_params);
---- a/arch/x86/include/uapi/asm/bootparam.h
-+++ b/arch/x86/include/uapi/asm/bootparam.h
-@@ -134,7 +134,8 @@ struct boot_params {
- __u8 eddbuf_entries; /* 0x1e9 */
- __u8 edd_mbr_sig_buf_entries; /* 0x1ea */
- __u8 kbd_status; /* 0x1eb */
-- __u8 _pad5[3]; /* 0x1ec */
-+ __u8 secure_boot; /* 0x1ec */
-+ __u8 _pad5[2]; /* 0x1ed */
/*
- * The sentinel is set to a nonzero value (0xff) in header.S.
- *
+ * If the boot loader gave us a value for secure_boot then we use that,
+ * otherwise we ask the BIOS.
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -50,6 +50,7 @@
@@ -138,7 +72,7 @@ Signed-off-by: Matthew Garrett <mjg59 at srcf.ucam.org>
io_delay_init();
+#ifdef CONFIG_EFI_SECURE_BOOT_SECURELEVEL
-+ if (boot_params.secure_boot) {
++ if (boot_params.secure_boot == efi_secureboot_mode_enabled) {
+ set_securelevel(1);
+ }
+#endif
diff --git a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
index d583775..4e79315 100644
--- a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
+++ b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
@@ -82,25 +82,6 @@ v2:
};
static __initdata struct params xen_fdt_params[] = {
---- a/drivers/firmware/efi/libstub/arm-stub.c
-+++ b/drivers/firmware/efi/libstub/arm-stub.c
-@@ -20,7 +20,7 @@
-
- bool __nokaslr;
-
--static int efi_get_secureboot(efi_system_table_t *sys_table_arg)
-+int efi_get_secureboot(efi_system_table_t *sys_table_arg)
- {
- static efi_char16_t const sb_var_name[] = {
- 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
---- a/drivers/firmware/efi/libstub/efistub.h
-+++ b/drivers/firmware/efi/libstub/efistub.h
-@@ -65,4 +65,5 @@ efi_status_t check_platform_features(efi
-
- efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg);
-
-+int efi_get_secureboot(efi_system_table_t *sys_table_arg);
- #endif
--- a/drivers/firmware/efi/libstub/fdt.c
+++ b/drivers/firmware/efi/libstub/fdt.c
@@ -134,6 +134,13 @@ static efi_status_t update_fdt(efi_syste
diff --git a/debian/patches/features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch b/debian/patches/features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch
deleted file mode 100644
index 59fd422..0000000
--- a/debian/patches/features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From: Linn Crosetto <linn at hpe.com>
-Date: Mon, 22 Feb 2016 12:54:37 -0700
-Subject: arm64/efi: Disable secure boot if shim is in insecure mode
-
-Port to arm64 a patch originally written by Josh Boyer for the x86 EFI
-stub.
-
-A user can manually tell the shim boot loader to disable validation of
-images it loads. When a user does this, it creates a UEFI variable called
-MokSBState that does not have the runtime attribute set. Given that the
-user explicitly disabled validation, we can honor that and not enable
-secure boot mode if that variable is set.
-
-Signed-off-by: Linn Crosetto <linn at hpe.com>
-Cc: Josh Boyer <jwboyer at fedoraproject.org>
----
- drivers/firmware/efi/libstub/arm-stub.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
---- a/drivers/firmware/efi/libstub/arm-stub.c
-+++ b/drivers/firmware/efi/libstub/arm-stub.c
-@@ -26,11 +26,14 @@ static int efi_get_secureboot(efi_system
- 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
- static efi_char16_t const sm_var_name[] = {
- 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 };
-+ static efi_char16_t const mk_var_name[] = {
-+ 'M', 'o', 'k', 'S', 'B', 'S', 't', 'a', 't', 'e', 0 };
-
- efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
- efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable;
- u8 val;
- unsigned long size = sizeof(val);
-+ u32 attr;
- efi_status_t status;
-
- status = f_getvar((efi_char16_t *)sb_var_name, (efi_guid_t *)&var_guid,
-@@ -51,6 +54,22 @@ static int efi_get_secureboot(efi_system
- if (val == 1)
- return 0;
-
-+ /* See if a user has put shim into insecure_mode. If so, and the variable
-+ * doesn't have the runtime attribute set, we might as well honor that.
