[linux] 01/07: Update to 4.15-rc5
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Dec 27 01:41:04 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch master
in repository linux.
commit 7dd9b58675f9c285944cd6b12199481765c932a0
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Tue Dec 26 18:54:17 2017 +0000
Update to 4.15-rc5
Also update the aufs and lockdown patchsets.
---
debian/changelog | 10 +
...rune-branches-when-a-scalar-is-replaced-w.patch | 44 -
...ulate-verifier-log-state-into-a-structure.patch | 201 ---
.../all/bpf-fix-32-bit-alu-op-verification.patch | 82 -
.../bugfix/all/bpf-fix-branch-pruning-logic.patch | 112 --
...-incorrect-sign-extension-in-check_alu_op.patch | 44 -
...orrect-tracking-of-register-size-truncati.patch | 119 --
.../bugfix/all/bpf-fix-integer-overflows.patch | 121 --
...sing-error-return-in-check_stack_boundary.patch | 26 -
...trict-alignment-checks-for-stack-pointers.patch | 31 -
...obal-verifier-log-into-verifier-environme.patch | 1665 --------------------
...erifier-fix-bounds-calculation-on-bpf_rsh.patch | 61 -
.../cpupower-fix-checks-for-cpu-existence.patch | 10 +-
...-require-that-the-underlying-hash-algorit.patch | 151 --
...ypto-salsa20-fix-blkcipher_walk-API-usage.patch | 91 --
...cve-2017-8824-use-after-free-in-dccp-code.patch | 38 -
...emove-redundant-log-messages-from-drivers.patch | 114 +-
.../bugfix/all/i40e-fix-flags-declaration.patch | 32 -
...0evf-organize-and-re-number-feature-flags.patch | 203 ---
.../all/kbuild-use-nostdinc-in-compile-tests.patch | 34 +-
...ix-stack-out-of-bounds-read-in-write_mmio.patch | 153 --
...4-fix-for-a-race-condition-in-raw_sendmsg.patch | 70 -
...fnetlink_cthelper-add-missing-permission-.patch | 74 -
...lter-xt_osf-add-missing-permission-checks.patch | 56 -
.../all/netlink-add-netns-check-on-taps.patch | 39 -
...s-required-for-drm-and-kms-on-r600-onward.patch | 8 +-
.../all/tools-lib-lockdep-define-pr_cont.patch | 25 -
...prevent-malicious-bnuminterfaces-overflow.patch | 44 -
...-not-decrease-steal-time-after-live-migra.patch | 200 ---
.../arm/arm-dts-exynos-add-dwc3-susphy-quirk.patch | 36 -
...p-remember-the-map_fixed-flag-as-vm_fixed.patch | 30 +-
...low-unprivileged-CLONE_NEWUSER-by-default.patch | 16 +-
...int-on-use-of-fanotify_access_permissions.patch | 4 +-
debian/patches/debian/gitignore.patch | 6 +-
debian/patches/debian/kernelvariables.patch | 16 +-
.../revert-gpu-host1x-add-iommu-support.patch | 11 +-
debian/patches/debian/version.patch | 16 +-
debian/patches/features/all/aufs4/aufs4-base.patch | 51 +-
debian/patches/features/all/aufs4/aufs4-mmap.patch | 58 +-
.../features/all/aufs4/aufs4-standalone.patch | 140 +-
...lity-to-lock-down-access-to-the-running-k.patch | 165 ++
...d-a-SysRq-option-to-lift-kernel-lockdown.patch} | 217 +--
...equire-secure_boot-rules-in-lockdown-mode.patch | 75 +
...ule-signatures-if-the-kernel-is-locked-do.patch | 90 ++
...v-mem-kmem-port-when-the-kernel-is-locked.patch | 35 +
...e-at-runtime-if-the-kernel-is-locked-dow.patch} | 22 +-
...boot-flag-in-boot-params-across-kexec-re.patch} | 10 +-
...Restrict-at-runtime-if-the-kernel-is-lock.patch | 40 +
...e-Disable-when-the-kernel-is-locked-down.patch} | 12 +-
...p-Disable-when-the-kernel-is-locked-down.patch} | 13 +-
...n-BAR-access-when-the-kernel-is-locked-d.patch} | 52 +-
...n-IO-port-access-when-the-kernel-is-lock.patch} | 39 +-
...trict-MSR-access-when-the-kernel-is-locke.patch | 50 +
...trict-debugfs-interface-when-the-kernel-.patch} | 23 +-
...ccess-to-custom_method-when-the-kernel-i.patch} | 12 +-
...acpi_rsdp-kernel-param-when-the-kernel-h.patch} | 17 +-
...-ACPI-table-override-if-the-kernel-is-lo.patch} | 14 +-
...-APEI-error-injection-if-the-kernel-is-l.patch} | 12 +-
...h => 0019-scsi-Lock-down-the-eata-driver.patch} | 18 +-
...CIA-CIS-storage-when-the-kernel-is-locke.patch} | 19 +-
...RIAL.patch => 0021-Lock-down-TIOCSSERIAL.patch} | 15 +-
...dule-params-that-specify-hardware-parame.patch} | 25 +-
...otrace-Lock-down-the-testmmiotrace-module.patch | 33 +
...allow-use-of-debugfs-files-when-the-kerne.patch | 51 +
.../all/lockdown/0025-Lock-down-proc-kcore.patch | 27 +
.../all/lockdown/0026-Lock-down-kprobes.patch | 29 +
...t-kernel-image-access-functions-when-the-.patch | 37 +
...EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch | 153 ++
...wn-the-kernel-if-booted-in-secure-boot-mo.patch | 88 ++
.../0038-efi-Add-EFI_SECURE_BOOT-bit.patch | 43 -
...lity-to-lock-down-access-to-the-running-k.patch | 135 --
...wn-the-kernel-if-booted-in-secure-boot-mo.patch | 62 -
...ule-signatures-if-the-kernel-is-locked-do.patch | 26 -
...v-mem-and-dev-kmem-when-the-kernel-is-loc.patch | 38 -
...Disable-at-runtime-if-securelevel-has-bee.patch | 35 -
...t-MSR-access-when-the-kernel-is-locked-do.patch | 41 -
...t-kernel-image-access-functions-when-the-.patch | 54 -
...dwmac-sun8i-Handle-integrated-external-MD.patch | 514 ------
...-net-stmmac-sun8i-Restore-the-compatibles.patch | 40 -
...64-dts-allwinner-A64-Restore-EMAC-changes.patch | 197 ---
...llwinner-add-snps-dwmac-mdio-compatible-t.patch | 33 -
...m64-dts-allwinner-H5-Restore-EMAC-changes.patch | 129 --
...ARM-dts-sunxi-Restore-EMAC-changes-boards.patch | 267 ----
...-arm-dts-sunxi-h3-h5-Restore-EMAC-changes.patch | 61 -
...xi-h3-h5-represent-the-mdio-switch-used-b.patch | 64 -
.../x86-make-x32-syscall-support-conditional.patch | 22 +-
debian/patches/series | 88 +-
87 files changed, 1484 insertions(+), 6000 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 9bdf829..af37f24 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+linux (4.15~rc5-1~exp1) UNRELEASED; urgency=medium
+
+ * New upstream release candidate
+
+ [ Ben Hutchings ]
+ * aufs: Update support patchset to aufs4.x-rcN-20171218
+ * lockdown: Update patchset to 2017-11-10 version
+
+ -- Ben Hutchings <ben at decadent.org.uk> Tue, 26 Dec 2017 16:25:55 +0000
+
linux (4.14.7-1) unstable; urgency=medium
* New upstream stable update:
diff --git a/debian/patches/bugfix/all/bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch b/debian/patches/bugfix/all/bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch
deleted file mode 100644
index 074953d..0000000
--- a/debian/patches/bugfix/all/bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Jann Horn <jannh at google.com>
-Date: Mon, 18 Dec 2017 20:11:59 -0800
-Subject: [7/9] bpf: don't prune branches when a scalar is replaced with a
- pointer
-Origin: https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14
-
-This could be made safe by passing through a reference to env and checking
-for env->allow_ptr_leaks, but it would only work one way and is probably
-not worth the hassle - not doing it will not directly lead to program
-rejection.
-
-Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
-Signed-off-by: Jann Horn <jannh at google.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- kernel/bpf/verifier.c | 15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -3366,15 +3366,14 @@ static bool regsafe(struct bpf_reg_state
- return range_within(rold, rcur) &&
- tnum_in(rold->var_off, rcur->var_off);
- } else {
-- /* if we knew anything about the old value, we're not
-- * equal, because we can't know anything about the
-- * scalar value of the pointer in the new value.
-+ /* We're trying to use a pointer in place of a scalar.
-+ * Even if the scalar was unbounded, this could lead to
-+ * pointer leaks because scalars are allowed to leak
-+ * while pointers are not. We could make this safe in
-+ * special cases if root is calling us, but it's
-+ * probably not worth the hassle.
- */
-- return rold->umin_value == 0 &&
-- rold->umax_value == U64_MAX &&
-- rold->smin_value == S64_MIN &&
-- rold->smax_value == S64_MAX &&
-- tnum_is_unknown(rold->var_off);
-+ return false;
- }
- case PTR_TO_MAP_VALUE:
- /* If the new min/max/var_off satisfy the old ones and
diff --git a/debian/patches/bugfix/all/bpf-encapsulate-verifier-log-state-into-a-structure.patch b/debian/patches/bugfix/all/bpf-encapsulate-verifier-log-state-into-a-structure.patch
deleted file mode 100644
index bf0f1c5..0000000
--- a/debian/patches/bugfix/all/bpf-encapsulate-verifier-log-state-into-a-structure.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-From: Jakub Kicinski <jakub.kicinski at netronome.com>
-Date: Mon, 9 Oct 2017 10:30:10 -0700
-Subject: bpf: encapsulate verifier log state into a structure
-Origin: https://git.kernel.org/linus/e7bf8249e8f1bac64885eeccb55bcf6111901a81
-
-Put the loose log_* variables into a structure. This will make
-it simpler to remove the global verifier state in following patches.
-
-Signed-off-by: Jakub Kicinski <jakub.kicinski at netronome.com>
-Reviewed-by: Simon Horman <simon.horman at netronome.com>
-Acked-by: Alexei Starovoitov <ast at kernel.org>
-Acked-by: Daniel Borkmann <daniel at iogearbox.net>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- include/linux/bpf_verifier.h | 13 ++++++++++
- kernel/bpf/verifier.c | 57 +++++++++++++++++++++++---------------------
- 2 files changed, 43 insertions(+), 27 deletions(-)
-
---- a/include/linux/bpf_verifier.h
-+++ b/include/linux/bpf_verifier.h
-@@ -115,6 +115,19 @@ struct bpf_insn_aux_data {
-
- #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */
-
-+struct bpf_verifer_log {
-+ u32 level;
-+ char *kbuf;
-+ char __user *ubuf;
-+ u32 len_used;
-+ u32 len_total;
-+};
-+
-+static inline bool bpf_verifier_log_full(const struct bpf_verifer_log *log)
-+{
-+ return log->len_used >= log->len_total - 1;
-+}
-+
- struct bpf_verifier_env;
- struct bpf_ext_analyzer_ops {
- int (*insn_hook)(struct bpf_verifier_env *env,
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -156,8 +156,7 @@ struct bpf_call_arg_meta {
- /* verbose verifier prints what it's seeing
- * bpf_check() is called under lock, so no race to access these global vars
- */
--static u32 log_level, log_size, log_len;
--static char *log_buf;
-+static struct bpf_verifer_log verifier_log;
-
- static DEFINE_MUTEX(bpf_verifier_lock);
-
-@@ -167,13 +166,15 @@ static DEFINE_MUTEX(bpf_verifier_lock);
- */
- static __printf(1, 2) void verbose(const char *fmt, ...)
- {
-+ struct bpf_verifer_log *log = &verifier_log;
- va_list args;
-
-- if (log_level == 0 || log_len >= log_size - 1)
-+ if (!log->level || bpf_verifier_log_full(log))
- return;
-
- va_start(args, fmt);
-- log_len += vscnprintf(log_buf + log_len, log_size - log_len, fmt, args);
-+ log->len_used += vscnprintf(log->kbuf + log->len_used,
-+ log->len_total - log->len_used, fmt, args);
- va_end(args);
- }
-
-@@ -834,7 +835,7 @@ static int check_map_access(struct bpf_v
- * need to try adding each of min_value and max_value to off
- * to make sure our theoretical access will be safe.
- */
-- if (log_level)
-+ if (verifier_log.level)
- print_verifier_state(state);
- /* The minimum value is only important with signed
- * comparisons where we can't assume the floor of a
-@@ -2915,7 +2916,7 @@ static int check_cond_jmp_op(struct bpf_
- verbose("R%d pointer comparison prohibited\n", insn->dst_reg);
- return -EACCES;
- }
-- if (log_level)
-+ if (verifier_log.level)
- print_verifier_state(this_branch);
- return 0;
- }
-@@ -3633,7 +3634,7 @@ static int do_check(struct bpf_verifier_
- return err;
- if (err == 1) {
- /* found equivalent state, can prune the search */
-- if (log_level) {
-+ if (verifier_log.level) {
- if (do_print_state)
- verbose("\nfrom %d to %d: safe\n",
- prev_insn_idx, insn_idx);
-@@ -3646,8 +3647,9 @@ static int do_check(struct bpf_verifier_
- if (need_resched())
- cond_resched();
-
-- if (log_level > 1 || (log_level && do_print_state)) {
-- if (log_level > 1)
-+ if (verifier_log.level > 1 ||
-+ (verifier_log.level && do_print_state)) {
-+ if (verifier_log.level > 1)
- verbose("%d:", insn_idx);
- else
- verbose("\nfrom %d to %d:",
-@@ -3656,7 +3658,7 @@ static int do_check(struct bpf_verifier_
- do_print_state = false;
- }
-
-- if (log_level) {
-+ if (verifier_log.level) {
- verbose("%d: ", insn_idx);
- print_bpf_insn(env, insn);
- }
-@@ -4307,7 +4309,7 @@ static void free_states(struct bpf_verif
-
- int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
- {
-- char __user *log_ubuf = NULL;
-+ struct bpf_verifer_log *log = &verifier_log;
- struct bpf_verifier_env *env;
- int ret = -EINVAL;
-
-@@ -4332,23 +4334,23 @@ int bpf_check(struct bpf_prog **prog, un
- /* user requested verbose verifier output
- * and supplied buffer to store the verification trace
- */
-- log_level = attr->log_level;
-- log_ubuf = (char __user *) (unsigned long) attr->log_buf;
-- log_size = attr->log_size;
-- log_len = 0;
-+ log->level = attr->log_level;
-+ log->ubuf = (char __user *) (unsigned long) attr->log_buf;
-+ log->len_total = attr->log_size;
-+ log->len_used = 0;
-
- ret = -EINVAL;
-- /* log_* values have to be sane */
-- if (log_size < 128 || log_size > UINT_MAX >> 8 ||
-- log_level == 0 || log_ubuf == NULL)
-+ /* log attributes have to be sane */
-+ if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
-+ !log->level || !log->ubuf)
- goto err_unlock;
-
- ret = -ENOMEM;
-- log_buf = vmalloc(log_size);
-- if (!log_buf)
-+ log->kbuf = vmalloc(log->len_total);
-+ if (!log->kbuf)
- goto err_unlock;
- } else {
-- log_level = 0;
-+ log->level = 0;
- }
-
- env->strict_alignment = !!(attr->prog_flags & BPF_F_STRICT_ALIGNMENT);
-@@ -4385,15 +4387,16 @@ skip_full_check:
- if (ret == 0)
- ret = fixup_bpf_calls(env);
-
-- if (log_level && log_len >= log_size - 1) {
-- BUG_ON(log_len >= log_size);
-+ if (log->level && bpf_verifier_log_full(log)) {
-+ BUG_ON(log->len_used >= log->len_total);
- /* verifier log exceeded user supplied buffer */
- ret = -ENOSPC;
- /* fall through to return what was recorded */
- }
-
- /* copy verifier log back to user space including trailing zero */
-- if (log_level && copy_to_user(log_ubuf, log_buf, log_len + 1) != 0) {
-+ if (log->level && copy_to_user(log->ubuf, log->kbuf,
-+ log->len_used + 1) != 0) {
- ret = -EFAULT;
- goto free_log_buf;
- }
-@@ -4420,8 +4423,8 @@ skip_full_check:
- }
-
- free_log_buf:
-- if (log_level)
-- vfree(log_buf);
-+ if (log->level)
-+ vfree(log->kbuf);
- if (!env->prog->aux->used_maps)
- /* if we didn't copy map pointers into bpf_prog_info, release
- * them now. Otherwise free_bpf_prog_info() will release them.
-@@ -4458,7 +4461,7 @@ int bpf_analyzer(struct bpf_prog *prog,
- /* grab the mutex to protect few globals used by verifier */
- mutex_lock(&bpf_verifier_lock);
-
-- log_level = 0;
-+ verifier_log.level = 0;
-
- env->strict_alignment = false;
- if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
diff --git a/debian/patches/bugfix/all/bpf-fix-32-bit-alu-op-verification.patch b/debian/patches/bugfix/all/bpf-fix-32-bit-alu-op-verification.patch
deleted file mode 100644
index c1e08c8..0000000
--- a/debian/patches/bugfix/all/bpf-fix-32-bit-alu-op-verification.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From: Jann Horn <jannh at google.com>
-Date: Mon, 18 Dec 2017 20:11:56 -0800
-Subject: [4/9] bpf: fix 32-bit ALU op verification
-Origin: https://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a
-
-32-bit ALU ops operate on 32-bit values and have 32-bit outputs.
-Adjust the verifier accordingly.
-
-Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
-Signed-off-by: Jann Horn <jannh at google.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- kernel/bpf/verifier.c | 28 +++++++++++++++++-----------
- 1 file changed, 17 insertions(+), 11 deletions(-)
-
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -2010,6 +2010,10 @@ static int adjust_ptr_min_max_vals(struc
- return 0;
- }
-
-+/* WARNING: This function does calculations on 64-bit values, but the actual
-+ * execution may occur on 32-bit values. Therefore, things like bitshifts
-+ * need extra checks in the 32-bit case.
-+ */
- static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env,
- struct bpf_insn *insn,
- struct bpf_reg_state *dst_reg,
-@@ -2020,12 +2024,8 @@ static int adjust_scalar_min_max_vals(st
- bool src_known, dst_known;
- s64 smin_val, smax_val;
- u64 umin_val, umax_val;
-+ u64 insn_bitness = (BPF_CLASS(insn->code) == BPF_ALU64) ? 64 : 32;
-
-- if (BPF_CLASS(insn->code) != BPF_ALU64) {
-- /* 32-bit ALU ops are (32,32)->64 */
-- coerce_reg_to_size(dst_reg, 4);
-- coerce_reg_to_size(&src_reg, 4);
-- }
- smin_val = src_reg.smin_value;
- smax_val = src_reg.smax_value;
- umin_val = src_reg.umin_value;
-@@ -2161,9 +2161,9 @@ static int adjust_scalar_min_max_vals(st
- __update_reg_bounds(dst_reg);
- break;
- case BPF_LSH:
-- if (umax_val > 63) {
-- /* Shifts greater than 63 are undefined. This includes
-- * shifts by a negative number.
-+ if (umax_val >= insn_bitness) {
-+ /* Shifts greater than 31 or 63 are undefined.
-+ * This includes shifts by a negative number.
- */
- mark_reg_unknown(env, regs, insn->dst_reg);
- break;
-@@ -2189,9 +2189,9 @@ static int adjust_scalar_min_max_vals(st
- __update_reg_bounds(dst_reg);
- break;
- case BPF_RSH:
-- if (umax_val > 63) {
-- /* Shifts greater than 63 are undefined. This includes
-- * shifts by a negative number.
-+ if (umax_val >= insn_bitness) {
-+ /* Shifts greater than 31 or 63 are undefined.
-+ * This includes shifts by a negative number.
- */
- mark_reg_unknown(env, regs, insn->dst_reg);
- break;
-@@ -2227,6 +2227,12 @@ static int adjust_scalar_min_max_vals(st
- break;
- }
-
-+ if (BPF_CLASS(insn->code) != BPF_ALU64) {
-+ /* 32-bit ALU ops are (32,32)->32 */
-+ coerce_reg_to_size(dst_reg, 4);
-+ coerce_reg_to_size(&src_reg, 4);
-+ }
-+
- __reg_deduce_bounds(dst_reg);
- __reg_bound_offset(dst_reg);
- return 0;
diff --git a/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch b/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch
deleted file mode 100644
index ebb9ee8..0000000
--- a/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From: Alexei Starovoitov <ast at fb.com>
-Date: Wed, 22 Nov 2017 16:42:05 -0800
-Subject: bpf: fix branch pruning logic
-Origin: https://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
-
-when the verifier detects that register contains a runtime constant
-and it's compared with another constant it will prune exploration
-of the branch that is guaranteed not to be taken at runtime.
-This is all correct, but malicious program may be constructed
-in such a way that it always has a constant comparison and
-the other branch is never taken under any conditions.
-In this case such path through the program will not be explored
-by the verifier. It won't be taken at run-time either, but since
-all instructions are JITed the malicious program may cause JITs
-to complain about using reserved fields, etc.
-To fix the issue we have to track the instructions explored by
-the verifier and sanitize instructions that are dead at run time
-with NOPs. We cannot reject such dead code, since llvm generates
-it for valid C code, since it doesn't do as much data flow
-analysis as the verifier does.
-
-Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)")
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Acked-by: Daniel Borkmann <daniel at iogearbox.net>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- include/linux/bpf_verifier.h | 2 +-
- kernel/bpf/verifier.c | 27 +++++++++++++++++++++++++++
- 2 files changed, 28 insertions(+), 1 deletion(-)
-
---- a/include/linux/bpf_verifier.h
-+++ b/include/linux/bpf_verifier.h
-@@ -110,7 +110,7 @@ struct bpf_insn_aux_data {
- struct bpf_map *map_ptr; /* pointer for call insn into lookup_elem */
- };
- int ctx_field_size; /* the ctx field size for load insn, maybe 0 */
-- int converted_op_size; /* the valid value width after perceived conversion */
-+ bool seen; /* this insn was processed by the verifier */
- };
-
- #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -3695,6 +3695,7 @@ static int do_check(struct bpf_verifier_
- if (err)
- return err;
-
-+ env->insn_aux_data[insn_idx].seen = true;
- if (class == BPF_ALU || class == BPF_ALU64) {
- err = check_alu_op(env, insn);
- if (err)
-@@ -3885,6 +3886,7 @@ process_bpf_exit:
- return err;
-
- insn_idx++;
-+ env->insn_aux_data[insn_idx].seen = true;
- } else {
- verbose(env, "invalid BPF_LD mode\n");
- return -EINVAL;
-@@ -4067,6 +4069,7 @@ static int adjust_insn_aux_data(struct b
- u32 off, u32 cnt)
- {
- struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
-+ int i;
-
- if (cnt == 1)
- return 0;
-@@ -4076,6 +4079,8 @@ static int adjust_insn_aux_data(struct b
- memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
- memcpy(new_data + off + cnt - 1, old_data + off,
- sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
-+ for (i = off; i < off + cnt - 1; i++)
-+ new_data[i].seen = true;
- env->insn_aux_data = new_data;
- vfree(old_data);
- return 0;
-@@ -4094,6 +4099,25 @@ static struct bpf_prog *bpf_patch_insn_d
- return new_prog;
- }
-
-+/* The verifier does more data flow analysis than llvm and will not explore
-+ * branches that are dead at run time. Malicious programs can have dead code
-+ * too. Therefore replace all dead at-run-time code with nops.
-+ */
-+static void sanitize_dead_code(struct bpf_verifier_env *env)
-+{
-+ struct bpf_insn_aux_data *aux_data = env->insn_aux_data;
-+ struct bpf_insn nop = BPF_MOV64_REG(BPF_REG_0, BPF_REG_0);
-+ struct bpf_insn *insn = env->prog->insnsi;
-+ const int insn_cnt = env->prog->len;
-+ int i;
-+
-+ for (i = 0; i < insn_cnt; i++) {
-+ if (aux_data[i].seen)
-+ continue;
-+ memcpy(insn + i, &nop, sizeof(nop));
-+ }
-+}
-+
- /* convert load instructions that access fields of 'struct __sk_buff'
- * into sequence of instructions that access fields of 'struct sk_buff'
- */
-@@ -4410,6 +4434,9 @@ skip_full_check:
- free_states(env);
-
- if (ret == 0)
-+ sanitize_dead_code(env);
-+
-+ if (ret == 0)
- /* program is valid, convert *(u32*)(ctx + off) accesses */
- ret = convert_ctx_accesses(env);
-
diff --git a/debian/patches/bugfix/all/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch b/debian/patches/bugfix/all/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch
deleted file mode 100644
index 62d4510..0000000
--- a/debian/patches/bugfix/all/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Jann Horn <jannh at google.com>
-Date: Mon, 18 Dec 2017 20:11:54 -0800
-Subject: [2/9] bpf: fix incorrect sign extension in check_alu_op()
-Origin: https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f
-
-Distinguish between
-BPF_ALU64|BPF_MOV|BPF_K (load 32-bit immediate, sign-extended to 64-bit)
-and BPF_ALU|BPF_MOV|BPF_K (load 32-bit immediate, zero-padded to 64-bit);
-only perform sign extension in the first case.
-
-Starting with v4.14, this is exploitable by unprivileged users as long as
-the unprivileged_bpf_disabled sysctl isn't set.
-
-Debian assigned CVE-2017-16995 for this issue.
-
-v3:
- - add CVE number (Ben Hutchings)
-
-Fixes: 484611357c19 ("bpf: allow access into map value arrays")
-Signed-off-by: Jann Horn <jannh at google.com>
-Acked-by: Edward Cree <ecree at solarflare.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- kernel/bpf/verifier.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -2401,7 +2401,13 @@ static int check_alu_op(struct bpf_verif
- * remember the value we stored into this reg
- */
- regs[insn->dst_reg].type = SCALAR_VALUE;
-- __mark_reg_known(regs + insn->dst_reg, insn->imm);
-+ if (BPF_CLASS(insn->code) == BPF_ALU64) {
-+ __mark_reg_known(regs + insn->dst_reg,
-+ insn->imm);
-+ } else {
-+ __mark_reg_known(regs + insn->dst_reg,
-+ (u32)insn->imm);
-+ }
- }
-
- } else if (opcode > BPF_END) {
diff --git a/debian/patches/bugfix/all/bpf-fix-incorrect-tracking-of-register-size-truncati.patch b/debian/patches/bugfix/all/bpf-fix-incorrect-tracking-of-register-size-truncati.patch
deleted file mode 100644
index e43e9da..0000000
--- a/debian/patches/bugfix/all/bpf-fix-incorrect-tracking-of-register-size-truncati.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From: Jann Horn <jannh at google.com>
-Date: Mon, 18 Dec 2017 20:11:55 -0800
-Subject: [3/9] bpf: fix incorrect tracking of register size truncation
-Origin: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958
-
-Properly handle register truncation to a smaller size.
-
-The old code first mirrors the clearing of the high 32 bits in the bitwise
-tristate representation, which is correct. But then, it computes the new
-arithmetic bounds as the intersection between the old arithmetic bounds and
-the bounds resulting from the bitwise tristate representation. Therefore,
-when coerce_reg_to_32() is called on a number with bounds
-[0xffff'fff8, 0x1'0000'0007], the verifier computes
-[0xffff'fff8, 0xffff'ffff] as bounds of the truncated number.
-This is incorrect: The truncated number could also be in the range [0, 7],
-and no meaningful arithmetic bounds can be computed in that case apart from
-the obvious [0, 0xffff'ffff].
-
-Starting with v4.14, this is exploitable by unprivileged users as long as
-the unprivileged_bpf_disabled sysctl isn't set.
-
-Debian assigned CVE-2017-16996 for this issue.
-
-v2:
- - flip the mask during arithmetic bounds calculation (Ben Hutchings)
-v3:
- - add CVE number (Ben Hutchings)
-
-Fixes: b03c9f9fdc37 ("bpf/verifier: track signed and unsigned min/max values")
-Signed-off-by: Jann Horn <jannh at google.com>
-Acked-by: Edward Cree <ecree at solarflare.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
-[bwh: Backported to 4.14]
----
- kernel/bpf/verifier.c | 44 +++++++++++++++++++++++++++-----------------
- 1 file changed, 27 insertions(+), 17 deletions(-)
-
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -1079,6 +1079,29 @@ static int check_ptr_alignment(struct bp
- strict);
- }
-
-+/* truncate register to smaller size (in bytes)
-+ * must be called with size < BPF_REG_SIZE
-+ */
-+static void coerce_reg_to_size(struct bpf_reg_state *reg, int size)
-+{
-+ u64 mask;
-+
-+ /* clear high bits in bit representation */
-+ reg->var_off = tnum_cast(reg->var_off, size);
-+
-+ /* fix arithmetic bounds */
-+ mask = ((u64)1 << (size * 8)) - 1;
-+ if ((reg->umin_value & ~mask) == (reg->umax_value & ~mask)) {
-+ reg->umin_value &= mask;
-+ reg->umax_value &= mask;
-+ } else {
-+ reg->umin_value = 0;
-+ reg->umax_value = mask;
-+ }
-+ reg->smin_value = reg->umin_value;
-+ reg->smax_value = reg->umax_value;
-+}
-+
- /* check whether memory at (regno + off) is accessible for t = (read | write)
- * if t==write, value_regno is a register which value is stored into memory
- * if t==read, value_regno is a register which will receive the value from memory
-@@ -1217,9 +1240,7 @@ static int check_mem_access(struct bpf_v
- if (!err && size < BPF_REG_SIZE && value_regno >= 0 && t == BPF_READ &&
- state->regs[value_regno].type == SCALAR_VALUE) {
- /* b/h/w load zero-extends, mark upper bits as known 0 */
-- state->regs[value_regno].var_off = tnum_cast(
-- state->regs[value_regno].var_off, size);
-- __update_reg_bounds(&state->regs[value_regno]);
-+ coerce_reg_to_size(&state->regs[value_regno], size);
- }
- return err;
- }
-@@ -1765,14 +1786,6 @@ static int check_call(struct bpf_verifie
- return 0;
- }
-
--static void coerce_reg_to_32(struct bpf_reg_state *reg)
--{
-- /* clear high 32 bits */
-- reg->var_off = tnum_cast(reg->var_off, 4);
-- /* Update bounds */
-- __update_reg_bounds(reg);
--}
--
- static bool signed_add_overflows(s64 a, s64 b)
- {
- /* Do the add in u64, where overflow is well-defined */
-@@ -2010,8 +2023,8 @@ static int adjust_scalar_min_max_vals(st
-
- if (BPF_CLASS(insn->code) != BPF_ALU64) {
- /* 32-bit ALU ops are (32,32)->64 */
-- coerce_reg_to_32(dst_reg);
-- coerce_reg_to_32(&src_reg);
-+ coerce_reg_to_size(dst_reg, 4);
-+ coerce_reg_to_size(&src_reg, 4);
- }
- smin_val = src_reg.smin_value;
- smax_val = src_reg.smax_value;
-@@ -2391,10 +2404,7 @@ static int check_alu_op(struct bpf_verif
- return -EACCES;
- }
- mark_reg_unknown(env, regs, insn->dst_reg);
-- /* high 32 bits are known zero. */
-- regs[insn->dst_reg].var_off = tnum_cast(
-- regs[insn->dst_reg].var_off, 4);
-- __update_reg_bounds(®s[insn->dst_reg]);
-+ coerce_reg_to_size(®s[insn->dst_reg], 4);
- }
- } else {
- /* case: R = imm
diff --git a/debian/patches/bugfix/all/bpf-fix-integer-overflows.patch b/debian/patches/bugfix/all/bpf-fix-integer-overflows.patch
deleted file mode 100644
index 745014a..0000000
--- a/debian/patches/bugfix/all/bpf-fix-integer-overflows.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From: Alexei Starovoitov <ast at kernel.org>
-Date: Mon, 18 Dec 2017 20:12:00 -0800
-Subject: [8/9] bpf: fix integer overflows
-Origin: https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03
-
-There were various issues related to the limited size of integers used in
-the verifier:
- - `off + size` overflow in __check_map_access()
- - `off + reg->off` overflow in check_mem_access()
- - `off + reg->var_off.value` overflow or 32-bit truncation of
- `reg->var_off.value` in check_mem_access()
- - 32-bit truncation in check_stack_boundary()
-
-Make sure that any integer math cannot overflow by not allowing
-pointer math with large values.
-
-Also reduce the scope of "scalar op scalar" tracking.
-
-Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
-Reported-by: Jann Horn <jannh at google.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- include/linux/bpf_verifier.h | 4 ++--
- kernel/bpf/verifier.c | 48 ++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 50 insertions(+), 2 deletions(-)
-
---- a/include/linux/bpf_verifier.h
-+++ b/include/linux/bpf_verifier.h
-@@ -15,11 +15,11 @@
- * In practice this is far bigger than any realistic pointer offset; this limit
- * ensures that umax_value + (int)off + (int)size cannot overflow a u64.
- */
--#define BPF_MAX_VAR_OFF (1ULL << 31)
-+#define BPF_MAX_VAR_OFF (1 << 29)
- /* Maximum variable size permitted for ARG_CONST_SIZE[_OR_ZERO]. This ensures
- * that converting umax_value to int cannot overflow.
- */
--#define BPF_MAX_VAR_SIZ INT_MAX
-+#define BPF_MAX_VAR_SIZ (1 << 29)
-
- /* Liveness marks, used for registers and spilled-regs (in stack slots).
- * Read marks propagate upwards until they find a write mark; they record that
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -1812,6 +1812,41 @@ static bool signed_sub_overflows(s64 a,
- return res > a;
- }
-
-+static bool check_reg_sane_offset(struct bpf_verifier_env *env,
-+ const struct bpf_reg_state *reg,
-+ enum bpf_reg_type type)
-+{
-+ bool known = tnum_is_const(reg->var_off);
-+ s64 val = reg->var_off.value;
-+ s64 smin = reg->smin_value;
-+
-+ if (known && (val >= BPF_MAX_VAR_OFF || val <= -BPF_MAX_VAR_OFF)) {
-+ verbose(env, "math between %s pointer and %lld is not allowed\n",
-+ reg_type_str[type], val);
-+ return false;
-+ }
-+
-+ if (reg->off >= BPF_MAX_VAR_OFF || reg->off <= -BPF_MAX_VAR_OFF) {
-+ verbose(env, "%s pointer offset %d is not allowed\n",
-+ reg_type_str[type], reg->off);
-+ return false;
-+ }
-+
-+ if (smin == S64_MIN) {
-+ verbose(env, "math between %s pointer and register with unbounded min value is not allowed\n",
-+ reg_type_str[type]);
-+ return false;
-+ }
-+
-+ if (smin >= BPF_MAX_VAR_OFF || smin <= -BPF_MAX_VAR_OFF) {
-+ verbose(env, "value %lld makes %s pointer be out of bounds\n",
-+ smin, reg_type_str[type]);
-+ return false;
-+ }
-+
-+ return true;
-+}
-+
- /* Handles arithmetic on a pointer and a scalar: computes new min/max and var_off.
- * Caller should also handle BPF_MOV case separately.
- * If we return -EACCES, caller may want to try again treating pointer as a
-@@ -1880,6 +1915,10 @@ static int adjust_ptr_min_max_vals(struc
- dst_reg->type = ptr_reg->type;
- dst_reg->id = ptr_reg->id;
-
-+ if (!check_reg_sane_offset(env, off_reg, ptr_reg->type) ||
-+ !check_reg_sane_offset(env, ptr_reg, ptr_reg->type))
-+ return -EINVAL;
-+
- switch (opcode) {
- case BPF_ADD:
- /* We can take a fixed offset as long as it doesn't overflow
-@@ -2010,6 +2049,9 @@ static int adjust_ptr_min_max_vals(struc
- return -EACCES;
- }
-
-+ if (!check_reg_sane_offset(env, dst_reg, ptr_reg->type))
-+ return -EINVAL;
-+
- __update_reg_bounds(dst_reg);
- __reg_deduce_bounds(dst_reg);
- __reg_bound_offset(dst_reg);
-@@ -2039,6 +2081,12 @@ static int adjust_scalar_min_max_vals(st
- src_known = tnum_is_const(src_reg.var_off);
- dst_known = tnum_is_const(dst_reg->var_off);
-
-+ if (!src_known &&
-+ opcode != BPF_ADD && opcode != BPF_SUB && opcode != BPF_AND) {
-+ __mark_reg_unknown(dst_reg);
-+ return 0;
-+ }
-+
- switch (opcode) {
- case BPF_ADD:
- if (signed_add_overflows(dst_reg->smin_value, smin_val) ||
diff --git a/debian/patches/bugfix/all/bpf-fix-missing-error-return-in-check_stack_boundary.patch b/debian/patches/bugfix/all/bpf-fix-missing-error-return-in-check_stack_boundary.patch
deleted file mode 100644
index e80bde3..0000000
--- a/debian/patches/bugfix/all/bpf-fix-missing-error-return-in-check_stack_boundary.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Jann Horn <jannh at google.com>
-Date: Mon, 18 Dec 2017 20:11:57 -0800
-Subject: [5/9] bpf: fix missing error return in check_stack_boundary()
-Origin: https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469
-
-Prevent indirect stack accesses at non-constant addresses, which would
-permit reading and corrupting spilled pointers.
-
-Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
-Signed-off-by: Jann Horn <jannh at google.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- kernel/bpf/verifier.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -1320,6 +1320,7 @@ static int check_stack_boundary(struct b
- tnum_strn(tn_buf, sizeof(tn_buf), regs[regno].var_off);
- verbose(env, "invalid variable stack read R%d var_off=%s\n",
- regno, tn_buf);
-+ return -EACCES;
- }
- off = regs[regno].off + regs[regno].var_off.value;
- if (off >= 0 || off < -MAX_BPF_STACK || off + access_size > 0 ||
diff --git a/debian/patches/bugfix/all/bpf-force-strict-alignment-checks-for-stack-pointers.patch b/debian/patches/bugfix/all/bpf-force-strict-alignment-checks-for-stack-pointers.patch
deleted file mode 100644
index db7e557..0000000
--- a/debian/patches/bugfix/all/bpf-force-strict-alignment-checks-for-stack-pointers.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Jann Horn <jannh at google.com>
-Date: Mon, 18 Dec 2017 20:11:58 -0800
-Subject: [6/9] bpf: force strict alignment checks for stack pointers
-Origin: https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f
-
-Force strict alignment checks for stack pointers because the tracking of
-stack spills relies on it; unaligned stack accesses can lead to corruption
-of spilled registers, which is exploitable.
-
-Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
-Signed-off-by: Jann Horn <jannh at google.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- kernel/bpf/verifier.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -1071,6 +1071,11 @@ static int check_ptr_alignment(struct bp
- break;
- case PTR_TO_STACK:
- pointer_desc = "stack ";
-+ /* The stack spill tracking logic in check_stack_write()
-+ * and check_stack_read() relies on stack accesses being
-+ * aligned.
-+ */
-+ strict = true;
- break;
- default:
- break;
diff --git a/debian/patches/bugfix/all/bpf-move-global-verifier-log-into-verifier-environme.patch b/debian/patches/bugfix/all/bpf-move-global-verifier-log-into-verifier-environme.patch
deleted file mode 100644
index a644457..0000000
--- a/debian/patches/bugfix/all/bpf-move-global-verifier-log-into-verifier-environme.patch
+++ /dev/null
@@ -1,1665 +0,0 @@
-From: Jakub Kicinski <jakub.kicinski at netronome.com>
-Date: Mon, 9 Oct 2017 10:30:11 -0700
-Subject: bpf: move global verifier log into verifier environment
-Origin: https://git.kernel.org/linus/61bd5218eef349fcacc4976a251bc83a4748b4af
-
-The biggest piece of global state protected by the verifier lock
-is the verifier_log. Move that log to struct bpf_verifier_env.
-struct bpf_verifier_env has to be passed now to all invocations
-of verbose().
-
-Signed-off-by: Jakub Kicinski <jakub.kicinski at netronome.com>
-Reviewed-by: Simon Horman <simon.horman at netronome.com>
-Acked-by: Alexei Starovoitov <ast at kernel.org>
-Acked-by: Daniel Borkmann <daniel at iogearbox.net>
-Signed-off-by: David S. Miller <davem at davemloft.net>
-[bwh: Backported to 4.14]
----
- include/linux/bpf_verifier.h | 2 +
- kernel/bpf/verifier.c | 491 +++++++++++++++++++++++--------------------
- 2 files changed, 261 insertions(+), 232 deletions(-)
-
---- a/include/linux/bpf_verifier.h
-+++ b/include/linux/bpf_verifier.h
-@@ -152,6 +152,8 @@ struct bpf_verifier_env {
- bool allow_ptr_leaks;
- bool seen_direct_write;
- struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */
-+
-+ struct bpf_verifer_log log;
- };
-
- int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -153,20 +153,16 @@ struct bpf_call_arg_meta {
- int access_size;
- };
-
--/* verbose verifier prints what it's seeing
-- * bpf_check() is called under lock, so no race to access these global vars
-- */
--static struct bpf_verifer_log verifier_log;
--
- static DEFINE_MUTEX(bpf_verifier_lock);
-
- /* log_level controls verbosity level of eBPF verifier.
- * verbose() is used to dump the verification trace to the log, so the user
- * can figure out what's wrong with the program
- */
--static __printf(1, 2) void verbose(const char *fmt, ...)
-+static __printf(2, 3) void verbose(struct bpf_verifier_env *env,
-+ const char *fmt, ...)
