diff options
| author | Bastian Blank <waldi@debian.org> | 2021-07-28 14:14:50 +0200 |
|---|---|---|
| committer | Bastian Blank <waldi@debian.org> | 2021-08-08 22:03:43 +0200 |
| commit | b4983d0dd9a184942f07745a36f34e228f321c37 (patch) | |
| tree | 9d5bbda5524e3c32aa1038dd456a27b18355caac | |
| parent | f49121399a214500091e5b6ee2a09d5bfb263491 (diff) | |
| download | kernel_replicant_linux-b4983d0dd9a184942f07745a36f34e228f321c37.tar.gz kernel_replicant_linux-b4983d0dd9a184942f07745a36f34e228f321c37.tar.bz2 kernel_replicant_linux-b4983d0dd9a184942f07745a36f34e228f321c37.zip | |
Update to 5.13.9
53 files changed, 411 insertions, 3392 deletions
diff --git a/debian/changelog b/debian/changelog index 5aae3a38f3a2..0e2e4cd4e37b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,10 @@ -linux (5.10.46-5) UNRELEASED; urgency=medium +linux (5.13.9-1~exp1) UNRELEASED; urgency=medium + * New upstream release: https://kernelnewbies.org/Linux_5.11 + * New upstream release: https://kernelnewbies.org/Linux_5.12 + * New upstream release: https://kernelnewbies.org/Linux_5.13 + + [ Bastian Blank ] * Always build-depend on native libelf-dev. * Specify trusted certs file in package config. diff --git a/debian/config/defines b/debian/config/defines index 77bd876a9d90..304dc840be3d 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -154,7 +154,7 @@ signed-code: false trusted-certs: debian/certs/debian-uefi-certs.pem [featureset-rt_base] -enabled: true +enabled: false [description] part-long-up: This kernel is not suitable for SMP (multi-processor, diff --git a/debian/installer/modules/kernel-image b/debian/installer/modules/kernel-image index 9085f71166c7..18f637874dab 100644 --- a/debian/installer/modules/kernel-image +++ b/debian/installer/modules/kernel-image @@ -14,6 +14,7 @@ thermal_sys ? lzo_compress lzo_decompress zlib_deflate +zstd_compress zstd_decompress # Basic paravirtual modules diff --git a/debian/patches/bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch b/debian/patches/bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch deleted file mode 100644 index f290f052d457..000000000000 --- a/debian/patches/bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: Alexander Larkin <avlarkin82@gmail.com> -Date: Sun, 4 Jul 2021 22:39:36 -0700 -Subject: Input: joydev - prevent use of not validated data in JSIOCSBTNMAP - ioctl -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=b4c35e9e8061b2386da1aa0d708e991204e76c45 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3612 - -commit f8f84af5da9ee04ef1d271528656dac42a090d00 upstream. - -Even though we validate user-provided inputs we then traverse past -validated data when applying the new map. The issue was originally -discovered by Murray McAllister with this simple POC (if the following -is executed by an unprivileged user it will instantly panic the system): - -int main(void) { - int fd, ret; - unsigned int buffer[10000]; - - fd = open("/dev/input/js0", O_RDONLY); - if (fd == -1) - printf("Error opening file\n"); - - ret = ioctl(fd, JSIOCSBTNMAP & ~IOCSIZE_MASK, &buffer); - printf("%d\n", ret); -} - -The solution is to traverse internal buffer which is guaranteed to only -contain valid date when constructing the map. - -Fixes: 182d679b2298 ("Input: joydev - prevent potential read overflow in ioctl") -Fixes: 999b874f4aa3 ("Input: joydev - validate axis/button maps before clobbering current ones") -Reported-by: Murray McAllister <murray.mcallister@gmail.com> -Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Alexander Larkin <avlarkin82@gmail.com> -Link: https://lore.kernel.org/r/20210620120030.1513655-1-avlarkin82@gmail.com -Cc: stable@vger.kernel.org -Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/input/joydev.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/input/joydev.c b/drivers/input/joydev.c -index 430dc6975004..675fcd0952a2 100644 ---- a/drivers/input/joydev.c -+++ b/drivers/input/joydev.c -@@ -500,7 +500,7 @@ static int joydev_handle_JSIOCSBTNMAP(struct joydev *joydev, - memcpy(joydev->keypam, keypam, len); - - for (i = 0; i < joydev->nkey; i++) -- joydev->keymap[keypam[i] - BTN_MISC] = i; -+ joydev->keymap[joydev->keypam[i] - BTN_MISC] = i; - - out: - kfree(keypam); --- -2.32.0 - diff --git a/debian/patches/bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch b/debian/patches/bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch deleted file mode 100644 index 441aff9da344..000000000000 --- a/debian/patches/bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Nicholas Piggin <npiggin@gmail.com> -Date: Thu, 24 Jun 2021 08:29:04 -0400 -Subject: KVM: do not allow mapping valid but non-reference-counted pages -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=dd8ed6c9bc2224c1ace5292d01089d3feb7ebbc3 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-22543 - -commit f8be156be163a052a067306417cd0ff679068c97 upstream. - -It's possible to create a region which maps valid but non-refcounted -pages (e.g., tail pages of non-compound higher order allocations). These -host pages can then be returned by gfn_to_page, gfn_to_pfn, etc., family -of APIs, which take a reference to the page, which takes it from 0 to 1. -When the reference is dropped, this will free the page incorrectly. - -Fix this by only taking a reference on valid pages if it was non-zero, -which indicates it is participating in normal refcounting (and can be -released with put_page). - -This addresses CVE-2021-22543. - -Signed-off-by: Nicholas Piggin <npiggin@gmail.com> -Tested-by: Paolo Bonzini <pbonzini@redhat.com> -Cc: stable@vger.kernel.org -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - virt/kvm/kvm_main.c | 19 +++++++++++++++++-- - 1 file changed, 17 insertions(+), 2 deletions(-) - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index f446c36f5800..1353439691cf 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1883,6 +1883,13 @@ static bool vma_is_valid(struct vm_area_struct *vma, bool write_fault) - return true; - } - -+static int kvm_try_get_pfn(kvm_pfn_t pfn) -+{ -+ if (kvm_is_reserved_pfn(pfn)) -+ return 1; -+ return get_page_unless_zero(pfn_to_page(pfn)); -+} -+ - static