[linux] 03/03: Update to 4.12.2
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue Jul 18 00:08:28 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch master
in repository linux.
commit 50381a0ca2b6588a822d85450ccd49bf0e57d6b4
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Tue Jul 18 01:06:31 2017 +0100
Update to 4.12.2
Refresh aufs4 patches by hand, as there is no release for 4.12 yet.
Refresh lockdown patches with genpatch.py and then by hand, as the
branch is a little out of date and many patches went upstream.
[rt] Disable until it is updated for 4.12 or later
---
debian/changelog | 9 +-
debian/config/defines | 2 +-
...emove-redundant-log-messages-from-drivers.patch | 80 ++-
...-not-use-hyphen-in-exported-variable-name.patch | 15 +-
.../all/kbuild-use-nostdinc-in-compile-tests.patch | 18 +-
.../all/nfsv4-fix-callback-server-shutdown.patch | 147 -----
.../all/sunrpc-refactor-svc_set_num_threads.patch | 154 -----
...d-remove-bpf-run-time-check-at-build-time.patch | 14 +-
...-strlcpy-instead-of-strcpy-in-__trace_fin.patch | 34 -
...otential-format-overflow-in-userspace-too.patch | 106 ---
...-alpha-move-exports-to-actual-definitions.patch | 152 +----
...-missing-crcs-add-yet-more-asm-prototypes.patch | 27 -
.../powerpc-remove-mac-on-linux-hooks.patch | 53 --
.../revert-sparc-move-exports-to-definitions.patch | 18 +-
...rryview-extend-the-chromebook-dmi-quirk-t.patch | 59 --
...ble-auto-loading-as-mitigation-against-lo.patch | 11 +-
debian/patches/debian/mips-disable-werror.patch | 15 +-
.../features/all/aufs4/aufs4-standalone.patch | 122 ++--
...i-add-dmi_product_family-identification-s.patch | 61 --
...dule-params-that-specify-hardware-paramet.patch | 117 ----
...rdware-config-module-parameters-in-arch-x.patch | 51 --
...rdware-config-module-parameters-in-driver.patch | 85 ---
...rdware-config-module-parameters-in-driver.patch | 51 --
...rdware-config-module-parameters-in-driver.patch | 49 --
...rdware-config-module-parameters-in-driver.patch | 48 --
...rdware-config-module-parameters-in-driver.patch | 48 --
...rdware-config-module-parameters-in-driver.patch | 124 ----
...rdware-config-module-parameters-in-driver.patch | 157 -----
...rdware-config-module-parameters-in-driver.patch | 61 --
...rdware-config-module-parameters-in-driver.patch | 79 ---
...rdware-config-module-parameters-in-driver.patch | 88 ---
...rdware-config-module-parameters-in-driver.patch | 83 ---
...rdware-config-module-parameters-in-driver.patch | 45 --
...rdware-config-module-parameters-in-driver.patch | 55 --
...rdware-config-module-parameters-in-driver.patch | 47 --
...rdware-config-module-parameters-in-driver.patch | 81 ---
...rdware-config-module-parameters-in-driver.patch | 87 ---
...rdware-config-module-parameters-in-driver.patch | 234 -------
...rdware-config-module-parameters-in-driver.patch | 111 ----
...rdware-config-module-parameters-in-driver.patch | 125 ----
...rdware-config-module-parameters-in-driver.patch | 112 ----
...rdware-config-module-parameters-in-driver.patch | 50 --
...rdware-config-module-parameters-in-driver.patch | 55 --
...rdware-config-module-parameters-in-driver.patch | 48 --
...rdware-config-module-parameters-in-driver.patch | 75 ---
...rdware-config-module-parameters-in-driver.patch | 127 +---
...rdware-config-module-parameters-in-driver.patch | 53 --
...rdware-config-module-parameters-in-driver.patch | 76 ---
...rdware-config-module-parameters-in-driver.patch | 61 --
...rdware-config-module-parameters-in-driver.patch | 144 ----
...rdware-config-module-parameters-in-driver.patch | 80 ---
...rdware-config-module-parameters-in-driver.patch | 111 ----
...rdware-config-module-parameters-in-fs-pst.patch | 48 --
...rdware-config-module-parameters-in-sound-.patch | 84 ---
...rdware-config-module-parameters-in-sound-.patch | 731 ---------------------
...rdware-config-module-parameters-in-sound-.patch | 320 ---------
...rdware-config-module-parameters-in-sound-.patch | 154 -----
...atch => 0038-efi-Add-EFI_SECURE_BOOT-bit.patch} | 2 +-
...ity-to-lock-down-access-to-the-running-k.patch} | 2 +-
...n-the-kernel-if-booted-in-secure-boot-mo.patch} | 12 +-
...le-signatures-if-the-kernel-is-locked-do.patch} | 2 +-
...-mem-and-dev-kmem-when-the-kernel-is-loc.patch} | 8 +-
...-a-sysrq-option-to-exit-secure-boot-mode.patch} | 41 +-
...e-at-runtime-if-the-kernel-is-locked-dow.patch} | 2 +-
...boot-flag-in-boot-params-across-kexec-re.patch} | 2 +-
...isable-at-runtime-if-securelevel-has-bee.patch} | 2 +-
...e-Disable-when-the-kernel-is-locked-down.patch} | 2 +-
...p-Disable-when-the-kernel-is-locked-down.patch} | 2 +-
...n-BAR-access-when-the-kernel-is-locked-d.patch} | 25 +-
...n-IO-port-access-when-the-kernel-is-lock.patch} | 2 +-
...-MSR-access-when-the-kernel-is-locked-do.patch} | 2 +-
...trict-debugfs-interface-when-the-kernel-.patch} | 2 +-
...ccess-to-custom_method-when-the-kernel-i.patch} | 2 +-
...acpi_rsdp-kernel-param-when-the-kernel-h.patch} | 2 +-
...-ACPI-table-override-if-the-kernel-is-lo.patch} | 2 +-
...-APEI-error-injection-if-the-kernel-is-l.patch} | 2 +-
...-kernel-image-access-functions-when-the-.patch} | 2 +-
...h => 0058-scsi-Lock-down-the-eata-driver.patch} | 2 +-
...CIA-CIS-storage-when-the-kernel-is-locke.patch} | 2 +-
...RIAL.patch => 0060-Lock-down-TIOCSSERIAL.patch} | 2 +-
...dule-params-that-specify-hardware-parame.patch} | 2 +-
debian/patches/series | 93 +--
82 files changed, 252 insertions(+), 5219 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index ca747c8..b912cd7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,13 @@
-linux (4.11.11-2) UNRELEASED; urgency=medium
+linux (4.12.2-1~exp1) UNRELEASED; urgency=medium
+ * New upstream release: https://kernelnewbies.org/Linux_4.12
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.2
+
+ [ Ben Hutchings ]
* Add script to regenerate lockdown patch series from git
+ * [rt] Disable until it is updated for 4.12 or later
-- Ben Hutchings <ben at decadent.org.uk> Tue, 18 Jul 2017 00:04:07 +0100
diff --git a/debian/config/defines b/debian/config/defines
index 5ac9c6e..03e509c 100644
--- a/debian/config/defines
+++ b/debian/config/defines
@@ -95,7 +95,7 @@ debug-info: true
signed-modules: false
[featureset-rt_base]
-enabled: true
+enabled: false
[description]
part-long-up: This kernel is not suitable for SMP (multi-processor,
diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
index fe0d5f1..7f9d96d 100644
--- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
+++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
@@ -53,7 +53,7 @@ upstream submission.
/* disable MPU */
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
-@@ -734,10 +734,8 @@ static enum ucode_state request_microcod
+@@ -732,10 +732,8 @@ static enum ucode_state request_microcod
if (c->x86 >= 0x15)
snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
@@ -168,7 +168,7 @@ upstream submission.
--- a/drivers/bluetooth/btmrvl_sdio.c
+++ b/drivers/bluetooth/btmrvl_sdio.c
-@@ -452,8 +452,6 @@ static int btmrvl_sdio_download_helper(s
+@@ -455,8 +455,6 @@ static int btmrvl_sdio_download_helper(s
ret = request_firmware(&fw_helper, card->helper,
&card->func->dev);
if ((ret < 0) || !fw_helper) {
@@ -177,7 +177,7 @@ upstream submission.
ret = -ENOENT;
goto done;
}
-@@ -552,8 +550,6 @@ static int btmrvl_sdio_download_fw_w_hel
+@@ -555,8 +553,6 @@ static int btmrvl_sdio_download_fw_w_hel
ret = request_firmware(&fw_firmware, card->firmware,
&card->func->dev);
if ((ret < 0) || !fw_firmware) {
@@ -203,7 +203,7 @@ upstream submission.
fw->size, fw_name);
--- a/drivers/dma/imx-sdma.c
+++ b/drivers/dma/imx-sdma.c
-@@ -1438,11 +1438,8 @@ static void sdma_load_firmware(const str
+@@ -1453,11 +1453,8 @@ static void sdma_load_firmware(const str
const struct sdma_script_start_addrs *addr;
unsigned short *ram_code;
@@ -233,7 +233,7 @@ upstream submission.
where = 0;
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
-@@ -1821,10 +1821,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr
+@@ -1833,10 +1833,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr
if (ret) {
snprintf(f, sizeof(f), "nouveau/%s", fwname);
ret = request_firmware(&fw, f, device->dev);
@@ -252,50 +252,47 @@ upstream submission.
rc = request_firmware(&fw, FIRMWARE_NAME, &pdev->dev);
platform_device_unregister(pdev);
- if (rc) {
-- printk(KERN_ERR "r128_cce: Failed to load firmware \"%s\"\n",
+- pr_err("r128_cce: Failed to load firmware \"%s\"\n",
- FIRMWARE_NAME);
+ if (rc)
return rc;
- }
if (fw->size != 256 * 8) {
- printk(KERN_ERR
+ pr_err("r128_cce: Bogus length %zu in firmware \"%s\"\n",
--- a/drivers/gpu/drm/radeon/ni.c
+++ b/drivers/gpu/drm/radeon/ni.c
-@@ -837,10 +837,6 @@ int ni_init_microcode(struct radeon_devi
+@@ -830,9 +830,6 @@ int ni_init_microcode(struct radeon_devi
out:
if (err) {
- if (err != -EINVAL)
-- printk(KERN_ERR
-- "ni_cp: Failed to load firmware \"%s\"\n",
+- pr_err("ni_cp: Failed to load firmware \"%s\"\n",
- fw_name);
release_firmware(rdev->pfp_fw);
rdev->pfp_fw = NULL;
release_firmware(rdev->me_fw);
--- a/drivers/gpu/drm/radeon/r100.c
+++ b/drivers/gpu/drm/radeon/r100.c
-@@ -1041,10 +1041,7 @@ static int r100_cp_init_microcode(struct
+@@ -1041,9 +1041,7 @@ static int r100_cp_init_microcode(struct
}
err = request_firmware(&rdev->me_fw, fw_name, rdev->dev);
- if (err) {
-- printk(KERN_ERR "radeon_cp: Failed to load firmware \"%s\"\n",
-- fw_name);
+- pr_err("radeon_cp: Failed to load firmware \"%s\"\n", fw_name);
- } else if (rdev->me_fw->size % 8) {
+ if (err == 0 && rdev->me_fw->size % 8) {
- printk(KERN_ERR
- "radeon_cp: Bogus length %zu in firmware \"%s\"\n",
+ pr_err("radeon_cp: Bogus length %zu in firmware \"%s\"\n",
rdev->me_fw->size, fw_name);
+ err = -EINVAL;
--- a/drivers/gpu/drm/radeon/r600.c
+++ b/drivers/gpu/drm/radeon/r600.c
-@@ -2599,10 +2599,6 @@ int r600_init_microcode(struct radeon_de
+@@ -2593,9 +2593,6 @@ int r600_init_microcode(struct radeon_de
out:
if (err) {
- if (err != -EINVAL)
-- printk(KERN_ERR
-- "r600_cp: Failed to load firmware \"%s\"\n",
+- pr_err("r600_cp: Failed to load firmware \"%s\"\n",
- fw_name);
release_firmware(rdev->pfp_fw);
rdev->pfp_fw = NULL;
@@ -316,7 +313,7 @@ upstream submission.
ret = qib_ibsd_ucode_loaded(dd->pport, fw);
--- a/drivers/input/touchscreen/atmel_mxt_ts.c
+++ b/drivers/input/touchscreen/atmel_mxt_ts.c
-@@ -2714,10 +2714,8 @@ static int mxt_load_fw(struct device *de
+@@ -2715,10 +2715,8 @@ static int mxt_load_fw(struct device *de
int ret;
ret = request_firmware(&fw, fn, dev);
@@ -505,7 +502,7 @@ upstream submission.
if (state->microcode == NULL) {
--- a/drivers/media/dvb-frontends/drxk_hard.c
+++ b/drivers/media/dvb-frontends/drxk_hard.c
-@@ -6280,10 +6280,6 @@ static void load_firmware_cb(const struc
+@@ -6281,10 +6281,6 @@ static void load_firmware_cb(const struc
dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded");
if (!fw) {
@@ -911,7 +908,7 @@ upstream submission.
pr_err("ERROR: Firmware size mismatch (have %zu, expected %d)\n",
--- a/drivers/media/pci/cx23885/cx23885-cards.c
+++ b/drivers/media/pci/cx23885/cx23885-cards.c
-@@ -2339,10 +2339,7 @@ void cx23885_card_setup(struct cx23885_d
+@@ -2338,10 +2338,7 @@ void cx23885_card_setup(struct cx23885_d
cinfo.rev, filename);
ret = request_firmware(&fw, filename, &dev->pci->dev);
@@ -1022,7 +1019,7 @@ upstream submission.
pdata = (__le32 *) &dev->fw_data->fw->data[fw_size - 8];
--- a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c
-@@ -95,10 +95,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc
+@@ -66,10 +66,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc
}
}
@@ -1031,7 +1028,7 @@ upstream submission.
+ if (err != 0)
return -EINVAL;
- }
- if (fw_blob->size > dev->fw_size) {
+ if (fw_blob->size > dev->fw_buf.size) {
mfc_err("MFC firmware is too big to be loaded\n");
release_firmware(fw_blob);
--- a/drivers/media/pci/saa7164/saa7164-fw.c
@@ -1081,7 +1078,7 @@ upstream submission.
/* parse the firmware */
--- a/drivers/net/ethernet/3com/typhoon.c
+++ b/drivers/net/ethernet/3com/typhoon.c
-@@ -1284,11 +1284,8 @@ typhoon_request_firmware(struct typhoon
+@@ -1283,11 +1283,8 @@ typhoon_request_firmware(struct typhoon
return 0;
err = request_firmware(&typhoon_fw, FIRMWARE_NAME, &tp->pdev->dev);
@@ -1176,7 +1173,7 @@ upstream submission.
if (rc) {
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
-@@ -11350,11 +11350,8 @@ static int tg3_request_firmware(struct t
+@@ -11357,11 +11357,8 @@ static int tg3_request_firmware(struct t
{
const struct tg3_firmware_hdr *fw_hdr;
@@ -1284,7 +1281,7 @@ upstream submission.
for (i = 0; i < fw->size; i++) {
--- a/drivers/net/ethernet/sun/cassini.c
+++ b/drivers/net/ethernet/sun/cassini.c
-@@ -816,11 +816,8 @@ static void cas_saturn_firmware_init(str
+@@ -817,11 +817,8 @@ static void cas_saturn_firmware_init(str
return;
err = request_firmware(&fw, fw_name, &cp->pdev->dev);
@@ -1314,7 +1311,7 @@ upstream submission.
fw->size, fw_name[predef]);
--- a/drivers/net/usb/kaweth.c
+++ b/drivers/net/usb/kaweth.c
-@@ -392,10 +392,8 @@ static int kaweth_download_firmware(stru
+@@ -390,10 +390,8 @@ static int kaweth_download_firmware(stru
int ret;
ret = request_firmware(&fw, fwname, &kaweth->dev->dev);
@@ -1369,7 +1366,7 @@ upstream submission.
fwh = (struct at76_fw_header *)(fwe->fw->data);
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
-@@ -1161,9 +1161,6 @@ static void ath9k_hif_usb_firmware_cb(co
+@@ -1162,9 +1162,6 @@ static void ath9k_hif_usb_firmware_cb(co
if (!ret)
return;
@@ -1509,18 +1506,15 @@ upstream submission.
else
--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
-@@ -222,10 +222,8 @@ static int iwl_request_firmware(struct i
- sprintf(tag, "%d", drv->fw_index);
+@@ -230,8 +230,6 @@ static int iwl_request_firmware(struct i
}
-- if (drv->fw_index < drv->trans->cfg->ucode_api_min) {
+ if (drv->fw_index < cfg->ucode_api_min) {
- IWL_ERR(drv, "no suitable firmware found!\n");
-+ if (drv->fw_index < drv->trans->cfg->ucode_api_min)
- return -ENOENT;
-- }
-
- snprintf(drv->firmware_name, sizeof(drv->firmware_name), "%s%s.ucode",
- name_pre, tag);
+-
+ if (cfg->ucode_api_min == cfg->ucode_api_max) {
+ IWL_ERR(drv, "%s%d is required\n", fw_pre_name,
+ cfg->ucode_api_max);
--- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c
+++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c
@@ -818,8 +818,6 @@ static int if_usb_prog_firmware(struct i
@@ -1534,7 +1528,7 @@ upstream submission.
}
--- a/drivers/net/wireless/marvell/mwifiex/main.c
+++ b/drivers/net/wireless/marvell/mwifiex/main.c
-@@ -521,11 +521,8 @@ static void mwifiex_fw_dpc(const struct
+@@ -522,11 +522,8 @@ static int _mwifiex_fw_dpc(const struct
struct wireless_dev *wdev;
struct completion *fw_done = adapter->fw_done;
@@ -1628,7 +1622,7 @@ upstream submission.
--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
-@@ -1665,7 +1665,6 @@ static int ezusb_probe(struct usb_interf
+@@ -1678,7 +1678,6 @@ static int ezusb_probe(struct usb_interf
if (ezusb_firmware_download(upriv, &firmware) < 0)
goto error;
} else {
@@ -1868,7 +1862,7 @@ upstream submission.
}
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
-@@ -4041,10 +4041,8 @@ static ssize_t ipr_store_update_fw(struc
+@@ -4083,10 +4083,8 @@ static ssize_t ipr_store_update_fw(struc
if (endline)
*endline = '\0';
@@ -1941,7 +1935,7 @@ upstream submission.
if (qla82xx_validate_firmware_blob(vha,
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
-@@ -5956,8 +5956,6 @@ qla2x00_request_firmware(scsi_qla_host_t
+@@ -5967,8 +5967,6 @@ qla2x00_request_firmware(scsi_qla_host_t
goto out;
if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) {
@@ -2342,7 +2336,7 @@ upstream submission.
--- a/drivers/usb/serial/ti_usb_3410_5052.c
+++ b/drivers/usb/serial/ti_usb_3410_5052.c
-@@ -1702,10 +1702,8 @@ static int ti_download_firmware(struct t
+@@ -1696,10 +1696,8 @@ static int ti_download_firmware(struct t
}
check_firmware:
@@ -2499,7 +2493,7 @@ upstream submission.
snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®);
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
-@@ -1827,10 +1827,8 @@ static void azx_firmware_cb(const struct
+@@ -1958,10 +1958,8 @@ static void azx_firmware_cb(const struct
struct azx *chip = card->private_data;
struct pci_dev *pci = chip->pci;
diff --git a/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch b/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
index 8082687..de4a9d0 100644
--- a/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
+++ b/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
@@ -30,21 +30,12 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
include include/config/auto.conf
include scripts/Kbuild.include
-@@ -22,7 +22,7 @@ include $(src)/Makefile
-
- PHONY += __dtbs_install_prep
- __dtbs_install_prep:
--ifeq ("$(dtbinst-root)", "$(obj)")
-+ifeq ("$(dtbinst_root)", "$(obj)")
- $(Q)mkdir -p $(INSTALL_DTBS_PATH)
- endif
-
-@@ -33,7 +33,7 @@ dtbinst-dirs := $(dts-dirs)
+@@ -27,7 +27,7 @@ dtbinst-dirs := $(dts-dirs)
quiet_cmd_dtb_install = INSTALL $<
cmd_dtb_install = mkdir -p $(2); cp $< $(2)
-install-dir = $(patsubst $(dtbinst-root)%,$(INSTALL_DTBS_PATH)%,$(obj))
+install-dir = $(patsubst $(dtbinst_root)%,$(INSTALL_DTBS_PATH)%,$(obj))
- $(dtbinst-files) $(dtbinst-dirs): | __dtbs_install_prep
-
+ $(dtbinst-files): %.dtb: $(obj)/%.dtb
+ $(call cmd,dtb_install,$(install-dir))
diff --git a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
index 2b136e6..4c52350 100644
--- a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
+++ b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
@@ -26,14 +26,14 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)
cc-option = $(call try-run,\
-- $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
-+ $(CC) $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
+- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
++ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
# cc-option-yn
# Usage: flag := $(call cc-option-yn,-march=winchip-c6)
cc-option-yn = $(call try-run,\
-- $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
-+ $(CC) $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
+- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
++ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
# cc-option-align
# Prefix align with either -falign or -malign
@@ -41,8 +41,8 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# cc-disable-warning
# Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable)
cc-disable-warning = $(call try-run,\
-- $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
-+ $(CC) $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
+- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
++ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
# cc-name
# Expands to either gcc or clang
@@ -60,7 +60,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# cc-ifversion
# Usage: EXTRA_CFLAGS += $(call cc-ifversion, -lt, 0402, -O1)
-@@ -156,7 +157,7 @@ cc-ldoption = $(call try-run,\
+@@ -160,7 +161,7 @@ cc-ldoption = $(call try-run,\
# ld-option
# Usage: LDFLAGS += $(call ld-option, -X)
ld-option = $(call try-run,\
@@ -71,7 +71,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# Usage: KBUILD_ARFLAGS := $(call ar-option,D)
--- a/Makefile
+++ b/Makefile
-@@ -642,6 +642,8 @@ endif
+@@ -648,6 +648,8 @@ endif
KBUILD_CFLAGS += $(call cc-ifversion, -lt, 0409, \
$(call cc-disable-warning,maybe-uninitialized,))
@@ -80,7 +80,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
-@@ -760,7 +762,7 @@ KBUILD_CFLAGS += $(call cc-option, -fno-
+@@ -787,7 +789,7 @@ KBUILD_CFLAGS += $(call cc-option,-fdata
endif
# arch Makefile may override CC so keep this after arch Makefile is included
diff --git a/debian/patches/bugfix/all/nfsv4-fix-callback-server-shutdown.patch b/debian/patches/bugfix/all/nfsv4-fix-callback-server-shutdown.patch
deleted file mode 100644
index 8533317..0000000
--- a/debian/patches/bugfix/all/nfsv4-fix-callback-server-shutdown.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From: Trond Myklebust <trond.myklebust at primarydata.com>
-Date: Wed, 26 Apr 2017 11:55:27 -0400
-Subject: [2/2] NFSv4: Fix callback server shutdown
-Origin: https://git.kernel.org/linus/ed6473ddc704a2005b9900ca08e236ebb2d8540a
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9059
-
-We want to use kthread_stop() in order to ensure the threads are
-shut down before we tear down the nfs_callback_info in nfs_callback_down.
-
-Tested-and-reviewed-by: Kinglong Mee <kinglongmee at gmail.com>
-Reported-by: Kinglong Mee <kinglongmee at gmail.com>
-Fixes: bb6aeba736ba9 ("NFSv4.x: Switch to using svc_set_num_threads()...")
-Signed-off-by: Trond Myklebust <trond.myklebust at primarydata.com>
-Signed-off-by: J. Bruce Fields <bfields at redhat.com>
----
- fs/nfs/callback.c | 24 ++++++++++++++++--------
- include/linux/sunrpc/svc.h | 1 +
- net/sunrpc/svc.c | 38 ++++++++++++++++++++++++++++++++++++++
- 3 files changed, 55 insertions(+), 8 deletions(-)
-
---- a/fs/nfs/callback.c
-+++ b/fs/nfs/callback.c
-@@ -75,7 +75,10 @@ nfs4_callback_svc(void *vrqstp)
-
- set_freezable();
-
-- while (!kthread_should_stop()) {
-+ while (!kthread_freezable_should_stop(NULL)) {
-+
-+ if (signal_pending(current))
-+ flush_signals(current);
- /*
- * Listen for a request on the socket
- */
-@@ -84,6 +87,8 @@ nfs4_callback_svc(void *vrqstp)
- continue;
- svc_process(rqstp);
- }
-+ svc_exit_thread(rqstp);
-+ module_put_and_exit(0);
- return 0;
- }
-
-@@ -102,9 +107,10 @@ nfs41_callback_svc(void *vrqstp)
-
- set_freezable();
-
-- while (!kthread_should_stop()) {
-- if (try_to_freeze())
-- continue;
-+ while (!kthread_freezable_should_stop(NULL)) {
-+
-+ if (signal_pending(current))
-+ flush_signals(current);
-
- prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
- spin_lock_bh(&serv->sv_cb_lock);
-@@ -120,11 +126,13 @@ nfs41_callback_svc(void *vrqstp)
- error);
- } else {
- spin_unlock_bh(&serv->sv_cb_lock);
-- schedule();
-+ if (!kthread_should_stop())
-+ schedule();
- finish_wait(&serv->sv_cb_waitq, &wq);
- }
-- flush_signals(current);
- }
-+ svc_exit_thread(rqstp);
-+ module_put_and_exit(0);
- return 0;
- }
-
-@@ -220,14 +228,14 @@ err_bind:
- static struct svc_serv_ops nfs40_cb_sv_ops = {
- .svo_function = nfs4_callback_svc,
- .svo_enqueue_xprt = svc_xprt_do_enqueue,
-- .svo_setup = svc_set_num_threads,
-+ .svo_setup = svc_set_num_threads_sync,
- .svo_module = THIS_MODULE,
- };
- #if defined(CONFIG_NFS_V4_1)
- static struct svc_serv_ops nfs41_cb_sv_ops = {
- .svo_function = nfs41_callback_svc,
- .svo_enqueue_xprt = svc_xprt_do_enqueue,
-- .svo_setup = svc_set_num_threads,
-+ .svo_setup = svc_set_num_threads_sync,
- .svo_module = THIS_MODULE,
- };
-
---- a/include/linux/sunrpc/svc.h
-+++ b/include/linux/sunrpc/svc.h
-@@ -470,6 +470,7 @@ void svc_pool_map_put(void);
- struct svc_serv * svc_create_pooled(struct svc_program *, unsigned int,
- struct svc_serv_ops *);
- int svc_set_num_threads(struct svc_serv *, struct svc_pool *, int);
-+int svc_set_num_threads_sync(struct svc_serv *, struct svc_pool *, int);
- int svc_pool_stats_open(struct svc_serv *serv, struct file *file);
- void svc_destroy(struct svc_serv *);
- void svc_shutdown_net(struct svc_serv *, struct net *);
---- a/net/sunrpc/svc.c
-+++ b/net/sunrpc/svc.c
-@@ -795,6 +795,44 @@ svc_set_num_threads(struct svc_serv *ser
- }
- EXPORT_SYMBOL_GPL(svc_set_num_threads);
-
-+/* destroy old threads */
-+static int
-+svc_stop_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
-+{
-+ struct task_struct *task;
-+ unsigned int state = serv->sv_nrthreads-1;
-+
-+ /* destroy old threads */
-+ do {
-+ task = choose_victim(serv, pool, &state);
-+ if (task == NULL)
-+ break;
-+ kthread_stop(task);
-+ nrservs++;
-+ } while (nrservs < 0);
-+ return 0;
-+}
-+
-+int
-+svc_set_num_threads_sync(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
-+{
-+ if (pool == NULL) {
-+ /* The -1 assumes caller has done a svc_get() */
-+ nrservs -= (serv->sv_nrthreads-1);
-+ } else {
-+ spin_lock_bh(&pool->sp_lock);
-+ nrservs -= pool->sp_nrthreads;
-+ spin_unlock_bh(&pool->sp_lock);
-+ }
-+
-+ if (nrservs > 0)
-+ return svc_start_kthreads(serv, pool, nrservs);
-+ if (nrservs < 0)
-+ return svc_stop_kthreads(serv, pool, nrservs);
-+ return 0;
-+}
-+EXPORT_SYMBOL_GPL(svc_set_num_threads_sync);
-+
- /*
- * Called from a server thread as it's exiting. Caller must hold the "service
- * mutex" for the service.
diff --git a/debian/patches/bugfix/all/sunrpc-refactor-svc_set_num_threads.patch b/debian/patches/bugfix/all/sunrpc-refactor-svc_set_num_threads.patch
deleted file mode 100644
index 5fae928..0000000
--- a/debian/patches/bugfix/all/sunrpc-refactor-svc_set_num_threads.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From: Trond Myklebust <trond.myklebust at primarydata.com>
-Date: Wed, 26 Apr 2017 11:55:26 -0400
-Subject: [1/2] SUNRPC: Refactor svc_set_num_threads()
-Origin: https://git.kernel.org/linus/9e0d87680d689f1758185851c3da6eafb16e71e1
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9059
-
-Refactor to separate out the functions of starting and stopping threads
-so that they can be used in other helpers.
-
-Signed-off-by: Trond Myklebust <trond.myklebust at primarydata.com>
-Tested-and-reviewed-by: Kinglong Mee <kinglongmee at gmail.com>
-Signed-off-by: J. Bruce Fields <bfields at redhat.com>
----
- net/sunrpc/svc.c | 96 ++++++++++++++++++++++++++++++++++----------------------
- 1 file changed, 58 insertions(+), 38 deletions(-)
-
-diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index a08aeb56b8e4..98dc33ae738b 100644
---- a/net/sunrpc/svc.c
-+++ b/net/sunrpc/svc.c
-@@ -702,59 +702,32 @@ choose_victim(struct svc_serv *serv, struct svc_pool *pool, unsigned int *state)
- return task;
- }
-
--/*
-- * Create or destroy enough new threads to make the number
-- * of threads the given number. If `pool' is non-NULL, applies
-- * only to threads in that pool, otherwise round-robins between
-- * all pools. Caller must ensure that mutual exclusion between this and
-- * server startup or shutdown.
-- *
-- * Destroying threads relies on the service threads filling in
-- * rqstp->rq_task, which only the nfs ones do. Assumes the serv
-- * has been created using svc_create_pooled().
-- *
-- * Based on code that used to be in nfsd_svc() but tweaked
-- * to be pool-aware.
-- */
--int
--svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
-+/* create new threads */
-+static int
-+svc_start_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
- {
- struct svc_rqst *rqstp;
- struct task_struct *task;
- struct svc_pool *chosen_pool;
-- int error = 0;
- unsigned int state = serv->sv_nrthreads-1;
- int node;
-
-- if (pool == NULL) {
-- /* The -1 assumes caller has done a svc_get() */
-- nrservs -= (serv->sv_nrthreads-1);
-- } else {
-- spin_lock_bh(&pool->sp_lock);
-- nrservs -= pool->sp_nrthreads;
-- spin_unlock_bh(&pool->sp_lock);
-- }
--
-- /* create new threads */
-- while (nrservs > 0) {
-+ do {
- nrservs--;
- chosen_pool = choose_pool(serv, pool, &state);
-
- node = svc_pool_map_get_node(chosen_pool->sp_id);
- rqstp = svc_prepare_thread(serv, chosen_pool, node);
-- if (IS_ERR(rqstp)) {
-- error = PTR_ERR(rqstp);
-- break;
-- }
-+ if (IS_ERR(rqstp))
-+ return PTR_ERR(rqstp);
-
- __module_get(serv->sv_ops->svo_module);
- task = kthread_create_on_node(serv->sv_ops->svo_function, rqstp,
- node, "%s", serv->sv_name);
- if (IS_ERR(task)) {
-- error = PTR_ERR(task);
- module_put(serv->sv_ops->svo_module);
- svc_exit_thread(rqstp);
-- break;
-+ return PTR_ERR(task);
- }
-
- rqstp->rq_task = task;
-@@ -763,15 +736,62 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
-
- svc_sock_update_bufs(serv);
- wake_up_process(task);
-- }
-+ } while (nrservs > 0);
-+
-+ return 0;
-+}
-+
-+
-+/* destroy old threads */
-+static int
-+svc_signal_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
-+{
-+ struct task_struct *task;
-+ unsigned int state = serv->sv_nrthreads-1;
-+
- /* destroy old threads */
-- while (nrservs < 0 &&
-- (task = choose_victim(serv, pool, &state)) != NULL) {
-+ do {
-+ task = choose_victim(serv, pool, &state);
-+ if (task == NULL)
-+ break;
- send_sig(SIGINT, task, 1);
- nrservs++;
-+ } while (nrservs < 0);
-+
-+ return 0;
-+}
-+
-+/*
-+ * Create or destroy enough new threads to make the number
-+ * of threads the given number. If `pool' is non-NULL, applies
-+ * only to threads in that pool, otherwise round-robins between
-+ * all pools. Caller must ensure that mutual exclusion between this and
-+ * server startup or shutdown.
-+ *
-+ * Destroying threads relies on the service threads filling in
-+ * rqstp->rq_task, which only the nfs ones do. Assumes the serv
-+ * has been created using svc_create_pooled().
-+ *
-+ * Based on code that used to be in nfsd_svc() but tweaked
-+ * to be pool-aware.
-+ */
-+int
-+svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
-+{
-+ if (pool == NULL) {
-+ /* The -1 assumes caller has done a svc_get() */
-+ nrservs -= (serv->sv_nrthreads-1);
-+ } else {
-+ spin_lock_bh(&pool->sp_lock);
-+ nrservs -= pool->sp_nrthreads;
-+ spin_unlock_bh(&pool->sp_lock);
- }
-
-- return error;
-+ if (nrservs > 0)
-+ return svc_start_kthreads(serv, pool, nrservs);
-+ if (nrservs < 0)
-+ return svc_signal_kthreads(serv, pool, nrservs);
-+ return 0;
- }
- EXPORT_SYMBOL_GPL(svc_set_num_threads);
-
diff --git a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
index 9d07fbc..a8b6475 100644
--- a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
+++ b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
@@ -7,23 +7,13 @@ It is not correct to test that a syscall works on the build system's
kernel. We might be building on an earlier kernel version or with
security restrictions that block bpf().
-Also fix the test for whether __NR_bpf is defined.
-
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
--- a/tools/build/feature/test-bpf.c
+++ b/tools/build/feature/test-bpf.c
-@@ -9,6 +9,7 @@
- # define __NR_bpf 321
- # elif defined(__aarch64__)
- # define __NR_bpf 280
-+# else
- # error __NR_bpf not defined. libbpf does not support your arch.
- # endif
- #endif
-@@ -27,9 +28,5 @@ int main(void)
- attr.log_level = 0;
+@@ -31,9 +31,5 @@ int main(void)
attr.kern_version = 0;
+ attr.prog_flags = 0;
- /*
- * Test existence of __NR_bpf and BPF_PROG_LOAD.
diff --git a/debian/patches/bugfix/all/tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch b/debian/patches/bugfix/all/tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch
deleted file mode 100644
index 2a97a2d..0000000
--- a/debian/patches/bugfix/all/tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Amey Telawane <ameyt at codeaurora.org>
-Date: Wed, 3 May 2017 15:41:14 +0530
-Subject: tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
-Origin: https://git.kernel.org/linus/e09e28671cda63e6308b31798b997639120e2a21
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-0605
-
-Strcpy is inherently not safe, and strlcpy() should be used instead.