- {
-- struct bpf_verifer_log *log = &verifier_log;
-+ struct bpf_verifer_log *log = &env->log;
- va_list args;
-
- if (!log->level || bpf_verifier_log_full(log))
-@@ -207,7 +203,8 @@ static const char *func_id_name(int id)
- return "unknown";
- }
-
--static void print_verifier_state(struct bpf_verifier_state *state)
-+static void print_verifier_state(struct bpf_verifier_env *env,
-+ struct bpf_verifier_state *state)
- {
- struct bpf_reg_state *reg;
- enum bpf_reg_type t;
-@@ -218,21 +215,21 @@ static void print_verifier_state(struct
- t = reg->type;
- if (t == NOT_INIT)
- continue;
-- verbose(" R%d=%s", i, reg_type_str[t]);
-+ verbose(env, " R%d=%s", i, reg_type_str[t]);
- if ((t == SCALAR_VALUE || t == PTR_TO_STACK) &&
- tnum_is_const(reg->var_off)) {
- /* reg->off should be 0 for SCALAR_VALUE */
-- verbose("%lld", reg->var_off.value + reg->off);
-+ verbose(env, "%lld", reg->var_off.value + reg->off);
- } else {
-- verbose("(id=%d", reg->id);
-+ verbose(env, "(id=%d", reg->id);
- if (t != SCALAR_VALUE)
-- verbose(",off=%d", reg->off);
-+ verbose(env, ",off=%d", reg->off);
- if (t == PTR_TO_PACKET)
-- verbose(",r=%d", reg->range);
-+ verbose(env, ",r=%d", reg->range);
- else if (t == CONST_PTR_TO_MAP ||
- t == PTR_TO_MAP_VALUE ||
- t == PTR_TO_MAP_VALUE_OR_NULL)
-- verbose(",ks=%d,vs=%d",
-+ verbose(env, ",ks=%d,vs=%d",
- reg->map_ptr->key_size,
- reg->map_ptr->value_size);
- if (tnum_is_const(reg->var_off)) {
-@@ -240,38 +237,38 @@ static void print_verifier_state(struct
- * could be a pointer whose offset is too big
- * for reg->off
- */
-- verbose(",imm=%llx", reg->var_off.value);
-+ verbose(env, ",imm=%llx", reg->var_off.value);
- } else {
- if (reg->smin_value != reg->umin_value &&
- reg->smin_value != S64_MIN)
-- verbose(",smin_value=%lld",
-+ verbose(env, ",smin_value=%lld",
- (long long)reg->smin_value);
- if (reg->smax_value != reg->umax_value &&
- reg->smax_value != S64_MAX)
-- verbose(",smax_value=%lld",
-+ verbose(env, ",smax_value=%lld",
- (long long)reg->smax_value);
- if (reg->umin_value != 0)
-- verbose(",umin_value=%llu",
-+ verbose(env, ",umin_value=%llu",
- (unsigned long long)reg->umin_value);
- if (reg->umax_value != U64_MAX)
-- verbose(",umax_value=%llu",
-+ verbose(env, ",umax_value=%llu",
- (unsigned long long)reg->umax_value);
- if (!tnum_is_unknown(reg->var_off)) {
- char tn_buf[48];
-
- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
-- verbose(",var_off=%s", tn_buf);
-+ verbose(env, ",var_off=%s", tn_buf);
- }
- }
-- verbose(")");
-+ verbose(env, ")");
- }
- }
- for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) {
- if (state->stack_slot_type[i] == STACK_SPILL)
-- verbose(" fp%d=%s", -MAX_BPF_STACK + i,
-+ verbose(env, " fp%d=%s", -MAX_BPF_STACK + i,
- reg_type_str[state->spilled_regs[i / BPF_REG_SIZE].type]);
- }
-- verbose("\n");
-+ verbose(env, "\n");
- }
-
- static const char *const bpf_class_string[] = {
-@@ -326,21 +323,21 @@ static const char *const bpf_jmp_string[
- [BPF_EXIT >> 4] = "exit",
- };
-
--static void print_bpf_insn(const struct bpf_verifier_env *env,
-+static void print_bpf_insn(struct bpf_verifier_env *env,
- const struct bpf_insn *insn)
- {
- u8 class = BPF_CLASS(insn->code);
-
- if (class == BPF_ALU || class == BPF_ALU64) {
- if (BPF_SRC(insn->code) == BPF_X)
-- verbose("(%02x) %sr%d %s %sr%d\n",
-+ verbose(env, "(%02x) %sr%d %s %sr%d\n",
- insn->code, class == BPF_ALU ? "(u32) " : "",
- insn->dst_reg,
- bpf_alu_string[BPF_OP(insn->code) >> 4],
- class == BPF_ALU ? "(u32) " : "",
- insn->src_reg);
- else
-- verbose("(%02x) %sr%d %s %s%d\n",
-+ verbose(env, "(%02x) %sr%d %s %s%d\n",
- insn->code, class == BPF_ALU ? "(u32) " : "",
- insn->dst_reg,
- bpf_alu_string[BPF_OP(insn->code) >> 4],
-@@ -348,46 +345,46 @@ static void print_bpf_insn(const struct
- insn->imm);
- } else if (class == BPF_STX) {
- if (BPF_MODE(insn->code) == BPF_MEM)
-- verbose("(%02x) *(%s *)(r%d %+d) = r%d\n",
-+ verbose(env, "(%02x) *(%s *)(r%d %+d) = r%d\n",
- insn->code,
- bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
- insn->dst_reg,
- insn->off, insn->src_reg);
- else if (BPF_MODE(insn->code) == BPF_XADD)
-- verbose("(%02x) lock *(%s *)(r%d %+d) += r%d\n",
-+ verbose(env, "(%02x) lock *(%s *)(r%d %+d) += r%d\n",
- insn->code,
- bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
- insn->dst_reg, insn->off,
- insn->src_reg);
- else
-- verbose("BUG_%02x\n", insn->code);
-+ verbose(env, "BUG_%02x\n", insn->code);
- } else if (class == BPF_ST) {
- if (BPF_MODE(insn->code) != BPF_MEM) {
-- verbose("BUG_st_%02x\n", insn->code);
-+ verbose(env, "BUG_st_%02x\n", insn->code);
- return;
- }
-- verbose("(%02x) *(%s *)(r%d %+d) = %d\n",
-+ verbose(env, "(%02x) *(%s *)(r%d %+d) = %d\n",
- insn->code,
- bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
- insn->dst_reg,
- insn->off, insn->imm);
- } else if (class == BPF_LDX) {
- if (BPF_MODE(insn->code) != BPF_MEM) {
-- verbose("BUG_ldx_%02x\n", insn->code);
-+ verbose(env, "BUG_ldx_%02x\n", insn->code);
- return;
- }
-- verbose("(%02x) r%d = *(%s *)(r%d %+d)\n",
-+ verbose(env, "(%02x) r%d = *(%s *)(r%d %+d)\n",
- insn->code, insn->dst_reg,
- bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
- insn->src_reg, insn->off);
- } else if (class == BPF_LD) {
- if (BPF_MODE(insn->code) == BPF_ABS) {
-- verbose("(%02x) r0 = *(%s *)skb[%d]\n",
-+ verbose(env, "(%02x) r0 = *(%s *)skb[%d]\n",
- insn->code,
- bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
- insn->imm);
- } else if (BPF_MODE(insn->code) == BPF_IND) {
-- verbose("(%02x) r0 = *(%s *)skb[r%d + %d]\n",
-+ verbose(env, "(%02x) r0 = *(%s *)skb[r%d + %d]\n",
- insn->code,
- bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
- insn->src_reg, insn->imm);
-@@ -402,36 +399,37 @@ static void print_bpf_insn(const struct
- if (map_ptr && !env->allow_ptr_leaks)
- imm = 0;
-
-- verbose("(%02x) r%d = 0x%llx\n", insn->code,
-+ verbose(env, "(%02x) r%d = 0x%llx\n", insn->code,
- insn->dst_reg, (unsigned long long)imm);
- } else {
-- verbose("BUG_ld_%02x\n", insn->code);
-+ verbose(env, "BUG_ld_%02x\n", insn->code);
- return;
- }
- } else if (class == BPF_JMP) {
- u8 opcode = BPF_OP(insn->code);
-
- if (opcode == BPF_CALL) {
-- verbose("(%02x) call %s#%d\n", insn->code,
-+ verbose(env, "(%02x) call %s#%d\n", insn->code,
- func_id_name(insn->imm), insn->imm);
- } else if (insn->code == (BPF_JMP | BPF_JA)) {
-- verbose("(%02x) goto pc%+d\n",
-+ verbose(env, "(%02x) goto pc%+d\n",
- insn->code, insn->off);
- } else if (insn->code == (BPF_JMP | BPF_EXIT)) {
-- verbose("(%02x) exit\n", insn->code);
-+ verbose(env, "(%02x) exit\n", insn->code);
- } else if (BPF_SRC(insn->code) == BPF_X) {
-- verbose("(%02x) if r%d %s r%d goto pc%+d\n",
-+ verbose(env, "(%02x) if r%d %s r%d goto pc%+d\n",
- insn->code, insn->dst_reg,
- bpf_jmp_string[BPF_OP(insn->code) >> 4],
- insn->src_reg, insn->off);
- } else {
-- verbose("(%02x) if r%d %s 0x%x goto pc%+d\n",
-+ verbose(env, "(%02x) if r%d %s 0x%x goto pc%+d\n",
- insn->code, insn->dst_reg,
- bpf_jmp_string[BPF_OP(insn->code) >> 4],
- insn->imm, insn->off);
- }
- } else {
-- verbose("(%02x) %s\n", insn->code, bpf_class_string[class]);
-+ verbose(env, "(%02x) %s\n",
-+ insn->code, bpf_class_string[class]);
- }
- }
-
-@@ -470,7 +468,7 @@ static struct bpf_verifier_state *push_s
- env->head = elem;
- env->stack_size++;
- if (env->stack_size > BPF_COMPLEXITY_LIMIT_STACK) {
-- verbose("BPF program is too complex\n");
-+ verbose(env, "BPF program is too complex\n");
- goto err;
- }
- return &elem->st;
-@@ -508,10 +506,11 @@ static void __mark_reg_known_zero(struct
- __mark_reg_known(reg, 0);
- }
-
--static void mark_reg_known_zero(struct bpf_reg_state *regs, u32 regno)
-+static void mark_reg_known_zero(struct bpf_verifier_env *env,
-+ struct bpf_reg_state *regs, u32 regno)
- {
- if (WARN_ON(regno >= MAX_BPF_REG)) {
-- verbose("mark_reg_known_zero(regs, %u)\n", regno);
-+ verbose(env, "mark_reg_known_zero(regs, %u)\n", regno);
- /* Something bad happened, let's kill all regs */
- for (regno = 0; regno < MAX_BPF_REG; regno++)
- __mark_reg_not_init(regs + regno);
-@@ -596,10 +595,11 @@ static void __mark_reg_unknown(struct bp
- __mark_reg_unbounded(reg);
- }
-
--static void mark_reg_unknown(struct bpf_reg_state *regs, u32 regno)
-+static void mark_reg_unknown(struct bpf_verifier_env *env,
-+ struct bpf_reg_state *regs, u32 regno)
- {
- if (WARN_ON(regno >= MAX_BPF_REG)) {
-- verbose("mark_reg_unknown(regs, %u)\n", regno);
-+ verbose(env, "mark_reg_unknown(regs, %u)\n", regno);
- /* Something bad happened, let's kill all regs */
- for (regno = 0; regno < MAX_BPF_REG; regno++)
- __mark_reg_not_init(regs + regno);
-@@ -614,10 +614,11 @@ static void __mark_reg_not_init(struct b
- reg->type = NOT_INIT;
- }
-
--static void mark_reg_not_init(struct bpf_reg_state *regs, u32 regno)
-+static void mark_reg_not_init(struct bpf_verifier_env *env,
-+ struct bpf_reg_state *regs, u32 regno)
- {
- if (WARN_ON(regno >= MAX_BPF_REG)) {
-- verbose("mark_reg_not_init(regs, %u)\n", regno);
-+ verbose(env, "mark_reg_not_init(regs, %u)\n", regno);
- /* Something bad happened, let's kill all regs */
- for (regno = 0; regno < MAX_BPF_REG; regno++)
- __mark_reg_not_init(regs + regno);
-@@ -626,22 +627,23 @@ static void mark_reg_not_init(struct bpf
- __mark_reg_not_init(regs + regno);
- }
-
--static void init_reg_state(struct bpf_reg_state *regs)
-+static void init_reg_state(struct bpf_verifier_env *env,
-+ struct bpf_reg_state *regs)
- {
- int i;
-
- for (i = 0; i < MAX_BPF_REG; i++) {
-- mark_reg_not_init(regs, i);
-+ mark_reg_not_init(env, regs, i);
- regs[i].live = REG_LIVE_NONE;
- }
-
- /* frame pointer */
- regs[BPF_REG_FP].type = PTR_TO_STACK;
-- mark_reg_known_zero(regs, BPF_REG_FP);
-+ mark_reg_known_zero(env, regs, BPF_REG_FP);
-
- /* 1st arg to a function */
- regs[BPF_REG_1].type = PTR_TO_CTX;
-- mark_reg_known_zero(regs, BPF_REG_1);
-+ mark_reg_known_zero(env, regs, BPF_REG_1);
- }
-
- enum reg_arg_type {
-@@ -675,26 +677,26 @@ static int check_reg_arg(struct bpf_veri
- struct bpf_reg_state *regs = env->cur_state.regs;
-
- if (regno >= MAX_BPF_REG) {
-- verbose("R%d is invalid\n", regno);
-+ verbose(env, "R%d is invalid\n", regno);
- return -EINVAL;
- }
-
- if (t == SRC_OP) {
- /* check whether register used as source operand can be read */
- if (regs[regno].type == NOT_INIT) {
-- verbose("R%d !read_ok\n", regno);
-+ verbose(env, "R%d !read_ok\n", regno);
- return -EACCES;
- }
- mark_reg_read(&env->cur_state, regno);
- } else {
- /* check whether register used as dest operand can be written to */
- if (regno == BPF_REG_FP) {
-- verbose("frame pointer is read only\n");
-+ verbose(env, "frame pointer is read only\n");
- return -EACCES;
- }
- regs[regno].live |= REG_LIVE_WRITTEN;
- if (t == DST_OP)
-- mark_reg_unknown(regs, regno);
-+ mark_reg_unknown(env, regs, regno);
- }
- return 0;
- }
-@@ -718,7 +720,8 @@ static bool is_spillable_regtype(enum bp
- /* check_stack_read/write functions track spill/fill of registers,
- * stack boundary and alignment are checked in check_mem_access()
- */
--static int check_stack_write(struct bpf_verifier_state *state, int off,
-+static int check_stack_write(struct bpf_verifier_env *env,
-+ struct bpf_verifier_state *state, int off,
- int size, int value_regno)
- {
- int i, spi = (MAX_BPF_STACK + off) / BPF_REG_SIZE;
-@@ -731,7 +734,7 @@ static int check_stack_write(struct bpf_
-
- /* register containing pointer is being spilled into stack */
- if (size != BPF_REG_SIZE) {
-- verbose("invalid size of register spill\n");
-+ verbose(env, "invalid size of register spill\n");
- return -EACCES;
- }
-
-@@ -766,7 +769,8 @@ static void mark_stack_slot_read(const s
- }
- }
-
--static int check_stack_read(struct bpf_verifier_state *state, int off, int size,
-+static int check_stack_read(struct bpf_verifier_env *env,
-+ struct bpf_verifier_state *state, int off, int size,
- int value_regno)
- {
- u8 *slot_type;
-@@ -776,12 +780,12 @@ static int check_stack_read(struct bpf_v
-
- if (slot_type[0] == STACK_SPILL) {
- if (size != BPF_REG_SIZE) {
-- verbose("invalid size of register spill\n");
-+ verbose(env, "invalid size of register spill\n");
- return -EACCES;
- }
- for (i = 1; i < BPF_REG_SIZE; i++) {
- if (slot_type[i] != STACK_SPILL) {
-- verbose("corrupted spill memory\n");
-+ verbose(env, "corrupted spill memory\n");
- return -EACCES;
- }
- }
-@@ -797,14 +801,14 @@ static int check_stack_read(struct bpf_v
- } else {
- for (i = 0; i < size; i++) {
- if (slot_type[i] != STACK_MISC) {
-- verbose("invalid read from stack off %d+%d size %d\n",
-+ verbose(env, "invalid read from stack off %d+%d size %d\n",
- off, i, size);
- return -EACCES;
- }
- }
- if (value_regno >= 0)
- /* have read misc data from the stack */
-- mark_reg_unknown(state->regs, value_regno);
-+ mark_reg_unknown(env, state->regs, value_regno);
- return 0;
- }
- }
-@@ -816,7 +820,7 @@ static int __check_map_access(struct bpf
- struct bpf_map *map = env->cur_state.regs[regno].map_ptr;
-
- if (off < 0 || size <= 0 || off + size > map->value_size) {
-- verbose("invalid access to map value, value_size=%d off=%d size=%d\n",
-+ verbose(env, "invalid access to map value, value_size=%d off=%d size=%d\n",
- map->value_size, off, size);
- return -EACCES;
- }
-@@ -835,8 +839,8 @@ static int check_map_access(struct bpf_v
- * need to try adding each of min_value and max_value to off
- * to make sure our theoretical access will be safe.
- */
-- if (verifier_log.level)
-- print_verifier_state(state);
-+ if (env->log.level)
-+ print_verifier_state(env, state);
- /* The minimum value is only important with signed
- * comparisons where we can't assume the floor of a
- * value is 0. If we are using signed variables for our
-@@ -844,13 +848,14 @@ static int check_map_access(struct bpf_v
- * will have a set floor within our range.
- */
- if (reg->smin_value < 0) {
-- verbose("R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n",
-+ verbose(env, "R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n",
- regno);
- return -EACCES;
- }
- err = __check_map_access(env, regno, reg->smin_value + off, size);
- if (err) {
-- verbose("R%d min value is outside of the array range\n", regno);
-+ verbose(env, "R%d min value is outside of the array range\n",
-+ regno);
- return err;
- }
-
-@@ -859,13 +864,14 @@ static int check_map_access(struct bpf_v
- * If reg->umax_value + off could overflow, treat that as unbounded too.
- */
- if (reg->umax_value >= BPF_MAX_VAR_OFF) {
-- verbose("R%d unbounded memory access, make sure to bounds check any array access into a map\n",
-+ verbose(env, "R%d unbounded memory access, make sure to bounds check any array access into a map\n",
- regno);
- return -EACCES;
- }
- err = __check_map_access(env, regno, reg->umax_value + off, size);
- if (err)
-- verbose("R%d max value is outside of the array range\n", regno);
-+ verbose(env, "R%d max value is outside of the array range\n",
-+ regno);
- return err;
- }
-
-@@ -904,7 +910,7 @@ static int __check_packet_access(struct
- struct bpf_reg_state *reg = ®s[regno];
-
- if (off < 0 || size <= 0 || (u64)off + size > reg->range) {
-- verbose("invalid access to packet, off=%d size=%d, R%d(id=%d,off=%d,r=%d)\n",
-+ verbose(env, "invalid access to packet, off=%d size=%d, R%d(id=%d,off=%d,r=%d)\n",
- off, size, regno, reg->id, reg->off, reg->range);
- return -EACCES;
- }
-@@ -927,13 +933,13 @@ static int check_packet_access(struct bp
- * detail to prove they're safe.
- */
- if (reg->smin_value < 0) {
-- verbose("R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n",
-+ verbose(env, "R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n",
- regno);
- return -EACCES;
- }
- err = __check_packet_access(env, regno, off, size);
- if (err) {
-- verbose("R%d offset is outside of the packet\n", regno);
-+ verbose(env, "R%d offset is outside of the packet\n", regno);
- return err;
- }
- return err;
-@@ -969,7 +975,7 @@ static int check_ctx_access(struct bpf_v
- return 0;
- }
-
-- verbose("invalid bpf_context access off=%d size=%d\n", off, size);
-+ verbose(env, "invalid bpf_context access off=%d size=%d\n", off, size);
- return -EACCES;
- }
-
-@@ -987,7 +993,8 @@ static bool is_pointer_value(struct bpf_
- return __is_pointer_value(env->allow_ptr_leaks, &env->cur_state.regs[regno]);
- }
-
--static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg,
-+static int check_pkt_ptr_alignment(struct bpf_verifier_env *env,
-+ const struct bpf_reg_state *reg,
- int off, int size, bool strict)
- {
- struct tnum reg_off;
-@@ -1012,7 +1019,8 @@ static int check_pkt_ptr_alignment(const
- char tn_buf[48];
-
- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
-- verbose("misaligned packet access off %d+%s+%d+%d size %d\n",
-+ verbose(env,
-+ "misaligned packet access off %d+%s+%d+%d size %d\n",
- ip_align, tn_buf, reg->off, off, size);
- return -EACCES;
- }
-@@ -1020,7 +1028,8 @@ static int check_pkt_ptr_alignment(const
- return 0;
- }
-
--static int check_generic_ptr_alignment(const struct bpf_reg_state *reg,
-+static int check_generic_ptr_alignment(struct bpf_verifier_env *env,
-+ const struct bpf_reg_state *reg,
- const char *pointer_desc,
- int off, int size, bool strict)
- {
-@@ -1035,7 +1044,7 @@ static int check_generic_ptr_alignment(c
- char tn_buf[48];
-
- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
-- verbose("misaligned %saccess off %s+%d+%d size %d\n",
-+ verbose(env, "misaligned %saccess off %s+%d+%d size %d\n",
- pointer_desc, tn_buf, reg->off, off, size);
- return -EACCES;
- }
-@@ -1053,7 +1062,7 @@ static int check_ptr_alignment(struct bp
- switch (reg->type) {
- case PTR_TO_PACKET:
- /* special case, because of NET_IP_ALIGN */
-- return check_pkt_ptr_alignment(reg, off, size, strict);
-+ return check_pkt_ptr_alignment(env, reg, off, size, strict);
- case PTR_TO_MAP_VALUE:
- pointer_desc = "value ";
- break;
-@@ -1066,7 +1075,8 @@ static int check_ptr_alignment(struct bp
- default:
- break;
- }
-- return check_generic_ptr_alignment(reg, pointer_desc, off, size, strict);
-+ return check_generic_ptr_alignment(env, reg, pointer_desc, off, size,
-+ strict);
- }
-
- /* check whether memory at (regno + off) is accessible for t = (read | write)
-@@ -1098,27 +1108,27 @@ static int check_mem_access(struct bpf_v
- if (reg->type == PTR_TO_MAP_VALUE) {
- if (t == BPF_WRITE && value_regno >= 0 &&
- is_pointer_value(env, value_regno)) {
-- verbose("R%d leaks addr into map\n", value_regno);
-+ verbose(env, "R%d leaks addr into map\n", value_regno);
- return -EACCES;
- }
-
- err = check_map_access(env, regno, off, size);
- if (!err && t == BPF_READ && value_regno >= 0)
-- mark_reg_unknown(state->regs, value_regno);
-+ mark_reg_unknown(env, state->regs, value_regno);
-
- } else if (reg->type == PTR_TO_CTX) {
- enum bpf_reg_type reg_type = SCALAR_VALUE;
-
- if (t == BPF_WRITE && value_regno >= 0 &&
- is_pointer_value(env, value_regno)) {
-- verbose("R%d leaks addr into ctx\n", value_regno);
-+ verbose(env, "R%d leaks addr into ctx\n", value_regno);
- return -EACCES;
- }
- /* ctx accesses must be at a fixed offset, so that we can
- * determine what type of data were returned.
- */
- if (reg->off) {
-- verbose("dereference of modified ctx ptr R%d off=%d+%d, ctx+const is allowed, ctx+const+const is not\n",
-+ verbose(env, "dereference of modified ctx ptr R%d off=%d+%d, ctx+const is allowed, ctx+const+const is not\n",
- regno, reg->off, off - reg->off);
- return -EACCES;
- }
-@@ -1126,7 +1136,8 @@ static int check_mem_access(struct bpf_v
- char tn_buf[48];
-
- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
-- verbose("variable ctx access var_off=%s off=%d size=%d",
-+ verbose(env,
-+ "variable ctx access var_off=%s off=%d size=%d",
- tn_buf, off, size);
- return -EACCES;
- }
-@@ -1137,9 +1148,10 @@ static int check_mem_access(struct bpf_v
- * the offset is zero.
- */
- if (reg_type == SCALAR_VALUE)
-- mark_reg_unknown(state->regs, value_regno);
-+ mark_reg_unknown(env, state->regs, value_regno);
- else
-- mark_reg_known_zero(state->regs, value_regno);
-+ mark_reg_known_zero(env, state->regs,
-+ value_regno);
- state->regs[value_regno].id = 0;
- state->regs[value_regno].off = 0;
- state->regs[value_regno].range = 0;
-@@ -1155,13 +1167,14 @@ static int check_mem_access(struct bpf_v
- char tn_buf[48];
-
- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
-- verbose("variable stack access var_off=%s off=%d size=%d",
-+ verbose(env, "variable stack access var_off=%s off=%d size=%d",
- tn_buf, off, size);
- return -EACCES;
- }
- off += reg->var_off.value;
- if (off >= 0 || off < -MAX_BPF_STACK) {
-- verbose("invalid stack off=%d size=%d\n", off, size);
-+ verbose(env, "invalid stack off=%d size=%d\n", off,
-+ size);
- return -EACCES;
- }
-
-@@ -1172,28 +1185,31 @@ static int check_mem_access(struct bpf_v
- if (!env->allow_ptr_leaks &&
- state->stack_slot_type[MAX_BPF_STACK + off] == STACK_SPILL &&
- size != BPF_REG_SIZE) {
-- verbose("attempt to corrupt spilled pointer on stack\n");
-+ verbose(env, "attempt to corrupt spilled pointer on stack\n");
- return -EACCES;
- }
-- err = check_stack_write(state, off, size, value_regno);
-+ err = check_stack_write(env, state, off, size,
-+ value_regno);
- } else {
-- err = check_stack_read(state, off, size, value_regno);
-+ err = check_stack_read(env, state, off, size,
-+ value_regno);
- }
- } else if (reg->type == PTR_TO_PACKET) {
- if (t == BPF_WRITE && !may_access_direct_pkt_data(env, NULL, t)) {
-- verbose("cannot write into packet\n");
-+ verbose(env, "cannot write into packet\n");
- return -EACCES;
- }
- if (t == BPF_WRITE && value_regno >= 0 &&
- is_pointer_value(env, value_regno)) {
-- verbose("R%d leaks addr into packet\n", value_regno);
-+ verbose(env, "R%d leaks addr into packet\n",
-+ value_regno);
- return -EACCES;
- }
- err = check_packet_access(env, regno, off, size);
- if (!err && t == BPF_READ && value_regno >= 0)
-- mark_reg_unknown(state->regs, value_regno);
-+ mark_reg_unknown(env, state->regs, value_regno);
- } else {
-- verbose("R%d invalid mem access '%s'\n",
-+ verbose(env, "R%d invalid mem access '%s'\n",
- regno, reg_type_str[reg->type]);
- return -EACCES;
- }
-@@ -1214,7 +1230,7 @@ static int check_xadd(struct bpf_verifie
-
- if ((BPF_SIZE(insn->code) != BPF_W && BPF_SIZE(insn->code) != BPF_DW) ||
- insn->imm != 0) {
-- verbose("BPF_XADD uses reserved fields\n");
-+ verbose(env, "BPF_XADD uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -1229,7 +1245,7 @@ static int check_xadd(struct bpf_verifie
- return err;
-
- if (is_pointer_value(env, insn->src_reg)) {
-- verbose("R%d leaks addr into mem\n", insn->src_reg);
-+ verbose(env, "R%d leaks addr into mem\n", insn->src_reg);
- return -EACCES;
- }
-
-@@ -1270,7 +1286,7 @@ static int check_stack_boundary(struct b
- register_is_null(regs[regno]))
- return 0;
-
-- verbose("R%d type=%s expected=%s\n", regno,
-+ verbose(env, "R%d type=%s expected=%s\n", regno,
- reg_type_str[regs[regno].type],
- reg_type_str[PTR_TO_STACK]);
- return -EACCES;
-@@ -1281,13 +1297,13 @@ static int check_stack_boundary(struct b
- char tn_buf[48];
-
- tnum_strn(tn_buf, sizeof(tn_buf), regs[regno].var_off);
-- verbose("invalid variable stack read R%d var_off=%s\n",
-+ verbose(env, "invalid variable stack read R%d var_off=%s\n",
- regno, tn_buf);
- }
- off = regs[regno].off + regs[regno].var_off.value;
- if (off >= 0 || off < -MAX_BPF_STACK || off + access_size > 0 ||
- access_size <= 0) {
-- verbose("invalid stack type R%d off=%d access_size=%d\n",
-+ verbose(env, "invalid stack type R%d off=%d access_size=%d\n",
- regno, off, access_size);
- return -EACCES;
- }
-@@ -1303,7 +1319,7 @@ static int check_stack_boundary(struct b
-
- for (i = 0; i < access_size; i++) {
- if (state->stack_slot_type[MAX_BPF_STACK + off + i] != STACK_MISC) {
-- verbose("invalid indirect read from stack off %d+%d size %d\n",
-+ verbose(env, "invalid indirect read from stack off %d+%d size %d\n",
- off, i, access_size);
- return -EACCES;
- }
-@@ -1345,7 +1361,8 @@ static int check_func_arg(struct bpf_ver
-
- if (arg_type == ARG_ANYTHING) {
- if (is_pointer_value(env, regno)) {
-- verbose("R%d leaks addr into helper function\n", regno);
-+ verbose(env, "R%d leaks addr into helper function\n",
-+ regno);
- return -EACCES;
- }
- return 0;
-@@ -1353,7 +1370,7 @@ static int check_func_arg(struct bpf_ver
-
- if (type == PTR_TO_PACKET &&
- !may_access_direct_pkt_data(env, meta, BPF_READ)) {
-- verbose("helper access to the packet is not allowed\n");
-+ verbose(env, "helper access to the packet is not allowed\n");
- return -EACCES;
- }
-
-@@ -1389,7 +1406,7 @@ static int check_func_arg(struct bpf_ver
- goto err_type;
- meta->raw_mode = arg_type == ARG_PTR_TO_UNINIT_MEM;
- } else {
-- verbose("unsupported arg_type %d\n", arg_type);
-+ verbose(env, "unsupported arg_type %d\n", arg_type);
- return -EFAULT;
- }
-
-@@ -1407,7 +1424,7 @@ static int check_func_arg(struct bpf_ver
- * we have to check map_key here. Otherwise it means
- * that kernel subsystem misconfigured verifier
- */
-- verbose("invalid map_ptr to access map->key\n");
-+ verbose(env, "invalid map_ptr to access map->key\n");
- return -EACCES;
- }
- if (type == PTR_TO_PACKET)
-@@ -1423,7 +1440,7 @@ static int check_func_arg(struct bpf_ver
- */
- if (!meta->map_ptr) {
- /* kernel subsystem misconfigured verifier */
-- verbose("invalid map_ptr to access map->value\n");
-+ verbose(env, "invalid map_ptr to access map->value\n");
- return -EACCES;
- }
- if (type == PTR_TO_PACKET)
-@@ -1443,7 +1460,8 @@ static int check_func_arg(struct bpf_ver
- */
- if (regno == 0) {
- /* kernel subsystem misconfigured verifier */
-- verbose("ARG_CONST_SIZE cannot be first argument\n");
-+ verbose(env,
-+ "ARG_CONST_SIZE cannot be first argument\n");
- return -EACCES;
- }
-
-@@ -1460,7 +1478,7 @@ static int check_func_arg(struct bpf_ver
- meta = NULL;
-
- if (reg->smin_value < 0) {
-- verbose("R%d min value is negative, either use unsigned or 'var &= const'\n",
-+ verbose(env, "R%d min value is negative, either use unsigned or 'var &= const'\n",
- regno);
- return -EACCES;
- }
-@@ -1474,7 +1492,7 @@ static int check_func_arg(struct bpf_ver
- }
-
- if (reg->umax_value >= BPF_MAX_VAR_SIZ) {
-- verbose("R%d unbounded memory access, use 'var &= const' or 'if (var < const)'\n",
-+ verbose(env, "R%d unbounded memory access, use 'var &= const' or 'if (var < const)'\n",
- regno);
- return -EACCES;
- }
-@@ -1485,12 +1503,13 @@ static int check_func_arg(struct bpf_ver
-
- return err;
- err_type:
-- verbose("R%d type=%s expected=%s\n", regno,
-+ verbose(env, "R%d type=%s expected=%s\n", regno,
- reg_type_str[type], reg_type_str[expected_type]);
- return -EACCES;
- }
-
--static int check_map_func_compatibility(struct bpf_map *map, int func_id)
-+static int check_map_func_compatibility(struct bpf_verifier_env *env,
-+ struct bpf_map *map, int func_id)
- {
- if (!map)
- return 0;
-@@ -1576,7 +1595,7 @@ static int check_map_func_compatibility(
-
- return 0;
- error:
-- verbose("cannot pass map_type %d into func %s#%d\n",
-+ verbose(env, "cannot pass map_type %d into func %s#%d\n",
- map->map_type, func_id_name(func_id), func_id);
- return -EINVAL;
- }
-@@ -1611,7 +1630,7 @@ static void clear_all_pkt_pointers(struc
- for (i = 0; i < MAX_BPF_REG; i++)
- if (regs[i].type == PTR_TO_PACKET ||
- regs[i].type == PTR_TO_PACKET_END)
-- mark_reg_unknown(regs, i);
-+ mark_reg_unknown(env, regs, i);
-
- for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) {
- if (state->stack_slot_type[i] != STACK_SPILL)
-@@ -1635,7 +1654,8 @@ static int check_call(struct bpf_verifie
-
- /* find function prototype */
- if (func_id < 0 || func_id >= __BPF_FUNC_MAX_ID) {
-- verbose("invalid func %s#%d\n", func_id_name(func_id), func_id);
-+ verbose(env, "invalid func %s#%d\n", func_id_name(func_id),
-+ func_id);
- return -EINVAL;
- }
-
-@@ -1643,13 +1663,14 @@ static int check_call(struct bpf_verifie
- fn = env->prog->aux->ops->get_func_proto(func_id);
-
- if (!fn) {
-- verbose("unknown func %s#%d\n", func_id_name(func_id), func_id);
-+ verbose(env, "unknown func %s#%d\n", func_id_name(func_id),
-+ func_id);
- return -EINVAL;
- }
-
- /* eBPF programs must be GPL compatible to use GPL-ed functions */
- if (!env->prog->gpl_compatible && fn->gpl_only) {
-- verbose("cannot call GPL only function from proprietary program\n");
-+ verbose(env, "cannot call GPL only function from proprietary program\n");
- return -EINVAL;
- }
-
-@@ -1663,7 +1684,7 @@ static int check_call(struct bpf_verifie
- */
- err = check_raw_mode(fn);
- if (err) {
-- verbose("kernel subsystem misconfigured func %s#%d\n",
-+ verbose(env, "kernel subsystem misconfigured func %s#%d\n",
- func_id_name(func_id), func_id);
- return err;
- }
-@@ -1696,14 +1717,14 @@ static int check_call(struct bpf_verifie
-
- /* reset caller saved regs */
- for (i = 0; i < CALLER_SAVED_REGS; i++) {
-- mark_reg_not_init(regs, caller_saved[i]);
-+ mark_reg_not_init(env, regs, caller_saved[i]);
- check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK);
- }
-
- /* update return register (already marked as written above) */
- if (fn->ret_type == RET_INTEGER) {
- /* sets type to SCALAR_VALUE */
-- mark_reg_unknown(regs, BPF_REG_0);
-+ mark_reg_unknown(env, regs, BPF_REG_0);
- } else if (fn->ret_type == RET_VOID) {
- regs[BPF_REG_0].type = NOT_INIT;
- } else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL) {
-@@ -1711,14 +1732,15 @@ static int check_call(struct bpf_verifie
-
- regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL;
- /* There is no offset yet applied, variable or fixed */
-- mark_reg_known_zero(regs, BPF_REG_0);
-+ mark_reg_known_zero(env, regs, BPF_REG_0);
- regs[BPF_REG_0].off = 0;
- /* remember map_ptr, so that check_map_access()
- * can check 'value_size' boundary of memory access
- * to map element returned from bpf_map_lookup_elem()
- */
- if (meta.map_ptr == NULL) {
-- verbose("kernel subsystem misconfigured verifier\n");
-+ verbose(env,
-+ "kernel subsystem misconfigured verifier\n");
- return -EINVAL;
- }
- regs[BPF_REG_0].map_ptr = meta.map_ptr;
-@@ -1729,12 +1751,12 @@ static int check_call(struct bpf_verifie
- else if (insn_aux->map_ptr != meta.map_ptr)
- insn_aux->map_ptr = BPF_MAP_PTR_POISON;
- } else {
-- verbose("unknown return type %d of func %s#%d\n",
-+ verbose(env, "unknown return type %d of func %s#%d\n",
- fn->ret_type, func_id_name(func_id), func_id);
- return -EINVAL;
- }
-
-- err = check_map_func_compatibility(meta.map_ptr, func_id);
-+ err = check_map_func_compatibility(env, meta.map_ptr, func_id);
- if (err)
- return err;
-
-@@ -1793,39 +1815,42 @@ static int adjust_ptr_min_max_vals(struc
- dst_reg = ®s[dst];
-
- if (WARN_ON_ONCE(known && (smin_val != smax_val))) {
-- print_verifier_state(&env->cur_state);
-- verbose("verifier internal error: known but bad sbounds\n");
-+ print_verifier_state(env, &env->cur_state);
-+ verbose(env,
-+ "verifier internal error: known but bad sbounds\n");
- return -EINVAL;
- }
- if (WARN_ON_ONCE(known && (umin_val != umax_val))) {
-- print_verifier_state(&env->cur_state);
-- verbose("verifier internal error: known but bad ubounds\n");
-+ print_verifier_state(env, &env->cur_state);
-+ verbose(env,
-+ "verifier internal error: known but bad ubounds\n");
- return -EINVAL;
- }
-
- if (BPF_CLASS(insn->code) != BPF_ALU64) {
- /* 32-bit ALU ops on pointers produce (meaningless) scalars */
- if (!env->allow_ptr_leaks)
-- verbose("R%d 32-bit pointer arithmetic prohibited\n",
-+ verbose(env,
-+ "R%d 32-bit pointer arithmetic prohibited\n",
- dst);
- return -EACCES;
- }
-
- if (ptr_reg->type == PTR_TO_MAP_VALUE_OR_NULL) {
- if (!env->allow_ptr_leaks)
-- verbose("R%d pointer arithmetic on PTR_TO_MAP_VALUE_OR_NULL prohibited, null-check it first\n",
-+ verbose(env, "R%d pointer arithmetic on PTR_TO_MAP_VALUE_OR_NULL prohibited, null-check it first\n",
- dst);
- return -EACCES;
- }
- if (ptr_reg->type == CONST_PTR_TO_MAP) {
- if (!env->allow_ptr_leaks)
-- verbose("R%d pointer arithmetic on CONST_PTR_TO_MAP prohibited\n",
-+ verbose(env, "R%d pointer arithmetic on CONST_PTR_TO_MAP prohibited\n",
- dst);
- return -EACCES;
- }
- if (ptr_reg->type == PTR_TO_PACKET_END) {
- if (!env->allow_ptr_leaks)
-- verbose("R%d pointer arithmetic on PTR_TO_PACKET_END prohibited\n",
-+ verbose(env, "R%d pointer arithmetic on PTR_TO_PACKET_END prohibited\n",
- dst);
- return -EACCES;
- }
-@@ -1890,7 +1915,7 @@ static int adjust_ptr_min_max_vals(struc
- if (dst_reg == off_reg) {
- /* scalar -= pointer. Creates an unknown scalar */
- if (!env->allow_ptr_leaks)
-- verbose("R%d tried to subtract pointer from scalar\n",
-+ verbose(env, "R%d tried to subtract pointer from scalar\n",
- dst);
- return -EACCES;
- }
-@@ -1900,7 +1925,7 @@ static int adjust_ptr_min_max_vals(struc
- */
- if (ptr_reg->type == PTR_TO_STACK) {
- if (!env->allow_ptr_leaks)
-- verbose("R%d subtraction from stack pointer prohibited\n",
-+ verbose(env, "R%d subtraction from stack pointer prohibited\n",
- dst);
- return -EACCES;
- }
-@@ -1955,13 +1980,13 @@ static int adjust_ptr_min_max_vals(struc
- * ptr &= ~3 which would reduce min_value by 3.)
- */
- if (!env->allow_ptr_leaks)
-- verbose("R%d bitwise operator %s on pointer prohibited\n",
-+ verbose(env, "R%d bitwise operator %s on pointer prohibited\n",
- dst, bpf_alu_string[opcode >> 4]);
- return -EACCES;
- default:
- /* other operators (e.g. MUL,LSH) produce non-pointer results */
- if (!env->allow_ptr_leaks)
-- verbose("R%d pointer arithmetic with %s operator prohibited\n",
-+ verbose(env, "R%d pointer arithmetic with %s operator prohibited\n",
- dst, bpf_alu_string[opcode >> 4]);
- return -EACCES;
- }
-@@ -2127,7 +2152,7 @@ static int adjust_scalar_min_max_vals(st
- /* Shifts greater than 63 are undefined. This includes
- * shifts by a negative number.
- */
-- mark_reg_unknown(regs, insn->dst_reg);
-+ mark_reg_unknown(env, regs, insn->dst_reg);
- break;
- }
- /* We lose all sign bit information (except what we can pick
-@@ -2155,7 +2180,7 @@ static int adjust_scalar_min_max_vals(st
- /* Shifts greater than 63 are undefined. This includes
- * shifts by a negative number.
- */
-- mark_reg_unknown(regs, insn->dst_reg);
-+ mark_reg_unknown(env, regs, insn->dst_reg);
- break;
- }
- /* BPF_RSH is an unsigned shift, so make the appropriate casts */
-@@ -2183,7 +2208,7 @@ static int adjust_scalar_min_max_vals(st
- __update_reg_bounds(dst_reg);
- break;
- default:
-- mark_reg_unknown(regs, insn->dst_reg);
-+ mark_reg_unknown(env, regs, insn->dst_reg);
- break;
- }
-
-@@ -2215,12 +2240,12 @@ static int adjust_reg_min_max_vals(struc
- * an arbitrary scalar.
- */
- if (!env->allow_ptr_leaks) {
-- verbose("R%d pointer %s pointer prohibited\n",
-+ verbose(env, "R%d pointer %s pointer prohibited\n",
- insn->dst_reg,
- bpf_alu_string[opcode >> 4]);
- return -EACCES;
- }
-- mark_reg_unknown(regs, insn->dst_reg);
-+ mark_reg_unknown(env, regs, insn->dst_reg);
- return 0;
- } else {
- /* scalar += pointer
-@@ -2272,13 +2297,13 @@ static int adjust_reg_min_max_vals(struc
-
- /* Got here implies adding two SCALAR_VALUEs */
- if (WARN_ON_ONCE(ptr_reg)) {
-- print_verifier_state(&env->cur_state);
-- verbose("verifier internal error: unexpected ptr_reg\n");
-+ print_verifier_state(env, &env->cur_state);
-+ verbose(env, "verifier internal error: unexpected ptr_reg\n");
- return -EINVAL;
- }
- if (WARN_ON(!src_reg)) {
-- print_verifier_state(&env->cur_state);
-- verbose("verifier internal error: no src_reg\n");
-+ print_verifier_state(env, &env->cur_state);
-+ verbose(env, "verifier internal error: no src_reg\n");
- return -EINVAL;
- }
- return adjust_scalar_min_max_vals(env, insn, dst_reg, *src_reg);
-@@ -2296,14 +2321,14 @@ static int check_alu_op(struct bpf_verif
- if (BPF_SRC(insn->code) != 0 ||
- insn->src_reg != BPF_REG_0 ||
- insn->off != 0 || insn->imm != 0) {
-- verbose("BPF_NEG uses reserved fields\n");
-+ verbose(env, "BPF_NEG uses reserved fields\n");
- return -EINVAL;
- }
- } else {
- if (insn->src_reg != BPF_REG_0 || insn->off != 0 ||
- (insn->imm != 16 && insn->imm != 32 && insn->imm != 64) ||
- BPF_CLASS(insn->code) == BPF_ALU64) {
-- verbose("BPF_END uses reserved fields\n");
-+ verbose(env, "BPF_END uses reserved fields\n");
- return -EINVAL;
- }
- }
-@@ -2314,7 +2339,7 @@ static int check_alu_op(struct bpf_verif
- return err;
-
- if (is_pointer_value(env, insn->dst_reg)) {
-- verbose("R%d pointer arithmetic prohibited\n",
-+ verbose(env, "R%d pointer arithmetic prohibited\n",
- insn->dst_reg);
- return -EACCES;
- }
-@@ -2328,7 +2353,7 @@ static int check_alu_op(struct bpf_verif
-
- if (BPF_SRC(insn->code) == BPF_X) {
- if (insn->imm != 0 || insn->off != 0) {
-- verbose("BPF_MOV uses reserved fields\n");
-+ verbose(env, "BPF_MOV uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -2338,7 +2363,7 @@ static int check_alu_op(struct bpf_verif
- return err;
- } else {
- if (insn->src_reg != BPF_REG_0 || insn->off != 0) {
-- verbose("BPF_MOV uses reserved fields\n");
-+ verbose(env, "BPF_MOV uses reserved fields\n");
- return -EINVAL;
- }
- }
-@@ -2358,11 +2383,12 @@ static int check_alu_op(struct bpf_verif
- } else {
- /* R1 = (u32) R2 */
- if (is_pointer_value(env, insn->src_reg)) {
-- verbose("R%d partial copy of pointer\n",
-+ verbose(env,
-+ "R%d partial copy of pointer\n",
- insn->src_reg);
- return -EACCES;
- }
-- mark_reg_unknown(regs, insn->dst_reg);
-+ mark_reg_unknown(env, regs, insn->dst_reg);
- /* high 32 bits are known zero. */
- regs[insn->dst_reg].var_off = tnum_cast(
- regs[insn->dst_reg].var_off, 4);
-@@ -2377,14 +2403,14 @@ static int check_alu_op(struct bpf_verif
- }
-
- } else if (opcode > BPF_END) {
-- verbose("invalid BPF_ALU opcode %x\n", opcode);
-+ verbose(env, "invalid BPF_ALU opcode %x\n", opcode);
- return -EINVAL;
-
- } else { /* all other ALU ops: and, sub, xor, add, ... */
-
- if (BPF_SRC(insn->code) == BPF_X) {
- if (insn->imm != 0 || insn->off != 0) {
-- verbose("BPF_ALU uses reserved fields\n");
-+ verbose(env, "BPF_ALU uses reserved fields\n");
- return -EINVAL;
- }
- /* check src1 operand */
-@@ -2393,7 +2419,7 @@ static int check_alu_op(struct bpf_verif
- return err;
- } else {
- if (insn->src_reg != BPF_REG_0 || insn->off != 0) {
-- verbose("BPF_ALU uses reserved fields\n");
-+ verbose(env, "BPF_ALU uses reserved fields\n");
- return -EINVAL;
- }
- }
-@@ -2405,7 +2431,7 @@ static int check_alu_op(struct bpf_verif
-
- if ((opcode == BPF_MOD || opcode == BPF_DIV) &&
- BPF_SRC(insn->code) == BPF_K && insn->imm == 0) {
-- verbose("div by zero\n");
-+ verbose(env, "div by zero\n");
- return -EINVAL;
- }
-
-@@ -2414,7 +2440,7 @@ static int check_alu_op(struct bpf_verif
- int size = BPF_CLASS(insn->code) == BPF_ALU64 ? 64 : 32;
-
- if (insn->imm < 0 || insn->imm >= size) {
-- verbose("invalid shift %d\n", insn->imm);
-+ verbose(env, "invalid shift %d\n", insn->imm);
- return -EINVAL;
- }
- }
-@@ -2775,13 +2801,13 @@ static int check_cond_jmp_op(struct bpf_
- int err;
-
- if (opcode > BPF_JSLE) {
-- verbose("invalid BPF_JMP opcode %x\n", opcode);
-+ verbose(env, "invalid BPF_JMP opcode %x\n", opcode);
- return -EINVAL;
- }
-
- if (BPF_SRC(insn->code) == BPF_X) {
- if (insn->imm != 0) {
-- verbose("BPF_JMP uses reserved fields\n");
-+ verbose(env, "BPF_JMP uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -2791,13 +2817,13 @@ static int check_cond_jmp_op(struct bpf_
- return err;
-
- if (is_pointer_value(env, insn->src_reg)) {
-- verbose("R%d pointer comparison prohibited\n",
-+ verbose(env, "R%d pointer comparison prohibited\n",
- insn->src_reg);
- return -EACCES;
- }
- } else {
- if (insn->src_reg != BPF_REG_0) {
-- verbose("BPF_JMP uses reserved fields\n");
-+ verbose(env, "BPF_JMP uses reserved fields\n");
- return -EINVAL;
- }
- }
-@@ -2913,11 +2939,12 @@ static int check_cond_jmp_op(struct bpf_
- /* pkt_end <= pkt_data' */
- find_good_pkt_pointers(this_branch, ®s[insn->src_reg], true);
- } else if (is_pointer_value(env, insn->dst_reg)) {
-- verbose("R%d pointer comparison prohibited\n", insn->dst_reg);
-+ verbose(env, "R%d pointer comparison prohibited\n",
-+ insn->dst_reg);
- return -EACCES;
- }
-- if (verifier_log.level)
-- print_verifier_state(this_branch);
-+ if (env->log.level)
-+ print_verifier_state(env, this_branch);
- return 0;
- }
-
-@@ -2936,11 +2963,11 @@ static int check_ld_imm(struct bpf_verif
- int err;
-
- if (BPF_SIZE(insn->code) != BPF_DW) {
-- verbose("invalid BPF_LD_IMM insn\n");
-+ verbose(env, "invalid BPF_LD_IMM insn\n");
- return -EINVAL;
- }
- if (insn->off != 0) {
-- verbose("BPF_LD_IMM64 uses reserved fields\n");
-+ verbose(env, "BPF_LD_IMM64 uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -2998,14 +3025,14 @@ static int check_ld_abs(struct bpf_verif
- int i, err;
-
- if (!may_access_skb(env->prog->type)) {
-- verbose("BPF_LD_[ABS|IND] instructions not allowed for this program type\n");
-+ verbose(env, "BPF_LD_[ABS|IND] instructions not allowed for this program type\n");
- return -EINVAL;
- }
-
- if (insn->dst_reg != BPF_REG_0 || insn->off != 0 ||
- BPF_SIZE(insn->code) == BPF_DW ||
- (mode == BPF_ABS && insn->src_reg != BPF_REG_0)) {
-- verbose("BPF_LD_[ABS|IND] uses reserved fields\n");
-+ verbose(env, "BPF_LD_[ABS|IND] uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -3015,7 +3042,8 @@ static int check_ld_abs(struct bpf_verif
- return err;
-
- if (regs[BPF_REG_6].type != PTR_TO_CTX) {
-- verbose("at the time of BPF_LD_ABS|IND R6 != pointer to skb\n");
-+ verbose(env,
-+ "at the time of BPF_LD_ABS|IND R6 != pointer to skb\n");
- return -EINVAL;
- }
-
-@@ -3028,7 +3056,7 @@ static int check_ld_abs(struct bpf_verif
-
- /* reset caller saved regs to unreadable */
- for (i = 0; i < CALLER_SAVED_REGS; i++) {
-- mark_reg_not_init(regs, caller_saved[i]);
-+ mark_reg_not_init(env, regs, caller_saved[i]);
- check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK);
- }
-
-@@ -3036,7 +3064,7 @@ static int check_ld_abs(struct bpf_verif
- * the value fetched from the packet.
- * Already marked as written above.
- */
-- mark_reg_unknown(regs, BPF_REG_0);
-+ mark_reg_unknown(env, regs, BPF_REG_0);
- return 0;
- }
-
-@@ -3100,7 +3128,7 @@ static int push_insn(int t, int w, int e
- return 0;
-
- if (w < 0 || w >= env->prog->len) {
-- verbose("jump out of range from insn %d to %d\n", t, w);
-+ verbose(env, "jump out of range from insn %d to %d\n", t, w);
- return -EINVAL;
- }
-
-@@ -3117,13 +3145,13 @@ static int push_insn(int t, int w, int e
- insn_stack[cur_stack++] = w;
- return 1;
- } else if ((insn_state[w] & 0xF0) == DISCOVERED) {
-- verbose("back-edge from insn %d to %d\n", t, w);
-+ verbose(env, "back-edge from insn %d to %d\n", t, w);
- return -EINVAL;
- } else if (insn_state[w] == EXPLORED) {
- /* forward- or cross-edge */
- insn_state[t] = DISCOVERED | e;
- } else {
-- verbose("insn state internal bug\n");
-+ verbose(env, "insn state internal bug\n");
- return -EFAULT;
- }
- return 0;
-@@ -3217,7 +3245,7 @@ peek_stack:
- mark_explored:
- insn_state[t] = EXPLORED;
- if (cur_stack-- <= 0) {
-- verbose("pop stack internal bug\n");
-+ verbose(env, "pop stack internal bug\n");
- ret = -EFAULT;
- goto err_free;
- }
-@@ -3226,7 +3254,7 @@ mark_explored:
- check_state:
- for (i = 0; i < insn_cnt; i++) {
- if (insn_state[i] != EXPLORED) {
-- verbose("unreachable insn %d\n", i);
-+ verbose(env, "unreachable insn %d\n", i);
- ret = -EINVAL;
- goto err_free;
- }
-@@ -3606,7 +3634,7 @@ static int do_check(struct bpf_verifier_
- int insn_processed = 0;
- bool do_print_state = false;
-
-- init_reg_state(regs);
-+ init_reg_state(env, regs);
- state->parent = NULL;
- insn_idx = 0;
- for (;;) {
-@@ -3615,7 +3643,7 @@ static int do_check(struct bpf_verifier_
- int err;
-
- if (insn_idx >= insn_cnt) {
-- verbose("invalid insn idx %d insn_cnt %d\n",
-+ verbose(env, "invalid insn idx %d insn_cnt %d\n",
- insn_idx, insn_cnt);
- return -EFAULT;
- }
-@@ -3624,7 +3652,8 @@ static int do_check(struct bpf_verifier_
- class = BPF_CLASS(insn->code);
-
- if (++insn_processed > BPF_COMPLEXITY_LIMIT_INSNS) {
-- verbose("BPF program is too large. Processed %d insn\n",
-+ verbose(env,
-+ "BPF program is too large. Processed %d insn\n",
- insn_processed);
- return -E2BIG;
- }
-@@ -3634,12 +3663,12 @@ static int do_check(struct bpf_verifier_
- return err;
- if (err == 1) {
- /* found equivalent state, can prune the search */
-- if (verifier_log.level) {
-+ if (env->log.level) {
- if (do_print_state)
-- verbose("\nfrom %d to %d: safe\n",
-+ verbose(env, "\nfrom %d to %d: safe\n",
- prev_insn_idx, insn_idx);
- else
-- verbose("%d: safe\n", insn_idx);
-+ verbose(env, "%d: safe\n", insn_idx);
- }
- goto process_bpf_exit;
- }
-@@ -3647,19 +3676,18 @@ static int do_check(struct bpf_verifier_
- if (need_resched())
- cond_resched();
-
-- if (verifier_log.level > 1 ||
-- (verifier_log.level && do_print_state)) {
-- if (verifier_log.level > 1)
-- verbose("%d:", insn_idx);
-+ if (env->log.level > 1 || (env->log.level && do_print_state)) {
-+ if (env->log.level > 1)
-+ verbose(env, "%d:", insn_idx);
- else
-- verbose("\nfrom %d to %d:",
-+ verbose(env, "\nfrom %d to %d:",
- prev_insn_idx, insn_idx);
-- print_verifier_state(&env->cur_state);
-+ print_verifier_state(env, &env->cur_state);
- do_print_state = false;
- }
-
-- if (verifier_log.level) {
-- verbose("%d: ", insn_idx);
-+ if (env->log.level) {
-+ verbose(env, "%d: ", insn_idx);
- print_bpf_insn(env, insn);
- }
-
-@@ -3716,7 +3744,7 @@ static int do_check(struct bpf_verifier_
- * src_reg == stack|map in some other branch.