int hva_to_pfn_remapped(struct vm_area_struct *vma, - unsigned long addr, bool *async, - bool write_fault, bool *writable, -@@ -1932,13 +1939,21 @@ static int hva_to_pfn_remapped(struct vm_area_struct *vma, - * Whoever called remap_pfn_range is also going to call e.g. - * unmap_mapping_range before the underlying pages are freed, - * causing a call to our MMU notifier. -+ * -+ * Certain IO or PFNMAP mappings can be backed with valid -+ * struct pages, but be allocated without refcounting e.g., -+ * tail pages of non-compound higher order allocations, which -+ * would then underflow the refcount when the caller does the -+ * required put_page. Don't allow those pages here. - */ -- kvm_get_pfn(pfn); -+ if (!kvm_try_get_pfn(pfn)) -+ r = -EFAULT; - - out: - pte_unmap_unlock(ptep, ptl); - *p_pfn = pfn; -- return 0; -+ -+ return r; - } - - /* --- -2.32.0 - diff --git a/debian/patches/bugfix/all/Revert-PCI-PM-Do-not-read-power-state-in-pci_enable_.patch b/debian/patches/bugfix/all/Revert-PCI-PM-Do-not-read-power-state-in-pci_enable_.patch deleted file mode 100644 index f18769b43e69..000000000000 --- a/debian/patches/bugfix/all/Revert-PCI-PM-Do-not-read-power-state-in-pci_enable_.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com> -Date: Tue, 22 Jun 2021 17:35:18 +0200 -Subject: Revert "PCI: PM: Do not read power state in - pci_enable_device_flags()" -Origin: https://git.kernel.org/linus/4d6035f9bf4ea12776322746a216e856dfe46698 -Bug: https://bugzilla.kernel.org/show_bug.cgi?id=213481 -Bug-Debian: https://bugs.debian.org/990008 - -Revert commit 4514d991d992 ("PCI: PM: Do not read power state in -pci_enable_device_flags()") that is reported to cause PCI device -initialization issues on some systems. - -BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=213481 -Link: https://lore.kernel.org/linux-acpi/YNDoGICcg0V8HhpQ@eldamar.lan -Reported-by: Michael <phyre@rogers.com> -Reported-by: Salvatore Bonaccorso <carnil@debian.org> -Fixes: 4514d991d992 ("PCI: PM: Do not read power state in pci_enable_device_flags()") -Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> ---- - drivers/pci/pci.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c -index b717680377a9..8d4ebe095d0c 100644 ---- a/drivers/pci/pci.c -+++ b/drivers/pci/pci.c -@@ -1900,11 +1900,21 @@ static int pci_enable_device_flags(struct pci_dev *dev, unsigned long flags) - int err; - int i, bars = 0; - -- if (atomic_inc_return(&dev->enable_cnt) > 1) { -- pci_update_current_state(dev, dev->current_state); -- return 0; /* already enabled */ -+ /* -+ * Power state could be unknown at this point, either due to a fresh -+ * boot or a device removal call. So get the current power state -+ * so that things like MSI message writing will behave as expected -+ * (e.g. if the device really is in D0 at enable time). -+ */ -+ if (dev->pm_cap) { -+ u16 pmcsr; -+ pci_read_config_word(dev, dev->pm_cap + PCI_PM_CTRL, &pmcsr); -+ dev->current_state = (pmcsr & PCI_PM_CTRL_STATE_MASK); - } - -+ if (atomic_inc_return(&dev->enable_cnt) > 1) -+ return 0; /* already enabled */ -+ - bridge = pci_upstream_bridge(dev); - if (bridge) - pci_enable_bridge(bridge); --- -2.32.0 - diff --git a/debian/patches/bugfix/all/Revert-drm-amdgpu-gfx10-enlarge-CP_MEC_DOORBELL_RANG.patch b/debian/patches/bugfix/all/Revert-drm-amdgpu-gfx10-enlarge-CP_MEC_DOORBELL_RANG.patch deleted file mode 100644 index e437826828e2..000000000000 --- a/debian/patches/bugfix/all/Revert-drm-amdgpu-gfx10-enlarge-CP_MEC_DOORBELL_RANG.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Yifan Zhang <yifan1.zhang@amd.com> -Date: Sat, 19 Jun 2021 11:39:43 +0800 -Subject: Revert "drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to - cover full doorbell." -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=fea853aca3210c21dfcf07bb82d501b7fd1900a7 -Bug-Debian: https://bugs.debian.org/990312 - -commit baacf52a473b24e10322b67757ddb92ab8d86717 upstream. - -This reverts commit 1c0b0efd148d5b24c4932ddb3fa03c8edd6097b3. - -Reason for revert: Side effect of enlarging CP_MEC_DOORBELL_RANGE may -cause some APUs fail to enter gfxoff in certain user cases. - -Signed-off-by: Yifan Zhang <yifan1.zhang@amd.com> -Acked-by: Alex Deucher <alexander.deucher@amd.com> -Signed-off-by: Alex Deucher <alexander.deucher@amd.com> -Cc: stable@vger.kernel.org -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c -index 3c92dacbc24a..fc8da5fed779 100644 ---- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c -+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c -@@ -6590,12 +6590,8 @@ static int gfx_v10_0_kiq_init_register(struct amdgpu_ring *ring) - if (ring->use_doorbell) { - WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_LOWER, - (adev->doorbell_index.kiq * 2) << 2); -- /* If GC has entered CGPG, ringing doorbell > first page doesn't -- * wakeup GC. Enlarge CP_MEC_DOORBELL_RANGE_UPPER to workaround -- * this issue. -- */ - WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_UPPER, -- (adev->doorbell.size - 4)); -+ (adev->doorbell_index.userqueue_end * 2) << 2); - } - - WREG32_SOC15(GC, 0, mmCP_HQD_PQ_DOORBELL_CONTROL, --- -2.32.0 - diff --git a/debian/patches/bugfix/all/Revert-drm-amdgpu-gfx9-fix-the-doorbell-missing-when.patch b/debian/patches/bugfix/all/Revert-drm-amdgpu-gfx9-fix-the-doorbell-missing-when.patch deleted file mode 100644 index 1ee611c1719a..000000000000 --- a/debian/patches/bugfix/all/Revert-drm-amdgpu-gfx9-fix-the-doorbell-missing-when.