-+ */
-+ var_guid = EFI_SHIM_LOCK_GUID;
-+ status = f_getvar((efi_char16_t *)mk_var_name, (efi_guid_t *)&var_guid,
-+ &attr, &size, &val);
-+
-+ /* If it fails, we don't care why. Default to secure */
-+ if (status != EFI_SUCCESS)
-+ return 1;
-+
-+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
-+ if (val == 1)
-+ return 0;
-+ }
-+
- return 1;
-
- out_efi_err:
diff --git a/debian/patches/features/all/securelevel/efi-disable-secure-boot-if-shim-is-in-insecure-mode.patch b/debian/patches/features/all/securelevel/efi-disable-secure-boot-if-shim-is-in-insecure-mode.patch
deleted file mode 100644
index 98cd43c..0000000
--- a/debian/patches/features/all/securelevel/efi-disable-secure-boot-if-shim-is-in-insecure-mode.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From: Josh Boyer <jwboyer at fedoraproject.org>
-Date: Tue, 5 Feb 2013 19:25:05 -0500
-Subject: [13/18] efi: Disable secure boot if shim is in insecure mode
-Origin: https://github.com/mjg59/linux/commit/f444a5ecb0ab09d6cf661b4520dd8e6fffacb8be
-
-A user can manually tell the shim boot loader to disable validation of
-images it loads. When a user does this, it creates a UEFI variable called
-MokSBState that does not have the runtime attribute set. Given that the
-user explicitly disabled validation, we can honor that and not enable
-secure boot mode if that variable is set.
-
-Signed-off-by: Josh Boyer <jwboyer at fedoraproject.org>
----
- arch/x86/boot/compressed/eboot.c | 20 +++++++++++++++++++-
- include/linux/efi.h | 3 +++
- 2 files changed, 22 insertions(+), 1 deletion(-)
-
---- a/arch/x86/boot/compressed/eboot.c
-+++ b/arch/x86/boot/compressed/eboot.c
-@@ -1053,8 +1053,9 @@ void setup_graphics(struct boot_params *
-
- static int get_secure_boot(void)
- {
-- u8 sb, setup;
-+ u8 sb, setup, moksbstate;
- unsigned long datasize = sizeof(sb);
-+ u32 attr;
- efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
- efi_status_t status;
-
-@@ -1078,6 +1079,23 @@ static int get_secure_boot(void)
- if (setup == 1)
- return 0;
-
-+ /* See if a user has put shim into insecure_mode. If so, and the variable
-+ * doesn't have the runtime attribute set, we might as well honor that.