- * Reject it.
- */
-- verbose("same insn cannot be used with different pointers\n");
-+ verbose(env, "same insn cannot be used with different pointers\n");
- return -EINVAL;
- }
-
-@@ -3756,14 +3784,14 @@ static int do_check(struct bpf_verifier_
- } else if (dst_reg_type != *prev_dst_type &&
- (dst_reg_type == PTR_TO_CTX ||
- *prev_dst_type == PTR_TO_CTX)) {
-- verbose("same insn cannot be used with different pointers\n");
-+ verbose(env, "same insn cannot be used with different pointers\n");
- return -EINVAL;
- }
-
- } else if (class == BPF_ST) {
- if (BPF_MODE(insn->code) != BPF_MEM ||
- insn->src_reg != BPF_REG_0) {
-- verbose("BPF_ST uses reserved fields\n");
-+ verbose(env, "BPF_ST uses reserved fields\n");
- return -EINVAL;
- }
- /* check src operand */
-@@ -3786,7 +3814,7 @@ static int do_check(struct bpf_verifier_
- insn->off != 0 ||
- insn->src_reg != BPF_REG_0 ||
- insn->dst_reg != BPF_REG_0) {
-- verbose("BPF_CALL uses reserved fields\n");
-+ verbose(env, "BPF_CALL uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -3799,7 +3827,7 @@ static int do_check(struct bpf_verifier_
- insn->imm != 0 ||
- insn->src_reg != BPF_REG_0 ||
- insn->dst_reg != BPF_REG_0) {
-- verbose("BPF_JA uses reserved fields\n");
-+ verbose(env, "BPF_JA uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -3811,7 +3839,7 @@ static int do_check(struct bpf_verifier_
- insn->imm != 0 ||
- insn->src_reg != BPF_REG_0 ||
- insn->dst_reg != BPF_REG_0) {
-- verbose("BPF_EXIT uses reserved fields\n");
-+ verbose(env, "BPF_EXIT uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -3826,7 +3854,7 @@ static int do_check(struct bpf_verifier_
- return err;
-
- if (is_pointer_value(env, BPF_REG_0)) {
-- verbose("R0 leaks addr as return value\n");
-+ verbose(env, "R0 leaks addr as return value\n");
- return -EACCES;
- }
-
-@@ -3858,19 +3886,19 @@ process_bpf_exit:
-
- insn_idx++;
- } else {
-- verbose("invalid BPF_LD mode\n");
-+ verbose(env, "invalid BPF_LD mode\n");
- return -EINVAL;
- }
- } else {
-- verbose("unknown insn class %d\n", class);
-+ verbose(env, "unknown insn class %d\n", class);
- return -EINVAL;
- }
-
- insn_idx++;
- }
-
-- verbose("processed %d insns, stack depth %d\n",
-- insn_processed, env->prog->aux->stack_depth);
-+ verbose(env, "processed %d insns, stack depth %d\n", insn_processed,
-+ env->prog->aux->stack_depth);
- return 0;
- }
-
-@@ -3882,7 +3910,8 @@ static int check_map_prealloc(struct bpf
- !(map->map_flags & BPF_F_NO_PREALLOC);
- }
-
--static int check_map_prog_compatibility(struct bpf_map *map,
-+static int check_map_prog_compatibility(struct bpf_verifier_env *env,
-+ struct bpf_map *map,
- struct bpf_prog *prog)
-
- {
-@@ -3893,12 +3922,12 @@ static int check_map_prog_compatibility(
- */
- if (prog->type == BPF_PROG_TYPE_PERF_EVENT) {
- if (!check_map_prealloc(map)) {
-- verbose("perf_event programs can only use preallocated hash map\n");
-+ verbose(env, "perf_event programs can only use preallocated hash map\n");
- return -EINVAL;
- }
- if (map->inner_map_meta &&
- !check_map_prealloc(map->inner_map_meta)) {
-- verbose("perf_event programs can only use preallocated inner hash map\n");
-+ verbose(env, "perf_event programs can only use preallocated inner hash map\n");
- return -EINVAL;
- }
- }
-@@ -3921,14 +3950,14 @@ static int replace_map_fd_with_map_ptr(s
- for (i = 0; i < insn_cnt; i++, insn++) {
- if (BPF_CLASS(insn->code) == BPF_LDX &&
- (BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) {
-- verbose("BPF_LDX uses reserved fields\n");
-+ verbose(env, "BPF_LDX uses reserved fields\n");
- return -EINVAL;
- }
-
- if (BPF_CLASS(insn->code) == BPF_STX &&
- ((BPF_MODE(insn->code) != BPF_MEM &&
- BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) {
-- verbose("BPF_STX uses reserved fields\n");
-+ verbose(env, "BPF_STX uses reserved fields\n");
- return -EINVAL;
- }
-
-@@ -3939,7 +3968,7 @@ static int replace_map_fd_with_map_ptr(s
- if (i == insn_cnt - 1 || insn[1].code != 0 ||
- insn[1].dst_reg != 0 || insn[1].src_reg != 0 ||
- insn[1].off != 0) {
-- verbose("invalid bpf_ld_imm64 insn\n");
-+ verbose(env, "invalid bpf_ld_imm64 insn\n");
- return -EINVAL;
- }
-
-@@ -3948,19 +3977,20 @@ static int replace_map_fd_with_map_ptr(s
- goto next_insn;
-
- if (insn->src_reg != BPF_PSEUDO_MAP_FD) {
-- verbose("unrecognized bpf_ld_imm64 insn\n");
-+ verbose(env,
-+ "unrecognized bpf_ld_imm64 insn\n");
- return -EINVAL;
- }
-
- f = fdget(insn->imm);
- map = __bpf_map_get(f);
- if (IS_ERR(map)) {
-- verbose("fd %d is not pointing to valid bpf_map\n",
-+ verbose(env, "fd %d is not pointing to valid bpf_map\n",
- insn->imm);
- return PTR_ERR(map);
- }
-
-- err = check_map_prog_compatibility(map, env->prog);
-+ err = check_map_prog_compatibility(env, map, env->prog);
- if (err) {
- fdput(f);
- return err;
-@@ -4082,7 +4112,7 @@ static int convert_ctx_accesses(struct b
- cnt = ops->gen_prologue(insn_buf, env->seen_direct_write,
- env->prog);
- if (cnt >= ARRAY_SIZE(insn_buf)) {
-- verbose("bpf verifier is misconfigured\n");
-+ verbose(env, "bpf verifier is misconfigured\n");
- return -EINVAL;
- } else if (cnt) {
- new_prog = bpf_patch_insn_data(env, 0, insn_buf, cnt);
-@@ -4130,7 +4160,7 @@ static int convert_ctx_accesses(struct b
- u8 size_code;
-
- if (type == BPF_WRITE) {
-- verbose("bpf verifier narrow ctx access misconfigured\n");
-+ verbose(env, "bpf verifier narrow ctx access misconfigured\n");
- return -EINVAL;
- }
-
-@@ -4149,7 +4179,7 @@ static int convert_ctx_accesses(struct b
- &target_size);
- if (cnt == 0 || cnt >= ARRAY_SIZE(insn_buf) ||
- (ctx_field_size && !target_size)) {
-- verbose("bpf verifier is misconfigured\n");
-+ verbose(env, "bpf verifier is misconfigured\n");
- return -EINVAL;
- }
-
-@@ -4231,7 +4261,7 @@ static int fixup_bpf_calls(struct bpf_ve
-
- cnt = map_ptr->ops->map_gen_lookup(map_ptr, insn_buf);
- if (cnt == 0 || cnt >= ARRAY_SIZE(insn_buf)) {
-- verbose("bpf verifier is misconfigured\n");
-+ verbose(env, "bpf verifier is misconfigured\n");
- return -EINVAL;
- }
-
-@@ -4275,7 +4305,8 @@ patch_call_imm:
- * programs to call them, must be real in-kernel functions
- */
- if (!fn->func) {
-- verbose("kernel subsystem misconfigured func %s#%d\n",
-+ verbose(env,
-+ "kernel subsystem misconfigured func %s#%d\n",
- func_id_name(insn->imm), insn->imm);
- return -EFAULT;
- }
-@@ -4309,8 +4340,8 @@ static void free_states(struct bpf_verif
-
- int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
- {
-- struct bpf_verifer_log *log = &verifier_log;
- struct bpf_verifier_env *env;
-+ struct bpf_verifer_log *log;
- int ret = -EINVAL;
-
- /* 'struct bpf_verifier_env' can be global, but since it's not small,
-@@ -4319,6 +4350,7 @@ int bpf_check(struct bpf_prog **prog, un
- env = kzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
- if (!env)
- return -ENOMEM;
-+ log = &env->log;
-
- env->insn_aux_data = vzalloc(sizeof(struct bpf_insn_aux_data) *
- (*prog)->len);
-@@ -4337,7 +4369,6 @@ int bpf_check(struct bpf_prog **prog, un
- log->level = attr->log_level;
- log->ubuf = (char __user *) (unsigned long) attr->log_buf;
- log->len_total = attr->log_size;
-- log->len_used = 0;
-
- ret = -EINVAL;
- /* log attributes have to be sane */
-@@ -4349,8 +4380,6 @@ int bpf_check(struct bpf_prog **prog, un
- log->kbuf = vmalloc(log->len_total);
- if (!log->kbuf)
- goto err_unlock;
-- } else {
-- log->level = 0;
- }
-
- env->strict_alignment = !!(attr->prog_flags & BPF_F_STRICT_ALIGNMENT);
-@@ -4461,8 +4490,6 @@ int bpf_analyzer(struct bpf_prog *prog,
- /* grab the mutex to protect few globals used by verifier */
- mutex_lock(&bpf_verifier_lock);
-
-- verifier_log.level = 0;
--
- env->strict_alignment = false;
- if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
- env->strict_alignment = true;
diff --git a/debian/patches/bugfix/all/bpf-verifier-fix-bounds-calculation-on-bpf_rsh.patch b/debian/patches/bugfix/all/bpf-verifier-fix-bounds-calculation-on-bpf_rsh.patch
deleted file mode 100644
index 990d196..0000000
--- a/debian/patches/bugfix/all/bpf-verifier-fix-bounds-calculation-on-bpf_rsh.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Edward Cree <ecree at solarflare.com>
-Date: Mon, 18 Dec 2017 20:11:53 -0800
-Subject: [1/9] bpf/verifier: fix bounds calculation on BPF_RSH
-Origin: https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941
-
-Incorrect signed bounds were being computed.
-If the old upper signed bound was positive and the old lower signed bound was
-negative, this could cause the new upper signed bound to be too low,
-leading to security issues.
-
-Fixes: b03c9f9fdc37 ("bpf/verifier: track signed and unsigned min/max values")
-Reported-by: Jann Horn <jannh at google.com>
-Signed-off-by: Edward Cree <ecree at solarflare.com>
-Acked-by: Alexei Starovoitov <ast at kernel.org>
-[jannh at google.com: changed description to reflect bug impact]
-Signed-off-by: Jann Horn <jannh at google.com>
-Signed-off-by: Alexei Starovoitov <ast at kernel.org>
-Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
----
- kernel/bpf/verifier.c | 30 ++++++++++++++++--------------
- 1 file changed, 16 insertions(+), 14 deletions(-)
-
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -2183,20 +2183,22 @@ static int adjust_scalar_min_max_vals(st
- mark_reg_unknown(env, regs, insn->dst_reg);
- break;
- }
-- /* BPF_RSH is an unsigned shift, so make the appropriate casts */
-- if (dst_reg->smin_value < 0) {
-- if (umin_val) {
-- /* Sign bit will be cleared */
-- dst_reg->smin_value = 0;
-- } else {
-- /* Lost sign bit information */
-- dst_reg->smin_value = S64_MIN;
-- dst_reg->smax_value = S64_MAX;
-- }
-- } else {
-- dst_reg->smin_value =
-- (u64)(dst_reg->smin_value) >> umax_val;
-- }
-+ /* BPF_RSH is an unsigned shift. If the value in dst_reg might
-+ * be negative, then either:
-+ * 1) src_reg might be zero, so the sign bit of the result is
-+ * unknown, so we lose our signed bounds
-+ * 2) it's known negative, thus the unsigned bounds capture the
-+ * signed bounds
-+ * 3) the signed bounds cross zero, so they tell us nothing
-+ * about the result
-+ * If the value in dst_reg is known nonnegative, then again the
-+ * unsigned bounts capture the signed bounds.
-+ * Thus, in all cases it suffices to blow away our signed bounds
-+ * and rely on inferring new ones from the unsigned bounds and
-+ * var_off of the result.
-+ */
-+ dst_reg->smin_value = S64_MIN;
-+ dst_reg->smax_value = S64_MAX;
- if (src_known)
- dst_reg->var_off = tnum_rshift(dst_reg->var_off,
- umin_val);
diff --git a/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
index be5f528..dc52771 100644
--- a/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
+++ b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
@@ -5,10 +5,9 @@ Forwarded: https://marc.info/?l=linux-pm&m=149248268214265
Calls to cpufreq_cpu_exists(cpu) were converted to
cpupower_is_cpu_online(cpu) when libcpupower was introduced and the
-former function was deleted. However, cpupower_is_cpu_online()
-returns 1 on success whereas cpufreq_cpu_exists() returned 0 on
-success. It also does not distinguish physically absent and offline
-CPUs, and does not set errno.
+former function was deleted. However, cpupower_is_cpu_online() does
+not distinguish physically absent and offline CPUs, and does not set
+errno.
cpufreq-set has already been fixed (commit c25badc9ceb6).
@@ -16,6 +15,7 @@ In cpufreq-bench, which prints an error message for offline CPUs,
properly distinguish and report the zero and negative cases.
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
+Fixes: 53d1cd6b125f ("cpupowerutils: bench - Fix cpu online check")
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
--- a/tools/power/cpupower/bench/system.c
@@ -28,7 +28,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
dprintf("set %s as cpufreq governor\n", governor);
-- if (cpupower_is_cpu_online(cpu) != 0) {
+- if (cpupower_is_cpu_online(cpu) != 1) {
- perror("cpufreq_cpu_exists");
- fprintf(stderr, "error: cpu %u does not exist\n", cpu);
+ rc = cpupower_is_cpu_online(cpu);
diff --git a/debian/patches/bugfix/all/crypto-hmac-require-that-the-underlying-hash-algorit.patch b/debian/patches/bugfix/all/crypto-hmac-require-that-the-underlying-hash-algorit.patch
deleted file mode 100644
index 44c4b4f..0000000
--- a/debian/patches/bugfix/all/crypto-hmac-require-that-the-underlying-hash-algorit.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From: Eric Biggers <ebiggers at google.com>
-Date: Tue, 28 Nov 2017 18:01:38 -0800
-Subject: crypto: hmac - require that the underlying hash algorithm is unkeyed
-Origin: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17806
-
-Because the HMAC template didn't check that its underlying hash
-algorithm is unkeyed, trying to use "hmac(hmac(sha3-512-generic))"
-through AF_ALG or through KEYCTL_DH_COMPUTE resulted in the inner HMAC
-being used without having been keyed, resulting in sha3_update() being
-called without sha3_init(), causing a stack buffer overflow.
-
-This is a very old bug, but it seems to have only started causing real
-problems when SHA-3 support was added (requires CONFIG_CRYPTO_SHA3)
-because the innermost hash's state is ->import()ed from a zeroed buffer,
-and it just so happens that other hash algorithms are fine with that,
-but SHA-3 is not. However, there could be arch or hardware-dependent
-hash algorithms also affected; I couldn't test everything.
-
-Fix the bug by introducing a function crypto_shash_alg_has_setkey()
-which tests whether a shash algorithm is keyed. Then update the HMAC
-template to require that its underlying hash algorithm is unkeyed.
-
-Here is a reproducer:
-
- #include <linux/if_alg.h>
- #include <sys/socket.h>
-
- int main()
- {
- int algfd;
- struct sockaddr_alg addr = {
- .salg_type = "hash",
- .salg_name = "hmac(hmac(sha3-512-generic))",
- };
- char key[4096] = { 0 };
-
- algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
- bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
- setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
- }
-
-Here was the KASAN report from syzbot:
-
- BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:341 [inline]
- BUG: KASAN: stack-out-of-bounds in sha3_update+0xdf/0x2e0 crypto/sha3_generic.c:161
- Write of size 4096 at addr ffff8801cca07c40 by task syzkaller076574/3044
-
- CPU: 1 PID: 3044 Comm: syzkaller076574 Not tainted 4.14.0-mm1+ #25
- Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
- Call Trace:
- __dump_stack lib/dump_stack.c:17 [inline]
- dump_stack+0x194/0x257 lib/dump_stack.c:53
- print_address_description+0x73/0x250 mm/kasan/report.c:252
- kasan_report_error mm/kasan/report.c:351 [inline]
- kasan_report+0x25b/0x340 mm/kasan/report.c:409
- check_memory_region_inline mm/kasan/kasan.c:260 [inline]
- check_memory_region+0x137/0x190 mm/kasan/kasan.c:267
- memcpy+0x37/0x50 mm/kasan/kasan.c:303
- memcpy include/linux/string.h:341 [inline]
- sha3_update+0xdf/0x2e0 crypto/sha3_generic.c:161
- crypto_shash_update+0xcb/0x220 crypto/shash.c:109
- shash_finup_unaligned+0x2a/0x60 crypto/shash.c:151
- crypto_shash_finup+0xc4/0x120 crypto/shash.c:165
- hmac_finup+0x182/0x330 crypto/hmac.c:152
- crypto_shash_finup+0xc4/0x120 crypto/shash.c:165
- shash_digest_unaligned+0x9e/0xd0 crypto/shash.c:172
- crypto_shash_digest+0xc4/0x120 crypto/shash.c:186
- hmac_setkey+0x36a/0x690 crypto/hmac.c:66
- crypto_shash_setkey+0xad/0x190 crypto/shash.c:64
- shash_async_setkey+0x47/0x60 crypto/shash.c:207
- crypto_ahash_setkey+0xaf/0x180 crypto/ahash.c:200
- hash_setkey+0x40/0x90 crypto/algif_hash.c:446
- alg_setkey crypto/af_alg.c:221 [inline]
- alg_setsockopt+0x2a1/0x350 crypto/af_alg.c:254
- SYSC_setsockopt net/socket.c:1851 [inline]
- SyS_setsockopt+0x189/0x360 net/socket.c:1830
- entry_SYSCALL_64_fastpath+0x1f/0x96
-
-Reported-by: syzbot <syzkaller at googlegroups.com>
-Cc: <stable at vger.kernel.org>
-Signed-off-by: Eric Biggers <ebiggers at google.com>
-Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
----
- crypto/hmac.c | 6 +++++-
- crypto/shash.c | 5 +++--
- include/crypto/internal/hash.h | 8 ++++++++
- 3 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/hmac.c b/crypto/hmac.c
-index 92871dc2a63e..e74730224f0a 100644
---- a/crypto/hmac.c
-+++ b/crypto/hmac.c
-@@ -195,11 +195,15 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
- salg = shash_attr_alg(tb[1], 0, 0);
- if (IS_ERR(salg))
- return PTR_ERR(salg);
-+ alg = &salg->base;
-
-+ /* The underlying hash algorithm must be unkeyed */
- err = -EINVAL;
-+ if (crypto_shash_alg_has_setkey(salg))
-+ goto out_put_alg;
-+
- ds = salg->digestsize;
- ss = salg->statesize;
-- alg = &salg->base;
- if (ds > alg->cra_blocksize ||
- ss < alg->cra_blocksize)
- goto out_put_alg;
-diff --git a/crypto/shash.c b/crypto/shash.c
-index 325a14da5827..e849d3ee2e27 100644
---- a/crypto/shash.c
-+++ b/crypto/shash.c
-@@ -25,11 +25,12 @@
-
- static const struct crypto_type crypto_shash_type;
-
--static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
-- unsigned int keylen)
-+int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
-+ unsigned int keylen)
- {
- return -ENOSYS;
- }
-+EXPORT_SYMBOL_GPL(shash_no_setkey);
-
- static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
- unsigned int keylen)
-diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
-index f0b44c16e88f..c2bae8da642c 100644
---- a/include/crypto/internal/hash.h
-+++ b/include/crypto/internal/hash.h
-@@ -82,6 +82,14 @@ int ahash_register_instance(struct crypto_template *tmpl,
- struct ahash_instance *inst);
- void ahash_free_instance(struct crypto_instance *inst);
-
-+int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
-+ unsigned int keylen);
-+
-+static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
-+{
-+ return alg->setkey != shash_no_setkey;
-+}
-+
- int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
- struct hash_alg_common *alg,
- struct crypto_instance *inst);
---
-2.11.0
-
diff --git a/debian/patches/bugfix/all/crypto-salsa20-fix-blkcipher_walk-API-usage.patch b/debian/patches/bugfix/all/crypto-salsa20-fix-blkcipher_walk-API-usage.patch
deleted file mode 100644
index 4418d7f..0000000
--- a/debian/patches/bugfix/all/crypto-salsa20-fix-blkcipher_walk-API-usage.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From: Eric Biggers <ebiggers at google.com>
-Date: Tue, 28 Nov 2017 20:56:59 -0800
-Subject: crypto: salsa20 - fix blkcipher_walk API usage
-Origin: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17805
-
-When asked to encrypt or decrypt 0 bytes, both the generic and x86
-implementations of Salsa20 crash in blkcipher_walk_done(), either when
-doing 'kfree(walk->buffer)' or 'free_page((unsigned long)walk->page)',
-because walk->buffer and walk->page have not been initialized.
-
-The bug is that Salsa20 is calling blkcipher_walk_done() even when
-nothing is in 'walk.nbytes'. But blkcipher_walk_done() is only meant to
-be called when a nonzero number of bytes have been provided.
-
-The broken code is part of an optimization that tries to make only one
-call to salsa20_encrypt_bytes() to process inputs that are not evenly
-divisible by 64 bytes. To fix the bug, just remove this "optimization"
-and use the blkcipher_walk API the same way all the other users do.
-
-Reproducer:
-
- #include <linux/if_alg.h>
- #include <sys/socket.h>
- #include <unistd.h>
-
- int main()
- {
- int algfd, reqfd;
- struct sockaddr_alg addr = {
- .salg_type = "skcipher",
- .salg_name = "salsa20",
- };
- char key[16] = { 0 };
-
- algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
- bind(algfd, (void *)&addr, sizeof(addr));
- reqfd = accept(algfd, 0, 0);
- setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
- read(reqfd, key, sizeof(key));
- }
-
-Reported-by: syzbot <syzkaller at googlegroups.com>
-Fixes: eb6f13eb9f81 ("[CRYPTO] salsa20_generic: Fix multi-page processing")
-Cc: <stable at vger.kernel.org> # v2.6.25+
-Signed-off-by: Eric Biggers <ebiggers at google.com>
-Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
----
- arch/x86/crypto/salsa20_glue.c | 7 -------
- crypto/salsa20_generic.c | 7 -------
- 2 files changed, 14 deletions(-)
-
-diff --git a/arch/x86/crypto/salsa20_glue.c b/arch/x86/crypto/salsa20_glue.c
-index 399a29d067d6..cb91a64a99e7 100644
---- a/arch/x86/crypto/salsa20_glue.c
-+++ b/arch/x86/crypto/salsa20_glue.c
-@@ -59,13 +59,6 @@ static int encrypt(struct blkcipher_desc *desc,
-
- salsa20_ivsetup(ctx, walk.iv);
-
-- if (likely(walk.nbytes == nbytes))
-- {
-- salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
-- walk.dst.virt.addr, nbytes);
-- return blkcipher_walk_done(desc, &walk, 0);
-- }
--
- while (walk.nbytes >= 64) {
- salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
- walk.dst.virt.addr,
-diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c
-index f550b5d94630..d7da0eea5622 100644
---- a/crypto/salsa20_generic.c
-+++ b/crypto/salsa20_generic.c
-@@ -188,13 +188,6 @@ static int encrypt(struct blkcipher_desc *desc,
-
- salsa20_ivsetup(ctx, walk.iv);
-
-- if (likely(walk.nbytes == nbytes))
-- {
-- salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
-- walk.src.virt.addr, nbytes);
-- return blkcipher_walk_done(desc, &walk, 0);
-- }
--
- while (walk.nbytes >= 64) {
- salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
- walk.src.virt.addr,
---
-2.11.0
-
diff --git a/debian/patches/bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch b/debian/patches/bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
deleted file mode 100644
index 3772ee8..0000000
--- a/debian/patches/bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Mohamed Ghannam <simo.ghannam at gmail.com>
-Date: Tue, 5 Dec 2017 20:58:35 +0000
-Subject: dccp: CVE-2017-8824: use-after-free in DCCP code
-Origin: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-8824
-
-Whenever the sock object is in DCCP_CLOSED state,
-dccp_disconnect() must free dccps_hc_tx_ccid and
-dccps_hc_rx_ccid and set to NULL.
-
-Signed-off-by: Mohamed Ghannam <simo.ghannam at gmail.com>
-Reviewed-by: Eric Dumazet <edumazet at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/dccp/proto.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/dccp/proto.c
-+++ b/net/dccp/proto.c
-@@ -259,6 +259,7 @@ int dccp_disconnect(struct sock *sk, int
- {
- struct inet_connection_sock *icsk = inet_csk(sk);
- struct inet_sock *inet = inet_sk(sk);
-+ struct dccp_sock *dp = dccp_sk(sk);
- int err = 0;
- const int old_state = sk->sk_state;
-
-@@ -278,6 +279,10 @@ int dccp_disconnect(struct sock *sk, int
- sk->sk_err = ECONNRESET;
-
- dccp_clear_xmit_timers(sk);
-+ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
-+ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
-+ dp->dccps_hc_rx_ccid = NULL;
-+ dp->dccps_hc_tx_ccid = NULL;
-
- __skb_queue_purge(&sk->sk_receive_queue);
- __skb_queue_purge(&sk->sk_write_queue);
diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
index d6be1f6..300479d 100644
--- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
+++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
@@ -53,7 +53,7 @@ upstream submission.
/* disable MPU */
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
-@@ -732,10 +732,8 @@ static enum ucode_state request_microcod
+@@ -739,10 +739,8 @@ static enum ucode_state request_microcod
if (c->x86 >= 0x15)
snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
@@ -81,7 +81,7 @@ upstream submission.
rec = (const struct ihex_binrec *)fw->data;
--- a/drivers/atm/fore200e.c
+++ b/drivers/atm/fore200e.c
-@@ -2496,10 +2496,9 @@ static int fore200e_load_and_start_fw(st
+@@ -2504,10 +2504,9 @@ static int fore200e_load_and_start_fw(st
return err;
sprintf(buf, "%s%s", fore200e->bus->proc_name, FW_EXT);
@@ -96,7 +96,7 @@ upstream submission.
fw_size = firmware->size / sizeof(u32);
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
-@@ -424,10 +424,8 @@ static int ath3k_load_patch(struct usb_d
+@@ -425,10 +425,8 @@ static int ath3k_load_patch(struct usb_d
le32_to_cpu(fw_version.rom_version));
ret = request_firmware(&firmware, filename, &udev->dev);
@@ -108,7 +108,7 @@ upstream submission.
pt_rom_version = get_unaligned_le32(firmware->data +
firmware->size - 8);
-@@ -487,10 +485,8 @@ static int ath3k_load_syscfg(struct usb_
+@@ -488,10 +486,8 @@ static int ath3k_load_syscfg(struct usb_
le32_to_cpu(fw_version.rom_version), clk_value, ".dfu");
ret = request_firmware(&firmware, filename, &udev->dev);
@@ -203,7 +203,7 @@ upstream submission.
fw->size, fw_name);
--- a/drivers/dma/imx-sdma.c
+++ b/drivers/dma/imx-sdma.c
-@@ -1453,11 +1453,8 @@ static void sdma_load_firmware(const str
+@@ -1461,11 +1461,8 @@ static void sdma_load_firmware(const str
const struct sdma_script_start_addrs *addr;
unsigned short *ram_code;
@@ -233,7 +233,7 @@ upstream submission.
where = 0;
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
-@@ -1833,10 +1833,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr
+@@ -1839,10 +1839,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr
if (ret) {
snprintf(f, sizeof(f), "nouveau/%s", fwname);
ret = request_firmware(&fw, f, device->dev);
@@ -313,7 +313,7 @@ upstream submission.
ret = qib_ibsd_ucode_loaded(dd->pport, fw);
--- a/drivers/input/touchscreen/atmel_mxt_ts.c
+++ b/drivers/input/touchscreen/atmel_mxt_ts.c
-@@ -2715,10 +2715,8 @@ static int mxt_load_fw(struct device *de
+@@ -2717,10 +2717,8 @@ static int mxt_load_fw(struct device *de
int ret;
ret = request_firmware(&fw, fn, dev);
@@ -384,7 +384,7 @@ upstream submission.
nim9090md_config[1].microcode_B_fe_size = state->frontend_firmware->size;
--- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
+++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
-@@ -88,13 +88,9 @@ int dvb_usb_download_firmware(struct usb
+@@ -89,13 +89,9 @@ int dvb_usb_download_firmware(struct usb
int ret;
const struct firmware *fw = NULL;
@@ -469,7 +469,7 @@ upstream submission.
b = fw->data;
--- a/drivers/media/dvb-frontends/cx24116.c
+++ b/drivers/media/dvb-frontends/cx24116.c
-@@ -495,13 +495,8 @@ static int cx24116_firmware_ondemand(str
+@@ -491,13 +491,8 @@ static int cx24116_firmware_ondemand(str
__func__, CX24116_DEFAULT_FIRMWARE);
ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE,
state->i2c->dev.parent);
@@ -486,7 +486,7 @@ upstream submission.
* during loading */
--- a/drivers/media/dvb-frontends/drxd_hard.c
+++ b/drivers/media/dvb-frontends/drxd_hard.c
-@@ -901,10 +901,8 @@ static int load_firmware(struct drxd_sta
+@@ -903,10 +903,8 @@ static int load_firmware(struct drxd_sta
{
const struct firmware *fw;
@@ -497,7 +497,7 @@ upstream submission.
- }
state->microcode = kmemdup(fw->data, fw->size, GFP_KERNEL);
- if (state->microcode == NULL) {
+ if (!state->microcode) {
--- a/drivers/media/dvb-frontends/drxk_hard.c
+++ b/drivers/media/dvb-frontends/drxk_hard.c
@@ -6287,10 +6287,6 @@ static void load_firmware_cb(const struc
@@ -513,7 +513,7 @@ upstream submission.
/*
--- a/drivers/media/dvb-frontends/ds3000.c
+++ b/drivers/media/dvb-frontends/ds3000.c
-@@ -362,12 +362,8 @@ static int ds3000_firmware_ondemand(stru
+@@ -360,12 +360,8 @@ static int ds3000_firmware_ondemand(stru
DS3000_DEFAULT_FIRMWARE);
ret = request_firmware(&fw, DS3000_DEFAULT_FIRMWARE,
state->i2c->dev.parent);
@@ -691,7 +691,7 @@ upstream submission.
}
--- a/drivers/media/common/siano/smscoreapi.c
+++ b/drivers/media/common/siano/smscoreapi.c
-@@ -1158,10 +1158,8 @@ static int smscore_load_firmware_from_fi
+@@ -1156,10 +1156,8 @@ static int smscore_load_firmware_from_fi
return -EINVAL;
rc = request_firmware(&fw, fw_filename, coredev->device);
@@ -906,7 +906,7 @@ upstream submission.
pr_err("ERROR: Firmware size mismatch (have %zu, expected %d)\n",
--- a/drivers/media/pci/cx23885/cx23885-cards.c
+++ b/drivers/media/pci/cx23885/cx23885-cards.c
-@@ -2339,10 +2339,7 @@ void cx23885_card_setup(struct cx23885_d
+@@ -2345,10 +2345,7 @@ void cx23885_card_setup(struct cx23885_d
cinfo.rev, filename);
ret = request_firmware(&fw, filename, &dev->pci->dev);
@@ -1003,7 +1003,7 @@ upstream submission.
--- a/drivers/media/usb/s2255/s2255drv.c
+++ b/drivers/media/usb/s2255/s2255drv.c
-@@ -2306,10 +2306,8 @@ static int s2255_probe(struct usb_interf
+@@ -2307,10 +2307,8 @@ static int s2255_probe(struct usb_interf
}
/* load the first chunk */
if (request_firmware(&dev->fw_data->fw,
@@ -1156,7 +1156,7 @@ upstream submission.
if (bp->mips_firmware->size < sizeof(*mips_fw) ||
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
-@@ -13490,11 +13490,8 @@ static int bnx2x_init_firmware(struct bn
+@@ -13495,11 +13495,8 @@ static int bnx2x_init_firmware(struct bn
BNX2X_DEV_INFO("Loading %s\n", fw_file_name);
rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev);
@@ -1171,7 +1171,7 @@ upstream submission.
if (rc) {
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
-@@ -11357,11 +11357,8 @@ static int tg3_request_firmware(struct t
+@@ -11355,11 +11355,8 @@ static int tg3_request_firmware(struct t
{
const struct tg3_firmware_hdr *fw_hdr;
@@ -1200,7 +1200,7 @@ upstream submission.
*bfi_image_size = fw->size/sizeof(u32);
--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
-@@ -1033,12 +1033,8 @@ int t3_get_edc_fw(struct cphy *phy, int
+@@ -1037,12 +1037,8 @@ int t3_get_edc_fw(struct cphy *phy, int
fw_name = get_edc_fw_name(edc_idx);
if (fw_name)
ret = request_firmware(&fw, fw_name, &adapter->pdev->dev);
@@ -1214,7 +1214,7 @@ upstream submission.
/* check size, take checksum in account */
if (fw->size > size + 4) {
-@@ -1075,11 +1071,8 @@ static int upgrade_fw(struct adapter *ad
+@@ -1079,11 +1075,8 @@ static int upgrade_fw(struct adapter *ad
struct device *dev = &adap->pdev->dev;
ret = request_firmware(&fw, FW_FNAME, dev);
@@ -1227,7 +1227,7 @@ upstream submission.
ret = t3_load_fw(adap, fw->data, fw->size);
release_firmware(fw);
-@@ -1124,11 +1117,8 @@ static int update_tpsram(struct adapter
+@@ -1128,11 +1121,8 @@ static int update_tpsram(struct adapter
snprintf(buf, sizeof(buf), TPSRAM_NAME, rev);
ret = request_firmware(&tpsram, buf, dev);
@@ -1386,7 +1386,7 @@ upstream submission.
--- a/drivers/net/wireless/atmel/atmel.c
+++ b/drivers/net/wireless/atmel/atmel.c
-@@ -3911,12 +3911,8 @@ static int reset_atmel_card(struct net_d
+@@ -3908,12 +3908,8 @@ static int reset_atmel_card(struct net_d
strcpy(priv->firmware_id, "atmel_at76c502.bin");
}
err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev);
@@ -1480,7 +1480,7 @@ upstream submission.
--- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c
+++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c
-@@ -3416,10 +3416,8 @@ static int ipw_get_fw(struct ipw_priv *p
+@@ -3417,10 +3417,8 @@ static int ipw_get_fw(struct ipw_priv *p
/* ask firmware_class module to get the boot firmware off disk */
rc = request_firmware(raw, name, &priv->pci_dev->dev);
@@ -1504,7 +1504,7 @@ upstream submission.
else
--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
-@@ -234,8 +234,6 @@ static int iwl_request_firmware(struct i
+@@ -235,8 +235,6 @@ static int iwl_request_firmware(struct i
}
if (drv->fw_index < cfg->ucode_api_min) {
@@ -1526,7 +1526,7 @@ upstream submission.
}
--- a/drivers/net/wireless/marvell/mwifiex/main.c
+++ b/drivers/net/wireless/marvell/mwifiex/main.c
-@@ -526,11 +526,8 @@ static int _mwifiex_fw_dpc(const struct
+@@ -525,11 +525,8 @@ static int _mwifiex_fw_dpc(const struct
struct wireless_dev *wdev;
struct completion *fw_done = adapter->fw_done;
@@ -1620,7 +1620,7 @@ upstream submission.
--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
-@@ -1679,7 +1679,6 @@ static int ezusb_probe(struct usb_interf
+@@ -1677,7 +1677,6 @@ static int ezusb_probe(struct usb_interf
if (ezusb_firmware_download(upriv, &firmware) < 0)
goto error;
} else {
@@ -1705,7 +1705,7 @@ upstream submission.
}
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
-@@ -91,7 +91,6 @@ static void rtl92se_fw_cb(const struct f
+@@ -92,7 +92,6 @@ static void rtl92se_fw_cb(const struct f
"Firmware callback routine entered!\n");
complete(&rtlpriv->firmware_loading_complete);
if (!firmware) {
@@ -1850,7 +1850,7 @@ upstream submission.
if (err) {
--- a/drivers/scsi/bfa/bfad.c
+++ b/drivers/scsi/bfa/bfad.c
-@@ -1758,7 +1758,6 @@ bfad_read_firmware(struct pci_dev *pdev,
+@@ -1756,7 +1756,6 @@ bfad_read_firmware(struct pci_dev *pdev,
const struct firmware *fw;
if (request_firmware(&fw, fw_name, &pdev->dev)) {
@@ -1860,7 +1860,7 @@ upstream submission.
}
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
-@@ -4083,10 +4083,8 @@ static ssize_t ipr_store_update_fw(struc
+@@ -4094,10 +4094,8 @@ static ssize_t ipr_store_update_fw(struc
if (endline)
*endline = '\0';
@@ -1874,7 +1874,7 @@ upstream submission.
--- a/drivers/scsi/pm8001/pm8001_ctl.c
+++ b/drivers/scsi/pm8001/pm8001_ctl.c
-@@ -685,10 +685,6 @@ static ssize_t pm8001_store_update_fw(st
+@@ -737,10 +737,6 @@ static ssize_t pm8001_store_update_fw(st
pm8001_ha->dev);
if (ret) {
@@ -1898,7 +1898,7 @@ upstream submission.
}
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
-@@ -6651,8 +6651,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
+@@ -6906,8 +6906,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
/* Load firmware blob. */
blob = qla2x00_request_firmware(vha);
if (!blob) {
@@ -1907,7 +1907,7 @@ upstream submission.
ql_log(ql_log_info, vha, 0x0084,
"Firmware images can be retrieved from: "QLA_FW_URL ".\n");
return QLA_FUNCTION_FAILED;
-@@ -6754,8 +6752,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
+@@ -7009,8 +7007,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
/* Load firmware blob. */
blob = qla2x00_request_firmware(vha);
if (!blob) {
@@ -1933,7 +1933,7 @@ upstream submission.
if (qla82xx_validate_firmware_blob(vha,
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
-@@ -6149,8 +6149,6 @@ qla2x00_request_firmware(scsi_qla_host_t
+@@ -6269,8 +6269,6 @@ qla2x00_request_firmware(scsi_qla_host_t
goto out;
if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) {
@@ -2017,11 +2017,11 @@ upstream submission.
if (0 != ret) {
--- a/drivers/staging/media/lirc/lirc_zilog.c
+++ b/drivers/staging/media/lirc/lirc_zilog.c
-@@ -753,9 +753,6 @@ static int fw_load(struct IR_tx *tx)
+@@ -752,9 +752,6 @@ static int fw_load(struct IR_tx *tx)
/* Request codeset data file */
- ret = request_firmware(&fw_entry, "haup-ir-blaster.bin", tx->ir->l.dev);
+ ret = request_firmware(&fw_entry, "haup-ir-blaster.bin", tx->ir->dev);
if (ret != 0) {
-- dev_err(tx->ir->l.dev,
+- dev_err(tx->ir->dev,
- "firmware haup-ir-blaster.bin not available (%d)\n",
- ret);
ret = ret < 0 ? ret : -EFAULT;
@@ -2029,7 +2029,7 @@ upstream submission.
}
--- a/drivers/staging/rtl8192u/r819xU_firmware.c
+++ b/drivers/staging/rtl8192u/r819xU_firmware.c
-@@ -244,10 +244,8 @@ bool init_firmware(struct net_device *de
+@@ -245,10 +245,8 @@ bool init_firmware(struct net_device *de
*/
if (rst_opt == OPT_SYSTEM_RESET) {
rc = request_firmware(&fw_entry, fw_name[init_step], &priv->udev->dev);
@@ -2097,7 +2097,7 @@ upstream submission.
if (!buffer)
--- a/drivers/tty/cyclades.c
+++ b/drivers/tty/cyclades.c
-@@ -3492,10 +3492,8 @@ static int cyz_load_fw(struct pci_dev *p
+@@ -3489,10 +3489,8 @@ static int cyz_load_fw(struct pci_dev *p
int retval;
retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev);
@@ -2111,7 +2111,7 @@ upstream submission.
positive, skip this board */
--- a/drivers/tty/moxa.c
+++ b/drivers/tty/moxa.c
-@@ -866,13 +866,8 @@ static int moxa_init_board(struct moxa_b
+@@ -862,13 +862,8 @@ static int moxa_init_board(struct moxa_b
}
ret = request_firmware(&fw, file, dev);
@@ -2128,7 +2128,7 @@ upstream submission.
--- a/drivers/tty/serial/icom.c
+++ b/drivers/tty/serial/icom.c
-@@ -374,7 +374,6 @@ static void load_code(struct icom_port *
+@@ -360,7 +360,6 @@ static void load_code(struct icom_port *
/* Load Call Setup into Adapter */
if (request_firmware(&fw, "icom_call_setup.bin", &dev->dev) < 0) {
@@ -2136,7 +2136,7 @@ upstream submission.
status = -1;
goto load_code_exit;
}
-@@ -394,7 +393,6 @@ static void load_code(struct icom_port *
+@@ -380,7 +379,6 @@ static void load_code(struct icom_port *
/* Load Resident DCE portion of Adapter */
if (request_firmware(&fw, "icom_res_dce.bin", &dev->dev) < 0) {
@@ -2144,7 +2144,7 @@ upstream submission.
status = -1;
goto load_code_exit;
}
-@@ -439,7 +437,6 @@ static void load_code(struct icom_port *
+@@ -425,7 +423,6 @@ static void load_code(struct icom_port *
}
if (request_firmware(&fw, "icom_asc.bin", &dev->dev) < 0) {
@@ -2154,7 +2154,7 @@ upstream submission.
}
--- a/drivers/tty/serial/ucc_uart.c
+++ b/drivers/tty/serial/ucc_uart.c
-@@ -1167,10 +1167,8 @@ static void uart_firmware_cont(const str
+@@ -1165,10 +1165,8 @@ static void uart_firmware_cont(const str
struct device *dev = context;
int ret;
@@ -2168,7 +2168,7 @@ upstream submission.
--- a/drivers/usb/atm/cxacru.c
+++ b/drivers/usb/atm/cxacru.c
-@@ -1088,8 +1088,6 @@ static int cxacru_find_firmware(struct c
+@@ -1082,8 +1082,6 @@ static int cxacru_find_firmware(struct c
return -ENOENT;
}
@@ -2179,7 +2179,7 @@ upstream submission.
--- a/drivers/usb/atm/ueagle-atm.c
+++ b/drivers/usb/atm/ueagle-atm.c
-@@ -649,10 +649,8 @@ static void uea_upload_pre_firmware(cons
+@@ -650,10 +650,8 @@ static void uea_upload_pre_firmware(cons
int ret, size;
uea_enters(usb);
@@ -2191,7 +2191,7 @@ upstream submission.
pfw = fw_entry->data;
size = fw_entry->size;
-@@ -747,10 +745,6 @@ static int uea_load_firmware(struct usb_
+@@ -748,10 +746,6 @@ static int uea_load_firmware(struct usb_
ret = request_firmware_nowait(THIS_MODULE, 1, fw_name, &usb->dev,
GFP_KERNEL, usb,
uea_upload_pre_firmware);
@@ -2202,7 +2202,7 @@ upstream submission.
uea_leaves(usb);
return ret;
-@@ -912,12 +906,8 @@ static int request_dsp(struct uea_softc
+@@ -913,12 +907,8 @@ static int request_dsp(struct uea_softc
}
ret = request_firmware(&sc->dsp_firm, dsp_name, &sc->usb_dev->dev);
@@ -2216,7 +2216,7 @@ upstream submission.
if (UEA_CHIP_VERSION(sc) == EAGLE_IV)
ret = check_dsp_e4(sc->dsp_firm->data, sc->dsp_firm->size);
-@@ -1630,12 +1620,8 @@ static int request_cmvs_old(struct uea_s
+@@ -1631,12 +1621,8 @@ static int request_cmvs_old(struct uea_s
cmvs_file_name(sc, cmv_name, 1);
ret = request_firmware(fw, cmv_name, &sc->usb_dev->dev);
@@ -2230,7 +2230,7 @@ upstream submission.
data = (u8 *) (*fw)->data;
size = (*fw)->size;
-@@ -1672,9 +1658,6 @@ static int request_cmvs(struct uea_softc
+@@ -1673,9 +1659,6 @@ static int request_cmvs(struct uea_softc
"try to get older cmvs\n", cmv_name);
return request_cmvs_old(sc, cmvs, fw);
}
@@ -2240,7 +2240,7 @@ upstream submission.
return ret;
}
-@@ -1957,11 +1940,8 @@ static int load_XILINX_firmware(struct u
+@@ -1958,11 +1941,8 @@ static int load_XILINX_firmware(struct u
uea_enters(INS_TO_USBDEV(sc));
ret = request_firmware(&fw_entry, fw_name, &sc->usb_dev->dev);
@@ -2255,7 +2255,7 @@ upstream submission.
size = fw_entry->size;
--- a/drivers/usb/misc/emi26.c
+++ b/drivers/usb/misc/emi26.c
-@@ -88,21 +88,17 @@ static int emi26_load_firmware (struct u
+@@ -85,21 +85,17 @@ static int emi26_load_firmware (struct u
err = request_ihex_firmware(&loader_fw, "emi26/loader.fw", &dev->dev);
if (err)
@@ -2282,7 +2282,7 @@ upstream submission.
err = emi26_set_reset(dev,1);
--- a/drivers/usb/misc/ezusb.c
+++ b/drivers/usb/misc/ezusb.c
-@@ -79,12 +79,8 @@ static int ezusb_ihex_firmware_download(
+@@ -76,12 +76,8 @@ static int ezusb_ihex_firmware_download(
const struct ihex_binrec *record;
if (request_ihex_firmware(&firmware, firmware_path,
@@ -2298,7 +2298,7 @@ upstream submission.
if (ret < 0)
--- a/drivers/usb/misc/isight_firmware.c
+++ b/drivers/usb/misc/isight_firmware.c
-@@ -48,7 +48,6 @@ static int isight_firmware_load(struct u
+@@ -45,7 +45,6 @@ static int isight_firmware_load(struct u
return -ENOMEM;
if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) {
@@ -2308,7 +2308,7 @@ upstream submission.