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Yifan Zhang <yifan1.zhang@amd.com> -Date: Sat, 19 Jun 2021 11:40:54 +0800 -Subject: Revert "drm/amdgpu/gfx9: fix the doorbell missing when in CGPG - issue." -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=1bd81429d53ded4e111616c755a64fad80849354 -Bug-Debian: https://bugs.debian.org/990312 - -commit ee5468b9f1d3bf48082eed351dace14598e8ca39 upstream. - -This reverts commit 4cbbe34807938e6e494e535a68d5ff64edac3f20. - -Reason for revert: side effect of enlarging CP_MEC_DOORBELL_RANGE may -cause some APUs fail to enter gfxoff in certain user cases. - -Signed-off-by: Yifan Zhang <yifan1.zhang@amd.com> -Acked-by: Alex Deucher <alexander.deucher@amd.com> -Signed-off-by: Alex Deucher <alexander.deucher@amd.com> -Cc: stable@vger.kernel.org -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c -index 1859d293ef71..fb15e8b5af32 100644 ---- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c -+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c -@@ -3619,12 +3619,8 @@ static int gfx_v9_0_kiq_init_register(struct amdgpu_ring *ring) - if (ring->use_doorbell) { - WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_LOWER, - (adev->doorbell_index.kiq * 2) << 2); -- /* If GC has entered CGPG, ringing doorbell > first page doesn't -- * wakeup GC. Enlarge CP_MEC_DOORBELL_RANGE_UPPER to workaround -- * this issue. -- */ - WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_UPPER, -- (adev->doorbell.size - 4)); -+ (adev->doorbell_index.userqueue_end * 2) << 2); - } - - WREG32_SOC15_RLC(GC, 0, mmCP_HQD_PQ_DOORBELL_CONTROL, --- -2.32.0 - diff --git a/debian/patches/bugfix/all/block-return-the-correct-bvec-when-checking-for-gaps.patch b/debian/patches/bugfix/all/block-return-the-correct-bvec-when-checking-for-gaps.patch deleted file mode 100644 index b7763776eefb..000000000000 --- a/debian/patches/bugfix/all/block-return-the-correct-bvec-when-checking-for-gaps.patch +++ /dev/null @@ -1,83 +0,0 @@ -From: Long Li <longli@microsoft.com> -Date: Mon, 7 Jun 2021 12:34:05 -0700 -Subject: block: return the correct bvec when checking for gaps -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=c98d9318dc99bf8822708dbab3f3ace946df7fe9 - -commit c9c9762d4d44dcb1b2ba90cfb4122dc11ceebf31 upstream. - -After commit 07173c3ec276 ("block: enable multipage bvecs"), a bvec can -have multiple pages. But bio_will_gap() still assumes one page bvec while -checking for merging. If the pages in the bvec go across the -seg_boundary_mask, this check for merging can potentially succeed if only -the 1st page is tested, and can fail if all the pages are tested. - -Later, when SCSI builds the SG list the same check for merging is done in -__blk_segment_map_sg_merge() with all the pages in the bvec tested. This -time the check may fail if the pages in bvec go across the -seg_boundary_mask (but tested okay in bio_will_gap() earlier, so those -BIOs were merged). If this check fails, we end up with a broken SG list -for drivers assuming the SG list not having offsets in intermediate pages. -This results in incorrect pages written to the disk. - -Fix this by returning the multi-page bvec when testing gaps for merging. - -Cc: Jens Axboe <axboe@kernel.dk> -Cc: Johannes Thumshirn <johannes.thumshirn@wdc.com> -Cc: Pavel Begunkov <asml.silence@gmail.com> -Cc: Ming Lei <ming.lei@redhat.com> -Cc: Tejun Heo <tj@kernel.org> -Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> -Cc: Jeffle Xu <jefflexu@linux.alibaba.com> -Cc: linux-kernel@vger.kernel.org -Cc: stable@vger.kernel.org -Fixes: 07173c3ec276 ("block: enable multipage bvecs") -Signed-off-by: Long Li <longli@microsoft.com> -Reviewed-by: Ming Lei <ming.lei@redhat.com> -Reviewed-by: Christoph Hellwig <hch@lst.de> -Link: https://lore.kernel.org/r/1623094445-22332-1-git-send-email-longli@linuxonhyperv.com -Signed-off-by: Jens Axboe <axboe@kernel.dk> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - include/linux/bio.h | 12 ++++-------- - 1 file changed, 4 insertions(+), 8 deletions(-) - -diff --git a/include/linux/bio.h b/include/linux/bio.h -index c6d765382926..23b7a73cd757 100644 ---- a/include/linux/bio.h -+++ b/include/linux/bio.h -@@ -38,9 +38,6 @@ - #define bio_offset(bio) bio_iter_offset((bio), (bio)->bi_iter) - #define bio_iovec(bio) bio_iter_iovec((bio), (bio)->bi_iter) - --#define bio_multiple_segments(bio) \ -- ((bio)->bi_iter.bi_size != bio_iovec(bio).bv_len) -- - #define bvec_iter_sectors(iter) ((iter).bi_size >> 9) - #define bvec_iter_end_sector(iter) ((iter).bi_sector + bvec_iter_sectors((iter))) - -@@ -252,7 +249,7 @@ static inline void bio_clear_flag(struct bio *bio, unsigned int bit) - - static inline void bio_get_first_bvec(struct bio *bio, struct bio_vec *bv) - { -- *bv = bio_iovec(bio); -+ *bv = mp_bvec_iter_bvec(bio->bi_io_vec, bio->bi_iter); - } - - static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv) -@@ -260,10 +257,9 @@ static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv) - struct bvec_iter iter = bio->bi_iter; - int idx; - -- if (unlikely(!bio_multiple_segments(bio))) { -- *bv = bio_iovec(bio); -- return; -- } -+ bio_get_first_bvec(bio, bv); -+ if (bv->bv_len == bio->bi_iter.bi_size) -+ return; /* this bio only has a single bvec */ - - bio_advance_iter(bio, &iter, iter.bi_size); - --- -2.32.0 - diff --git a/debian/patches/bugfix/all/bpf-Add-kconfig-knob-for-disabling-unpriv-bpf-by-def.patch b/debian/patches/bugfix/all/bpf-Add-kconfig-knob-for-disabling-unpriv-bpf-by-def.patch deleted file mode 100644 index 6f51701866a2..000000000000 --- a/debian/patches/bugfix/all/bpf-Add-kconfig-knob-for-disabling-unpriv-bpf-by-def.patch +++ /dev/null @@ -1,134 +0,0 @@ -From: Daniel Borkmann <daniel@iogearbox.net> -Date: Tue, 11 May 2021 22:35:17 +0200 -Subject: bpf: Add kconfig knob for disabling unpriv bpf by default -Origin: https://git.kernel.org/linus/08389d888287c3823f80b0216766b71e17f0aba5 - -Add a kconfig knob which allows for unprivileged bpf to be disabled by default. -If set, the knob sets /proc/sys/kernel/unprivileged_bpf_disabled to value of 2. - -This still allows a transition of 2 -> {0,1} through an admin. Similarly, -this also still keeps 1 -> {1} behavior intact, so that once set to permanently -disabled, it cannot be undone aside from a reboot. - -We've also added extra2 with max of 2 for the procfs handler, so that an admin -still has a chance to toggle between 0 <-> 2. - -Either way, as an additional alternative, applications can make use of CAP_BPF -that we added a while ago. - -Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> -Signed-off-by: Alexei Starovoitov <ast@kernel.org> -Link: https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net -[Salvatore Bonaccorso: Backport to 5.10.y: Filename change from -kernel/bpf/Kconfig back to init/Kconfig] ---- - Documentation/admin-guide/sysctl/kernel.rst | 