-__trace_find_cmdline() uses strcpy() because the comms saved must have a
-terminating nul character, but it doesn't hurt to add the extra protection
-of using strlcpy() instead of strcpy().
-
-Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@linaro.org
-
-Signed-off-by: Amey Telawane <ameyt at codeaurora.org>
-[AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
-https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477]
-Signed-off-by: Amit Pundir <amit.pundir at linaro.org>
-[ Updated change log and removed the "- 1" from len parameter ]
-Signed-off-by: Steven Rostedt (VMware) <rostedt at goodmis.org>
----
- kernel/trace/trace.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/kernel/trace/trace.c
-+++ b/kernel/trace/trace.c
-@@ -1862,7 +1862,7 @@ static void __trace_find_cmdline(int pid
-
- map = savedcmd->map_pid_to_cmdline[pid];
- if (map != NO_CMDLINE_MAP)
-- strcpy(comm, get_saved_cmdlines(map));
-+ strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
- else
- strcpy(comm, "<...>");
- }
diff --git a/debian/patches/bugfix/all/usbip-Fix-potential-format-overflow-in-userspace-too.patch b/debian/patches/bugfix/all/usbip-Fix-potential-format-overflow-in-userspace-too.patch
deleted file mode 100644
index 77bdc93..0000000
--- a/debian/patches/bugfix/all/usbip-Fix-potential-format-overflow-in-userspace-too.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From: Jonathan Dieter <jdieter at lesbg.com>
-Date: Mon, 27 Feb 2017 10:31:03 +0200
-Subject: usbip: Fix potential format overflow in userspace tools
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit?id=e5dfa3f902b9a642ae8c6997d57d7c41e384a90b
-
-The usbip userspace tools call sprintf()/snprintf() and don't check for
-the return value which can lead the paths to overflow, truncating the
-final file in the path.
-
-More urgently, GCC 7 now warns that these aren't checked with
--Wformat-overflow, and with -Werror enabled in configure.ac, that makes
-these tools unbuildable.
-
-This patch fixes these problems by replacing sprintf() with snprintf() in
-one place and adding checks for the return value of snprintf().
-
-Reviewed-by: Peter Senna Tschudin <peter.senna at gmail.com>
-Signed-off-by: Jonathan Dieter <jdieter at lesbg.com>
-Acked-by: Shuah Khan <shuahkh at osg.samsung.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- tools/usb/usbip/libsrc/usbip_common.c | 9 ++++++++-
- tools/usb/usbip/libsrc/usbip_host_common.c | 28 +++++++++++++++++++++++-----
- 2 files changed, 31 insertions(+), 6 deletions(-)
-
-diff --git a/tools/usb/usbip/libsrc/usbip_common.c b/tools/usb/usbip/libsrc/usbip_common.c
-index ac73710473de..1517a232ab18 100644
---- a/tools/usb/usbip/libsrc/usbip_common.c
-+++ b/tools/usb/usbip/libsrc/usbip_common.c
-@@ -215,9 +215,16 @@ int read_usb_interface(struct usbip_usb_device *udev, int i,
- struct usbip_usb_interface *uinf)
- {
- char busid[SYSFS_BUS_ID_SIZE];
-+ int size;
- struct udev_device *sif;
-
-- sprintf(busid, "%s:%d.%d", udev->busid, udev->bConfigurationValue, i);
-+ size = snprintf(busid, sizeof(busid), "%s:%d.%d",
-+ udev->busid, udev->bConfigurationValue, i);
-+ if (size < 0 || (unsigned int)size >= sizeof(busid)) {
-+ err("busid length %i >= %lu or < 0", size,
-+ (long unsigned)sizeof(busid));
-+ return -1;
-+ }
-
- sif = udev_device_new_from_subsystem_sysname(udev_context, "usb", busid);
- if (!sif) {
-diff --git a/tools/usb/usbip/libsrc/usbip_host_common.c b/tools/usb/usbip/libsrc/usbip_host_common.c
-index 9d415228883d..6ff7b601f854 100644
---- a/tools/usb/usbip/libsrc/usbip_host_common.c
-+++ b/tools/usb/usbip/libsrc/usbip_host_common.c
-@@ -40,13 +40,20 @@ struct udev *udev_context;
- static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
- {
- char status_attr_path[SYSFS_PATH_MAX];
-+ int size;
- int fd;
- int length;
- char status;
- int value = 0;
-
-- snprintf(status_attr_path, SYSFS_PATH_MAX, "%s/usbip_status",
-- udev->path);
-+ size = snprintf(status_attr_path, sizeof(status_attr_path),
-+ "%s/usbip_status", udev->path);
-+ if (size < 0 || (unsigned int)size >= sizeof(status_attr_path)) {
-+ err("usbip_status path length %i >= %lu or < 0", size,
-+ (long unsigned)sizeof(status_attr_path));
-+ return -1;
-+ }
-+
-
- fd = open(status_attr_path, O_RDONLY);
- if (fd < 0) {
-@@ -218,6 +225,7 @@ int usbip_export_device(struct usbip_exported_device *edev, int sockfd)
- {
- char attr_name[] = "usbip_sockfd";
- char sockfd_attr_path[SYSFS_PATH_MAX];
-+ int size;
- char sockfd_buff[30];
- int ret;
-
-@@ -237,10 +245,20 @@ int usbip_export_device(struct usbip_exported_device *edev, int sockfd)
- }
-
- /* only the first interface is true */
-- snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s",
-- edev->udev.path, attr_name);
-+ size = snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s",
-+ edev->udev.path, attr_name);
-+ if (size < 0 || (unsigned int)size >= sizeof(sockfd_attr_path)) {
-+ err("exported device path length %i >= %lu or < 0", size,
-+ (long unsigned)sizeof(sockfd_attr_path));
-+ return -1;
-+ }
-
-- snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd);
-+ size = snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd);
-+ if (size < 0 || (unsigned int)size >= sizeof(sockfd_buff)) {
-+ err("socket length %i >= %lu or < 0", size,
-+ (long unsigned)sizeof(sockfd_buff));
-+ return -1;
-+ }
-
- ret = write_sysfs_attribute(sockfd_attr_path, sockfd_buff,
- strlen(sockfd_buff));
diff --git a/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch b/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
index 18998a5..e041716 100644
--- a/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
+++ b/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
@@ -6,6 +6,9 @@ Forwarded: not-needed
This reverts commit 00fc0e0dda6286407f3854cd71a125f519a5689c because
symbols exported from assembly don't automatically get modversions (ABI
hashes).
+
+Commit 8525023121de "alpha: switch __copy_user() and __do_clean_user() to
+normal calling conventions" renamed __do_clear_user() to __clear_user().
---
arch/alpha/include/asm/Kbuild | 1 -
arch/alpha/kernel/Makefile | 2 +-
@@ -51,11 +54,9 @@ hashes).
41 files changed, 131 insertions(+), 99 deletions(-)
create mode 100644 arch/alpha/kernel/alpha_ksyms.c
-diff --git a/arch/alpha/include/asm/Kbuild b/arch/alpha/include/asm/Kbuild
-index bf8475ce85ee..ffd9cf5ec8c4 100644
--- a/arch/alpha/include/asm/Kbuild
+++ b/arch/alpha/include/asm/Kbuild
-@@ -3,7 +3,6 @@
+@@ -2,7 +2,6 @@
generic-y += clkdev.h
generic-y += exec.h
@@ -63,8 +64,6 @@ index bf8475ce85ee..ffd9cf5ec8c4 100644
generic-y += irq_work.h
generic-y += mcs_spinlock.h
generic-y += mm-arch-hooks.h
-diff --git a/arch/alpha/kernel/Makefile b/arch/alpha/kernel/Makefile
-index 8ce13d7a2ad3..3ecac0106c8a 100644
--- a/arch/alpha/kernel/Makefile
+++ b/arch/alpha/kernel/Makefile
@@ -8,7 +8,7 @@ ccflags-y := -Wno-sign-compare
@@ -76,9 +75,6 @@ index 8ce13d7a2ad3..3ecac0106c8a 100644
obj-$(CONFIG_VGA_HOSE) += console.o
obj-$(CONFIG_SMP) += smp.o
-diff --git a/arch/alpha/kernel/alpha_ksyms.c b/arch/alpha/kernel/alpha_ksyms.c
-new file mode 100644
-index 000000000000..f4c7ab6f43b0
--- /dev/null
+++ b/arch/alpha/kernel/alpha_ksyms.c
@@ -0,0 +1,102 @@
@@ -154,7 +150,7 @@ index 000000000000..f4c7ab6f43b0
+ * The following are specially called from the uaccess assembly stubs.
+ */
+EXPORT_SYMBOL(__copy_user);
-+EXPORT_SYMBOL(__do_clear_user);
++EXPORT_SYMBOL(__clear_user);
+
+/*
+ * SMP-specific symbols.
@@ -184,8 +180,6 @@ index 000000000000..f4c7ab6f43b0
+EXPORT_SYMBOL(memcpy);
+EXPORT_SYMBOL(memset);
+EXPORT_SYMBOL(memchr);
-diff --git a/arch/alpha/kernel/machvec_impl.h b/arch/alpha/kernel/machvec_impl.h
-index b7d69604b6d2..d3398f6ab74c 100644
--- a/arch/alpha/kernel/machvec_impl.h
+++ b/arch/alpha/kernel/machvec_impl.h
@@ -144,11 +144,9 @@
@@ -202,11 +196,9 @@ index b7d69604b6d2..d3398f6ab74c 100644
+ asm(".global alpha_mv\nalpha_mv = " #system "_mv");
#endif
#endif /* GENERIC */
-diff --git a/arch/alpha/kernel/setup.c b/arch/alpha/kernel/setup.c
-index 4811e54069fc..b20af76f12c1 100644
--- a/arch/alpha/kernel/setup.c
+++ b/arch/alpha/kernel/setup.c
-@@ -115,7 +115,6 @@ unsigned long alpha_agpgart_size = DEFAULT_AGP_APER_SIZE;
+@@ -115,7 +115,6 @@ unsigned long alpha_agpgart_size = DEFAU
#ifdef CONFIG_ALPHA_GENERIC
struct alpha_machine_vector alpha_mv;
@@ -214,8 +206,6 @@ index 4811e54069fc..b20af76f12c1 100644
#endif
#ifndef alpha_using_srm
-diff --git a/arch/alpha/lib/callback_srm.S b/arch/alpha/lib/callback_srm.S
-index 6093addc931a..8804bec2c644 100644
--- a/arch/alpha/lib/callback_srm.S
+++ b/arch/alpha/lib/callback_srm.S
@@ -3,7 +3,6 @@
@@ -237,11 +227,9 @@ index 6093addc931a..8804bec2c644 100644
.data
__alpha_using_srm: # For use by bootpheader
-diff --git a/arch/alpha/lib/checksum.c b/arch/alpha/lib/checksum.c
-index b57f8007db14..377f9e34eb97 100644
--- a/arch/alpha/lib/checksum.c
+++ b/arch/alpha/lib/checksum.c
-@@ -48,7 +48,6 @@ __sum16 csum_tcpudp_magic(__be32 saddr, __be32 daddr,
+@@ -48,7 +48,6 @@ __sum16 csum_tcpudp_magic(__be32 saddr,
(__force u64)saddr + (__force u64)daddr +
(__force u64)sum + ((len + proto) << 8));
}
@@ -249,7 +237,7 @@ index b57f8007db14..377f9e34eb97 100644
__wsum csum_tcpudp_nofold(__be32 saddr, __be32 daddr,
__u32 len, __u8 proto, __wsum sum)
-@@ -145,7 +144,6 @@ __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
+@@ -145,7 +144,6 @@ __sum16 ip_fast_csum(const void *iph, un
{
return (__force __sum16)~do_csum(iph,ihl*4);
}
@@ -257,13 +245,11 @@ index b57f8007db14..377f9e34eb97 100644
/*
* computes the checksum of a memory block at buff, length len,
-@@ -180,4 +178,3 @@ __sum16 ip_compute_csum(const void *buff, int len)
+@@ -180,4 +178,3 @@ __sum16 ip_compute_csum(const void *buff
{
return (__force __sum16)~from64to16(do_csum(buff,len));
}
-EXPORT_SYMBOL(ip_compute_csum);
-diff --git a/arch/alpha/lib/clear_page.S b/arch/alpha/lib/clear_page.S
-index 263d7393c0e7..a221ae266e29 100644
--- a/arch/alpha/lib/clear_page.S
+++ b/arch/alpha/lib/clear_page.S
@@ -3,7 +3,7 @@
@@ -280,25 +266,21 @@ index 263d7393c0e7..a221ae266e29 100644
.end clear_page
- EXPORT_SYMBOL(clear_page)
-diff --git a/arch/alpha/lib/clear_user.S b/arch/alpha/lib/clear_user.S
-index bf5b931866ba..8860316c1957 100644
--- a/arch/alpha/lib/clear_user.S
+++ b/arch/alpha/lib/clear_user.S
-@@ -24,7 +24,6 @@
- * Clobbers:
- * $1,$2,$3,$4,$5,$6
+@@ -9,7 +9,6 @@
+ * a successful copy). There is also some rather minor exception setup
+ * stuff.
*/
-#include <asm/export.h>
/* Allow an exception for an insn; exit if we get one. */
#define EX(x,y...) \
-@@ -112,4 +111,3 @@ $exception:
- ret $31, ($28), 1 # .. e1 :
+@@ -98,4 +97,3 @@ $exception:
+ ret $31, ($26), 1 # .. e1 :
- .end __do_clear_user
-- EXPORT_SYMBOL(__do_clear_user)
-diff --git a/arch/alpha/lib/copy_page.S b/arch/alpha/lib/copy_page.S
-index 2ee0bd0508c5..9f3b97459cc6 100644
+ .end __clear_user
+- EXPORT_SYMBOL(__clear_user)
--- a/arch/alpha/lib/copy_page.S
+++ b/arch/alpha/lib/copy_page.S
@@ -3,7 +3,7 @@
@@ -315,12 +297,10 @@ index 2ee0bd0508c5..9f3b97459cc6 100644
.end copy_page
- EXPORT_SYMBOL(copy_page)
-diff --git a/arch/alpha/lib/copy_user.S b/arch/alpha/lib/copy_user.S
-index 509f62b65311..ac9c3766ba8c 100644
--- a/arch/alpha/lib/copy_user.S
+++ b/arch/alpha/lib/copy_user.S
-@@ -26,8 +26,6 @@
- * $1,$2,$3,$4,$5,$6,$7
+@@ -11,8 +11,6 @@
+ * exception setup stuff..
*/
-#include <asm/export.h>
@@ -328,13 +308,11 @@ index 509f62b65311..ac9c3766ba8c 100644
/* Allow an exception for an insn; exit if we get one. */
#define EXI(x,y...) \
99: x,##y; \
-@@ -131,4 +129,3 @@ $exitout:
- ret $31,($28),1
+@@ -117,4 +115,3 @@ $exitout:
+ ret $31,($26),1
.end __copy_user
-EXPORT_SYMBOL(__copy_user)
-diff --git a/arch/alpha/lib/csum_ipv6_magic.S b/arch/alpha/lib/csum_ipv6_magic.S
-index e74b4544b0cc..2c2acb96deb6 100644
--- a/arch/alpha/lib/csum_ipv6_magic.S
+++ b/arch/alpha/lib/csum_ipv6_magic.S
@@ -12,7 +12,6 @@
@@ -350,11 +328,9 @@ index e74b4544b0cc..2c2acb96deb6 100644
.end csum_ipv6_magic
- EXPORT_SYMBOL(csum_ipv6_magic)
-diff --git a/arch/alpha/lib/csum_partial_copy.c b/arch/alpha/lib/csum_partial_copy.c
-index b4ff3b683bcd..5675dca8dbb1 100644
--- a/arch/alpha/lib/csum_partial_copy.c
+++ b/arch/alpha/lib/csum_partial_copy.c
-@@ -374,7 +374,6 @@ csum_partial_copy_from_user(const void __user *src, void *dst, int len,
+@@ -368,7 +368,6 @@ csum_partial_copy_from_user(const void _
}
return (__force __wsum)checksum;
}
@@ -362,13 +338,11 @@ index b4ff3b683bcd..5675dca8dbb1 100644
__wsum
csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum)
-@@ -387,4 +386,3 @@ csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum)
+@@ -381,4 +380,3 @@ csum_partial_copy_nocheck(const void *sr
set_fs(oldfs);
return checksum;
}
-EXPORT_SYMBOL(csum_partial_copy_nocheck);
-diff --git a/arch/alpha/lib/dec_and_lock.c b/arch/alpha/lib/dec_and_lock.c
-index 4221b40167ee..f9f5fe830e9f 100644
--- a/arch/alpha/lib/dec_and_lock.c
+++ b/arch/alpha/lib/dec_and_lock.c
@@ -7,7 +7,6 @@
@@ -379,13 +353,11 @@ index 4221b40167ee..f9f5fe830e9f 100644
asm (".text \n\
.global _atomic_dec_and_lock \n\
-@@ -40,4 +39,3 @@ static int __used atomic_dec_and_lock_1(atomic_t *atomic, spinlock_t *lock)
+@@ -40,4 +39,3 @@ static int __used atomic_dec_and_lock_1(
spin_unlock(lock);
return 0;
}
-EXPORT_SYMBOL(_atomic_dec_and_lock);
-diff --git a/arch/alpha/lib/divide.S b/arch/alpha/lib/divide.S
-index 1e33bd127621..2d1a0484a99e 100644
--- a/arch/alpha/lib/divide.S
+++ b/arch/alpha/lib/divide.S
@@ -45,7 +45,6 @@
@@ -409,8 +381,6 @@ index 1e33bd127621..2d1a0484a99e 100644
ret $31,($23),1
.end sfunction
-EXPORT_SYMBOL(sfunction)
-diff --git a/arch/alpha/lib/ev6-clear_page.S b/arch/alpha/lib/ev6-clear_page.S
-index abe99e69a194..adf4f7be0e2b 100644
--- a/arch/alpha/lib/ev6-clear_page.S
+++ b/arch/alpha/lib/ev6-clear_page.S
@@ -3,7 +3,7 @@
@@ -427,11 +397,9 @@ index abe99e69a194..adf4f7be0e2b 100644
.end clear_page
- EXPORT_SYMBOL(clear_page)
-diff --git a/arch/alpha/lib/ev6-clear_user.S b/arch/alpha/lib/ev6-clear_user.S
-index 05bef6b50598..4f42a16b7f53 100644
--- a/arch/alpha/lib/ev6-clear_user.S
+++ b/arch/alpha/lib/ev6-clear_user.S
-@@ -43,7 +43,6 @@
+@@ -28,7 +28,6 @@
* want to leave a hole (and we also want to avoid repeating lots of work)
*/
@@ -439,14 +407,12 @@ index 05bef6b50598..4f42a16b7f53 100644
/* Allow an exception for an insn; exit if we get one. */
#define EX(x,y...) \
99: x,##y; \
-@@ -223,4 +222,4 @@ $exception: # Destination for exception recovery(?)
+@@ -209,4 +208,4 @@ $exception: # Destination for exceptio
nop # .. E .. .. :
- ret $31, ($28), 1 # L0 .. .. .. : L U L U
- .end __do_clear_user
-- EXPORT_SYMBOL(__do_clear_user)
+ ret $31, ($26), 1 # L0 .. .. .. : L U L U
+ .end __clear_user
+- EXPORT_SYMBOL(__clear_user)
+
-diff --git a/arch/alpha/lib/ev6-copy_page.S b/arch/alpha/lib/ev6-copy_page.S
-index 77935061bddb..b789db192754 100644
--- a/arch/alpha/lib/ev6-copy_page.S
+++ b/arch/alpha/lib/ev6-copy_page.S
@@ -56,7 +56,7 @@
@@ -463,11 +429,9 @@ index 77935061bddb..b789db192754 100644
.end copy_page
- EXPORT_SYMBOL(copy_page)
-diff --git a/arch/alpha/lib/ev6-copy_user.S b/arch/alpha/lib/ev6-copy_user.S
-index be720b518af9..c4d0689c3d26 100644
--- a/arch/alpha/lib/ev6-copy_user.S
+++ b/arch/alpha/lib/ev6-copy_user.S
-@@ -37,7 +37,6 @@
+@@ -22,7 +22,6 @@
* L - lower subcluster; L0 - subcluster L0; L1 - subcluster L1
*/
@@ -475,14 +439,12 @@ index be720b518af9..c4d0689c3d26 100644
/* Allow an exception for an insn; exit if we get one. */
#define EXI(x,y...) \
99: x,##y; \
-@@ -236,4 +235,4 @@ $exitout: # Destination for exception recovery(?)
- ret $31,($28),1 # L0 .. .. .. : L U L U
+@@ -222,4 +221,4 @@ $exitout: # Destination for exception
+ ret $31,($26),1 # L0 .. .. .. : L U L U
.end __copy_user
- EXPORT_SYMBOL(__copy_user)
+
-diff --git a/arch/alpha/lib/ev6-csum_ipv6_magic.S b/arch/alpha/lib/ev6-csum_ipv6_magic.S
-index de62627ac4fe..fc0bc399f872 100644
--- a/arch/alpha/lib/ev6-csum_ipv6_magic.S
+++ b/arch/alpha/lib/ev6-csum_ipv6_magic.S
@@ -52,7 +52,6 @@
@@ -498,8 +460,6 @@ index de62627ac4fe..fc0bc399f872 100644
.end csum_ipv6_magic
- EXPORT_SYMBOL(csum_ipv6_magic)
-diff --git a/arch/alpha/lib/ev6-divide.S b/arch/alpha/lib/ev6-divide.S
-index d18dc0e96e3d..2a82b9be93fa 100644
--- a/arch/alpha/lib/ev6-divide.S
+++ b/arch/alpha/lib/ev6-divide.S
@@ -55,7 +55,6 @@
@@ -523,8 +483,6 @@ index d18dc0e96e3d..2a82b9be93fa 100644
ret $31,($23),1 # L0 : L U U L
.end sfunction
-EXPORT_SYMBOL(sfunction)
-diff --git a/arch/alpha/lib/ev6-memchr.S b/arch/alpha/lib/ev6-memchr.S
-index 419adc53ccb4..1a5f71b9d8b1 100644
--- a/arch/alpha/lib/ev6-memchr.S
+++ b/arch/alpha/lib/ev6-memchr.S
@@ -27,7 +27,7 @@
@@ -541,8 +499,6 @@ index 419adc53ccb4..1a5f71b9d8b1 100644
.end memchr
- EXPORT_SYMBOL(memchr)
-diff --git a/arch/alpha/lib/ev6-memcpy.S b/arch/alpha/lib/ev6-memcpy.S
-index b19798b2efc0..52b37b0f2af5 100644
--- a/arch/alpha/lib/ev6-memcpy.S
+++ b/arch/alpha/lib/ev6-memcpy.S
@@ -19,7 +19,7 @@
@@ -562,8 +518,6 @@ index b19798b2efc0..52b37b0f2af5 100644
/* For backwards module compatibility. */
__memcpy = memcpy
-diff --git a/arch/alpha/lib/ev6-memset.S b/arch/alpha/lib/ev6-memset.S
-index fed21c6893e8..356bb2fdd705 100644
--- a/arch/alpha/lib/ev6-memset.S
+++ b/arch/alpha/lib/ev6-memset.S
@@ -26,7 +26,7 @@
@@ -601,8 +555,6 @@ index fed21c6893e8..356bb2fdd705 100644
__memset = ___memset
- EXPORT_SYMBOL(memset)
- EXPORT_SYMBOL(__memset)
-diff --git a/arch/alpha/lib/ev67-strcat.S b/arch/alpha/lib/ev67-strcat.S
-index b69f60419be1..c426fe3ed72f 100644
--- a/arch/alpha/lib/ev67-strcat.S
+++ b/arch/alpha/lib/ev67-strcat.S
@@ -19,7 +19,7 @@
@@ -619,8 +571,6 @@ index b69f60419be1..c426fe3ed72f 100644
.end strcat
- EXPORT_SYMBOL(strcat)
-diff --git a/arch/alpha/lib/ev67-strchr.S b/arch/alpha/lib/ev67-strchr.S
-index ea8f2f35db9c..fbb7b4ffade9 100644
--- a/arch/alpha/lib/ev67-strchr.S
+++ b/arch/alpha/lib/ev67-strchr.S
@@ -15,7 +15,7 @@
@@ -632,13 +582,11 @@ index ea8f2f35db9c..fbb7b4ffade9 100644
#include <asm/regdef.h>
.set noreorder
-@@ -86,4 +86,3 @@ $found: negq t0, t1 # E : clear all but least set bit
+@@ -86,4 +86,3 @@ $found: negq t0, t1 # E : clear all
ret # L0 :
.end strchr
- EXPORT_SYMBOL(strchr)
-diff --git a/arch/alpha/lib/ev67-strlen.S b/arch/alpha/lib/ev67-strlen.S
-index 736fd41884a8..503928072523 100644
--- a/arch/alpha/lib/ev67-strlen.S
+++ b/arch/alpha/lib/ev67-strlen.S
@@ -17,7 +17,7 @@
@@ -655,8 +603,6 @@ index 736fd41884a8..503928072523 100644
.end strlen
- EXPORT_SYMBOL(strlen)
-diff --git a/arch/alpha/lib/ev67-strncat.S b/arch/alpha/lib/ev67-strncat.S
-index cd35cbade73a..4ae716cd2bfb 100644
--- a/arch/alpha/lib/ev67-strncat.S
+++ b/arch/alpha/lib/ev67-strncat.S
@@ -20,7 +20,7 @@
@@ -673,8 +619,6 @@ index cd35cbade73a..4ae716cd2bfb 100644
.end strncat
- EXPORT_SYMBOL(strncat)
-diff --git a/arch/alpha/lib/ev67-strrchr.S b/arch/alpha/lib/ev67-strrchr.S
-index 747455f0328c..dd0d8c6b9f59 100644
--- a/arch/alpha/lib/ev67-strrchr.S
+++ b/arch/alpha/lib/ev67-strrchr.S
@@ -18,7 +18,7 @@
@@ -691,8 +635,6 @@ index 747455f0328c..dd0d8c6b9f59 100644
.end strrchr
- EXPORT_SYMBOL(strrchr)
-diff --git a/arch/alpha/lib/fpreg.c b/arch/alpha/lib/fpreg.c
-index 4aa6dbfa14ee..05017ba34c3c 100644
--- a/arch/alpha/lib/fpreg.c
+++ b/arch/alpha/lib/fpreg.c
@@ -4,9 +4,6 @@
@@ -713,7 +655,7 @@ index 4aa6dbfa14ee..05017ba34c3c 100644
#if defined(CONFIG_ALPHA_EV6) || defined(CONFIG_ALPHA_EV67)
#define LDT(reg,val) asm volatile ("itoft %0,$f"#reg : : "r"(val));
-@@ -101,7 +97,6 @@ alpha_write_fp_reg (unsigned long reg, unsigned long val)
+@@ -101,7 +97,6 @@ alpha_write_fp_reg (unsigned long reg, u
case 31: LDT(31, val); break;
}
}
@@ -729,13 +671,11 @@ index 4aa6dbfa14ee..05017ba34c3c 100644
#if defined(CONFIG_ALPHA_EV6) || defined(CONFIG_ALPHA_EV67)
#define LDS(reg,val) asm volatile ("itofs %0,$f"#reg : : "r"(val));
-@@ -197,4 +191,3 @@ alpha_write_fp_reg_s (unsigned long reg, unsigned long val)
+@@ -197,4 +191,3 @@ alpha_write_fp_reg_s (unsigned long reg,
case 31: LDS(31, val); break;
}
}
-EXPORT_SYMBOL(alpha_write_fp_reg_s);
-diff --git a/arch/alpha/lib/memchr.S b/arch/alpha/lib/memchr.S
-index c13d3eca2e05..14427eeb555e 100644
--- a/arch/alpha/lib/memchr.S
+++ b/arch/alpha/lib/memchr.S
@@ -31,7 +31,7 @@ For correctness consider that:
@@ -752,8 +692,6 @@ index c13d3eca2e05..14427eeb555e 100644
.end memchr
- EXPORT_SYMBOL(memchr)
-diff --git a/arch/alpha/lib/memcpy.c b/arch/alpha/lib/memcpy.c
-index 57d9291ad172..64083fc73238 100644
--- a/arch/alpha/lib/memcpy.c
+++ b/arch/alpha/lib/memcpy.c
@@ -16,7 +16,6 @@
@@ -764,7 +702,7 @@ index 57d9291ad172..64083fc73238 100644
/*
* This should be done in one go with ldq_u*2/mask/stq_u. Do it
-@@ -159,4 +158,6 @@ void * memcpy(void * dest, const void *src, size_t n)
+@@ -159,4 +158,6 @@ void * memcpy(void * dest, const void *s
__memcpy_unaligned_up ((unsigned long) dest, (unsigned long) src, n);
return dest;
}
@@ -772,8 +710,6 @@ index 57d9291ad172..64083fc73238 100644
+
+/* For backward modules compatibility, define __memcpy. */
+asm("__memcpy = memcpy; .globl __memcpy");
-diff --git a/arch/alpha/lib/memmove.S b/arch/alpha/lib/memmove.S
-index 6872c85cb5e5..eb3b6e02242f 100644
--- a/arch/alpha/lib/memmove.S
+++ b/arch/alpha/lib/memmove.S
@@ -6,7 +6,7 @@
@@ -790,8 +726,6 @@ index 6872c85cb5e5..eb3b6e02242f 100644
.end memmove
- EXPORT_SYMBOL(memmove)
-diff --git a/arch/alpha/lib/memset.S b/arch/alpha/lib/memset.S
-index 89a26f5e89de..76ccc6d1f364 100644
--- a/arch/alpha/lib/memset.S
+++ b/arch/alpha/lib/memset.S
@@ -13,7 +13,7 @@
@@ -822,8 +756,6 @@ index 89a26f5e89de..76ccc6d1f364 100644
__memset = ___memset
- EXPORT_SYMBOL(memset)
- EXPORT_SYMBOL(__memset)
-diff --git a/arch/alpha/lib/strcat.S b/arch/alpha/lib/strcat.S
-index 249837b03d4b..393f50384878 100644
--- a/arch/alpha/lib/strcat.S
+++ b/arch/alpha/lib/strcat.S
@@ -4,7 +4,6 @@
@@ -834,13 +766,11 @@ index 249837b03d4b..393f50384878 100644
.text
-@@ -51,4 +50,3 @@ $found: negq $2, $3 # clear all but least set bit
+@@ -51,4 +50,3 @@ $found: negq $2, $3 # clear all but
br __stxcpy
.end strcat
-EXPORT_SYMBOL(strcat);
-diff --git a/arch/alpha/lib/strchr.S b/arch/alpha/lib/strchr.S
-index 7412a173ea39..011a175e8329 100644
--- a/arch/alpha/lib/strchr.S
+++ b/arch/alpha/lib/strchr.S
@@ -5,7 +5,7 @@
@@ -857,8 +787,6 @@ index 7412a173ea39..011a175e8329 100644
.end strchr
- EXPORT_SYMBOL(strchr)
-diff --git a/arch/alpha/lib/strcpy.S b/arch/alpha/lib/strcpy.S
-index 98deae1e4d08..e0728e4ad21f 100644
--- a/arch/alpha/lib/strcpy.S
+++ b/arch/alpha/lib/strcpy.S
@@ -5,7 +5,7 @@
@@ -875,8 +803,6 @@ index 98deae1e4d08..e0728e4ad21f 100644
.end strcpy
- EXPORT_SYMBOL(strcpy)
-diff --git a/arch/alpha/lib/strlen.S b/arch/alpha/lib/strlen.S
-index 79c416f71bac..fe63353de152 100644
--- a/arch/alpha/lib/strlen.S
+++ b/arch/alpha/lib/strlen.S
@@ -11,7 +11,7 @@
@@ -893,8 +819,6 @@ index 79c416f71bac..fe63353de152 100644
.end strlen
- EXPORT_SYMBOL(strlen)
-diff --git a/arch/alpha/lib/strncat.S b/arch/alpha/lib/strncat.S
-index 6c29ea60869a..a8278163c972 100644
--- a/arch/alpha/lib/strncat.S
+++ b/arch/alpha/lib/strncat.S
@@ -9,7 +9,7 @@
@@ -911,8 +835,6 @@ index 6c29ea60869a..a8278163c972 100644
.end strncat
- EXPORT_SYMBOL(strncat)
-diff --git a/arch/alpha/lib/strncpy.S b/arch/alpha/lib/strncpy.S
-index e102cf1567dd..a46f7f3ad8c7 100644
--- a/arch/alpha/lib/strncpy.S
+++ b/arch/alpha/lib/strncpy.S
@@ -10,7 +10,7 @@
@@ -929,8 +851,6 @@ index e102cf1567dd..a46f7f3ad8c7 100644
.end strncpy
- EXPORT_SYMBOL(strncpy)
-diff --git a/arch/alpha/lib/strrchr.S b/arch/alpha/lib/strrchr.S
-index 4bc6cb4b9812..1970dc07cfd1 100644
--- a/arch/alpha/lib/strrchr.S
+++ b/arch/alpha/lib/strrchr.S
@@ -5,7 +5,7 @@
diff --git a/debian/patches/bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch b/debian/patches/bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
deleted file mode 100644
index 13dd281..0000000
--- a/debian/patches/bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Fri, 2 Dec 2016 01:26:54 +0000
-Subject: powerpc: Fix missing CRCs, add yet more asm-prototypes.h declarations
-Forwarded: https://lkml.kernel.org/r/20161202023837.GK2697@decadent.org.uk
-
-Add declarations for:
-- __mfdcr, __mtdcr (if CONFIG_PPC_DCR_NATIVE=y; through <asm/dcr.h>)
-- switch_mmu_context (if CONFIG_PPC_BOOK3S_64=n; through <asm/mmu_context.h>)
-- _mcount (if CONFIG_FUNCTION_TRACER=y; though <asm/ftrace.h>)
-
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
----
- arch/powerpc/include/asm/asm-prototypes.h | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/arch/powerpc/include/asm/asm-prototypes.h
-+++ b/arch/powerpc/include/asm/asm-prototypes.h
-@@ -17,6 +17,9 @@
- #include <asm/checksum.h>
- #include <linux/uaccess.h>
- #include <asm/epapr_hcalls.h>
-+#include <asm/dcr.h>
-+#include <asm/mmu_context.h>
-+#include <asm/ftrace.h>
-
- #include <uapi/asm/ucontext.h>
-
diff --git a/debian/patches/bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch b/debian/patches/bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
deleted file mode 100644
index 7b23343..0000000
--- a/debian/patches/bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Fri, 2 Dec 2016 02:27:50 +0000
-Subject: powerpc: Remove Mac-on-Linux hooks
-Forwarded: https://lkml.kernel.org/r/20161202023552.GJ2697@decadent.org.uk
-
-The symbols exported for use by MOL aren't getting CRCs and I was
-about to fix that. But MOL is dead upstream, and the latest work on
-it was to make it use KVM instead of its own kernel module. So remove
-them instead.