-+ */
-+ var_guid = EFI_SHIM_LOCK_GUID;
-+ status = efi_early->call((unsigned long)sys_table->runtime->get_variable,
-+ L"MokSBState", &var_guid, &attr, &datasize,
-+ &moksbstate);
-+
-+ /* If it fails, we don't care why. Default to secure */
-+ if (status != EFI_SUCCESS)
-+ return 1;
-+
-+ if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
-+ if (moksbstate == 1)
-+ return 0;
-+ }
-+
- return 1;
- }
-
---- a/include/linux/efi.h
-+++ b/include/linux/efi.h
-@@ -629,6 +629,9 @@ typedef struct {
- #define EFI_1_10_SYSTEM_TABLE_REVISION ((1 << 16) | (10))
- #define EFI_1_02_SYSTEM_TABLE_REVISION ((1 << 16) | (02))
-
-+#define EFI_SHIM_LOCK_GUID \
-+ EFI_GUID( 0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 )
-+
- typedef struct {
- efi_table_hdr_t hdr;
- u64 fw_vendor; /* physical addr of CHAR16 vendor string */
diff --git a/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch b/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch
index 14d5a3b..26580e0 100644
--- a/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch
+++ b/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch
@@ -31,9 +31,9 @@ index 28c24d80d0a0..b0413ba639af 100644
+ EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), val);
+}
+
- static int get_secure_boot(void)
- {
- u8 sb, setup, moksbstate;
+ /*
+ * Because the x86 boot code expects to be passed a boot_params we
+ * need to create one ourselves (usually the bootloader would create
@@ -1482,6 +1498,12 @@ struct boot_params *efi_main(struct efi_config *c,
else
setup_boot_services32(efi_early);
@@ -46,4 +46,4 @@ index 28c24d80d0a0..b0413ba639af 100644
+
sanitize_boot_params(boot_params);
- boot_params->secure_boot = get_secure_boot();
+ /*
diff --git a/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch b/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch
index 8201450..d47ce64 100644
--- a/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch
+++ b/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch
@@ -22,8 +22,8 @@ Signed-off-by: Matthew Garrett <mjg59 at srcf.ucam.org>
#include <linux/bitmap.h>
+#include <linux/security.h>
#include <asm/syscalls.h>
+ #include <asm/desc.h>
- /*
@@ -28,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
diff --git a/debian/patches/features/arm/arm-dts-turris-omnia-add-support-for-ethernet-switch.patch b/debian/patches/features/arm/arm-dts-turris-omnia-add-support-for-ethernet-switch.patch
deleted file mode 100644
index 80b7a7a..0000000
--- a/debian/patches/features/arm/arm-dts-turris-omnia-add-support-for-ethernet-switch.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From: Uwe Kleine-König <uwe at kleine-koenig.org>
-Date: Tue, 3 Jan 2017 20:35:01 +0100
-Subject: [PATCH] ARM: dts: turris-omnia: add support for ethernet switch
-Origin: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=7b7db5ab33d2292d9b037cda0c41a795b094d940
-
-The Turris Omnia features a Marvell MV88E6176 ethernet switch. Add it to
-the dts.
-
-Signed-off-by: Uwe Kleine-König <uwe at kleine-koenig.org>
-Reviewed-by: Andrew Lunn <andrew at lunn.ch>
-Tested-by: Andreas Färber <afaerber at suse.de>
-Signed-off-by: Gregory CLEMENT <gregory.clement at free-electrons.com>
----
- arch/arm/boot/dts/armada-385-turris-omnia.dts | 58 +++++++++++++++++++++++++--
- 1 file changed, 55 insertions(+), 3 deletions(-)
-
-diff --git a/arch/arm/boot/dts/armada-385-turris-omnia.dts b/arch/arm/boot/dts/armada-385-turris-omnia.dts
-index ab49acb2d452..28eede180e4f 100644
---- a/arch/arm/boot/dts/armada-385-turris-omnia.dts
-+++ b/arch/arm/boot/dts/armada-385-turris-omnia.dts
-@@ -122,7 +122,7 @@
- pinctrl-names = "default";
- pinctrl-0 = <&ge0_rgmii_pins>;
- status = "okay";
-- phy-mode = "rgmii-id";
-+ phy-mode = "rgmii";
-
- fixed-link {
- speed = <1000>;
-@@ -135,7 +135,7 @@
- pinctrl-names = "default";
- pinctrl-0 = <&ge1_rgmii_pins>;
- status = "okay";
-- phy-mode = "rgmii-id";
-+ phy-mode = "rgmii";
-
- fixed-link {
- speed = <1000>;
-@@ -273,7 +273,59 @@