}
--- a/drivers/usb/serial/io_edgeport.c
+++ b/drivers/usb/serial/io_edgeport.c
-@@ -379,11 +379,8 @@ static void update_edgeport_E2PROM(struc
+@@ -375,11 +375,8 @@ static void update_edgeport_E2PROM(struc
response = request_ihex_firmware(&fw, fw_name,
&edge_serial->serial->dev->dev);
@@ -2323,7 +2323,7 @@ upstream submission.
BootMajorVersion = rec->data[0];
--- a/drivers/usb/serial/io_ti.c
+++ b/drivers/usb/serial/io_ti.c
-@@ -1014,8 +1014,6 @@ static int download_fw(struct edgeport_s
+@@ -1010,8 +1010,6 @@ static int download_fw(struct edgeport_s
status = request_firmware(&fw, fw_name, dev);
if (status) {
@@ -2334,7 +2334,7 @@ upstream submission.
--- a/drivers/usb/serial/ti_usb_3410_5052.c
+++ b/drivers/usb/serial/ti_usb_3410_5052.c
-@@ -1696,10 +1696,8 @@ static int ti_download_firmware(struct t
+@@ -1692,10 +1692,8 @@ static int ti_download_firmware(struct t
}
check_firmware:
@@ -2505,7 +2505,7 @@ upstream submission.
if (!chip->disabled) {
--- a/sound/pci/korg1212/korg1212.c
+++ b/sound/pci/korg1212/korg1212.c
-@@ -2350,7 +2350,6 @@ static int snd_korg1212_create(struct sn
+@@ -2349,7 +2349,6 @@ static int snd_korg1212_create(struct sn
err = request_firmware(&dsp_code, "korg/k1212.dsp", &pci->dev);
if (err < 0) {
release_firmware(dsp_code);
@@ -2561,7 +2561,7 @@ upstream submission.
if (err) {
--- a/sound/pci/rme9652/hdsp.c
+++ b/sound/pci/rme9652/hdsp.c
-@@ -5136,11 +5136,8 @@ static int hdsp_request_fw_loader(struct
+@@ -5132,11 +5132,8 @@ static int hdsp_request_fw_loader(struct
return -EINVAL;
}
diff --git a/debian/patches/bugfix/all/i40e-fix-flags-declaration.patch b/debian/patches/bugfix/all/i40e-fix-flags-declaration.patch
deleted file mode 100644
index 070e407..0000000
--- a/debian/patches/bugfix/all/i40e-fix-flags-declaration.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Jacob Keller <jacob.e.keller at intel.com>
-Date: Thu, 7 Sep 2017 15:19:12 -0700
-Subject: i40e: fix flags declaration
-Origin: https://git.kernel.org/linus/b48be9978e4b21b28b7349f57574dae21378ddd5
-
-Since we don't yet have more than 32 flags, we'll use a u32 for both the
-hw_features and flag field. Should we gain more flags in the future, we
-may need to convert to a u64 or separate flags out into two fields.
-
-This was overlooked in the previous commit 2781de2134c4 ("i40e/i40evf:
-organize and re-number feature flags"), where the feature flag was not
-converted form u64 to u32.
-
-Signed-off-by: Jacob Keller <jacob.e.keller at intel.com>
-Reviewed-by: Mitch Williams <mitch.a.williams at intel.com>
-Tested-by: Andrew Bowers <andrewx.bowers at intel.com>
-Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher at intel.com>
----
- drivers/net/ethernet/intel/i40e/i40e.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/net/ethernet/intel/i40e/i40e.h
-+++ b/drivers/net/ethernet/intel/i40e/i40e.h
-@@ -422,7 +422,7 @@ struct i40e_pf {
- #define I40E_HW_PORT_ID_VALID BIT(17)
- #define I40E_HW_RESTART_AUTONEG BIT(18)
-
-- u64 flags;
-+ u32 flags;
- #define I40E_FLAG_RX_CSUM_ENABLED BIT(0)
- #define I40E_FLAG_MSI_ENABLED BIT(1)
- #define I40E_FLAG_MSIX_ENABLED BIT(2)
diff --git a/debian/patches/bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch b/debian/patches/bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch
deleted file mode 100644
index d7477b6..0000000
--- a/debian/patches/bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch
+++ /dev/null
@@ -1,203 +0,0 @@
-From: Jacob Keller <jacob.e.keller at intel.com>
-Date: Fri, 1 Sep 2017 13:54:07 -0700
-Subject: i40e/i40evf: organize and re-number feature flags
-Origin: https://git.kernel.org/linus/b74f571f59a8a3dae998e3b95e0f88fac39bfef3
-
-Now that we've reduced the number of flags, organize similar flags
-together and re-number them accordingly.
-
-Since we don't yet have more than 32 flags, we'll use a u32 for both the
-hw_features and flag field. Should we gain more flags in the future, we
-may need to convert to a u64 or separate flags out into two fields.
-
-One alternative approach considered, but not implemented here, was to
-use an enumeration for the flag variables, and create a macro
-I40E_FLAG() which used string concatenation to generate BIT_ULL values.
-This has the advantage of making the actual bit values compile-time
-dynamic so that we do not need to worry about matching the order to the
-bit value. However, this does produce a high level of code churn, and
-makes it more difficult to read a dumped flags value when debugging.
-
-Change-ID: I8653fff69453cd547d6fe98d29dfa9d8710387d1
-Signed-off-by: Jacob Keller <jacob.e.keller at intel.com>
-Reviewed-by: Mitch Williams <mitch.a.williams at intel.com>
-Tested-by: Andrew Bowers <andrewx.bowers at intel.com>
-Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher at intel.com>
-[bwh: Backported to 4.14: leave out I40E_FLAG_LINK_DOWN_ON_CLOSE_ENABLED,
- I40E_FLAG_SOURCE_PRUNING_DISABLED, I40EVF_FLAG_REINIT_ITR_NEEDED]
----
- drivers/net/ethernet/intel/i40e/i40e.h | 98 +++++++++++++-------------
- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 6 +-
- drivers/net/ethernet/intel/i40evf/i40evf.h | 32 ++++-----
- 3 files changed, 68 insertions(+), 68 deletions(-)
-
---- a/drivers/net/ethernet/intel/i40e/i40e.h
-+++ b/drivers/net/ethernet/intel/i40e/i40e.h
-@@ -401,55 +401,55 @@ struct i40e_pf {
- struct timer_list service_timer;
- struct work_struct service_task;
-
-- u64 hw_features;
--#define I40E_HW_RSS_AQ_CAPABLE BIT_ULL(0)
--#define I40E_HW_128_QP_RSS_CAPABLE BIT_ULL(1)
--#define I40E_HW_ATR_EVICT_CAPABLE BIT_ULL(2)
--#define I40E_HW_WB_ON_ITR_CAPABLE BIT_ULL(3)
--#define I40E_HW_MULTIPLE_TCP_UDP_RSS_PCTYPE BIT_ULL(4)
--#define I40E_HW_NO_PCI_LINK_CHECK BIT_ULL(5)
--#define I40E_HW_100M_SGMII_CAPABLE BIT_ULL(6)
--#define I40E_HW_NO_DCB_SUPPORT BIT_ULL(7)
--#define I40E_HW_USE_SET_LLDP_MIB BIT_ULL(8)
--#define I40E_HW_GENEVE_OFFLOAD_CAPABLE BIT_ULL(9)
--#define I40E_HW_PTP_L4_CAPABLE BIT_ULL(10)
--#define I40E_HW_WOL_MC_MAGIC_PKT_WAKE BIT_ULL(11)
--#define I40E_HW_MPLS_HDR_OFFLOAD_CAPABLE BIT_ULL(12)
--#define I40E_HW_HAVE_CRT_RETIMER BIT_ULL(13)
--#define I40E_HW_OUTER_UDP_CSUM_CAPABLE BIT_ULL(14)
--#define I40E_HW_PHY_CONTROLS_LEDS BIT_ULL(15)
--#define I40E_HW_STOP_FW_LLDP BIT_ULL(16)
--#define I40E_HW_PORT_ID_VALID BIT_ULL(17)
--#define I40E_HW_RESTART_AUTONEG BIT_ULL(18)
-+ u32 hw_features;
-+#define I40E_HW_RSS_AQ_CAPABLE BIT(0)
-+#define I40E_HW_128_QP_RSS_CAPABLE BIT(1)
-+#define I40E_HW_ATR_EVICT_CAPABLE BIT(2)
-+#define I40E_HW_WB_ON_ITR_CAPABLE BIT(3)
-+#define I40E_HW_MULTIPLE_TCP_UDP_RSS_PCTYPE BIT(4)
-+#define I40E_HW_NO_PCI_LINK_CHECK BIT(5)
-+#define I40E_HW_100M_SGMII_CAPABLE BIT(6)
-+#define I40E_HW_NO_DCB_SUPPORT BIT(7)
-+#define I40E_HW_USE_SET_LLDP_MIB BIT(8)
-+#define I40E_HW_GENEVE_OFFLOAD_CAPABLE BIT(9)
-+#define I40E_HW_PTP_L4_CAPABLE BIT(10)
-+#define I40E_HW_WOL_MC_MAGIC_PKT_WAKE BIT(11)
-+#define I40E_HW_MPLS_HDR_OFFLOAD_CAPABLE BIT(12)
-+#define I40E_HW_HAVE_CRT_RETIMER BIT(13)
-+#define I40E_HW_OUTER_UDP_CSUM_CAPABLE BIT(14)
-+#define I40E_HW_PHY_CONTROLS_LEDS BIT(15)
-+#define I40E_HW_STOP_FW_LLDP BIT(16)
-+#define I40E_HW_PORT_ID_VALID BIT(17)
-+#define I40E_HW_RESTART_AUTONEG BIT(18)
-
- u64 flags;
--#define I40E_FLAG_RX_CSUM_ENABLED BIT_ULL(1)
--#define I40E_FLAG_MSI_ENABLED BIT_ULL(2)
--#define I40E_FLAG_MSIX_ENABLED BIT_ULL(3)
--#define I40E_FLAG_HW_ATR_EVICT_ENABLED BIT_ULL(4)
--#define I40E_FLAG_RSS_ENABLED BIT_ULL(6)
--#define I40E_FLAG_VMDQ_ENABLED BIT_ULL(7)
--#define I40E_FLAG_IWARP_ENABLED BIT_ULL(10)
--#define I40E_FLAG_FILTER_SYNC BIT_ULL(15)
--#define I40E_FLAG_SERVICE_CLIENT_REQUESTED BIT_ULL(16)
--#define I40E_FLAG_SRIOV_ENABLED BIT_ULL(19)
--#define I40E_FLAG_DCB_ENABLED BIT_ULL(20)
--#define I40E_FLAG_FD_SB_ENABLED BIT_ULL(21)
--#define I40E_FLAG_FD_ATR_ENABLED BIT_ULL(22)
--#define I40E_FLAG_FD_SB_AUTO_DISABLED BIT_ULL(23)
--#define I40E_FLAG_FD_ATR_AUTO_DISABLED BIT_ULL(24)
--#define I40E_FLAG_PTP BIT_ULL(25)
--#define I40E_FLAG_MFP_ENABLED BIT_ULL(26)
--#define I40E_FLAG_UDP_FILTER_SYNC BIT_ULL(27)
--#define I40E_FLAG_DCB_CAPABLE BIT_ULL(29)
--#define I40E_FLAG_VEB_STATS_ENABLED BIT_ULL(37)
--#define I40E_FLAG_LINK_POLLING_ENABLED BIT_ULL(39)
--#define I40E_FLAG_VEB_MODE_ENABLED BIT_ULL(40)
--#define I40E_FLAG_TRUE_PROMISC_SUPPORT BIT_ULL(51)
--#define I40E_FLAG_CLIENT_RESET BIT_ULL(54)
--#define I40E_FLAG_TEMP_LINK_POLLING BIT_ULL(55)
--#define I40E_FLAG_CLIENT_L2_CHANGE BIT_ULL(56)
--#define I40E_FLAG_LEGACY_RX BIT_ULL(58)
-+#define I40E_FLAG_RX_CSUM_ENABLED BIT(0)
-+#define I40E_FLAG_MSI_ENABLED BIT(1)
-+#define I40E_FLAG_MSIX_ENABLED BIT(2)
-+#define I40E_FLAG_RSS_ENABLED BIT(3)
-+#define I40E_FLAG_VMDQ_ENABLED BIT(4)
-+#define I40E_FLAG_FILTER_SYNC BIT(5)
-+#define I40E_FLAG_SRIOV_ENABLED BIT(6)
-+#define I40E_FLAG_DCB_CAPABLE BIT(7)
-+#define I40E_FLAG_DCB_ENABLED BIT(8)
-+#define I40E_FLAG_FD_SB_ENABLED BIT(9)
-+#define I40E_FLAG_FD_ATR_ENABLED BIT(10)
-+#define I40E_FLAG_FD_SB_AUTO_DISABLED BIT(11)
-+#define I40E_FLAG_FD_ATR_AUTO_DISABLED BIT(12)
-+#define I40E_FLAG_MFP_ENABLED BIT(13)
-+#define I40E_FLAG_UDP_FILTER_SYNC BIT(14)
-+#define I40E_FLAG_HW_ATR_EVICT_ENABLED BIT(15)
-+#define I40E_FLAG_VEB_MODE_ENABLED BIT(16)
-+#define I40E_FLAG_VEB_STATS_ENABLED BIT(17)
-+#define I40E_FLAG_LINK_POLLING_ENABLED BIT(18)
-+#define I40E_FLAG_TRUE_PROMISC_SUPPORT BIT(19)
-+#define I40E_FLAG_TEMP_LINK_POLLING BIT(20)
-+#define I40E_FLAG_LEGACY_RX BIT(21)
-+#define I40E_FLAG_PTP BIT(22)
-+#define I40E_FLAG_IWARP_ENABLED BIT(23)
-+#define I40E_FLAG_SERVICE_CLIENT_REQUESTED BIT(24)
-+#define I40E_FLAG_CLIENT_L2_CHANGE BIT(25)
-+#define I40E_FLAG_CLIENT_RESET BIT(26)
-
- struct i40e_client_instance *cinst;
- bool stat_offsets_loaded;
---- a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c
-+++ b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c
-@@ -4090,7 +4090,7 @@ static int i40e_set_priv_flags(struct ne
- struct i40e_netdev_priv *np = netdev_priv(dev);
- struct i40e_vsi *vsi = np->vsi;
- struct i40e_pf *pf = vsi->back;
-- u64 orig_flags, new_flags, changed_flags;
-+ u32 orig_flags, new_flags, changed_flags;
- u32 i, j;
-
- orig_flags = READ_ONCE(pf->flags);
-@@ -4142,12 +4142,12 @@ flags_complete:
- return -EOPNOTSUPP;
-
- /* Compare and exchange the new flags into place. If we failed, that
-- * is if cmpxchg64 returns anything but the old value, this means that
-+ * is if cmpxchg returns anything but the old value, this means that
- * something else has modified the flags variable since we copied it
- * originally. We'll just punt with an error and log something in the
- * message buffer.
- */
-- if (cmpxchg64(&pf->flags, orig_flags, new_flags) != orig_flags) {
-+ if (cmpxchg(&pf->flags, orig_flags, new_flags) != orig_flags) {
- dev_warn(&pf->pdev->dev,
- "Unable to update pf->flags as it was modified by another thread...\n");
- return -EAGAIN;
---- a/drivers/net/ethernet/intel/i40evf/i40evf.h
-+++ b/drivers/net/ethernet/intel/i40evf/i40evf.h
-@@ -220,21 +220,21 @@ struct i40evf_adapter {
-
- u32 flags;
- #define I40EVF_FLAG_RX_CSUM_ENABLED BIT(0)
--#define I40EVF_FLAG_IMIR_ENABLED BIT(5)
--#define I40EVF_FLAG_MQ_CAPABLE BIT(6)
--#define I40EVF_FLAG_PF_COMMS_FAILED BIT(8)
--#define I40EVF_FLAG_RESET_PENDING BIT(9)
--#define I40EVF_FLAG_RESET_NEEDED BIT(10)
--#define I40EVF_FLAG_WB_ON_ITR_CAPABLE BIT(11)
--#define I40EVF_FLAG_OUTER_UDP_CSUM_CAPABLE BIT(12)
--#define I40EVF_FLAG_ADDR_SET_BY_PF BIT(13)
--#define I40EVF_FLAG_SERVICE_CLIENT_REQUESTED BIT(14)
--#define I40EVF_FLAG_CLIENT_NEEDS_OPEN BIT(15)
--#define I40EVF_FLAG_CLIENT_NEEDS_CLOSE BIT(16)
--#define I40EVF_FLAG_CLIENT_NEEDS_L2_PARAMS BIT(17)
--#define I40EVF_FLAG_PROMISC_ON BIT(18)
--#define I40EVF_FLAG_ALLMULTI_ON BIT(19)
--#define I40EVF_FLAG_LEGACY_RX BIT(20)
-+#define I40EVF_FLAG_IMIR_ENABLED BIT(1)
-+#define I40EVF_FLAG_MQ_CAPABLE BIT(2)
-+#define I40EVF_FLAG_PF_COMMS_FAILED BIT(3)
-+#define I40EVF_FLAG_RESET_PENDING BIT(4)
-+#define I40EVF_FLAG_RESET_NEEDED BIT(5)
-+#define I40EVF_FLAG_WB_ON_ITR_CAPABLE BIT(6)
-+#define I40EVF_FLAG_OUTER_UDP_CSUM_CAPABLE BIT(7)
-+#define I40EVF_FLAG_ADDR_SET_BY_PF BIT(8)
-+#define I40EVF_FLAG_SERVICE_CLIENT_REQUESTED BIT(9)
-+#define I40EVF_FLAG_CLIENT_NEEDS_OPEN BIT(10)
-+#define I40EVF_FLAG_CLIENT_NEEDS_CLOSE BIT(11)
-+#define I40EVF_FLAG_CLIENT_NEEDS_L2_PARAMS BIT(12)
-+#define I40EVF_FLAG_PROMISC_ON BIT(13)
-+#define I40EVF_FLAG_ALLMULTI_ON BIT(14)
-+#define I40EVF_FLAG_LEGACY_RX BIT(15)
- /* duplicates for common code */
- #define I40E_FLAG_DCB_ENABLED 0
- #define I40E_FLAG_RX_CSUM_ENABLED I40EVF_FLAG_RX_CSUM_ENABLED
diff --git a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
index 28b8767..4e98a7b 100644
--- a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
+++ b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
@@ -22,7 +22,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
-@@ -121,7 +121,7 @@ CC_OPTION_CFLAGS = $(filter-out $(GCC_PL
+@@ -194,7 +194,7 @@ CC_OPTION_CFLAGS = $(filter-out $(GCC_PL
# Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)
cc-option = $(call __cc-option, $(CC),\
@@ -31,47 +31,47 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# hostcc-option
# Usage: cflags-y += $(call hostcc-option,-march=winchip-c6,-march=i586)
-@@ -131,23 +131,24 @@ hostcc-option = $(call __cc-option, $(HO
+@@ -204,23 +204,24 @@ hostcc-option = $(call __cc-option, $(HO
# cc-option-yn
# Usage: flag := $(call cc-option-yn,-march=winchip-c6)
- cc-option-yn = $(call try-run,\
+ cc-option-yn = $(call try-run-cached,\
- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
+ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
# cc-disable-warning
# Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable)
- cc-disable-warning = $(call try-run,\
+ cc-disable-warning = $(call try-run-cached,\
- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
+ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
# cc-name
# Expands to either gcc or clang
- cc-name = $(shell $(CC) -v 2>&1 | grep -q "clang version" && echo clang || echo gcc)
+ cc-name = $(call shell-cached,$(CC) -v 2>&1 | grep -q "clang version" && echo clang || echo gcc)
# cc-version
--cc-version = $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-version.sh $(CC))
-+cc-version = $(shell $(CONFIG_SHELL) \
+-cc-version = $(call shell-cached,$(CONFIG_SHELL) $(srctree)/scripts/gcc-version.sh $(CC))
++cc-version = $(call shell-cached,$(CONFIG_SHELL) \
+ $(srctree)/scripts/gcc-version.sh $(CC) $(NOSTDINC_FLAGS))
# cc-fullversion
- cc-fullversion = $(shell $(CONFIG_SHELL) \
+ cc-fullversion = $(call shell-cached,$(CONFIG_SHELL) \
- $(srctree)/scripts/gcc-version.sh -p $(CC))
+ $(srctree)/scripts/gcc-version.sh -p $(CC) $(NOSTDINC_FLAGS))
# cc-ifversion
# Usage: EXTRA_CFLAGS += $(call cc-ifversion, -lt, 0402, -O1)
-@@ -165,7 +166,7 @@ cc-ldoption = $(call try-run,\
+@@ -238,7 +239,7 @@ cc-ldoption = $(call try-run-cached,\
# ld-option
# Usage: LDFLAGS += $(call ld-option, -X)
- ld-option = $(call try-run,\
-- $(CC) -x c /dev/null -c -o "$$TMPO" ; $(LD) $(1) "$$TMPO" -o "$$TMP",$(1),$(2))
-+ $(CC) $(NOSTDINC_FLAGS) -x c /dev/null -c -o "$$TMPO" ; $(LD) $(1) "$$TMPO" -o "$$TMP",$(1),$(2))
+ ld-option = $(call try-run-cached,\
+- $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -x c /dev/null -c -o "$$TMPO"; \
++ $(CC) $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -x c /dev/null -c -o "$$TMPO"; \
+ $(LD) $(LDFLAGS) $(1) "$$TMPO" -o "$$TMP",$(1),$(2))
# ar-option
- # Usage: KBUILD_ARFLAGS := $(call ar-option,D)
--- a/Makefile
+++ b/Makefile
-@@ -650,6 +650,8 @@ endif
+@@ -667,6 +667,8 @@ endif
KBUILD_CFLAGS += $(call cc-ifversion, -lt, 0409, \
$(call cc-disable-warning,maybe-uninitialized,))
@@ -80,12 +80,12 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
-@@ -790,7 +792,7 @@ KBUILD_CFLAGS += $(call cc-option,-fdata
+@@ -776,7 +778,7 @@ KBUILD_CFLAGS += $(call cc-option,-fdata
endif
# arch Makefile may override CC so keep this after arch Makefile is included
--NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
-+NOSTDINC_FLAGS += -isystem $(shell $(CC) -print-file-name=include)
+-NOSTDINC_FLAGS += -nostdinc -isystem $(call shell-cached,$(CC) -print-file-name=include)
++NOSTDINC_FLAGS += -isystem $(call shell-cached,$(CC) -print-file-name=include)
CHECKFLAGS += $(NOSTDINC_FLAGS)
# warn about C99 declaration after statement
diff --git a/debian/patches/bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch b/debian/patches/bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch
deleted file mode 100644
index c460e89..0000000
--- a/debian/patches/bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From: Wanpeng Li <wanpeng.li at hotmail.com>
-Date: Thu, 14 Dec 2017 17:40:50 -0800
-Subject: KVM: Fix stack-out-of-bounds read in write_mmio
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit?id=e39d200fa5bf5b94a0948db0dae44c1b73b84a56
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17741
-
-Reported by syzkaller:
-
- BUG: KASAN: stack-out-of-bounds in write_mmio+0x11e/0x270 [kvm]
- Read of size 8 at addr ffff8803259df7f8 by task syz-executor/32298
-
- CPU: 6 PID: 32298 Comm: syz-executor Tainted: G OE 4.15.0-rc2+ #18
- Hardware name: LENOVO ThinkCentre M8500t-N000/SHARKBAY, BIOS FBKTC1AUS 02/16/2016
- Call Trace:
- dump_stack+0xab/0xe1
- print_address_description+0x6b/0x290
- kasan_report+0x28a/0x370
- write_mmio+0x11e/0x270 [kvm]
- emulator_read_write_onepage+0x311/0x600 [kvm]
- emulator_read_write+0xef/0x240 [kvm]
- emulator_fix_hypercall+0x105/0x150 [kvm]
- em_hypercall+0x2b/0x80 [kvm]
- x86_emulate_insn+0x2b1/0x1640 [kvm]
- x86_emulate_instruction+0x39a/0xb90 [kvm]
- handle_exception+0x1b4/0x4d0 [kvm_intel]
- vcpu_enter_guest+0x15a0/0x2640 [kvm]
- kvm_arch_vcpu_ioctl_run+0x549/0x7d0 [kvm]
- kvm_vcpu_ioctl+0x479/0x880 [kvm]
- do_vfs_ioctl+0x142/0x9a0
- SyS_ioctl+0x74/0x80
- entry_SYSCALL_64_fastpath+0x23/0x9a
-
-The path of patched vmmcall will patch 3 bytes opcode 0F 01 C1(vmcall)
-to the guest memory, however, write_mmio tracepoint always prints 8 bytes
-through *(u64 *)val since kvm splits the mmio access into 8 bytes. This
-leaks 5 bytes from the kernel stack (CVE-2017-17741). This patch fixes
-it by just accessing the bytes which we operate on.
-
-Before patch:
-
-syz-executor-5567 [007] .... 51370.561696: kvm_mmio: mmio write len 3 gpa 0x10 val 0x1ffff10077c1010f
-
-After patch:
-
-syz-executor-13416 [002] .... 51302.299573: kvm_mmio: mmio write len 3 gpa 0x10 val 0xc1010f
-
-Reported-by: Dmitry Vyukov <dvyukov at google.com>
-Reviewed-by: Darren Kenny <darren.kenny at oracle.com>
-Reviewed-by: Marc Zyngier <marc.zyngier at arm.com>
-Tested-by: Marc Zyngier <marc.zyngier at arm.com>
-Cc: Paolo Bonzini <pbonzini at redhat.com>
-Cc: Radim Krčmář <rkrcmar at redhat.com>
-Cc: Marc Zyngier <marc.zyngier at arm.com>
-Cc: Christoffer Dall <christoffer.dall at linaro.org>
-Signed-off-by: Wanpeng Li <wanpeng.li at hotmail.com>
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
----
- arch/x86/kvm/x86.c | 8 ++++----
- include/trace/events/kvm.h | 7 +++++--
- virt/kvm/arm/mmio.c | 6 +++---
- 3 files changed, 12 insertions(+), 9 deletions(-)
-
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -4362,7 +4362,7 @@ static int vcpu_mmio_read(struct kvm_vcp
- addr, n, v))
- && kvm_io_bus_read(vcpu, KVM_MMIO_BUS, addr, n, v))
- break;
-- trace_kvm_mmio(KVM_TRACE_MMIO_READ, n, addr, *(u64 *)v);
-+ trace_kvm_mmio(KVM_TRACE_MMIO_READ, n, addr, v);
- handled += n;
- addr += n;
- len -= n;
-@@ -4621,7 +4621,7 @@ static int read_prepare(struct kvm_vcpu
- {
- if (vcpu->mmio_read_completed) {
- trace_kvm_mmio(KVM_TRACE_MMIO_READ, bytes,
-- vcpu->mmio_fragments[0].gpa, *(u64 *)val);
-+ vcpu->mmio_fragments[0].gpa, val);
- vcpu->mmio_read_completed = 0;
- return 1;
- }
-@@ -4643,14 +4643,14 @@ static int write_emulate(struct kvm_vcpu
-
- static int write_mmio(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes, void *val)
- {
-- trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, *(u64 *)val);
-+ trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, val);
- return vcpu_mmio_write(vcpu, gpa, bytes, val);
- }
-
- static int read_exit_mmio(struct kvm_vcpu *vcpu, gpa_t gpa,
- void *val, int bytes)
- {
-- trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, bytes, gpa, 0);
-+ trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, bytes, gpa, NULL);
- return X86EMUL_IO_NEEDED;
- }
-
---- a/include/trace/events/kvm.h
-+++ b/include/trace/events/kvm.h
-@@ -211,7 +211,7 @@ TRACE_EVENT(kvm_ack_irq,
- { KVM_TRACE_MMIO_WRITE, "write" }
-
- TRACE_EVENT(kvm_mmio,
-- TP_PROTO(int type, int len, u64 gpa, u64 val),
-+ TP_PROTO(int type, int len, u64 gpa, void *val),
- TP_ARGS(type, len, gpa, val),
-
- TP_STRUCT__entry(
-@@ -225,7 +225,10 @@ TRACE_EVENT(kvm_mmio,
- __entry->type = type;
- __entry->len = len;
- __entry->gpa = gpa;
-- __entry->val = val;
-+ __entry->val = 0;
-+ if (val)
-+ memcpy(&__entry->val, val,
-+ min_t(u32, sizeof(__entry->val), len));
- ),
-
- TP_printk("mmio %s len %u gpa 0x%llx val 0x%llx",
---- a/virt/kvm/arm/mmio.c
-+++ b/virt/kvm/arm/mmio.c
-@@ -112,7 +112,7 @@ int kvm_handle_mmio_return(struct kvm_vc
- }
-
- trace_kvm_mmio(KVM_TRACE_MMIO_READ, len, run->mmio.phys_addr,
-- data);
-+ &data);
- data = vcpu_data_host_to_guest(vcpu, data, len);
- vcpu_set_reg(vcpu, vcpu->arch.mmio_decode.rt, data);
- }
-@@ -182,14 +182,14 @@ int io_mem_abort(struct kvm_vcpu *vcpu,
- data = vcpu_data_guest_to_host(vcpu, vcpu_get_reg(vcpu, rt),
- len);
-
-- trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, len, fault_ipa, data);
-+ trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, len, fault_ipa, &data);
- kvm_mmio_write_buf(data_buf, len, data);
-
- ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, fault_ipa, len,
- data_buf);
- } else {
- trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, len,
-- fault_ipa, 0);
-+ fault_ipa, NULL);
-
- ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, fault_ipa, len,
- data_buf);
diff --git a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch b/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
deleted file mode 100644
index 23ec669..0000000
--- a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From: Mohamed Ghannam <simo.ghannam at gmail.com>
-Date: Sun, 10 Dec 2017 03:50:58 +0000
-Subject: net: ipv4: fix for a race condition in raw_sendmsg
-Origin: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17712
-
-inet->hdrincl is racy, and could lead to uninitialized stack pointer
-usage, so its value should be read only once.
-
-Fixes: c008ba5bdc9f ("ipv4: Avoid reading user iov twice after raw_probe_proto_opt")
-Signed-off-by: Mohamed Ghannam <simo.ghannam at gmail.com>
-Reviewed-by: Eric Dumazet <edumazet at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/ipv4/raw.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
---- a/net/ipv4/raw.c
-+++ b/net/ipv4/raw.c
-@@ -513,11 +513,16 @@ static int raw_sendmsg(struct sock *sk,
- int err;
- struct ip_options_data opt_copy;
- struct raw_frag_vec rfv;
-+ int hdrincl;
-
- err = -EMSGSIZE;
- if (len > 0xFFFF)
- goto out;
-
-+ /* hdrincl should be READ_ONCE(inet->hdrincl)
-+ * but READ_ONCE() doesn't work with bit fields
-+ */
-+ hdrincl = inet->hdrincl;
- /*
- * Check the flags.
- */
-@@ -593,7 +598,7 @@ static int raw_sendmsg(struct sock *sk,
- /* Linux does not mangle headers on raw sockets,
- * so that IP options + IP_HDRINCL is non-sense.
- */
-- if (inet->hdrincl)
-+ if (hdrincl)
- goto done;
- if (ipc.opt->opt.srr) {
- if (!daddr)
-@@ -615,12 +620,12 @@ static int raw_sendmsg(struct sock *sk,
-
- flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
- RT_SCOPE_UNIVERSE,
-- inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
-+ hdrincl ? IPPROTO_RAW : sk->sk_protocol,
- inet_sk_flowi_flags(sk) |
-- (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
-+ (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
- daddr, saddr, 0, 0, sk->sk_uid);
-
-- if (!inet->hdrincl) {
-+ if (!hdrincl) {
- rfv.msg = msg;
- rfv.hlen = 0;
-
-@@ -645,7 +650,7 @@ static int raw_sendmsg(struct sock *sk,
- goto do_confirm;
- back_from_confirm:
-
-- if (inet->hdrincl)
-+ if (hdrincl)
- err = raw_send_hdrinc(sk, &fl4, msg, len,
- &rt, msg->msg_flags, &ipc.sockc);
-
diff --git a/debian/patches/bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch b/debian/patches/bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch
deleted file mode 100644
index effd659..0000000
--- a/debian/patches/bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: Kevin Cernekee <cernekee at chromium.org>
-Date: Sun, 3 Dec 2017 12:12:45 -0800
-Subject: netfilter: nfnetlink_cthelper: Add missing permission checks
-Origin: https://git.kernel.org/linus/4b380c42f7d00a395feede754f0bc2292eebe6e5
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17448
-
-The capability check in nfnetlink_rcv() verifies that the caller
-has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
-However, nfnl_cthelper_list is shared by all net namespaces on the
-system. An unprivileged user can create user and net namespaces
-in which he holds CAP_NET_ADMIN to bypass the netlink_net_capable()
-check:
-
- $ nfct helper list
- nfct v1.4.4: netlink error: Operation not permitted
- $ vpnns -- nfct helper list
- {
- .name = ftp,
- .queuenum = 0,
- .l3protonum = 2,
- .l4protonum = 6,
- .priv_data_len = 24,
- .status = enabled,
- };
-
-Add capable() checks in nfnetlink_cthelper, as this is cleaner than
-trying to generalize the solution.
-
-Signed-off-by: Kevin Cernekee <cernekee at chromium.org>
-Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
----
- net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/net/netfilter/nfnetlink_cthelper.c
-+++ b/net/netfilter/nfnetlink_cthelper.c
-@@ -17,6 +17,7 @@
- #include <linux/types.h>
- #include <linux/list.h>
- #include <linux/errno.h>
-+#include <linux/capability.h>
- #include <net/netlink.h>
- #include <net/sock.h>
-
-@@ -407,6 +408,9 @@ static int nfnl_cthelper_new(struct net
- struct nfnl_cthelper *nlcth;
- int ret = 0;
-
-+ if (!capable(CAP_NET_ADMIN))
-+ return -EPERM;
-+
- if (!tb[NFCTH_NAME] || !tb[NFCTH_TUPLE])
- return -EINVAL;
-
-@@ -611,6 +615,9 @@ static int nfnl_cthelper_get(struct net
- struct nfnl_cthelper *nlcth;
- bool tuple_set = false;
-
-+ if (!capable(CAP_NET_ADMIN))
-+ return -EPERM;
-+
- if (nlh->nlmsg_flags & NLM_F_DUMP) {
- struct netlink_dump_control c = {
- .dump = nfnl_cthelper_dump_table,
-@@ -678,6 +685,9 @@ static int nfnl_cthelper_del(struct net
- struct nfnl_cthelper *nlcth, *n;
- int j = 0, ret;
-
-+ if (!capable(CAP_NET_ADMIN))
-+ return -EPERM;
-+
- if (tb[NFCTH_NAME])
- helper_name = nla_data(tb[NFCTH_NAME]);
-
diff --git a/debian/patches/bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch b/debian/patches/bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch
deleted file mode 100644
index fcaacd7..0000000
--- a/debian/patches/bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: Kevin Cernekee <cernekee at chromium.org>
-Date: Tue, 5 Dec 2017 15:42:41 -0800
-Subject: netfilter: xt_osf: Add missing permission checks
-Origin: https://git.kernel.org/linus/916a27901de01446bcf57ecca4783f6cff493309
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17450
-
-The capability check in nfnetlink_rcv() verifies that the caller
-has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
-However, xt_osf_fingers is shared by all net namespaces on the
-system. An unprivileged user can create user and net namespaces
-in which he holds CAP_NET_ADMIN to bypass the netlink_net_capable()
-check:
-
- vpnns -- nfnl_osf -f /tmp/pf.os
-
- vpnns -- nfnl_osf -f /tmp/pf.os -d
-
-These non-root operations successfully modify the systemwide OS
-fingerprint list. Add new capable() checks so that they can't.
-
-Signed-off-by: Kevin Cernekee <cernekee at chromium.org>
-Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
----
- net/netfilter/xt_osf.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
---- a/net/netfilter/xt_osf.c
-+++ b/net/netfilter/xt_osf.c
-@@ -19,6 +19,7 @@
- #include <linux/module.h>
- #include <linux/kernel.h>
-
-+#include <linux/capability.h>
- #include <linux/if.h>
- #include <linux/inetdevice.h>
- #include <linux/ip.h>
-@@ -70,6 +71,9 @@ static int xt_osf_add_callback(struct ne
- struct xt_osf_finger *kf = NULL, *sf;
- int err = 0;
-
-+ if (!capable(CAP_NET_ADMIN))
-+ return -EPERM;
-+
- if (!osf_attrs[OSF_ATTR_FINGER])
- return -EINVAL;
-
-@@ -115,6 +119,9 @@ static int xt_osf_remove_callback(struct
- struct xt_osf_finger *sf;
- int err = -ENOENT;
-
-+ if (!capable(CAP_NET_ADMIN))
-+ return -EPERM;
-+
- if (!osf_attrs[OSF_ATTR_FINGER])
- return -EINVAL;
-
diff --git a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch b/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
deleted file mode 100644
index d037380..0000000
--- a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Kevin Cernekee <cernekee at chromium.org>
-Date: Wed, 6 Dec 2017 12:12:27 -0800
-Subject: netlink: Add netns check on taps
-Origin: https://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17449
-
-Currently, a nlmon link inside a child namespace can observe systemwide
-netlink activity. Filter the traffic so that nlmon can only sniff
-netlink messages from its own netns.
-
-Test case:
-
- vpnns -- bash -c "ip link add nlmon0 type nlmon; \
- ip link set nlmon0 up; \
- tcpdump -i nlmon0 -q -w /tmp/nlmon.pcap -U" &
- sudo ip xfrm state add src 10.1.1.1 dst 10.1.1.2 proto esp \
- spi 0x1 mode transport \
- auth sha1 0x6162633132330000000000000000000000000000 \
- enc aes 0x00000000000000000000000000000000
- grep --binary abc123 /tmp/nlmon.pcap
-
-Signed-off-by: Kevin Cernekee <cernekee at chromium.org>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/netlink/af_netlink.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/netlink/af_netlink.c
-+++ b/net/netlink/af_netlink.c
-@@ -254,6 +254,9 @@ static int __netlink_deliver_tap_skb(str
- struct sock *sk = skb->sk;
- int ret = -ENOMEM;
-
-+ if (!net_eq(dev_net(dev), sock_net(sk)))
-+ return 0;
-+
- dev_hold(dev);
-
- if (is_vmalloc_addr(skb->head))
diff --git a/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
index f213371..420deae 100644
--- a/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
+++ b/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
@@ -26,16 +26,16 @@ missing, except for the pre-R600 case.
---
--- a/drivers/gpu/drm/radeon/radeon_drv.c
+++ b/drivers/gpu/drm/radeon/radeon_drv.c
-@@ -44,6 +44,8 @@
+@@ -43,6 +43,8 @@
+ #include <drm/drm_fb_helper.h>
#include <drm/drm_crtc_helper.h>
- #include "radeon_kfd.h"
+#include <linux/namei.h>
+#include <linux/path.h>
/*
* KMS wrapper.
-@@ -312,6 +314,29 @@ static struct drm_driver kms_driver;
+@@ -311,6 +313,29 @@ static struct drm_driver kms_driver;
bool radeon_device_is_virtual(void);
@@ -65,7 +65,7 @@ missing, except for the pre-R600 case.
static int radeon_kick_out_firmware_fb(struct pci_dev *pdev)
{
struct apertures_struct *ap;
-@@ -349,6 +374,12 @@ static int radeon_pci_probe(struct pci_d
+@@ -340,6 +365,12 @@ static int radeon_pci_probe(struct pci_d
if (vga_switcheroo_client_probe_defer(pdev))
return -EPROBE_DEFER;
diff --git a/debian/patches/bugfix/all/tools-lib-lockdep-define-pr_cont.patch b/debian/patches/bugfix/all/tools-lib-lockdep-define-pr_cont.patch
deleted file mode 100644
index 2975cfa..0000000
--- a/debian/patches/bugfix/all/tools-lib-lockdep-define-pr_cont.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Sun, 01 Oct 2017 15:39:34 +0100
-Subject: tools/lib/lockdep: Define pr_cont()
-
-lockdep.c now also uses pr_cont(), so we need to implement it in
-liblockdep.
-
-It is currently always used to continue warning lines, so define
-pr_cont() the same as pr_warn(). If this changes, we might need to
-record the last log level in a TLS variable and have pr_cont() check
-that.
-
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
----
---- a/tools/include/linux/lockdep.h
-+++ b/tools/include/linux/lockdep.h
-@@ -47,6 +47,8 @@ static inline int debug_locks_off(void)
- #define printk(...) dprintf(STDOUT_FILENO, __VA_ARGS__)
- #define pr_err(format, ...) fprintf (stderr, format, ## __VA_ARGS__)
- #define pr_warn pr_err
-+/* XXX we assume pr_cont() is only used for warnings */
-+#define pr_cont pr_warn
-
- #define list_del_rcu list_del
-
diff --git a/debian/patches/bugfix/all/usb-core-prevent-malicious-bnuminterfaces-overflow.patch b/debian/patches/bugfix/all/usb-core-prevent-malicious-bnuminterfaces-overflow.patch
deleted file mode 100644
index 13e050e..0000000
--- a/debian/patches/bugfix/all/usb-core-prevent-malicious-bnuminterfaces-overflow.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Alan Stern <stern at rowland.harvard.edu>
-Date: Tue, 12 Dec 2017 14:25:13 -0500
-Subject: USB: core: prevent malicious bNumInterfaces overflow
-Origin: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17558
-
-A malicious USB device with crafted descriptors can cause the kernel
-to access unallocated memory by setting the bNumInterfaces value too
-high in a configuration descriptor. Although the value is adjusted
-during parsing, this adjustment is skipped in one of the error return
-paths.
-
-This patch prevents the problem by setting bNumInterfaces to 0
-initially. The existing code already sets it to the proper value
-after parsing is complete.
-
-Signed-off-by: Alan Stern <stern at rowland.harvard.edu>
-Reported-by: Andrey Konovalov <andreyknvl at google.com>
-CC: <stable at vger.kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- drivers/usb/core/config.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
---- a/drivers/usb/core/config.c
-+++ b/drivers/usb/core/config.c
-@@ -555,6 +555,9 @@ static int usb_parse_configuration(struc
- unsigned iad_num = 0;
-
- memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
-+ nintf = nintf_orig = config->desc.bNumInterfaces;
-+ config->desc.bNumInterfaces = 0; // Adjusted later
-+
- if (config->desc.bDescriptorType != USB_DT_CONFIG ||
- config->desc.bLength < USB_DT_CONFIG_SIZE ||
- config->desc.bLength > size) {
-@@ -568,7 +571,6 @@ static int usb_parse_configuration(struc
- buffer += config->desc.bLength;
- size -= config->desc.bLength;
-
-- nintf = nintf_orig = config->desc.bNumInterfaces;
- if (nintf > USB_MAXINTERFACES) {
- dev_warn(ddev, "config %d has too many interfaces: %d, "
- "using maximum allowed: %d\n",
diff --git a/debian/patches/bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch b/debian/patches/bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch
deleted file mode 100644
index b5382d0..0000000
--- a/debian/patches/bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch
+++ /dev/null
@@ -1,200 +0,0 @@
-From: Dongli Zhang <dongli.zhang at oracle.com>
-Date: Wed, 1 Nov 2017 09:46:33 +0800
-Subject: xen/time: do not decrease steal time after live migration on xen
-Origin: https://git.kernel.org/linus/5e25f5db6abb96ca8ee2aaedcb863daa6dfcc07a
-Bug-Debian: https://bugs.debian.org/871608
-
-After guest live migration on xen, steal time in /proc/stat
-(cpustat[CPUTIME_STEAL]) might decrease because steal returned by
-xen_steal_lock() might be less than this_rq()->prev_steal_time which is
-derived from previous return value of xen_steal_clock().
-
-For instance, steal time of each vcpu is 335 before live migration.
-
-cpu 198 0 368 200064 1962 0 0 1340 0 0
-cpu0 38 0 81 50063 492 0 0 335 0 0
-cpu1 65 0 97 49763 634 0 0 335 0 0
-cpu2 38 0 81 50098 462 0 0 335 0 0
-cpu3 56 0 107 50138 374 0 0 335 0 0
-
-After live migration, steal time is reduced to 312.
-
-cpu 200 0 370 200330 1971 0 0 1248 0 0
-cpu0 38 0 82 50123 500 0 0 312 0 0
-cpu1 65 0 97 49832 634 0 0 312 0 0
-cpu2 39 0 82 50167 462 0 0 312 0 0
-cpu3 56 0 107 50207 374 0 0 312 0 0
-
-Since runstate times are cumulative and cleared during xen live migration
-by xen hypervisor, the idea of this patch is to accumulate runstate times
-to global percpu variables before live migration suspend. Once guest VM is
-resumed, xen_get_runstate_snapshot_cpu() would always return the sum of new
-runstate times and previously accumulated times stored in global percpu
-variables.
-
-Comment above HYPERVISOR_suspend() has been removed as it is inaccurate:
-the call can return an error code (e.g., possibly -EPERM in the future).
-
-Similar and more severe issue would impact prior linux 4.8-4.10 as
-discussed by Michael Las at
-https://0xstubs.org/debugging-a-flaky-cpu-steal-time-counter-on-a-paravirtualized-xen-guest,
-which would overflow steal time and lead to 100% st usage in top command
-for linux 4.8-4.10. A backport of this patch would fix that issue.
-
-[boris: added linux/slab.h to driver/xen/time.c, slightly reformatted
- commit message]
-
-References: https://0xstubs.org/debugging-a-flaky-cpu-steal-time-counter-on-a-paravirtualized-xen-guest
-Signed-off-by: Dongli Zhang <dongli.zhang at oracle.com>
-Reviewed-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
-Signed-off-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
----
- drivers/xen/manage.c | 7 ++---
- drivers/xen/time.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++--
- include/xen/xen-ops.h | 1 +
- 3 files changed, 73 insertions(+), 7 deletions(-)
-
-diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c
-index c425d03d37d2..8835065029d3 100644
---- a/drivers/xen/manage.c
-+++ b/drivers/xen/manage.c
-@@ -72,18 +72,15 @@ static int xen_suspend(void *data)
- }
-
- gnttab_suspend();
-+ xen_manage_runstate_time(-1);
- xen_arch_pre_suspend();
-
-- /*
-- * This hypercall returns 1 if suspend was cancelled
-- * or the domain was merely checkpointed, and 0 if it
-- * is resuming in a new domain.