-
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
----
- arch/powerpc/kernel/head_32.S | 7 +------
- arch/powerpc/mm/hash_low_32.S | 1 -
- 2 files changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/arch/powerpc/kernel/head_32.S b/arch/powerpc/kernel/head_32.S
-index 9d963547d243..87998430cd9b 100644
---- a/arch/powerpc/kernel/head_32.S
-+++ b/arch/powerpc/kernel/head_32.S
-@@ -735,11 +735,7 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_NEED_DTLB_SW_LRU)
- EXCEPTION(0x2c00, Trap_2c, unknown_exception, EXC_XFER_EE)
- EXCEPTION(0x2d00, Trap_2d, unknown_exception, EXC_XFER_EE)
- EXCEPTION(0x2e00, Trap_2e, unknown_exception, EXC_XFER_EE)
-- EXCEPTION(0x2f00, MOLTrampoline, unknown_exception, EXC_XFER_EE_LITE)
--
-- .globl mol_trampoline
-- .set mol_trampoline, i0x2f00
-- EXPORT_SYMBOL(mol_trampoline)
-+ EXCEPTION(0x2f00, Trap_2f, unknown_exception, EXC_XFER_EE)
-
- . = 0x3000
-
-@@ -1289,7 +1285,6 @@ intercept_table:
- .long 0, 0, 0, 0, 0, 0, 0, 0
- .long 0, 0, 0, 0, 0, 0, 0, 0
- .long 0, 0, 0, 0, 0, 0, 0, 0
--EXPORT_SYMBOL(intercept_table)
-
- /* Room for two PTE pointers, usually the kernel and current user pointers
- * to their respective root page table.
-diff --git a/arch/powerpc/mm/hash_low_32.S b/arch/powerpc/mm/hash_low_32.S
-index 09cc50c8dace..cddf14f60bf3 100644
---- a/arch/powerpc/mm/hash_low_32.S
-+++ b/arch/powerpc/mm/hash_low_32.S
-@@ -34,7 +34,6 @@
- .globl mmu_hash_lock
- mmu_hash_lock:
- .space 4
--EXPORT_SYMBOL(mmu_hash_lock)
- #endif /* CONFIG_SMP */
-
- /*
diff --git a/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch b/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch
index 5879c02..7904f58 100644
--- a/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch
+++ b/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch
@@ -129,11 +129,6 @@ did what it says; add a prototype and export it from C code instead.
.global root_flags
.global ram_flags
-@@ -815,4 +813,3 @@ lvl14_save:
- __ret_efault:
- ret
- restore %g0, -EFAULT, %o0
--EXPORT_SYMBOL(__ret_efault)
--- a/arch/sparc/kernel/head_64.S
+++ b/arch/sparc/kernel/head_64.S
@@ -32,8 +32,7 @@
@@ -244,7 +239,7 @@ did what it says; add a prototype and export it from C code instead.
-EXPORT_SYMBOL(saved_command_line);
--- /dev/null
+++ b/arch/sparc/kernel/sparc_ksyms_32.c
-@@ -0,0 +1,31 @@
+@@ -0,0 +1,30 @@
+/*
+ * arch/sparc/kernel/ksyms.c: Sparc specific ksyms support.
+ *
@@ -271,7 +266,6 @@ did what it says; add a prototype and export it from C code instead.
+EXPORT_SYMBOL(__ndelay);
+
+/* from head_32.S */
-+EXPORT_SYMBOL(__ret_efault);
+EXPORT_SYMBOL(empty_zero_page);
+
+/* Exporting a symbol from /init/main.c */
@@ -656,11 +650,6 @@ did what it says; add a prototype and export it from C code instead.
#define XCC xcc
-@@ -106,4 +105,3 @@ ENTRY(___copy_in_user) /* %o0=dst, %o1=s
- retl
- clr %o0
- ENDPROC(___copy_in_user)
--EXPORT_SYMBOL(___copy_in_user)
--- a/arch/sparc/lib/copy_page.S
+++ b/arch/sparc/lib/copy_page.S
@@ -10,7 +10,6 @@
@@ -803,7 +792,7 @@ did what it says; add a prototype and export it from C code instead.
-EXPORT_SYMBOL(ip_fast_csum)
--- /dev/null
+++ b/arch/sparc/lib/ksyms.c
-@@ -0,0 +1,173 @@
+@@ -0,0 +1,170 @@
+/*
+ * Export of symbols defined in assembler
+ */
@@ -898,9 +887,6 @@ did what it says; add a prototype and export it from C code instead.
+EXPORT_SYMBOL(ip_fast_csum);
+
+/* Moving data to/from/in userspace. */
-+EXPORT_SYMBOL(___copy_to_user);
-+EXPORT_SYMBOL(___copy_from_user);
-+EXPORT_SYMBOL(___copy_in_user);
+EXPORT_SYMBOL(__clear_user);
+
+/* Atomic counter implementation. */
diff --git a/debian/patches/bugfix/x86/pinctrl-cherryview-extend-the-chromebook-dmi-quirk-t.patch b/debian/patches/bugfix/x86/pinctrl-cherryview-extend-the-chromebook-dmi-quirk-t.patch
deleted file mode 100644
index 8a94dcd..0000000
--- a/debian/patches/bugfix/x86/pinctrl-cherryview-extend-the-chromebook-dmi-quirk-t.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From: Mika Westerberg <mika.westerberg at linux.intel.com>
-Date: Wed, 17 May 2017 13:25:14 +0300
-Subject: pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago
- systems
-Origin: https://git.kernel.org/linus/2a8209fa68236ad65363dba03db5dbced520268a
-Bug-Debian: https://bugs.debian.org/862723
-
-It turns out there are quite many Chromebooks out there that have the
-same keyboard issue than Acer Chromebook. All of them are based on
-Intel_Strago reference and report their DMI_PRODUCT_FAMILY as
-"Intel_Strago" (Samsung Chromebook 3 and Cyan Chromebooks are exceptions
-for which we add separate entries).
-
-Instead of adding each machine to the quirk table, we use
-DMI_PRODUCT_FAMILY of "Intel_Strago" that hopefully covers most of the
-machines out there currently.
-
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=194945
-Suggested: Dmitry Torokhov <dmitry.torokhov at gmail.com>
-Signed-off-by: Mika Westerberg <mika.westerberg at linux.intel.com>
-Reviewed-by: Andy Shevchenko <andy.shevchenko at gmail.com>
-Signed-off-by: Linus Walleij <linus.walleij at linaro.org>
----
- drivers/pinctrl/intel/pinctrl-cherryview.c | 21 +++++++++++++++++----
- 1 file changed, 17 insertions(+), 4 deletions(-)
-
---- a/drivers/pinctrl/intel/pinctrl-cherryview.c
-+++ b/drivers/pinctrl/intel/pinctrl-cherryview.c
-@@ -1534,13 +1534,26 @@ static void chv_gpio_irq_handler(struct
- * is not listed below.
- */
- static const struct dmi_system_id chv_no_valid_mask[] = {
-+ /* See https://bugzilla.kernel.org/show_bug.cgi?id=194945 */
- {
-- /* See https://bugzilla.kernel.org/show_bug.cgi?id=194945 */
-- .ident = "Acer Chromebook (CYAN)",
-+ .ident = "Intel_Strago based Chromebooks (All models)",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"),
-- DMI_MATCH(DMI_PRODUCT_NAME, "Edgar"),
-- DMI_MATCH(DMI_BIOS_DATE, "05/21/2016"),
-+ DMI_MATCH(DMI_PRODUCT_FAMILY, "Intel_Strago"),
-+ },
-+ },
-+ {
-+ .ident = "Acer Chromebook R11 (Cyan)",
-+ .matches = {
-+ DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"),
-+ DMI_MATCH(DMI_PRODUCT_NAME, "Cyan"),
-+ },
-+ },
-+ {
-+ .ident = "Samsung Chromebook 3 (Celes)",
-+ .matches = {
-+ DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"),
-+ DMI_MATCH(DMI_PRODUCT_NAME, "Celes"),
- },
- },
- {}
diff --git a/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch b/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch
index 84f15c1..fc3de36 100644
--- a/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch
+++ b/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch
@@ -19,19 +19,14 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
net/decnet/af_decnet.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
-diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
-index 7a58c87..ed9e2b0 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
-@@ -2358,7 +2358,7 @@ void dn_unregister_sysctl(void);
+@@ -2359,7 +2359,7 @@ static const struct proto_ops dn_proto_o
MODULE_DESCRIPTION("The Linux DECnet Network Protocol");
MODULE_AUTHOR("Linux DECnet Project Team");
MODULE_LICENSE("GPL");
-MODULE_ALIAS_NETPROTO(PF_DECnet);
+/* MODULE_ALIAS_NETPROTO(PF_DECnet); */
- static char banner[] __initdata = KERN_INFO "NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n";
-
---
-1.7.2.3
-
+ static const char banner[] __initconst = KERN_INFO
+ "NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n";
diff --git a/debian/patches/debian/mips-disable-werror.patch b/debian/patches/debian/mips-disable-werror.patch
index 9e895bf..c56c633 100644
--- a/debian/patches/debian/mips-disable-werror.patch
+++ b/debian/patches/debian/mips-disable-werror.patch
@@ -3,26 +3,21 @@ Date: Mon, 13 Sep 2010 02:16:18 +0100
Subject: [PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"
Forwarded: not-needed
-This reverts commit 66f9ba101f54bda63ab1db97f9e9e94763d0651b.
+This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and
+5373633cc9253ba82547473e899cab141c54133e.
We really don't want to add -Werror anywhere.
---
- arch/mips/Kbuild | 5 -----
- 1 files changed, 0 insertions(+), 5 deletions(-)
-
-diff --git a/arch/mips/Kbuild b/arch/mips/Kbuild
-index e322d65..2e6b28f 100644
--- a/arch/mips/Kbuild
+++ b/arch/mips/Kbuild
-@@ -1,8 +1,3 @@
+@@ -1,10 +1,3 @@
-# Fail on warnings - also for files referenced in subdirs
-# -Werror can be disabled for specific files using:
-# CFLAGS_<file.o> := -Wno-error
+-ifeq ($(W),)
-subdir-ccflags-y := -Werror
+-endif
-
# platform specific definitions
include arch/mips/Kbuild.platforms
obj-y := $(platform-y)
---
-1.7.1
-
diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch
index 52444d3..056ce2d 100644
--- a/debian/patches/features/all/aufs4/aufs4-standalone.patch
+++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch
@@ -8,11 +8,9 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
aufs4.11.7+ standalone patch
-diff --git a/fs/dcache.c b/fs/dcache.c
-index 8ca5f09..b1ff5be 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -1272,6 +1272,7 @@ void d_walk(struct dentry *parent, void *data,
+@@ -1272,6 +1272,7 @@ rename_retry:
seq = 1;
goto again;
}
@@ -20,7 +18,7 @@ index 8ca5f09..b1ff5be 100644
struct check_mount {
struct vfsmount *mnt;
-@@ -2864,6 +2865,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2)
+@@ -2862,6 +2863,7 @@ void d_exchange(struct dentry *dentry1,
write_sequnlock(&rename_lock);
}
@@ -28,11 +26,9 @@ index 8ca5f09..b1ff5be 100644
/**
* d_ancestor - search for an ancestor
-diff --git a/fs/exec.c b/fs/exec.c
-index 65145a3..8d35776 100644
--- a/fs/exec.c
+++ b/fs/exec.c
-@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path)
+@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path
return (path->mnt->mnt_flags & MNT_NOEXEC) ||
(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC);
}
@@ -40,11 +36,9 @@ index 65145a3..8d35776 100644
#ifdef CONFIG_USELIB
/*
-diff --git a/fs/fcntl.c b/fs/fcntl.c
-index f5f4f94..c671660 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
-@@ -83,6 +83,7 @@ int setfl(int fd, struct file * filp, unsigned long arg)
+@@ -84,6 +84,7 @@ int setfl(int fd, struct file * filp, un
out:
return error;
}
@@ -52,11 +46,9 @@ index f5f4f94..c671660 100644
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
int force)
-diff --git a/fs/file_table.c b/fs/file_table.c
-index 954d510..4fb5b10 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
-@@ -148,6 +148,7 @@ struct file *get_empty_filp(void)
+@@ -148,6 +148,7 @@ over:
}
return ERR_PTR(-ENFILE);
}
@@ -88,11 +80,9 @@ index 954d510..4fb5b10 100644
void __init files_init(void)
{
-diff --git a/fs/inode.c b/fs/inode.c
-index 9a9ba3a..a3a18d8 100644
--- a/fs/inode.c
+++ b/fs/inode.c
-@@ -1651,6 +1651,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags)
+@@ -1649,6 +1649,7 @@ int update_time(struct inode *inode, str
return update_time(inode, time, flags);
}
@@ -100,11 +90,9 @@ index 9a9ba3a..a3a18d8 100644
/**
* touch_atime - update the access time
-diff --git a/fs/namespace.c b/fs/namespace.c
-index cc1375ef..9b4c67c 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -465,6 +465,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
+@@ -462,6 +462,7 @@ void __mnt_drop_write(struct vfsmount *m
mnt_dec_writers(real_mount(mnt));
preempt_enable();
}
@@ -112,7 +100,7 @@ index cc1375ef..9b4c67c 100644
/**
* mnt_drop_write - give up write access to a mount
-@@ -1884,6 +1885,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
+@@ -1881,6 +1882,7 @@ int iterate_mounts(int (*f)(struct vfsmo
}
return 0;
}
@@ -120,8 +108,6 @@ index cc1375ef..9b4c67c 100644
static void cleanup_group_ids(struct mount *mnt, struct mount *end)
{
-diff --git a/fs/notify/group.c b/fs/notify/group.c
-index fbe3cbe..bdfc61e 100644
--- a/fs/notify/group.c
+++ b/fs/notify/group.c
@@ -22,6 +22,7 @@
@@ -132,7 +118,7 @@ index fbe3cbe..bdfc61e 100644
#include <linux/fsnotify_backend.h>
#include "fsnotify.h"
-@@ -100,6 +101,7 @@ void fsnotify_get_group(struct fsnotify_group *group)
+@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_
{
atomic_inc(&group->refcnt);
}
@@ -140,7 +126,7 @@ index fbe3cbe..bdfc61e 100644
/*
* Drop a reference to a group. Free it if it's through.
-@@ -109,6 +111,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
+@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_
if (atomic_dec_and_test(&group->refcnt))
fsnotify_final_destroy_group(group);
}
@@ -148,7 +134,7 @@ index fbe3cbe..bdfc61e 100644
/*
* Create a new fsnotify_group and hold a reference for the group returned.
-@@ -137,6 +140,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
+@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_gr
return group;
}
@@ -156,47 +142,43 @@ index fbe3cbe..bdfc61e 100644
int fsnotify_fasync(int fd, struct file *file, int on)
{
-diff --git a/fs/notify/mark.c b/fs/notify/mark.c
-index 6043306..fdb50e4 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
-@@ -113,6 +113,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark)
- mark->free_mark(mark);
- }
+@@ -255,6 +255,7 @@ void fsnotify_put_mark(struct fsnotify_m
+ queue_delayed_work(system_unbound_wq, &reaper_work,
+ FSNOTIFY_REAPER_DELAY);
}
+EXPORT_SYMBOL_GPL(fsnotify_put_mark);
- /* Calculate mask of events for a list of marks */
- u32 fsnotify_recalc_mask(struct hlist_head *head)
-@@ -230,6 +231,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark,
+ bool fsnotify_prepare_user_wait(struct fsnotify_iter_info *iter_info)
+ {
+@@ -395,6 +396,7 @@ void fsnotify_destroy_mark(struct fsnoti
mutex_unlock(&group->mark_mutex);
fsnotify_free_mark(mark);
}
+EXPORT_SYMBOL_GPL(fsnotify_destroy_mark);
- void fsnotify_destroy_marks(struct hlist_head *head, spinlock_t *lock)
- {
-@@ -415,6 +417,7 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark,
-
+ /*
+ * Sorting function for lists of fsnotify marks.
+@@ -619,6 +621,7 @@ int fsnotify_add_mark(struct fsnotify_ma
+ mutex_unlock(&group->mark_mutex);
return ret;
}
+EXPORT_SYMBOL_GPL(fsnotify_add_mark);
- int fsnotify_add_mark(struct fsnotify_mark *mark, struct fsnotify_group *group,
- struct inode *inode, struct vfsmount *mnt, int allow_dups)
-@@ -521,6 +524,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
- atomic_set(&mark->refcnt, 1);
- mark->free_mark = free_mark;
+ /*
+ * Given a list of marks, find the mark associated with given group. If found
+@@ -742,6 +745,7 @@ void fsnotify_init_mark(struct fsnotify_
+ fsnotify_get_group(group);
+ mark->group = group;
}
+EXPORT_SYMBOL_GPL(fsnotify_init_mark);
/*
* Destroy all marks in destroy_list, waits for SRCU period to finish before
-diff --git a/fs/open.c b/fs/open.c
-index 949cef2..9a892fb8 100644
--- a/fs/open.c
+++ b/fs/open.c
-@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
+@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l
inode_unlock(dentry->d_inode);
return ret;
}
@@ -204,7 +186,7 @@ index 949cef2..9a892fb8 100644
long vfs_truncate(const struct path *path, loff_t length)
{
-@@ -693,6 +694,7 @@ int open_check_o_direct(struct file *f)
+@@ -691,6 +692,7 @@ int open_check_o_direct(struct file *f)
}
return 0;
}
@@ -212,8 +194,6 @@ index 949cef2..9a892fb8 100644
static int do_dentry_open(struct file *f,
struct inode *inode,
-diff --git a/fs/read_write.c b/fs/read_write.c
-index eba4e7e..ec9e88a 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -523,6 +523,7 @@ vfs_readf_t vfs_readf(struct file *file)
@@ -224,7 +204,7 @@ index eba4e7e..ec9e88a 100644
vfs_writef_t vfs_writef(struct file *file)
{
-@@ -534,6 +535,7 @@ vfs_writef_t vfs_writef(struct file *file)
+@@ -534,6 +535,7 @@ vfs_writef_t vfs_writef(struct file *fil
return new_sync_write;
return ERR_PTR(-ENOSYS);
}
@@ -232,11 +212,9 @@ index eba4e7e..ec9e88a 100644
ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos)
{
-diff --git a/fs/splice.c b/fs/splice.c
-index 46c87af..0efa652 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -872,6 +872,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+@@ -866,6 +866,7 @@ long do_splice_from(struct pipe_inode_in
return splice_write(pipe, out, ppos, len, flags);
}
@@ -244,7 +222,7 @@ index 46c87af..0efa652 100644
/*
* Attempt to initiate a splice from a file to a pipe.
-@@ -901,6 +902,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
+@@ -895,6 +896,7 @@ long do_splice_to(struct file *in, loff_
return splice_read(in, ppos, pipe, len, flags);
}
@@ -252,11 +230,9 @@ index 46c87af..0efa652 100644
/**
* splice_direct_to_actor - splices data directly between two non-pipes
-diff --git a/fs/sync.c b/fs/sync.c
-index abf6a5d..c86fe9c 100644
--- a/fs/sync.c
+++ b/fs/sync.c
-@@ -38,6 +38,7 @@ int __sync_filesystem(struct super_block *sb, int wait)
+@@ -38,6 +38,7 @@ int __sync_filesystem(struct super_block
sb->s_op->sync_fs(sb, wait);
return __sync_blockdev(sb->s_bdev, wait);
}
@@ -264,11 +240,9 @@ index abf6a5d..c86fe9c 100644
/*
* Write out and wait upon all dirty data associated with this
-diff --git a/fs/xattr.c b/fs/xattr.c
-index 94f49a0..243f57e 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
-@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
+@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry
*xattr_value = value;
return error;
}
@@ -276,8 +250,6 @@ index 94f49a0..243f57e 100644
ssize_t
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
-diff --git a/kernel/task_work.c b/kernel/task_work.c
-index d513051..e056d54 100644
--- a/kernel/task_work.c
+++ b/kernel/task_work.c
@@ -119,3 +119,4 @@ void task_work_run(void)
@@ -285,8 +257,6 @@ index d513051..e056d54 100644
}
}
+EXPORT_SYMBOL_GPL(task_work_run);
-diff --git a/security/commoncap.c b/security/commoncap.c
-index 78b3783..c8b3e88 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1062,12 +1062,14 @@ int cap_mmap_addr(unsigned long addr)
@@ -304,8 +274,6 @@ index 78b3783..c8b3e88 100644
#ifdef CONFIG_SECURITY
-diff --git a/security/device_cgroup.c b/security/device_cgroup.c
-index 03c1652..f88c84b 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -7,6 +7,7 @@
@@ -316,7 +284,7 @@ index 03c1652..f88c84b 100644
#include <linux/list.h>
#include <linux/uaccess.h>
#include <linux/seq_file.h>
-@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
+@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
access);
}
@@ -324,11 +292,9 @@ index 03c1652..f88c84b 100644
int devcgroup_inode_mknod(int mode, dev_t dev)
{
-diff --git a/security/security.c b/security/security.c
-index d0e07f2..5e323b0 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -481,6 +481,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry)
+@@ -492,6 +492,7 @@ int security_path_rmdir(const struct pat
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
@@ -336,7 +302,7 @@ index d0e07f2..5e323b0 100644
int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
-@@ -497,6 +498,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
+@@ -508,6 +509,7 @@ int security_path_symlink(const struct p
return 0;
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
@@ -344,7 +310,7 @@ index d0e07f2..5e323b0 100644
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
-@@ -505,6 +507,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
+@@ -516,6 +518,7 @@ int security_path_link(struct dentry *ol
return 0;
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
@@ -352,7 +318,7 @@ index d0e07f2..5e323b0 100644
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry,
-@@ -532,6 +535,7 @@ int security_path_truncate(const struct path *path)
+@@ -543,6 +546,7 @@ int security_path_truncate(const struct
return 0;
return call_int_hook(path_truncate, 0, path);
}
@@ -360,7 +326,7 @@ index d0e07f2..5e323b0 100644
int security_path_chmod(const struct path *path, umode_t mode)
{
-@@ -539,6 +543,7 @@ int security_path_chmod(const struct path *path, umode_t mode)
+@@ -550,6 +554,7 @@ int security_path_chmod(const struct pat
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
@@ -368,7 +334,7 @@ index d0e07f2..5e323b0 100644
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
-@@ -546,6 +551,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
+@@ -557,6 +562,7 @@ int security_path_chown(const struct pat
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
@@ -376,7 +342,7 @@ index d0e07f2..5e323b0 100644
int security_path_chroot(const struct path *path)
{
-@@ -631,6 +637,7 @@ int security_inode_readlink(struct dentry *dentry)
+@@ -642,6 +648,7 @@ int security_inode_readlink(struct dentr
return 0;
return call_int_hook(inode_readlink, 0, dentry);
}
@@ -384,7 +350,7 @@ index d0e07f2..5e323b0 100644
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
-@@ -646,6 +653,7 @@ int security_inode_permission(struct inode *inode, int mask)
+@@ -657,6 +664,7 @@ int security_inode_permission(struct ino
return 0;
return call_int_hook(inode_permission, 0, inode, mask);
}
@@ -392,7 +358,7 @@ index d0e07f2..5e323b0 100644
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
-@@ -817,6 +825,7 @@ int security_file_permission(struct file *file, int mask)
+@@ -828,6 +836,7 @@ int security_file_permission(struct file
return fsnotify_perm(file, mask);
}
@@ -400,7 +366,7 @@ index d0e07f2..5e323b0 100644
int security_file_alloc(struct file *file)
{
-@@ -876,6 +885,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
+@@ -887,6 +896,7 @@ int security_mmap_file(struct file *file
return ret;
return ima_file_mmap(file, prot);
}
diff --git a/debian/patches/features/all/firmware-dmi-add-dmi_product_family-identification-s.patch b/debian/patches/features/all/firmware-dmi-add-dmi_product_family-identification-s.patch
deleted file mode 100644
index b0d9d97..0000000
--- a/debian/patches/features/all/firmware-dmi-add-dmi_product_family-identification-s.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Mika Westerberg <mika.westerberg at linux.intel.com>
-Date: Wed, 17 May 2017 13:25:12 +0300
-Subject: firmware: dmi: Add DMI_PRODUCT_FAMILY identification string
-Origin: https://git.kernel.org/linus/c61872c9833d17d3807fb999096917c1f9eaada0
-
-Sometimes it is more convenient to be able to match a whole family of
-products, like in case of bunch of Chromebooks based on Intel_Strago to
-apply a driver quirk instead of quirking each machine one-by-one.
-
-This adds support for DMI_PRODUCT_FAMILY identification string and also
-exports it to the userspace through sysfs attribute just like the
-existing ones.
-
-Suggested-by: Dmitry Torokhov <dmitry.torokhov at gmail.com>
-Signed-off-by: Mika Westerberg <mika.westerberg at linux.intel.com>
-Reviewed-by: Andy Shevchenko <andy.shevchenko at gmail.com>
-Signed-off-by: Linus Walleij <linus.walleij at linaro.org>
----
- drivers/firmware/dmi-id.c | 2 ++
- drivers/firmware/dmi_scan.c | 1 +
- include/linux/mod_devicetable.h | 1 +
- 3 files changed, 4 insertions(+)
-
---- a/drivers/firmware/dmi-id.c
-+++ b/drivers/firmware/dmi-id.c
-@@ -47,6 +47,7 @@ DEFINE_DMI_ATTR_WITH_SHOW(product_name,
- DEFINE_DMI_ATTR_WITH_SHOW(product_version, 0444, DMI_PRODUCT_VERSION);
- DEFINE_DMI_ATTR_WITH_SHOW(product_serial, 0400, DMI_PRODUCT_SERIAL);
- DEFINE_DMI_ATTR_WITH_SHOW(product_uuid, 0400, DMI_PRODUCT_UUID);
-+DEFINE_DMI_ATTR_WITH_SHOW(product_family, 0400, DMI_PRODUCT_FAMILY);
- DEFINE_DMI_ATTR_WITH_SHOW(board_vendor, 0444, DMI_BOARD_VENDOR);
- DEFINE_DMI_ATTR_WITH_SHOW(board_name, 0444, DMI_BOARD_NAME);
- DEFINE_DMI_ATTR_WITH_SHOW(board_version, 0444, DMI_BOARD_VERSION);
-@@ -191,6 +192,7 @@ static void __init dmi_id_init_attr_tabl
- ADD_DMI_ATTR(product_version, DMI_PRODUCT_VERSION);
- ADD_DMI_ATTR(product_serial, DMI_PRODUCT_SERIAL);
- ADD_DMI_ATTR(product_uuid, DMI_PRODUCT_UUID);
-+ ADD_DMI_ATTR(product_family, DMI_PRODUCT_FAMILY);
- ADD_DMI_ATTR(board_vendor, DMI_BOARD_VENDOR);
- ADD_DMI_ATTR(board_name, DMI_BOARD_NAME);
- ADD_DMI_ATTR(board_version, DMI_BOARD_VERSION);
---- a/drivers/firmware/dmi_scan.c
-+++ b/drivers/firmware/dmi_scan.c
-@@ -430,6 +430,7 @@ static void __init dmi_decode(const stru
- dmi_save_ident(dm, DMI_PRODUCT_VERSION, 6);
- dmi_save_ident(dm, DMI_PRODUCT_SERIAL, 7);
- dmi_save_uuid(dm, DMI_PRODUCT_UUID, 8);
-+ dmi_save_ident(dm, DMI_PRODUCT_FAMILY, 26);
- break;
- case 2: /* Base Board Information */
- dmi_save_ident(dm, DMI_BOARD_VENDOR, 4);
---- a/include/linux/mod_devicetable.h
-+++ b/include/linux/mod_devicetable.h
-@@ -457,6 +457,7 @@ enum dmi_field {
- DMI_PRODUCT_VERSION,
- DMI_PRODUCT_SERIAL,
- DMI_PRODUCT_UUID,
-+ DMI_PRODUCT_FAMILY,
- DMI_BOARD_VENDOR,
- DMI_BOARD_NAME,
- DMI_BOARD_VERSION,
diff --git a/debian/patches/features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch b/debian/patches/features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch
deleted file mode 100644
index 3f2d4dd..0000000
--- a/debian/patches/features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:21 +0100
-Subject: [01/62] Annotate module params that specify hardware parameters (eg.
- ioport)
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=bf616d21f41174389c6d720ae21bf40f154474c8
-
-Provided an annotation for module parameters that specify hardware
-parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
-dma buffers and other types).
-
-This will enable such parameters to be locked down in the core parameter
-parser for secure boot support.
-
-I've also included annotations as to what sort of hardware configuration
-each module is dealing with for future use. Some of these are
-straightforward (ioport, iomem, irq, dma), but there are also:
-
- (1) drivers that switch the semantics of a parameter between ioport and
- iomem depending on a second parameter,
-
- (2) drivers that appear to reserve a CPU memory buffer at a fixed address,
-
- (3) other parameters, such as bus types and irq selection bitmasks.
-
-For the moment, the hardware configuration type isn't actually stored,
-though its validity is checked.
-
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- include/linux/moduleparam.h | 65 ++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 64 insertions(+), 1 deletion(-)
-
-diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
-index 52666d90ca94..6be1949ebcdf 100644
---- a/include/linux/moduleparam.h
-+++ b/include/linux/moduleparam.h
-@@ -60,9 +60,11 @@ struct kernel_param_ops {
- * Flags available for kernel_param
- *
- * UNSAFE - the parameter is dangerous and setting it will taint the kernel
-+ * HWPARAM - Hardware param not permitted in lockdown mode
- */
- enum {
-- KERNEL_PARAM_FL_UNSAFE = (1 << 0)
-+ KERNEL_PARAM_FL_UNSAFE = (1 << 0),
-+ KERNEL_PARAM_FL_HWPARAM = (1 << 1),
- };
-
- struct kernel_param {
-@@ -451,6 +453,67 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
- perm, -1, 0); \
- __MODULE_PARM_TYPE(name, "array of " #type)
-
-+enum hwparam_type {
-+ hwparam_ioport, /* Module parameter configures an I/O port */
-+ hwparam_iomem, /* Module parameter configures an I/O mem address */
-+ hwparam_ioport_or_iomem, /* Module parameter could be either, depending on other option */
-+ hwparam_irq, /* Module parameter configures an I/O port */
-+ hwparam_dma, /* Module parameter configures a DMA channel */
-+ hwparam_dma_addr, /* Module parameter configures a DMA buffer address */
-+ hwparam_other, /* Module parameter configures some other value */
-+};
-+
-+/**
-+ * module_param_hw_named - A parameter representing a hw parameters
-+ * @name: a valid C identifier which is the parameter name.
-+ * @value: the actual lvalue to alter.
-+ * @type: the type of the parameter
-+ * @hwtype: what the value represents (enum hwparam_type)
-+ * @perm: visibility in sysfs.
-+ *
-+ * Usually it's a good idea to have variable names and user-exposed names the
-+ * same, but that's harder if the variable must be non-static or is inside a
-+ * structure. This allows exposure under a different name.
-+ */
-+#define module_param_hw_named(name, value, type, hwtype, perm) \
-+ param_check_##type(name, &(value)); \
-+ __module_param_call(MODULE_PARAM_PREFIX, name, \
-+ ¶m_ops_##type, &value, \
-+ perm, -1, \
-+ KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \
-+ __MODULE_PARM_TYPE(name, #type)
-+
-+#define module_param_hw(name, type, hwtype, perm) \
-+ module_param_hw_named(name, name, type, hwtype, perm)
-+
-+/**
-+ * module_param_hw_array - A parameter representing an array of hw parameters
-+ * @name: the name of the array variable
-+ * @type: the type, as per module_param()
-+ * @hwtype: what the value represents (enum hwparam_type)
-+ * @nump: optional pointer filled in with the number written
-+ * @perm: visibility in sysfs
-+ *
-+ * Input and output are as comma-separated values. Commas inside values
-+ * don't work properly (eg. an array of charp).
-+ *
-+ * ARRAY_SIZE(@name) is used to determine the number of elements in the
-+ * array, so the definition must be visible.
-+ */
-+#define module_param_hw_array(name, type, hwtype, nump, perm) \
-+ param_check_##type(name, &(name)[0]); \
-+ static const struct kparam_array __param_arr_##name \
-+ = { .max = ARRAY_SIZE(name), .num = nump, \
-+ .ops = ¶m_ops_##type, \
-+ .elemsize = sizeof(name[0]), .elem = name }; \
-+ __module_param_call(MODULE_PARAM_PREFIX, name, \
-+ ¶m_array_ops, \
-+ .arr = &__param_arr_##name, \
-+ perm, -1, \
-+ KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \
-+ __MODULE_PARM_TYPE(name, "array of " #type)
-+
-+
- extern const struct kernel_param_ops param_array_ops;
-
- extern const struct kernel_param_ops param_ops_string;
diff --git a/debian/patches/features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch b/debian/patches/features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch
deleted file mode 100644
index 6b5bf43..0000000
--- a/debian/patches/features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:21 +0100
-Subject: [02/62] Annotate hardware config module parameters in arch/x86/mm/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=89a35b5df5de26b9eaed0791580cea872232d563
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in arch/x86/mm/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Steven Rostedt <rostedt at goodmis.org>
-cc: Ingo Molnar <mingo at kernel.org>
-cc: Thomas Gleixner <tglx at linutronix.de>
-cc: "H. Peter Anvin" <hpa at zytor.com>
-cc: x86 at kernel.org
-cc: linux-kernel at vger.kernel.org
-cc: nouveau at lists.freedesktop.org
----
- arch/x86/mm/testmmiotrace.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c
-index 38868adf07ea..f6ae6830b341 100644
---- a/arch/x86/mm/testmmiotrace.c
-+++ b/arch/x86/mm/testmmiotrace.c
-@@ -9,7 +9,7 @@
- #include <linux/mmiotrace.h>
-
- static unsigned long mmio_address;
--module_param(mmio_address, ulong, 0);
-+module_param_hw(mmio_address, ulong, iomem, 0);
- MODULE_PARM_DESC(mmio_address, " Start address of the mapping of 16 kB "
- "(or 8 MB if read_far is non-zero).");
-
diff --git a/debian/patches/features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index d140171..0000000
--- a/debian/patches/features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:21 +0100
-Subject: [03/62] Annotate hardware config module parameters in
- drivers/char/ipmi/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a72157f0fe047bc3dd4a4111c5db764b03269122
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/char/ipmi/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Reviewed-by: Corey Minyard <cminyard at mvista.com>
-cc: openipmi-developer at lists.sourceforge.net
----
- drivers/char/ipmi/ipmi_si_intf.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 2a7c425ddfa7..e2f34eb59998 100644
---- a/drivers/char/ipmi/ipmi_si_intf.c
-+++ b/drivers/char/ipmi/ipmi_si_intf.c
-@@ -1375,39 +1375,39 @@ MODULE_PARM_DESC(type, "Defines the type of each interface, each"
- " interface separated by commas. The types are 'kcs',"
- " 'smic', and 'bt'. For example si_type=kcs,bt will set"
- " the first interface to kcs and the second to bt");
--module_param_array(addrs, ulong, &num_addrs, 0);
-+module_param_hw_array(addrs, ulong, iomem, &num_addrs, 0);
- MODULE_PARM_DESC(addrs, "Sets the memory address of each interface, the"
- " addresses separated by commas. Only use if an interface"
- " is in memory. Otherwise, set it to zero or leave"
- " it blank.");
--module_param_array(ports, uint, &num_ports, 0);
-+module_param_hw_array(ports, uint, ioport, &num_ports, 0);
- MODULE_PARM_DESC(ports, "Sets the port address of each interface, the"
- " addresses separated by commas. Only use if an interface"
- " is a port. Otherwise, set it to zero or leave"
- " it blank.");
--module_param_array(irqs, int, &num_irqs, 0);
-+module_param_hw_array(irqs, int, irq, &num_irqs, 0);
- MODULE_PARM_DESC(irqs, "Sets the interrupt of each interface, the"
- " addresses separated by commas. Only use if an interface"
- " has an interrupt. Otherwise, set it to zero or leave"
- " it blank.");
--module_param_array(regspacings, int, &num_regspacings, 0);
-+module_param_hw_array(regspacings, int, other, &num_regspacings, 0);
- MODULE_PARM_DESC(regspacings, "The number of bytes between the start address"
- " and each successive register used by the interface. For"
- " instance, if the start address is 0xca2 and the spacing"
- " is 2, then the second address is at 0xca4. Defaults"
- " to 1.");
--module_param_array(regsizes, int, &num_regsizes, 0);
-+module_param_hw_array(regsizes, int, other, &num_regsizes, 0);
- MODULE_PARM_DESC(regsizes, "The size of the specific IPMI register in bytes."