17 +++++++++--- - kernel/bpf/Kconfig | 10 +++++++ - kernel/bpf/syscall.c | 3 ++- - kernel/sysctl.c | 29 +++++++++++++++++---- - 4 files changed, 50 insertions(+), 9 deletions(-) - ---- a/Documentation/admin-guide/sysctl/kernel.rst -+++ b/Documentation/admin-guide/sysctl/kernel.rst -@@ -1457,11 +1457,22 @@ unprivileged_bpf_disabled - ========================= - - Writing 1 to this entry will disable unprivileged calls to ``bpf()``; --once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` will return --``-EPERM``. -+once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` or ``CAP_BPF`` -+will return ``-EPERM``. Once set to 1, this can't be cleared from the -+running kernel anymore. - --Once set, this can't be cleared. -+Writing 2 to this entry will also disable unprivileged calls to ``bpf()``, -+however, an admin can still change this setting later on, if needed, by -+writing 0 or 1 to this entry. - -+If ``BPF_UNPRIV_DEFAULT_OFF`` is enabled in the kernel config, then this -+entry will default to 2 instead of 0. -+ -+= ============================================================= -+0 Unprivileged calls to ``bpf()`` are enabled -+1 Unprivileged calls to ``bpf()`` are disabled without recovery -+2 Unprivileged calls to ``bpf()`` are disabled -+= ============================================================= - - watchdog - ======== ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -1722,6 +1722,16 @@ config BPF_JIT_DEFAULT_ON - def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON - depends on HAVE_EBPF_JIT && BPF_JIT - -+config BPF_UNPRIV_DEFAULT_OFF -+ bool "Disable unprivileged BPF by default" -+ depends on BPF_SYSCALL -+ help -+ Disables unprivileged BPF by default by setting the corresponding -+ /proc/sys/kernel/unprivileged_bpf_disabled knob to 2. An admin can -+ still reenable it by setting it to 0 later on, or permanently -+ disable it by setting it to 1 (from which no other transition to -+ 0 is possible anymore). -+ - source "kernel/bpf/preload/Kconfig" - - config USERFAULTFD ---- a/kernel/bpf/syscall.c -+++ b/kernel/bpf/syscall.c -@@ -50,7 +50,8 @@ static DEFINE_SPINLOCK(map_idr_lock); - static DEFINE_IDR(link_idr); - static DEFINE_SPINLOCK(link_idr_lock); - --int sysctl_unprivileged_bpf_disabled __read_mostly; -+int sysctl_unprivileged_bpf_disabled __read_mostly = -+ IS_BUILTIN(CONFIG_BPF_UNPRIV_DEFAULT_OFF) ? 2 : 0; - - static const struct bpf_map_ops * const bpf_map_types[] = { - #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -237,7 +237,27 @@ static int bpf_stats_handler(struct ctl_ - mutex_unlock(&bpf_stats_enabled_mutex); - return ret; - } --#endif -+ -+static int bpf_unpriv_handler(struct ctl_table *table, int write, -+ void *buffer, size_t *lenp, loff_t *ppos) -+{ -+ int ret, unpriv_enable = *(int *)table->data; -+ bool locked_state = unpriv_enable == 1; -+ struct ctl_table tmp = *table; -+ -+ if (write && !capable(CAP_SYS_ADMIN)) -+ return -EPERM; -+ -+ tmp.data = &unpriv_enable; -+ ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); -+ if (write && !ret) { -+ if (locked_state && unpriv_enable != 1) -+ return -EPERM; -+ *(int *)table->data = unpriv_enable; -+ } -+ return ret; -+} -+#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */ - - /* - * /proc/sys support -@@ -2639,10 +2659,9 @@ static struct ctl_table kern_table[] = { - .data = &sysctl_unprivileged_bpf_disabled, - .maxlen = sizeof(sysctl_unprivileged_bpf_disabled), - .mode = 0644, -- /* only handle a transition from default "0" to "1" */ -- .proc_handler = proc_dointvec_minmax, -- .extra1 = SYSCTL_ONE, -- .extra2 = SYSCTL_ONE, -+ .proc_handler = bpf_unpriv_handler, -+ .extra1 = SYSCTL_ZERO, -+ .extra2 = &two, - }, - { - .procname = "bpf_stats_enabled", diff --git a/debian/patches/bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch b/debian/patches/bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch deleted file mode 100644 index 33b10802fe68..000000000000 --- a/debian/patches/bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch +++ /dev/null @@ -1,452 +0,0 @@ -From 7e0f6483e208dc514244e383e74ff3b15bd638df Mon Sep 17 00:00:00 2001 -From: Sasha Levin <sashal@kernel.org> -Date: Tue, 13 Jul 2021 08:18:31 +0000 -Subject: bpf: Fix leakage due to insufficient speculative store bypass - mitigation - -From: Daniel Borkmann <daniel@iogearbox.net> - -[ Upstream commit 2039f26f3aca5b0e419b98f65dd36481337b86ee ] - -Spectre v4 gadgets make use of memory disambiguation, which is a set of -techniques that execute memory access instructions, that is, loads and -stores, out of program order; Intel's optimization manual, section 2.4.4.5: - - A load instruction micro-op may depend on a preceding store. Many - microarchitectures block loads until all preceding store addresses are - known. The memory disambiguator predicts which loads will not depend on - any previous stores. When the disambiguator predicts that a load does - not have such a dependency, the load takes its data from the L1 data - cache. Eventually, the prediction is verified. If an actual conflict is - detected, the load and all succeeding instructions are re-executed. - -af86ca4e3088 ("bpf: Prevent memory disambiguation attack") tried to mitigate -this attack by sanitizing the memory locations through preemptive "fast" -(low latency) stores of zero prior to the actual "slow" (high latency) store -of a pointer value such that upon dependency misprediction the CPU then -speculatively executes the load of the pointer value and retrieves the zero -value instead of the attacker controlled scalar value previously stored at -that location, meaning, subsequent access in the speculative domain is then -redirected to the "zero page". - -The sanitized preemptive store of zero prior to the actual "slow" store is -done through a simple ST instruction based on r10 (frame pointer) with -relative offset to the stack location that the verifier has been tracking -on the original used register for STX, which does not have to be r10. Thus, -there are no memory dependencies for this store, since it's only using r10 -and immediate constant of zero; hence af86ca4e3088 /assumed/ a low latency -operation. - -However, a recent attack demonstrated that this mitigation is not sufficient -since the preemptive store of zero could also be turned into a "slow" store -and is thus bypassed as well: - - [...] - // r2 = oob address (e.g. scalar) - // r7 = pointer to map value - 31: (7b) *(u64 *)(r10 -16) = r2 - // r9 will remain "fast" register, r10 will become "slow" register below - 32: (bf) r9 = r10 - // JIT maps BPF reg to x86 reg: - // r9 -> r15 (callee saved) - // r10 -> rbp - // train store forward prediction to break dependency link between both r9 - // and r10 by evicting them from the predictor's LRU table. - 33: (61) r0 = *(u32 *)(r7 +24576) - 34: (63) *(u32 *)(r7 +29696) = r0 - 35: (61) r0 = *(u32 *)(r7 +24580) - 36: (63) *(u32 *)(r7 +29700) = r0 - 37: (61) r0 = *(u32 *)(r7 +24584) - 38: (63) *(u32 *)(r7 +29704) = r0 - 39: (61) r0 = *(u32 *)(r7 +24588) - 40: (63) *(u32 *)(r7 +29708) = r0 - [...] - 543: (61) r0 = *(u32 *)(r7 +25596) - 544: (63) *(u32 *)(r7 +30716) = r0 - // prepare call to bpf_ringbuf_output() helper. the latter will cause rbp - // to spill to stack memory while r13/r14/r15 (all callee saved regs) remain - // in hardware registers. rbp becomes slow due to push/pop latency. below is - // disasm of bpf_ringbuf_output() helper for better visual context: - // - // ffffffff8117ee20: 41 54 push r12 - // ffffffff8117ee22: 55 push rbp - // ffffffff8117ee23: 53 push rbx - // ffffffff8117ee24: 48 f7 c1 fc ff ff ff test rcx,0xfffffffffffffffc - // ffffffff8117ee2b: 0f 85 af 00 00 00 jne ffffffff8117eee0 <-- jump taken - // [...] - // ffffffff8117eee0: 49 c7 c4 ea ff ff ff mov r12,0xffffffffffffffea - // ffffffff8117eee7: 5b pop rbx - // ffffffff8117eee8: 5d pop rbp - // ffffffff8117eee9: 4c 89 e0 mov rax,r12 - // ffffffff8117eeec: 41 5c pop r12 - // ffffffff8117eeee: c3 ret - 545: (18) r1 = map[id:4] - 547: (bf) r2 = r7 - 548: (b7) r3 = 0 - 549: (b7) r4 = 4 - 550: (85) call bpf_ringbuf_output#194288 - // instruction 551 inserted by verifier \ - 551: (7a) *(u64 *)(r10 -16) = 0 | /both/ are now slow stores here - // storing map value pointer r7 at fp-16 | since value of r10 is "slow". - 552: (7b) *(u64 *)(r10 -16) = r7 / - // following "fast" read to the same memory location, but due to dependency - // misprediction it will speculatively execute before insn 551/552 completes. - 553: (79) r2 = *(u64 *)(r9 -16) - // in speculative domain contains attacker controlled r2. in non-speculative - // domain this contains r7, and thus accesses r7 +0 below. - 554: (71) r3 = *(u8 *)(r2 +0) - // leak r3 - -As can be seen, the current speculative store bypass mitigation which the -verifier inserts at line 551 is insufficient since /both/, the write of -the zero sanitation as well as the map value pointer are a high latency -instruction due to prior memory access via push/pop of r10 (rbp) in contrast -to the low latency read in line 553 as r9 (r15) which stays in hardware -registers. Thus, architecturally, fp-16 is r7, however, microarchitecturally, -fp-16 can still be r2. - -Initial thoughts to address this issue was to track spilled pointer loads -from stack and enforce their load via LDX through r10 as well so that /both/ -the preemptive store of zero /as well as/ the load use the /same/ register -such that a dependency is created between the store and load. However, this -option is not sufficient either since it can be bypassed as well under -speculation. An updated attack with pointer spill/fills now _all_ based on -r10 would look as follows: - - [...] - // r2 = oob address (e.g. scalar) - // r7 = pointer to map value - [...] - // longer store forward prediction training sequence than before. - 2062: (61) r0 = *(u32 *)(r7 +25588) - 2063: (63) *(u32 *)(r7 +30708) = r0 - 2064: (61) r0 = *(u32 *)(r7 +25592) - 2065: (63) *(u32 *)(r7 +30712) = r0 - 2066: (61) r0 = *(u32 *)(r7 +25596) - 2067: (63) *(u32 *)(r7 +30716) = r0 - // store the speculative load address (scalar) this time after the store - // forward prediction training. - 2068: (7b) *(u64 *)(r10 -16) = r2 - // preoccupy the CPU store port by running sequence of dummy stores. - 2069: (63) *(u32 *)(r7 +29696) = r0 - 2070: (63) *(u32 *)(r7 +29700) = r0 - 2071: (63) *(u32 *)(r7 +29704) = r0 - 2072: (63) *(u32 *)(r7 +29708) = r0 - 2073: (63) *(u32 *)(r7 +29712) = r0 - 2074: (63) *(u32 *)(r7 +29716) = r0 - 2075: (63) *(u32 *)(r7 +29720) = r0 - 2076: (63) *(u32 *)(r7 +29724) = r0 - 2077: (63) *(u32 *)(r7 +29728) = r0 - 2078: (63) *(u32 *)(r7 +29732) = r0 - 2079: (63) *(u32 *)(r7 +29736) = r0 - 2080: (63) *(u32 *)(r7 +29740) = r0 - 2081: (63) *(u32 *)(r7 +29744) = r0 - 2082: (63) *(u32 *)(r7 +29748) = r0 - 2083: (63) *(u32 *)(r7 +29752) = r0 - 2084: (63) *(u32 *)(r7 +29756) = r0 - 2085: (63) *(u32 *)(r7 +29760) = r0 - 2086: (63) *(u32 *)(r7 +29764) = r0 - 2087: (63) *(u32 *)(r7 +29768) = r0 - 2088: (63) *(u32 *)(r7 +29772) = r0 - 2089: (63) *(u32 *)(r7 +29776) = r0 - 2090: (63) *(u32 *)(r7 +29780) = r0 - 2091: (63) *(u32 *)(r7 +29784) = r0 - 2092: (63) *(u32 *)(r7 +29788) = r0 - 2093: (63) *(u32 *)(r7 +29792) = r0 - 2094: (63) *(u32 *)(r7 +29796) = r0 - 2095: (63) *(u32 *)(r7 +29800) = r0 - 2096: (63) *(u32 *)(r7 +29804) = r0 - 2097: (63) *(u32 *)(r7 +29808) = r0 - 2098: (63) *(u32 *)(r7 +29812) = r0 - // overwrite scalar with dummy pointer; same as before, also including the - // sanitation store with 0 from the current mitigation by the verifier. - 2099: (7a) *(u64 *)(r10 -16) = 0 | /both/ are now slow stores here - 2100: (7b) *(u64 *)(r10 -16) = r7 | since store unit is still busy. - // load from stack intended to bypass stores. - 2101: (79) r2 = *(u64 *)(r10 -16) - 2102: (71) r3 = *(u8 *)(r2 +0) - // leak r3 - [...] - -Looking at the CPU microarchitecture, the scheduler might issue loads (such -as seen in line 2101) before stores (line 2099,2100) because the load execution -units become available while the store execution unit is still busy with the -sequence of dummy stores (line 2069-2098). And so the load may use the prior -stored scalar from r2 at address r10 -16 for speculation. The updated attack -may work less reliable on CPU microarchitectures where loads and stores share -execution