-- */
- si->cancelled = HYPERVISOR_suspend(xen_pv_domain()
- ? virt_to_gfn(xen_start_info)
- : 0);
-
- xen_arch_post_suspend(si->cancelled);
-+ xen_manage_runstate_time(si->cancelled ? 1 : 0);
- gnttab_resume();
-
- if (!si->cancelled) {
-diff --git a/drivers/xen/time.c b/drivers/xen/time.c
-index ac5f23fcafc2..8c46f555d82a 100644
---- a/drivers/xen/time.c
-+++ b/drivers/xen/time.c
-@@ -5,6 +5,7 @@
- #include <linux/kernel_stat.h>
- #include <linux/math64.h>
- #include <linux/gfp.h>
-+#include <linux/slab.h>
-
- #include <asm/paravirt.h>
- #include <asm/xen/hypervisor.h>
-@@ -19,6 +20,8 @@
- /* runstate info updated by Xen */
- static DEFINE_PER_CPU(struct vcpu_runstate_info, xen_runstate);
-
-+static DEFINE_PER_CPU(u64[4], old_runstate_time);
-+
- /* return an consistent snapshot of 64-bit time/counter value */
- static u64 get64(const u64 *p)
- {
-@@ -47,8 +50,8 @@ static u64 get64(const u64 *p)
- return ret;
- }
-
--static void xen_get_runstate_snapshot_cpu(struct vcpu_runstate_info *res,
-- unsigned int cpu)
-+static void xen_get_runstate_snapshot_cpu_delta(
-+ struct vcpu_runstate_info *res, unsigned int cpu)
- {
- u64 state_time;
- struct vcpu_runstate_info *state;
-@@ -66,6 +69,71 @@ static void xen_get_runstate_snapshot_cpu(struct vcpu_runstate_info *res,
- (state_time & XEN_RUNSTATE_UPDATE));
- }
-
-+static void xen_get_runstate_snapshot_cpu(struct vcpu_runstate_info *res,
-+ unsigned int cpu)
-+{
-+ int i;
-+
-+ xen_get_runstate_snapshot_cpu_delta(res, cpu);
-+
-+ for (i = 0; i < 4; i++)
-+ res->time[i] += per_cpu(old_runstate_time, cpu)[i];
-+}
-+
-+void xen_manage_runstate_time(int action)
-+{
-+ static struct vcpu_runstate_info *runstate_delta;
-+ struct vcpu_runstate_info state;
-+ int cpu, i;
-+
-+ switch (action) {
-+ case -1: /* backup runstate time before suspend */
-+ if (unlikely(runstate_delta))
-+ pr_warn_once("%s: memory leak as runstate_delta is not NULL\n",
-+ __func__);
-+
-+ runstate_delta = kmalloc_array(num_possible_cpus(),
-+ sizeof(*runstate_delta),
-+ GFP_ATOMIC);
-+ if (unlikely(!runstate_delta)) {
-+ pr_warn("%s: failed to allocate runstate_delta\n",
-+ __func__);
-+ return;
-+ }
-+
-+ for_each_possible_cpu(cpu) {
-+ xen_get_runstate_snapshot_cpu_delta(&state, cpu);
-+ memcpy(runstate_delta[cpu].time, state.time,
-+ sizeof(runstate_delta[cpu].time));
-+ }
-+
-+ break;
-+
-+ case 0: /* backup runstate time after resume */
-+ if (unlikely(!runstate_delta)) {
-+ pr_warn("%s: cannot accumulate runstate time as runstate_delta is NULL\n",
-+ __func__);
-+ return;
-+ }
-+
-+ for_each_possible_cpu(cpu) {
-+ for (i = 0; i < 4; i++)
-+ per_cpu(old_runstate_time, cpu)[i] +=
-+ runstate_delta[cpu].time[i];
-+ }
-+
-+ break;
-+
-+ default: /* do not accumulate runstate time for checkpointing */
-+ break;
-+ }
-+
-+ if (action != -1 && runstate_delta) {
-+ kfree(runstate_delta);
-+ runstate_delta = NULL;
-+ }
-+}
-+
- /*
- * Runstate accounting
- */
-diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h
-index 218e6aae5433..09072271f122 100644
---- a/include/xen/xen-ops.h
-+++ b/include/xen/xen-ops.h
-@@ -32,6 +32,7 @@ void xen_resume_notifier_unregister(struct notifier_block *nb);
- bool xen_vcpu_stolen(int vcpu);
- void xen_setup_runstate_info(int cpu);
- void xen_time_setup_guest(void);
-+void xen_manage_runstate_time(int action);
- void xen_get_runstate_snapshot(struct vcpu_runstate_info *res);
- u64 xen_steal_clock(int cpu);
-
---
-2.15.1
-
diff --git a/debian/patches/bugfix/arm/arm-dts-exynos-add-dwc3-susphy-quirk.patch b/debian/patches/bugfix/arm/arm-dts-exynos-add-dwc3-susphy-quirk.patch
deleted file mode 100644
index 84b4ac9..0000000
--- a/debian/patches/bugfix/arm/arm-dts-exynos-add-dwc3-susphy-quirk.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Andrzej Pietrasiewicz <andrzej.p at samsung.com>
-Date: Mon, 18 Sep 2017 12:02:13 +0200
-Subject: ARM: dts: exynos: Add dwc3 SUSPHY quirk
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux.git/commit?id=3bf689f9275ff73de1ffad3e571837c8bff41d27
-Bug-Debian: https://bugs.debian.org/843448
-
-Odroid XU4 board does not enumerate SuperSpeed devices.
-This patch makes exynos5 series chips use USB SUSPHY quirk,
-which solves the problem.
-
-Signed-off-by: Andrzej Pietrasiewicz <andrzej.p at samsung.com>
-Signed-off-by: Krzysztof Kozlowski <krzk at kernel.org>
----
- arch/arm/boot/dts/exynos54xx.dtsi | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/arch/arm/boot/dts/exynos54xx.dtsi b/arch/arm/boot/dts/exynos54xx.dtsi
-index 0389e8a10d0b..8ca4fef8b1ce 100644
---- a/arch/arm/boot/dts/exynos54xx.dtsi
-+++ b/arch/arm/boot/dts/exynos54xx.dtsi
-@@ -134,6 +134,7 @@
- interrupts = <GIC_SPI 72 IRQ_TYPE_LEVEL_HIGH>;
- phys = <&usbdrd_phy0 0>, <&usbdrd_phy0 1>;
- phy-names = "usb2-phy", "usb3-phy";
-+ snps,dis_u3_susphy_quirk;
- };
- };
-
-@@ -154,6 +155,7 @@
- reg = <0x12400000 0x10000>;
- phys = <&usbdrd_phy1 0>, <&usbdrd_phy1 1>;
- phy-names = "usb2-phy", "usb3-phy";
-+ snps,dis_u3_susphy_quirk;
- };
- };
-
diff --git a/debian/patches/bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch b/debian/patches/bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch
index 0815845..0e5a511 100644
--- a/debian/patches/bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch
+++ b/debian/patches/bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch
@@ -2,35 +2,39 @@ From: Ben Hutchings <ben at decadent.org.uk>
Date: Wed, 5 Jul 2017 13:32:43 +0100
Subject: mmap: Remember the MAP_FIXED flag as VM_FIXED
+Since 4.15 there are no spare bits, but we can use VM_ARCH_1 as
+VM_FIXED wil only be needed on x86.
+
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
include/linux/mm.h | 1 +
include/linux/mman.h | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
-diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 43edf659453b..1f84cc52389e 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
-@@ -190,6 +190,7 @@ extern unsigned int kobjsize(const void *objp);
- #define VM_ACCOUNT 0x00100000 /* Is a VM accounted object */
- #define VM_NORESERVE 0x00200000 /* should the VM suppress accounting */
+@@ -201,6 +201,11 @@ extern unsigned int kobjsize(const void
#define VM_HUGETLB 0x00400000 /* Huge TLB Page VM */
-+#define VM_FIXED 0x00800000 /* Allocated at fixed address */
+ #define VM_SYNC 0x00800000 /* Synchronous page faults */
#define VM_ARCH_1 0x01000000 /* Architecture-specific flag */
++#ifdef CONFIG_X86
++#define VM_FIXED VM_ARCH_1 /* Allocated at fixed address */
++#else
++#define VM_FIXED 0
++#endif
#define VM_WIPEONFORK 0x02000000 /* Wipe VMA contents in child. */
#define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */
-diff --git a/include/linux/mman.h b/include/linux/mman.h
-index 7c87b6652244..f22c15d5e24c 100644
+
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
-@@ -87,7 +87,8 @@ calc_vm_flag_bits(unsigned long flags)
- {
+@@ -131,7 +131,9 @@ calc_vm_flag_bits(unsigned long flags)
return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) |
_calc_vm_trans(flags, MAP_DENYWRITE, VM_DENYWRITE ) |
-- _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED );
-+ _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) |
-+ _calc_vm_trans(flags, MAP_FIXED, VM_FIXED );
+ _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) |
+- _calc_vm_trans(flags, MAP_SYNC, VM_SYNC );
++ _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) |
++ (VM_FIXED ?
++ _calc_vm_trans(flags, MAP_FIXED, VM_FIXED ) : 0);
}
unsigned long vm_commit_limit(void);
diff --git a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
index f3cec3f..55edbc7 100644
--- a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
+++ b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
@@ -15,7 +15,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -87,6 +87,11 @@
+@@ -102,6 +102,11 @@
#define CREATE_TRACE_POINTS
#include <trace/events/task.h>
@@ -27,7 +27,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
/*
* Minimum number of threads to boot the kernel
-@@ -1252,6 +1257,10 @@ static struct task_struct *copy_process(
+@@ -1550,6 +1555,10 @@ static __latent_entropy struct task_stru
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -38,7 +38,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
-@@ -1944,6 +1953,12 @@ SYSCALL_DEFINE1(unshare, unsigned long,
+@@ -2343,6 +2352,12 @@ SYSCALL_DEFINE1(unshare, unsigned long,
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
@@ -53,7 +53,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
goto bad_unshare_out;
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
-@@ -102,6 +102,9 @@ extern int core_uses_pid;
+@@ -105,6 +105,9 @@ extern int core_uses_pid;
extern char core_pattern[];
extern unsigned int core_pipe_limit;
#endif
@@ -63,7 +63,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
extern int pid_max;
extern int pid_max_min, pid_max_max;
extern int percpu_pagelist_fraction;
-@@ -489,6 +492,15 @@ static struct ctl_table kern_table[] = {
+@@ -512,6 +515,15 @@ static struct ctl_table kern_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
@@ -81,9 +81,9 @@ Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
{
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
-@@ -23,6 +23,9 @@
- #include <linux/projid.h>
- #include <linux/fs_struct.h>
+@@ -26,6 +26,9 @@
+ #include <linux/bsearch.h>
+ #include <linux/sort.h>
+/* sysctl */
+int unprivileged_userns_clone;
diff --git a/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch b/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
index 77d44b4..3806f94 100644
--- a/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
+++ b/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
@@ -12,8 +12,8 @@ actually used.
---
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
-@@ -847,6 +847,14 @@ SYSCALL_DEFINE5(fanotify_mark, int, fano
- #endif
+@@ -866,6 +866,14 @@ SYSCALL_DEFINE5(fanotify_mark, int, fano
+ if (mask & ~valid_mask)
return -EINVAL;
+#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
diff --git a/debian/patches/debian/gitignore.patch b/debian/patches/debian/gitignore.patch
index e9edd72..3932721 100644
--- a/debian/patches/debian/gitignore.patch
+++ b/debian/patches/debian/gitignore.patch
@@ -7,8 +7,8 @@ Forwarded: not-needed
--- a/.gitignore
+++ b/.gitignore
-@@ -53,23 +53,11 @@ Module.symvers
- /Module.markers
+@@ -61,23 +61,11 @@ modules.builtin
+ /*.spec
#
-# Debian directory (make deb-pkg)
@@ -31,7 +31,7 @@ Forwarded: not-needed
# Generated include files
#
include/config
-@@ -114,3 +102,10 @@ all.config
+@@ -122,3 +110,10 @@ all.config
# Kdevelop4
*.kdev4
diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch
index a890a8c..93c8c0b 100644
--- a/debian/patches/debian/kernelvariables.patch
+++ b/debian/patches/debian/kernelvariables.patch
@@ -14,7 +14,7 @@ use of $(ARCH) needs to be moved after this.
--- a/Makefile
+++ b/Makefile
-@@ -251,42 +251,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
+@@ -314,39 +314,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
ARCH ?= $(SUBARCH)
CROSS_COMPILE ?= $(CONFIG_CROSS_COMPILE:"%"=%)
@@ -51,13 +51,10 @@ use of $(ARCH) needs to be moved after this.
- SRCARCH := tile
-endif
-
--# Where to locate arch specific headers
--hdr-arch := $(SRCARCH)
--
KCONFIG_CONFIG ?= .config
export KCONFIG_CONFIG
-@@ -374,6 +338,45 @@ CFLAGS_KERNEL =
+@@ -395,6 +362,38 @@ CFLAGS_KERNEL =
AFLAGS_KERNEL =
LDFLAGS_vmlinux =
@@ -93,13 +90,6 @@ use of $(ARCH) needs to be moved after this.
+ SRCARCH := tile
+endif
+
-+# Where to locate arch specific headers
-+hdr-arch := $(SRCARCH)
-+
-+ifeq ($(ARCH),m68knommu)
-+ hdr-arch := m68k
-+endif
-+
# Use USERINCLUDE when you must reference the UAPI directories only.
USERINCLUDE := \
- -I$(srctree)/arch/$(hdr-arch)/include/uapi \
+ -I$(srctree)/arch/$(SRCARCH)/include/uapi \
diff --git a/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch b/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch
index 4fbb8df..9541565 100644
--- a/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch
+++ b/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch
@@ -176,7 +176,7 @@ and commit 8b3f5ac6b55f5f3f60723a58f14ec235a5b8cfe
#include "bus.h"
#include "channel.h"
-@@ -177,38 +176,11 @@ static int host1x_probe(struct platform_
+@@ -218,37 +217,11 @@ static int host1x_probe(struct platform_
return err;
}
@@ -201,8 +201,7 @@ and commit 8b3f5ac6b55f5f3f60723a58f14ec235a5b8cfe
-
- order = __ffs(host->domain->pgsize_bitmap);
- init_iova_domain(&host->iova, 1UL << order,
-- geometry->aperture_start >> order,
-- geometry->aperture_end >> order);
+- geometry->aperture_start >> order);
- host->iova_end = geometry->aperture_end;
- }
-
@@ -216,7 +215,7 @@ and commit 8b3f5ac6b55f5f3f60723a58f14ec235a5b8cfe
}
err = clk_prepare_enable(host->clk);
-@@ -253,15 +225,6 @@ fail_unprepare_disable:
+@@ -293,15 +266,6 @@ fail_unprepare_disable:
clk_disable_unprepare(host->clk);
fail_free_channels:
host1x_channel_list_free(&host->channel_list);
@@ -232,7 +231,7 @@ and commit 8b3f5ac6b55f5f3f60723a58f14ec235a5b8cfe
return err;
}
-@@ -275,12 +238,6 @@ static int host1x_remove(struct platform
+@@ -315,12 +279,6 @@ static int host1x_remove(struct platform
reset_control_assert(host->rst);
clk_disable_unprepare(host->clk);
@@ -256,7 +255,7 @@ and commit 8b3f5ac6b55f5f3f60723a58f14ec235a5b8cfe
#include <linux/platform_device.h>
#include <linux/reset.h>
-@@ -112,10 +110,6 @@ struct host1x {
+@@ -117,10 +115,6 @@ struct host1x {
struct clk *clk;
struct reset_control *rst;
diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch
index 9a9f434..547b85f 100644
--- a/debian/patches/debian/version.patch
+++ b/debian/patches/debian/version.patch
@@ -9,7 +9,7 @@ are set.
--- a/Makefile
+++ b/Makefile
-@@ -1055,7 +1055,7 @@ endif
+@@ -1048,7 +1048,7 @@ endif
prepare2: prepare3 prepare-compiler-check outputmakefile asm-generic
prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
@@ -18,7 +18,7 @@ are set.
$(cmd_crmodverdir)
archprepare: archheaders archscripts prepare1 scripts_basic
-@@ -1116,6 +1116,16 @@ define filechk_version.h
+@@ -1118,6 +1118,16 @@ define filechk_version.h
echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
endef
@@ -35,7 +35,7 @@ are set.
$(version_h): $(srctree)/Makefile FORCE
$(call filechk,version.h)
$(Q)rm -f $(old_version_h)
-@@ -1123,6 +1133,9 @@ $(version_h): $(srctree)/Makefile FORCE
+@@ -1125,6 +1135,9 @@ $(version_h): $(srctree)/Makefile FORCE
include/generated/utsrelease.h: include/config/kernel.release FORCE
$(call filechk,utsrelease.h)
@@ -69,7 +69,7 @@ are set.
printk(KERN_INFO "RSP: %016lx EFLAGS: %08lx\n", PT_REGS_SP(regs),
--- a/arch/ia64/kernel/process.c
+++ b/arch/ia64/kernel/process.c
-@@ -34,6 +34,7 @@
+@@ -35,6 +35,7 @@
#include <linux/utsname.h>
#include <linux/tracehook.h>
#include <linux/rcupdate.h>
@@ -77,7 +77,7 @@ are set.
#include <asm/cpu.h>
#include <asm/delay.h>
-@@ -107,9 +108,9 @@ show_regs (struct pt_regs *regs)
+@@ -108,9 +109,9 @@ show_regs (struct pt_regs *regs)
print_modules();
printk("\n");
show_regs_print_info(KERN_DEFAULT);
@@ -99,13 +99,13 @@ are set.
#include <asm/pgtable.h>
#include <asm/io.h>
-@@ -1382,8 +1383,9 @@ void show_regs(struct pt_regs * regs)
+@@ -1403,8 +1404,9 @@ void show_regs(struct pt_regs * regs)
printk("NIP: "REG" LR: "REG" CTR: "REG"\n",
regs->nip, regs->link, regs->ctr);
-- printk("REGS: %p TRAP: %04lx %s (%s)\n",
+- printk("REGS: %px TRAP: %04lx %s (%s)\n",
- regs, regs->trap, print_tainted(), init_utsname()->release);
-+ printk("REGS: %p TRAP: %04lx %s (%s%s)\n",
++ printk("REGS: %px TRAP: %04lx %s (%s%s)\n",
+ regs, regs->trap, print_tainted(), init_utsname()->release,
+ LINUX_PACKAGE_ID);
printk("MSR: "REG" ", regs->msr);
diff --git a/debian/patches/features/all/aufs4/aufs4-base.patch b/debian/patches/features/all/aufs4/aufs4-base.patch
index 4af7861..f1e01ce 100644
--- a/debian/patches/features/all/aufs4/aufs4-base.patch
+++ b/debian/patches/features/all/aufs4/aufs4-base.patch
@@ -1,18 +1,19 @@
From: J. R. Okajima <hooanon05 at yahoo.co.jp>
-Date: Thu Nov 16 10:20:27 2017 +0900
-Subject: aufs4.14 base patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/bf518fb574cee10c6112f0e9ca5c67b277426630
+Date: Sat Dec 16 15:29:33 2017 +0900
+Subject: SPDX-License-Identifier: GPL-2.0
+Origin: https://github.com/sfjro/aufs4-standalone/tree/8b9c1be851f351af1104f55952e211ae541695ee
Bug-Debian: https://bugs.debian.org/541828
Patch headers added by debian/patches/features/all/aufs4/gen-patch
-aufs4.14 base patch
+SPDX-License-Identifier: GPL-2.0
+aufs4.x-rcN base patch
diff --git a/MAINTAINERS b/MAINTAINERS
-index 2811a21..02b6deb 100644
+index 82ad0ea..7d8b461 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
-@@ -2465,6 +2465,19 @@ F: include/linux/audit.h
+@@ -2478,6 +2478,19 @@ F: include/linux/audit.h
F: include/uapi/linux/audit.h
F: kernel/audit*
@@ -33,10 +34,10 @@ index 2811a21..02b6deb 100644
M: Miguel Ojeda Sandonis <miguel.ojeda.sandonis at gmail.com>
W: http://miguelojeda.es/auxdisplay.htm
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index 85de673..d44de9d 100644
+index bc8e615..e51a59d 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
-@@ -686,6 +686,24 @@ static inline int is_loop_device(struct file *file)
+@@ -691,6 +691,24 @@ static inline int is_loop_device(struct file *file)
return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
}
@@ -62,7 +63,7 @@ index 85de673..d44de9d 100644
static ssize_t loop_attr_show(struct device *dev, char *page,
diff --git a/fs/dcache.c b/fs/dcache.c
-index f901413..e3719a5 100644
+index 5c7df1d..019f14b 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1197,7 +1197,7 @@ enum d_walk_ret {
@@ -75,7 +76,7 @@ index f901413..e3719a5 100644
void (*finish)(void *))
{
diff --git a/fs/fcntl.c b/fs/fcntl.c
-index 8d78ffd..cffefab 100644
+index 0522e28..74c255d 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -32,7 +32,7 @@
@@ -97,7 +98,7 @@ index 8d78ffd..cffefab 100644
return error;
diff --git a/fs/inode.c b/fs/inode.c
-index d1e35b5..f7800d6 100644
+index 03102d6..517883c 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1655,7 +1655,7 @@ EXPORT_SYMBOL(generic_update_time);
@@ -110,7 +111,7 @@ index d1e35b5..f7800d6 100644
int (*update_time)(struct inode *, struct timespec *, int);
diff --git a/fs/namespace.c b/fs/namespace.c
-index d18deb4..e5a4a7f 100644
+index e158ec6..312bdbd8 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -846,6 +846,12 @@ static inline int check_mnt(struct mount *mnt)
@@ -127,7 +128,7 @@ index d18deb4..e5a4a7f 100644
* vfsmount lock must be held for write
*/
diff --git a/fs/read_write.c b/fs/read_write.c
-index 0046d72..2388284 100644
+index f8547b8..0a5c47b 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -484,6 +484,28 @@ ssize_t __vfs_write(struct file *file, const char __user *p, size_t count,
@@ -160,7 +161,7 @@ index 0046d72..2388284 100644
{
mm_segment_t old_fs;
diff --git a/fs/splice.c b/fs/splice.c
-index f3084cc..eb888c6 100644
+index 39e2dc0..c5fb195 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -837,8 +837,8 @@ EXPORT_SYMBOL(generic_splice_sendpage);
@@ -188,7 +189,7 @@ index f3084cc..eb888c6 100644
ssize_t (*splice_read)(struct file *, loff_t *,
struct pipe_inode_info *, size_t, unsigned int);
diff --git a/fs/sync.c b/fs/sync.c
-index 83ac79a..fe15900 100644
+index 6e0a2cb..a6891ee 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -28,7 +28,7 @@
@@ -213,7 +214,7 @@ index 279720d..76e38ea 100644
static inline void fput_light(struct file *file, int fput_needed)
{
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 885266a..e489e42 100644
+index 511fbaa..96e05b3 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1265,6 +1265,7 @@ extern void fasync_free(struct fasync_struct *);
@@ -224,7 +225,7 @@ index 885266a..e489e42 100644
extern void __f_setown(struct file *filp, struct pid *, enum pid_type, int force);
extern int f_setown(struct file *filp, unsigned long arg, int force);
extern void f_delown(struct file *filp);
-@@ -1711,6 +1712,7 @@ struct file_operations {
+@@ -1712,6 +1713,7 @@ struct file_operations {
ssize_t (*sendpage) (struct file *, struct page *, int, size_t, loff_t *, int);
unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long);
int (*check_flags)(int);
@@ -232,7 +233,7 @@ index 885266a..e489e42 100644
int (*flock) (struct file *, int, struct file_lock *);
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int);
ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int);
-@@ -1781,6 +1783,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
+@@ -1782,6 +1784,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
struct iovec *fast_pointer,
struct iovec **ret_pointer);
@@ -245,7 +246,7 @@ index 885266a..e489e42 100644
extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *);
extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *);
extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *);
-@@ -2183,6 +2191,7 @@ extern int current_umask(void);
+@@ -2201,6 +2209,7 @@ extern int current_umask(void);
extern void ihold(struct inode * inode);
extern void iput(struct inode *);
extern int generic_update_time(struct inode *, struct timespec *, int);
@@ -253,7 +254,7 @@ index 885266a..e489e42 100644
/* /sys/fs */
extern struct kobject *fs_kobj;
-@@ -2463,6 +2472,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb)
+@@ -2481,6 +2490,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb)
return false;
}
#endif
@@ -262,7 +263,7 @@ index 885266a..e489e42 100644
extern const struct file_operations def_blk_fops;
extern const struct file_operations def_chr_fops;
diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h
-index f301d31..c26f5b4 100644
+index a842551..453e941 100644
--- a/include/linux/lockdep.h
+++ b/include/linux/lockdep.h
@@ -406,6 +406,8 @@ static inline int lockdep_match_key(struct lockdep_map *lock,
@@ -274,7 +275,7 @@ index f301d31..c26f5b4 100644
/*
* Acquire a lock.
*
-@@ -530,6 +532,7 @@ struct lock_class_key { };
+@@ -535,6 +537,7 @@ struct lockdep_map { };
#define lockdep_depth(tsk) (0)
@@ -317,10 +318,10 @@ index 74b4911..19789fb 100644
+ unsigned int flags);
#endif
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
-index e36e652..bc97a97 100644
+index 670d8d7..2cd0282 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
-@@ -144,7 +144,7 @@ static struct lock_list list_entries[MAX_LOCKDEP_ENTRIES];
+@@ -156,7 +156,7 @@ static struct lock_list list_entries[MAX_LOCKDEP_ENTRIES];
unsigned long nr_lock_classes;
static struct lock_class lock_classes[MAX_LOCKDEP_KEYS];
@@ -329,7 +330,7 @@ index e36e652..bc97a97 100644
{
if (!hlock->class_idx) {
/*
-@@ -155,6 +155,7 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock)
+@@ -167,6 +167,7 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock)
}
return lock_classes + hlock->class_idx - 1;
}
diff --git a/debian/patches/features/all/aufs4/aufs4-mmap.patch b/debian/patches/features/all/aufs4/aufs4-mmap.patch
index 613cdbb..b1a9c02 100644
--- a/debian/patches/features/all/aufs4/aufs4-mmap.patch
+++ b/debian/patches/features/all/aufs4/aufs4-mmap.patch
@@ -1,18 +1,19 @@
From: J. R. Okajima <hooanon05 at yahoo.co.jp>
-Date: Thu Nov 16 10:20:27 2017 +0900
-Subject: aufs4.14 mmap patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/bf518fb574cee10c6112f0e9ca5c67b277426630
+Date: Sat Dec 16 15:29:33 2017 +0900
+Subject: SPDX-License-Identifier: GPL-2.0
+Origin: https://github.com/sfjro/aufs4-standalone/tree/8b9c1be851f351af1104f55952e211ae541695ee
Bug-Debian: https://bugs.debian.org/541828
Patch headers added by debian/patches/features/all/aufs4/gen-patch
-aufs4.14 mmap patch
+SPDX-License-Identifier: GPL-2.0
+aufs4.x-rcN mmap patch
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 9d357b2..11f4f23 100644
+index 60316b5..ce5314e 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
-@@ -1988,7 +1988,7 @@ static int map_files_get_link(struct dentry *dentry, struct path *path)
+@@ -1987,7 +1987,7 @@ static int map_files_get_link(struct dentry *dentry, struct path *path)
down_read(&mm->mmap_sem);
vma = find_exact_vma(mm, vm_start, vm_end);
if (vma && vma->vm_file) {
@@ -38,10 +39,10 @@ index 7563437..7c0dc0f 100644
ino = inode->i_ino;
}
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 6744bd7..6d4dea3 100644
+index 339e4c1..1138098 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
-@@ -310,7 +310,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+@@ -306,7 +306,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
const char *name = NULL;
if (file) {
@@ -53,7 +54,7 @@ index 6744bd7..6d4dea3 100644
dev = inode->i_sb->s_dev;
ino = inode->i_ino;
pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
-@@ -1739,7 +1742,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1736,7 +1739,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
struct proc_maps_private *proc_priv = &numa_priv->proc_maps;
struct vm_area_struct *vma = v;
struct numa_maps *md = &numa_priv->md;
@@ -79,10 +80,10 @@ index 5b62f57..dfb4a3b 100644
ino = inode->i_ino;
pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT;
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 43edf65..3f9acd9 100644
+index ea818ff..fbd4799 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
-@@ -1349,6 +1349,28 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1362,6 +1362,28 @@ static inline int fixup_user_fault(struct task_struct *tsk,
}
#endif
@@ -112,10 +113,10 @@ index 43edf65..3f9acd9 100644
unsigned int gup_flags);
extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index c85f11d..a63875a 100644
+index cfd0ac4..135e11c 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
-@@ -261,6 +261,7 @@ struct vm_region {
+@@ -255,6 +255,7 @@ struct vm_region {
unsigned long vm_top; /* region allocated to here */
unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */
struct file *vm_file; /* the backing file or NULL */
@@ -123,7 +124,7 @@ index c85f11d..a63875a 100644
int vm_usage; /* region usage count (access under nommu_region_sem) */
bool vm_icache_flushed : 1; /* true if the icache has been flushed for
-@@ -335,6 +336,7 @@ struct vm_area_struct {
+@@ -329,6 +330,7 @@ struct vm_area_struct {
unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE
units */
struct file * vm_file; /* File we map to (can be NULL). */
@@ -132,7 +133,7 @@ index c85f11d..a63875a 100644
atomic_long_t swap_readahead_info;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 07cc743..b1d2b43 100644
+index 432eadf..8b2ba5b 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -676,7 +676,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm,
@@ -145,10 +146,10 @@ index 07cc743..b1d2b43 100644
atomic_dec(&inode->i_writecount);
i_mmap_lock_write(mapping);
diff --git a/mm/Makefile b/mm/Makefile
-index 4659b93..84488841 100644
+index e669f02..9c36567 100644
--- a/mm/Makefile
+++ b/mm/Makefile
-@@ -40,7 +40,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
+@@ -39,7 +39,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
mm_init.o mmu_context.o percpu.o slab_common.o \
compaction.o vmacache.o swap_slots.o \
interval_tree.o list_lru.o workingset.o \
@@ -158,10 +159,10 @@ index 4659b93..84488841 100644
obj-y += init-mm.o
diff --git a/mm/filemap.c b/mm/filemap.c
-index 594d73f..7183aef 100644
+index ee83baa..7677d13 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
-@@ -2590,7 +2590,7 @@ int filemap_page_mkwrite(struct vm_fault *vmf)
+@@ -2704,7 +2704,7 @@ int filemap_page_mkwrite(struct vm_fault *vmf)
int ret = VM_FAULT_LOCKED;
sb_start_pagefault(inode->i_sb);
@@ -171,7 +172,7 @@ index 594d73f..7183aef 100644
if (page->mapping != inode->i_mapping) {
unlock_page(page);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 680506f..081406a 100644
+index a4d5468..cb06cbd 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -171,7 +171,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
@@ -192,7 +193,7 @@ index 680506f..081406a 100644
}
if (next->anon_vma)
anon_vma_merge(vma, next);
-@@ -1746,8 +1746,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1761,8 +1761,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
return addr;
unmap_and_free_vma:
@@ -202,7 +203,7 @@ index 680506f..081406a 100644
/* Undo any partial mapping done by a device driver. */
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
-@@ -2569,7 +2569,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2586,7 +2586,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
goto out_free_mpol;
if (new->vm_file)
@@ -211,7 +212,7 @@ index 680506f..081406a 100644
if (new->vm_ops && new->vm_ops->open)
new->vm_ops->open(new);
-@@ -2588,7 +2588,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2605,7 +2605,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
if (new->vm_ops && new->vm_ops->close)
new->vm_ops->close(new);
if (new->vm_file)
@@ -220,7 +221,7 @@ index 680506f..081406a 100644
unlink_anon_vmas(new);
out_free_mpol:
mpol_put(vma_policy(new));
-@@ -2750,7 +2750,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2767,7 +2767,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
struct vm_area_struct *vma;
unsigned long populate = 0;
unsigned long ret = -EINVAL;
@@ -229,7 +230,7 @@ index 680506f..081406a 100644
pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.\n",
current->comm, current->pid);
-@@ -2825,10 +2825,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2842,10 +2842,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
}
}
@@ -258,7 +259,7 @@ index 680506f..081406a 100644
out:
up_write(&mm->mmap_sem);
if (populate)
-@@ -3136,7 +3153,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -3153,7 +3170,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
if (anon_vma_clone(new_vma, vma))
goto out_free_mempol;
if (new_vma->vm_file)
@@ -313,11 +314,12 @@ index 17c00d9..4bcdf94 100644
diff --git a/mm/prfile.c b/mm/prfile.c
new file mode 100644
-index 0000000..1ef053b
+index 0000000..3f56669
--- /dev/null
+++ b/mm/prfile.c
-@@ -0,0 +1,85 @@
+@@ -0,0 +1,86 @@
+/*
++ * SPDX-License-Identifier: GPL-2.0
+ * Mainly for aufs which mmap(2) different file and wants to print different
+ * path in /proc/PID/maps.
+ * Call these functions via macros defined in linux/mm.h.
diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch
index 085dc2f..603c5ed 100644
--- a/debian/patches/features/all/aufs4/aufs4-standalone.patch
+++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch
@@ -1,16 +1,19 @@
From: J. R. Okajima <hooanon05 at yahoo.co.jp>
-Date: Thu Nov 16 10:20:27 2017 +0900
-Subject: aufs4.14 standalone patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/bf518fb574cee10c6112f0e9ca5c67b277426630
+Date: Sat Dec 16 15:29:33 2017 +0900
+Subject: SPDX-License-Identifier: GPL-2.0
+Origin: https://github.com/sfjro/aufs4-standalone/tree/8b9c1be851f351af1104f55952e211ae541695ee
Bug-Debian: https://bugs.debian.org/541828
Patch headers added by debian/patches/features/all/aufs4/gen-patch
-aufs4.14 standalone patch
+SPDX-License-Identifier: GPL-2.0
+aufs4.x-rcN standalone patch
+diff --git a/fs/dcache.c b/fs/dcache.c
+index 019f14b..10c1a6d 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -1305,6 +1305,7 @@ rename_retry:
+@@ -1305,6 +1305,7 @@ void d_walk(struct dentry *parent, void *data,
seq = 1;
goto again;
}
@@ -18,7 +21,7 @@ aufs4.14 standalone patch
struct check_mount {
struct vfsmount *mnt;
-@@ -2894,6 +2895,7 @@ void d_exchange(struct dentry *dentry1,
+@@ -2892,6 +2893,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2)
write_sequnlock(&rename_lock);
}
@@ -26,9 +29,11 @@ aufs4.14 standalone patch
/**
* d_ancestor - search for an ancestor
+diff --git a/fs/exec.c b/fs/exec.c
+index 6be2aa0..1e003f9 100644
--- a/fs/exec.c
+++ b/fs/exec.c
-@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path
+@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path)
return (path->mnt->mnt_flags & MNT_NOEXEC) ||
(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC);
}
@@ -36,9 +41,11 @@ aufs4.14 standalone patch
#ifdef CONFIG_USELIB
/*
+diff --git a/fs/fcntl.c b/fs/fcntl.c
+index 74c255d..ec53ee1 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
-@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, un
+@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, unsigned long arg)
out:
return error;
}
@@ -46,9 +53,11 @@ aufs4.14 standalone patch
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
int force)
+diff --git a/fs/file_table.c b/fs/file_table.c
+index 2dc9f38..7bf57df 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
-@@ -148,6 +148,7 @@ over:
+@@ -148,6 +148,7 @@ struct file *get_empty_filp(void)
}
return ERR_PTR(-ENFILE);
}
@@ -80,9 +89,11 @@ aufs4.14 standalone patch
void __init files_init(void)
{
+diff --git a/fs/inode.c b/fs/inode.c
+index 517883c..5cece5e 100644
--- a/fs/inode.c
+++ b/fs/inode.c
-@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, str
+@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags)
return update_time(inode, time, flags);
}
@@ -90,9 +101,11 @@ aufs4.14 standalone patch
/**
* touch_atime - update the access time
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 312bdbd8..a5baeb5 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *m
+@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
mnt_dec_writers(real_mount(mnt));
preempt_enable();
}
@@ -100,7 +113,7 @@ aufs4.14 standalone patch
/**
* mnt_drop_write - give up write access to a mount
-@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *m
+@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *mnt)
{
return check_mnt(real_mount(mnt));
}
@@ -108,7 +121,7 @@ aufs4.14 standalone patch
/*
* vfsmount lock must be held for write
-@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmo
+@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
}
return 0;
}
@@ -116,6 +129,8 @@ aufs4.14 standalone patch
static void cleanup_group_ids(struct mount *mnt, struct mount *end)
{
+diff --git a/fs/notify/group.c b/fs/notify/group.c
+index b7a4b6a..5a69d60 100644
--- a/fs/notify/group.c
+++ b/fs/notify/group.c
@@ -22,6 +22,7 @@
@@ -126,23 +141,23 @@ aufs4.14 standalone patch
#include <linux/fsnotify_backend.h>
#include "fsnotify.h"
-@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_
+@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_group *group)
{
- atomic_inc(&group->refcnt);
+ refcount_inc(&group->refcnt);
}
+EXPORT_SYMBOL_GPL(fsnotify_get_group);
/*
* Drop a reference to a group. Free it if it's through.
-@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_
- if (atomic_dec_and_test(&group->refcnt))
+@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
+ if (refcount_dec_and_test(&group->refcnt))
fsnotify_final_destroy_group(group);
}
+EXPORT_SYMBOL_GPL(fsnotify_put_group);
/*
* Create a new fsnotify_group and hold a reference for the group returned.
-@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_gr
+@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
return group;
}
@@ -150,17 +165,19 @@ aufs4.14 standalone patch
int fsnotify_fasync(int fd, struct file *file, int on)
{
+diff --git a/fs/notify/mark.c b/fs/notify/mark.c
+index e9191b4..1f8ccfa 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
-@@ -245,6 +245,7 @@ void fsnotify_put_mark(struct fsnotify_m
- queue_delayed_work(system_unbound_wq, &reaper_work,
- FSNOTIFY_REAPER_DELAY);
+@@ -108,6 +108,7 @@ void fsnotify_get_mark(struct fsnotify_mark *mark)
+ WARN_ON_ONCE(!refcount_read(&mark->refcnt));
+ refcount_inc(&mark->refcnt);
}
+EXPORT_SYMBOL_GPL(fsnotify_put_mark);
- /*
- * Get mark reference when we found the mark via lockless traversal of object
-@@ -392,6 +393,7 @@ void fsnotify_destroy_mark(struct fsnoti
+ static void __fsnotify_recalc_mask(struct fsnotify_mark_connector *conn)
+ {
+@@ -392,6 +393,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark,
mutex_unlock(&group->mark_mutex);
fsnotify_free_mark(mark);
}
@@ -168,7 +185,7 @@ aufs4.14 standalone patch
/*
* Sorting function for lists of fsnotify marks.
-@@ -604,6 +606,7 @@ err:
+@@ -606,6 +608,7 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark, struct inode *inode,
fsnotify_put_mark(mark);
return ret;
}
@@ -176,7 +193,7 @@ aufs4.14 standalone patch
int fsnotify_add_mark(struct fsnotify_mark *mark, struct inode *inode,
struct vfsmount *mnt, int allow_dups)
-@@ -739,6 +742,7 @@ void fsnotify_init_mark(struct fsnotify_
+@@ -741,6 +744,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
fsnotify_get_group(group);
mark->group = group;
}
@@ -184,9 +201,11 @@ aufs4.14 standalone patch
/*
* Destroy all marks in destroy_list, waits for SRCU period to finish before
+diff --git a/fs/open.c b/fs/open.c
+index 7ea1184..6e2e241 100644
--- a/fs/open.c
+++ b/fs/open.c
-@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l
+@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
inode_unlock(dentry->d_inode);
return ret;
}
@@ -202,9 +221,11 @@ aufs4.14 standalone patch
static int do_dentry_open(struct file *f,
struct inode *inode,
+diff --git a/fs/read_write.c b/fs/read_write.c
+index 0a5c47b..d423a5f 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
-@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char
+@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
return ret;
}
@@ -220,7 +241,7 @@ aufs4.14 standalone patch
vfs_writef_t vfs_writef(struct file *file)
{
-@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *fil
+@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *file)
return new_sync_write;
return ERR_PTR(-ENOSYS);
}
@@ -228,7 +249,7 @@ aufs4.14 standalone patch
ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
{
-@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, con
+@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
return ret;
}
@@ -236,9 +257,11 @@ aufs4.14 standalone patch
static inline loff_t file_pos_read(struct file *file)
{
+diff --git a/fs/splice.c b/fs/splice.c
+index c5fb195..ce01a74 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_in
+@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
return splice_write(pipe, out, ppos, len, flags);
}
@@ -246,7 +269,7 @@ aufs4.14 standalone patch
/*
* Attempt to initiate a splice from a file to a pipe.
-@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_
+@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
return splice_read(in, ppos, pipe, len, flags);
}
@@ -254,9 +277,11 @@ aufs4.14 standalone patch
/**
* splice_direct_to_actor - splices data directly between two non-pipes
+diff --git a/fs/sync.c b/fs/sync.c
+index a6891ee..47a78bd 100644
--- a/fs/sync.c
+++ b/fs/sync.c
-@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block
+@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block *sb, int wait)
sb->s_op->sync_fs(sb, wait);
return __sync_blockdev(sb->s_bdev, wait);
}
@@ -264,9 +289,11 @@ aufs4.14 standalone patch
/*
* Write out and wait upon all dirty data associated with this
+diff --git a/fs/xattr.c b/fs/xattr.c
+index 61cd28b..35570cd 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
-@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry
+@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
*xattr_value = value;
return error;
}
@@ -274,9 +301,11 @@ aufs4.14 standalone patch
ssize_t
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
+diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
+index 2cd0282..af59768 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
-@@ -155,6 +155,7 @@ inline struct lock_class *lockdep_hlock_
+@@ -167,6 +167,7 @@ inline struct lock_class *lockdep_hlock_class(struct held_lock *hlock)
}
return lock_classes + hlock->class_idx - 1;
}
@@ -284,6 +313,8 @@ aufs4.14 standalone patch
#define hlock_class(hlock) lockdep_hlock_class(hlock)
#ifdef CONFIG_LOCK_STAT
+diff --git a/kernel/task_work.c b/kernel/task_work.c
+index 0fef395..83fb1ec 100644
--- a/kernel/task_work.c
+++ b/kernel/task_work.c
@@ -116,3 +116,4 @@ void task_work_run(void)
@@ -291,9 +322,11 @@ aufs4.14 standalone patch
}
}
+EXPORT_SYMBOL_GPL(task_work_run);
+diff --git a/security/commoncap.c b/security/commoncap.c
+index 4f8e093..f1e0544 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
-@@ -1270,12 +1270,14 @@ int cap_mmap_addr(unsigned long addr)
+@@ -1333,12 +1333,14 @@ int cap_mmap_addr(unsigned long addr)
}
return ret;
}
@@ -308,6 +341,8 @@ aufs4.14 standalone patch
#ifdef CONFIG_SECURITY
+diff --git a/security/device_cgroup.c b/security/device_cgroup.c
+index c65b39b..e363d22 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -8,6 +8,7 @@
@@ -318,17 +353,16 @@ aufs4.14 standalone patch
#include <linux/list.h>
#include <linux/uaccess.h>
#include <linux/seq_file.h>
-@@ -850,6 +851,7 @@ int __devcgroup_inode_permission(struct
- return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
- access);
- }
-+EXPORT_SYMBOL_GPL(__devcgroup_inode_permission);
+@@ -824,3 +825,4 @@ int __devcgroup_check_permission(short type, u32 major, u32 minor,
- int devcgroup_inode_mknod(int mode, dev_t dev)
- {
+ return 0;
+ }
++EXPORT_SYMBOL_GPL(__devcgroup_check_permission);
+diff --git a/security/security.c b/security/security.c
+index 1cd8526..f2e4736 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -530,6 +530,7 @@ int security_path_rmdir(const struct pat
+@@ -531,6 +531,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry)
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
@@ -336,7 +370,7 @@ aufs4.14 standalone patch
int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
-@@ -546,6 +547,7 @@ int security_path_symlink(const struct p
+@@ -547,6 +548,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
return 0;
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
@@ -344,7 +378,7 @@ aufs4.14 standalone patch
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
-@@ -554,6 +556,7 @@ int security_path_link(struct dentry *ol
+@@ -555,6 +557,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
return 0;
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
@@ -352,7 +386,7 @@ aufs4.14 standalone patch
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry,
-@@ -581,6 +584,7 @@ int security_path_truncate(const struct
+@@ -582,6 +585,7 @@ int security_path_truncate(const struct path *path)
return 0;
return call_int_hook(path_truncate, 0, path);
}
@@ -360,7 +394,7 @@ aufs4.14 standalone patch
int security_path_chmod(const struct path *path, umode_t mode)
{
-@@ -588,6 +592,7 @@ int security_path_chmod(const struct pat
+@@ -589,6 +593,7 @@ int security_path_chmod(const struct path *path, umode_t mode)
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
@@ -368,7 +402,7 @@ aufs4.14 standalone patch
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
-@@ -595,6 +600,7 @@ int security_path_chown(const struct pat
+@@ -596,6 +601,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
@@ -376,7 +410,7 @@ aufs4.14 standalone patch
int security_path_chroot(const struct path *path)
{
-@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentr
+@@ -681,6 +687,7 @@ int security_inode_readlink(struct dentry *dentry)
return 0;
return call_int_hook(inode_readlink, 0, dentry);
}
@@ -384,7 +418,7 @@ aufs4.14 standalone patch
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
-@@ -695,6 +702,7 @@ int security_inode_permission(struct ino
+@@ -696,6 +703,7 @@ int security_inode_permission(struct inode *inode, int mask)
return 0;
return call_int_hook(inode_permission, 0, inode, mask);
}
@@ -392,7 +426,7 @@ aufs4.14 standalone patch
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
-@@ -866,6 +874,7 @@ int security_file_permission(struct file
+@@ -867,6 +875,7 @@ int security_file_permission(struct file *file, int mask)
return fsnotify_perm(file, mask);
}
@@ -400,7 +434,7 @@ aufs4.14 standalone patch
int security_file_alloc(struct file *file)
{
-@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file
+@@ -926,6 +935,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
return ret;
return ima_file_mmap(file, prot);
}
diff --git a/debian/patches/features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/debian/patches/features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
new file mode 100644
index 0000000..2712910
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
@@ -0,0 +1,165 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 15:11:31 +0000
+Subject: [01/29] Add the ability to lock down access to the running kernel
+ image
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=6d350e2534bfaaaa3e523484b2ca44d22377e951
+
+Provide a single call to allow kernel code to determine whether the system
+should be locked down, thereby disallowing various accesses that might
+allow the running kernel image to be changed including the loading of
+modules that aren't validly signed with a key we recognise, fiddling with
+MSR registers and disallowing hibernation,
+
+Signed-off-by: David Howells <dhowells at redhat.com>
+Acked-by: James Morris <james.l.morris at oracle.com>
+---
+ include/linux/kernel.h | 17 ++++++++++++++
+ include/linux/security.h | 8 +++++++
+ security/Kconfig | 8 +++++++
+ security/Makefile | 3 +++
+ security/lock_down.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 96 insertions(+)
+ create mode 100644 security/lock_down.c
+
+diff --git a/include/linux/kernel.h b/include/linux/kernel.h
+index 0ad4c3044cf9..362da2e4bf53 100644
+--- a/include/linux/kernel.h
++++ b/include/linux/kernel.h
+@@ -287,6 +287,23 @@ static inline void refcount_error_report(struct pt_regs *regs, const char *err)
+ { }
+ #endif
+
++#ifdef CONFIG_LOCK_DOWN_KERNEL
++extern bool __kernel_is_locked_down(const char *what, bool first);
++#else
++static inline bool __kernel_is_locked_down(const char *what, bool first)
++{
++ return false;
++}
++#endif
++
++#define kernel_is_locked_down(what) \
++ ({ \
++ static bool message_given; \
++ bool locked_down = __kernel_is_locked_down(what, !message_given); \
++ message_given = true; \
++ locked_down; \
++ })
++
+ /* Internal, do not use. */
+ int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res);
+ int __must_check _kstrtol(const char *s, unsigned int base, long *res);
+diff --git a/include/linux/security.h b/include/linux/security.h
+index ce6265960d6c..310775476b68 100644
+--- a/include/linux/security.h
++++ b/include/linux/security.h
+@@ -1753,5 +1753,13 @@ static inline void free_secdata(void *secdata)
+ { }
+ #endif /* CONFIG_SECURITY */
+
++#ifdef CONFIG_LOCK_DOWN_KERNEL
++extern void __init init_lockdown(void);
++#else
++static inline void __init init_lockdown(void)
++{
++}
++#endif
++
+ #endif /* ! __LINUX_SECURITY_H */
+
+diff --git a/security/Kconfig b/security/Kconfig
+index e8e449444e65..8e01fd59ae7e 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -205,6 +205,14 @@ config STATIC_USERMODEHELPER_PATH
+ If you wish for all usermode helper programs to be disabled,
+ specify an empty string here (i.e. "").