- " This should generally be 1, 2, 4, or 8 for an 8-bit,"
- " 16-bit, 32-bit, or 64-bit register. Use this if you"
- " the 8-bit IPMI register has to be read from a larger"
- " register.");
--module_param_array(regshifts, int, &num_regshifts, 0);
-+module_param_hw_array(regshifts, int, other, &num_regshifts, 0);
- MODULE_PARM_DESC(regshifts, "The amount to shift the data read from the."
- " IPMI register, in bits. For instance, if the data"
- " is read from a 32-bit word and the IPMI data is in"
- " bit 8-15, then the shift would be 8");
--module_param_array(slave_addrs, int, &num_slave_addrs, 0);
-+module_param_hw_array(slave_addrs, int, other, &num_slave_addrs, 0);
- MODULE_PARM_DESC(slave_addrs, "Set the default IPMB slave address for"
- " the controller. Normally this is 0x20, but can be"
- " overridden by this parm. This is an array indexed"
diff --git a/debian/patches/features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 286fbb9..0000000
--- a/debian/patches/features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:21 +0100
-Subject: [04/62] Annotate hardware config module parameters in
- drivers/char/mwave/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=70f233e85b60cb259279e451313dce6cbc84d041
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/char/mwave/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- drivers/char/mwave/mwavedd.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/char/mwave/mwavedd.c b/drivers/char/mwave/mwavedd.c
-index 3a3ff2eb6cba..b5e3103c1175 100644
---- a/drivers/char/mwave/mwavedd.c
-+++ b/drivers/char/mwave/mwavedd.c
-@@ -80,10 +80,10 @@ int mwave_3780i_io = 0;
- int mwave_uart_irq = 0;
- int mwave_uart_io = 0;
- module_param(mwave_debug, int, 0);
--module_param(mwave_3780i_irq, int, 0);
--module_param(mwave_3780i_io, int, 0);
--module_param(mwave_uart_irq, int, 0);
--module_param(mwave_uart_io, int, 0);
-+module_param_hw(mwave_3780i_irq, int, irq, 0);
-+module_param_hw(mwave_3780i_io, int, ioport, 0);
-+module_param_hw(mwave_uart_irq, int, irq, 0);
-+module_param_hw(mwave_uart_io, int, ioport, 0);
-
- static int mwave_open(struct inode *inode, struct file *file);
- static int mwave_close(struct inode *inode, struct file *file);
diff --git a/debian/patches/features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index ab60a71..0000000
--- a/debian/patches/features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:22 +0100
-Subject: [05/62] Annotate hardware config module parameters in drivers/char/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=3a5a43a8e71e6c0f03ba07d7125faccc8c851d65
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/char/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Arnd Bergmann <arnd at arndb.de>
-cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- drivers/char/applicom.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c
-index e770ad977472..b67263d6e34b 100644
---- a/drivers/char/applicom.c
-+++ b/drivers/char/applicom.c
-@@ -94,9 +94,9 @@ static struct applicom_board {
- static unsigned int irq = 0; /* interrupt number IRQ */
- static unsigned long mem = 0; /* physical segment of board */
-
--module_param(irq, uint, 0);
-+module_param_hw(irq, uint, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ of the Applicom board");
--module_param(mem, ulong, 0);
-+module_param_hw(mem, ulong, iomem, 0);
- MODULE_PARM_DESC(mem, "Shared Memory Address of Applicom board");
-
- static unsigned int numboards; /* number of installed boards */
diff --git a/debian/patches/features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 0e07654..0000000
--- a/debian/patches/features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:22 +0100
-Subject: [06/62] Annotate hardware config module parameters in
- drivers/clocksource/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=8a3dad31f7c45c744a27dd6c7587efc2330bafd7
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/clocksource/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Daniel Lezcano <daniel.lezcano at linaro.org>
-cc: Thomas Gleixner <tglx at linutronix.de>
-cc: linux-kernel at vger.kernel.org
----
- drivers/clocksource/cs5535-clockevt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/clocksource/cs5535-clockevt.c b/drivers/clocksource/cs5535-clockevt.c
-index 9a7e37cf56b0..a1df588343f2 100644
---- a/drivers/clocksource/cs5535-clockevt.c
-+++ b/drivers/clocksource/cs5535-clockevt.c
-@@ -22,7 +22,7 @@
- #define DRV_NAME "cs5535-clockevt"
-
- static int timer_irq;
--module_param_named(irq, timer_irq, int, 0644);
-+module_param_hw_named(irq, timer_irq, int, irq, 0644);
- MODULE_PARM_DESC(irq, "Which IRQ to use for the clock source MFGPT ticks.");
-
- /*
diff --git a/debian/patches/features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 29df967..0000000
--- a/debian/patches/features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:22 +0100
-Subject: [07/62] Annotate hardware config module parameters in
- drivers/cpufreq/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=889dc5a750fe6ec7088dcb77a23f1a5745d3fd2a
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/cpufreq/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Acked-by: "Rafael J. Wysocki" <rjw at rjwysocki.net>
-cc: Viresh Kumar <viresh.kumar at linaro.org>
-cc: linux-pm at vger.kernel.org
----
- drivers/cpufreq/speedstep-smi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/cpufreq/speedstep-smi.c b/drivers/cpufreq/speedstep-smi.c
-index 770a9ae1999a..37b30071c220 100644
---- a/drivers/cpufreq/speedstep-smi.c
-+++ b/drivers/cpufreq/speedstep-smi.c
-@@ -378,7 +378,7 @@ static void __exit speedstep_exit(void)
- cpufreq_unregister_driver(&speedstep_driver);
- }
-
--module_param(smi_port, int, 0444);
-+module_param_hw(smi_port, int, ioport, 0444);
- module_param(smi_cmd, int, 0444);
- module_param(smi_sig, uint, 0444);
-
diff --git a/debian/patches/features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 04001c8..0000000
--- a/debian/patches/features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:22 +0100
-Subject: [08/62] Annotate hardware config module parameters in drivers/gpio/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=fc57a891601a964e9c80c1ea9a0bfa40da3764db
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/gpio/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Acked-by: William Breathitt Gray <vilhelm.gray at gmail.com>
-Acked-by: Linus Walleij <linus.walleij at linaro.org>
-cc: Alexandre Courbot <gnurou at gmail.com>
-cc: linux-gpio at vger.kernel.org
----
- drivers/gpio/gpio-104-dio-48e.c | 4 ++--
- drivers/gpio/gpio-104-idi-48.c | 4 ++--
- drivers/gpio/gpio-104-idio-16.c | 4 ++--
- drivers/gpio/gpio-gpio-mm.c | 2 +-
- drivers/gpio/gpio-ws16c48.c | 4 ++--
- 5 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/drivers/gpio/gpio-104-dio-48e.c b/drivers/gpio/gpio-104-dio-48e.c
-index 17bd2ab4ebe2..dfa1a298e4f6 100644
---- a/drivers/gpio/gpio-104-dio-48e.c
-+++ b/drivers/gpio/gpio-104-dio-48e.c
-@@ -33,11 +33,11 @@
-
- static unsigned int base[MAX_NUM_DIO48E];
- static unsigned int num_dio48e;
--module_param_array(base, uint, &num_dio48e, 0);
-+module_param_hw_array(base, uint, ioport, &num_dio48e, 0);
- MODULE_PARM_DESC(base, "ACCES 104-DIO-48E base addresses");
-
- static unsigned int irq[MAX_NUM_DIO48E];
--module_param_array(irq, uint, NULL, 0);
-+module_param_hw_array(irq, uint, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "ACCES 104-DIO-48E interrupt line numbers");
-
- /**
-diff --git a/drivers/gpio/gpio-104-idi-48.c b/drivers/gpio/gpio-104-idi-48.c
-index 568375a7ebc2..c369b2083876 100644
---- a/drivers/gpio/gpio-104-idi-48.c
-+++ b/drivers/gpio/gpio-104-idi-48.c
-@@ -33,11 +33,11 @@
-
- static unsigned int base[MAX_NUM_IDI_48];
- static unsigned int num_idi_48;
--module_param_array(base, uint, &num_idi_48, 0);
-+module_param_hw_array(base, uint, ioport, &num_idi_48, 0);
- MODULE_PARM_DESC(base, "ACCES 104-IDI-48 base addresses");
-
- static unsigned int irq[MAX_NUM_IDI_48];
--module_param_array(irq, uint, NULL, 0);
-+module_param_hw_array(irq, uint, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "ACCES 104-IDI-48 interrupt line numbers");
-
- /**
-diff --git a/drivers/gpio/gpio-104-idio-16.c b/drivers/gpio/gpio-104-idio-16.c
-index 7053cf736648..5949123986f2 100644
---- a/drivers/gpio/gpio-104-idio-16.c
-+++ b/drivers/gpio/gpio-104-idio-16.c
-@@ -33,11 +33,11 @@
-
- static unsigned int base[MAX_NUM_IDIO_16];
- static unsigned int num_idio_16;
--module_param_array(base, uint, &num_idio_16, 0);
-+module_param_hw_array(base, uint, ioport, &num_idio_16, 0);
- MODULE_PARM_DESC(base, "ACCES 104-IDIO-16 base addresses");
-
- static unsigned int irq[MAX_NUM_IDIO_16];
--module_param_array(irq, uint, NULL, 0);
-+module_param_hw_array(irq, uint, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "ACCES 104-IDIO-16 interrupt line numbers");
-
- /**
-diff --git a/drivers/gpio/gpio-gpio-mm.c b/drivers/gpio/gpio-gpio-mm.c
-index fa4baa2543db..11ade5b288f8 100644
---- a/drivers/gpio/gpio-gpio-mm.c
-+++ b/drivers/gpio/gpio-gpio-mm.c
-@@ -31,7 +31,7 @@
-
- static unsigned int base[MAX_NUM_GPIOMM];
- static unsigned int num_gpiomm;
--module_param_array(base, uint, &num_gpiomm, 0);
-+module_param_hw_array(base, uint, ioport, &num_gpiomm, 0);
- MODULE_PARM_DESC(base, "Diamond Systems GPIO-MM base addresses");
-
- /**
-diff --git a/drivers/gpio/gpio-ws16c48.c b/drivers/gpio/gpio-ws16c48.c
-index 901b5ccb032d..f8a4f91f36c7 100644
---- a/drivers/gpio/gpio-ws16c48.c
-+++ b/drivers/gpio/gpio-ws16c48.c
-@@ -30,11 +30,11 @@
-
- static unsigned int base[MAX_NUM_WS16C48];
- static unsigned int num_ws16c48;
--module_param_array(base, uint, &num_ws16c48, 0);
-+module_param_hw_array(base, uint, ioport, &num_ws16c48, 0);
- MODULE_PARM_DESC(base, "WinSystems WS16C48 base addresses");
-
- static unsigned int irq[MAX_NUM_WS16C48];
--module_param_array(irq, uint, NULL, 0);
-+module_param_hw_array(irq, uint, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "WinSystems WS16C48 interrupt line numbers");
-
- /**
diff --git a/debian/patches/features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 871e4c9..0000000
--- a/debian/patches/features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:23 +0100
-Subject: [09/62] Annotate hardware config module parameters in drivers/i2c/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e03e00c1c3dc3178b092971000390bbc1cbcea6c
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/i2c/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Wolfram Sang <wsa at the-dreams.de>
-cc: Jean Delvare <jdelvare at suse.com>
-cc: linux-i2c at vger.kernel.org
----
- drivers/i2c/busses/i2c-ali15x3.c | 2 +-
- drivers/i2c/busses/i2c-elektor.c | 6 +++---
- drivers/i2c/busses/i2c-parport-light.c | 4 ++--
- drivers/i2c/busses/i2c-pca-isa.c | 4 ++--
- drivers/i2c/busses/i2c-piix4.c | 2 +-
- drivers/i2c/busses/i2c-sis5595.c | 2 +-
- drivers/i2c/busses/i2c-viapro.c | 2 +-
- drivers/i2c/busses/scx200_acb.c | 2 +-
- 8 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/drivers/i2c/busses/i2c-ali15x3.c b/drivers/i2c/busses/i2c-ali15x3.c
-index 45c5c4883022..6e6bf46bcb52 100644
---- a/drivers/i2c/busses/i2c-ali15x3.c
-+++ b/drivers/i2c/busses/i2c-ali15x3.c
-@@ -119,7 +119,7 @@
- /* If force_addr is set to anything different from 0, we forcibly enable
- the device at the given address. */
- static u16 force_addr;
--module_param(force_addr, ushort, 0);
-+module_param_hw(force_addr, ushort, ioport, 0);
- MODULE_PARM_DESC(force_addr,
- "Initialize the base address of the i2c controller");
-
-diff --git a/drivers/i2c/busses/i2c-elektor.c b/drivers/i2c/busses/i2c-elektor.c
-index 8af62fb3fe41..5416003e0605 100644
---- a/drivers/i2c/busses/i2c-elektor.c
-+++ b/drivers/i2c/busses/i2c-elektor.c
-@@ -323,9 +323,9 @@ MODULE_AUTHOR("Hans Berglund <hb at spacetec.no>");
- MODULE_DESCRIPTION("I2C-Bus adapter routines for PCF8584 ISA bus adapter");
- MODULE_LICENSE("GPL");
-
--module_param(base, int, 0);
--module_param(irq, int, 0);
-+module_param_hw(base, int, ioport_or_iomem, 0);
-+module_param_hw(irq, int, irq, 0);
- module_param(clock, int, 0);
- module_param(own, int, 0);
--module_param(mmapped, int, 0);
-+module_param_hw(mmapped, int, other, 0);
- module_isa_driver(i2c_elektor_driver, 1);
-diff --git a/drivers/i2c/busses/i2c-parport-light.c b/drivers/i2c/busses/i2c-parport-light.c
-index 1bcdd10b68b9..faa8fb8f2b8f 100644
---- a/drivers/i2c/busses/i2c-parport-light.c
-+++ b/drivers/i2c/busses/i2c-parport-light.c
-@@ -38,11 +38,11 @@
- static struct platform_device *pdev;
-
- static u16 base;
--module_param(base, ushort, 0);
-+module_param_hw(base, ushort, ioport, 0);
- MODULE_PARM_DESC(base, "Base I/O address");
-
- static int irq;
--module_param(irq, int, 0);
-+module_param_hw(irq, int, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ (optional)");
-
- /* ----- Low-level parallel port access ----------------------------------- */
-diff --git a/drivers/i2c/busses/i2c-pca-isa.c b/drivers/i2c/busses/i2c-pca-isa.c
-index ba88f17f636c..946ac646de2a 100644
---- a/drivers/i2c/busses/i2c-pca-isa.c
-+++ b/drivers/i2c/busses/i2c-pca-isa.c
-@@ -197,9 +197,9 @@ MODULE_AUTHOR("Ian Campbell <icampbell at arcom.com>");
- MODULE_DESCRIPTION("ISA base PCA9564/PCA9665 driver");
- MODULE_LICENSE("GPL");
-
--module_param(base, ulong, 0);
-+module_param_hw(base, ulong, ioport, 0);
- MODULE_PARM_DESC(base, "I/O base address");
--module_param(irq, int, 0);
-+module_param_hw(irq, int, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ");
- module_param(clock, int, 0);
- MODULE_PARM_DESC(clock, "Clock rate in hertz.\n\t\t"
-diff --git a/drivers/i2c/busses/i2c-piix4.c b/drivers/i2c/busses/i2c-piix4.c
-index c21ca7bf2efe..0ecdb47a23ab 100644
---- a/drivers/i2c/busses/i2c-piix4.c
-+++ b/drivers/i2c/busses/i2c-piix4.c
-@@ -106,7 +106,7 @@ MODULE_PARM_DESC(force, "Forcibly enable the PIIX4. DANGEROUS!");
- /* If force_addr is set to anything different from 0, we forcibly enable
- the PIIX4 at the given address. VERY DANGEROUS! */
- static int force_addr;
--module_param (force_addr, int, 0);
-+module_param_hw(force_addr, int, ioport, 0);
- MODULE_PARM_DESC(force_addr,
- "Forcibly enable the PIIX4 at the given address. "
- "EXTREMELY DANGEROUS!");
-diff --git a/drivers/i2c/busses/i2c-sis5595.c b/drivers/i2c/busses/i2c-sis5595.c
-index 7d58a40faf2d..d543a9867ba4 100644
---- a/drivers/i2c/busses/i2c-sis5595.c
-+++ b/drivers/i2c/busses/i2c-sis5595.c
-@@ -119,7 +119,7 @@ static int blacklist[] = {
- /* If force_addr is set to anything different from 0, we forcibly enable
- the device at the given address. */
- static u16 force_addr;
--module_param(force_addr, ushort, 0);
-+module_param_hw(force_addr, ushort, ioport, 0);
- MODULE_PARM_DESC(force_addr, "Initialize the base address of the i2c controller");
-
- static struct pci_driver sis5595_driver;
-diff --git a/drivers/i2c/busses/i2c-viapro.c b/drivers/i2c/busses/i2c-viapro.c
-index 0ee2646f3b00..0dc45e12bb1d 100644
---- a/drivers/i2c/busses/i2c-viapro.c
-+++ b/drivers/i2c/busses/i2c-viapro.c
-@@ -94,7 +94,7 @@ MODULE_PARM_DESC(force, "Forcibly enable the SMBus. DANGEROUS!");
- /* If force_addr is set to anything different from 0, we forcibly enable
- the VT596 at the given address. VERY DANGEROUS! */
- static u16 force_addr;
--module_param(force_addr, ushort, 0);
-+module_param_hw(force_addr, ushort, ioport, 0);
- MODULE_PARM_DESC(force_addr,
- "Forcibly enable the SMBus at the given address. "
- "EXTREMELY DANGEROUS!");
-diff --git a/drivers/i2c/busses/scx200_acb.c b/drivers/i2c/busses/scx200_acb.c
-index 0a7e410b6195..e0923bee8d1f 100644
---- a/drivers/i2c/busses/scx200_acb.c
-+++ b/drivers/i2c/busses/scx200_acb.c
-@@ -42,7 +42,7 @@ MODULE_LICENSE("GPL");
-
- #define MAX_DEVICES 4
- static int base[MAX_DEVICES] = { 0x820, 0x840 };
--module_param_array(base, int, NULL, 0);
-+module_param_hw_array(base, int, ioport, NULL, 0);
- MODULE_PARM_DESC(base, "Base addresses for the ACCESS.bus controllers");
-
- #define POLL_TIMEOUT (HZ/5)
diff --git a/debian/patches/features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 930e5f1..0000000
--- a/debian/patches/features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:23 +0100
-Subject: [10/62] Annotate hardware config module parameters in drivers/iio/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=104ad466c252fa90cc84d4dd4e0aa5074c43f47e
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/iio/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Acked-by: William Breathitt Gray <vilhelm.gray at gmail.com>
-Acked-by: Jonathan Cameron <jic23 at kernel.org>
-cc: linux-iio at vger.kernel.org
----
- drivers/iio/adc/stx104.c | 2 +-
- drivers/iio/dac/cio-dac.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/iio/adc/stx104.c b/drivers/iio/adc/stx104.c
-index be2de48844bc..7dd396f88f6b 100644
---- a/drivers/iio/adc/stx104.c
-+++ b/drivers/iio/adc/stx104.c
-@@ -49,7 +49,7 @@
-
- static unsigned int base[max_num_isa_dev(STX104_EXTENT)];
- static unsigned int num_stx104;
--module_param_array(base, uint, &num_stx104, 0);
-+module_param_hw_array(base, uint, ioport, &num_stx104, 0);
- MODULE_PARM_DESC(base, "Apex Embedded Systems STX104 base addresses");
-
- /**
-diff --git a/drivers/iio/dac/cio-dac.c b/drivers/iio/dac/cio-dac.c
-index 5a743e2a779d..dac086129edf 100644
---- a/drivers/iio/dac/cio-dac.c
-+++ b/drivers/iio/dac/cio-dac.c
-@@ -39,7 +39,7 @@
-
- static unsigned int base[max_num_isa_dev(CIO_DAC_EXTENT)];
- static unsigned int num_cio_dac;
--module_param_array(base, uint, &num_cio_dac, 0);
-+module_param_hw_array(base, uint, ioport, &num_cio_dac, 0);
- MODULE_PARM_DESC(base, "Measurement Computing CIO-DAC base addresses");
-
- /**
diff --git a/debian/patches/features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index a848503..0000000
--- a/debian/patches/features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:23 +0100
-Subject: [11/62] Annotate hardware config module parameters in drivers/input/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=5b90489efd9bb9b2b9e68b2b4e803985fa890cb8
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/input/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Acked-by: Dmitry Torokhov <dmitry.torokhov at gmail.com>
-cc: linux-input at vger.kernel.org
----
- drivers/input/mouse/inport.c | 2 +-
- drivers/input/mouse/logibm.c | 2 +-
- drivers/input/touchscreen/mk712.c | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/input/mouse/inport.c b/drivers/input/mouse/inport.c
-index 3827a22362de..9ce71dfa0de1 100644
---- a/drivers/input/mouse/inport.c
-+++ b/drivers/input/mouse/inport.c
-@@ -78,7 +78,7 @@ MODULE_LICENSE("GPL");
- #define INPORT_IRQ 5
-
- static int inport_irq = INPORT_IRQ;
--module_param_named(irq, inport_irq, uint, 0);
-+module_param_hw_named(irq, inport_irq, uint, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ number (5=default)");
-
- static struct input_dev *inport_dev;
-diff --git a/drivers/input/mouse/logibm.c b/drivers/input/mouse/logibm.c
-index e2413113df22..6f165e053f4d 100644
---- a/drivers/input/mouse/logibm.c
-+++ b/drivers/input/mouse/logibm.c
-@@ -69,7 +69,7 @@ MODULE_LICENSE("GPL");
- #define LOGIBM_IRQ 5
-
- static int logibm_irq = LOGIBM_IRQ;
--module_param_named(irq, logibm_irq, uint, 0);
-+module_param_hw_named(irq, logibm_irq, uint, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ number (5=default)");
-
- static struct input_dev *logibm_dev;
-diff --git a/drivers/input/touchscreen/mk712.c b/drivers/input/touchscreen/mk712.c
-index 36e57deacd03..bd5352824f77 100644
---- a/drivers/input/touchscreen/mk712.c
-+++ b/drivers/input/touchscreen/mk712.c
-@@ -50,11 +50,11 @@ MODULE_DESCRIPTION("ICS MicroClock MK712 TouchScreen driver");
- MODULE_LICENSE("GPL");
-
- static unsigned int mk712_io = 0x260; /* Also 0x200, 0x208, 0x300 */
--module_param_named(io, mk712_io, uint, 0);
-+module_param_hw_named(io, mk712_io, uint, ioport, 0);
- MODULE_PARM_DESC(io, "I/O base address of MK712 touchscreen controller");
-
- static unsigned int mk712_irq = 10; /* Also 12, 14, 15 */
--module_param_named(irq, mk712_irq, uint, 0);
-+module_param_hw_named(irq, mk712_irq, uint, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ of MK712 touchscreen controller");
-
- /* eight 8-bit registers */
diff --git a/debian/patches/features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 368a3f5..0000000
--- a/debian/patches/features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:24 +0100
-Subject: [12/62] Annotate hardware config module parameters in drivers/isdn/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=7968519108dc80b5da2fe7a8e6aa27c296586c25
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/isdn/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Karsten Keil <isdn at linux-pingi.de>
-cc: netdev at vger.kernel.org
----
- drivers/isdn/hardware/avm/b1isa.c | 4 ++--
- drivers/isdn/hardware/avm/t1isa.c | 4 ++--
- drivers/isdn/hisax/config.c | 10 +++++-----
- 3 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/drivers/isdn/hardware/avm/b1isa.c b/drivers/isdn/hardware/avm/b1isa.c
-index 31ef8130a87f..54e871a47387 100644
---- a/drivers/isdn/hardware/avm/b1isa.c
-+++ b/drivers/isdn/hardware/avm/b1isa.c
-@@ -169,8 +169,8 @@ static struct pci_dev isa_dev[MAX_CARDS];
- static int io[MAX_CARDS];
- static int irq[MAX_CARDS];
-
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(io, "I/O base address(es)");
- MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)");
-
-diff --git a/drivers/isdn/hardware/avm/t1isa.c b/drivers/isdn/hardware/avm/t1isa.c
-index 72ef18853951..9516203c735f 100644
---- a/drivers/isdn/hardware/avm/t1isa.c
-+++ b/drivers/isdn/hardware/avm/t1isa.c
-@@ -516,8 +516,8 @@ static int io[MAX_CARDS];
- static int irq[MAX_CARDS];
- static int cardnr[MAX_CARDS];
-
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param_array(cardnr, int, NULL, 0);
- MODULE_PARM_DESC(io, "I/O base address(es)");
- MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)");
-diff --git a/drivers/isdn/hisax/config.c b/drivers/isdn/hisax/config.c
-index 2d12c6ceeb89..c7d68675b028 100644
---- a/drivers/isdn/hisax/config.c
-+++ b/drivers/isdn/hisax/config.c
-@@ -350,13 +350,13 @@ MODULE_AUTHOR("Karsten Keil");
- MODULE_LICENSE("GPL");
- module_param_array(type, int, NULL, 0);
- module_param_array(protocol, int, NULL, 0);
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
--module_param_array(mem, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
-+module_param_hw_array(mem, int, iomem, NULL, 0);
- module_param(id, charp, 0);
- #ifdef IO0_IO1
--module_param_array(io0, int, NULL, 0);
--module_param_array(io1, int, NULL, 0);
-+module_param_hw_array(io0, int, ioport, NULL, 0);
-+module_param_hw_array(io1, int, ioport, NULL, 0);
- #endif
- #endif /* MODULE */
-
diff --git a/debian/patches/features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index ab8c5e7..0000000
--- a/debian/patches/features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:24 +0100
-Subject: [13/62] Annotate hardware config module parameters in drivers/media/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=9e256c58933510b128a6f00691f751ef55ea1fd2
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/media/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Mauro Carvalho Chehab <mchehab at kernel.org>
-cc: mjpeg-users at lists.sourceforge.net
-cc: linux-media at vger.kernel.org
----
- drivers/media/pci/zoran/zoran_card.c | 2 +-
- drivers/media/rc/serial_ir.c | 10 +++++-----
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/drivers/media/pci/zoran/zoran_card.c b/drivers/media/pci/zoran/zoran_card.c
-index 5266755add63..4680f001653a 100644
---- a/drivers/media/pci/zoran/zoran_card.c
-+++ b/drivers/media/pci/zoran/zoran_card.c
-@@ -69,7 +69,7 @@ MODULE_PARM_DESC(card, "Card type");
- */
-
- static unsigned long vidmem; /* default = 0 - Video memory base address */
--module_param(vidmem, ulong, 0444);
-+module_param_hw(vidmem, ulong, iomem, 0444);
- MODULE_PARM_DESC(vidmem, "Default video memory base address");
-
- /*
-diff --git a/drivers/media/rc/serial_ir.c b/drivers/media/rc/serial_ir.c
-index 41b54e40176c..40d305842a9b 100644
---- a/drivers/media/rc/serial_ir.c
-+++ b/drivers/media/rc/serial_ir.c
-@@ -833,11 +833,11 @@ MODULE_LICENSE("GPL");
- module_param(type, int, 0444);
- MODULE_PARM_DESC(type, "Hardware type (0 = home-brew, 1 = IRdeo, 2 = IRdeo Remote, 3 = AnimaX, 4 = IgorPlug");
-
--module_param(io, int, 0444);
-+module_param_hw(io, int, ioport, 0444);
- MODULE_PARM_DESC(io, "I/O address base (0x3f8 or 0x2f8)");
-
- /* some architectures (e.g. intel xscale) have memory mapped registers */
--module_param(iommap, bool, 0444);
-+module_param_hw(iommap, bool, other, 0444);
- MODULE_PARM_DESC(iommap, "physical base for memory mapped I/O (0 = no memory mapped io)");
-
- /*
-@@ -845,13 +845,13 @@ MODULE_PARM_DESC(iommap, "physical base for memory mapped I/O (0 = no memory map
- * on 32bit word boundaries.