- /* irq is connected to &pcawan pin 7 */
- };
-
-- /* Switch MV88E7176 at address 0x10 */
-+ /* Switch MV88E6176 at address 0x10 */
-+ switch at 10 {
-+ compatible = "marvell,mv88e6085";
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+ dsa,member = <0 0>;
-+
-+ reg = <0x10>;
-+
-+ ports {
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+
-+ ports at 0 {
-+ reg = <0>;
-+ label = "lan0";
-+ };
-+
-+ ports at 1 {
-+ reg = <1>;
-+ label = "lan1";
-+ };
-+
-+ ports at 2 {
-+ reg = <2>;
-+ label = "lan2";
-+ };
-+
-+ ports at 3 {
-+ reg = <3>;
-+ label = "lan3";
-+ };
-+
-+ ports at 4 {
-+ reg = <4>;
-+ label = "lan4";
-+ };
-+
-+ ports at 5 {
-+ reg = <5>;
-+ label = "cpu";
-+ ethernet = <ð1>;
-+ phy-mode = "rgmii-id";
-+
-+ fixed-link {
-+ speed = <1000>;
-+ full-duplex;
-+ };
-+ };
-+
-+ /* port 6 is connected to eth0 */
-+ };
-+ };
- };
-
- &pinctrl {
---
-2.11.0
-
diff --git a/debian/patches/series b/debian/patches/series
index d2e16f5..212f52f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -51,12 +51,7 @@ debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
# Arch bug fixes
-bugfix/x86/asoc-intel-select-dw_dmac_core-since-it-s-mandatory.patch
-bugfix/sparc/sparc-topology_64.h-fix-condition-for-including-cpudata.h.patch
-bugfix/x86/platform-x86-acer-wmi-setup-accelerometer-when-machi.patch
-bugfix/x86/x86-xen-fix-apic-id-mismatch-warning-on-intel.patch
bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
-bugfix/arm64/rtc-tegra-implement-clock-handling.patch
# Arch features
features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
@@ -64,7 +59,6 @@ features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch
features/mips/MIPS-octeon-Add-support-for-the-UBNT-E200-board.patch
features/x86/x86-memtest-WARN-if-bad-RAM-found.patch
features/x86/x86-make-x32-syscall-support-conditional.patch
-features/arm/arm-dts-turris-omnia-add-support-for-ethernet-switch.patch
# Miscellaneous bug fixes
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
@@ -74,7 +68,6 @@ bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
bugfix/all/media-dvb-usb-dibusb-mc-common-add-module_license.patch
bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
-bugfix/all/ACPI-EC-Use-busy-polling-mode-when-GPE-is-not-enable.patch
# Miscellaneous features
@@ -91,7 +84,6 @@ features/all/securelevel/uswsusp-disable-when-securelevel-is-set.patch
features/all/securelevel/x86-restrict-msr-access-when-securelevel-is-set.patch
features/all/securelevel/asus-wmi-restrict-debugfs-interface-when-securelevel.patch
features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch
-features/all/securelevel/efi-disable-secure-boot-if-shim-is-in-insecure-mode.patch
features/all/securelevel/hibernate-disable-when-securelevel-is-set.patch
features/all/securelevel/kexec-uefi-copy-secure_boot-flag-in-boot-params-acro.patch
features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch
@@ -99,21 +91,10 @@ features/all/securelevel/acpi-disable-apei-error-injection-if-securelevel-is-.pa
features/all/securelevel/enable-cold-boot-attack-mitigation.patch
features/all/securelevel/mtd-disable-slram-and-phram-when-securelevel-is-enabled.patch
# same for arm64
-features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch
features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch
-debian/time-mark-timer_stats-as-broken.patch
-bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch
-bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch
-bugfix/all/scsi-sg-check-length-passed-to-sg_next_cmd_len.patch
-bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch
-bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch
-bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch
-bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch
-bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch
# Fix exported symbol versions
bugfix/ia64/revert-ia64-move-exports-to-definitions.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list