+
++config LOCK_DOWN_KERNEL
++ bool "Allow the kernel to be 'locked down'"
++ help
++ Allow the kernel to be locked down under certain circumstances, for
++ instance if UEFI secure boot is enabled. Locking down the kernel
++ turns off various features that might otherwise allow access to the
++ kernel image (eg. setting MSR registers).
++
+ source security/selinux/Kconfig
+ source security/smack/Kconfig
+ source security/tomoyo/Kconfig
+diff --git a/security/Makefile b/security/Makefile
+index f2d71cdb8e19..8c4a43e3d4e0 100644
+--- a/security/Makefile
++++ b/security/Makefile
+@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
+ # Object integrity file lists
+ subdir-$(CONFIG_INTEGRITY) += integrity
+ obj-$(CONFIG_INTEGRITY) += integrity/
++
++# Allow the kernel to be locked down
++obj-$(CONFIG_LOCK_DOWN_KERNEL) += lock_down.o
+diff --git a/security/lock_down.c b/security/lock_down.c
+new file mode 100644
+index 000000000000..d8595c0e6673
+--- /dev/null
++++ b/security/lock_down.c
+@@ -0,0 +1,60 @@
++/* Lock down the kernel
++ *
++ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
++ * Written by David Howells (dhowells at redhat.com)
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public Licence
++ * as published by the Free Software Foundation; either version
++ * 2 of the Licence, or (at your option) any later version.
++ */
++
++#include <linux/security.h>
++#include <linux/export.h>
++
++static __ro_after_init bool kernel_locked_down;
++
++/*
++ * Put the kernel into lock-down mode.
++ */
++static void __init lock_kernel_down(const char *where)
++{
++ if (!kernel_locked_down) {
++ kernel_locked_down = true;
++ pr_notice("Kernel is locked down from %s; see man kernel_lockdown.7\n",
++ where);
++ }
++}
++
++static int __init lockdown_param(char *ignored)
++{
++ lock_kernel_down("command line");
++ return 0;
++}
++
++early_param("lockdown", lockdown_param);
++
++/*
++ * Lock the kernel down from very early in the arch setup. This must happen
++ * prior to things like ACPI being initialised.
++ */
++void __init init_lockdown(void)
++{
++#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
++ if (efi_enabled(EFI_SECURE_BOOT))
++ lock_kernel_down("EFI secure boot");
++#endif
++}
++
++/**
++ * kernel_is_locked_down - Find out if the kernel is locked down
++ * @what: Tag to use in notice generated if lockdown is in effect
++ */
++bool __kernel_is_locked_down(const char *what, bool first)
++{
++ if (what && first && kernel_locked_down)
++ pr_notice("Lockdown: %s is restricted; see man kernel_lockdown.7\n",
++ what);
++ return kernel_locked_down;
++}
++EXPORT_SYMBOL(__kernel_is_locked_down);
diff --git a/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch b/debian/patches/features/all/lockdown/0002-Add-a-SysRq-option-to-lift-kernel-lockdown.patch
similarity index 52%
rename from debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
rename to debian/patches/features/all/lockdown/0002-Add-a-SysRq-option-to-lift-kernel-lockdown.patch
index b388639..bcaa676 100644
--- a/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
+++ b/debian/patches/features/all/lockdown/0002-Add-a-SysRq-option-to-lift-kernel-lockdown.patch
@@ -1,103 +1,55 @@
From: Kyle McMartin <kyle at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [43/61] Add a sysrq option to exit secure boot mode
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e26d9e1cb0218082265875505edc284a63385010
+Date: Wed, 8 Nov 2017 15:11:31 +0000
+Subject: [02/29] Add a SysRq option to lift kernel lockdown
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=47a04d29e952d4dd896f2ec4c2ecee6971ab364d
-Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
-kernel image to be modified. This lifts the lockdown.
+Make an option to provide a sysrq key that will lift the kernel lockdown,
+thereby allowing the running kernel image to be accessed and modified.
+
+On x86 this is triggered with SysRq+x, but this key may not be available on
+all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h.
+Since this macro must be defined in an arch to be able to use this facility
+for that arch, the Kconfig option is restricted to arches that support it.
Signed-off-by: Kyle McMartin <kyle at redhat.com>
Signed-off-by: David Howells <dhowells at redhat.com>
-[bwh: For 4.12, adjust context]
+cc: x86 at kernel.org
+[bwh: Forward-ported to 4.15]
---
- arch/x86/Kconfig | 10 ++++++++++
- arch/x86/kernel/setup.c | 31 +++++++++++++++++++++++++++++++
- drivers/input/misc/uinput.c | 1 +
- drivers/tty/sysrq.c | 19 +++++++++++++------
- include/linux/input.h | 5 +++++
- include/linux/sysrq.h | 8 +++++++-
- kernel/debug/kdb/kdb_main.c | 2 +-
- 7 files changed, 68 insertions(+), 8 deletions(-)
+ arch/x86/include/asm/setup.h | 2 ++
+ drivers/input/misc/uinput.c | 1 +
+ drivers/tty/sysrq.c | 19 ++++++++++++------
+ include/linux/input.h | 5 +++++
+ include/linux/sysrq.h | 8 +++++++-
+ kernel/debug/kdb/kdb_main.c | 2 +-
+ security/Kconfig | 10 ++++++++++
+ security/lock_down.c | 47 ++++++++++++++++++++++++++++++++++++++++++++
+ 8 files changed, 86 insertions(+), 8 deletions(-)
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -1898,6 +1898,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN
- image. Say Y here to automatically lock down the kernel when a
- system boots with UEFI Secure Boot enabled.
-
-+config EFI_ALLOW_SECURE_BOOT_EXIT
-+ def_bool n
-+ depends on EFI_SECURE_BOOT_LOCK_DOWN && MAGIC_SYSRQ
-+ select ALLOW_LOCKDOWN_LIFT
-+ prompt "Allow secure boot mode to be exited with SysRq+x on a keyboard"
-+ ---help---
-+ Allow secure boot mode to be exited and the kernel lockdown lifted by
-+ typing SysRq+x on a keyboard attached to the system (not permitted
-+ through procfs).
-+
- config SECCOMP
- def_bool y
- prompt "Enable seccomp to safely compute untrusted bytecode"
---- a/arch/x86/kernel/setup.c
-+++ b/arch/x86/kernel/setup.c
-@@ -72,6 +72,11 @@
- #include <linux/mem_encrypt.h>
- #include <linux/security.h>
+--- a/arch/x86/include/asm/setup.h
++++ b/arch/x86/include/asm/setup.h
+@@ -9,6 +9,8 @@
+ #include <linux/linkage.h>
+ #include <asm/page_types.h>
-+#include <linux/fips.h>
-+#include <linux/cred.h>
-+#include <linux/sysrq.h>
-+#include <linux/init_task.h>
++#define LOCKDOWN_LIFT_KEY 'x'
+
- #include <linux/usb/xhci-dbgp.h>
- #include <video/edid.h>
-
-@@ -1353,6 +1358,32 @@ void __init i386_reserve_resources(void)
-
- #endif /* CONFIG_X86_32 */
+ #ifdef __i386__
-+#ifdef CONFIG_EFI_ALLOW_SECURE_BOOT_EXIT
-+
-+static void sysrq_handle_secure_boot(int key)
-+{
-+ if (!efi_enabled(EFI_SECURE_BOOT))
-+ return;
-+
-+ pr_info("Secure boot disabled\n");
-+ lift_kernel_lockdown();
-+}
-+static struct sysrq_key_op secure_boot_sysrq_op = {
-+ .handler = sysrq_handle_secure_boot,
-+ .help_msg = "unSB(x)",
-+ .action_msg = "Disabling Secure Boot restrictions",
-+ .enable_mask = SYSRQ_DISABLE_USERSPACE,
-+};
-+static int __init secure_boot_sysrq(void)
-+{
-+ if (efi_enabled(EFI_SECURE_BOOT))
-+ register_sysrq_key('x', &secure_boot_sysrq_op);
-+ return 0;
-+}
-+late_initcall(secure_boot_sysrq);
-+#endif /*CONFIG_EFI_ALLOW_SECURE_BOOT_EXIT*/
-+
-+
- static struct notifier_block kernel_offset_notifier = {
- .notifier_call = dump_kernel_offset
- };
+ #include <linux/pfn.h>
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
-@@ -408,6 +408,7 @@ static int uinput_allocate_device(struct
- if (!udev->dev)
- return -ENOMEM;
+@@ -362,6 +362,7 @@ static int uinput_create_device(struct u
+ dev->flush = uinput_dev_flush;
+ }
-+ udev->dev->flags |= INPUTDEV_FLAGS_SYNTHETIC;
- udev->dev->event = uinput_dev_event;
- input_set_drvdata(udev->dev, udev);
++ dev->flags |= INPUTDEV_FLAGS_SYNTHETIC;
+ dev->event = uinput_dev_event;
+ input_set_drvdata(udev->dev, udev);
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
-@@ -481,6 +481,7 @@ static struct sysrq_key_op *sysrq_key_ta
+@@ -487,6 +487,7 @@ static struct sysrq_key_op *sysrq_key_ta
/* x: May be registered on mips for TLB dump */
/* x: May be registered on ppc/powerpc for xmon */
/* x: May be registered on sparc64 for global PMU dump */
@@ -105,7 +57,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
NULL, /* x */
/* y: May be registered on sparc64 for global register dump */
NULL, /* y */
-@@ -524,7 +525,7 @@ static void __sysrq_put_key_op(int key,
+@@ -530,7 +531,7 @@ static void __sysrq_put_key_op(int key,
sysrq_key_table[i] = op_p;
}
@@ -114,7 +66,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
{
struct sysrq_key_op *op_p;
int orig_log_level;
-@@ -544,11 +545,15 @@ void __handle_sysrq(int key, bool check_
+@@ -550,11 +551,15 @@ void __handle_sysrq(int key, bool check_
op_p = __sysrq_get_key_op(key);
if (op_p) {
@@ -131,7 +83,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
pr_cont("%s\n", op_p->action_msg);
console_loglevel = orig_log_level;
op_p->handler(key);
-@@ -580,7 +585,7 @@ void __handle_sysrq(int key, bool check_
+@@ -586,7 +591,7 @@ void __handle_sysrq(int key, bool check_
void handle_sysrq(int key)
{
if (sysrq_on())
@@ -140,7 +92,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
}
EXPORT_SYMBOL(handle_sysrq);
-@@ -661,7 +666,7 @@ static void sysrq_do_reset(unsigned long
+@@ -667,7 +672,7 @@ static void sysrq_do_reset(struct timer_
static void sysrq_handle_reset_request(struct sysrq_state *state)
{
if (state->reset_requested)
@@ -149,7 +101,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
if (sysrq_reset_downtime_ms)
mod_timer(&state->keyreset_timer,
-@@ -812,8 +817,10 @@ static bool sysrq_handle_keypress(struct
+@@ -818,8 +823,10 @@ static bool sysrq_handle_keypress(struct
default:
if (sysrq->active && value && value != 2) {
@@ -161,7 +113,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
}
break;
}
-@@ -1097,7 +1104,7 @@ static ssize_t write_sysrq_trigger(struc
+@@ -1102,7 +1109,7 @@ static ssize_t write_sysrq_trigger(struc
if (get_user(c, buf))
return -EFAULT;
@@ -200,7 +152,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
*/
--- a/include/linux/sysrq.h
+++ b/include/linux/sysrq.h
-@@ -28,6 +28,8 @@
+@@ -29,6 +29,8 @@
#define SYSRQ_ENABLE_BOOT 0x0080
#define SYSRQ_ENABLE_RTNICE 0x0100
@@ -209,7 +161,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
struct sysrq_key_op {
void (*handler)(int);
char *help_msg;
-@@ -42,8 +44,12 @@ struct sysrq_key_op {
+@@ -43,8 +45,12 @@ struct sysrq_key_op {
* are available -- else NULL's).
*/
@@ -234,3 +186,84 @@ Signed-off-by: David Howells <dhowells at redhat.com>
kdb_trap_printk--;
return 0;
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -222,6 +222,16 @@ config LOCK_DOWN_KERNEL
+ turns off various features that might otherwise allow access to the
+ kernel image (eg. setting MSR registers).
+
++config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
++ bool "Allow the kernel lockdown to be lifted by SysRq"
++ depends on LOCK_DOWN_KERNEL
++ depends on MAGIC_SYSRQ
++ depends on X86
++ help
++ Allow the lockdown on a kernel to be lifted, by pressing a SysRq key
++ combination on a wired keyboard.
++
++
+ source security/selinux/Kconfig
+ source security/smack/Kconfig
+ source security/tomoyo/Kconfig
+--- a/security/lock_down.c
++++ b/security/lock_down.c
+@@ -11,8 +11,14 @@
+
+ #include <linux/security.h>
+ #include <linux/export.h>
++#include <linux/sysrq.h>
++#include <asm/setup.h>
+
++#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
++static __read_mostly bool kernel_locked_down;
++#else
+ static __ro_after_init bool kernel_locked_down;
++#endif
+
+ /*
+ * Put the kernel into lock-down mode.
+@@ -58,3 +64,44 @@ bool __kernel_is_locked_down(const char
+ return kernel_locked_down;
+ }
+ EXPORT_SYMBOL(__kernel_is_locked_down);
++
++#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
++
++/*
++ * Take the kernel out of lockdown mode.
++ */
++static void lift_kernel_lockdown(void)
++{
++ pr_notice("Lifting lockdown\n");
++ kernel_locked_down = false;
++}
++
++/*
++ * Allow lockdown to be lifted by pressing something like SysRq+x (and not by
++ * echoing the appropriate letter into the sysrq-trigger file).
++ */
++static void sysrq_handle_lockdown_lift(int key)
++{
++ if (kernel_locked_down)
++ lift_kernel_lockdown();
++}
++
++static struct sysrq_key_op lockdown_lift_sysrq_op = {
++ .handler = sysrq_handle_lockdown_lift,
++ .help_msg = "unSB(x)",
++ .action_msg = "Disabling Secure Boot restrictions",
++ .enable_mask = SYSRQ_DISABLE_USERSPACE,
++};
++
++static int __init lockdown_lift_sysrq(void)
++{
++ if (kernel_locked_down) {
++ lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
++ register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op);
++ }
++ return 0;
++}
++
++late_initcall(lockdown_lift_sysrq);
++
++#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ */
diff --git a/debian/patches/features/all/lockdown/0003-ima-require-secure_boot-rules-in-lockdown-mode.patch b/debian/patches/features/all/lockdown/0003-ima-require-secure_boot-rules-in-lockdown-mode.patch
new file mode 100644
index 0000000..fd9bc7a
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0003-ima-require-secure_boot-rules-in-lockdown-mode.patch
@@ -0,0 +1,75 @@
+From: Mimi Zohar <zohar at linux.vnet.ibm.com>
+Date: Wed, 8 Nov 2017 15:11:32 +0000
+Subject: [03/29] ima: require secure_boot rules in lockdown mode
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=29c55d71a8185208c7962843a29c9a84ae27b2b0
+
+Require the "secure_boot" rules, whether or not it is specified
+on the boot command line, for both the builtin and custom policies
+in secure boot lockdown mode.
+
+Signed-off-by: Mimi Zohar <zohar at linux.vnet.ibm.com>
+Signed-off-by: David Howells <dhowells at redhat.com>
+---
+ security/integrity/ima/ima_policy.c | 39 +++++++++++++++++++++++++++----------
+ 1 file changed, 29 insertions(+), 10 deletions(-)
+
+diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
+index 95209a5f8595..49c75e2a1ec5 100644
+--- a/security/integrity/ima/ima_policy.c
++++ b/security/integrity/ima/ima_policy.c
+@@ -427,14 +427,21 @@ void ima_update_policy_flag(void)
+ */
+ void __init ima_init_policy(void)
+ {
+- int i, measure_entries, appraise_entries, secure_boot_entries;
++ int i;
++ int measure_entries = 0;
++ int appraise_entries = 0;
++ int secure_boot_entries = 0;
++ bool kernel_locked_down = __kernel_is_locked_down(NULL, false);
+
+ /* if !ima_policy set entries = 0 so we load NO default rules */
+- measure_entries = ima_policy ? ARRAY_SIZE(dont_measure_rules) : 0;
+- appraise_entries = ima_use_appraise_tcb ?
+- ARRAY_SIZE(default_appraise_rules) : 0;
+- secure_boot_entries = ima_use_secure_boot ?
+- ARRAY_SIZE(secure_boot_rules) : 0;
++ if (ima_policy)
++ measure_entries = ARRAY_SIZE(dont_measure_rules);
++
++ if (ima_use_appraise_tcb)
++ appraise_entries = ARRAY_SIZE(default_appraise_rules);
++
++ if (ima_use_secure_boot || kernel_locked_down)
++ secure_boot_entries = ARRAY_SIZE(secure_boot_rules);
+
+ for (i = 0; i < measure_entries; i++)
+ list_add_tail(&dont_measure_rules[i].list, &ima_default_rules);
+@@ -455,11 +462,23 @@ void __init ima_init_policy(void)
+
+ /*
+ * Insert the appraise rules requiring file signatures, prior to
+- * any other appraise rules.
++ * any other appraise rules. In secure boot lock-down mode, also
++ * require these appraise rules for custom policies.
+ */
+- for (i = 0; i < secure_boot_entries; i++)
+- list_add_tail(&secure_boot_rules[i].list,
+- &ima_default_rules);
++ for (i = 0; i < secure_boot_entries; i++) {
++ struct ima_rule_entry *entry;
++
++ /* Include for builtin policies */
++ list_add_tail(&secure_boot_rules[i].list, &ima_default_rules);
++
++ /* Include for custom policies */
++ if (kernel_locked_down) {
++ entry = kmemdup(&secure_boot_rules[i], sizeof(*entry),
++ GFP_KERNEL);
++ if (entry)
++ list_add_tail(&entry->list, &ima_policy_rules);
++ }
++ }
+
+ for (i = 0; i < appraise_entries; i++) {
+ list_add_tail(&default_appraise_rules[i].list,
diff --git a/debian/patches/features/all/lockdown/0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch b/debian/patches/features/all/lockdown/0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
new file mode 100644
index 0000000..87ce054
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
@@ -0,0 +1,90 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 15:11:32 +0000
+Subject: [04/29] Enforce module signatures if the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=1616ef1deccf5fdb525643a6b3efae34946a148d
+
+If the kernel is locked down, require that all modules have valid
+signatures that we can verify or that IMA can validate the file.
+
+Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+Reviewed-by: James Morris <james.l.morris at oracle.com>
+---
+ kernel/module.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/kernel/module.c b/kernel/module.c
+index de66ec825992..0ce29c8aa75a 100644
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -64,6 +64,7 @@
+ #include <linux/bsearch.h>
+ #include <linux/dynamic_debug.h>
+ #include <linux/audit.h>
++#include <linux/ima.h>
+ #include <uapi/linux/module.h>
+ #include "module-internal.h"
+
+@@ -2757,7 +2758,8 @@ static inline void kmemleak_load_module(const struct module *mod,
+ #endif
+
+ #ifdef CONFIG_MODULE_SIG
+-static int module_sig_check(struct load_info *info, int flags)
++static int module_sig_check(struct load_info *info, int flags,
++ bool can_do_ima_check)
+ {
+ int err = -ENOKEY;
+ const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+@@ -2781,13 +2783,16 @@ static int module_sig_check(struct load_info *info, int flags)
+ }
+
+ /* Not having a signature is only an error if we're strict. */
+- if (err == -ENOKEY && !sig_enforce)
++ if (err == -ENOKEY && !sig_enforce &&
++ (!can_do_ima_check || !is_ima_appraise_enabled()) &&
++ !kernel_is_locked_down("Loading of unsigned modules"))
+ err = 0;
+
+ return err;
+ }
+ #else /* !CONFIG_MODULE_SIG */
+-static int module_sig_check(struct load_info *info, int flags)
++static int module_sig_check(struct load_info *info, int flags,
++ bool can_do_ima_check)
+ {
+ return 0;
+ }
+@@ -3630,13 +3635,13 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname,
+ /* Allocate and load the module: note that size of section 0 is always
+ zero, and we rely on this for optional sections. */
+ static int load_module(struct load_info *info, const char __user *uargs,
+- int flags)
++ int flags, bool can_do_ima_check)
+ {
+ struct module *mod;
+ long err;
+ char *after_dashes;
+
+- err = module_sig_check(info, flags);
++ err = module_sig_check(info, flags, can_do_ima_check);
+ if (err)
+ goto free_copy;
+
+@@ -3830,7 +3835,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
+ if (err)
+ return err;
+
+- return load_module(&info, uargs, 0);
++ return load_module(&info, uargs, 0, false);
+ }
+
+ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags)
+@@ -3857,7 +3862,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags)
+ info.hdr = hdr;
+ info.len = size;
+
+- return load_module(&info, uargs, flags);
++ return load_module(&info, uargs, flags, true);
+ }
+
+ static inline int within(unsigned long addr, void *start, unsigned long size)
diff --git a/debian/patches/features/all/lockdown/0005-Restrict-dev-mem-kmem-port-when-the-kernel-is-locked.patch b/debian/patches/features/all/lockdown/0005-Restrict-dev-mem-kmem-port-when-the-kernel-is-locked.patch
new file mode 100644
index 0000000..436885d
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0005-Restrict-dev-mem-kmem-port-when-the-kernel-is-locked.patch
@@ -0,0 +1,35 @@
+From: Matthew Garrett <matthew.garrett at nebula.com>
+Date: Wed, 8 Nov 2017 15:11:32 +0000
+Subject: [05/29] Restrict /dev/{mem,kmem,port} when the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=8214bb0d847928bf08a7d8475f84c06541c5a352
+
+Allowing users to read and write to core kernel memory makes it possible
+for the kernel to be subverted, avoiding module loading restrictions, and
+also to steal cryptographic information.
+
+Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
+been locked down to prevent this.
+
+Also disallow /dev/port from being opened to prevent raw ioport access and
+thus DMA from being used to accomplish the same thing.
+
+Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
+Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+---
+ drivers/char/mem.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/char/mem.c b/drivers/char/mem.c
+index 593a8818aca9..0ce5ac0a5c6b 100644
+--- a/drivers/char/mem.c
++++ b/drivers/char/mem.c
+@@ -762,6 +762,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
+
+ static int open_port(struct inode *inode, struct file *filp)
+ {
++ if (kernel_is_locked_down("/dev/mem,kmem,port"))
++ return -EPERM;
+ return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
+ }
+
diff --git a/debian/patches/features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch b/debian/patches/features/all/lockdown/0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
similarity index 63%
rename from debian/patches/features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
rename to debian/patches/features/all/lockdown/0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
index 87c2270..005ae73 100644
--- a/debian/patches/features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
+++ b/debian/patches/features/all/lockdown/0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
@@ -1,7 +1,7 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [44/61] kexec: Disable at runtime if the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e7c340d3a52b23631aa5e67cd10eac766042db50
+Date: Wed, 8 Nov 2017 15:11:32 +0000
+Subject: [06/29] kexec: Disable at runtime if the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=6081db9ba435b757a3a3473d0cd50ee2252ccaeb
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that lock-down is meant to prevent. It makes sense to disable
@@ -12,25 +12,29 @@ image to be booted.
Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Acked-by: Dave Young <dyoung at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+Reviewed-by: James Morris <james.l.morris at oracle.com>
+cc: kexec at lists.infradead.org
---
kernel/kexec.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 980936a90ee6..46de8e6b42f4 100644
+index e62ec4dc6620..7dadfed9b676 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
-@@ -194,6 +194,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+@@ -201,6 +201,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+ if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
- /*
++ /*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("kexec of unsigned images"))
+ return -EPERM;
+
-+ /*
+ /*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
- */
diff --git a/debian/patches/features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch b/debian/patches/features/all/lockdown/0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
similarity index 81%
rename from debian/patches/features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
rename to debian/patches/features/all/lockdown/0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
index 1dee3ae..d93a737 100644
--- a/debian/patches/features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
+++ b/debian/patches/features/all/lockdown/0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
@@ -1,7 +1,7 @@
From: Dave Young <dyoung at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [45/61] Copy secure_boot flag in boot params across kexec reboot
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=c124b113ed50045c2a81ddaab104578e592ebec3
+Date: Wed, 8 Nov 2017 15:11:32 +0000
+Subject: [07/29] Copy secure_boot flag in boot params across kexec reboot
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a6b7f780bdaa731f3e2970d65dcd52fe9ba2409d
Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
@@ -16,12 +16,14 @@ stub. Fixing this issue by copying secure_boot flag across kexec reboot.
Signed-off-by: Dave Young <dyoung at redhat.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: kexec at lists.infradead.org
---
arch/x86/kernel/kexec-bzimage64.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
-index d0a814a9d96a..3551bcaa1eaf 100644
+index fb095ba0c02f..7d0fac5bcbbe 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -179,6 +179,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr,
diff --git a/debian/patches/features/all/lockdown/0008-kexec_file-Restrict-at-runtime-if-the-kernel-is-lock.patch b/debian/patches/features/all/lockdown/0008-kexec_file-Restrict-at-runtime-if-the-kernel-is-lock.patch
new file mode 100644
index 0000000..130e448
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0008-kexec_file-Restrict-at-runtime-if-the-kernel-is-lock.patch
@@ -0,0 +1,40 @@
+From: Chun-Yi Lee <joeyli.kernel at gmail.com>
+Date: Wed, 8 Nov 2017 15:11:33 +0000
+Subject: [08/29] kexec_file: Restrict at runtime if the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=eed4aca0409692d7d24bc64f5c98d346cd0506c4
+
+When KEXEC_VERIFY_SIG is not enabled, kernel should not load images through
+kexec_file systemcall if the kernel is locked down unless IMA can be used
+to validate the image.
+
+This code was showed in Matthew's patch but not in git:
+https://lkml.org/lkml/2015/3/13/778
+
+Cc: Matthew Garrett <mjg59 at srcf.ucam.org>
+Signed-off-by: Chun-Yi Lee <jlee at suse.com>
+Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: James Morris <james.l.morris at oracle.com>
+cc: kexec at lists.infradead.org
+---
+ kernel/kexec_file.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
+index 9f48f4412297..3ba28fc3fab0 100644
+--- a/kernel/kexec_file.c
++++ b/kernel/kexec_file.c
+@@ -255,6 +255,14 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
+ if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
+ return -EPERM;
+
++ /* Don't permit images to be loaded into trusted kernels if we're not
++ * going to verify the signature on them
++ */
++ if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
++ !is_ima_appraise_enabled() &&
++ kernel_is_locked_down("kexec of unsigned images"))
++ return -EPERM;
++
+ /* Make sure we have a legal set of flags */
+ if (flags != (flags & KEXEC_FILE_FLAGS))
+ return -EINVAL;
diff --git a/debian/patches/features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch b/debian/patches/features/all/lockdown/0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
similarity index 70%
rename from debian/patches/features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch
rename to debian/patches/features/all/lockdown/0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
index 35977e1..80f5be5 100644
--- a/debian/patches/features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch
+++ b/debian/patches/features/all/lockdown/0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
@@ -1,7 +1,7 @@
From: Josh Boyer <jwboyer at fedoraproject.org>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [47/61] hibernate: Disable when the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=398b27dd51e2c295ec870943a5afb842acf7726b
+Date: Wed, 8 Nov 2017 15:11:33 +0000
+Subject: [09/29] hibernate: Disable when the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=480ddca2a40c2efd1c01cfa20d8f6c1377ddafe3
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
@@ -10,12 +10,14 @@ kernel is locked down.
Signed-off-by: Josh Boyer <jwboyer at fedoraproject.org>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: linux-pm at vger.kernel.org
---
kernel/power/hibernate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index a8b978c35a6a..50cca5dcb62f 100644
+index a5c36e9c56a6..f2eafefeec50 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
@@ -23,7 +25,7 @@ index a8b978c35a6a..50cca5dcb62f 100644
bool hibernation_available(void)
{
- return (nohibernate == 0);
-+ return nohibernate == 0 && !kernel_is_locked_down();
++ return nohibernate == 0 && !kernel_is_locked_down("Hibernation");
}
/**
diff --git a/debian/patches/features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch b/debian/patches/features/all/lockdown/0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
similarity index 67%
rename from debian/patches/features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch
rename to debian/patches/features/all/lockdown/0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
index 2ac4813..3d16455 100644
--- a/debian/patches/features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch
+++ b/debian/patches/features/all/lockdown/0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
@@ -1,7 +1,7 @@
From: Matthew Garrett <mjg59 at srcf.ucam.org>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [48/61] uswsusp: Disable when the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=6c773b2f00bec7cdccc1adf4a1af1afb082b78b8
+Date: Wed, 8 Nov 2017 15:11:33 +0000
+Subject: [10/29] uswsusp: Disable when the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=706def46d58e9c69e91db506305485731f615e44
uswsusp allows a user process to dump and then restore kernel state, which
makes it possible to modify the running kernel. Disable this if the kernel
@@ -9,19 +9,22 @@ is locked down.
Signed-off-by: Matthew Garrett <mjg59 at srcf.ucam.org>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+Reviewed-by: James Morris <james.l.morris at oracle.com>
+cc: linux-pm at vger.kernel.org
---
kernel/power/user.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/power/user.c b/kernel/power/user.c
-index 22df9f7ff672..e4b926d329b7 100644
+index 22df9f7ff672..678ade9decfe 100644
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -52,6 +52,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
if (!hibernation_available())
return -EPERM;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("/dev/snapshot"))
+ return -EPERM;
+
lock_system_sleep();
diff --git a/debian/patches/features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch b/debian/patches/features/all/lockdown/0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
similarity index 51%
rename from debian/patches/features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
rename to debian/patches/features/all/lockdown/0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
index bbf9860..79b3ec1 100644
--- a/debian/patches/features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
+++ b/debian/patches/features/all/lockdown/0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
@@ -1,7 +1,7 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [49/61] PCI: Lock down BAR access when the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=fdfe195b5f8e0693a98f1f37eb1281ea7830dbff
+Date: Wed, 8 Nov 2017 15:11:33 +0000
+Subject: [11/29] PCI: Lock down BAR access when the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=d107d11fd7ac982a34b1233722cb3e72f9fe5a20
Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
@@ -11,84 +11,94 @@ sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
Signed-off-by: David Howells <dhowells at redhat.com>
-[bwh: For 4.12, adjust context]
+Acked-by: Bjorn Helgaas <bhelgaas at google.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: linux-pci at vger.kernel.org
---
drivers/pci/pci-sysfs.c | 9 +++++++++
- drivers/pci/proc.c | 8 +++++++-
- drivers/pci/syscall.c | 2 +-
- 3 files changed, 17 insertions(+), 2 deletions(-)
+ drivers/pci/proc.c | 9 ++++++++-
+ drivers/pci/syscall.c | 3 ++-
+ 3 files changed, 19 insertions(+), 2 deletions(-)
+diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
+index 1eecfa301f7f..e1a3b0e765c2 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
-@@ -754,6 +754,9 @@ static ssize_t pci_write_config(struct f
+@@ -881,6 +881,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
loff_t init_off = off;
u8 *data = (u8 *) buf;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Direct PCI access"))
+ return -EPERM;
+
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
-@@ -1048,6 +1051,9 @@ static int pci_mmap_resource(struct kobj
+@@ -1175,6 +1178,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
enum pci_mmap_state mmap_type;
struct resource *res = &pdev->resource[bar];
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Direct PCI access"))
+ return -EPERM;
+
if (res->flags & IORESOURCE_MEM && iomem_is_exclusive(res->start))
return -EINVAL;
-@@ -1131,6 +1137,9 @@ static ssize_t pci_write_resource_io(str
+@@ -1255,6 +1261,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Direct PCI access"))
+ return -EPERM;
+
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
}
+diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
+index 098360d7ff81..a6c53d855daa 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
-@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct
+@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
int size = dev->cfg_size;
int cnt;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Direct PCI access"))
+ return -EPERM;
+
if (pos >= size)
return 0;
if (nbytes >= size)
-@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct fi
+@@ -195,6 +198,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd,
#endif /* HAVE_PCI_MMAP */
int ret = 0;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Direct PCI access"))
+ return -EPERM;
+
switch (cmd) {
case PCIIOC_CONTROLLER:
ret = pci_domain_nr(dev->bus);
-@@ -236,7 +242,7 @@ static int proc_bus_pci_mmap(struct file
+@@ -236,7 +242,8 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
struct pci_filp_private *fpriv = file->private_data;
int i, ret, write_combine = 0, res_bit = IORESOURCE_MEM;
- if (!capable(CAP_SYS_RAWIO))
-+ if (!capable(CAP_SYS_RAWIO) || kernel_is_locked_down())
++ if (!capable(CAP_SYS_RAWIO) ||
++ kernel_is_locked_down("Direct PCI access"))
return -EPERM;
if (fpriv->mmap_state == pci_mmap_io) {
+diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
+index 9bf993e1f71e..afa01cc3ceec 100644
--- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c
-@@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigne
+@@ -92,7 +92,8 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
u32 dword;
int err = 0;
- if (!capable(CAP_SYS_ADMIN))
-+ if (!capable(CAP_SYS_ADMIN) || kernel_is_locked_down())
++ if (!capable(CAP_SYS_ADMIN) ||
++ kernel_is_locked_down("Direct PCI access"))
return -EPERM;
dev = pci_get_bus_and_slot(bus, dfn);
diff --git a/debian/patches/features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch b/debian/patches/features/all/lockdown/0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
similarity index 52%
rename from debian/patches/features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
rename to debian/patches/features/all/lockdown/0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
index ab43968..f3b4e39 100644
--- a/debian/patches/features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+++ b/debian/patches/features/all/lockdown/0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
@@ -1,7 +1,7 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [50/61] x86: Lock down IO port access when the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=37a19fd0d859cc12f1d6f47085071e35d34a0a41
+Date: Wed, 8 Nov 2017 15:11:34 +0000
+Subject: [12/29] x86: Lock down IO port access when the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=00ebba940247d4c37c06da4aedecf6b80db213cf
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO
@@ -13,43 +13,34 @@ KDDISABIO console ioctls.
Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: x86 at kernel.org
---
- arch/x86/kernel/ioport.c | 4 ++--
- drivers/char/mem.c | 2 ++
- 2 files changed, 4 insertions(+), 2 deletions(-)
+ arch/x86/kernel/ioport.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
-index 9c3cf0944bce..4a613fed94b6 100644
+index 9c3cf0944bce..2c0f058651c5 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
-@@ -30,7 +30,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
+@@ -30,7 +30,8 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
return -EINVAL;
- if (turn_on && !capable(CAP_SYS_RAWIO))
-+ if (turn_on && (!capable(CAP_SYS_RAWIO) || kernel_is_locked_down()))
++ if (turn_on && (!capable(CAP_SYS_RAWIO) ||
++ kernel_is_locked_down("ioperm")))
return -EPERM;
/*
-@@ -120,7 +120,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
+@@ -120,7 +121,8 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
- if (!capable(CAP_SYS_RAWIO))
-+ if (!capable(CAP_SYS_RAWIO) || kernel_is_locked_down())
++ if (!capable(CAP_SYS_RAWIO) ||
++ kernel_is_locked_down("iopl"))
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
-diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index f8144049bda3..9afebb60550f 100644
---- a/drivers/char/mem.c
-+++ b/drivers/char/mem.c
-@@ -741,6 +741,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
-
- static int open_port(struct inode *inode, struct file *filp)
- {
-+ if (kernel_is_locked_down())
-+ return -EPERM;
- return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
- }
-
diff --git a/debian/patches/features/all/lockdown/0013-x86-msr-Restrict-MSR-access-when-the-kernel-is-locke.patch b/debian/patches/features/all/lockdown/0013-x86-msr-Restrict-MSR-access-when-the-kernel-is-locke.patch
new file mode 100644
index 0000000..00c295b
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0013-x86-msr-Restrict-MSR-access-when-the-kernel-is-locke.patch
@@ -0,0 +1,50 @@
+From: Matthew Garrett <matthew.garrett at nebula.com>
+Date: Wed, 8 Nov 2017 15:11:34 +0000
+Subject: [13/29] x86/msr: Restrict MSR access when the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=696dcddb285558b4febf318fe620a344d2b2fa47
+
+Writing to MSRs should not be allowed if the kernel is locked down, since
+it could lead to execution of arbitrary code in kernel mode. Based on a
+patch by Kees Cook.
+
+MSR accesses are logged for the purposes of building up a whitelist as per
+Alan Cox's suggestion.
+
+Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
+Signed-off-by: David Howells <dhowells at redhat.com>
+Acked-by: Kees Cook <keescook at chromium.org>
+Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: x86 at kernel.org
+---
+ arch/x86/kernel/msr.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
+index ef688804f80d..dfb61d358196 100644
+--- a/arch/x86/kernel/msr.c
++++ b/arch/x86/kernel/msr.c
+@@ -84,6 +84,11 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
+ int err = 0;
+ ssize_t bytes = 0;
+
++ if (kernel_is_locked_down("Direct MSR access")) {
++ pr_info("Direct access to MSR %x\n", reg);
++ return -EPERM;
++ }
++
+ if (count % 8)
+ return -EINVAL; /* Invalid chunk size */
+
+@@ -135,6 +140,11 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
+ err = -EFAULT;
+ break;
+ }
++ if (kernel_is_locked_down("Direct MSR access")) {
++ pr_info("Direct access to MSR %x\n", regs[1]); /* Display %ecx */
++ err = -EPERM;
++ break;
++ }
+ err = wrmsr_safe_regs_on_cpu(cpu, regs);
+ if (err)
+ break;
diff --git a/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch b/debian/patches/features/all/lockdown/0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
similarity index 61%
rename from debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
rename to debian/patches/features/all/lockdown/0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
index d4d2e17..4333166 100644
--- a/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
+++ b/debian/patches/features/all/lockdown/0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
@@ -1,8 +1,8 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [52/61] asus-wmi: Restrict debugfs interface when the kernel is
+Date: Wed, 8 Nov 2017 15:11:34 +0000
+Subject: [14/29] asus-wmi: Restrict debugfs interface when the kernel is
locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=bfa10bc7193d6309dc8029e18fe7d844f9a3a1c0
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=2e6d31b3176ee27d216bb92a3b108f6b19d4719a
We have no way of validating what all of the Asus WMI methods do on a given
machine - and there's a risk that some will allow hardware state to be
@@ -12,37 +12,42 @@ kernel is locked down.
Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: acpi4asus-user at lists.sourceforge.net
+cc: platform-driver-x86 at vger.kernel.org
---
drivers/platform/x86/asus-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
+diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
+index 48e1541dc8d4..ef5587469337 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
-@@ -1905,6 +1905,9 @@ static int show_dsts(struct seq_file *m,
+@@ -1905,6 +1905,9 @@ static int show_dsts(struct seq_file *m, void *data)
int err;
u32 retval = -1;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Asus WMI"))
+ return -EPERM;
+
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0)
-@@ -1921,6 +1924,9 @@ static int show_devs(struct seq_file *m,
+@@ -1921,6 +1924,9 @@ static int show_devs(struct seq_file *m, void *data)
int err;
u32 retval = -1;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Asus WMI"))
+ return -EPERM;
+
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval);
-@@ -1945,6 +1951,9 @@ static int show_call(struct seq_file *m,
+@@ -1945,6 +1951,9 @@ static int show_call(struct seq_file *m, void *data)
union acpi_object *obj;
acpi_status status;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("Asus WMI"))
+ return -EPERM;
+
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
diff --git a/debian/patches/features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch b/debian/patches/features/all/lockdown/0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
similarity index 74%
rename from debian/patches/features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
rename to debian/patches/features/all/lockdown/0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
index 7dc2817..a184f3c 100644
--- a/debian/patches/features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
+++ b/debian/patches/features/all/lockdown/0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
@@ -1,8 +1,8 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [53/61] ACPI: Limit access to custom_method when the kernel is locked
+Date: Wed, 8 Nov 2017 15:11:34 +0000
+Subject: [15/29] ACPI: Limit access to custom_method when the kernel is locked
down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=c333ace27a3115f2b56f25987bdb7ef05f71836c
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=5ff99c830aacf02f25816a0da427216fb63ba16d
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
@@ -10,19 +10,21 @@ Disable it if the kernel is locked down.
Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: linux-acpi at vger.kernel.org
---
drivers/acpi/custom_method.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
-index c68e72414a67..e4d721c330c0 100644
+index c68e72414a67..b33fba70ec51 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
struct acpi_table_header table;
acpi_status status;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("ACPI custom methods"))
+ return -EPERM;
+
if (!(*ppos)) {
diff --git a/debian/patches/features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch b/debian/patches/features/all/lockdown/0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
similarity index 57%
rename from debian/patches/features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
rename to debian/patches/features/all/lockdown/0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
index 83bd236..ba07487 100644
--- a/debian/patches/features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
+++ b/debian/patches/features/all/lockdown/0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
@@ -1,21 +1,24 @@
From: Josh Boyer <jwboyer at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [54/61] acpi: Ignore acpi_rsdp kernel param when the kernel has been
+Date: Wed, 8 Nov 2017 15:11:34 +0000
+Subject: [16/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been
locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=1e915addf2f56a29d84dfc899017a926de9c0264
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=67890a0361626ec3e035264656896c77670c414b
This option allows userspace to pass the RSDP address to the kernel, which
-makes it possible for a user to circumvent any restrictions imposed on
-loading modules. Ignore the option when the kernel is locked down.
+makes it possible for a user to modify the workings of hardware . Reject
+the option when the kernel is locked down.
Signed-off-by: Josh Boyer <jwboyer at redhat.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: Dave Young <dyoung at redhat.com>
+cc: linux-acpi at vger.kernel.org
---
drivers/acpi/osl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index db78d353bab1..d4d4ba348451 100644
+index db78d353bab1..36c6527c1b0a 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void)
@@ -23,7 +26,7 @@ index db78d353bab1..d4d4ba348451 100644
#ifdef CONFIG_KEXEC
- if (acpi_rsdp)
-+ if (acpi_rsdp && !kernel_is_locked_down())
++ if (acpi_rsdp && !kernel_is_locked_down("ACPI RSDP specification"))
return acpi_rsdp;
#endif
diff --git a/debian/patches/features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch b/debian/patches/features/all/lockdown/0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
similarity index 73%
rename from debian/patches/features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
rename to debian/patches/features/all/lockdown/0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
index 629d752..3da877b 100644
--- a/debian/patches/features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
+++ b/debian/patches/features/all/lockdown/0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
@@ -1,8 +1,8 @@
From: Linn Crosetto <linn at hpe.com>
-Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [55/61] acpi: Disable ACPI table override if the kernel is locked
+Date: Wed, 8 Nov 2017 15:11:34 +0000
+Subject: [17/29] acpi: Disable ACPI table override if the kernel is locked
down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=2a3b80bfba52f3f71bbb9b20942fb86ca6f491fe
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=5976d26de05569951641ebeb95f7240993b66063
From the kernel documentation (initrd_table_override.txt):
@@ -16,19 +16,21 @@ so do not allow ACPI tables to be overridden if the kernel is locked down.
Signed-off-by: Linn Crosetto <linn at hpe.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: linux-acpi at vger.kernel.org
---
drivers/acpi/tables.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
-index 2604189d6cd1..601096d0d849 100644
+index 80ce2a7d224b..5cc13c42daf9 100644
--- a/drivers/acpi/tables.c
+++ b/drivers/acpi/tables.c
-@@ -542,6 +542,11 @@ void __init acpi_table_upgrade(void)
+@@ -526,6 +526,11 @@ void __init acpi_table_upgrade(void)
if (table_nr == 0)
return;
-+ if (kernel_is_locked_down()) {
++ if (kernel_is_locked_down("ACPI table override")) {
+ pr_notice("kernel is locked down, ignoring table override\n");
+ return;
+ }
diff --git a/debian/patches/features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch b/debian/patches/features/all/lockdown/0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
similarity index 81%
rename from debian/patches/features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
rename to debian/patches/features/all/lockdown/0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
index 4276bc9..3ce9cdf 100644
--- a/debian/patches/features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
+++ b/debian/patches/features/all/lockdown/0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
@@ -1,8 +1,8 @@
From: Linn Crosetto <linn at hpe.com>
-Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [56/61] acpi: Disable APEI error injection if the kernel is locked
+Date: Wed, 8 Nov 2017 15:11:35 +0000
+Subject: [18/29] acpi: Disable APEI error injection if the kernel is locked
down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=cc8de994de095fc6b88f92c9a768c806605fba07
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a9c239382bce17b9108f941130392151d5fff262
ACPI provides an error injection mechanism, EINJ, for debugging and testing
the ACPI Platform Error Interface (APEI) and other RAS features. If
@@ -21,19 +21,21 @@ the kernel is locked down.
Signed-off-by: Linn Crosetto <linn at hpe.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: "Lee, Chun-Yi" <jlee at suse.com>
+cc: linux-acpi at vger.kernel.org
---
drivers/acpi/apei/einj.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
-index ec50c32ea3da..e082718d01c2 100644
+index b38737c83a24..6d71e1e97b20 100644
--- a/drivers/acpi/apei/einj.c
+++ b/drivers/acpi/apei/einj.c
@@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
int rc;
u64 base_addr, size;
-+ if (kernel_is_locked_down())
++ if (kernel_is_locked_down("ACPI error injection"))
+ return -EPERM;
+
/* If user manually set "flags", make sure it is legal */
diff --git a/debian/patches/features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch b/debian/patches/features/all/lockdown/0019-scsi-Lock-down-the-eata-driver.patch
similarity index 71%
rename from debian/patches/features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch
rename to debian/patches/features/all/lockdown/0019-scsi-Lock-down-the-eata-driver.patch
index 6cd8ea3..b237053 100644
--- a/debian/patches/features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch
+++ b/debian/patches/features/all/lockdown/0019-scsi-Lock-down-the-eata-driver.patch
@@ -1,7 +1,7 @@
From: David Howells <dhowells at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [58/61] scsi: Lock down the eata driver
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e6fc4e593143fbbb8b83c558bb8e6445d9aaa45a
+Date: Wed, 8 Nov 2017 15:11:35 +0000
+Subject: [19/29] scsi: Lock down the eata driver
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=54aab7f5b0e4e6f68cec46d92c37e6c482b5e56e
When the kernel is running in secure boot mode, we lock down the kernel to
prevent userspace from modifying the running kernel image. Whilst this
@@ -20,23 +20,21 @@ cc: "James E.J. Bottomley" <jejb at linux.vnet.ibm.com>
cc: "Martin K. Petersen" <martin.petersen at oracle.com>
cc: linux-scsi at vger.kernel.org
---
- drivers/scsi/eata.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
+ drivers/scsi/eata.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
-index 227dd2c2ec2f..5c036d10c18b 100644
+index 6501c330d8c8..72fceaa8f3da 100644
--- a/drivers/scsi/eata.c
+++ b/drivers/scsi/eata.c
-@@ -1552,8 +1552,13 @@ static int eata2x_detect(struct scsi_host_template *tpnt)
+@@ -1552,8 +1552,11 @@ static int eata2x_detect(struct scsi_host_template *tpnt)
tpnt->proc_name = "eata2x";
- if (strlen(boot_options))
+ if (strlen(boot_options)) {
-+ if (kernel_is_locked_down()) {
-+ pr_err("Command line-specified device addresses, irqs and dma channels are not permitted when the kernel is locked down\n");
++ if (kernel_is_locked_down("Command line-specified device addresses, irqs and dma channels"))
+ return -EPERM;
-+ }
option_setup(boot_options);
+ }
diff --git a/debian/patches/features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch b/debian/patches/features/all/lockdown/0020-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
similarity index 54%
rename from debian/patches/features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
rename to debian/patches/features/all/lockdown/0020-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
index b83b3a3..058d543 100644
--- a/debian/patches/features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
+++ b/debian/patches/features/all/lockdown/0020-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
@@ -1,29 +1,28 @@
From: David Howells <dhowells at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [59/61] Prohibit PCMCIA CIS storage when the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=36b3c01337b2d0e4aa69828186586951b9cf50fa
+Date: Wed, 8 Nov 2017 15:11:35 +0000
+Subject: [20/29] Prohibit PCMCIA CIS storage when the kernel is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=18b2dfc74efeafbdbb8f5d4d28da6334b7e1f1ac
Prohibit replacement of the PCMCIA Card Information Structure when the
kernel is locked down.