- * See linux-kernel/drivers/tty/serial/8250/8250.c serial_in()/out()
- */
--module_param(ioshift, int, 0444);
-+module_param_hw(ioshift, int, other, 0444);
- MODULE_PARM_DESC(ioshift, "shift I/O register offset (0 = no shift)");
-
--module_param(irq, int, 0444);
-+module_param_hw(irq, int, irq, 0444);
- MODULE_PARM_DESC(irq, "Interrupt (4 or 3)");
-
--module_param(share_irq, bool, 0444);
-+module_param_hw(share_irq, bool, other, 0444);
- MODULE_PARM_DESC(share_irq, "Share interrupts (0 = off, 1 = on)");
-
- module_param(sense, int, 0444);
diff --git a/debian/patches/features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 84d3f41..0000000
--- a/debian/patches/features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:24 +0100
-Subject: [14/62] Annotate hardware config module parameters in drivers/misc/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=78c42a679f4795421aa74c469bbce417f9eed08d
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/misc/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Arnd Bergmann <arnd at arndb.de>
-cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
----
- drivers/misc/dummy-irq.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/misc/dummy-irq.c b/drivers/misc/dummy-irq.c
-index acbbe0390be4..76a1015d5783 100644
---- a/drivers/misc/dummy-irq.c
-+++ b/drivers/misc/dummy-irq.c
-@@ -59,6 +59,6 @@ module_exit(dummy_irq_exit);
-
- MODULE_LICENSE("GPL");
- MODULE_AUTHOR("Jiri Kosina");
--module_param(irq, uint, 0444);
-+module_param_hw(irq, uint, irq, 0444);
- MODULE_PARM_DESC(irq, "The IRQ to register for");
- MODULE_DESCRIPTION("Dummy IRQ handler driver");
diff --git a/debian/patches/features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index d7c9637..0000000
--- a/debian/patches/features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:25 +0100
-Subject: [15/62] Annotate hardware config module parameters in
- drivers/mmc/host/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=eddcdc1bef4e3fa95de7f670e0aeaca85e2ab9af
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/mmc/host/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Pierre Ossman <pierre at ossman.eu>
-cc: Ulf Hansson <ulf.hansson at linaro.org>
-cc: linux-mmc at vger.kernel.org
----
- drivers/mmc/host/wbsd.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/mmc/host/wbsd.c b/drivers/mmc/host/wbsd.c
-index bd04e8bae010..e15a9733fcfd 100644
---- a/drivers/mmc/host/wbsd.c
-+++ b/drivers/mmc/host/wbsd.c
-@@ -2001,11 +2001,11 @@ static void __exit wbsd_drv_exit(void)
- module_init(wbsd_drv_init);
- module_exit(wbsd_drv_exit);
- #ifdef CONFIG_PNP
--module_param_named(nopnp, param_nopnp, uint, 0444);
-+module_param_hw_named(nopnp, param_nopnp, uint, other, 0444);
- #endif
--module_param_named(io, param_io, uint, 0444);
--module_param_named(irq, param_irq, uint, 0444);
--module_param_named(dma, param_dma, int, 0444);
-+module_param_hw_named(io, param_io, uint, ioport, 0444);
-+module_param_hw_named(irq, param_irq, uint, irq, 0444);
-+module_param_hw_named(dma, param_dma, int, dma, 0444);
-
- MODULE_LICENSE("GPL");
- MODULE_AUTHOR("Pierre Ossman <pierre at ossman.eu>");
diff --git a/debian/patches/features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index b4e8cee..0000000
--- a/debian/patches/features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:25 +0100
-Subject: [16/62] Annotate hardware config module parameters in
- drivers/net/appletalk/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=78e66f194ab1de8df4088761add8e9e747d8e9c3
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/appletalk/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Arnaldo Carvalho de Melo <acme at ghostprotocols.net>
-cc: netdev at vger.kernel.org
-[bwh: Drop changes to cops driver, which we removed]
----
---- a/drivers/net/appletalk/ltpc.c
-+++ b/drivers/net/appletalk/ltpc.c
-@@ -1231,9 +1231,9 @@ static struct net_device *dev_ltpc;
-
- MODULE_LICENSE("GPL");
- module_param(debug, int, 0);
--module_param(io, int, 0);
--module_param(irq, int, 0);
--module_param(dma, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
-+module_param_hw(dma, int, dma, 0);
-
-
- static int __init ltpc_module_init(void)
diff --git a/debian/patches/features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 9909a84..0000000
--- a/debian/patches/features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:25 +0100
-Subject: [17/62] Annotate hardware config module parameters in
- drivers/net/arcnet/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=7606cd506c88e6f9a0f001c57fb1bd9d4d648db8
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/arcnet/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Michael Grzeschik <m.grzeschik at pengutronix.de>
-cc: netdev at vger.kernel.org
----
- drivers/net/arcnet/com20020-isa.c | 4 ++--
- drivers/net/arcnet/com90io.c | 4 ++--
- drivers/net/arcnet/com90xx.c | 4 ++--
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/drivers/net/arcnet/com20020-isa.c b/drivers/net/arcnet/com20020-isa.c
-index b9e9931353b2..38fa60ddaf2e 100644
---- a/drivers/net/arcnet/com20020-isa.c
-+++ b/drivers/net/arcnet/com20020-isa.c
-@@ -129,8 +129,8 @@ static int clockp = 0;
- static int clockm = 0;
-
- module_param(node, int, 0);
--module_param(io, int, 0);
--module_param(irq, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
- module_param_string(device, device, sizeof(device), 0);
- module_param(timeout, int, 0);
- module_param(backplane, int, 0);
-diff --git a/drivers/net/arcnet/com90io.c b/drivers/net/arcnet/com90io.c
-index b57863df5bf5..4e56aaf2b984 100644
---- a/drivers/net/arcnet/com90io.c
-+++ b/drivers/net/arcnet/com90io.c
-@@ -347,8 +347,8 @@ static int io; /* use the insmod io= irq= shmem= options */
- static int irq;
- static char device[9]; /* use eg. device=arc1 to change name */
-
--module_param(io, int, 0);
--module_param(irq, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
- module_param_string(device, device, sizeof(device), 0);
- MODULE_LICENSE("GPL");
-
-diff --git a/drivers/net/arcnet/com90xx.c b/drivers/net/arcnet/com90xx.c
-index 81f90c4703ae..ca4a57c30bf8 100644
---- a/drivers/net/arcnet/com90xx.c
-+++ b/drivers/net/arcnet/com90xx.c
-@@ -88,8 +88,8 @@ static int irq;
- static int shmem;
- static char device[9]; /* use eg. device=arc1 to change name */
-
--module_param(io, int, 0);
--module_param(irq, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
- module_param(shmem, int, 0);
- module_param_string(device, device, sizeof(device), 0);
-
diff --git a/debian/patches/features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index b854537..0000000
--- a/debian/patches/features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:25 +0100
-Subject: [18/62] Annotate hardware config module parameters in
- drivers/net/can/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=062a92aff0917dc6c418648979564e1632924f2e
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/can/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Acked-by: Marc Kleine-Budde <mkl at pengutronix.de>
-cc: Wolfgang Grandegger <wg at grandegger.com>
-cc: linux-can at vger.kernel.org
-cc: netdev at vger.kernel.org
----
- drivers/net/can/cc770/cc770_isa.c | 8 ++++----
- drivers/net/can/sja1000/sja1000_isa.c | 8 ++++----
- 2 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/drivers/net/can/cc770/cc770_isa.c b/drivers/net/can/cc770/cc770_isa.c
-index e0d15711e9ac..3a30fd3b4498 100644
---- a/drivers/net/can/cc770/cc770_isa.c
-+++ b/drivers/net/can/cc770/cc770_isa.c
-@@ -82,16 +82,16 @@ static u8 cor[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff};
- static u8 bcr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff};
- static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1};
-
--module_param_array(port, ulong, NULL, S_IRUGO);
-+module_param_hw_array(port, ulong, ioport, NULL, S_IRUGO);
- MODULE_PARM_DESC(port, "I/O port number");
-
--module_param_array(mem, ulong, NULL, S_IRUGO);
-+module_param_hw_array(mem, ulong, iomem, NULL, S_IRUGO);
- MODULE_PARM_DESC(mem, "I/O memory address");
-
--module_param_array(indirect, int, NULL, S_IRUGO);
-+module_param_hw_array(indirect, int, ioport, NULL, S_IRUGO);
- MODULE_PARM_DESC(indirect, "Indirect access via address and data port");
-
--module_param_array(irq, int, NULL, S_IRUGO);
-+module_param_hw_array(irq, int, irq, NULL, S_IRUGO);
- MODULE_PARM_DESC(irq, "IRQ number");
-
- module_param_array(clk, int, NULL, S_IRUGO);
-diff --git a/drivers/net/can/sja1000/sja1000_isa.c b/drivers/net/can/sja1000/sja1000_isa.c
-index e97e6d35b300..a89c1e92554d 100644
---- a/drivers/net/can/sja1000/sja1000_isa.c
-+++ b/drivers/net/can/sja1000/sja1000_isa.c
-@@ -48,16 +48,16 @@ static unsigned char ocr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff};
- static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1};
- static spinlock_t indirect_lock[MAXDEV]; /* lock for indirect access mode */
-
--module_param_array(port, ulong, NULL, S_IRUGO);
-+module_param_hw_array(port, ulong, ioport, NULL, S_IRUGO);
- MODULE_PARM_DESC(port, "I/O port number");
-
--module_param_array(mem, ulong, NULL, S_IRUGO);
-+module_param_hw_array(mem, ulong, iomem, NULL, S_IRUGO);
- MODULE_PARM_DESC(mem, "I/O memory address");
-
--module_param_array(indirect, int, NULL, S_IRUGO);
-+module_param_hw_array(indirect, int, ioport, NULL, S_IRUGO);
- MODULE_PARM_DESC(indirect, "Indirect access via address and data port");
-
--module_param_array(irq, int, NULL, S_IRUGO);
-+module_param_hw_array(irq, int, irq, NULL, S_IRUGO);
- MODULE_PARM_DESC(irq, "IRQ number");
-
- module_param_array(clk, int, NULL, S_IRUGO);
diff --git a/debian/patches/features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 20f4f3b..0000000
--- a/debian/patches/features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,234 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:26 +0100
-Subject: [19/62] Annotate hardware config module parameters in
- drivers/net/ethernet/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=36f7a604f8c2b0564722e84b903d6de6c2644f85
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/ethernet/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Steffen Klassert <klassert at mathematik.tu-chemnitz.de>
-cc: Jaroslav Kysela <perex at perex.cz>
-cc: netdev at vger.kernel.org
-cc: linux-parisc at vger.kernel.org
----
- drivers/net/ethernet/3com/3c509.c | 2 +-
- drivers/net/ethernet/3com/3c59x.c | 4 ++--
- drivers/net/ethernet/8390/ne.c | 4 ++--
- drivers/net/ethernet/8390/smc-ultra.c | 4 ++--
- drivers/net/ethernet/8390/wd.c | 8 ++++----
- drivers/net/ethernet/amd/lance.c | 6 +++---
- drivers/net/ethernet/amd/ni65.c | 6 +++---
- drivers/net/ethernet/cirrus/cs89x0.c | 6 +++---
- drivers/net/ethernet/dec/tulip/de4x5.c | 2 +-
- drivers/net/ethernet/hp/hp100.c | 2 +-
- drivers/net/ethernet/realtek/atp.c | 4 ++--
- drivers/net/ethernet/smsc/smc9194.c | 4 ++--
- 12 files changed, 26 insertions(+), 26 deletions(-)
-
-diff --git a/drivers/net/ethernet/3com/3c509.c b/drivers/net/ethernet/3com/3c509.c
-index c7f9f2c77da7..db8592d412ab 100644
---- a/drivers/net/ethernet/3com/3c509.c
-+++ b/drivers/net/ethernet/3com/3c509.c
-@@ -1371,7 +1371,7 @@ el3_resume(struct device *pdev)
- #endif /* CONFIG_PM */
-
- module_param(debug,int, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param(max_interrupt_work, int, 0);
- MODULE_PARM_DESC(debug, "debug level (0-6)");
- MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)");
-diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c
-index 40196f41768a..e41245a54f8b 100644
---- a/drivers/net/ethernet/3com/3c59x.c
-+++ b/drivers/net/ethernet/3com/3c59x.c
-@@ -813,8 +813,8 @@ module_param(global_enable_wol, int, 0);
- module_param_array(enable_wol, int, NULL, 0);
- module_param(rx_copybreak, int, 0);
- module_param(max_interrupt_work, int, 0);
--module_param(compaq_ioaddr, int, 0);
--module_param(compaq_irq, int, 0);
-+module_param_hw(compaq_ioaddr, int, ioport, 0);
-+module_param_hw(compaq_irq, int, irq, 0);
- module_param(compaq_device_id, int, 0);
- module_param(watchdog, int, 0);
- module_param(global_use_mmio, int, 0);
-diff --git a/drivers/net/ethernet/8390/ne.c b/drivers/net/ethernet/8390/ne.c
-index c063b410a163..66f47987e2a2 100644
---- a/drivers/net/ethernet/8390/ne.c
-+++ b/drivers/net/ethernet/8390/ne.c
-@@ -74,8 +74,8 @@ static int bad[MAX_NE_CARDS];
- static u32 ne_msg_enable;
-
- #ifdef MODULE
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param_array(bad, int, NULL, 0);
- module_param_named(msg_enable, ne_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH));
- MODULE_PARM_DESC(io, "I/O base address(es),required");
-diff --git a/drivers/net/ethernet/8390/smc-ultra.c b/drivers/net/ethernet/8390/smc-ultra.c
-index 364b6514f65f..4e02f6a23575 100644
---- a/drivers/net/ethernet/8390/smc-ultra.c
-+++ b/drivers/net/ethernet/8390/smc-ultra.c
-@@ -561,8 +561,8 @@ static struct net_device *dev_ultra[MAX_ULTRA_CARDS];
- static int io[MAX_ULTRA_CARDS];
- static int irq[MAX_ULTRA_CARDS];
-
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param_named(msg_enable, ultra_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH));
- MODULE_PARM_DESC(io, "I/O base address(es)");
- MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)");
-diff --git a/drivers/net/ethernet/8390/wd.c b/drivers/net/ethernet/8390/wd.c
-index ad019cbc698f..6efa2722f850 100644
---- a/drivers/net/ethernet/8390/wd.c
-+++ b/drivers/net/ethernet/8390/wd.c
-@@ -503,10 +503,10 @@ static int irq[MAX_WD_CARDS];
- static int mem[MAX_WD_CARDS];
- static int mem_end[MAX_WD_CARDS]; /* for non std. mem size */
-
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
--module_param_array(mem, int, NULL, 0);
--module_param_array(mem_end, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
-+module_param_hw_array(mem, int, iomem, NULL, 0);
-+module_param_hw_array(mem_end, int, iomem, NULL, 0);
- module_param_named(msg_enable, wd_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH));
- MODULE_PARM_DESC(io, "I/O base address(es)");
- MODULE_PARM_DESC(irq, "IRQ number(s) (ignored for PureData boards)");
-diff --git a/drivers/net/ethernet/amd/lance.c b/drivers/net/ethernet/amd/lance.c
-index 61a641f23149..12a6a93d221b 100644
---- a/drivers/net/ethernet/amd/lance.c
-+++ b/drivers/net/ethernet/amd/lance.c
-@@ -318,9 +318,9 @@ static int io[MAX_CARDS];
- static int dma[MAX_CARDS];
- static int irq[MAX_CARDS];
-
--module_param_array(io, int, NULL, 0);
--module_param_array(dma, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(dma, int, dma, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param(lance_debug, int, 0);
- MODULE_PARM_DESC(io, "LANCE/PCnet I/O base address(es),required");
- MODULE_PARM_DESC(dma, "LANCE/PCnet ISA DMA channel (ignored for some devices)");
-diff --git a/drivers/net/ethernet/amd/ni65.c b/drivers/net/ethernet/amd/ni65.c
-index 5985bf220a8d..e248d1ab3e47 100644
---- a/drivers/net/ethernet/amd/ni65.c
-+++ b/drivers/net/ethernet/amd/ni65.c
-@@ -1227,9 +1227,9 @@ static void set_multicast_list(struct net_device *dev)
- #ifdef MODULE
- static struct net_device *dev_ni65;
-
--module_param(irq, int, 0);
--module_param(io, int, 0);
--module_param(dma, int, 0);
-+module_param_hw(irq, int, irq, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(dma, int, dma, 0);
- MODULE_PARM_DESC(irq, "ni6510 IRQ number (ignored for some cards)");
- MODULE_PARM_DESC(io, "ni6510 I/O base address");
- MODULE_PARM_DESC(dma, "ni6510 ISA DMA channel (ignored for some cards)");
-diff --git a/drivers/net/ethernet/cirrus/cs89x0.c b/drivers/net/ethernet/cirrus/cs89x0.c
-index 3647b28e8de0..8f660d9761cc 100644
---- a/drivers/net/ethernet/cirrus/cs89x0.c
-+++ b/drivers/net/ethernet/cirrus/cs89x0.c
-@@ -1704,12 +1704,12 @@ static int use_dma; /* These generate unused var warnings if ALLOW_DMA = 0 */
- static int dma;
- static int dmasize = 16; /* or 64 */
-
--module_param(io, int, 0);
--module_param(irq, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
- module_param(debug, int, 0);
- module_param_string(media, media, sizeof(media), 0);
- module_param(duplex, int, 0);
--module_param(dma , int, 0);
-+module_param_hw(dma , int, dma, 0);
- module_param(dmasize , int, 0);
- module_param(use_dma , int, 0);
- MODULE_PARM_DESC(io, "cs89x0 I/O base address");
-diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c
-index df4a871df633..fd6bcf024729 100644
---- a/drivers/net/ethernet/dec/tulip/de4x5.c
-+++ b/drivers/net/ethernet/dec/tulip/de4x5.c
-@@ -1015,7 +1015,7 @@ static int compact_infoblock(struct net_device *dev, u_char count, u_char *p
-
- static int io=0x0;/* EDIT THIS LINE FOR YOUR CONFIGURATION IF NEEDED */
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- module_param(de4x5_debug, int, 0);
- module_param(dec_only, int, 0);
- module_param(args, charp, 0);
-diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c
-index 1a31bee6e728..5673b071e39d 100644
---- a/drivers/net/ethernet/hp/hp100.c
-+++ b/drivers/net/ethernet/hp/hp100.c
-@@ -2966,7 +2966,7 @@ MODULE_DESCRIPTION("HP CASCADE Architecture Driver for 100VG-AnyLan Network Adap
- #define HP100_DEVICES 5
- /* Parameters set by insmod */
- static int hp100_port[HP100_DEVICES] = { 0, [1 ... (HP100_DEVICES-1)] = -1 };
--module_param_array(hp100_port, int, NULL, 0);
-+module_param_hw_array(hp100_port, int, ioport, NULL, 0);
-
- /* List of devices */
- static struct net_device *hp100_devlist[HP100_DEVICES];
-diff --git a/drivers/net/ethernet/realtek/atp.c b/drivers/net/ethernet/realtek/atp.c
-index 9bcd4aefc9c5..bed34684994f 100644
---- a/drivers/net/ethernet/realtek/atp.c
-+++ b/drivers/net/ethernet/realtek/atp.c
-@@ -151,8 +151,8 @@ MODULE_LICENSE("GPL");
-
- module_param(max_interrupt_work, int, 0);
- module_param(debug, int, 0);
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param_array(xcvr, int, NULL, 0);
- MODULE_PARM_DESC(max_interrupt_work, "ATP maximum events handled per interrupt");
- MODULE_PARM_DESC(debug, "ATP debug level (0-7)");
-diff --git a/drivers/net/ethernet/smsc/smc9194.c b/drivers/net/ethernet/smsc/smc9194.c
-index c8d84679ede7..d3bb2ba51f40 100644
---- a/drivers/net/ethernet/smsc/smc9194.c
-+++ b/drivers/net/ethernet/smsc/smc9194.c
-@@ -1501,8 +1501,8 @@ static void smc_set_multicast_list(struct net_device *dev)
- static struct net_device *devSMC9194;
- MODULE_LICENSE("GPL");
-
--module_param(io, int, 0);
--module_param(irq, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
- module_param(ifport, int, 0);
- MODULE_PARM_DESC(io, "SMC 99194 I/O base address");
- MODULE_PARM_DESC(irq, "SMC 99194 IRQ number");
diff --git a/debian/patches/features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 621ba0b..0000000
--- a/debian/patches/features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:26 +0100
-Subject: [20/62] Annotate hardware config module parameters in
- drivers/net/hamradio/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=2bf23e0fa97ea5c3bad27fa6f878b6ecde838ea4
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/hamradio/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Thomas Sailer <t.sailer at alumni.ethz.ch>
-cc: Joerg Reuter <jreuter at yaina.de>
-cc: linux-hams at vger.kernel.org
-cc: netdev at vger.kernel.org
----
- drivers/net/hamradio/baycom_epp.c | 2 +-
- drivers/net/hamradio/baycom_par.c | 2 +-
- drivers/net/hamradio/baycom_ser_fdx.c | 4 ++--
- drivers/net/hamradio/baycom_ser_hdx.c | 4 ++--
- drivers/net/hamradio/dmascc.c | 2 +-
- 5 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/drivers/net/hamradio/baycom_epp.c b/drivers/net/hamradio/baycom_epp.c
-index 594fa1407e29..1503f10122f7 100644
---- a/drivers/net/hamradio/baycom_epp.c
-+++ b/drivers/net/hamradio/baycom_epp.c
-@@ -1176,7 +1176,7 @@ static int iobase[NR_PORTS] = { 0x378, };
-
- module_param_array(mode, charp, NULL, 0);
- MODULE_PARM_DESC(mode, "baycom operating mode");
--module_param_array(iobase, int, NULL, 0);
-+module_param_hw_array(iobase, int, ioport, NULL, 0);
- MODULE_PARM_DESC(iobase, "baycom io base address");
-
- MODULE_AUTHOR("Thomas M. Sailer, sailer at ife.ee.ethz.ch, hb9jnx at hb9w.che.eu");
-diff --git a/drivers/net/hamradio/baycom_par.c b/drivers/net/hamradio/baycom_par.c
-index 809dc25909d1..92b13b39f426 100644
---- a/drivers/net/hamradio/baycom_par.c
-+++ b/drivers/net/hamradio/baycom_par.c
-@@ -481,7 +481,7 @@ static int iobase[NR_PORTS] = { 0x378, };
-
- module_param_array(mode, charp, NULL, 0);
- MODULE_PARM_DESC(mode, "baycom operating mode; eg. par96 or picpar");
--module_param_array(iobase, int, NULL, 0);
-+module_param_hw_array(iobase, int, ioport, NULL, 0);
- MODULE_PARM_DESC(iobase, "baycom io base address");
-
- MODULE_AUTHOR("Thomas M. Sailer, sailer at ife.ee.ethz.ch, hb9jnx at hb9w.che.eu");
-diff --git a/drivers/net/hamradio/baycom_ser_fdx.c b/drivers/net/hamradio/baycom_ser_fdx.c
-index ebc06822fd4d..d9a646acca20 100644
---- a/drivers/net/hamradio/baycom_ser_fdx.c
-+++ b/drivers/net/hamradio/baycom_ser_fdx.c
-@@ -614,9 +614,9 @@ static int baud[NR_PORTS] = { [0 ... NR_PORTS-1] = 1200 };
-
- module_param_array(mode, charp, NULL, 0);
- MODULE_PARM_DESC(mode, "baycom operating mode; * for software DCD");
--module_param_array(iobase, int, NULL, 0);
-+module_param_hw_array(iobase, int, ioport, NULL, 0);
- MODULE_PARM_DESC(iobase, "baycom io base address");
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "baycom irq number");
- module_param_array(baud, int, NULL, 0);
- MODULE_PARM_DESC(baud, "baycom baud rate (300 to 4800)");
-diff --git a/drivers/net/hamradio/baycom_ser_hdx.c b/drivers/net/hamradio/baycom_ser_hdx.c
-index 60fcf512c208..f1c8a9ff3891 100644
---- a/drivers/net/hamradio/baycom_ser_hdx.c
-+++ b/drivers/net/hamradio/baycom_ser_hdx.c
-@@ -642,9 +642,9 @@ static int irq[NR_PORTS] = { 4, };
-
- module_param_array(mode, charp, NULL, 0);
- MODULE_PARM_DESC(mode, "baycom operating mode; * for software DCD");
--module_param_array(iobase, int, NULL, 0);
-+module_param_hw_array(iobase, int, ioport, NULL, 0);
- MODULE_PARM_DESC(iobase, "baycom io base address");
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "baycom irq number");
-
- MODULE_AUTHOR("Thomas M. Sailer, sailer at ife.ee.ethz.ch, hb9jnx at hb9w.che.eu");
-diff --git a/drivers/net/hamradio/dmascc.c b/drivers/net/hamradio/dmascc.c
-index 2479072981a1..dec6b76bc0fb 100644
---- a/drivers/net/hamradio/dmascc.c
-+++ b/drivers/net/hamradio/dmascc.c
-@@ -274,7 +274,7 @@ static unsigned long rand;
-
- MODULE_AUTHOR("Klaus Kudielka");
- MODULE_DESCRIPTION("Driver for high-speed SCC boards");
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_LICENSE("GPL");
-
- static void __exit dmascc_exit(void)
diff --git a/debian/patches/features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index bd760af..0000000
--- a/debian/patches/features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:26 +0100
-Subject: [21/62] Annotate hardware config module parameters in
- drivers/net/irda/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=b14425b5b7dfe055d20f4e5b7e9c7013cf5784ac
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/irda/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Samuel Ortiz <samuel at sortiz.org>
-cc: netdev at vger.kernel.org
----
- drivers/net/irda/ali-ircc.c | 6 +++---
- drivers/net/irda/nsc-ircc.c | 6 +++---
- drivers/net/irda/smsc-ircc2.c | 10 +++++-----
- drivers/net/irda/w83977af_ir.c | 4 ++--
- 4 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/drivers/net/irda/ali-ircc.c b/drivers/net/irda/ali-ircc.c
-index c285eafd3f1c..35f198d83701 100644
---- a/drivers/net/irda/ali-ircc.c
-+++ b/drivers/net/irda/ali-ircc.c
-@@ -2207,11 +2207,11 @@ MODULE_LICENSE("GPL");
- MODULE_ALIAS("platform:" ALI_IRCC_DRIVER_NAME);
-
-
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_PARM_DESC(io, "Base I/O addresses");
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "IRQ lines");
--module_param_array(dma, int, NULL, 0);
-+module_param_hw_array(dma, int, dma, NULL, 0);
- MODULE_PARM_DESC(dma, "DMA channels");
-
- module_init(ali_ircc_init);
-diff --git a/drivers/net/irda/nsc-ircc.c b/drivers/net/irda/nsc-ircc.c
-index aaecc3baaf30..7beae147be11 100644
---- a/drivers/net/irda/nsc-ircc.c
-+++ b/drivers/net/irda/nsc-ircc.c
-@@ -2396,11 +2396,11 @@ MODULE_LICENSE("GPL");
-
- module_param(qos_mtt_bits, int, 0);
- MODULE_PARM_DESC(qos_mtt_bits, "Minimum Turn Time");
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_PARM_DESC(io, "Base I/O addresses");
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "IRQ lines");
--module_param_array(dma, int, NULL, 0);
-+module_param_hw_array(dma, int, dma, NULL, 0);
- MODULE_PARM_DESC(dma, "DMA channels");
- module_param(dongle_id, int, 0);
- MODULE_PARM_DESC(dongle_id, "Type-id of used dongle");
-diff --git a/drivers/net/irda/smsc-ircc2.c b/drivers/net/irda/smsc-ircc2.c
-index dcf92ba80872..23ed89ae5ddc 100644
---- a/drivers/net/irda/smsc-ircc2.c
-+++ b/drivers/net/irda/smsc-ircc2.c
-@@ -82,24 +82,24 @@ MODULE_PARM_DESC(nopnp, "Do not use PNP to detect controller settings, defaults
-
- #define DMA_INVAL 255
- static int ircc_dma = DMA_INVAL;
--module_param(ircc_dma, int, 0);
-+module_param_hw(ircc_dma, int, dma, 0);
- MODULE_PARM_DESC(ircc_dma, "DMA channel");
-
- #define IRQ_INVAL 255
- static int ircc_irq = IRQ_INVAL;
--module_param(ircc_irq, int, 0);
-+module_param_hw(ircc_irq, int, irq, 0);
- MODULE_PARM_DESC(ircc_irq, "IRQ line");
-
- static int ircc_fir;
--module_param(ircc_fir, int, 0);
-+module_param_hw(ircc_fir, int, ioport, 0);
- MODULE_PARM_DESC(ircc_fir, "FIR Base Address");
-
- static int ircc_sir;
--module_param(ircc_sir, int, 0);
-+module_param_hw(ircc_sir, int, ioport, 0);
- MODULE_PARM_DESC(ircc_sir, "SIR Base Address");
-
- static int ircc_cfg;
--module_param(ircc_cfg, int, 0);
-+module_param_hw(ircc_cfg, int, ioport, 0);
- MODULE_PARM_DESC(ircc_cfg, "Configuration register base address");
-
- static int ircc_transceiver;
-diff --git a/drivers/net/irda/w83977af_ir.c b/drivers/net/irda/w83977af_ir.c
-index 8d5b903d1d9d..282b6c9ae05b 100644
---- a/drivers/net/irda/w83977af_ir.c
-+++ b/drivers/net/irda/w83977af_ir.c
-@@ -1263,9 +1263,9 @@ MODULE_LICENSE("GPL");
-
- module_param(qos_mtt_bits, int, 0);
- MODULE_PARM_DESC(qos_mtt_bits, "Mimimum Turn Time");
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_PARM_DESC(io, "Base I/O addresses");
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "IRQ lines");
-
- /*
diff --git a/debian/patches/features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 781baae..0000000
--- a/debian/patches/features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:27 +0100
-Subject: [22/62] Annotate hardware config module parameters in
- drivers/net/wan/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=ded1b99ef0c3cc59cd79b7a8c20c844cf3374bb5
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/wan/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: "Jan \"Yenya\" Kasprzak" <kas at fi.muni.cz>
-cc: netdev at vger.kernel.org
----
- drivers/net/wan/cosa.c | 6 +++---
- drivers/net/wan/hostess_sv11.c | 6 +++---
- drivers/net/wan/sbni.c | 4 ++--
- drivers/net/wan/sealevel.c | 8 ++++----
- 4 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/drivers/net/wan/cosa.c b/drivers/net/wan/cosa.c
-index 4ca71bca39ac..6ea16260ec76 100644
---- a/drivers/net/wan/cosa.c
-+++ b/drivers/net/wan/cosa.c
-@@ -232,11 +232,11 @@ static int irq[MAX_CARDS+1] = { -1, -1, -1, -1, -1, -1, 0, };
- static struct class *cosa_class;
-
- #ifdef MODULE
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_PARM_DESC(io, "The I/O bases of the COSA or SRP cards");
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "The IRQ lines of the COSA or SRP cards");
--module_param_array(dma, int, NULL, 0);
-+module_param_hw_array(dma, int, dma, NULL, 0);
- MODULE_PARM_DESC(dma, "The DMA channels of the COSA or SRP cards");
-
- MODULE_AUTHOR("Jan \"Yenya\" Kasprzak, <kas at fi.muni.cz>");
-diff --git a/drivers/net/wan/hostess_sv11.c b/drivers/net/wan/hostess_sv11.c
-index dd6bb3364ad2..4de0737fbf8a 100644
---- a/drivers/net/wan/hostess_sv11.c
-+++ b/drivers/net/wan/hostess_sv11.c
-@@ -324,11 +324,11 @@ static void sv11_shutdown(struct z8530_dev *dev)
- static int io = 0x200;
- static int irq = 9;
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- MODULE_PARM_DESC(io, "The I/O base of the Comtrol Hostess SV11 card");
--module_param(dma, int, 0);
-+module_param_hw(dma, int, dma, 0);
- MODULE_PARM_DESC(dma, "Set this to 1 to use DMA1/DMA3 for TX/RX");
--module_param(irq, int, 0);
-+module_param_hw(irq, int, irq, 0);
- MODULE_PARM_DESC(irq, "The interrupt line setting for the Comtrol Hostess SV11 card");
-
- MODULE_AUTHOR("Alan Cox");
-diff --git a/drivers/net/wan/sbni.c b/drivers/net/wan/sbni.c
-index 3ca3419c54a0..bde8c0339831 100644
---- a/drivers/net/wan/sbni.c
-+++ b/drivers/net/wan/sbni.c
-@@ -1463,8 +1463,8 @@ set_multicast_list( struct net_device *dev )
-
-
- #ifdef MODULE
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param_array(baud, int, NULL, 0);
- module_param_array(rxl, int, NULL, 0);
- module_param_array(mac, int, NULL, 0);
-diff --git a/drivers/net/wan/sealevel.c b/drivers/net/wan/sealevel.c
-index fbb5aa2c4d8f..c56f2c252113 100644
---- a/drivers/net/wan/sealevel.c
-+++ b/drivers/net/wan/sealevel.c
-@@ -363,13 +363,13 @@ static int rxdma=3;
- static int irq=5;
- static bool slow=false;
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- MODULE_PARM_DESC(io, "The I/O base of the Sealevel card");
--module_param(txdma, int, 0);
-+module_param_hw(txdma, int, dma, 0);
- MODULE_PARM_DESC(txdma, "Transmit DMA channel");
--module_param(rxdma, int, 0);
-+module_param_hw(rxdma, int, dma, 0);
- MODULE_PARM_DESC(rxdma, "Receive DMA channel");
--module_param(irq, int, 0);
-+module_param_hw(irq, int, irq, 0);
- MODULE_PARM_DESC(irq, "The interrupt line setting for the SeaLevel card");
- module_param(slow, bool, 0);
- MODULE_PARM_DESC(slow, "Set this for an older Sealevel card such as the 4012");
diff --git a/debian/patches/features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 842f064..0000000
--- a/debian/patches/features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:27 +0100
-Subject: [23/62] Annotate hardware config module parameters in
- drivers/net/wireless/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=8108f1c7cb7cc32f93f280322f4aa1ba5314a66e
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/net/wireless/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Kalle Valo <kvalo at codeaurora.org>
-cc: linux-wireless at vger.kernel.org
-cc: netdev at vger.kernel.org
----
- drivers/net/wireless/cisco/airo.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c
-index 4b040451a9b8..1b7e125a28e2 100644
---- a/drivers/net/wireless/cisco/airo.c
-+++ b/drivers/net/wireless/cisco/airo.c
-@@ -246,8 +246,8 @@ MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet cards. "
- "Direct support for ISA/PCI/MPI cards and support for PCMCIA when used with airo_cs.");
- MODULE_LICENSE("Dual BSD/GPL");
- MODULE_SUPPORTED_DEVICE("Aironet 4500, 4800 and Cisco 340/350");
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param_array(rates, int, NULL, 0);
- module_param_array(ssids, charp, NULL, 0);
- module_param(auto_wep, int, 0);
diff --git a/debian/patches/features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 64db790..0000000
--- a/debian/patches/features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:27 +0100
-Subject: [24/62] Annotate hardware config module parameters in
- drivers/parport/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e2450282634057131e64fb8bb83a22e1a9427694
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/parport/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Sudip Mukherjee <sudipm.mukherjee at gmail.com>
----
- drivers/parport/parport_pc.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c
-index 9d42dfe65d44..5548193a28a6 100644
---- a/drivers/parport/parport_pc.c
-+++ b/drivers/parport/parport_pc.c
-@@ -3150,13 +3150,13 @@ static char *irq[PARPORT_PC_MAX_PORTS];
- static char *dma[PARPORT_PC_MAX_PORTS];
-
- MODULE_PARM_DESC(io, "Base I/O address (SPP regs)");
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_PARM_DESC(io_hi, "Base I/O address (ECR)");
--module_param_array(io_hi, int, NULL, 0);
-+module_param_hw_array(io_hi, int, ioport, NULL, 0);
- MODULE_PARM_DESC(irq, "IRQ line");
--module_param_array(irq, charp, NULL, 0);
-+module_param_hw_array(irq, charp, irq, NULL, 0);
- MODULE_PARM_DESC(dma, "DMA channel");
--module_param_array(dma, charp, NULL, 0);
-+module_param_hw_array(dma, charp, dma, NULL, 0);
- #if defined(CONFIG_PARPORT_PC_SUPERIO) || \
- (defined(CONFIG_PARPORT_1284) && defined(CONFIG_PARPORT_PC_FIFO))
- MODULE_PARM_DESC(verbose_probing, "Log chit-chat during initialisation");
diff --git a/debian/patches/features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index c00449a..0000000
--- a/debian/patches/features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:27 +0100
-Subject: [25/62] Annotate hardware config module parameters in
- drivers/pci/hotplug/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=683739ab2441e5a3c530bee7d7c79f13a38bb425
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/pci/hotplug/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Acked-by: Bjorn Helgaas <bhelgaas at google.com>
-cc: Scott Murray <scott at spiteful.org>
-cc: linux-pci at vger.kernel.org
----
- drivers/pci/hotplug/cpcihp_generic.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/pci/hotplug/cpcihp_generic.c b/drivers/pci/hotplug/cpcihp_generic.c
-index 88a44a707b96..bbf9cf8aeaad 100644
---- a/drivers/pci/hotplug/cpcihp_generic.c
-+++ b/drivers/pci/hotplug/cpcihp_generic.c
-@@ -220,7 +220,7 @@ module_param(first_slot, byte, 0);
- MODULE_PARM_DESC(first_slot, "Hotswap bus first slot number");
- module_param(last_slot, byte, 0);
- MODULE_PARM_DESC(last_slot, "Hotswap bus last slot number");
--module_param(port, ushort, 0);
-+module_param_hw(port, ushort, ioport, 0);
- MODULE_PARM_DESC(port, "#ENUM signal I/O port");
- module_param(enum_bit, uint, 0);
- MODULE_PARM_DESC(enum_bit, "#ENUM signal bit (0-7)");
diff --git a/debian/patches/features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 0c35057..0000000
--- a/debian/patches/features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:27 +0100
-Subject: [26/62] Annotate hardware config module parameters in drivers/pcmcia/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=abc3baae64c4956fd6d5b1b2b0d78cdc75fb8765
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/pcmcia/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: linux-pcmcia at lists.infradead.org
----
- drivers/pcmcia/i82365.c | 8 ++++----
- drivers/pcmcia/tcic.c | 8 ++++----
- 2 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/drivers/pcmcia/i82365.c b/drivers/pcmcia/i82365.c
-index eb0d80a429e4..fb38cc01859f 100644
---- a/drivers/pcmcia/i82365.c
-+++ b/drivers/pcmcia/i82365.c
-@@ -108,12 +108,12 @@ static int async_clock = -1;
- static int cable_mode = -1;
- static int wakeup = 0;
-
--module_param(i365_base, ulong, 0444);
-+module_param_hw(i365_base, ulong, ioport, 0444);
- module_param(ignore, int, 0444);
- module_param(extra_sockets, int, 0444);
--module_param(irq_mask, int, 0444);
--module_param_array(irq_list, int, &irq_list_count, 0444);
--module_param(cs_irq, int, 0444);
-+module_param_hw(irq_mask, int, other, 0444);
-+module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444);
-+module_param_hw(cs_irq, int, irq, 0444);
- module_param(async_clock, int, 0444);
- module_param(cable_mode, int, 0444);
- module_param(wakeup, int, 0444);
-diff --git a/drivers/pcmcia/tcic.c b/drivers/pcmcia/tcic.c
-index 1ee63e5f0550..a1ac72d51d70 100644
---- a/drivers/pcmcia/tcic.c
-+++ b/drivers/pcmcia/tcic.c
-@@ -85,12 +85,12 @@ static int poll_quick = HZ/20;
- /* CCLK external clock time, in nanoseconds. 70 ns = 14.31818 MHz */
- static int cycle_time = 70;
-
--module_param(tcic_base, ulong, 0444);
-+module_param_hw(tcic_base, ulong, ioport, 0444);
- module_param(ignore, int, 0444);
- module_param(do_scan, int, 0444);
--module_param(irq_mask, int, 0444);
--module_param_array(irq_list, int, &irq_list_count, 0444);
--module_param(cs_irq, int, 0444);
-+module_param_hw(irq_mask, int, other, 0444);
-+module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444);
-+module_param_hw(cs_irq, int, irq, 0444);
- module_param(poll_interval, int, 0444);
- module_param(poll_quick, int, 0444);
- module_param(cycle_time, int, 0444);
diff --git a/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch
index cc6ed98..dba4d7a 100644
--- a/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch
+++ b/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch
@@ -1,7 +1,8 @@
From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:27 +0100
-Subject: [27/62] Annotate hardware config module parameters in drivers/scsi/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e3d6517827cdca4e24f36d50df94b0241e91ae8a
+Date: Tue, 4 Apr 2017 16:54:28 +0100
+Subject: [27/61] Annotate hardware config module parameters in
+ drivers/staging/media/
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=db33ab46d89c69211f56940278c394067fe6876e
When the kernel is running in secure boot mode, we lock down the kernel to
prevent userspace from modifying the running kernel image. Whilst this
@@ -21,111 +22,31 @@ drivers have viable defaults set in case parameters aren't specified and
some drivers support automatic configuration (e.g. PNP or PCI) in addition
to manually coded parameters.
-This patch annotates drivers in drivers/scsi/.
+This patch annotates drivers in drivers/staging/media/.
Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
Signed-off-by: David Howells <dhowells at redhat.com>
-cc: "Juergen E. Fischer" <fischer at norbit.de>
-cc: "James E.J. Bottomley" <jejb at linux.vnet.ibm.com>
-cc: "Martin K. Petersen" <martin.petersen at oracle.com>
-cc: Dario Ballabio <ballabio_dario at emc.com>
-cc: Finn Thain <fthain at telegraphics.com.au>
-cc: Michael Schmitz <schmitzmic at gmail.com>
-cc: Achim Leubner <achim_leubner at adaptec.com>
-cc: linux-scsi at vger.kernel.org
+cc: Mauro Carvalho Chehab <mchehab at kernel.org>
+cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+cc: linux-media at vger.kernel.org
+cc: devel at driverdev.osuosl.org
+[bwh: For 4.12, fix up filename and permission format]
---
- drivers/scsi/aha152x.c | 4 ++--
- drivers/scsi/aha1542.c | 2 +-
- drivers/scsi/g_NCR5380.c | 8 ++++----
- drivers/scsi/gdth.c | 2 +-
- drivers/scsi/qlogicfas.c | 4 ++--
- 5 files changed, 10 insertions(+), 10 deletions(-)
+ drivers/media/rc/sir_ir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/drivers/scsi/aha152x.c b/drivers/scsi/aha152x.c
-index f44d0487236e..ce5dc73d85bb 100644
---- a/drivers/scsi/aha152x.c
-+++ b/drivers/scsi/aha152x.c
-@@ -331,11 +331,11 @@ MODULE_LICENSE("GPL");
- #if !defined(PCMCIA)
- #if defined(MODULE)
- static int io[] = {0, 0};
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_PARM_DESC(io,"base io address of controller");
+--- a/drivers/media/rc/sir_ir.c
++++ b/drivers/media/rc/sir_ir.c
+@@ -434,10 +434,10 @@ MODULE_DESCRIPTION("Infrared receiver dr
+ MODULE_AUTHOR("Milan Pikula");
+ MODULE_LICENSE("GPL");
- static int irq[] = {0, 0};
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq,"interrupt for controller");
+-module_param(io, int, 0444);
++module_param_hw(io, int, ioport, 0444);
+ MODULE_PARM_DESC(io, "I/O address base (0x3f8 or 0x2f8)");
- static int scsiid[] = {7, 7};
-diff --git a/drivers/scsi/aha1542.c b/drivers/scsi/aha1542.c
-index 7db448ec8beb..a23cc9ac5acd 100644
---- a/drivers/scsi/aha1542.c
-+++ b/drivers/scsi/aha1542.c
-@@ -31,7 +31,7 @@ module_param(isapnp, bool, 0);
- MODULE_PARM_DESC(isapnp, "enable PnP support (default=1)");
-
- static int io[MAXBOARDS] = { 0x330, 0x334, 0, 0 };
--module_param_array(io, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
- MODULE_PARM_DESC(io, "base IO address of controller (0x130,0x134,0x230,0x234,0x330,0x334, default=0x330,0x334)");
-
- /* time AHA spends on the AT-bus during data transfer */
-diff --git a/drivers/scsi/g_NCR5380.c b/drivers/scsi/g_NCR5380.c
-index 67c8dac321ad..c34fc91ba486 100644
---- a/drivers/scsi/g_NCR5380.c
-+++ b/drivers/scsi/g_NCR5380.c
-@@ -85,8 +85,8 @@ static int ncr_53c400;
- static int ncr_53c400a;
- static int dtc_3181e;
- static int hp_c2502;
--module_param(ncr_irq, int, 0);
--module_param(ncr_addr, int, 0);
-+module_param_hw(ncr_irq, int, irq, 0);
-+module_param_hw(ncr_addr, int, ioport, 0);
- module_param(ncr_5380, int, 0);
- module_param(ncr_53c400, int, 0);
- module_param(ncr_53c400a, int, 0);
-@@ -94,11 +94,11 @@ module_param(dtc_3181e, int, 0);
- module_param(hp_c2502, int, 0);
-
- static int irq[] = { -1, -1, -1, -1, -1, -1, -1, -1 };
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(irq, "IRQ number(s) (0=none, 254=auto [default])");
-
- static int base[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
--module_param_array(base, int, NULL, 0);
-+module_param_hw_array(base, int, ioport, NULL, 0);
- MODULE_PARM_DESC(base, "base address(es)");
-
- static int card[] = { -1, -1, -1, -1, -1, -1, -1, -1 };
-diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
-index d020a13646ae..facc7271f932 100644
---- a/drivers/scsi/gdth.c
-+++ b/drivers/scsi/gdth.c
-@@ -353,7 +353,7 @@ static int probe_eisa_isa = 0;
- static int force_dma32 = 0;
-
- /* parameters for modprobe/insmod */
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- module_param(disable, int, 0);
- module_param(reserve_mode, int, 0);
- module_param_array(reserve_list, int, NULL, 0);
-diff --git a/drivers/scsi/qlogicfas.c b/drivers/scsi/qlogicfas.c
-index 61cac87fb86f..840823b99e51 100644
---- a/drivers/scsi/qlogicfas.c
-+++ b/drivers/scsi/qlogicfas.c
-@@ -137,8 +137,8 @@ static struct Scsi_Host *__qlogicfas_detect(struct scsi_host_template *host,
- static struct qlogicfas408_priv *cards;
- static int iobase[MAX_QLOGICFAS];
- static int irq[MAX_QLOGICFAS] = { [0 ... MAX_QLOGICFAS-1] = -1 };
--module_param_array(iobase, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(iobase, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
- MODULE_PARM_DESC(iobase, "I/O address");
- MODULE_PARM_DESC(irq, "IRQ");
+-module_param(irq, int, 0444);
++module_param_hw(irq, int, irq, 0444);
+ MODULE_PARM_DESC(irq, "Interrupt (4 or 3)");
+ module_param(threshold, int, 0444);
diff --git a/debian/patches/features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 2ec6903..0000000
--- a/debian/patches/features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:28 +0100
-Subject: [28/62] Annotate hardware config module parameters in
- drivers/staging/media/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=db33ab46d89c69211f56940278c394067fe6876e
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/staging/media/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Mauro Carvalho Chehab <mchehab at kernel.org>
-cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
-cc: linux-media at vger.kernel.org
-cc: devel at driverdev.osuosl.org
----
- drivers/staging/media/lirc/lirc_sir.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/staging/media/lirc/lirc_sir.c b/drivers/staging/media/lirc/lirc_sir.c
-index c6c3de94adaa..dde46dd8cabb 100644
---- a/drivers/staging/media/lirc/lirc_sir.c
-+++ b/drivers/staging/media/lirc/lirc_sir.c
-@@ -826,10 +826,10 @@ MODULE_AUTHOR("Milan Pikula");
- #endif
- MODULE_LICENSE("GPL");
-
--module_param(io, int, S_IRUGO);
-+module_param_hw(io, int, ioport, S_IRUGO);
- MODULE_PARM_DESC(io, "I/O address base (0x3f8 or 0x2f8)");
-
--module_param(irq, int, S_IRUGO);
-+module_param_hw(irq, int, irq, S_IRUGO);
- MODULE_PARM_DESC(irq, "Interrupt (4 or 3)");
-
- module_param(threshold, int, S_IRUGO);
diff --git a/debian/patches/features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index c2fe660..0000000
--- a/debian/patches/features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:28 +0100
-Subject: [29/62] Annotate hardware config module parameters in
- drivers/staging/speakup/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=1f78a159fa613a2d95754c1e3ea067c749aeb509
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/staging/speakup/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
-cc: speakup at linux-speakup.org
-cc: devel at driverdev.osuosl.org
----
- drivers/staging/speakup/speakup_acntpc.c | 2 +-
- drivers/staging/speakup/speakup_dtlk.c | 2 +-
- drivers/staging/speakup/speakup_keypc.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/drivers/staging/speakup/speakup_acntpc.c b/drivers/staging/speakup/speakup_acntpc.c
-index c7fab261d860..b6fbf9de1f85 100644
---- a/drivers/staging/speakup/speakup_acntpc.c
-+++ b/drivers/staging/speakup/speakup_acntpc.c
-@@ -307,7 +307,7 @@ static void accent_release(void)
- speakup_info.port_tts = 0;
- }
-
--module_param_named(port, port_forced, int, 0444);
-+module_param_hw_named(port, port_forced, int, ioport, 0444);
- module_param_named(start, synth_acntpc.startup, short, 0444);
-
- MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing).");
-diff --git a/drivers/staging/speakup/speakup_dtlk.c b/drivers/staging/speakup/speakup_dtlk.c
-index e2bf20806d8d..9c097fda07b0 100644
---- a/drivers/staging/speakup/speakup_dtlk.c
-+++ b/drivers/staging/speakup/speakup_dtlk.c
-@@ -378,7 +378,7 @@ static void dtlk_release(void)
- speakup_info.port_tts = 0;
- }
-
--module_param_named(port, port_forced, int, 0444);
-+module_param_hw_named(port, port_forced, int, ioport, 0444);
- module_param_named(start, synth_dtlk.startup, short, 0444);
-
- MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing).");
-diff --git a/drivers/staging/speakup/speakup_keypc.c b/drivers/staging/speakup/speakup_keypc.c
-index 10f4964782e2..e653b52175b8 100644
---- a/drivers/staging/speakup/speakup_keypc.c
-+++ b/drivers/staging/speakup/speakup_keypc.c
-@@ -309,7 +309,7 @@ static void keynote_release(void)
- synth_port = 0;
- }
-
--module_param_named(port, port_forced, int, 0444);
-+module_param_hw_named(port, port_forced, int, ioport, 0444);
- module_param_named(start, synth_keypc.startup, short, 0444);
-
- MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing).");
diff --git a/debian/patches/features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 2b9ef64..0000000
--- a/debian/patches/features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:28 +0100
-Subject: [30/62] Annotate hardware config module parameters in
- drivers/staging/vme/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=ae1779570a11610bc25974a9574e2cbc29ba1508
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/staging/vme/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Martyn Welch <martyn at welchs.me.uk>
-cc: Manohar Vanga <manohar.vanga at gmail.com>
-cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
-cc: devel at driverdev.osuosl.org
----
- drivers/staging/vme/devices/vme_pio2_core.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/staging/vme/devices/vme_pio2_core.c b/drivers/staging/vme/devices/vme_pio2_core.c
-index 20a2d835fdaa..367535b4b77f 100644
---- a/drivers/staging/vme/devices/vme_pio2_core.c
-+++ b/drivers/staging/vme/devices/vme_pio2_core.c
-@@ -466,16 +466,16 @@ static void __exit pio2_exit(void)
-
- /* These are required for each board */
- MODULE_PARM_DESC(bus, "Enumeration of VMEbus to which the board is connected");
--module_param_array(bus, int, &bus_num, 0444);
-+module_param_hw_array(bus, int, other, &bus_num, 0444);
-
- MODULE_PARM_DESC(base, "Base VME address for PIO2 Registers");
--module_param_array(base, long, &base_num, 0444);
-+module_param_hw_array(base, long, other, &base_num, 0444);
-
- MODULE_PARM_DESC(vector, "VME IRQ Vector (Lower 4 bits masked)");
--module_param_array(vector, int, &vector_num, 0444);
-+module_param_hw_array(vector, int, other, &vector_num, 0444);
-
- MODULE_PARM_DESC(level, "VME IRQ Level");
--module_param_array(level, int, &level_num, 0444);
-+module_param_hw_array(level, int, other, &level_num, 0444);
-
- MODULE_PARM_DESC(variant, "Last 4 characters of PIO2 board variant");
- module_param_array(variant, charp, &variant_num, 0444);
diff --git a/debian/patches/features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 85ac44b..0000000
--- a/debian/patches/features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:29 +0100
-Subject: [31/62] Annotate hardware config module parameters in drivers/tty/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=87194408fc816138aa4900548202ad45d5816b54
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/tty/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
-cc: Jiri Slaby <jslaby at suse.com>
-cc: linux-serial at vger.kernel.org
----
- drivers/tty/cyclades.c | 4 ++--
- drivers/tty/moxa.c | 2 +-
- drivers/tty/mxser.c | 2 +-
- drivers/tty/rocket.c | 10 +++++-----
- drivers/tty/serial/8250/8250_core.c | 4 ++--
- drivers/tty/synclink.c | 6 +++---
- 6 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c
-index 5e4fa9206861..104f09c58163 100644
---- a/drivers/tty/cyclades.c
-+++ b/drivers/tty/cyclades.c
-@@ -156,8 +156,8 @@ static unsigned int cy_isa_addresses[] = {
- static long maddr[NR_CARDS];
- static int irq[NR_CARDS];
-
--module_param_array(maddr, long, NULL, 0);
--module_param_array(irq, int, NULL, 0);
-+module_param_hw_array(maddr, long, iomem, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
-
- #endif /* CONFIG_ISA */
-
-diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c
-index 4caf0c3b1f99..3b251f4e5df0 100644
---- a/drivers/tty/moxa.c
-+++ b/drivers/tty/moxa.c
-@@ -179,7 +179,7 @@ MODULE_FIRMWARE("c320tunx.cod");
-
- module_param_array(type, uint, NULL, 0);
- MODULE_PARM_DESC(type, "card type: C218=2, C320=4");
--module_param_array(baseaddr, ulong, NULL, 0);
-+module_param_hw_array(baseaddr, ulong, ioport, NULL, 0);
- MODULE_PARM_DESC(baseaddr, "base address");
- module_param_array(numports, uint, NULL, 0);
- MODULE_PARM_DESC(numports, "numports (ignored for C218)");
-diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c
-index 7b8f383fb090..8bd6fb6d9391 100644
---- a/drivers/tty/mxser.c
-+++ b/drivers/tty/mxser.c
-@@ -183,7 +183,7 @@ static int ttymajor = MXSERMAJOR;
-
- MODULE_AUTHOR("Casper Yang");
- MODULE_DESCRIPTION("MOXA Smartio/Industio Family Multiport Board Device Driver");
--module_param_array(ioaddr, ulong, NULL, 0);
-+module_param_hw_array(ioaddr, ulong, ioport, NULL, 0);
- MODULE_PARM_DESC(ioaddr, "ISA io addresses to look for a moxa board");
- module_param(ttymajor, int, 0);
- MODULE_LICENSE("GPL");
-diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
-index d66c1edd9892..b51a877da986 100644
---- a/drivers/tty/rocket.c
-+++ b/drivers/tty/rocket.c
-@@ -250,15 +250,15 @@ static int sReadAiopNumChan(WordIO_t io);
-
- MODULE_AUTHOR("Theodore Ts'o");
- MODULE_DESCRIPTION("Comtrol RocketPort driver");
--module_param(board1, ulong, 0);
-+module_param_hw(board1, ulong, ioport, 0);
- MODULE_PARM_DESC(board1, "I/O port for (ISA) board #1");
--module_param(board2, ulong, 0);
-+module_param_hw(board2, ulong, ioport, 0);
- MODULE_PARM_DESC(board2, "I/O port for (ISA) board #2");
--module_param(board3, ulong, 0);
-+module_param_hw(board3, ulong, ioport, 0);
- MODULE_PARM_DESC(board3, "I/O port for (ISA) board #3");
--module_param(board4, ulong, 0);
-+module_param_hw(board4, ulong, ioport, 0);
- MODULE_PARM_DESC(board4, "I/O port for (ISA) board #4");
--module_param(controller, ulong, 0);
-+module_param_hw(controller, ulong, ioport, 0);
- MODULE_PARM_DESC(controller, "I/O port for (ISA) rocketport controller");
- module_param(support_low_speed, bool, 0);
- MODULE_PARM_DESC(support_low_speed, "1 means support 50 baud, 0 means support 460400 baud");
-diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
-index 76e03a7de9cc..89fde17d9617 100644
---- a/drivers/tty/serial/8250/8250_core.c
-+++ b/drivers/tty/serial/8250/8250_core.c
-@@ -1191,7 +1191,7 @@ module_exit(serial8250_exit);
- MODULE_LICENSE("GPL");
- MODULE_DESCRIPTION("Generic 8250/16x50 serial driver");
-
--module_param(share_irqs, uint, 0644);
-+module_param_hw(share_irqs, uint, other, 0644);
- MODULE_PARM_DESC(share_irqs, "Share IRQs with other non-8250/16x50 devices (unsafe)");
-
- module_param(nr_uarts, uint, 0644);
-@@ -1201,7 +1201,7 @@ module_param(skip_txen_test, uint, 0644);
- MODULE_PARM_DESC(skip_txen_test, "Skip checking for the TXEN bug at init time");
-
- #ifdef CONFIG_SERIAL_8250_RSA
--module_param_array(probe_rsa, ulong, &probe_rsa_count, 0444);
-+module_param_hw_array(probe_rsa, ulong, ioport, &probe_rsa_count, 0444);
- MODULE_PARM_DESC(probe_rsa, "Probe I/O ports for RSA");
- #endif
- MODULE_ALIAS_CHARDEV_MAJOR(TTY_MAJOR);
-diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c
-index 657eed82eeb3..a2c308f7d637 100644
---- a/drivers/tty/synclink.c
-+++ b/drivers/tty/synclink.c
-@@ -869,9 +869,9 @@ static int txholdbufs[MAX_TOTAL_DEVICES];
-
- module_param(break_on_load, bool, 0);
- module_param(ttymajor, int, 0);
--module_param_array(io, int, NULL, 0);
--module_param_array(irq, int, NULL, 0);
--module_param_array(dma, int, NULL, 0);
-+module_param_hw_array(io, int, ioport, NULL, 0);
-+module_param_hw_array(irq, int, irq, NULL, 0);
-+module_param_hw_array(dma, int, dma, NULL, 0);
- module_param(debug_level, int, 0);
- module_param_array(maxframe, int, NULL, 0);
- module_param_array(txdmabufs, int, NULL, 0);
diff --git a/debian/patches/features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index 5bd4858..0000000
--- a/debian/patches/features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:29 +0100
-Subject: [32/62] Annotate hardware config module parameters in drivers/video/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=1692fe8ef6a9f19be6c4943dda5d67f31ea0f561
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/video/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Jaya Kumar <jayalk at intworks.biz>
-cc: Tomi Valkeinen <tomi.valkeinen at ti.com>
-cc: linux-fbdev at vger.kernel.org
----
- drivers/video/fbdev/arcfb.c | 8 ++++----
- drivers/video/fbdev/n411.c | 6 +++---
- 2 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/drivers/video/fbdev/arcfb.c b/drivers/video/fbdev/arcfb.c
-index 1928cb2b5386..7e87d0d61658 100644
---- a/drivers/video/fbdev/arcfb.c
-+++ b/drivers/video/fbdev/arcfb.c
-@@ -645,17 +645,17 @@ module_param(nosplash, uint, 0);
- MODULE_PARM_DESC(nosplash, "Disable doing the splash screen");
- module_param(arcfb_enable, uint, 0);
- MODULE_PARM_DESC(arcfb_enable, "Enable communication with Arc board");
--module_param(dio_addr, ulong, 0);
-+module_param_hw(dio_addr, ulong, ioport, 0);
- MODULE_PARM_DESC(dio_addr, "IO address for data, eg: 0x480");
--module_param(cio_addr, ulong, 0);
-+module_param_hw(cio_addr, ulong, ioport, 0);
- MODULE_PARM_DESC(cio_addr, "IO address for control, eg: 0x400");
--module_param(c2io_addr, ulong, 0);
-+module_param_hw(c2io_addr, ulong, ioport, 0);
- MODULE_PARM_DESC(c2io_addr, "IO address for secondary control, eg: 0x408");
- module_param(splashval, ulong, 0);
- MODULE_PARM_DESC(splashval, "Splash pattern: 0xFF is black, 0x00 is green");
- module_param(tuhold, ulong, 0);
- MODULE_PARM_DESC(tuhold, "Time to hold between strobing data to Arc board");
--module_param(irq, uint, 0);
-+module_param_hw(irq, uint, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ for the Arc board");
-
- module_init(arcfb_init);
-diff --git a/drivers/video/fbdev/n411.c b/drivers/video/fbdev/n411.c
-index 053deacad7cc..a3677313396e 100644
---- a/drivers/video/fbdev/n411.c
-+++ b/drivers/video/fbdev/n411.c
-@@ -193,11 +193,11 @@ module_exit(n411_exit);
-
- module_param(nosplash, uint, 0);
- MODULE_PARM_DESC(nosplash, "Disable doing the splash screen");
--module_param(dio_addr, ulong, 0);
-+module_param_hw(dio_addr, ulong, ioport, 0);
- MODULE_PARM_DESC(dio_addr, "IO address for data, eg: 0x480");
--module_param(cio_addr, ulong, 0);
-+module_param_hw(cio_addr, ulong, ioport, 0);
- MODULE_PARM_DESC(cio_addr, "IO address for control, eg: 0x400");
--module_param(c2io_addr, ulong, 0);
-+module_param_hw(c2io_addr, ulong, ioport, 0);
- MODULE_PARM_DESC(c2io_addr, "IO address for secondary control, eg: 0x408");
- module_param(splashval, ulong, 0);
- MODULE_PARM_DESC(splashval, "Splash pattern: 0x00 is black, 0x01 is white");
diff --git a/debian/patches/features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch
deleted file mode 100644
index db39200..0000000
--- a/debian/patches/features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:29 +0100
-Subject: [33/62] Annotate hardware config module parameters in
- drivers/watchdog/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=6664038216d98a13d389bc26dfb70859e2c9f9f7
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in drivers/watchdog/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-Reviewed-by: Guenter Roeck <linux at roeck-us.net>
-cc: Wim Van Sebroeck <wim at iguana.be>
-cc: Zwane Mwaikambo <zwanem at gmail.com>
-cc: linux-watchdog at vger.kernel.org
----
- drivers/watchdog/cpu5wdt.c | 2 +-
- drivers/watchdog/eurotechwdt.c | 4 ++--
- drivers/watchdog/pc87413_wdt.c | 2 +-
- drivers/watchdog/sc1200wdt.c | 2 +-
- drivers/watchdog/wdt.c | 4 ++--
- 5 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/drivers/watchdog/cpu5wdt.c b/drivers/watchdog/cpu5wdt.c
-index 6d03e8e30f8b..6c3f78e45c26 100644
---- a/drivers/watchdog/cpu5wdt.c
-+++ b/drivers/watchdog/cpu5wdt.c
-@@ -289,7 +289,7 @@ MODULE_DESCRIPTION("sma cpu5 watchdog driver");
- MODULE_SUPPORTED_DEVICE("sma cpu5 watchdog");
- MODULE_LICENSE("GPL");
-
--module_param(port, int, 0);
-+module_param_hw(port, int, ioport, 0);
- MODULE_PARM_DESC(port, "base address of watchdog card, default is 0x91");
-
- module_param(verbose, int, 0);
-diff --git a/drivers/watchdog/eurotechwdt.c b/drivers/watchdog/eurotechwdt.c
-index 23ee53240c4c..38e96712264f 100644
---- a/drivers/watchdog/eurotechwdt.c
-+++ b/drivers/watchdog/eurotechwdt.c
-@@ -97,9 +97,9 @@ MODULE_PARM_DESC(nowayout,
- #define WDT_TIMER_CFG 0xf3
-
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- MODULE_PARM_DESC(io, "Eurotech WDT io port (default=0x3f0)");
--module_param(irq, int, 0);
-+module_param_hw(irq, int, irq, 0);
- MODULE_PARM_DESC(irq, "Eurotech WDT irq (default=10)");
- module_param(ev, charp, 0);
- MODULE_PARM_DESC(ev, "Eurotech WDT event type (default is `int')");
-diff --git a/drivers/watchdog/pc87413_wdt.c b/drivers/watchdog/pc87413_wdt.c
-index 9f15dd9435d1..06a892e36a8d 100644
---- a/drivers/watchdog/pc87413_wdt.c
-+++ b/drivers/watchdog/pc87413_wdt.c
-@@ -579,7 +579,7 @@ MODULE_AUTHOR("Marcus Junker <junker at anduras.de>");
- MODULE_DESCRIPTION("PC87413 WDT driver");
- MODULE_LICENSE("GPL");
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- MODULE_PARM_DESC(io, MODNAME " I/O port (default: "
- __MODULE_STRING(IO_DEFAULT) ").");
-
-diff --git a/drivers/watchdog/sc1200wdt.c b/drivers/watchdog/sc1200wdt.c
-index 131193a7acdf..b34d3d5ba632 100644
---- a/drivers/watchdog/sc1200wdt.c
-+++ b/drivers/watchdog/sc1200wdt.c
-@@ -88,7 +88,7 @@ MODULE_PARM_DESC(isapnp,
- "When set to 0 driver ISA PnP support will be disabled");
- #endif
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- MODULE_PARM_DESC(io, "io port");
- module_param(timeout, int, 0);
- MODULE_PARM_DESC(timeout, "range is 0-255 minutes, default is 1");
-diff --git a/drivers/watchdog/wdt.c b/drivers/watchdog/wdt.c
-index e0206b5b7d89..e481fbbc4ae7 100644
---- a/drivers/watchdog/wdt.c
-+++ b/drivers/watchdog/wdt.c
-@@ -78,9 +78,9 @@ static int irq = 11;
-
- static DEFINE_SPINLOCK(wdt_lock);
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- MODULE_PARM_DESC(io, "WDT io port (default=0x240)");
--module_param(irq, int, 0);
-+module_param_hw(irq, int, irq, 0);
- MODULE_PARM_DESC(irq, "WDT irq (default=11)");
-
- /* Support for the Fan Tachometer on the WDT501-P */
diff --git a/debian/patches/features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch b/debian/patches/features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch
deleted file mode 100644
index c2db1b7..0000000
--- a/debian/patches/features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:29 +0100
-Subject: [34/62] Annotate hardware config module parameters in fs/pstore/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=b68845c3946ffaf3fa58bb156c908a4e4531dcd9
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in fs/pstore/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Anton Vorontsov <anton at enomsg.org>
-cc: Colin Cross <ccross at android.com>
-cc: Kees Cook <keescook at chromium.org>
-cc: Tony Luck <tony.luck at intel.com>
----
- fs/pstore/ram.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
-index 11f918d34b1e..cce1d38417ca 100644
---- a/fs/pstore/ram.c
-+++ b/fs/pstore/ram.c
-@@ -58,7 +58,7 @@ module_param_named(pmsg_size, ramoops_pmsg_size, ulong, 0400);
- MODULE_PARM_DESC(pmsg_size, "size of user space message log");
-
- static unsigned long long mem_address;
--module_param(mem_address, ullong, 0400);
-+module_param_hw(mem_address, ullong, other, 0400);
- MODULE_PARM_DESC(mem_address,
- "start of reserved RAM used to store oops/panic logs");
-
diff --git a/debian/patches/features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch
deleted file mode 100644
index f45d36d..0000000
--- a/debian/patches/features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:30 +0100
-Subject: [35/62] Annotate hardware config module parameters in sound/drivers/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=75c07d4b39cebaebd1d185077c4d062036e7b967
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in sound/drivers/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Jaroslav Kysela <perex at perex.cz>
-cc: Takashi Iwai <tiwai at suse.com>
-cc: alsa-devel at alsa-project.org
----
- sound/drivers/mpu401/mpu401.c | 4 ++--
- sound/drivers/mtpav.c | 4 ++--
- sound/drivers/serial-u16550.c | 4 ++--
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/sound/drivers/mpu401/mpu401.c b/sound/drivers/mpu401/mpu401.c
-index fed7e7e2177b..9b86e00d7d95 100644
---- a/sound/drivers/mpu401/mpu401.c
-+++ b/sound/drivers/mpu401/mpu401.c
-@@ -53,9 +53,9 @@ MODULE_PARM_DESC(enable, "Enable MPU-401 device.");
- module_param_array(pnp, bool, NULL, 0444);
- MODULE_PARM_DESC(pnp, "PnP detection for MPU-401 device.");
- #endif
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for MPU-401 device.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for MPU-401 device.");
- module_param_array(uart_enter, bool, NULL, 0444);
- MODULE_PARM_DESC(uart_enter, "Issue UART_ENTER command at open.");
-diff --git a/sound/drivers/mtpav.c b/sound/drivers/mtpav.c
-index 00b31f92c504..0f6392001e30 100644
---- a/sound/drivers/mtpav.c
-+++ b/sound/drivers/mtpav.c
-@@ -86,9 +86,9 @@ module_param(index, int, 0444);
- MODULE_PARM_DESC(index, "Index value for MotuMTPAV MIDI.");
- module_param(id, charp, 0444);
- MODULE_PARM_DESC(id, "ID string for MotuMTPAV MIDI.");
--module_param(port, long, 0444);
-+module_param_hw(port, long, ioport, 0444);
- MODULE_PARM_DESC(port, "Parallel port # for MotuMTPAV MIDI.");
--module_param(irq, int, 0444);
-+module_param_hw(irq, int, irq, 0444);
- MODULE_PARM_DESC(irq, "Parallel IRQ # for MotuMTPAV MIDI.");
- module_param(hwports, int, 0444);
- MODULE_PARM_DESC(hwports, "Hardware ports # for MotuMTPAV MIDI.");
-diff --git a/sound/drivers/serial-u16550.c b/sound/drivers/serial-u16550.c
-index 60d51ac4ccfe..88e66ea0306d 100644
---- a/sound/drivers/serial-u16550.c
-+++ b/sound/drivers/serial-u16550.c
-@@ -84,9 +84,9 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for Serial MIDI.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable UART16550A chip.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for UART16550A chip.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for UART16550A chip.");
- module_param_array(speed, int, NULL, 0444);
- MODULE_PARM_DESC(speed, "Speed in bauds.");
diff --git a/debian/patches/features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch
deleted file mode 100644
index c17e446..0000000
--- a/debian/patches/features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch
+++ /dev/null
@@ -1,731 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:30 +0100
-Subject: [36/62] Annotate hardware config module parameters in sound/isa/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=b7999a0d338e061fe8319b3860b86efacb12a056
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in sound/isa/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Jaroslav Kysela <perex at perex.cz>
-cc: Takashi Iwai <tiwai at suse.com>
-cc: alsa-devel at alsa-project.org
----
- sound/isa/ad1848/ad1848.c | 6 +++---
- sound/isa/adlib.c | 2 +-
- sound/isa/cmi8328.c | 12 ++++++------
- sound/isa/cmi8330.c | 20 ++++++++++----------
- sound/isa/cs423x/cs4231.c | 12 ++++++------
- sound/isa/cs423x/cs4236.c | 18 +++++++++---------
- sound/isa/es1688/es1688.c | 12 ++++++------
- sound/isa/es18xx.c | 12 ++++++------
- sound/isa/galaxy/galaxy.c | 16 ++++++++--------
- sound/isa/gus/gusclassic.c | 8 ++++----
- sound/isa/gus/gusextreme.c | 16 ++++++++--------
- sound/isa/gus/gusmax.c | 8 ++++----
- sound/isa/gus/interwave.c | 10 +++++-----
- sound/isa/msnd/msnd_pinnacle.c | 20 ++++++++++----------
- sound/isa/opl3sa2.c | 16 ++++++++--------
- sound/isa/opti9xx/miro.c | 14 +++++++-------
- sound/isa/opti9xx/opti92x-ad1848.c | 14 +++++++-------
- sound/isa/sb/jazz16.c | 12 ++++++------
- sound/isa/sb/sb16.c | 14 +++++++-------
- sound/isa/sb/sb8.c | 6 +++---
- sound/isa/sc6000.c | 12 ++++++------
- sound/isa/sscape.c | 12 ++++++------
- sound/isa/wavefront/wavefront.c | 18 +++++++++---------
- 23 files changed, 145 insertions(+), 145 deletions(-)
-
-diff --git a/sound/isa/ad1848/ad1848.c b/sound/isa/ad1848/ad1848.c
-index a302d1f8d14f..e739b1c85c25 100644
---- a/sound/isa/ad1848/ad1848.c
-+++ b/sound/isa/ad1848/ad1848.c
-@@ -55,11 +55,11 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver.");
- module_param_array(thinkpad, bool, NULL, 0444);
- MODULE_PARM_DESC(thinkpad, "Enable only for the onboard CS4248 of IBM Thinkpad 360/750/755 series.");
-diff --git a/sound/isa/adlib.c b/sound/isa/adlib.c
-index 8d3060fd7ad7..5fb619eca5c8 100644
---- a/sound/isa/adlib.c
-+++ b/sound/isa/adlib.c
-@@ -27,7 +27,7 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver.");
-
- static int snd_adlib_match(struct device *dev, unsigned int n)
-diff --git a/sound/isa/cmi8328.c b/sound/isa/cmi8328.c
-index 787475084f46..8e1756c3b9bb 100644
---- a/sound/isa/cmi8328.c
-+++ b/sound/isa/cmi8328.c
-@@ -51,18 +51,18 @@ MODULE_PARM_DESC(index, "Index value for CMI8328 soundcard.");
- module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for CMI8328 soundcard.");
-
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for CMI8328 driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for CMI8328 driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 for CMI8328 driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 for CMI8328 driver.");
-
--module_param_array(mpuport, long, NULL, 0444);
-+module_param_hw_array(mpuport, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpuport, "MPU-401 port # for CMI8328 driver.");
--module_param_array(mpuirq, int, NULL, 0444);
-+module_param_hw_array(mpuirq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpuirq, "IRQ # for CMI8328 MPU-401 port.");
- #ifdef SUPPORT_JOYSTICK
- module_param_array(gameport, bool, NULL, 0444);
-diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c
-index dfedfd85f205..f64b29ab5cc7 100644
---- a/sound/isa/cmi8330.c
-+++ b/sound/isa/cmi8330.c
-@@ -95,27 +95,27 @@ module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard.");
- #endif
-
--module_param_array(sbport, long, NULL, 0444);
-+module_param_hw_array(sbport, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(sbport, "Port # for CMI8330/CMI8329 SB driver.");
--module_param_array(sbirq, int, NULL, 0444);
-+module_param_hw_array(sbirq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(sbirq, "IRQ # for CMI8330/CMI8329 SB driver.");
--module_param_array(sbdma8, int, NULL, 0444);
-+module_param_hw_array(sbdma8, int, dma, NULL, 0444);
- MODULE_PARM_DESC(sbdma8, "DMA8 for CMI8330/CMI8329 SB driver.");
--module_param_array(sbdma16, int, NULL, 0444);
-+module_param_hw_array(sbdma16, int, dma, NULL, 0444);
- MODULE_PARM_DESC(sbdma16, "DMA16 for CMI8330/CMI8329 SB driver.");
-
--module_param_array(wssport, long, NULL, 0444);
-+module_param_hw_array(wssport, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(wssport, "Port # for CMI8330/CMI8329 WSS driver.");
--module_param_array(wssirq, int, NULL, 0444);
-+module_param_hw_array(wssirq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(wssirq, "IRQ # for CMI8330/CMI8329 WSS driver.");
--module_param_array(wssdma, int, NULL, 0444);
-+module_param_hw_array(wssdma, int, dma, NULL, 0444);
- MODULE_PARM_DESC(wssdma, "DMA for CMI8330/CMI8329 WSS driver.");
-
--module_param_array(fmport, long, NULL, 0444);
-+module_param_hw_array(fmport, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fmport, "FM port # for CMI8330/CMI8329 driver.");
--module_param_array(mpuport, long, NULL, 0444);
-+module_param_hw_array(mpuport, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpuport, "MPU-401 port # for CMI8330/CMI8329 driver.");
--module_param_array(mpuirq, int, NULL, 0444);
-+module_param_hw_array(mpuirq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpuirq, "IRQ # for CMI8330/CMI8329 MPU-401 port.");
- #ifdef CONFIG_PNP
- static int isa_registered;
-diff --git a/sound/isa/cs423x/cs4231.c b/sound/isa/cs423x/cs4231.c
-index ef7448e9f813..e8edd9017a2f 100644
---- a/sound/isa/cs423x/cs4231.c
-+++ b/sound/isa/cs423x/cs4231.c
-@@ -55,17 +55,17 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver.");
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for " CRD_NAME " driver.");
-
- static int snd_cs4231_match(struct device *dev, unsigned int n)
-diff --git a/sound/isa/cs423x/cs4236.c b/sound/isa/cs423x/cs4236.c
-index 9d7582c90a95..1f9a3b2be7a1 100644
---- a/sound/isa/cs423x/cs4236.c
-+++ b/sound/isa/cs423x/cs4236.c
-@@ -98,23 +98,23 @@ MODULE_PARM_DESC(enable, "Enable " IDENT " soundcard.");
- module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "ISA PnP detection for specified soundcard.");
- #endif
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " IDENT " driver.");
--module_param_array(cport, long, NULL, 0444);