Suggested-by: Dominik Brodowski <linux at dominikbrodowski.net>
Signed-off-by: David Howells <dhowells at redhat.com>
+cc: linux-pcmcia at lists.infradead.org
---
- drivers/pcmcia/cistpl.c | 5 +++++
- 1 file changed, 5 insertions(+)
+ drivers/pcmcia/cistpl.c | 3 +++
+ 1 file changed, 3 insertions(+)
diff --git a/drivers/pcmcia/cistpl.c b/drivers/pcmcia/cistpl.c
-index 55ef7d1fd8da..193e4f7b73b1 100644
+index 55ef7d1fd8da..b7a0e42eeb25 100644
--- a/drivers/pcmcia/cistpl.c
+++ b/drivers/pcmcia/cistpl.c
-@@ -1578,6 +1578,11 @@ static ssize_t pccard_store_cis(struct file *filp, struct kobject *kobj,
+@@ -1578,6 +1578,9 @@ static ssize_t pccard_store_cis(struct file *filp, struct kobject *kobj,
struct pcmcia_socket *s;
int error;
-+ if (kernel_is_locked_down()) {
-+ pr_err("Direct CIS storage isn't permitted when the kernel is locked down\n");
++ if (kernel_is_locked_down("Direct PCMCIA CIS storage"))
+ return -EPERM;
-+ }
+
s = to_socket(container_of(kobj, struct device, kobj));
diff --git a/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch b/debian/patches/features/all/lockdown/0021-Lock-down-TIOCSSERIAL.patch
similarity index 62%
rename from debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
rename to debian/patches/features/all/lockdown/0021-Lock-down-TIOCSSERIAL.patch
index cf19c3c..a8d6a33 100644
--- a/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
+++ b/debian/patches/features/all/lockdown/0021-Lock-down-TIOCSSERIAL.patch
@@ -1,7 +1,7 @@
From: David Howells <dhowells at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [60/61] Lock down TIOCSSERIAL
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=3f0d5eb601c66451afebe889623bcbafec0e4bb8
+Date: Wed, 8 Nov 2017 15:11:35 +0000
+Subject: [21/29] Lock down TIOCSSERIAL
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=f5fdeda0622ca040961521819794193777a03e8a
Lock down TIOCSSERIAL as that can be used to change the ioport and irq
settings on a serial port. This only appears to be an issue for the serial
@@ -10,18 +10,21 @@ ignore attempts to change port/irq or give an error.
Reported-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: David Howells <dhowells at redhat.com>
+cc: Jiri Slaby <jslaby at suse.com>
---
drivers/tty/serial/serial_core.c | 6 ++++++
1 file changed, 6 insertions(+)
+diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
+index 3a14cccbd7ff..41f0922ad842 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
-@@ -842,6 +842,12 @@ static int uart_set_info(struct tty_stru
+@@ -842,6 +842,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
new_flags = (__force upf_t)new_info->flags;
old_custom_divisor = uport->custom_divisor;
-+ if ((change_port || change_irq) && kernel_is_locked_down()) {
-+ pr_err("Using TIOCSSERIAL to change device addresses, irqs and dma channels is not permitted when the kernel is locked down\n");
++ if ((change_port || change_irq) &&
++ kernel_is_locked_down("Using TIOCSSERIAL to change device addresses, irqs and dma channels")) {
+ retval = -EPERM;
+ goto exit;
+ }
diff --git a/debian/patches/features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch b/debian/patches/features/all/lockdown/0022-Lock-down-module-params-that-specify-hardware-parame.patch
similarity index 72%
rename from debian/patches/features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch
rename to debian/patches/features/all/lockdown/0022-Lock-down-module-params-that-specify-hardware-parame.patch
index e17cb1c..c50e15a 100644
--- a/debian/patches/features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch
+++ b/debian/patches/features/all/lockdown/0022-Lock-down-module-params-that-specify-hardware-parame.patch
@@ -1,8 +1,8 @@
From: David Howells <dhowells at redhat.com>
-Date: Wed, 5 Apr 2017 13:50:07 +0100
-Subject: [61/61] Lock down module params that specify hardware parameters (eg.
+Date: Wed, 8 Nov 2017 15:11:36 +0000
+Subject: [22/29] Lock down module params that specify hardware parameters (eg.
ioport)
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=0240fa7c7c948b19d57c0163d57e55296277ff3c
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=d20a28efda02a7ce70b943c15246ea2f07e780f4
Provided an annotation for module parameters that specify hardware
parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
@@ -11,14 +11,14 @@ dma buffers and other types).
Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
Signed-off-by: David Howells <dhowells at redhat.com>
---
- kernel/params.c | 27 ++++++++++++++++++++++-----
- 1 file changed, 22 insertions(+), 5 deletions(-)
+ kernel/params.c | 26 +++++++++++++++++++++-----
+ 1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/kernel/params.c b/kernel/params.c
-index a6d6149c0fe6..04185c5aa929 100644
+index 60b2d8101355..422979adb60a 100644
--- a/kernel/params.c
+++ b/kernel/params.c
-@@ -108,13 +108,20 @@ bool parameq(const char *a, const char *b)
+@@ -108,13 +108,19 @@ bool parameq(const char *a, const char *b)
return parameqn(a, b, strlen(a)+1);
}
@@ -32,15 +32,14 @@ index a6d6149c0fe6..04185c5aa929 100644
add_taint(TAINT_USER, LOCKDEP_STILL_OK);
}
+
-+ if (kp->flags & KERNEL_PARAM_FL_HWPARAM && kernel_is_locked_down()) {
-+ pr_err("Command line-specified device addresses, irqs and dma channels are not permitted when the kernel is locked down (%s.%s)\n", doing, kp->name);
++ if (kp->flags & KERNEL_PARAM_FL_HWPARAM &&
++ kernel_is_locked_down("Command line-specified device addresses, irqs and dma channels"))
+ return false;
-+ }
+ return true;
}
static int parse_one(char *param,
-@@ -144,8 +151,10 @@ static int parse_one(char *param,
+@@ -144,8 +150,10 @@ static int parse_one(char *param,
pr_debug("handling %s with %p\n", param,
params[i].ops->set);
kernel_param_lock(params[i].mod);
@@ -53,7 +52,7 @@ index a6d6149c0fe6..04185c5aa929 100644
kernel_param_unlock(params[i].mod);
return err;
}
-@@ -608,6 +617,12 @@ static ssize_t param_attr_show(struct module_attribute *mattr,
+@@ -556,6 +564,12 @@ static ssize_t param_attr_show(struct module_attribute *mattr,
return count;
}
@@ -66,7 +65,7 @@ index a6d6149c0fe6..04185c5aa929 100644
/* sysfs always hands a nul-terminated string in buf. We rely on that. */
static ssize_t param_attr_store(struct module_attribute *mattr,
struct module_kobject *mk,
-@@ -620,8 +635,10 @@ static ssize_t param_attr_store(struct module_attribute *mattr,
+@@ -568,8 +582,10 @@ static ssize_t param_attr_store(struct module_attribute *mattr,
return -EPERM;
kernel_param_lock(mk->mod);
diff --git a/debian/patches/features/all/lockdown/0023-x86-mmiotrace-Lock-down-the-testmmiotrace-module.patch b/debian/patches/features/all/lockdown/0023-x86-mmiotrace-Lock-down-the-testmmiotrace-module.patch
new file mode 100644
index 0000000..f3e9a76
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0023-x86-mmiotrace-Lock-down-the-testmmiotrace-module.patch
@@ -0,0 +1,33 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 15:11:36 +0000
+Subject: [23/29] x86/mmiotrace: Lock down the testmmiotrace module
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=20af3be0bcf6a78e3632770561fba6531dd3b444
+
+The testmmiotrace module shouldn't be permitted when the kernel is locked
+down as it can be used to arbitrarily read and write MMIO space.
+
+Suggested-by: Thomas Gleixner <tglx at linutronix.de>
+Signed-off-by: David Howells <dhowells at redhat.com
+cc: Thomas Gleixner <tglx at linutronix.de>
+cc: Steven Rostedt <rostedt at goodmis.org>
+cc: Ingo Molnar <mingo at kernel.org>
+cc: "H. Peter Anvin" <hpa at zytor.com>
+cc: x86 at kernel.org
+---
+ arch/x86/mm/testmmiotrace.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c
+index f6ae6830b341..bbaad357f5d7 100644
+--- a/arch/x86/mm/testmmiotrace.c
++++ b/arch/x86/mm/testmmiotrace.c
+@@ -115,6 +115,9 @@ static int __init init(void)
+ {
+ unsigned long size = (read_far) ? (8 << 20) : (16 << 10);
+
++ if (kernel_is_locked_down("MMIO trace testing"))
++ return -EPERM;
++
+ if (mmio_address == 0) {
+ pr_err("you have to use the module argument mmio_address.\n");
+ pr_err("DO NOT LOAD THIS MODULE UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!\n");
diff --git a/debian/patches/features/all/lockdown/0024-debugfs-Disallow-use-of-debugfs-files-when-the-kerne.patch b/debian/patches/features/all/lockdown/0024-debugfs-Disallow-use-of-debugfs-files-when-the-kerne.patch
new file mode 100644
index 0000000..6c38911
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0024-debugfs-Disallow-use-of-debugfs-files-when-the-kerne.patch
@@ -0,0 +1,51 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 15:11:36 +0000
+Subject: [24/29] debugfs: Disallow use of debugfs files when the kernel is
+ locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=118cc5e1c27e1a75640cf2379c1299e12791063e
+
+Disallow opening of debugfs files when the kernel is locked down as various
+drivers give raw access to hardware through debugfs.
+
+Accesses to tracefs should use /sys/kernel/tracing/ rather than
+/sys/kernel/debug/tracing/. Possibly a symlink should be emplaced.
+
+Normal device interaction should be done through configfs or a miscdev, not
+debugfs.
+
+Note that this makes it unnecessary to specifically lock down show_dsts(),
+show_devs() and show_call() in the asus-wmi driver.
+
+Signed-off-by: David Howells <dhowells at redhat.com>
+cc: Andy Shevchenko <andy.shevchenko at gmail.com>
+cc: acpi4asus-user at lists.sourceforge.net
+cc: platform-driver-x86 at vger.kernel.org
+cc: Matthew Garrett <matthew.garrett at nebula.com>
+cc: Thomas Gleixner <tglx at linutronix.de>
+[bwh: Forward-ported to 4.15]
+---
+ fs/debugfs/file.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/debugfs/file.c
++++ b/fs/debugfs/file.c
+@@ -142,6 +142,9 @@ static int open_proxy_open(struct inode
+ const struct file_operations *real_fops = NULL;
+ int r;
+
++ if (kernel_is_locked_down("debugfs"))
++ return -EPERM;
++
+ r = debugfs_file_get(dentry);
+ if (r)
+ return r == -EIO ? -ENOENT : r;
+@@ -267,6 +270,9 @@ static int full_proxy_open(struct inode
+ struct file_operations *proxy_fops = NULL;
+ int r;
+
++ if (kernel_is_locked_down("debugfs"))
++ return -EPERM;
++
+ r = debugfs_file_get(dentry);
+ if (r)
+ return r == -EIO ? -ENOENT : r;
diff --git a/debian/patches/features/all/lockdown/0025-Lock-down-proc-kcore.patch b/debian/patches/features/all/lockdown/0025-Lock-down-proc-kcore.patch
new file mode 100644
index 0000000..335afce
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0025-Lock-down-proc-kcore.patch
@@ -0,0 +1,27 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 15:11:37 +0000
+Subject: [25/29] Lock down /proc/kcore
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=797378dc4498207c3abc1101cfdc9ef2581d8c71
+
+Disallow access to /proc/kcore when the kernel is locked down to prevent
+access to cryptographic data.
+
+Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: James Morris <james.l.morris at oracle.com>
+---
+ fs/proc/kcore.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
+index 45629f4b5402..176cf749e650 100644
+--- a/fs/proc/kcore.c
++++ b/fs/proc/kcore.c
+@@ -549,6 +549,8 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+
+ static int open_kcore(struct inode *inode, struct file *filp)
+ {
++ if (kernel_is_locked_down("/proc/kcore"))
++ return -EPERM;
+ if (!capable(CAP_SYS_RAWIO))
+ return -EPERM;
+
diff --git a/debian/patches/features/all/lockdown/0026-Lock-down-kprobes.patch b/debian/patches/features/all/lockdown/0026-Lock-down-kprobes.patch
new file mode 100644
index 0000000..bbf000a
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0026-Lock-down-kprobes.patch
@@ -0,0 +1,29 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 16:14:12 +0000
+Subject: [26/29] Lock down kprobes
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=cfacbbe6ef95336d99817fb8063c19bd36dfaa3d
+
+Disallow the creation of kprobes when the kernel is locked down by
+preventing their registration. This prevents kprobes from being used to
+access kernel memory, either to make modifications or to steal crypto data.
+
+Reported-by: Alexei Starovoitov <alexei.starovoitov at gmail.com>
+Signed-off-by: David Howells <dhowells at redhat.com>
+---
+ kernel/kprobes.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/kernel/kprobes.c b/kernel/kprobes.c
+index a1606a4224e1..f06023b0936c 100644
+--- a/kernel/kprobes.c
++++ b/kernel/kprobes.c
+@@ -1530,6 +1530,9 @@ int register_kprobe(struct kprobe *p)
+ struct module *probed_mod;
+ kprobe_opcode_t *addr;
+
++ if (kernel_is_locked_down("Use of kprobes"))
++ return -EPERM;
++
+ /* Adjust probe address from symbol */
+ addr = kprobe_addr(p);
+ if (IS_ERR(addr))
diff --git a/debian/patches/features/all/lockdown/0027-bpf-Restrict-kernel-image-access-functions-when-the-.patch b/debian/patches/features/all/lockdown/0027-bpf-Restrict-kernel-image-access-functions-when-the-.patch
new file mode 100644
index 0000000..a87a2f7
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0027-bpf-Restrict-kernel-image-access-functions-when-the-.patch
@@ -0,0 +1,37 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 24 May 2017 14:56:05 +0100
+Subject: [27/29] bpf: Restrict kernel image access functions when the kernel
+ is locked down
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a13e9f58894129d9fd02fdb81b56ac7590704155
+
+There are some bpf functions can be used to read kernel memory:
+bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
+private keys in kernel memory (e.g. the hibernation image signing key) to
+be read by an eBPF program and kernel memory to be altered without
+restriction.
+
+Completely prohibit the use of BPF when the kernel is locked down.
+
+Suggested-by: Alexei Starovoitov <alexei.starovoitov at gmail.com>
+Signed-off-by: David Howells <dhowells at redhat.com>
+cc: netdev at vger.kernel.org
+cc: Chun-Yi Lee <jlee at suse.com>
+cc: Alexei Starovoitov <alexei.starovoitov at gmail.com>
+---
+ kernel/bpf/syscall.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
+index 25d074920a00..fa58ad74cde6 100644
+--- a/kernel/bpf/syscall.c
++++ b/kernel/bpf/syscall.c
+@@ -1458,6 +1458,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
+ if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled)
+ return -EPERM;
+
++ if (kernel_is_locked_down("BPF"))
++ return -EPERM;
++
+ err = check_uarg_tail_zero(uattr, sizeof(attr), size);
+ if (err)
+ return err;
diff --git a/debian/patches/features/all/lockdown/0028-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch b/debian/patches/features/all/lockdown/0028-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
new file mode 100644
index 0000000..ff6dbcb
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0028-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
@@ -0,0 +1,153 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 15:11:37 +0000
+Subject: [28/29] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=eb4a8603eb727afaeb9c6123eda2eda4b2757bf3
+
+UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
+flag that can be passed to efi_enabled() to find out whether secure boot is
+enabled.
+
+Move the switch-statement in x86's setup_arch() that inteprets the
+secure_boot boot parameter to generic code and set the bit there.
+
+Suggested-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
+Signed-off-by: David Howells <dhowells at redhat.com>
+Reviewed-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
+cc: linux-efi at vger.kernel.org
+---
+ arch/x86/kernel/setup.c | 14 +-------------
+ drivers/firmware/efi/Makefile | 1 +
+ drivers/firmware/efi/secureboot.c | 38 ++++++++++++++++++++++++++++++++++++++
+ include/linux/efi.h | 16 ++++++++++------
+ 4 files changed, 50 insertions(+), 19 deletions(-)
+ create mode 100644 drivers/firmware/efi/secureboot.c
+
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index 0957dd73d127..7c2162f9e769 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -1197,19 +1197,7 @@ void __init setup_arch(char **cmdline_p)
+ /* Allocate bigger log buffer */
+ setup_log_buf(1);
+
+- if (efi_enabled(EFI_BOOT)) {
+- switch (boot_params.secure_boot) {
+- case efi_secureboot_mode_disabled:
+- pr_info("Secure boot disabled\n");
+- break;
+- case efi_secureboot_mode_enabled:
+- pr_info("Secure boot enabled\n");
+- break;
+- default:
+- pr_info("Secure boot could not be determined\n");
+- break;
+- }
+- }
++ efi_set_secure_boot(boot_params.secure_boot);
+
+ reserve_initrd();
+
+diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
+index 0329d319d89a..883f9f7eefc6 100644
+--- a/drivers/firmware/efi/Makefile
++++ b/drivers/firmware/efi/Makefile
+@@ -23,6 +23,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_mem.o
+ obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o
+ obj-$(CONFIG_EFI_TEST) += test/
+ obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o
++obj-$(CONFIG_EFI) += secureboot.o
+ obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o
+
+ arm-obj-$(CONFIG_EFI) := arm-init.o arm-runtime.o
+diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
+new file mode 100644
+index 000000000000..9070055de0a1
+--- /dev/null
++++ b/drivers/firmware/efi/secureboot.c
+@@ -0,0 +1,38 @@
++/* Core kernel secure boot support.
++ *
++ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
++ * Written by David Howells (dhowells at redhat.com)
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public Licence
++ * as published by the Free Software Foundation; either version
++ * 2 of the Licence, or (at your option) any later version.
++ */
++
++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
++
++#include <linux/efi.h>
++#include <linux/kernel.h>
++#include <linux/printk.h>
++
++/*
++ * Decide what to do when UEFI secure boot mode is enabled.
++ */
++void __init efi_set_secure_boot(enum efi_secureboot_mode mode)
++{
++ if (efi_enabled(EFI_BOOT)) {
++ switch (mode) {
++ case efi_secureboot_mode_disabled:
++ pr_info("Secure boot disabled\n");
++ break;
++ case efi_secureboot_mode_enabled:
++ set_bit(EFI_SECURE_BOOT, &efi.flags);
++ pr_info("Secure boot enabled\n");
++ break;
++ default:
++ pr_warning("Secure boot could not be determined (mode %u)\n",
++ mode);
++ break;
++ }
++ }
++}
+diff --git a/include/linux/efi.h b/include/linux/efi.h
+index 66f4a4e79f4b..7c7a7e33e4d1 100644
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -1103,6 +1103,14 @@ extern int __init efi_setup_pcdp_console(char *);
+ #define EFI_DBG 8 /* Print additional debug info at runtime */
+ #define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */
+ #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
++#define EFI_SECURE_BOOT 11 /* Are we in Secure Boot mode? */
++
++enum efi_secureboot_mode {
++ efi_secureboot_mode_unset,
++ efi_secureboot_mode_unknown,
++ efi_secureboot_mode_disabled,
++ efi_secureboot_mode_enabled,
++};
+
+ #ifdef CONFIG_EFI
+ /*
+@@ -1115,6 +1123,7 @@ static inline bool efi_enabled(int feature)
+ extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused);
+
+ extern bool efi_is_table_address(unsigned long phys_addr);
++extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode);
+ #else
+ static inline bool efi_enabled(int feature)
+ {
+@@ -1133,6 +1142,7 @@ static inline bool efi_is_table_address(unsigned long phys_addr)
+ {
+ return false;
+ }
++static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+ #endif
+
+ extern int efi_status_to_err(efi_status_t status);
+@@ -1518,12 +1528,6 @@ efi_status_t efi_setup_gop(efi_system_table_t *sys_table_arg,
+ bool efi_runtime_disabled(void);
+ extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
+
+-enum efi_secureboot_mode {
+- efi_secureboot_mode_unset,
+- efi_secureboot_mode_unknown,
+- efi_secureboot_mode_disabled,
+- efi_secureboot_mode_enabled,
+-};
+ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table);
+
+ #ifdef CONFIG_RESET_ATTACK_MITIGATION
diff --git a/debian/patches/features/all/lockdown/0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
new file mode 100644
index 0000000..e1eb03b
--- /dev/null
+++ b/debian/patches/features/all/lockdown/0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -0,0 +1,88 @@
+From: David Howells <dhowells at redhat.com>
+Date: Wed, 8 Nov 2017 15:11:37 +0000
+Subject: [29/29] efi: Lock down the kernel if booted in secure boot mode
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a364bd945ffc141a7b17cb331bda0d8ad68f7e72
+
+UEFI Secure Boot provides a mechanism for ensuring that the firmware will
+only load signed bootloaders and kernels. Certain use cases may also
+require that all kernel modules also be signed. Add a configuration option
+that to lock down the kernel - which includes requiring validly signed
+modules - if the kernel is secure-booted.
+
+Signed-off-by: David Howells <dhowells at redhat.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
+cc: linux-efi at vger.kernel.org
+---
+ arch/x86/kernel/setup.c | 6 ++++--
+ security/Kconfig | 14 ++++++++++++++
+ security/lock_down.c | 1 +
+ 3 files changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index 7c2162f9e769..4e38327efb2e 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -64,6 +64,7 @@
+ #include <linux/dma-mapping.h>
+ #include <linux/ctype.h>
+ #include <linux/uaccess.h>
++#include <linux/security.h>
+
+ #include <linux/percpu.h>
+ #include <linux/crash_dump.h>
+@@ -1039,6 +1040,9 @@ void __init setup_arch(char **cmdline_p)
+ if (efi_enabled(EFI_BOOT))
+ efi_init();
+
++ efi_set_secure_boot(boot_params.secure_boot);
++ init_lockdown();
++
+ dmi_scan_machine();
+ dmi_memdev_walk();
+ dmi_set_dump_stack_arch_desc();
+@@ -1197,8 +1201,6 @@ void __init setup_arch(char **cmdline_p)
+ /* Allocate bigger log buffer */
+ setup_log_buf(1);
+
+- efi_set_secure_boot(boot_params.secure_boot);
+-
+ reserve_initrd();
+
+ acpi_table_upgrade();
+diff --git a/security/Kconfig b/security/Kconfig
+index 1e997be94ba2..a4fa8b826039 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -222,6 +222,20 @@ config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
+ Allow the lockdown on a kernel to be lifted, by pressing a SysRq key
+ combination on a wired keyboard.
+
++config LOCK_DOWN_IN_EFI_SECURE_BOOT
++ bool "Lock down the kernel in EFI Secure Boot mode"
++ default n
++ select LOCK_DOWN_KERNEL
++ depends on EFI
++ help
++ UEFI Secure Boot provides a mechanism for ensuring that the firmware
++ will only load signed bootloaders and kernels. Secure boot mode may
++ be determined from EFI variables provided by the system firmware if
++ not indicated by the boot parameters.
++
++ Enabling this option turns on results in kernel lockdown being
++ triggered if EFI Secure Boot is set.
++
+
+ source security/selinux/Kconfig
+ source security/smack/Kconfig
+diff --git a/security/lock_down.c b/security/lock_down.c
+index 2c6b00f0c229..527f7e51dc8d 100644
+--- a/security/lock_down.c
++++ b/security/lock_down.c
+@@ -12,6 +12,7 @@
+ #include <linux/security.h>
+ #include <linux/export.h>
+ #include <linux/sysrq.h>
++#include <linux/efi.h>
+ #include <asm/setup.h>
+
+ #ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
diff --git a/debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch b/debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch
deleted file mode 100644
index b8dd1b9..0000000
--- a/debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Josh Boyer <jwboyer at fedoraproject.org>
-Date: Wed, 5 Apr 2017 17:40:29 +0100
-Subject: [38/61] efi: Add EFI_SECURE_BOOT bit
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=7c121e1d97d6af4d25fb49bffb10571964f37ab1
-
-UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
-that can be passed to efi_enabled() to find out whether secure boot is
-enabled.
-
-This will be used by the SysRq+x handler, registered by the x86 arch, to find
-out whether secure boot mode is enabled so that it can be disabled.
-
-Signed-off-by: Josh Boyer <jwboyer at fedoraproject.org>
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- arch/x86/kernel/setup.c | 1 +
- include/linux/efi.h | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 4bf0c8926a1c..396285bddb93 100644
---- a/arch/x86/kernel/setup.c
-+++ b/arch/x86/kernel/setup.c
-@@ -1184,6 +1184,7 @@ void __init setup_arch(char **cmdline_p)
- pr_info("Secure boot disabled\n");
- break;
- case efi_secureboot_mode_enabled:
-+ set_bit(EFI_SECURE_BOOT, &efi.flags);
- pr_info("Secure boot enabled\n");
- break;
- default:
-diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 94d34e0be24f..6049600e5475 100644
---- a/include/linux/efi.h
-+++ b/include/linux/efi.h
-@@ -1069,6 +1069,7 @@ extern int __init efi_setup_pcdp_console(char *);
- #define EFI_DBG 8 /* Print additional debug info at runtime */
- #define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */
- #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
-+#define EFI_SECURE_BOOT 11 /* Are we in Secure Boot mode? */
-
- #ifdef CONFIG_EFI
- /*
diff --git a/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
deleted file mode 100644
index 7134fd6..0000000
--- a/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:29 +0100
-Subject: [39/61] Add the ability to lock down access to the running kernel
- image
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=4e038dfc742f11bcd02e5a3fba5718cefbf06d70
-
-Provide a single call to allow kernel code to determine whether the system
-should be locked down, thereby disallowing various accesses that might
-allow the running kernel image to be changed including the loading of
-modules that aren't validly signed with a key we recognise, fiddling with
-MSR registers and disallowing hibernation,
-
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- include/linux/kernel.h | 9 +++++++++
- include/linux/security.h | 11 +++++++++++
- security/Kconfig | 15 +++++++++++++++
- security/Makefile | 3 +++
- security/lock_down.c | 40 ++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 78 insertions(+)
- create mode 100644 security/lock_down.c
-
---- a/include/linux/kernel.h
-+++ b/include/linux/kernel.h
-@@ -287,6 +287,15 @@ static inline void refcount_error_report
- { }
- #endif
-
-+#ifdef CONFIG_LOCK_DOWN_KERNEL
-+extern bool kernel_is_locked_down(void);
-+#else
-+static inline bool kernel_is_locked_down(void)
-+{
-+ return false;
-+}
-+#endif
-+
- /* Internal, do not use. */
- int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res);
- int __must_check _kstrtol(const char *s, unsigned int base, long *res);
---- a/include/linux/security.h
-+++ b/include/linux/security.h
-@@ -1753,5 +1753,16 @@ static inline void free_secdata(void *se
- { }
- #endif /* CONFIG_SECURITY */
-
-+#ifdef CONFIG_LOCK_DOWN_KERNEL
-+extern void lock_kernel_down(void);
-+#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT
-+extern void lift_kernel_lockdown(void);
-+#endif
-+#else
-+static inline void lock_kernel_down(void)
-+{
-+}
-+#endif
-+
- #endif /* ! __LINUX_SECURITY_H */
-
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -214,6 +214,21 @@ config STATIC_USERMODEHELPER_PATH
- If you wish for all usermode helper programs to be disabled,
- specify an empty string here (i.e. "").
-
-+config LOCK_DOWN_KERNEL
-+ bool "Allow the kernel to be 'locked down'"
-+ help
-+ Allow the kernel to be locked down under certain circumstances, for
-+ instance if UEFI secure boot is enabled. Locking down the kernel
-+ turns off various features that might otherwise allow access to the
-+ kernel image (eg. setting MSR registers).
-+
-+config ALLOW_LOCKDOWN_LIFT
-+ bool
-+ help
-+ Allow the lockdown on a kernel to be lifted, thereby restoring the
-+ ability of userspace to access the kernel image (eg. by SysRq+x under
-+ x86).
-+
- source security/selinux/Kconfig
- source security/smack/Kconfig
- source security/tomoyo/Kconfig
---- a/security/Makefile
-+++ b/security/Makefile
-@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
- # Object integrity file lists
- subdir-$(CONFIG_INTEGRITY) += integrity
- obj-$(CONFIG_INTEGRITY) += integrity/
-+
-+# Allow the kernel to be locked down
-+obj-$(CONFIG_LOCK_DOWN_KERNEL) += lock_down.o
---- /dev/null
-+++ b/security/lock_down.c
-@@ -0,0 +1,40 @@
-+/* Lock down the kernel
-+ *
-+ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
-+ * Written by David Howells (dhowells at redhat.com)
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public Licence
-+ * as published by the Free Software Foundation; either version
-+ * 2 of the Licence, or (at your option) any later version.
-+ */
-+
-+#include <linux/security.h>
-+#include <linux/export.h>
-+
-+static __read_mostly bool kernel_locked_down;
-+
-+/*
-+ * Put the kernel into lock-down mode.
-+ */
-+void lock_kernel_down(void)
-+{
-+ kernel_locked_down = true;
-+}
-+
-+/*
-+ * Take the kernel out of lockdown mode.
-+ */
-+void lift_kernel_lockdown(void)
-+{
-+ kernel_locked_down = false;
-+}
-+
-+/**
-+ * kernel_is_locked_down - Find out if the kernel is locked down
-+ */
-+bool kernel_is_locked_down(void)
-+{
-+ return kernel_locked_down;
-+}
-+EXPORT_SYMBOL(kernel_is_locked_down);
diff --git a/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
deleted file mode 100644
index a1ad17b..0000000
--- a/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:29 +0100
-Subject: [40/61] efi: Lock down the kernel if booted in secure boot mode
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=48f943a855fa850977db9071250db2b9e12287ce
-
-UEFI Secure Boot provides a mechanism for ensuring that the firmware will
-only load signed bootloaders and kernels. Certain use cases may also
-require that all kernel modules also be signed. Add a configuration option
-that to lock down the kernel - which includes requiring validly signed
-modules - if the kernel is secure-booted.
-
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- arch/x86/Kconfig | 12 ++++++++++++
- arch/x86/kernel/setup.c | 8 +++++++-
- 2 files changed, 19 insertions(+), 1 deletion(-)
-
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -1886,6 +1886,18 @@ config EFI_MIXED
-
- If unsure, say N.
-
-+config EFI_SECURE_BOOT_LOCK_DOWN
-+ def_bool n
-+ depends on EFI
-+ prompt "Lock down the kernel when UEFI Secure Boot is enabled"
-+ ---help---
-+ UEFI Secure Boot provides a mechanism for ensuring that the firmware
-+ will only load signed bootloaders and kernels. Certain use cases may
-+ also require that all kernel modules also be signed and that
-+ userspace is prevented from directly changing the running kernel
-+ image. Say Y here to automatically lock down the kernel when a
-+ system boots with UEFI Secure Boot enabled.
-+
- config SECCOMP
- def_bool y
- prompt "Enable seccomp to safely compute untrusted bytecode"
---- a/arch/x86/kernel/setup.c
-+++ b/arch/x86/kernel/setup.c
-@@ -70,6 +70,7 @@
- #include <linux/tboot.h>
- #include <linux/jiffies.h>
- #include <linux/mem_encrypt.h>
-+#include <linux/security.h>
-
- #include <linux/usb/xhci-dbgp.h>
- #include <video/edid.h>
-@@ -1204,7 +1205,12 @@ void __init setup_arch(char **cmdline_p)
- break;
- case efi_secureboot_mode_enabled:
- set_bit(EFI_SECURE_BOOT, &efi.flags);
-- pr_info("Secure boot enabled\n");
-+ if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT_LOCK_DOWN)) {
-+ lock_kernel_down();
-+ pr_info("Secure boot enabled and kernel locked down\n");
-+ } else {
-+ pr_info("Secure boot enabled\n");
-+ }
- break;
- default:
- pr_info("Secure boot could not be determined\n");
diff --git a/debian/patches/features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch b/debian/patches/features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
deleted file mode 100644
index 25ddae9..0000000
--- a/debian/patches/features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [41/61] Enforce module signatures if the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a9643aef5a6c576f32a97053b4024638943044ca
-
-If the kernel is locked down, require that all modules have valid
-signatures that we can verify.
-
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- kernel/module.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/module.c b/kernel/module.c
-index 7eba6dea4f41..3331f2eb9b93 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -2756,7 +2756,7 @@ static int module_sig_check(struct load_info *info, int flags)
- }
-
- /* Not having a signature is only an error if we're strict. */
-- if (err == -ENOKEY && !sig_enforce)
-+ if (err == -ENOKEY && !sig_enforce && !kernel_is_locked_down())
- err = 0;
-
- return err;
diff --git a/debian/patches/features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/debian/patches/features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
deleted file mode 100644
index 538382c..0000000
--- a/debian/patches/features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Matthew Garrett <matthew.garrett at nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [42/61] Restrict /dev/mem and /dev/kmem when the kernel is locked
- down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=104cff827b18e35874153bd8df14eba59e5b411a
-
-Allowing users to write to address space makes it possible for the kernel to
-be subverted, avoiding module loading restrictions. Prevent this when the
-kernel has been locked down.
-
-Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- drivers/char/mem.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/drivers/char/mem.c
-+++ b/drivers/char/mem.c
-@@ -179,6 +179,9 @@ static ssize_t write_mem(struct file *fi
- if (p != *ppos)
- return -EFBIG;
-
-+ if (kernel_is_locked_down())
-+ return -EPERM;
-+
- if (!valid_phys_addr_range(p, count))
- return -EFAULT;
-
-@@ -540,6 +543,9 @@ static ssize_t write_kmem(struct file *f
- char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
- int err = 0;
-
-+ if (kernel_is_locked_down())
-+ return -EPERM;
-+
- if (p < (unsigned long) high_memory) {
- unsigned long to_write = min_t(unsigned long, count,
- (unsigned long)high_memory - p);
diff --git a/debian/patches/features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch b/debian/patches/features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
deleted file mode 100644
index 9b14677..0000000
--- a/debian/patches/features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: "Lee, Chun-Yi" <joeyli.kernel at gmail.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [46/61] kexec_file: Disable at runtime if securelevel has been set
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=74cab6ae2c310633ce0148e58d326ee5a5121a89
-
-When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
-through kexec_file systemcall if securelevel has been set.
-
-This code was showed in Matthew's patch but not in git:
-https://lkml.org/lkml/2015/3/13/778
-
-Cc: Matthew Garrett <mjg59 at srcf.ucam.org>
-Signed-off-by: Lee, Chun-Yi <jlee at suse.com>
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- kernel/kexec_file.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
-index b118735fea9d..f6937eecd1eb 100644
---- a/kernel/kexec_file.c
-+++ b/kernel/kexec_file.c
-@@ -268,6 +268,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
- if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
- return -EPERM;
-
-+ /* Don't permit images to be loaded into trusted kernels if we're not
-+ * going to verify the signature on them
-+ */
-+ if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) && kernel_is_locked_down())
-+ return -EPERM;
-+
- /* Make sure we have a legal set of flags */
- if (flags != (flags & KEXEC_FILE_FLAGS))
- return -EINVAL;
diff --git a/debian/patches/features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch b/debian/patches/features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
deleted file mode 100644
index 0751d1d..0000000
--- a/debian/patches/features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Matthew Garrett <matthew.garrett at nebula.com>
-Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [51/61] x86: Restrict MSR access when the kernel is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e20ab2be2f77e6c0da7cd8fe0953a367c5012ecf
-
-Writing to MSRs should not be allowed if the kernel is locked down, since
-it could lead to execution of arbitrary code in kernel mode. Based on a
-patch by Kees Cook.
-
-Cc: Kees Cook <keescook at chromium.org>
-Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- arch/x86/kernel/msr.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index ef688804f80d..fbcce028e502 100644
---- a/arch/x86/kernel/msr.c
-+++ b/arch/x86/kernel/msr.c
-@@ -84,6 +84,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
- int err = 0;
- ssize_t bytes = 0;
-
-+ if (kernel_is_locked_down())
-+ return -EPERM;
-+
- if (count % 8)
- return -EINVAL; /* Invalid chunk size */
-
-@@ -131,6 +134,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
- err = -EBADF;
- break;
- }
-+ if (kernel_is_locked_down()) {
-+ err = -EPERM;
-+ break;
-+ }
- if (copy_from_user(®s, uregs, sizeof regs)) {
- err = -EFAULT;
- break;
diff --git a/debian/patches/features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch b/debian/patches/features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch
deleted file mode 100644
index b59c2bd..0000000
--- a/debian/patches/features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: "Lee, Chun-Yi" <jlee at suse.com>
-Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [57/61] bpf: Restrict kernel image access functions when the kernel
- is locked down
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=12c6b01166d3a94a49cf78a8bfe37fb280dd7cb6
-
-There are some bpf functions can be used to read kernel memory:
-bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
-private keys in kernel memory (e.g. the hibernation image signing key) to
-be read by an eBPF program. Prohibit those functions when the kernel is
-locked down.
-
-Signed-off-by: Lee, Chun-Yi <jlee at suse.com>
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- kernel/trace/bpf_trace.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
-index cee9802cf3e0..7fde851f207b 100644
---- a/kernel/trace/bpf_trace.c
-+++ b/kernel/trace/bpf_trace.c
-@@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const void *, unsafe_ptr)
- {
- int ret;
-
-+ if (kernel_is_locked_down()) {
-+ memset(dst, 0, size);
-+ return -EPERM;
-+ }
-+
- ret = probe_kernel_read(dst, unsafe_ptr, size);
- if (unlikely(ret < 0))
- memset(dst, 0, size);
-@@ -84,6 +89,9 @@ static const struct bpf_func_proto bpf_probe_read_proto = {
- BPF_CALL_3(bpf_probe_write_user, void *, unsafe_ptr, const void *, src,
- u32, size)
- {
-+ if (kernel_is_locked_down())
-+ return -EPERM;
-+
- /*
- * Ensure we're in user context which is safe for the helper to
- * run. This helper has no business in a kthread.
-@@ -143,6 +151,9 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt, u32, fmt_size, u64, arg1,
- if (fmt[--fmt_size] != 0)
- return -EINVAL;
-
-+ if (kernel_is_locked_down())
-+ return __trace_printk(1, fmt, 0, 0, 0);
-+
- /* check format string for allowed specifiers */
- for (i = 0; i < fmt_size; i++) {
- if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i]))
diff --git a/debian/patches/features/arm/dwmac-sun8i/0001-net-stmmac-dwmac-sun8i-Handle-integrated-external-MD.patch b/debian/patches/features/arm/dwmac-sun8i/0001-net-stmmac-dwmac-sun8i-Handle-integrated-external-MD.patch
deleted file mode 100644
index a26689d..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0001-net-stmmac-dwmac-sun8i-Handle-integrated-external-MD.patch
+++ /dev/null
@@ -1,514 +0,0 @@
-From 448f67943d21773cea5a594df2f8dc5a68211519 Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 24 Oct 2017 19:57:13 +0200
-Subject: [PATCH 1/8] net: stmmac: dwmac-sun8i: Handle integrated/external
- MDIOs
-
-The Allwinner H3 SoC have two distinct MDIO bus, only one could be
-active at the same time.
-The selection of the active MDIO bus are done via some bits in the EMAC
-register of the system controller.
-
-This patch implement this MDIO switch via a custom MDIO-mux.
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Reviewed-by: Andrew Lunn <andrew at lunn.ch>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- drivers/net/ethernet/stmicro/stmmac/Kconfig | 1 +
- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 353 ++++++++++++++--------
- 2 files changed, 224 insertions(+), 130 deletions(-)
-
-diff --git a/drivers/net/ethernet/stmicro/stmmac/Kconfig b/drivers/net/ethernet/stmicro/stmmac/Kconfig
-index 97035766c291..e28c0d2c58e9 100644
---- a/drivers/net/ethernet/stmicro/stmmac/Kconfig
-+++ b/drivers/net/ethernet/stmicro/stmmac/Kconfig
-@@ -159,6 +159,7 @@ config DWMAC_SUN8I
- tristate "Allwinner sun8i GMAC support"
- default ARCH_SUNXI
- depends on OF && (ARCH_SUNXI || COMPILE_TEST)
-+ select MDIO_BUS_MUX
- ---help---
- Support for Allwinner H3 A83T A64 EMAC ethernet controllers.
-
-diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
-index 39c2122a4f26..b3eb344bb158 100644
---- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
-+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
-@@ -17,6 +17,7 @@
- #include <linux/clk.h>
- #include <linux/io.h>
- #include <linux/iopoll.h>
-+#include <linux/mdio-mux.h>
- #include <linux/mfd/syscon.h>
- #include <linux/module.h>
- #include <linux/of_device.h>
-@@ -41,14 +42,14 @@
- * This value is used for disabling properly EMAC
- * and used as a good starting value in case of the
- * boot process(uboot) leave some stuff.
-- * @internal_phy: Does the MAC embed an internal PHY
-+ * @soc_has_internal_phy: Does the MAC embed an internal PHY
- * @support_mii: Does the MAC handle MII
- * @support_rmii: Does the MAC handle RMII
- * @support_rgmii: Does the MAC handle RGMII
- */
- struct emac_variant {
- u32 default_syscon_value;
-- int internal_phy;
-+ bool soc_has_internal_phy;
- bool support_mii;
- bool support_rmii;
- bool support_rgmii;
-@@ -61,7 +62,8 @@ struct emac_variant {
- * @rst_ephy: reference to the optional EPHY reset for the internal PHY
- * @variant: reference to the current board variant
- * @regmap: regmap for using the syscon
-- * @use_internal_phy: Does the current PHY choice imply using the internal PHY
-+ * @internal_phy_powered: Does the internal PHY is enabled
-+ * @mux_handle: Internal pointer used by mdio-mux lib
- */
- struct sunxi_priv_data {
- struct clk *tx_clk;
-@@ -70,12 +72,13 @@ struct sunxi_priv_data {
- struct reset_control *rst_ephy;
- const struct emac_variant *variant;
- struct regmap *regmap;
-- bool use_internal_phy;
-+ bool internal_phy_powered;
-+ void *mux_handle;
- };
-
- static const struct emac_variant emac_variant_h3 = {
- .default_syscon_value = 0x58000,
-- .internal_phy = PHY_INTERFACE_MODE_MII,
-+ .soc_has_internal_phy = true,
- .support_mii = true,
- .support_rmii = true,
- .support_rgmii = true
-@@ -83,20 +86,20 @@ static const struct emac_variant emac_variant_h3 = {
-
- static const struct emac_variant emac_variant_v3s = {
- .default_syscon_value = 0x38000,
-- .internal_phy = PHY_INTERFACE_MODE_MII,
-+ .soc_has_internal_phy = true,
- .support_mii = true
- };
-
- static const struct emac_variant emac_variant_a83t = {
- .default_syscon_value = 0,
-- .internal_phy = 0,
-+ .soc_has_internal_phy = false,
- .support_mii = true,
- .support_rgmii = true
- };
-
- static const struct emac_variant emac_variant_a64 = {
- .default_syscon_value = 0,
-- .internal_phy = 0,
-+ .soc_has_internal_phy = false,
- .support_mii = true,
- .support_rmii = true,
- .support_rgmii = true
-@@ -195,6 +198,9 @@ static const struct emac_variant emac_variant_a64 = {
- #define H3_EPHY_LED_POL BIT(17) /* 1: active low, 0: active high */
- #define H3_EPHY_SHUTDOWN BIT(16) /* 1: shutdown, 0: power up */
- #define H3_EPHY_SELECT BIT(15) /* 1: internal PHY, 0: external PHY */
-+#define H3_EPHY_MUX_MASK (H3_EPHY_SHUTDOWN | H3_EPHY_SELECT)
-+#define DWMAC_SUN8I_MDIO_MUX_INTERNAL_ID 1
-+#define DWMAC_SUN8I_MDIO_MUX_EXTERNAL_ID 2
-
- /* H3/A64 specific bits */
- #define SYSCON_RMII_EN BIT(13) /* 1: enable RMII (overrides EPIT) */
-@@ -634,6 +640,159 @@ static int sun8i_dwmac_reset(struct stmmac_priv *priv)
- return 0;
- }
-
-+/* Search in mdio-mux node for internal PHY node and get its clk/reset */
-+static int get_ephy_nodes(struct stmmac_priv *priv)
-+{
-+ struct sunxi_priv_data *gmac = priv->plat->bsp_priv;
-+ struct device_node *mdio_mux, *iphynode;
-+ struct device_node *mdio_internal;
-+ int ret;
-+
-+ mdio_mux = of_get_child_by_name(priv->device->of_node, "mdio-mux");
-+ if (!mdio_mux) {
-+ dev_err(priv->device, "Cannot get mdio-mux node\n");
-+ return -ENODEV;
-+ }
-+
-+ mdio_internal = of_find_compatible_node(mdio_mux, NULL,
-+ "allwinner,sun8i-h3-mdio-internal");
-+ if (!mdio_internal) {
-+ dev_err(priv->device, "Cannot get internal_mdio node\n");
-+ return -ENODEV;
-+ }
-+
-+ /* Seek for internal PHY */
-+ for_each_child_of_node(mdio_internal, iphynode) {
-+ gmac->ephy_clk = of_clk_get(iphynode, 0);
-+ if (IS_ERR(gmac->ephy_clk))
-+ continue;
-+ gmac->rst_ephy = of_reset_control_get_exclusive(iphynode, NULL);
-+ if (IS_ERR(gmac->rst_ephy)) {
-+ ret = PTR_ERR(gmac->rst_ephy);
-+ if (ret == -EPROBE_DEFER)
-+ return ret;
-+ continue;
-+ }
-+ dev_info(priv->device, "Found internal PHY node\n");
-+ return 0;
-+ }
-+ return -ENODEV;
-+}
-+
-+static int sun8i_dwmac_power_internal_phy(struct stmmac_priv *priv)
-+{
-+ struct sunxi_priv_data *gmac = priv->plat->bsp_priv;
-+ int ret;
-+
-+ if (gmac->internal_phy_powered) {
-+ dev_warn(priv->device, "Internal PHY already powered\n");
-+ return 0;
-+ }
-+
-+ dev_info(priv->device, "Powering internal PHY\n");
-+ ret = clk_prepare_enable(gmac->ephy_clk);
-+ if (ret) {
-+ dev_err(priv->device, "Cannot enable internal PHY\n");
-+ return ret;
-+ }
-+
-+ /* Make sure the EPHY is properly reseted, as U-Boot may leave
-+ * it at deasserted state, and thus it may fail to reset EMAC.
-+ */
-+ reset_control_assert(gmac->rst_ephy);
-+
-+ ret = reset_control_deassert(gmac->rst_ephy);
-+ if (ret) {
-+ dev_err(priv->device, "Cannot deassert internal phy\n");
-+ clk_disable_unprepare(gmac->ephy_clk);
-+ return ret;
-+ }
-+
-+ gmac->internal_phy_powered = true;
-+
-+ return 0;
-+}
-+
-+static int sun8i_dwmac_unpower_internal_phy(struct sunxi_priv_data *gmac)
-+{
-+ if (!gmac->internal_phy_powered)
-+ return 0;
-+
-+ clk_disable_unprepare(gmac->ephy_clk);
-+ reset_control_assert(gmac->rst_ephy);
-+ gmac->internal_phy_powered = false;
-+ return 0;
-+}
-+
-+/* MDIO multiplexing switch function
-+ * This function is called by the mdio-mux layer when it thinks the mdio bus
-+ * multiplexer needs to switch.