-+module_param_hw_array(cport, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(cport, "Control port # for " IDENT " driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " IDENT " driver.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port # for " IDENT " driver.");
--module_param_array(sb_port, long, NULL, 0444);
-+module_param_hw_array(sb_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(sb_port, "SB port # for " IDENT " driver (optional).");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for " IDENT " driver.");
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " IDENT " driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for " IDENT " driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for " IDENT " driver.");
-
- #ifdef CONFIG_PNP
-diff --git a/sound/isa/es1688/es1688.c b/sound/isa/es1688/es1688.c
-index 1901c2bb6c3b..36320e7f2789 100644
---- a/sound/isa/es1688/es1688.c
-+++ b/sound/isa/es1688/es1688.c
-@@ -71,17 +71,17 @@ module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard.");
- #endif
- MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver.");
--module_param_array(irq, int, NULL, 0444);
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port # for ES1688 driver.");
- MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver.");
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver.");
--module_param_array(dma8, int, NULL, 0444);
-+module_param_hw_array(dma8, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma8, "8-bit DMA # for " CRD_NAME " driver.");
-
- #ifdef CONFIG_PNP
-diff --git a/sound/isa/es18xx.c b/sound/isa/es18xx.c
-index 5094b62d8f77..0cabe2b8974f 100644
---- a/sound/isa/es18xx.c
-+++ b/sound/isa/es18xx.c
-@@ -1999,17 +1999,17 @@ MODULE_PARM_DESC(enable, "Enable ES18xx soundcard.");
- module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard.");
- #endif
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for ES18xx driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for ES18xx driver.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port # for ES18xx driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for ES18xx driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA 1 # for ES18xx driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA 2 # for ES18xx driver.");
-
- #ifdef CONFIG_PNP
-diff --git a/sound/isa/galaxy/galaxy.c b/sound/isa/galaxy/galaxy.c
-index 379abe2cbeb2..b9994cc9f5fb 100644
---- a/sound/isa/galaxy/galaxy.c
-+++ b/sound/isa/galaxy/galaxy.c
-@@ -53,21 +53,21 @@ static int mpu_irq[SNDRV_CARDS] = SNDRV_DEFAULT_IRQ;
- static int dma1[SNDRV_CARDS] = SNDRV_DEFAULT_DMA;
- static int dma2[SNDRV_CARDS] = SNDRV_DEFAULT_DMA;
-
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver.");
--module_param_array(wss_port, long, NULL, 0444);
-+module_param_hw_array(wss_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(wss_port, "WSS port # for " CRD_NAME " driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port # for " CRD_NAME " driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver.");
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "Playback DMA # for " CRD_NAME " driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "Capture DMA # for " CRD_NAME " driver.");
-
- /*
-diff --git a/sound/isa/gus/gusclassic.c b/sound/isa/gus/gusclassic.c
-index c169be49ed71..92a997ab1229 100644
---- a/sound/isa/gus/gusclassic.c
-+++ b/sound/isa/gus/gusclassic.c
-@@ -58,13 +58,13 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for " CRD_NAME " driver.");
- module_param_array(joystick_dac, int, NULL, 0444);
- MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for " CRD_NAME " driver.");
-diff --git a/sound/isa/gus/gusextreme.c b/sound/isa/gus/gusextreme.c
-index 77ac2fd723b4..beb52c0f70ea 100644
---- a/sound/isa/gus/gusextreme.c
-+++ b/sound/isa/gus/gusextreme.c
-@@ -66,21 +66,21 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver.");
--module_param_array(gf1_port, long, NULL, 0444);
-+module_param_hw_array(gf1_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(gf1_port, "GF1 port # for " CRD_NAME " driver (optional).");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver.");
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver.");
--module_param_array(gf1_irq, int, NULL, 0444);
-+module_param_hw_array(gf1_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(gf1_irq, "GF1 IRQ # for " CRD_NAME " driver.");
--module_param_array(dma8, int, NULL, 0444);
-+module_param_hw_array(dma8, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma8, "8-bit DMA # for " CRD_NAME " driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "GF1 DMA # for " CRD_NAME " driver.");
- module_param_array(joystick_dac, int, NULL, 0444);
- MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for " CRD_NAME " driver.");
-diff --git a/sound/isa/gus/gusmax.c b/sound/isa/gus/gusmax.c
-index dd88c9d33492..63309a453140 100644
---- a/sound/isa/gus/gusmax.c
-+++ b/sound/isa/gus/gusmax.c
-@@ -56,13 +56,13 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for GUS MAX soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable GUS MAX soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for GUS MAX driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for GUS MAX driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for GUS MAX driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for GUS MAX driver.");
- module_param_array(joystick_dac, int, NULL, 0444);
- MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for GUS MAX driver.");
-diff --git a/sound/isa/gus/interwave.c b/sound/isa/gus/interwave.c
-index 70d0040484c8..0687b7ef3e53 100644
---- a/sound/isa/gus/interwave.c
-+++ b/sound/isa/gus/interwave.c
-@@ -92,17 +92,17 @@ MODULE_PARM_DESC(enable, "Enable InterWave soundcard.");
- module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "ISA PnP detection for specified soundcard.");
- #endif
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for InterWave driver.");
- #ifdef SNDRV_STB
--module_param_array(port_tc, long, NULL, 0444);
-+module_param_hw_array(port_tc, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port_tc, "Tone control (TEA6330T - i2c bus) port # for InterWave driver.");
- #endif
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for InterWave driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for InterWave driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for InterWave driver.");
- module_param_array(joystick_dac, int, NULL, 0444);
- MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for InterWave driver.");
-diff --git a/sound/isa/msnd/msnd_pinnacle.c b/sound/isa/msnd/msnd_pinnacle.c
-index 4c072666115d..ad4897337df5 100644
---- a/sound/isa/msnd/msnd_pinnacle.c
-+++ b/sound/isa/msnd/msnd_pinnacle.c
-@@ -800,22 +800,22 @@ MODULE_LICENSE("GPL");
- MODULE_FIRMWARE(INITCODEFILE);
- MODULE_FIRMWARE(PERMCODEFILE);
-
--module_param_array(io, long, NULL, S_IRUGO);
-+module_param_hw_array(io, long, ioport, NULL, S_IRUGO);
- MODULE_PARM_DESC(io, "IO port #");
--module_param_array(irq, int, NULL, S_IRUGO);
--module_param_array(mem, long, NULL, S_IRUGO);
-+module_param_hw_array(irq, int, irq, NULL, S_IRUGO);
-+module_param_hw_array(mem, long, iomem, NULL, S_IRUGO);
- module_param_array(write_ndelay, int, NULL, S_IRUGO);
- module_param(calibrate_signal, int, S_IRUGO);
- #ifndef MSND_CLASSIC
- module_param_array(digital, int, NULL, S_IRUGO);
--module_param_array(cfg, long, NULL, S_IRUGO);
-+module_param_hw_array(cfg, long, ioport, NULL, S_IRUGO);
- module_param_array(reset, int, 0, S_IRUGO);
--module_param_array(mpu_io, long, NULL, S_IRUGO);
--module_param_array(mpu_irq, int, NULL, S_IRUGO);
--module_param_array(ide_io0, long, NULL, S_IRUGO);
--module_param_array(ide_io1, long, NULL, S_IRUGO);
--module_param_array(ide_irq, int, NULL, S_IRUGO);
--module_param_array(joystick_io, long, NULL, S_IRUGO);
-+module_param_hw_array(mpu_io, long, ioport, NULL, S_IRUGO);
-+module_param_hw_array(mpu_irq, int, irq, NULL, S_IRUGO);
-+module_param_hw_array(ide_io0, long, ioport, NULL, S_IRUGO);
-+module_param_hw_array(ide_io1, long, ioport, NULL, S_IRUGO);
-+module_param_hw_array(ide_irq, int, irq, NULL, S_IRUGO);
-+module_param_hw_array(joystick_io, long, ioport, NULL, S_IRUGO);
- #endif
-
-
-diff --git a/sound/isa/opl3sa2.c b/sound/isa/opl3sa2.c
-index ae133633a420..4098e3e0353d 100644
---- a/sound/isa/opl3sa2.c
-+++ b/sound/isa/opl3sa2.c
-@@ -69,21 +69,21 @@ MODULE_PARM_DESC(enable, "Enable OPL3-SA soundcard.");
- module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard.");
- #endif
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for OPL3-SA driver.");
--module_param_array(sb_port, long, NULL, 0444);
-+module_param_hw_array(sb_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(sb_port, "SB port # for OPL3-SA driver.");
--module_param_array(wss_port, long, NULL, 0444);
-+module_param_hw_array(wss_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(wss_port, "WSS port # for OPL3-SA driver.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port # for OPL3-SA driver.");
--module_param_array(midi_port, long, NULL, 0444);
-+module_param_hw_array(midi_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(midi_port, "MIDI port # for OPL3-SA driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for OPL3-SA driver.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for OPL3-SA driver.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for OPL3-SA driver.");
- module_param_array(opl3sa3_ymode, int, NULL, 0444);
- MODULE_PARM_DESC(opl3sa3_ymode, "Speaker size selection for 3D Enhancement mode: Desktop/Large Notebook/Small Notebook/HiFi.");
-diff --git a/sound/isa/opti9xx/miro.c b/sound/isa/opti9xx/miro.c
-index 3a9067db1a84..bcbff56f060d 100644
---- a/sound/isa/opti9xx/miro.c
-+++ b/sound/isa/opti9xx/miro.c
-@@ -69,19 +69,19 @@ module_param(index, int, 0444);
- MODULE_PARM_DESC(index, "Index value for miro soundcard.");
- module_param(id, charp, 0444);
- MODULE_PARM_DESC(id, "ID string for miro soundcard.");
--module_param(port, long, 0444);
-+module_param_hw(port, long, ioport, 0444);
- MODULE_PARM_DESC(port, "WSS port # for miro driver.");
--module_param(mpu_port, long, 0444);
-+module_param_hw(mpu_port, long, ioport, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for miro driver.");
--module_param(fm_port, long, 0444);
-+module_param_hw(fm_port, long, ioport, 0444);
- MODULE_PARM_DESC(fm_port, "FM Port # for miro driver.");
--module_param(irq, int, 0444);
-+module_param_hw(irq, int, irq, 0444);
- MODULE_PARM_DESC(irq, "WSS irq # for miro driver.");
--module_param(mpu_irq, int, 0444);
-+module_param_hw(mpu_irq, int, irq, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 irq # for miro driver.");
--module_param(dma1, int, 0444);
-+module_param_hw(dma1, int, dma, 0444);
- MODULE_PARM_DESC(dma1, "1st dma # for miro driver.");
--module_param(dma2, int, 0444);
-+module_param_hw(dma2, int, dma, 0444);
- MODULE_PARM_DESC(dma2, "2nd dma # for miro driver.");
- module_param(wss, int, 0444);
- MODULE_PARM_DESC(wss, "wss mode");
-diff --git a/sound/isa/opti9xx/opti92x-ad1848.c b/sound/isa/opti9xx/opti92x-ad1848.c
-index 0a5266003786..ceddb392b1e3 100644
---- a/sound/isa/opti9xx/opti92x-ad1848.c
-+++ b/sound/isa/opti9xx/opti92x-ad1848.c
-@@ -88,20 +88,20 @@ MODULE_PARM_DESC(id, "ID string for opti9xx based soundcard.");
- module_param(isapnp, bool, 0444);
- MODULE_PARM_DESC(isapnp, "Enable ISA PnP detection for specified soundcard.");
- #endif
--module_param(port, long, 0444);
-+module_param_hw(port, long, ioport, 0444);
- MODULE_PARM_DESC(port, "WSS port # for opti9xx driver.");
--module_param(mpu_port, long, 0444);
-+module_param_hw(mpu_port, long, ioport, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for opti9xx driver.");
--module_param(fm_port, long, 0444);
-+module_param_hw(fm_port, long, ioport, 0444);
- MODULE_PARM_DESC(fm_port, "FM port # for opti9xx driver.");
--module_param(irq, int, 0444);
-+module_param_hw(irq, int, irq, 0444);
- MODULE_PARM_DESC(irq, "WSS irq # for opti9xx driver.");
--module_param(mpu_irq, int, 0444);
-+module_param_hw(mpu_irq, int, irq, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 irq # for opti9xx driver.");
--module_param(dma1, int, 0444);
-+module_param_hw(dma1, int, dma, 0444);
- MODULE_PARM_DESC(dma1, "1st dma # for opti9xx driver.");
- #if defined(CS4231) || defined(OPTi93X)
--module_param(dma2, int, 0444);
-+module_param_hw(dma2, int, dma, 0444);
- MODULE_PARM_DESC(dma2, "2nd dma # for opti9xx driver.");
- #endif /* CS4231 || OPTi93X */
-
-diff --git a/sound/isa/sb/jazz16.c b/sound/isa/sb/jazz16.c
-index 4d909971eedb..bfa0055e1fd6 100644
---- a/sound/isa/sb/jazz16.c
-+++ b/sound/isa/sb/jazz16.c
-@@ -50,17 +50,17 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for Media Vision Jazz16 based soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable Media Vision Jazz16 based soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for jazz16 driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for jazz16 driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for jazz16 driver.");
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for jazz16 driver.");
--module_param_array(dma8, int, NULL, 0444);
-+module_param_hw_array(dma8, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma8, "DMA8 # for jazz16 driver.");
--module_param_array(dma16, int, NULL, 0444);
-+module_param_hw_array(dma16, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma16, "DMA16 # for jazz16 driver.");
-
- #define SB_JAZZ16_WAKEUP 0xaf
-diff --git a/sound/isa/sb/sb16.c b/sound/isa/sb/sb16.c
-index 4a7d7c89808f..3b2e4f405ff2 100644
---- a/sound/isa/sb/sb16.c
-+++ b/sound/isa/sb/sb16.c
-@@ -99,21 +99,21 @@ MODULE_PARM_DESC(enable, "Enable SoundBlaster 16 soundcard.");
- module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard.");
- #endif
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for SB16 driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for SB16 driver.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port # for SB16 PnP driver.");
- #ifdef SNDRV_SBAWE_EMU8000
--module_param_array(awe_port, long, NULL, 0444);
-+module_param_hw_array(awe_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(awe_port, "AWE port # for SB16 PnP driver.");
- #endif
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for SB16 driver.");
--module_param_array(dma8, int, NULL, 0444);
-+module_param_hw_array(dma8, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma8, "8-bit DMA # for SB16 driver.");
--module_param_array(dma16, int, NULL, 0444);
-+module_param_hw_array(dma16, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma16, "16-bit DMA # for SB16 driver.");
- module_param_array(mic_agc, int, NULL, 0444);
- MODULE_PARM_DESC(mic_agc, "Mic Auto-Gain-Control switch.");
-diff --git a/sound/isa/sb/sb8.c b/sound/isa/sb/sb8.c
-index ad42d2364199..d77dcba276b5 100644
---- a/sound/isa/sb/sb8.c
-+++ b/sound/isa/sb/sb8.c
-@@ -47,11 +47,11 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for Sound Blaster soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable Sound Blaster soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for SB8 driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for SB8 driver.");
--module_param_array(dma8, int, NULL, 0444);
-+module_param_hw_array(dma8, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma8, "8-bit DMA # for SB8 driver.");
-
- struct snd_sb8 {
-diff --git a/sound/isa/sc6000.c b/sound/isa/sc6000.c
-index b61a6633d8f2..c09d9b914efe 100644
---- a/sound/isa/sc6000.c
-+++ b/sound/isa/sc6000.c
-@@ -64,17 +64,17 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for sc-6000 based soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable sc-6000 based soundcard.");
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for sc-6000 driver.");
--module_param_array(mss_port, long, NULL, 0444);
-+module_param_hw_array(mss_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mss_port, "MSS Port # for sc-6000 driver.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port # for sc-6000 driver.");
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for sc-6000 driver.");
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for sc-6000 driver.");
--module_param_array(dma, int, NULL, 0444);
-+module_param_hw_array(dma, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma, "DMA # for sc-6000 driver.");
- module_param_array(joystick, bool, NULL, 0444);
- MODULE_PARM_DESC(joystick, "Enable gameport.");
-diff --git a/sound/isa/sscape.c b/sound/isa/sscape.c
-index fdcfa29e2205..54f5758a1bb3 100644
---- a/sound/isa/sscape.c
-+++ b/sound/isa/sscape.c
-@@ -63,22 +63,22 @@ MODULE_PARM_DESC(index, "Index number for SoundScape soundcard");
- module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "Description for SoundScape card");
-
--module_param_array(port, long, NULL, 0444);
-+module_param_hw_array(port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(port, "Port # for SoundScape driver.");
-
--module_param_array(wss_port, long, NULL, 0444);
-+module_param_hw_array(wss_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(wss_port, "WSS Port # for SoundScape driver.");
-
--module_param_array(irq, int, NULL, 0444);
-+module_param_hw_array(irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(irq, "IRQ # for SoundScape driver.");
-
--module_param_array(mpu_irq, int, NULL, 0444);
-+module_param_hw_array(mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(mpu_irq, "MPU401 IRQ # for SoundScape driver.");
-
--module_param_array(dma, int, NULL, 0444);
-+module_param_hw_array(dma, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma, "DMA # for SoundScape driver.");
-
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for SoundScape driver.");
-
- module_param_array(joystick, bool, NULL, 0444);
-diff --git a/sound/isa/wavefront/wavefront.c b/sound/isa/wavefront/wavefront.c
-index a0987a57c8a9..da4e9a85f0af 100644
---- a/sound/isa/wavefront/wavefront.c
-+++ b/sound/isa/wavefront/wavefront.c
-@@ -63,23 +63,23 @@ MODULE_PARM_DESC(enable, "Enable WaveFront soundcard.");
- module_param_array(isapnp, bool, NULL, 0444);
- MODULE_PARM_DESC(isapnp, "ISA PnP detection for WaveFront soundcards.");
- #endif
--module_param_array(cs4232_pcm_port, long, NULL, 0444);
-+module_param_hw_array(cs4232_pcm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(cs4232_pcm_port, "Port # for CS4232 PCM interface.");
--module_param_array(cs4232_pcm_irq, int, NULL, 0444);
-+module_param_hw_array(cs4232_pcm_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(cs4232_pcm_irq, "IRQ # for CS4232 PCM interface.");
--module_param_array(dma1, int, NULL, 0444);
-+module_param_hw_array(dma1, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma1, "DMA1 # for CS4232 PCM interface.");
--module_param_array(dma2, int, NULL, 0444);
-+module_param_hw_array(dma2, int, dma, NULL, 0444);
- MODULE_PARM_DESC(dma2, "DMA2 # for CS4232 PCM interface.");
--module_param_array(cs4232_mpu_port, long, NULL, 0444);
-+module_param_hw_array(cs4232_mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(cs4232_mpu_port, "port # for CS4232 MPU-401 interface.");
--module_param_array(cs4232_mpu_irq, int, NULL, 0444);
-+module_param_hw_array(cs4232_mpu_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(cs4232_mpu_irq, "IRQ # for CS4232 MPU-401 interface.");
--module_param_array(ics2115_irq, int, NULL, 0444);
-+module_param_hw_array(ics2115_irq, int, irq, NULL, 0444);
- MODULE_PARM_DESC(ics2115_irq, "IRQ # for ICS2115.");
--module_param_array(ics2115_port, long, NULL, 0444);
-+module_param_hw_array(ics2115_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(ics2115_port, "Port # for ICS2115.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port #.");
- module_param_array(use_cs4232_midi, bool, NULL, 0444);
- MODULE_PARM_DESC(use_cs4232_midi, "Use CS4232 MPU-401 interface (inaccessibly located inside your computer)");
diff --git a/debian/patches/features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch
deleted file mode 100644
index 5ca0751..0000000
--- a/debian/patches/features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch
+++ /dev/null
@@ -1,320 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:30 +0100
-Subject: [37/62] Annotate hardware config module parameters in sound/oss/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=aa247badbbe86b0d25ccd7050b375938632fc407
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in sound/oss/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Jaroslav Kysela <perex at perex.cz>
-cc: Takashi Iwai <tiwai at suse.com>
-cc: Riccardo Facchetti <fizban at tin.it>
-cc: Andrew Veliath <andrewtv at usa.net>
-cc: alsa-devel at alsa-project.org
----
- sound/oss/ad1848.c | 8 ++++----
- sound/oss/aedsp16.c | 12 ++++++------
- sound/oss/mpu401.c | 4 ++--
- sound/oss/msnd_pinnacle.c | 20 ++++++++++----------
- sound/oss/opl3.c | 2 +-
- sound/oss/pas2_card.c | 18 +++++++++---------
- sound/oss/pss.c | 14 +++++++-------
- sound/oss/sb_card.c | 10 +++++-----
- sound/oss/trix.c | 18 +++++++++---------
- sound/oss/uart401.c | 4 ++--
- sound/oss/uart6850.c | 4 ++--
- sound/oss/waveartist.c | 8 ++++----
- 12 files changed, 61 insertions(+), 61 deletions(-)
-
-diff --git a/sound/oss/ad1848.c b/sound/oss/ad1848.c
-index f6156d8169d0..2421f59cf279 100644
---- a/sound/oss/ad1848.c
-+++ b/sound/oss/ad1848.c
-@@ -2805,10 +2805,10 @@ static int __initdata dma = -1;
- static int __initdata dma2 = -1;
- static int __initdata type = 0;
-
--module_param(io, int, 0); /* I/O for a raw AD1848 card */
--module_param(irq, int, 0); /* IRQ to use */
--module_param(dma, int, 0); /* First DMA channel */
--module_param(dma2, int, 0); /* Second DMA channel */
-+module_param_hw(io, int, ioport, 0); /* I/O for a raw AD1848 card */
-+module_param_hw(irq, int, irq, 0); /* IRQ to use */
-+module_param_hw(dma, int, dma, 0); /* First DMA channel */
-+module_param_hw(dma2, int, dma, 0); /* Second DMA channel */
- module_param(type, int, 0); /* Card type */
- module_param(deskpro_xl, bool, 0); /* Special magic for Deskpro XL boxen */
- module_param(deskpro_m, bool, 0); /* Special magic for Deskpro M box */
-diff --git a/sound/oss/aedsp16.c b/sound/oss/aedsp16.c
-index bb477d5c8528..f058ed6bdb69 100644
---- a/sound/oss/aedsp16.c
-+++ b/sound/oss/aedsp16.c
-@@ -1303,17 +1303,17 @@ static int __initdata mpu_irq = -1;
- static int __initdata mss_base = -1;
- static int __initdata mpu_base = -1;
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
- MODULE_PARM_DESC(io, "I/O base address (0x220 0x240)");
--module_param(irq, int, 0);
-+module_param_hw(irq, int, irq, 0);
- MODULE_PARM_DESC(irq, "IRQ line (5 7 9 10 11)");
--module_param(dma, int, 0);
-+module_param_hw(dma, int, dma, 0);
- MODULE_PARM_DESC(dma, "dma line (0 1 3)");
--module_param(mpu_irq, int, 0);
-+module_param_hw(mpu_irq, int, irq, 0);
- MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ line (5 7 9 10 0)");
--module_param(mss_base, int, 0);
-+module_param_hw(mss_base, int, ioport, 0);
- MODULE_PARM_DESC(mss_base, "MSS emulation I/O base address (0x530 0xE80)");
--module_param(mpu_base, int, 0);
-+module_param_hw(mpu_base, int, ioport, 0);
- MODULE_PARM_DESC(mpu_base,"MPU-401 I/O base address (0x300 0x310 0x320 0x330)");
- MODULE_AUTHOR("Riccardo Facchetti <fizban at tin.it>");
- MODULE_DESCRIPTION("Audio Excel DSP 16 Driver Version " VERSION);
-diff --git a/sound/oss/mpu401.c b/sound/oss/mpu401.c
-index 862735005b43..20e8fa46f647 100644
---- a/sound/oss/mpu401.c
-+++ b/sound/oss/mpu401.c
-@@ -1748,8 +1748,8 @@ static struct address_info cfg;
- static int io = -1;
- static int irq = -1;
-
--module_param(irq, int, 0);
--module_param(io, int, 0);
-+module_param_hw(irq, int, irq, 0);
-+module_param_hw(io, int, ioport, 0);
-
- static int __init init_mpu401(void)
- {
-diff --git a/sound/oss/msnd_pinnacle.c b/sound/oss/msnd_pinnacle.c
-index f34ec01d2239..d2abc2cf3213 100644
---- a/sound/oss/msnd_pinnacle.c
-+++ b/sound/oss/msnd_pinnacle.c
-@@ -1727,22 +1727,22 @@ static int
- calibrate_signal __initdata = CONFIG_MSND_CALSIGNAL;
- #endif /* MODULE */
-
--module_param (io, int, 0);
--module_param (irq, int, 0);
--module_param (mem, int, 0);
-+module_param_hw (io, int, ioport, 0);
-+module_param_hw (irq, int, irq, 0);
-+module_param_hw (mem, int, iomem, 0);
- module_param (write_ndelay, int, 0);
- module_param (fifosize, int, 0);
- module_param (calibrate_signal, int, 0);
- #ifndef MSND_CLASSIC
- module_param (digital, bool, 0);
--module_param (cfg, int, 0);
-+module_param_hw (cfg, int, ioport, 0);
- module_param (reset, int, 0);
--module_param (mpu_io, int, 0);
--module_param (mpu_irq, int, 0);
--module_param (ide_io0, int, 0);
--module_param (ide_io1, int, 0);
--module_param (ide_irq, int, 0);
--module_param (joystick_io, int, 0);
-+module_param_hw (mpu_io, int, ioport, 0);
-+module_param_hw (mpu_irq, int, irq, 0);
-+module_param_hw (ide_io0, int, ioport, 0);
-+module_param_hw (ide_io1, int, ioport, 0);
-+module_param_hw (ide_irq, int, irq, 0);
-+module_param_hw (joystick_io, int, ioport, 0);
- #endif
-
- static int __init msnd_init(void)
-diff --git a/sound/oss/opl3.c b/sound/oss/opl3.c
-index b6d19adf8f41..f0f5b5be6314 100644
---- a/sound/oss/opl3.c
-+++ b/sound/oss/opl3.c
-@@ -1200,7 +1200,7 @@ static int me;
-
- static int io = -1;
-
--module_param(io, int, 0);
-+module_param_hw(io, int, ioport, 0);
-
- static int __init init_opl3 (void)
- {
-diff --git a/sound/oss/pas2_card.c b/sound/oss/pas2_card.c
-index b07954a79536..769fca692d2a 100644
---- a/sound/oss/pas2_card.c
-+++ b/sound/oss/pas2_card.c
-@@ -383,15 +383,15 @@ static int __initdata sb_irq = -1;
- static int __initdata sb_dma = -1;
- static int __initdata sb_dma16 = -1;
-
--module_param(io, int, 0);
--module_param(irq, int, 0);
--module_param(dma, int, 0);
--module_param(dma16, int, 0);
--
--module_param(sb_io, int, 0);
--module_param(sb_irq, int, 0);
--module_param(sb_dma, int, 0);
--module_param(sb_dma16, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
-+module_param_hw(dma, int, dma, 0);
-+module_param_hw(dma16, int, dma, 0);
-+
-+module_param_hw(sb_io, int, ioport, 0);
-+module_param_hw(sb_irq, int, irq, 0);
-+module_param_hw(sb_dma, int, dma, 0);
-+module_param_hw(sb_dma16, int, dma, 0);
-
- module_param(joystick, bool, 0);
- module_param(symphony, bool, 0);
-diff --git a/sound/oss/pss.c b/sound/oss/pss.c
-index 81314f9e2ccb..33c3a442e162 100644
---- a/sound/oss/pss.c
-+++ b/sound/oss/pss.c
-@@ -1139,19 +1139,19 @@ static bool pss_no_sound = 0; /* Just configure non-sound components */
- static bool pss_keep_settings = 1; /* Keep hardware settings at module exit */
- static char *pss_firmware = "/etc/sound/pss_synth";
-
--module_param(pss_io, int, 0);
-+module_param_hw(pss_io, int, ioport, 0);
- MODULE_PARM_DESC(pss_io, "Set i/o base of PSS card (probably 0x220 or 0x240)");
--module_param(mss_io, int, 0);
-+module_param_hw(mss_io, int, ioport, 0);
- MODULE_PARM_DESC(mss_io, "Set WSS (audio) i/o base (0x530, 0x604, 0xE80, 0xF40, or other. Address must end in 0 or 4 and must be from 0x100 to 0xFF4)");
--module_param(mss_irq, int, 0);
-+module_param_hw(mss_irq, int, irq, 0);
- MODULE_PARM_DESC(mss_irq, "Set WSS (audio) IRQ (3, 5, 7, 9, 10, 11, 12)");
--module_param(mss_dma, int, 0);
-+module_param_hw(mss_dma, int, dma, 0);
- MODULE_PARM_DESC(mss_dma, "Set WSS (audio) DMA (0, 1, 3)");
--module_param(mpu_io, int, 0);
-+module_param_hw(mpu_io, int, ioport, 0);
- MODULE_PARM_DESC(mpu_io, "Set MIDI i/o base (0x330 or other. Address must be on 4 location boundaries and must be from 0x100 to 0xFFC)");
--module_param(mpu_irq, int, 0);
-+module_param_hw(mpu_irq, int, irq, 0);
- MODULE_PARM_DESC(mpu_irq, "Set MIDI IRQ (3, 5, 7, 9, 10, 11, 12)");
--module_param(pss_cdrom_port, int, 0);
-+module_param_hw(pss_cdrom_port, int, ioport, 0);
- MODULE_PARM_DESC(pss_cdrom_port, "Set the PSS CDROM port i/o base (0x340 or other)");
- module_param(pss_enable_joystick, bool, 0);
- MODULE_PARM_DESC(pss_enable_joystick, "Enables the PSS joystick port (1 to enable, 0 to disable)");
-diff --git a/sound/oss/sb_card.c b/sound/oss/sb_card.c
-index fb5d7250de38..2a92cfe6cfe9 100644
---- a/sound/oss/sb_card.c
-+++ b/sound/oss/sb_card.c
-@@ -61,15 +61,15 @@ static int __initdata uart401 = 0;
- static int __initdata pnp = 0;
- #endif
-
--module_param(io, int, 000);
-+module_param_hw(io, int, ioport, 000);
- MODULE_PARM_DESC(io, "Soundblaster i/o base address (0x220,0x240,0x260,0x280)");
--module_param(irq, int, 000);
-+module_param_hw(irq, int, irq, 000);
- MODULE_PARM_DESC(irq, "IRQ (5,7,9,10)");
--module_param(dma, int, 000);
-+module_param_hw(dma, int, dma, 000);
- MODULE_PARM_DESC(dma, "8-bit DMA channel (0,1,3)");
--module_param(dma16, int, 000);
-+module_param_hw(dma16, int, dma, 000);
- MODULE_PARM_DESC(dma16, "16-bit DMA channel (5,6,7)");
--module_param(mpu_io, int, 000);
-+module_param_hw(mpu_io, int, ioport, 000);
- MODULE_PARM_DESC(mpu_io, "MPU base address");
- module_param(type, int, 000);
- MODULE_PARM_DESC(type, "You can set this to specific card type (doesn't " \
-diff --git a/sound/oss/trix.c b/sound/oss/trix.c
-index 3c494dc93b93..a57bc635d758 100644
---- a/sound/oss/trix.c
-+++ b/sound/oss/trix.c
-@@ -413,15 +413,15 @@ static int __initdata sb_irq = -1;
- static int __initdata mpu_io = -1;
- static int __initdata mpu_irq = -1;
-
--module_param(io, int, 0);
--module_param(irq, int, 0);
--module_param(dma, int, 0);
--module_param(dma2, int, 0);
--module_param(sb_io, int, 0);
--module_param(sb_dma, int, 0);
--module_param(sb_irq, int, 0);
--module_param(mpu_io, int, 0);
--module_param(mpu_irq, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
-+module_param_hw(dma, int, dma, 0);
-+module_param_hw(dma2, int, dma, 0);
-+module_param_hw(sb_io, int, ioport, 0);
-+module_param_hw(sb_dma, int, dma, 0);
-+module_param_hw(sb_irq, int, irq, 0);
-+module_param_hw(mpu_io, int, ioport, 0);
-+module_param_hw(mpu_irq, int, irq, 0);
- module_param(joystick, bool, 0);
-
- static int __init init_trix(void)
-diff --git a/sound/oss/uart401.c b/sound/oss/uart401.c
-index dae4d4344407..83dcc85b8688 100644
---- a/sound/oss/uart401.c
-+++ b/sound/oss/uart401.c
-@@ -429,8 +429,8 @@ static struct address_info cfg_mpu;
- static int io = -1;
- static int irq = -1;
-
--module_param(io, int, 0444);
--module_param(irq, int, 0444);
-+module_param_hw(io, int, ioport, 0444);
-+module_param_hw(irq, int, irq, 0444);
-
-
- static int __init init_uart401(void)
-diff --git a/sound/oss/uart6850.c b/sound/oss/uart6850.c
-index 1079133dd6ab..eda32d7eddbd 100644
---- a/sound/oss/uart6850.c
-+++ b/sound/oss/uart6850.c
-@@ -315,8 +315,8 @@ static struct address_info cfg_mpu;
- static int __initdata io = -1;
- static int __initdata irq = -1;
-
--module_param(io, int, 0);
--module_param(irq, int, 0);
-+module_param_hw(io, int, ioport, 0);
-+module_param_hw(irq, int, irq, 0);
-
- static int __init init_uart6850(void)
- {
-diff --git a/sound/oss/waveartist.c b/sound/oss/waveartist.c
-index 0b8d0de87273..4f0c3a232e41 100644
---- a/sound/oss/waveartist.c
-+++ b/sound/oss/waveartist.c
-@@ -2036,8 +2036,8 @@ __setup("waveartist=", setup_waveartist);
- #endif
-
- MODULE_DESCRIPTION("Rockwell WaveArtist RWA-010 sound driver");
--module_param(io, int, 0); /* IO base */
--module_param(irq, int, 0); /* IRQ */
--module_param(dma, int, 0); /* DMA */
--module_param(dma2, int, 0); /* DMA2 */
-+module_param_hw(io, int, ioport, 0); /* IO base */
-+module_param_hw(irq, int, irq, 0); /* IRQ */
-+module_param_hw(dma, int, dma, 0); /* DMA */
-+module_param_hw(dma2, int, dma, 0); /* DMA2 */
- MODULE_LICENSE("GPL");
diff --git a/debian/patches/features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch
deleted file mode 100644
index 9cdf369..0000000
--- a/debian/patches/features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From: David Howells <dhowells at redhat.com>
-Date: Tue, 4 Apr 2017 16:54:30 +0100
-Subject: [38/62] Annotate hardware config module parameters in sound/pci/
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=625c33b384a0f2e3ac63d6d513e389d4e290b667
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-To this end, annotate module_param* statements that refer to hardware
-configuration and indicate for future reference what type of parameter they
-specify. The parameter parser in the core sees this information and can
-skip such parameters with an error message if the kernel is locked down.
-The module initialisation then runs as normal, but just sees whatever the
-default values for those parameters is.
-
-Note that we do still need to do the module initialisation because some
-drivers have viable defaults set in case parameters aren't specified and
-some drivers support automatic configuration (e.g. PNP or PCI) in addition
-to manually coded parameters.
-
-This patch annotates drivers in sound/pci/.