-+ * 'current_child' is the current value of the mux register
-+ * 'desired_child' is the value of the 'reg' property of the target child MDIO
-+ * node.
-+ * The first time this function is called, current_child == -1.
-+ * If current_child == desired_child, then the mux is already set to the
-+ * correct bus.
-+ */
-+static int mdio_mux_syscon_switch_fn(int current_child, int desired_child,
-+ void *data)
-+{
-+ struct stmmac_priv *priv = data;
-+ struct sunxi_priv_data *gmac = priv->plat->bsp_priv;
-+ u32 reg, val;
-+ int ret = 0;
-+ bool need_power_ephy = false;
-+
-+ if (current_child ^ desired_child) {
-+ regmap_read(gmac->regmap, SYSCON_EMAC_REG, ®);
-+ switch (desired_child) {
-+ case DWMAC_SUN8I_MDIO_MUX_INTERNAL_ID:
-+ dev_info(priv->device, "Switch mux to internal PHY");
-+ val = (reg & ~H3_EPHY_MUX_MASK) | H3_EPHY_SELECT;
-+
-+ need_power_ephy = true;
-+ break;
-+ case DWMAC_SUN8I_MDIO_MUX_EXTERNAL_ID:
-+ dev_info(priv->device, "Switch mux to external PHY");
-+ val = (reg & ~H3_EPHY_MUX_MASK) | H3_EPHY_SHUTDOWN;
-+ need_power_ephy = false;
-+ break;
-+ default:
-+ dev_err(priv->device, "Invalid child ID %x\n",
-+ desired_child);
-+ return -EINVAL;
-+ }
-+ regmap_write(gmac->regmap, SYSCON_EMAC_REG, val);
-+ if (need_power_ephy) {
-+ ret = sun8i_dwmac_power_internal_phy(priv);
-+ if (ret)
-+ return ret;
-+ } else {
-+ sun8i_dwmac_unpower_internal_phy(gmac);
-+ }
-+ /* After changing syscon value, the MAC need reset or it will
-+ * use the last value (and so the last PHY set).
-+ */
-+ ret = sun8i_dwmac_reset(priv);
-+ }
-+ return ret;
-+}
-+
-+static int sun8i_dwmac_register_mdio_mux(struct stmmac_priv *priv)
-+{
-+ int ret;
-+ struct device_node *mdio_mux;
-+ struct sunxi_priv_data *gmac = priv->plat->bsp_priv;
-+
-+ mdio_mux = of_get_child_by_name(priv->device->of_node, "mdio-mux");
-+ if (!mdio_mux)
-+ return -ENODEV;
-+
-+ ret = mdio_mux_init(priv->device, mdio_mux, mdio_mux_syscon_switch_fn,
-+ &gmac->mux_handle, priv, priv->mii);
-+ return ret;
-+}
-+
- static int sun8i_dwmac_set_syscon(struct stmmac_priv *priv)
- {
- struct sunxi_priv_data *gmac = priv->plat->bsp_priv;
-@@ -648,35 +807,25 @@ static int sun8i_dwmac_set_syscon(struct stmmac_priv *priv)
- "Current syscon value is not the default %x (expect %x)\n",
- val, reg);
-
-- if (gmac->variant->internal_phy) {
-- if (!gmac->use_internal_phy) {
-- /* switch to external PHY interface */
-- reg &= ~H3_EPHY_SELECT;
-- } else {
-- reg |= H3_EPHY_SELECT;
-- reg &= ~H3_EPHY_SHUTDOWN;
-- dev_dbg(priv->device, "Select internal_phy %x\n", reg);
--
-- if (of_property_read_bool(priv->plat->phy_node,
-- "allwinner,leds-active-low"))
-- reg |= H3_EPHY_LED_POL;
-- else
-- reg &= ~H3_EPHY_LED_POL;
--
-- /* Force EPHY xtal frequency to 24MHz. */
-- reg |= H3_EPHY_CLK_SEL;
--
-- ret = of_mdio_parse_addr(priv->device,
-- priv->plat->phy_node);
-- if (ret < 0) {
-- dev_err(priv->device, "Could not parse MDIO addr\n");
-- return ret;
-- }
-- /* of_mdio_parse_addr returns a valid (0 ~ 31) PHY
-- * address. No need to mask it again.
-- */
-- reg |= ret << H3_EPHY_ADDR_SHIFT;
-+ if (gmac->variant->soc_has_internal_phy) {
-+ if (of_property_read_bool(priv->plat->phy_node,
-+ "allwinner,leds-active-low"))
-+ reg |= H3_EPHY_LED_POL;
-+ else
-+ reg &= ~H3_EPHY_LED_POL;
-+
-+ /* Force EPHY xtal frequency to 24MHz. */
-+ reg |= H3_EPHY_CLK_SEL;
-+
-+ ret = of_mdio_parse_addr(priv->device, priv->plat->phy_node);
-+ if (ret < 0) {
-+ dev_err(priv->device, "Could not parse MDIO addr\n");
-+ return ret;
- }
-+ /* of_mdio_parse_addr returns a valid (0 ~ 31) PHY
-+ * address. No need to mask it again.
-+ */
-+ reg |= 1 << H3_EPHY_ADDR_SHIFT;
- }
-
- if (!of_property_read_u32(node, "allwinner,tx-delay-ps", &val)) {
-@@ -746,81 +895,21 @@ static void sun8i_dwmac_unset_syscon(struct sunxi_priv_data *gmac)
- regmap_write(gmac->regmap, SYSCON_EMAC_REG, reg);
- }
-
--static int sun8i_dwmac_power_internal_phy(struct stmmac_priv *priv)
-+static void sun8i_dwmac_exit(struct platform_device *pdev, void *priv)
- {
-- struct sunxi_priv_data *gmac = priv->plat->bsp_priv;
-- int ret;
--
-- if (!gmac->use_internal_phy)
-- return 0;
--
-- ret = clk_prepare_enable(gmac->ephy_clk);
-- if (ret) {
-- dev_err(priv->device, "Cannot enable ephy\n");
-- return ret;
-- }
--
-- /* Make sure the EPHY is properly reseted, as U-Boot may leave
-- * it at deasserted state, and thus it may fail to reset EMAC.
-- */
-- reset_control_assert(gmac->rst_ephy);
-+ struct sunxi_priv_data *gmac = priv;
-
-- ret = reset_control_deassert(gmac->rst_ephy);
-- if (ret) {
-- dev_err(priv->device, "Cannot deassert ephy\n");
-- clk_disable_unprepare(gmac->ephy_clk);
-- return ret;
-+ if (gmac->variant->soc_has_internal_phy) {
-+ /* sun8i_dwmac_exit could be called with mdiomux uninit */
-+ if (gmac->mux_handle)
-+ mdio_mux_uninit(gmac->mux_handle);
-+ if (gmac->internal_phy_powered)
-+ sun8i_dwmac_unpower_internal_phy(gmac);
- }
-
-- return 0;
--}
--
--static int sun8i_dwmac_unpower_internal_phy(struct sunxi_priv_data *gmac)
--{
-- if (!gmac->use_internal_phy)
-- return 0;
--
-- clk_disable_unprepare(gmac->ephy_clk);
-- reset_control_assert(gmac->rst_ephy);
-- return 0;
--}
--
--/* sun8i_power_phy() - Activate the PHY:
-- * In case of error, no need to call sun8i_unpower_phy(),
-- * it will be called anyway by sun8i_dwmac_exit()
-- */
--static int sun8i_power_phy(struct stmmac_priv *priv)
--{
-- int ret;
--
-- ret = sun8i_dwmac_power_internal_phy(priv);
-- if (ret)
-- return ret;
--
-- ret = sun8i_dwmac_set_syscon(priv);
-- if (ret)
-- return ret;
--
-- /* After changing syscon value, the MAC need reset or it will use
-- * the last value (and so the last PHY set.
-- */
-- ret = sun8i_dwmac_reset(priv);
-- if (ret)
-- return ret;
-- return 0;
--}
--
--static void sun8i_unpower_phy(struct sunxi_priv_data *gmac)
--{
- sun8i_dwmac_unset_syscon(gmac);
-- sun8i_dwmac_unpower_internal_phy(gmac);
--}
--
--static void sun8i_dwmac_exit(struct platform_device *pdev, void *priv)
--{
-- struct sunxi_priv_data *gmac = priv;
-
-- sun8i_unpower_phy(gmac);
-+ reset_control_put(gmac->rst_ephy);
-
- clk_disable_unprepare(gmac->tx_clk);
-
-@@ -849,7 +938,7 @@ static struct mac_device_info *sun8i_dwmac_setup(void *ppriv)
- if (!mac)
- return NULL;
-
-- ret = sun8i_power_phy(priv);
-+ ret = sun8i_dwmac_set_syscon(priv);
- if (ret)
- return NULL;
-
-@@ -889,6 +978,8 @@ static int sun8i_dwmac_probe(struct platform_device *pdev)
- struct sunxi_priv_data *gmac;
- struct device *dev = &pdev->dev;
- int ret;
-+ struct stmmac_priv *priv;
-+ struct net_device *ndev;
-
- ret = stmmac_get_platform_resources(pdev, &stmmac_res);
- if (ret)
-@@ -932,29 +1023,6 @@ static int sun8i_dwmac_probe(struct platform_device *pdev)
- }
-
- plat_dat->interface = of_get_phy_mode(dev->of_node);
-- if (plat_dat->interface == gmac->variant->internal_phy) {
-- dev_info(&pdev->dev, "Will use internal PHY\n");
-- gmac->use_internal_phy = true;
-- gmac->ephy_clk = of_clk_get(plat_dat->phy_node, 0);
-- if (IS_ERR(gmac->ephy_clk)) {
-- ret = PTR_ERR(gmac->ephy_clk);
-- dev_err(&pdev->dev, "Cannot get EPHY clock: %d\n", ret);
-- return -EINVAL;
-- }
--
-- gmac->rst_ephy = of_reset_control_get(plat_dat->phy_node, NULL);
-- if (IS_ERR(gmac->rst_ephy)) {
-- ret = PTR_ERR(gmac->rst_ephy);
-- if (ret == -EPROBE_DEFER)
-- return ret;
-- dev_err(&pdev->dev, "No EPHY reset control found %d\n",
-- ret);
-- return -EINVAL;
-- }
-- } else {
-- dev_info(&pdev->dev, "Will use external PHY\n");
-- gmac->use_internal_phy = false;
-- }
-
- /* platform data specifying hardware features and callbacks.
- * hardware features were copied from Allwinner drivers.
-@@ -973,9 +1041,34 @@ static int sun8i_dwmac_probe(struct platform_device *pdev)
-
- ret = stmmac_dvr_probe(&pdev->dev, plat_dat, &stmmac_res);
- if (ret)
-- sun8i_dwmac_exit(pdev, plat_dat->bsp_priv);
-+ goto dwmac_exit;
-+
-+ ndev = dev_get_drvdata(&pdev->dev);
-+ priv = netdev_priv(ndev);
-+ /* The mux must be registered after parent MDIO
-+ * so after stmmac_dvr_probe()
-+ */
-+ if (gmac->variant->soc_has_internal_phy) {
-+ ret = get_ephy_nodes(priv);
-+ if (ret)
-+ goto dwmac_exit;
-+ ret = sun8i_dwmac_register_mdio_mux(priv);
-+ if (ret) {
-+ dev_err(&pdev->dev, "Failed to register mux\n");
-+ goto dwmac_mux;
-+ }
-+ } else {
-+ ret = sun8i_dwmac_reset(priv);
-+ if (ret)
-+ goto dwmac_exit;
-+ }
-
- return ret;
-+dwmac_mux:
-+ sun8i_dwmac_unset_syscon(gmac);
-+dwmac_exit:
-+ sun8i_dwmac_exit(pdev, plat_dat->bsp_priv);
-+return ret;
- }
-
- static const struct of_device_id sun8i_dwmac_match[] = {
---
-2.11.0
-
diff --git a/debian/patches/features/arm/dwmac-sun8i/0002-net-stmmac-sun8i-Restore-the-compatibles.patch b/debian/patches/features/arm/dwmac-sun8i/0002-net-stmmac-sun8i-Restore-the-compatibles.patch
deleted file mode 100644
index 6a03ab3..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0002-net-stmmac-sun8i-Restore-the-compatibles.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 6d3c2402242a910aed42081148737b1d93640362 Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 24 Oct 2017 19:57:14 +0200
-Subject: [PATCH 2/8] net: stmmac: sun8i: Restore the compatibles
-
-The original dwmac-sun8i DT bindings have some issue on how to handle
-integrated PHY and was reverted in last RC of 4.13.
-But now we have a solution so we need to get back that was reverted.
-
-This patch restore compatibles about dwmac-sun8i
-This reverts commit ad4540cc5aa3 ("net: stmmac: sun8i: Remove the compatibles")
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
-index b3eb344bb158..e5ff734d4f9b 100644
---- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
-+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
-@@ -1072,6 +1072,14 @@ return ret;
- }
-
- static const struct of_device_id sun8i_dwmac_match[] = {
-+ { .compatible = "allwinner,sun8i-h3-emac",
-+ .data = &emac_variant_h3 },
-+ { .compatible = "allwinner,sun8i-v3s-emac",
-+ .data = &emac_variant_v3s },
-+ { .compatible = "allwinner,sun8i-a83t-emac",
-+ .data = &emac_variant_a83t },
-+ { .compatible = "allwinner,sun50i-a64-emac",
-+ .data = &emac_variant_a64 },
- { }
- };
- MODULE_DEVICE_TABLE(of, sun8i_dwmac_match);
---
-2.11.0
-
diff --git a/debian/patches/features/arm/dwmac-sun8i/0003-arm64-dts-allwinner-A64-Restore-EMAC-changes.patch b/debian/patches/features/arm/dwmac-sun8i/0003-arm64-dts-allwinner-A64-Restore-EMAC-changes.patch
deleted file mode 100644
index 0ef0f18..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0003-arm64-dts-allwinner-A64-Restore-EMAC-changes.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From f807989778297b06ec2be652c637bcc073bdeaa0 Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 31 Oct 2017 09:19:13 +0100
-Subject: [PATCH 3/8] arm64: dts: allwinner: A64: Restore EMAC changes
-
-The original dwmac-sun8i DT bindings have some issue on how to handle
-integrated PHY and was reverted in last RC of 4.13.
-But now we have a solution so we need to get back that was reverted.
-
-This patch restore arm64 DT about dwmac-sun8i for A64
-This reverts commit 87e1f5e8bb4b ("arm64: dts: allwinner: Revert EMAC changes")
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Acked-by: Florian Fainelli <f.fainelli at gmail.com>
-Signed-off-by: Maxime Ripard <maxime.ripard at free-electrons.com>
----
- .../boot/dts/allwinner/sun50i-a64-bananapi-m64.dts | 16 ++++++++++++++++
- .../boot/dts/allwinner/sun50i-a64-pine64-plus.dts | 15 +++++++++++++++
- arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts | 17 +++++++++++++++++
- .../dts/allwinner/sun50i-a64-sopine-baseboard.dts | 16 ++++++++++++++++
- arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 20 ++++++++++++++++++++
- 5 files changed, 84 insertions(+)
-
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-bananapi-m64.dts b/arch/arm64/boot/dts/allwinner/sun50i-a64-bananapi-m64.dts
-index d347f52e27f6..45bdbfb96126 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-a64-bananapi-m64.dts
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-bananapi-m64.dts
-@@ -51,6 +51,7 @@
- compatible = "sinovoip,bananapi-m64", "allwinner,sun50i-a64";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- serial1 = &uart1;
- };
-@@ -69,6 +70,14 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&rgmii_pins>;
-+ phy-mode = "rgmii";
-+ phy-handle = <&ext_rgmii_phy>;
-+ status = "okay";
-+};
-+
- &i2c1 {
- pinctrl-names = "default";
- pinctrl-0 = <&i2c1_pins>;
-@@ -79,6 +88,13 @@
- bias-pull-up;
- };
-
-+&mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ };
-+};
-+
- &mmc0 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc0_pins>;
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64-plus.dts b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64-plus.dts
-index f82ccf332c0f..24f1aac366d6 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64-plus.dts
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64-plus.dts
-@@ -48,3 +48,18 @@
-
- /* TODO: Camera, touchscreen, etc. */
- };
-+
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&rgmii_pins>;
-+ phy-mode = "rgmii";
-+ phy-handle = <&ext_rgmii_phy>;
-+ status = "okay";
-+};
-+
-+&mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ };
-+};
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
-index d06e34b5d192..806442d3e846 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
-@@ -51,6 +51,7 @@
- compatible = "pine64,pine64", "allwinner,sun50i-a64";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- serial1 = &uart1;
- serial2 = &uart2;
-@@ -71,6 +72,15 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&rmii_pins>;
-+ phy-mode = "rmii";
-+ phy-handle = <&ext_rmii_phy1>;
-+ status = "okay";
-+
-+};
-+
- &i2c1 {
- pinctrl-names = "default";
- pinctrl-0 = <&i2c1_pins>;
-@@ -81,6 +91,13 @@
- bias-pull-up;
- };
-
-+&mdio {
-+ ext_rmii_phy1: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ };
-+};
-+
- &mmc0 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc0_pins>;
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-sopine-baseboard.dts b/arch/arm64/boot/dts/allwinner/sun50i-a64-sopine-baseboard.dts
-index 17ccc12b58df..0eb2acedf8c3 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-a64-sopine-baseboard.dts
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-sopine-baseboard.dts
-@@ -53,6 +53,7 @@
- "allwinner,sun50i-a64";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- };
-
-@@ -76,6 +77,21 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&rgmii_pins>;
-+ phy-mode = "rgmii";
-+ phy-handle = <&ext_rgmii_phy>;
-+ status = "okay";
-+};
-+
-+&mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ };
-+};
-+
- &mmc2 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc2_pins>;
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi
-index 8c8db1b057df..50f17bab0c07 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi
-@@ -449,6 +449,26 @@
- #size-cells = <0>;
- };
-
-+ emac: ethernet at 1c30000 {
-+ compatible = "allwinner,sun50i-a64-emac";
-+ syscon = <&syscon>;
-+ reg = <0x01c30000 0x10000>;
-+ interrupts = <GIC_SPI 82 IRQ_TYPE_LEVEL_HIGH>;
-+ interrupt-names = "macirq";
-+ resets = <&ccu RST_BUS_EMAC>;
-+ reset-names = "stmmaceth";
-+ clocks = <&ccu CLK_BUS_EMAC>;
-+ clock-names = "stmmaceth";
-+ status = "disabled";
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+
-+ mdio: mdio {
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+ };
-+ };
-+
- gic: interrupt-controller at 1c81000 {
- compatible = "arm,gic-400";
- reg = <0x01c81000 0x1000>,
---
-2.11.0
-
diff --git a/debian/patches/features/arm/dwmac-sun8i/0004-arm64-dts-allwinner-add-snps-dwmac-mdio-compatible-t.patch b/debian/patches/features/arm/dwmac-sun8i/0004-arm64-dts-allwinner-add-snps-dwmac-mdio-compatible-t.patch
deleted file mode 100644
index 364b8f8..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0004-arm64-dts-allwinner-add-snps-dwmac-mdio-compatible-t.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7122a4938175ed3a1b99db6dbd3f43dc288187b7 Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 31 Oct 2017 09:19:15 +0100
-Subject: [PATCH 4/8] arm64: dts: allwinner: add snps,dwmac-mdio compatible to
- emac/mdio
-
-stmmac bindings docs said that its mdio node must have
-compatible = "snps,dwmac-mdio";
-Since dwmac-sun8i does not have any good reasons to not doing it, all
-their MDIO node must have it.
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Acked-by: Florian Fainelli <f.fainelli at gmail.com>
-Signed-off-by: Maxime Ripard <maxime.ripard at free-electrons.com>
----
- arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi
-index 50f17bab0c07..8fd75c95937a 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi
-@@ -464,6 +464,7 @@
- #size-cells = <0>;
-
- mdio: mdio {
-+ compatible = "snps,dwmac-mdio";
- #address-cells = <1>;
- #size-cells = <0>;
- };
---
-2.11.0
-
diff --git a/debian/patches/features/arm/dwmac-sun8i/0005-arm64-dts-allwinner-H5-Restore-EMAC-changes.patch b/debian/patches/features/arm/dwmac-sun8i/0005-arm64-dts-allwinner-H5-Restore-EMAC-changes.patch
deleted file mode 100644
index 4d11e13..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0005-arm64-dts-allwinner-H5-Restore-EMAC-changes.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 295acb9e2b20c9f5dc8dbf6bbc452dd94f45fb58 Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 31 Oct 2017 09:19:14 +0100
-Subject: [PATCH 5/8] arm64: dts: allwinner: H5: Restore EMAC changes
-
-The original dwmac-sun8i DT bindings have some issue on how to handle
-integrated PHY and was reverted in last RC of 4.13.
-But now we have a solution so we need to get back that was reverted.
-
-This patch restore arm64 DT about dwmac-sun8i for H5
-This reverts a part of commit 87e1f5e8bb4b ("arm64: dts: allwinner: Revert EMAC changes")
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Acked-by: Florian Fainelli <f.fainelli at gmail.com>
-Signed-off-by: Maxime Ripard <maxime.ripard at free-electrons.com>
----
- arch/arm64/boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 17 +++++++++++++++++
- .../arm64/boot/dts/allwinner/sun50i-h5-orangepi-pc2.dts | 17 +++++++++++++++++
- .../boot/dts/allwinner/sun50i-h5-orangepi-prime.dts | 17 +++++++++++++++++
- 3 files changed, 51 insertions(+)
-
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts b/arch/arm64/boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts
-index 1c2387bd5df6..6eb8092d8e57 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts
-@@ -50,6 +50,7 @@
- compatible = "friendlyarm,nanopi-neo2", "allwinner,sun50i-h5";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- };
-
-@@ -108,6 +109,22 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&emac_rgmii_pins>;
-+ phy-supply = <®_gmac_3v3>;
-+ phy-handle = <&ext_rgmii_phy>;
-+ phy-mode = "rgmii";
-+ status = "okay";
-+};
-+
-+&external_mdio {
-+ ext_rgmii_phy: ethernet-phy at 7 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <7>;
-+ };
-+};
-+
- &mmc0 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin>;
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-pc2.dts b/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-pc2.dts
-index 4f77c8470f6c..a0ca925175aa 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-pc2.dts
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-pc2.dts
-@@ -59,6 +59,7 @@
- };
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- };
-
-@@ -136,6 +137,22 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&emac_rgmii_pins>;
-+ phy-supply = <®_gmac_3v3>;
-+ phy-handle = <&ext_rgmii_phy>;
-+ phy-mode = "rgmii";
-+ status = "okay";
-+};
-+
-+&external_mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ };
-+};
-+
- &ir {
- pinctrl-names = "default";
- pinctrl-0 = <&ir_pins_a>;
-diff --git a/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-prime.dts b/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-prime.dts
-index 6be06873e5af..b47790650144 100644
---- a/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-prime.dts
-+++ b/arch/arm64/boot/dts/allwinner/sun50i-h5-orangepi-prime.dts
-@@ -54,6 +54,7 @@
- compatible = "xunlong,orangepi-prime", "allwinner,sun50i-h5";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- };
-
-@@ -143,6 +144,22 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&emac_rgmii_pins>;
-+ phy-supply = <®_gmac_3v3>;
-+ phy-handle = <&ext_rgmii_phy>;
-+ phy-mode = "rgmii";
-+ status = "okay";
-+};
-+
-+&external_mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ };
-+};
-+
- &ir {
- pinctrl-names = "default";
- pinctrl-0 = <&ir_pins_a>;
---
-2.11.0
-
diff --git a/debian/patches/features/arm/dwmac-sun8i/0006-ARM-dts-sunxi-Restore-EMAC-changes-boards.patch b/debian/patches/features/arm/dwmac-sun8i/0006-ARM-dts-sunxi-Restore-EMAC-changes-boards.patch
deleted file mode 100644
index 6bc59bf..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0006-ARM-dts-sunxi-Restore-EMAC-changes-boards.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-From 67ac8e63d64c418162b2d8e7902777caeb4d6d32 Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 31 Oct 2017 09:19:12 +0100
-Subject: [PATCH 6/8] ARM: dts: sunxi: Restore EMAC changes (boards)
-
-The original dwmac-sun8i DT bindings have some issue on how to handle
-integrated PHY and was reverted in last RC of 4.13.
-But now we have a solution so we need to get back that was reverted.
-
-This patch restore all boards DT about dwmac-sun8i
-This reverts partially commit fe45174b72ae ("arm: dts: sunxi: Revert EMAC changes")
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Acked-by: Florian Fainelli <f.fainelli at gmail.com>
-Signed-off-by: Maxime Ripard <maxime.ripard at free-electrons.com>
----
- arch/arm/boot/dts/sun8i-h2-plus-orangepi-zero.dts | 9 +++++++++
- arch/arm/boot/dts/sun8i-h3-bananapi-m2-plus.dts | 19 +++++++++++++++++++
- arch/arm/boot/dts/sun8i-h3-nanopi-neo.dts | 7 +++++++
- arch/arm/boot/dts/sun8i-h3-orangepi-2.dts | 8 ++++++++
- arch/arm/boot/dts/sun8i-h3-orangepi-one.dts | 8 ++++++++
- arch/arm/boot/dts/sun8i-h3-orangepi-pc-plus.dts | 5 +++++
- arch/arm/boot/dts/sun8i-h3-orangepi-pc.dts | 8 ++++++++
- arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts | 22 ++++++++++++++++++++++
- arch/arm/boot/dts/sun8i-h3-orangepi-plus2e.dts | 16 ++++++++++++++++
- 9 files changed, 102 insertions(+)
-
-diff --git a/arch/arm/boot/dts/sun8i-h2-plus-orangepi-zero.dts b/arch/arm/boot/dts/sun8i-h2-plus-orangepi-zero.dts
-index b1502df7b509..6713d0f2b3f4 100644
---- a/arch/arm/boot/dts/sun8i-h2-plus-orangepi-zero.dts
-+++ b/arch/arm/boot/dts/sun8i-h2-plus-orangepi-zero.dts
-@@ -56,6 +56,8 @@
-
- aliases {
- serial0 = &uart0;
-+ /* ethernet0 is the H3 emac, defined in sun8i-h3.dtsi */
-+ ethernet0 = &emac;
- ethernet1 = &xr819;
- };
-
-@@ -102,6 +104,13 @@
- status = "okay";
- };
-
-+&emac {
-+ phy-handle = <&int_mii_phy>;
-+ phy-mode = "mii";
-+ allwinner,leds-active-low;
-+ status = "okay";
-+};
-+
- &mmc0 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc0_pins_a>;
-diff --git a/arch/arm/boot/dts/sun8i-h3-bananapi-m2-plus.dts b/arch/arm/boot/dts/sun8i-h3-bananapi-m2-plus.dts
-index a337af1de322..3f95d806355b 100644
---- a/arch/arm/boot/dts/sun8i-h3-bananapi-m2-plus.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-bananapi-m2-plus.dts
-@@ -52,6 +52,7 @@
- compatible = "sinovoip,bpi-m2-plus", "allwinner,sun8i-h3";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- serial1 = &uart1;
- };
-@@ -114,6 +115,24 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&emac_rgmii_pins>;
-+ phy-supply = <®_gmac_3v3>;
-+ phy-handle = <&ext_rgmii_phy>;
-+ phy-mode = "rgmii";
-+
-+ allwinner,leds-active-low;
-+ status = "okay";
-+};
-+
-+&external_mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <0>;
-+ };
-+};
-+
- &ir {
- pinctrl-names = "default";
- pinctrl-0 = <&ir_pins_a>;
-diff --git a/arch/arm/boot/dts/sun8i-h3-nanopi-neo.dts b/arch/arm/boot/dts/sun8i-h3-nanopi-neo.dts
-index 8d2cc6e9a03f..78f6c24952dd 100644
---- a/arch/arm/boot/dts/sun8i-h3-nanopi-neo.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-nanopi-neo.dts
-@@ -46,3 +46,10 @@
- model = "FriendlyARM NanoPi NEO";
- compatible = "friendlyarm,nanopi-neo", "allwinner,sun8i-h3";
- };
-+
-+&emac {
-+ phy-handle = <&int_mii_phy>;
-+ phy-mode = "mii";
-+ allwinner,leds-active-low;
-+ status = "okay";
-+};
-diff --git a/arch/arm/boot/dts/sun8i-h3-orangepi-2.dts b/arch/arm/boot/dts/sun8i-h3-orangepi-2.dts
-index 8ff71b1bb45b..17cdeae19c6f 100644
---- a/arch/arm/boot/dts/sun8i-h3-orangepi-2.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-orangepi-2.dts
-@@ -54,6 +54,7 @@
- aliases {
- serial0 = &uart0;
- /* ethernet0 is the H3 emac, defined in sun8i-h3.dtsi */
-+ ethernet0 = &emac;
- ethernet1 = &rtl8189;
- };
-
-@@ -117,6 +118,13 @@
- status = "okay";
- };
-
-+&emac {
-+ phy-handle = <&int_mii_phy>;
-+ phy-mode = "mii";
-+ allwinner,leds-active-low;
-+ status = "okay";
-+};
-+
- &ir {
- pinctrl-names = "default";
- pinctrl-0 = <&ir_pins_a>;
-diff --git a/arch/arm/boot/dts/sun8i-h3-orangepi-one.dts b/arch/arm/boot/dts/sun8i-h3-orangepi-one.dts
-index 5fea430e0eb1..6880268e8b87 100644
---- a/arch/arm/boot/dts/sun8i-h3-orangepi-one.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-orangepi-one.dts
-@@ -52,6 +52,7 @@
- compatible = "xunlong,orangepi-one", "allwinner,sun8i-h3";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- };
-
-@@ -97,6 +98,13 @@
- status = "okay";
- };
-
-+&emac {
-+ phy-handle = <&int_mii_phy>;
-+ phy-mode = "mii";
-+ allwinner,leds-active-low;
-+ status = "okay";
-+};
-+
- &mmc0 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin>;
-diff --git a/arch/arm/boot/dts/sun8i-h3-orangepi-pc-plus.dts b/arch/arm/boot/dts/sun8i-h3-orangepi-pc-plus.dts
-index 8b93f5c781a7..a10281b455f5 100644
---- a/arch/arm/boot/dts/sun8i-h3-orangepi-pc-plus.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-orangepi-pc-plus.dts
-@@ -53,6 +53,11 @@
- };
- };
-
-+&emac {
-+ /* LEDs changed to active high on the plus */
-+ /delete-property/ allwinner,leds-active-low;
-+};
-+
- &mmc1 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc1_pins_a>;
-diff --git a/arch/arm/boot/dts/sun8i-h3-orangepi-pc.dts b/arch/arm/boot/dts/sun8i-h3-orangepi-pc.dts
-index 1a044b17d6c6..998b60f8d295 100644
---- a/arch/arm/boot/dts/sun8i-h3-orangepi-pc.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-orangepi-pc.dts
-@@ -52,6 +52,7 @@
- compatible = "xunlong,orangepi-pc", "allwinner,sun8i-h3";
-
- aliases {
-+ ethernet0 = &emac;
- serial0 = &uart0;
- };
-
-@@ -113,6 +114,13 @@
- status = "okay";
- };
-
-+&emac {
-+ phy-handle = <&int_mii_phy>;
-+ phy-mode = "mii";
-+ allwinner,leds-active-low;
-+ status = "okay";
-+};
-+
- &ir {
- pinctrl-names = "default";
- pinctrl-0 = <&ir_pins_a>;
-diff --git a/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts b/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts
-index 828ae7a526d9..3002c025e187 100644
---- a/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts
-@@ -47,6 +47,10 @@
- model = "Xunlong Orange Pi Plus / Plus 2";
- compatible = "xunlong,orangepi-plus", "allwinner,sun8i-h3";
-
-+ aliases {
-+ ethernet0 = &emac;
-+ };
-+
- reg_gmac_3v3: gmac-3v3 {
- compatible = "regulator-fixed";
- regulator-name = "gmac-3v3";
-@@ -74,6 +78,24 @@
- status = "okay";
- };
-
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&emac_rgmii_pins>;
-+ phy-supply = <®_gmac_3v3>;
-+ phy-handle = <&ext_rgmii_phy>;
-+ phy-mode = "rgmii";
-+
-+ allwinner,leds-active-low;
-+ status = "okay";
-+};
-+
-+&external_mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <0>;
-+ };
-+};
-+
- &mmc2 {
- pinctrl-names = "default";
- pinctrl-0 = <&mmc2_8bit_pins>;
-diff --git a/arch/arm/boot/dts/sun8i-h3-orangepi-plus2e.dts b/arch/arm/boot/dts/sun8i-h3-orangepi-plus2e.dts
-index 97920b12a944..6dbf7b2e0c13 100644
---- a/arch/arm/boot/dts/sun8i-h3-orangepi-plus2e.dts
-+++ b/arch/arm/boot/dts/sun8i-h3-orangepi-plus2e.dts
-@@ -61,3 +61,19 @@
- gpio = <&pio 3 6 GPIO_ACTIVE_HIGH>; /* PD6 */
- };
- };
-+
-+&emac {
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&emac_rgmii_pins>;
-+ phy-supply = <®_gmac_3v3>;
-+ phy-handle = <&ext_rgmii_phy>;
-+ phy-mode = "rgmii";
-+ status = "okay";
-+};
-+
-+&external_mdio {
-+ ext_rgmii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ };
-+};
---
-2.11.0
-
diff --git a/debian/patches/features/arm/dwmac-sun8i/0007-arm-dts-sunxi-h3-h5-Restore-EMAC-changes.patch b/debian/patches/features/arm/dwmac-sun8i/0007-arm-dts-sunxi-h3-h5-Restore-EMAC-changes.patch
deleted file mode 100644
index b1b97f6..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0007-arm-dts-sunxi-h3-h5-Restore-EMAC-changes.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 303b9462705deb7f35fef42497f6153a9477d3da Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 31 Oct 2017 09:19:10 +0100
-Subject: [PATCH 7/8] arm: dts: sunxi: h3/h5: Restore EMAC changes
-
-The original dwmac-sun8i DT bindings have some issue on how to handle
-integrated PHY and was reverted in last RC of 4.13.
-But now we have a solution so we need to get back that was reverted.
-
-This patch restore sunxi-h3-h5.dtsi
-This reverts partially commit fe45174b72ae ("arm: dts: sunxi: Revert EMAC changes")
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Acked-by: Florian Fainelli <f.fainelli at gmail.com>
-Signed-off-by: Maxime Ripard <maxime.ripard at free-electrons.com>
----
- arch/arm/boot/dts/sunxi-h3-h5.dtsi | 28 +++++++++++++++++++++++++++-
- 1 file changed, 27 insertions(+), 1 deletion(-)
-
-diff --git a/arch/arm/boot/dts/sunxi-h3-h5.dtsi b/arch/arm/boot/dts/sunxi-h3-h5.dtsi
-index 11240a8313c2..eb200622afac 100644
---- a/arch/arm/boot/dts/sunxi-h3-h5.dtsi
-+++ b/arch/arm/boot/dts/sunxi-h3-h5.dtsi
-@@ -391,7 +391,33 @@
- clocks = <&osc24M>;
- };
-
-- spi0: spi at 01c68000 {
-+ emac: ethernet at 1c30000 {
-+ compatible = "allwinner,sun8i-h3-emac";
-+ syscon = <&syscon>;
-+ reg = <0x01c30000 0x10000>;
-+ interrupts = <GIC_SPI 82 IRQ_TYPE_LEVEL_HIGH>;
-+ interrupt-names = "macirq";
-+ resets = <&ccu RST_BUS_EMAC>;
-+ reset-names = "stmmaceth";
-+ clocks = <&ccu CLK_BUS_EMAC>;
-+ clock-names = "stmmaceth";
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+ status = "disabled";
-+
-+ mdio: mdio {
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+ int_mii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ clocks = <&ccu CLK_BUS_EPHY>;
-+ resets = <&ccu RST_BUS_EPHY>;
-+ };
-+ };
-+ };
-+
-+ spi0: spi at 1c68000 {
- compatible = "allwinner,sun8i-h3-spi";
- reg = <0x01c68000 0x1000>;
- interrupts = <GIC_SPI 65 IRQ_TYPE_LEVEL_HIGH>;
---
-2.11.0
-
diff --git a/debian/patches/features/arm/dwmac-sun8i/0008-ARM-dts-sunxi-h3-h5-represent-the-mdio-switch-used-b.patch b/debian/patches/features/arm/dwmac-sun8i/0008-ARM-dts-sunxi-h3-h5-represent-the-mdio-switch-used-b.patch
deleted file mode 100644
index dd9c728..0000000
--- a/debian/patches/features/arm/dwmac-sun8i/0008-ARM-dts-sunxi-h3-h5-represent-the-mdio-switch-used-b.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 8069b501d43784d45c8e89bb75083397281b90aa Mon Sep 17 00:00:00 2001
-From: Corentin Labbe <clabbe.montjoie at gmail.com>
-Date: Tue, 31 Oct 2017 09:19:11 +0100
-Subject: [PATCH 8/8] ARM: dts: sunxi: h3/h5: represent the mdio switch used by
- sun8i-h3-emac
-
-Since dwmac-sun8i could use either an integrated PHY or an external PHY
-(which could be at same MDIO address), we need to represent this selection
-by a MDIO switch.
-
-Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com>
-Acked-by: Florian Fainelli <f.fainelli at gmail.com>
-Reviewed-by: Andrew Lunn <andrew at lunn.ch>
-Signed-off-by: Maxime Ripard <maxime.ripard at free-electrons.com>
----
- arch/arm/boot/dts/sunxi-h3-h5.dtsi | 31 +++++++++++++++++++++++++++----
- 1 file changed, 27 insertions(+), 4 deletions(-)
-
-diff --git a/arch/arm/boot/dts/sunxi-h3-h5.dtsi b/arch/arm/boot/dts/sunxi-h3-h5.dtsi
-index eb200622afac..6919a0544fe7 100644
---- a/arch/arm/boot/dts/sunxi-h3-h5.dtsi
-+++ b/arch/arm/boot/dts/sunxi-h3-h5.dtsi
-@@ -408,11 +408,34 @@
- mdio: mdio {
- #address-cells = <1>;
- #size-cells = <0>;
-- int_mii_phy: ethernet-phy at 1 {
-- compatible = "ethernet-phy-ieee802.3-c22";
-+ compatible = "snps,dwmac-mdio";
-+ };
-+
-+ mdio-mux {
-+ compatible = "allwinner,sun8i-h3-mdio-mux";
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+
-+ mdio-parent-bus = <&mdio>;
-+ /* Only one MDIO is usable at the time */
-+ internal_mdio: mdio at 1 {
-+ compatible = "allwinner,sun8i-h3-mdio-internal";
- reg = <1>;
-- clocks = <&ccu CLK_BUS_EPHY>;
-- resets = <&ccu RST_BUS_EPHY>;
-+ #address-cells = <1>;
-+ #size-cells = <0>;
-+
-+ int_mii_phy: ethernet-phy at 1 {
-+ compatible = "ethernet-phy-ieee802.3-c22";
-+ reg = <1>;
-+ clocks = <&ccu CLK_BUS_EPHY>;
-+ resets = <&ccu RST_BUS_EPHY>;
-+ };
-+ };
-+
-+ external_mdio: mdio at 2 {
-+ reg = <2>;
-+ #address-cells = <1>;
-+ #size-cells = <0>;
- };
- };
- };
---
-2.11.0
-
diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
index e05cee0..5e8946e 100644
--- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
+++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
@@ -30,7 +30,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -3829,6 +3829,10 @@
+@@ -4048,6 +4048,10 @@
switches= [HW,M68k]
@@ -43,7 +43,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
on older distributions. When this option is enabled
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -2757,6 +2757,14 @@ config COMPAT_32
+@@ -2850,6 +2850,14 @@ config COMPAT_32
select HAVE_UID16
select OLD_SIGSUSPEND3
@@ -60,7 +60,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
depends on IA32_EMULATION || X86_X32
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
-@@ -9,6 +9,7 @@
+@@ -10,6 +10,7 @@
#include <asm/ptrace.h>
#include <asm/user.h>
#include <asm/auxvec.h>
@@ -68,7 +68,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
typedef unsigned long elf_greg_t;
-@@ -162,7 +163,7 @@ do { \
+@@ -163,7 +164,7 @@ do { \
#define compat_elf_check_arch(x) \
(elf_check_arch_ia32(x) || \
@@ -79,7 +79,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# error "The following code assumes __USER32_DS == __USER_DS"
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
-@@ -190,8 +190,12 @@ entry_SYSCALL_64_fastpath:
+@@ -251,8 +251,12 @@ entry_SYSCALL_64_fastpath:
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max, %rax
#else
@@ -94,8 +94,8 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
#endif
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
movq %r10, %rcx
-@@ -326,6 +330,16 @@ opportunistic_sysret_failed:
- jmp restore_c_regs_and_iret
+@@ -409,6 +413,16 @@ syscall_return_via_sysret:
+ USERGS_SYSRET64
END(entry_SYSCALL_64)
+#if __SYSCALL_MASK != ~0
@@ -113,7 +113,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
* Syscalls marked as needing ptregs land here.
--- a/arch/x86/entry/syscall_64.c
+++ b/arch/x86/entry/syscall_64.c
-@@ -3,8 +3,14 @@
+@@ -4,8 +4,14 @@
#include <linux/linkage.h>
#include <linux/sys.h>
#include <linux/cache.h>
@@ -128,7 +128,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
#define __SYSCALL_64_QUAL_(sym) sym
#define __SYSCALL_64_QUAL_ptregs(sym) ptregs_##sym
-@@ -25,3 +31,36 @@ asmlinkage const sys_call_ptr_t sys_call
+@@ -26,3 +32,36 @@ asmlinkage const sys_call_ptr_t sys_call
[0 ... __NR_syscall_max] = &sys_ni_syscall,
#include <asm/syscalls_64.h>
};
@@ -167,7 +167,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+#endif
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
-@@ -264,6 +264,7 @@ __visible void do_syscall_64(struct pt_r
+@@ -269,6 +269,7 @@ __visible void do_syscall_64(struct pt_r
{
struct thread_info *ti = current_thread_info();
unsigned long nr = regs->orig_ax;
@@ -175,7 +175,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
enter_from_user_mode();
local_irq_enable();
-@@ -276,8 +277,19 @@ __visible void do_syscall_64(struct pt_r
+@@ -281,8 +282,19 @@ __visible void do_syscall_64(struct pt_r
* table. The only functional difference is the x32 bit in
* regs->orig_ax, which changes the behavior of some syscalls.
*/
diff --git a/debian/patches/series b/debian/patches/series
index de8d95f..589d86f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -62,7 +62,6 @@ bugfix/x86/platform-x86-ideapad-laptop-add-several-models-to-no.patch
debian/revert-gpu-host1x-add-iommu-support.patch
bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch
bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
-bugfix/arm/arm-dts-exynos-add-dwc3-susphy-quirk.patch
bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch
bugfix/x86/mmap-add-an-exception-to-the-stack-gap-for-hotspot-jvm.patch
@@ -78,37 +77,39 @@ bugfix/all/disable-some-marvell-phys.patch
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
-bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch
-bugfix/all/i40e-fix-flags-declaration.patch
-bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch
# Miscellaneous features
# Lockdown (formerly 'securelevel') patchset
-features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch
-features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
-features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
-features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
-features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
-features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
-features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
-features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
-features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
-features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch
-features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch
-features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
-features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
-features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
-features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
-features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
-features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
-features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
-features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
-features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch
-features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch
-features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
-features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
-features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch
+features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
+features/all/lockdown/0002-Add-a-SysRq-option-to-lift-kernel-lockdown.patch
+features/all/lockdown/0003-ima-require-secure_boot-rules-in-lockdown-mode.patch
+features/all/lockdown/0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
+features/all/lockdown/0005-Restrict-dev-mem-kmem-port-when-the-kernel-is-locked.patch
+features/all/lockdown/0006-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
+features/all/lockdown/0007-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
+features/all/lockdown/0008-kexec_file-Restrict-at-runtime-if-the-kernel-is-lock.patch
+features/all/lockdown/0009-hibernate-Disable-when-the-kernel-is-locked-down.patch
+features/all/lockdown/0010-uswsusp-Disable-when-the-kernel-is-locked-down.patch
+features/all/lockdown/0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
+features/all/lockdown/0012-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+features/all/lockdown/0013-x86-msr-Restrict-MSR-access-when-the-kernel-is-locke.patch
+features/all/lockdown/0014-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
+features/all/lockdown/0015-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
+features/all/lockdown/0016-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
+features/all/lockdown/0017-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
+features/all/lockdown/0018-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
+features/all/lockdown/0019-scsi-Lock-down-the-eata-driver.patch
+features/all/lockdown/0020-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
+features/all/lockdown/0021-Lock-down-TIOCSSERIAL.patch
+features/all/lockdown/0022-Lock-down-module-params-that-specify-hardware-parame.patch
+features/all/lockdown/0023-x86-mmiotrace-Lock-down-the-testmmiotrace-module.patch
+features/all/lockdown/0024-debugfs-Disallow-use-of-debugfs-files-when-the-kerne.patch
+features/all/lockdown/0025-Lock-down-proc-kcore.patch
+features/all/lockdown/0026-Lock-down-kprobes.patch
+features/all/lockdown/0027-bpf-Restrict-kernel-image-access-functions-when-the-.patch
+features/all/lockdown/0028-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
+features/all/lockdown/0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
# some missing pieces
features/all/lockdown/enable-cold-boot-attack-mitigation.patch
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
@@ -116,30 +117,10 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
-bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch
-bugfix/all/netlink-add-netns-check-on-taps.patch
-bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch
-bugfix/all/usb-core-prevent-malicious-bnuminterfaces-overflow.patch
-bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch
bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch
bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch
-bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch
bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch
-bugfix/all/crypto-salsa20-fix-blkcipher_walk-API-usage.patch
-bugfix/all/crypto-hmac-require-that-the-underlying-hash-algorit.patch
-bugfix/all/bpf-encapsulate-verifier-log-state-into-a-structure.patch
-bugfix/all/bpf-move-global-verifier-log-into-verifier-environme.patch
-bugfix/all/bpf-fix-branch-pruning-logic.patch
-bugfix/all/bpf-verifier-fix-bounds-calculation-on-bpf_rsh.patch
-bugfix/all/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch
-bugfix/all/bpf-fix-incorrect-tracking-of-register-size-truncati.patch
-bugfix/all/bpf-fix-32-bit-alu-op-verification.patch
-bugfix/all/bpf-fix-missing-error-return-in-check_stack_boundary.patch
-bugfix/all/bpf-force-strict-alignment-checks-for-stack-pointers.patch
-bugfix/all/bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch
-bugfix/all/bpf-fix-integer-overflows.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch
@@ -154,16 +135,5 @@ bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
bugfix/all/cpupower-bump-soname-version.patch
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
-bugfix/all/tools-lib-lockdep-define-pr_cont.patch
-
-# Backport patches from 4.15.x to support dwmac-sun8i
-features/arm/dwmac-sun8i/0001-net-stmmac-dwmac-sun8i-Handle-integrated-external-MD.patch
-features/arm/dwmac-sun8i/0002-net-stmmac-sun8i-Restore-the-compatibles.patch
-features/arm/dwmac-sun8i/0003-arm64-dts-allwinner-A64-Restore-EMAC-changes.patch
-features/arm/dwmac-sun8i/0004-arm64-dts-allwinner-add-snps-dwmac-mdio-compatible-t.patch
-features/arm/dwmac-sun8i/0005-arm64-dts-allwinner-H5-Restore-EMAC-changes.patch
-features/arm/dwmac-sun8i/0006-ARM-dts-sunxi-Restore-EMAC-changes-boards.patch
-features/arm/dwmac-sun8i/0007-arm-dts-sunxi-h3-h5-Restore-EMAC-changes.patch
-features/arm/dwmac-sun8i/0008-ARM-dts-sunxi-h3-h5-represent-the-mdio-switch-used-b.patch
# ABI maintenance
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list