-
-Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells at redhat.com>
-cc: Jaroslav Kysela <perex at perex.cz>
-cc: Takashi Iwai <tiwai at suse.com>
-cc: alsa-devel at alsa-project.org
----
- sound/pci/als4000.c | 2 +-
- sound/pci/cmipci.c | 6 +++---
- sound/pci/ens1370.c | 2 +-
- sound/pci/riptide/riptide.c | 6 +++---
- sound/pci/sonicvibes.c | 2 +-
- sound/pci/via82xx.c | 2 +-
- sound/pci/ymfpci/ymfpci.c | 6 +++---
- 7 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/sound/pci/als4000.c b/sound/pci/als4000.c
-index 92bc06d01288..7844a75d8ed9 100644
---- a/sound/pci/als4000.c
-+++ b/sound/pci/als4000.c
-@@ -102,7 +102,7 @@ MODULE_PARM_DESC(id, "ID string for ALS4000 soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable ALS4000 soundcard.");
- #ifdef SUPPORT_JOYSTICK
--module_param_array(joystick_port, int, NULL, 0444);
-+module_param_hw_array(joystick_port, int, ioport, NULL, 0444);
- MODULE_PARM_DESC(joystick_port, "Joystick port address for ALS4000 soundcard. (0 = disabled)");
- #endif
-
-diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c
-index aeedc270ed9b..430f064c64da 100644
---- a/sound/pci/cmipci.c
-+++ b/sound/pci/cmipci.c
-@@ -68,14 +68,14 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for C-Media PCI soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable C-Media PCI soundcard.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM port.");
- module_param_array(soft_ac3, bool, NULL, 0444);
- MODULE_PARM_DESC(soft_ac3, "Software-conversion of raw SPDIF packets (model 033 only).");
- #ifdef SUPPORT_JOYSTICK
--module_param_array(joystick_port, int, NULL, 0444);
-+module_param_hw_array(joystick_port, int, ioport, NULL, 0444);
- MODULE_PARM_DESC(joystick_port, "Joystick port address.");
- #endif
-
-diff --git a/sound/pci/ens1370.c b/sound/pci/ens1370.c
-index 164adad91650..90376739c5e1 100644
---- a/sound/pci/ens1370.c
-+++ b/sound/pci/ens1370.c
-@@ -106,7 +106,7 @@ module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable Ensoniq AudioPCI soundcard.");
- #ifdef SUPPORT_JOYSTICK
- #ifdef CHIP1371
--module_param_array(joystick_port, int, NULL, 0444);
-+module_param_hw_array(joystick_port, int, ioport, NULL, 0444);
- MODULE_PARM_DESC(joystick_port, "Joystick port address.");
- #else
- module_param_array(joystick, bool, NULL, 0444);
-diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c
-index 19c9df6b0f3d..f067c76d77f8 100644
---- a/sound/pci/riptide/riptide.c
-+++ b/sound/pci/riptide/riptide.c
-@@ -137,12 +137,12 @@ MODULE_PARM_DESC(id, "ID string for Riptide soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable Riptide soundcard.");
- #ifdef SUPPORT_JOYSTICK
--module_param_array(joystick_port, int, NULL, 0444);
-+module_param_hw_array(joystick_port, int, ioport, NULL, 0444);
- MODULE_PARM_DESC(joystick_port, "Joystick port # for Riptide soundcard.");
- #endif
--module_param_array(mpu_port, int, NULL, 0444);
-+module_param_hw_array(mpu_port, int, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU401 port # for Riptide driver.");
--module_param_array(opl3_port, int, NULL, 0444);
-+module_param_hw_array(opl3_port, int, ioport, NULL, 0444);
- MODULE_PARM_DESC(opl3_port, "OPL3 port # for Riptide driver.");
-
- /*
-diff --git a/sound/pci/sonicvibes.c b/sound/pci/sonicvibes.c
-index a6aa48c5b969..8e3d4ec39c35 100644
---- a/sound/pci/sonicvibes.c
-+++ b/sound/pci/sonicvibes.c
-@@ -66,7 +66,7 @@ module_param_array(reverb, bool, NULL, 0444);
- MODULE_PARM_DESC(reverb, "Enable reverb (SRAM is present) for S3 SonicVibes soundcard.");
- module_param_array(mge, bool, NULL, 0444);
- MODULE_PARM_DESC(mge, "MIC Gain Enable for S3 SonicVibes soundcard.");
--module_param(dmaio, uint, 0444);
-+module_param_hw(dmaio, uint, ioport, 0444);
- MODULE_PARM_DESC(dmaio, "DDMA i/o base address for S3 SonicVibes soundcard.");
-
- /*
-diff --git a/sound/pci/via82xx.c b/sound/pci/via82xx.c
-index 2d8c14e3f8d2..127834021175 100644
---- a/sound/pci/via82xx.c
-+++ b/sound/pci/via82xx.c
-@@ -92,7 +92,7 @@ module_param(index, int, 0444);
- MODULE_PARM_DESC(index, "Index value for VIA 82xx bridge.");
- module_param(id, charp, 0444);
- MODULE_PARM_DESC(id, "ID string for VIA 82xx bridge.");
--module_param(mpu_port, long, 0444);
-+module_param_hw(mpu_port, long, ioport, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 port. (VT82C686x only)");
- #ifdef SUPPORT_JOYSTICK
- module_param(joystick, bool, 0444);
-diff --git a/sound/pci/ymfpci/ymfpci.c b/sound/pci/ymfpci/ymfpci.c
-index 812e27a1bcbc..4faf3e1ed06a 100644
---- a/sound/pci/ymfpci/ymfpci.c
-+++ b/sound/pci/ymfpci/ymfpci.c
-@@ -55,12 +55,12 @@ module_param_array(id, charp, NULL, 0444);
- MODULE_PARM_DESC(id, "ID string for the Yamaha DS-1 PCI soundcard.");
- module_param_array(enable, bool, NULL, 0444);
- MODULE_PARM_DESC(enable, "Enable Yamaha DS-1 soundcard.");
--module_param_array(mpu_port, long, NULL, 0444);
-+module_param_hw_array(mpu_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(mpu_port, "MPU-401 Port.");
--module_param_array(fm_port, long, NULL, 0444);
-+module_param_hw_array(fm_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(fm_port, "FM OPL-3 Port.");
- #ifdef SUPPORT_JOYSTICK
--module_param_array(joystick_port, long, NULL, 0444);
-+module_param_hw_array(joystick_port, long, ioport, NULL, 0444);
- MODULE_PARM_DESC(joystick_port, "Joystick port address");
- #endif
- module_param_array(rear_switch, bool, NULL, 0444);
diff --git a/debian/patches/features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch b/debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch
similarity index 97%
rename from debian/patches/features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch
rename to debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch
index 06ed973..b8dd1b9 100644
--- a/debian/patches/features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,6 +1,6 @@
From: Josh Boyer <jwboyer at fedoraproject.org>
Date: Wed, 5 Apr 2017 17:40:29 +0100
-Subject: [39/62] efi: Add EFI_SECURE_BOOT bit
+Subject: [38/61] efi: Add EFI_SECURE_BOOT bit
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=7c121e1d97d6af4d25fb49bffb10571964f37ab1
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
diff --git a/debian/patches/features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
similarity index 98%
rename from debian/patches/features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch
rename to debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
index 1718610..ece981a 100644
--- a/debian/patches/features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch
+++ b/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
@@ -1,6 +1,6 @@
From: David Howells <dhowells at redhat.com>
Date: Wed, 5 Apr 2017 17:40:29 +0100
-Subject: [40/62] Add the ability to lock down access to the running kernel
+Subject: [39/61] Add the ability to lock down access to the running kernel
image
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=4e038dfc742f11bcd02e5a3fba5718cefbf06d70
diff --git a/debian/patches/features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
similarity index 85%
rename from debian/patches/features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
rename to debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
index 94c33c4..7bc8d5a 100644
--- a/debian/patches/features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ b/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -1,6 +1,6 @@
From: David Howells <dhowells at redhat.com>
Date: Wed, 5 Apr 2017 17:40:29 +0100
-Subject: [41/62] efi: Lock down the kernel if booted in secure boot mode
+Subject: [40/61] efi: Lock down the kernel if booted in secure boot mode
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=48f943a855fa850977db9071250db2b9e12287ce
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
@@ -15,11 +15,9 @@ Signed-off-by: David Howells <dhowells at redhat.com>
arch/x86/kernel/setup.c | 8 +++++++-
2 files changed, 19 insertions(+), 1 deletion(-)
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index cc98d5a294ee..21f39855661d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -1817,6 +1817,18 @@ config EFI_MIXED
+@@ -1827,6 +1827,18 @@ config EFI_MIXED
If unsure, say N.
@@ -38,8 +36,6 @@ index cc98d5a294ee..21f39855661d 100644
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 396285bddb93..85dfa745c442 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -69,6 +69,7 @@
@@ -48,9 +44,9 @@ index 396285bddb93..85dfa745c442 100644
#include <linux/jiffies.h>
+#include <linux/security.h>
+ #include <linux/usb/xhci-dbgp.h>
#include <video/edid.h>
-
-@@ -1185,7 +1186,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1191,7 +1192,12 @@ void __init setup_arch(char **cmdline_p)
break;
case efi_secureboot_mode_enabled:
set_bit(EFI_SECURE_BOOT, &efi.flags);
diff --git a/debian/patches/features/all/lockdown/0042-Enforce-module-signatures-if-the-kernel-is-locked-do.patch b/debian/patches/features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
similarity index 93%
rename from debian/patches/features/all/lockdown/0042-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
rename to debian/patches/features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
index 3d4a27d..25ddae9 100644
--- a/debian/patches/features/all/lockdown/0042-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
+++ b/debian/patches/features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
@@ -1,6 +1,6 @@
From: David Howells <dhowells at redhat.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [42/62] Enforce module signatures if the kernel is locked down
+Subject: [41/61] Enforce module signatures if the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a9643aef5a6c576f32a97053b4024638943044ca
If the kernel is locked down, require that all modules have valid
diff --git a/debian/patches/features/all/lockdown/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch b/debian/patches/features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
similarity index 76%
rename from debian/patches/features/all/lockdown/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
rename to debian/patches/features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
index 2a9f1e6..538382c 100644
--- a/debian/patches/features/all/lockdown/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
+++ b/debian/patches/features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [43/62] Restrict /dev/mem and /dev/kmem when the kernel is locked
+Subject: [42/61] Restrict /dev/mem and /dev/kmem when the kernel is locked
down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=104cff827b18e35874153bd8df14eba59e5b411a
@@ -14,11 +14,9 @@ Signed-off-by: David Howells <dhowells at redhat.com>
drivers/char/mem.c | 6 ++++++
1 file changed, 6 insertions(+)
-diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 6d9cc2d39d22..f8144049bda3 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
-@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
+@@ -179,6 +179,9 @@ static ssize_t write_mem(struct file *fi
if (p != *ppos)
return -EFBIG;
@@ -28,7 +26,7 @@ index 6d9cc2d39d22..f8144049bda3 100644
if (!valid_phys_addr_range(p, count))
return -EFAULT;
-@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf,
+@@ -540,6 +543,9 @@ static ssize_t write_kmem(struct file *f
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
diff --git a/debian/patches/features/all/lockdown/0044-Add-a-sysrq-option-to-exit-secure-boot-mode.patch b/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
similarity index 80%
rename from debian/patches/features/all/lockdown/0044-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
rename to debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
index 91e7001..9f3e663 100644
--- a/debian/patches/features/all/lockdown/0044-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
+++ b/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
@@ -1,6 +1,6 @@
From: Kyle McMartin <kyle at redhat.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [44/62] Add a sysrq option to exit secure boot mode
+Subject: [43/61] Add a sysrq option to exit secure boot mode
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e26d9e1cb0218082265875505edc284a63385010
Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
@@ -8,6 +8,7 @@ kernel image to be modified. This lifts the lockdown.
Signed-off-by: Kyle McMartin <kyle at redhat.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+[bwh: For 4.12, adjust context]
---
arch/x86/Kconfig | 10 ++++++++++
arch/x86/kernel/setup.c | 31 +++++++++++++++++++++++++++++++
@@ -18,11 +19,9 @@ Signed-off-by: David Howells <dhowells at redhat.com>
kernel/debug/kdb/kdb_main.c | 2 +-
7 files changed, 68 insertions(+), 8 deletions(-)
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 21f39855661d..457c04971849 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -1829,6 +1829,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN
+@@ -1839,6 +1839,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN
image. Say Y here to automatically lock down the kernel when a
system boots with UEFI Secure Boot enabled.
@@ -39,8 +38,6 @@ index 21f39855661d..457c04971849 100644
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 85dfa745c442..a415a4817684 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -71,6 +71,11 @@
@@ -52,10 +49,10 @@ index 85dfa745c442..a415a4817684 100644
+#include <linux/sysrq.h>
+#include <linux/init_task.h>
+
+ #include <linux/usb/xhci-dbgp.h>
#include <video/edid.h>
- #include <asm/mtrr.h>
-@@ -1330,6 +1335,32 @@ void __init i386_reserve_resources(void)
+@@ -1336,6 +1341,32 @@ void __init i386_reserve_resources(void)
#endif /* CONFIG_X86_32 */
@@ -88,11 +85,9 @@ index 85dfa745c442..a415a4817684 100644
static struct notifier_block kernel_offset_notifier = {
.notifier_call = dump_kernel_offset
};
-diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
-index 022be0e22eba..4a054a564636 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
-@@ -387,6 +387,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
+@@ -387,6 +387,7 @@ static int uinput_allocate_device(struct
if (!udev->dev)
return -ENOMEM;
@@ -100,11 +95,9 @@ index 022be0e22eba..4a054a564636 100644
udev->dev->event = uinput_dev_event;
input_set_drvdata(udev->dev, udev);
-diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index c6fc7141d7b2..0c96cf60f1a6 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
-@@ -481,6 +481,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
+@@ -481,6 +481,7 @@ static struct sysrq_key_op *sysrq_key_ta
/* x: May be registered on mips for TLB dump */
/* x: May be registered on ppc/powerpc for xmon */
/* x: May be registered on sparc64 for global PMU dump */
@@ -112,7 +105,7 @@ index c6fc7141d7b2..0c96cf60f1a6 100644
NULL, /* x */
/* y: May be registered on sparc64 for global register dump */
NULL, /* y */
-@@ -524,7 +525,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
+@@ -524,7 +525,7 @@ static void __sysrq_put_key_op(int key,
sysrq_key_table[i] = op_p;
}
@@ -121,7 +114,7 @@ index c6fc7141d7b2..0c96cf60f1a6 100644
{
struct sysrq_key_op *op_p;
int orig_log_level;
-@@ -544,11 +545,15 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -544,11 +545,15 @@ void __handle_sysrq(int key, bool check_
op_p = __sysrq_get_key_op(key);
if (op_p) {
@@ -138,7 +131,7 @@ index c6fc7141d7b2..0c96cf60f1a6 100644
pr_cont("%s\n", op_p->action_msg);
console_loglevel = orig_log_level;
op_p->handler(key);
-@@ -580,7 +585,7 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -580,7 +585,7 @@ void __handle_sysrq(int key, bool check_
void handle_sysrq(int key)
{
if (sysrq_on())
@@ -147,7 +140,7 @@ index c6fc7141d7b2..0c96cf60f1a6 100644
}
EXPORT_SYMBOL(handle_sysrq);
-@@ -661,7 +666,7 @@ static void sysrq_do_reset(unsigned long _state)
+@@ -661,7 +666,7 @@ static void sysrq_do_reset(unsigned long
static void sysrq_handle_reset_request(struct sysrq_state *state)
{
if (state->reset_requested)
@@ -156,7 +149,7 @@ index c6fc7141d7b2..0c96cf60f1a6 100644
if (sysrq_reset_downtime_ms)
mod_timer(&state->keyreset_timer,
-@@ -812,8 +817,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
+@@ -812,8 +817,10 @@ static bool sysrq_handle_keypress(struct
default:
if (sysrq->active && value && value != 2) {
@@ -168,7 +161,7 @@ index c6fc7141d7b2..0c96cf60f1a6 100644
}
break;
}
-@@ -1097,7 +1104,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
+@@ -1097,7 +1104,7 @@ static ssize_t write_sysrq_trigger(struc
if (get_user(c, buf))
return -EFAULT;
@@ -177,8 +170,6 @@ index c6fc7141d7b2..0c96cf60f1a6 100644
}
return count;
-diff --git a/include/linux/input.h b/include/linux/input.h
-index a65e3b24fb18..8b0357175049 100644
--- a/include/linux/input.h
+++ b/include/linux/input.h
@@ -42,6 +42,7 @@ struct input_value {
@@ -207,8 +198,6 @@ index a65e3b24fb18..8b0357175049 100644
/*
* Verify that we are in sync with input_device_id mod_devicetable.h #defines
*/
-diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
-index 387fa7d05c98..f7c52a9ea394 100644
--- a/include/linux/sysrq.h
+++ b/include/linux/sysrq.h
@@ -28,6 +28,8 @@
@@ -234,11 +223,9 @@ index 387fa7d05c98..f7c52a9ea394 100644
int register_sysrq_key(int key, struct sysrq_key_op *op);
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
struct sysrq_key_op *__sysrq_get_key_op(int key);
-diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index c8146d53ca67..b480cadf9272 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
-@@ -1970,7 +1970,7 @@ static int kdb_sr(int argc, const char **argv)
+@@ -1970,7 +1970,7 @@ static int kdb_sr(int argc, const char *
return KDB_ARGCOUNT;
kdb_trap_printk++;
diff --git a/debian/patches/features/all/lockdown/0045-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch b/debian/patches/features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
similarity index 94%
rename from debian/patches/features/all/lockdown/0045-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
rename to debian/patches/features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
index f8843b1..87c2270 100644
--- a/debian/patches/features/all/lockdown/0045-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
+++ b/debian/patches/features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [45/62] kexec: Disable at runtime if the kernel is locked down
+Subject: [44/61] kexec: Disable at runtime if the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e7c340d3a52b23631aa5e67cd10eac766042db50
kexec permits the loading and execution of arbitrary code in ring 0, which
diff --git a/debian/patches/features/all/lockdown/0046-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch b/debian/patches/features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
similarity index 95%
rename from debian/patches/features/all/lockdown/0046-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
rename to debian/patches/features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
index f828c02..1dee3ae 100644
--- a/debian/patches/features/all/lockdown/0046-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
+++ b/debian/patches/features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
@@ -1,6 +1,6 @@
From: Dave Young <dyoung at redhat.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [46/62] Copy secure_boot flag in boot params across kexec reboot
+Subject: [45/61] Copy secure_boot flag in boot params across kexec reboot
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=c124b113ed50045c2a81ddaab104578e592ebec3
Kexec reboot in case secure boot being enabled does not keep the secure
diff --git a/debian/patches/features/all/lockdown/0047-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch b/debian/patches/features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
similarity index 95%
rename from debian/patches/features/all/lockdown/0047-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
rename to debian/patches/features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
index ce40d06..9b14677 100644
--- a/debian/patches/features/all/lockdown/0047-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
+++ b/debian/patches/features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
@@ -1,6 +1,6 @@
From: "Lee, Chun-Yi" <joeyli.kernel at gmail.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [47/62] kexec_file: Disable at runtime if securelevel has been set
+Subject: [46/61] kexec_file: Disable at runtime if securelevel has been set
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=74cab6ae2c310633ce0148e58d326ee5a5121a89
When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
diff --git a/debian/patches/features/all/lockdown/0048-hibernate-Disable-when-the-kernel-is-locked-down.patch b/debian/patches/features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch
similarity index 94%
rename from debian/patches/features/all/lockdown/0048-hibernate-Disable-when-the-kernel-is-locked-down.patch
rename to debian/patches/features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch
index 39a715d..35977e1 100644
--- a/debian/patches/features/all/lockdown/0048-hibernate-Disable-when-the-kernel-is-locked-down.patch
+++ b/debian/patches/features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch
@@ -1,6 +1,6 @@
From: Josh Boyer <jwboyer at fedoraproject.org>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [48/62] hibernate: Disable when the kernel is locked down
+Subject: [47/61] hibernate: Disable when the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=398b27dd51e2c295ec870943a5afb842acf7726b
There is currently no way to verify the resume image when returning
diff --git a/debian/patches/features/all/lockdown/0049-uswsusp-Disable-when-the-kernel-is-locked-down.patch b/debian/patches/features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch
similarity index 93%
rename from debian/patches/features/all/lockdown/0049-uswsusp-Disable-when-the-kernel-is-locked-down.patch
rename to debian/patches/features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch
index bb94bd5..2ac4813 100644
--- a/debian/patches/features/all/lockdown/0049-uswsusp-Disable-when-the-kernel-is-locked-down.patch
+++ b/debian/patches/features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <mjg59 at srcf.ucam.org>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [49/62] uswsusp: Disable when the kernel is locked down
+Subject: [48/61] uswsusp: Disable when the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=6c773b2f00bec7cdccc1adf4a1af1afb082b78b8
uswsusp allows a user process to dump and then restore kernel state, which
diff --git a/debian/patches/features/all/lockdown/0050-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch b/debian/patches/features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
similarity index 78%
rename from debian/patches/features/all/lockdown/0050-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
rename to debian/patches/features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
index 1d9e11a..bbf9860 100644
--- a/debian/patches/features/all/lockdown/0050-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
+++ b/debian/patches/features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [50/62] PCI: Lock down BAR access when the kernel is locked down
+Subject: [49/61] PCI: Lock down BAR access when the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=fdfe195b5f8e0693a98f1f37eb1281ea7830dbff
Any hardware that can potentially generate DMA has to be locked down in
@@ -11,6 +11,7 @@ sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
Signed-off-by: David Howells <dhowells at redhat.com>
+[bwh: For 4.12, adjust context]
---
drivers/pci/pci-sysfs.c | 9 +++++++++
drivers/pci/proc.c | 8 +++++++-
@@ -19,7 +20,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
-@@ -727,6 +727,9 @@ static ssize_t pci_write_config(struct f
+@@ -754,6 +754,9 @@ static ssize_t pci_write_config(struct f
loff_t init_off = off;
u8 *data = (u8 *) buf;
@@ -29,17 +30,17 @@ Signed-off-by: David Howells <dhowells at redhat.com>
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
-@@ -1022,6 +1025,9 @@ static int pci_mmap_resource(struct kobj
- resource_size_t start, end;
- int i;
+@@ -1048,6 +1051,9 @@ static int pci_mmap_resource(struct kobj
+ enum pci_mmap_state mmap_type;
+ struct resource *res = &pdev->resource[bar];
+ if (kernel_is_locked_down())
+ return -EPERM;
+
- for (i = 0; i < PCI_ROM_RESOURCE; i++)
- if (res == &pdev->resource[i])
- break;
-@@ -1121,6 +1127,9 @@ static ssize_t pci_write_resource_io(str
+ if (res->flags & IORESOURCE_MEM && iomem_is_exclusive(res->start))
+ return -EINVAL;
+
+@@ -1131,6 +1137,9 @@ static ssize_t pci_write_resource_io(str
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{
@@ -71,15 +72,15 @@ Signed-off-by: David Howells <dhowells at redhat.com>
switch (cmd) {
case PCIIOC_CONTROLLER:
ret = pci_domain_nr(dev->bus);
-@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file
+@@ -236,7 +242,7 @@ static int proc_bus_pci_mmap(struct file
struct pci_filp_private *fpriv = file->private_data;
- int i, ret, write_combine = 0, res_bit;
+ int i, ret, write_combine = 0, res_bit = IORESOURCE_MEM;
- if (!capable(CAP_SYS_RAWIO))
+ if (!capable(CAP_SYS_RAWIO) || kernel_is_locked_down())
return -EPERM;
- if (fpriv->mmap_state == pci_mmap_io)
+ if (fpriv->mmap_state == pci_mmap_io) {
--- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c
@@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigne
diff --git a/debian/patches/features/all/lockdown/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch b/debian/patches/features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
similarity index 96%
rename from debian/patches/features/all/lockdown/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
rename to debian/patches/features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
index af41f04..ab43968 100644
--- a/debian/patches/features/all/lockdown/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+++ b/debian/patches/features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [51/62] x86: Lock down IO port access when the kernel is locked down
+Subject: [50/61] x86: Lock down IO port access when the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=37a19fd0d859cc12f1d6f47085071e35d34a0a41
IO port access would permit users to gain access to PCI configuration
diff --git a/debian/patches/features/all/lockdown/0052-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch b/debian/patches/features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
similarity index 95%
rename from debian/patches/features/all/lockdown/0052-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
rename to debian/patches/features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
index 73ffc78..0751d1d 100644
--- a/debian/patches/features/all/lockdown/0052-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
+++ b/debian/patches/features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [52/62] x86: Restrict MSR access when the kernel is locked down
+Subject: [51/61] x86: Restrict MSR access when the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e20ab2be2f77e6c0da7cd8fe0953a367c5012ecf
Writing to MSRs should not be allowed if the kernel is locked down, since
diff --git a/debian/patches/features/all/lockdown/0053-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch b/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
similarity index 96%
rename from debian/patches/features/all/lockdown/0053-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
rename to debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
index 2381b24..abe1ca5 100644
--- a/debian/patches/features/all/lockdown/0053-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
+++ b/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [53/62] asus-wmi: Restrict debugfs interface when the kernel is
+Subject: [52/61] asus-wmi: Restrict debugfs interface when the kernel is
locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=bfa10bc7193d6309dc8029e18fe7d844f9a3a1c0
diff --git a/debian/patches/features/all/lockdown/0054-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch b/debian/patches/features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
similarity index 94%
rename from debian/patches/features/all/lockdown/0054-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
rename to debian/patches/features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
index 16f9431..7dc2817 100644
--- a/debian/patches/features/all/lockdown/0054-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
+++ b/debian/patches/features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
@@ -1,6 +1,6 @@
From: Matthew Garrett <matthew.garrett at nebula.com>
Date: Wed, 5 Apr 2017 17:40:30 +0100
-Subject: [54/62] ACPI: Limit access to custom_method when the kernel is locked
+Subject: [53/61] ACPI: Limit access to custom_method when the kernel is locked
down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=c333ace27a3115f2b56f25987bdb7ef05f71836c
diff --git a/debian/patches/features/all/lockdown/0055-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch b/debian/patches/features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
similarity index 93%
rename from debian/patches/features/all/lockdown/0055-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
rename to debian/patches/features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
index f1b9673..83bd236 100644
--- a/debian/patches/features/all/lockdown/0055-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
+++ b/debian/patches/features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
@@ -1,6 +1,6 @@
From: Josh Boyer <jwboyer at redhat.com>
Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [55/62] acpi: Ignore acpi_rsdp kernel param when the kernel has been
+Subject: [54/61] acpi: Ignore acpi_rsdp kernel param when the kernel has been
locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=1e915addf2f56a29d84dfc899017a926de9c0264
diff --git a/debian/patches/features/all/lockdown/0056-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch b/debian/patches/features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
similarity index 95%
rename from debian/patches/features/all/lockdown/0056-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
rename to debian/patches/features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
index 04befdf..629d752 100644
--- a/debian/patches/features/all/lockdown/0056-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
+++ b/debian/patches/features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
@@ -1,6 +1,6 @@
From: Linn Crosetto <linn at hpe.com>
Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [56/62] acpi: Disable ACPI table override if the kernel is locked
+Subject: [55/61] acpi: Disable ACPI table override if the kernel is locked
down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=2a3b80bfba52f3f71bbb9b20942fb86ca6f491fe
diff --git a/debian/patches/features/all/lockdown/0057-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch b/debian/patches/features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
similarity index 96%
rename from debian/patches/features/all/lockdown/0057-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
rename to debian/patches/features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
index 143b310..4276bc9 100644
--- a/debian/patches/features/all/lockdown/0057-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
+++ b/debian/patches/features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
@@ -1,6 +1,6 @@
From: Linn Crosetto <linn at hpe.com>
Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [57/62] acpi: Disable APEI error injection if the kernel is locked
+Subject: [56/61] acpi: Disable APEI error injection if the kernel is locked
down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=cc8de994de095fc6b88f92c9a768c806605fba07
diff --git a/debian/patches/features/all/lockdown/0058-bpf-Restrict-kernel-image-access-functions-when-the-.patch b/debian/patches/features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch
similarity index 96%
rename from debian/patches/features/all/lockdown/0058-bpf-Restrict-kernel-image-access-functions-when-the-.patch
rename to debian/patches/features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch
index 8c45b80..b59c2bd 100644
--- a/debian/patches/features/all/lockdown/0058-bpf-Restrict-kernel-image-access-functions-when-the-.patch
+++ b/debian/patches/features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch
@@ -1,6 +1,6 @@
From: "Lee, Chun-Yi" <jlee at suse.com>
Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [58/62] bpf: Restrict kernel image access functions when the kernel
+Subject: [57/61] bpf: Restrict kernel image access functions when the kernel
is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=12c6b01166d3a94a49cf78a8bfe37fb280dd7cb6
diff --git a/debian/patches/features/all/lockdown/0059-scsi-Lock-down-the-eata-driver.patch b/debian/patches/features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch
similarity index 97%
rename from debian/patches/features/all/lockdown/0059-scsi-Lock-down-the-eata-driver.patch
rename to debian/patches/features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch
index 19307fd..6cd8ea3 100644
--- a/debian/patches/features/all/lockdown/0059-scsi-Lock-down-the-eata-driver.patch
+++ b/debian/patches/features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch
@@ -1,6 +1,6 @@
From: David Howells <dhowells at redhat.com>
Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [59/62] scsi: Lock down the eata driver
+Subject: [58/61] scsi: Lock down the eata driver
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e6fc4e593143fbbb8b83c558bb8e6445d9aaa45a
When the kernel is running in secure boot mode, we lock down the kernel to
diff --git a/debian/patches/features/all/lockdown/0060-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch b/debian/patches/features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
similarity index 94%
rename from debian/patches/features/all/lockdown/0060-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
rename to debian/patches/features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
index 41322dd..b83b3a3 100644
--- a/debian/patches/features/all/lockdown/0060-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
+++ b/debian/patches/features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
@@ -1,6 +1,6 @@
From: David Howells <dhowells at redhat.com>
Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [60/62] Prohibit PCMCIA CIS storage when the kernel is locked down
+Subject: [59/61] Prohibit PCMCIA CIS storage when the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=36b3c01337b2d0e4aa69828186586951b9cf50fa
Prohibit replacement of the PCMCIA Card Information Structure when the
diff --git a/debian/patches/features/all/lockdown/0061-Lock-down-TIOCSSERIAL.patch b/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
similarity index 97%
rename from debian/patches/features/all/lockdown/0061-Lock-down-TIOCSSERIAL.patch
rename to debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
index 7909c7c..0858aac 100644
--- a/debian/patches/features/all/lockdown/0061-Lock-down-TIOCSSERIAL.patch
+++ b/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
@@ -1,6 +1,6 @@
From: David Howells <dhowells at redhat.com>
Date: Wed, 5 Apr 2017 17:40:31 +0100
-Subject: [61/62] Lock down TIOCSSERIAL
+Subject: [60/61] Lock down TIOCSSERIAL
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=3f0d5eb601c66451afebe889623bcbafec0e4bb8
Lock down TIOCSSERIAL as that can be used to change the ioport and irq
diff --git a/debian/patches/features/all/lockdown/0062-Lock-down-module-params-that-specify-hardware-parame.patch b/debian/patches/features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch
similarity index 97%
rename from debian/patches/features/all/lockdown/0062-Lock-down-module-params-that-specify-hardware-parame.patch
rename to debian/patches/features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch
index 8b05cf2..e17cb1c 100644
--- a/debian/patches/features/all/lockdown/0062-Lock-down-module-params-that-specify-hardware-parame.patch
+++ b/debian/patches/features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch
@@ -1,6 +1,6 @@
From: David Howells <dhowells at redhat.com>
Date: Wed, 5 Apr 2017 13:50:07 +0100
-Subject: [62/62] Lock down module params that specify hardware parameters (eg.
+Subject: [61/61] Lock down module params that specify hardware parameters (eg.
ioport)
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=0240fa7c7c948b19d57c0163d57e55296277ff3c
diff --git a/debian/patches/series b/debian/patches/series
index 5d850e5..87a2ea0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -53,8 +53,6 @@ debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
# Arch bug fixes
bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
-features/all/firmware-dmi-add-dmi_product_family-identification-s.patch
-bugfix/x86/pinctrl-cherryview-extend-the-chromebook-dmi-quirk-t.patch
bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-310-15ikb-to.patch
bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v310-15isk-t.patch
bugfix/x86/platform-x86-ideapad-laptop-add-y520-15ikbn-to-no_hw.patch
@@ -84,68 +82,31 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
# Miscellaneous features
# Lockdown (formerly 'securelevel') patchset
-features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch
-features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch
-features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch
features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch
-features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch
-features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch
-features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch
-features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch
-features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch
-features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch
-features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch
-features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
-features/all/lockdown/0042-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
-features/all/lockdown/0043-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
-features/all/lockdown/0044-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
-features/all/lockdown/0045-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
-features/all/lockdown/0046-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
-features/all/lockdown/0047-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
-features/all/lockdown/0048-hibernate-Disable-when-the-kernel-is-locked-down.patch
-features/all/lockdown/0049-uswsusp-Disable-when-the-kernel-is-locked-down.patch
-features/all/lockdown/0050-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
-features/all/lockdown/0051-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
-features/all/lockdown/0052-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
-features/all/lockdown/0053-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
-features/all/lockdown/0054-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
-features/all/lockdown/0055-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
-features/all/lockdown/0056-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
-features/all/lockdown/0057-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
-features/all/lockdown/0058-bpf-Restrict-kernel-image-access-functions-when-the-.patch
-features/all/lockdown/0059-scsi-Lock-down-the-eata-driver.patch
-features/all/lockdown/0060-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
-features/all/lockdown/0061-Lock-down-TIOCSSERIAL.patch
-features/all/lockdown/0062-Lock-down-module-params-that-specify-hardware-parame.patch
+features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch
+features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
+features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+features/all/lockdown/0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
+features/all/lockdown/0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch
+features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
+features/all/lockdown/0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch
+features/all/lockdown/0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch
+features/all/lockdown/0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch
+features/all/lockdown/0047-hibernate-Disable-when-the-kernel-is-locked-down.patch
+features/all/lockdown/0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch
+features/all/lockdown/0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
+features/all/lockdown/0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch
+features/all/lockdown/0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch
+features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
+features/all/lockdown/0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch
+features/all/lockdown/0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch
+features/all/lockdown/0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch
+features/all/lockdown/0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch
+features/all/lockdown/0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch
+features/all/lockdown/0058-scsi-Lock-down-the-eata-driver.patch
+features/all/lockdown/0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch
+features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
+features/all/lockdown/0061-Lock-down-module-params-that-specify-hardware-parame.patch
# some missing pieces
features/all/lockdown/enable-cold-boot-attack-mitigation.patch
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
@@ -153,17 +114,12 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch
-bugfix/all/sunrpc-refactor-svc_set_num_threads.patch
-bugfix/all/nfsv4-fix-callback-server-shutdown.patch
bugfix/all/binfmt_elf-use-elf_et_dyn_base-only-for-pie.patch
# Fix exported symbol versions
bugfix/sparc/revert-sparc-move-exports-to-definitions.patch
bugfix/m68k/revert-m68k-move-exports-to-definitions.patch
bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
-bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
-bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
bugfix/all/module-disable-matching-missing-version-crc.patch
# ABI maintenance
@@ -179,4 +135,3 @@ bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
bugfix/all/cpupower-bump-soname-version.patch
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
-bugfix/all/usbip-Fix-potential-format-overflow-in-userspace-too.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list