resources. - -This concludes that the sanitizing with zero stores from af86ca4e3088 ("bpf: -Prevent memory disambiguation attack") is insufficient. Moreover, the detection -of stack reuse from af86ca4e3088 where previously data (STACK_MISC) has been -written to a given stack slot where a pointer value is now to be stored does -not have sufficient coverage as precondition for the mitigation either; for -several reasons outlined as follows: - - 1) Stack content from prior program runs could still be preserved and is - therefore not "random", best example is to split a speculative store - bypass attack between tail calls, program A would prepare and store the - oob address at a given stack slot and then tail call into program B which - does the "slow" store of a pointer to the stack with subsequent "fast" - read. From program B PoV such stack slot type is STACK_INVALID, and - therefore also must be subject to mitigation. - - 2) The STACK_SPILL must not be coupled to register_is_const(&stack->spilled_ptr) - condition, for example, the previous content of that memory location could - also be a pointer to map or map value. Without the fix, a speculative - store bypass is not mitigated in such precondition and can then lead to - a type confusion in the speculative domain leaking kernel memory near - these pointer types. - -While brainstorming on various alternative mitigation possibilities, we also -stumbled upon a retrospective from Chrome developers [0]: - - [...] For variant 4, we implemented a mitigation to zero the unused memory - of the heap prior to allocation, which cost about 1% when done concurrently - and 4% for scavenging. Variant 4 defeats everything we could think of. We - explored more mitigations for variant 4 but the threat proved to be more - pervasive and dangerous than we anticipated. For example, stack slots used - by the register allocator in the optimizing compiler could be subject to - type confusion, leading to pointer crafting. Mitigating type confusion for - stack slots alone would have required a complete redesign of the backend of - the optimizing compiler, perhaps man years of work, without a guarantee of - completeness. [...] - -From BPF side, the problem space is reduced, however, options are rather -limited. One idea that has been explored was to xor-obfuscate pointer spills -to the BPF stack: - - [...] - // preoccupy the CPU store port by running sequence of dummy stores. - [...] - 2106: (63) *(u32 *)(r7 +29796) = r0 - 2107: (63) *(u32 *)(r7 +29800) = r0 - 2108: (63) *(u32 *)(r7 +29804) = r0 - 2109: (63) *(u32 *)(r7 +29808) = r0 - 2110: (63) *(u32 *)(r7 +29812) = r0 - // overwrite scalar with dummy pointer; xored with random 'secret' value - // of 943576462 before store ... - 2111: (b4) w11 = 943576462 - 2112: (af) r11 ^= r7 - 2113: (7b) *(u64 *)(r10 -16) = r11 - 2114: (79) r11 = *(u64 *)(r10 -16) - 2115: (b4) w2 = 943576462 - 2116: (af) r2 ^= r11 - // ... and restored with the same 'secret' value with the help of AX reg. - 2117: (71) r3 = *(u8 *)(r2 +0) - [...] - -While the above would not prevent speculation, it would make data leakage -infeasible by directing it to random locations. In order to be effective -and prevent type confusion under speculation, such random secret would have -to be regenerated for each store. The additional complexity involved for a -tracking mechanism that prevents jumps such that restoring spilled pointers -would not get corrupted is not worth the gain for unprivileged. Hence, the -fix in here eventually opted for emitting a non-public BPF_ST | BPF_NOSPEC -instruction which the x86 JIT translates into a lfence opcode. Inserting the -latter in between the store and load instruction is one of the mitigations -options [1]. The x86 instruction manual notes: - - [...] An LFENCE that follows an instruction that stores to memory might - complete before the data being stored have become globally visible. [...] - -The latter meaning that the preceding store instruction finished execution -and the store is at minimum guaranteed to be in the CPU's store queue, but -it's not guaranteed to be in that CPU's L1 cache at that point (globally -visible). The latter would only be guaranteed via sfence. So the load which -is guaranteed to execute after the lfence for that local CPU would have to -rely on store-to-load forwarding. [2], in section 2.3 on store buffers says: - - [...] For every store operation that is added to the ROB, an entry is - allocated in the store buffer. This entry requires both the virtual and - physical address of the target. Only if there is no free entry in the store - buffer, the frontend stalls until there is an empty slot available in the - store buffer again. Otherwise, the CPU can immediately continue adding - subsequent instructions to the ROB and execute them out of order. On Intel - CPUs, the store buffer has up to 56 entries. [...] - -One small upside on the fix is that it lifts constraints from af86ca4e3088 -where the sanitize_stack_off relative to r10 must be the same when coming -from different paths. The BPF_ST | BPF_NOSPEC gets emitted after a BPF_STX -or BPF_ST instruction. This happens either when we store a pointer or data -value to the BPF stack for the first time, or upon later pointer spills. -The former needs to be enforced since otherwise stale stack data could be -leaked under speculation as outlined earlier. For non-x86 JITs the BPF_ST | -BPF_NOSPEC mapping is currently optimized away, but others could emit a -speculation barrier as well if necessary. For real-world unprivileged -programs e.g. generated by LLVM, pointer spill/fill is only generated upon -register pressure and LLVM only tries to do that for pointers which are not -used often. The program main impact will be the initial BPF_ST | BPF_NOSPEC -sanitation for the STACK_INVALID case when the first write to a stack slot -occurs e.g. upon map lookup. In future we might refine ways to mitigate -the latter cost. - - [0] https://arxiv.org/pdf/1902.05178.pdf - [1] https://msrc-blog.microsoft.com/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ - [2] https://arxiv.org/pdf/1905.05725.pdf - -Fixes: af86ca4e3088 ("bpf: Prevent memory disambiguation attack") -Fixes: f7cf25b2026d ("bpf: track spill/fill of constants") -Co-developed-by: Piotr Krysiuk <piotras@gmail.com> -Co-developed-by: Benedict Schlueter <benedict.schlueter@rub.de> -Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> -Signed-off-by: Piotr Krysiuk <piotras@gmail.com> -Signed-off-by: Benedict Schlueter <benedict.schlueter@rub.de> -Acked-by: Alexei Starovoitov <ast@kernel.org> -Signed-off-by: Sasha Levin <sashal@kernel.org> ---- - include/linux/bpf_verifier.h | 2 +- - kernel/bpf/verifier.c | 87 +++++++++++++----------------------- - 2 files changed, 33 insertions(+), 56 deletions(-) - -diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h -index 2739a6431b9e..3d6fb346dc3b 100644 ---- a/include/linux/bpf_verifier.h -+++ b/include/linux/bpf_verifier.h -@@ -319,8 +319,8 @@ struct bpf_insn_aux_data { - }; - u64 map_key_state; /* constant (32 bit) key tracking for maps */ - int ctx_field_size; /* the ctx field size for load insn, maybe 0 */ -- int sanitize_stack_off; /* stack slot to be cleared */ - u32 seen; /* this insn was processed by the verifier at env->pass_cnt */ -+ bool sanitize_stack_spill; /* subject to Spectre v4 sanitation */ - bool zext_dst; /* this insn zero extends dst reg */ - u8 alu_state; /* used in combination with alu_limit */ - -diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c -index 36bc34fce623..e038d672200e 100644 ---- a/kernel/bpf/verifier.c -+++ b/kernel/bpf/verifier.c -@@ -2297,6 +2297,19 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env, - cur = env->cur_state->frame[env->cur_state->curframe]; - if (value_regno >= 0) - reg = &cur->regs[value_regno]; -+ if (!env->bypass_spec_v4) { -+ bool sanitize = reg && is_spillable_regtype(reg->type); -+ -+ for (i = 0; i < size; i++) { -+ if (state->stack[spi].slot_type[i] == STACK_INVALID) { -+ sanitize = true; -+ break; -+ } -+ } -+ -+ if (sanitize) -+ env->insn_aux_data[insn_idx].sanitize_stack_spill = true; -+ } - - if (reg && size == BPF_REG_SIZE && register_is_bounded(reg) && - !register_is_null(reg) && env->bpf_capable) { -@@ -2319,47 +2332,10 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env, - verbose(env, "invalid size of register spill\n"); - return -EACCES; - } -- - if (state != cur && reg->type == PTR_TO_STACK) { - verbose(env, "cannot spill pointers to stack into stack frame of the caller\n"); - return -EINVAL; - } -- -- if (!env->bypass_spec_v4) { -- bool sanitize = false; -- -- if (state->stack[spi].slot_type[0] == STACK_SPILL && -- register_is_const(&state->stack[spi].spilled_ptr)) -- sanitize = true; -- for (i = 0; i < BPF_REG_SIZE; i++) -- if (state->stack[spi].slot_type[i] == STACK_MISC) { -- sanitize = true; -- break; -- } -- if (sanitize) { -- int *poff = &env->insn_aux_data[insn_idx].sanitize_stack_off; -- int soff = (-spi - 1) * BPF_REG_SIZE; -- -- /* detected reuse of integer stack slot with a pointer -- * which means either llvm is reusing stack slot or -- * an attacker is trying to exploit CVE-2018-3639 -- * (speculative store bypass) -- * Have to sanitize that slot with preemptive -- * store of zero. -- */ -- if (*poff && *poff != soff) { -- /* disallow programs where single insn stores -- * into two different stack slots, since verifier -- * cannot sanitize them -- */ -- verbose(env, -- "insn %d cannot access two stack slots fp%d and fp%d", -- insn_idx, *poff, soff); -- return -EINVAL; -- } -- *poff = soff; -- } -- } - save_register_state(state, spi, reg); - } else { - u8 type = STACK_MISC; -@@ -10947,35 +10923,33 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) - - for (i = 0; i < insn_cnt; i++, insn++) { - bpf_convert_ctx_access_t convert_ctx_access; -+ bool ctx_access; - - if (insn->code == (BPF_LDX | BPF_MEM | BPF_B) || - insn->code == (BPF_LDX | BPF_MEM | BPF_H) || - insn->code == (BPF_LDX | BPF_MEM | BPF_W) || -- insn->code == (BPF_LDX | BPF_MEM | BPF_DW)) -+ insn->code == (BPF_LDX | BPF_MEM | BPF_DW)) { - type = BPF_READ; -- else if (insn->code == (BPF_STX | BPF_MEM | BPF_B) || -- insn->code == (BPF_STX | BPF_MEM | BPF_H) || -- insn->code == (BPF_STX | BPF_MEM | BPF_W) || -- insn->code == (BPF_STX | BPF_MEM | BPF_DW)) -+ ctx_access = true; -+ } else if (insn->code == (BPF_STX | BPF_MEM | BPF_B) || -+ insn->code == (BPF_STX | BPF_MEM | BPF_H) || -+ insn->code == (BPF_STX | BPF_MEM | BPF_W) || -+ insn->code == (BPF_STX | BPF_MEM | BPF_DW) || -+ insn->code == (BPF_ST | BPF_MEM | BPF_B) || -+ insn->code == (BPF_ST | BPF_MEM | BPF_H) || -+ insn->code == (BPF_ST | BPF_MEM | BPF_W) || -+ insn->code == (BPF_ST | BPF_MEM | BPF_DW)) { - type = BPF_WRITE; -- else -+ ctx_access = BPF_CLASS(insn->code) == BPF_STX; -+ } else { - continue; -+ } - - if (type == BPF_WRITE && -- env->insn_aux_data[i + delta].sanitize_stack_off) { -+ env->insn_aux_data[i + delta].sanitize_stack_spill) { - struct bpf_insn patch[] = { -- /* Sanitize suspicious stack slot with zero. -- * There are no memory dependencies for this store, -- * since it's only using frame pointer and immediate -- * constant of zero -- */ -- BPF_ST_MEM(BPF_DW, BPF_REG_FP, -- env->insn_aux_data[i + delta].sanitize_stack_off, -- 0), -- /* the original STX instruction will immediately -- * overwrite the same stack slot with appropriate value -- */ - *insn, -+ BPF_ST_NOSPEC(), - }; - - cnt = ARRAY_SIZE(patch); -@@ -10989,6 +10963,9 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) - continue; - } - -+ if (!ctx_access) -+ continue; -+ - switch (env->insn_aux_data[i + delta].ptr_type) { - case PTR_TO_CTX: - if (!ops->convert_ctx_access) --- -2.30.2 - diff --git a/debian/patches/bugfix/all/bpf-fix-pointer-arithmetic-mask-tightening-under-state-pruning.patch b/debian/patches/bugfix/all/bpf-fix-pointer-arithmetic-mask-tightening-under-state-pruning.patch deleted file mode 100644 index 717ca0d70c3b..000000000000 --- a/debian/patches/bugfix/all/bpf-fix-pointer-arithmetic-mask-tightening-under-state-pruning.patch +++ /dev/null @@ -1,121 +0,0 @@ -From e042aa532c84d18ff13291d00620502ce7a38dda Mon Sep 17 00:00:00 2001 -From: Daniel Borkmann <daniel@iogearbox.net> -Date: Fri, 16 Jul 2021 09:18:21 +0000 -Subject: bpf: Fix pointer arithmetic mask tightening under state pruning - -From: Daniel Borkmann <daniel@iogearbox.net> - -commit e042aa532c84d18ff13291d00620502ce7a38dda upstream. - -In 7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic mask") we -narrowed the offset mask for unprivileged pointer arithmetic in order to -mitigate a corner case where in the speculative domain it is possible to -advance, for example, the map value pointer by up to value_size-1 out-of- -bounds in order to leak kernel memory via side-channel to user space. - -The verifier's state pruning for scalars leaves one corner case open -where in the first verification path R_x holds an unknown scalar with an -aux->alu_limit of e.g. 7, and in a second verification path that same -register R_x, here denoted as R_x', holds an unknown scalar which has -tighter bounds and would thus satisfy range_within(R_x, R_x') as well as -tnum_in(R_x, R_x') for state pruning, yielding an aux->alu_limit of 3: -Given the second path fits the register constraints for pruning, the final -generated mask from aux->alu_limit will remain at 7. While technically -not wrong for the non-speculative domain, it would however be possible -to craft similar cases where the mask would be too wide as in 7fedb63a8307. - -One way to fix it is to detect the presence of unknown scalar map pointer -arithmetic and force a deeper search on unknown scalars to ensure that -we do not run into a masking mismatch. - -Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> -Acked-by: Alexei Starovoitov <ast@kernel.org> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - include/linux/bpf_verifier.h | 1 + - kernel/bpf/verifier.c | 27 +++++++++++++++++---------- - 2 files changed, 18 insertions(+), 10 deletions(-) - ---- a/include/linux/bpf_verifier.h -+++ b/include/linux/bpf_verifier.h -@@ -397,6 +397,7 @@ struct bpf_verifier_env { - struct bpf_map *used_maps[MAX_USED_MAPS]; /* array of map's used by eBPF program */ - u32 used_map_cnt; /* number of used maps */ - u32 id_gen; /* used to generate unique reg IDs */ -+ bool explore_alu_limits; - bool allow_ptr_leaks; - bool allow_uninit_stack; - bool allow_ptr_to_map_access; ---- a/kernel/bpf/verifier.c -+++ b/kernel/bpf/verifier.c -@@ -5792,6 +5792,12 @@ static int sanitize_ptr_alu(struct bpf_v - alu_state |= off_is_imm ? BPF_ALU_IMMEDIATE : 0; - alu_state |= ptr_is_dst_reg ? - BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; -+ -+ /* Limit pruning on unknown scalars to enable deep search for -+ * potential masking differences from other program paths. -+ */ -+ if (!off_is_imm) -+ env->explore_alu_limits = true; - } - - err = update_alu_sanitation_state(aux, alu_state, alu_limit); -@@ -9088,8 +9094,8 @@ next: - } - - /* Returns true if (rold safe implies rcur safe) */ --static bool regsafe(struct bpf_reg_state *rold, struct bpf_reg_state *rcur, -- struct bpf_id_pair *idmap) -+static bool regsafe(struct bpf_verifier_env *env, struct bpf_reg_state *rold, -+ struct bpf_reg_state *rcur, struct bpf_id_pair *idmap) - { - bool equal; - -@@ -9115,6 +9121,8 @@ static bool regsafe(struct bpf_reg_state - return false; - switch (rold->type) { - case SCALAR_VALUE: -+ if (env->explore_alu_limits) -+ return false; - if (rcur->type == SCALAR_VALUE) { - if (!rold->precise && !rcur->precise) - return true; -@@ -9204,9 +9212,8 @@ static bool regsafe(struct bpf_reg_state - return false; - } - --static bool stacksafe(struct bpf_func_state *old, -- struct bpf_func_state *cur, -- struct bpf_id_pair *idmap) -+static bool stacksafe(struct bpf_verifier_env *env, struct bpf_func_state *old, -+ struct bpf_func_state *cur, struct bpf_id_pair *idmap) - { - int i, spi; - -@@ -9251,9 +9258,8 @@ static bool stacksafe(struct bpf_func_st - continue; - if (old->stack[spi].slot_type[0] != STACK_SPILL) - continue; -- if (!regsafe(&old->stack[spi].spilled_ptr, -- &cur->stack[spi].spilled_ptr, -- idmap)) -+ if (!regsafe(env, &old->stack[spi].spilled_ptr, -+ &cur->stack[spi].spilled_ptr, idmap)) - /* when explored and current stack slot are both storing - * spilled registers, check that stored pointers types - * are the same as well. -@@ -9310,10 +9316,11 @@ static bool func_states_equal(struct bpf - - memset(env->idmap_scratch, 0, sizeof(env->idmap_scratch)); - for (i = 0; i < MAX_BPF_REG; i++) -- if (!regsafe(&old->regs[i], &cur->regs[i], env->idmap_scratch)) -+ if (!regsafe(env, &old->regs[i], &cur->regs[i], -+ env->idmap_scratch)) - return false; - -- if (!stacksafe(old, cur, env->idmap_scratch)) -+ if (!stacksafe(env, old, cur, env->idmap_scratch)) - return false; - - if (!refsafe(old, cur)) diff --git a/debian/patches/bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch b/debian/patches/bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch deleted file mode 100644 index fd34a13e0454..000000000000 --- a/debian/patches/bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch +++ /dev/null @@ -1,322 +0,0 @@ -From 4be98754f14316b6ab86ff08b955b892ab146676 Mon Sep 17 00:00:00 2001 -From: Sasha Levin <sashal@kernel.org> -Date: Tue, 13 Jul 2021 08:18:31 +0000 -Subject: bpf: Introduce BPF nospec instruction for mitigating Spectre v4 - -From: Daniel Borkmann <daniel@iogearbox.net> - -[ Upstream commit f5e81d1117501546b7be050c5fbafa6efd2c722c ] - -In case of JITs, each of the JIT backends compiles the BPF nospec instruction -/either/ to a machine instruction which emits a speculation barrier /or/ to -/no/ machine instruction in case the underlying architecture is not affected -by Speculative Store Bypass or has different mitigations in place already. - -This covers both x86 and (implicitly) arm64: In case of x86, we use 'lfence' -instruction for mitigation. In case of arm64, we rely on the firmware mitigation -as controlled via the ssbd kernel parameter. Whenever the mitigation is enabled, -it works for all of the kernel code with no need to provide any additional -instructions here (hence only comment in arm64 JIT). Other archs can follow -as needed. The BPF nospec instruction is specifically targeting Spectre v4 -since i) we don't use a serialization barrier for the Spectre v1 case, and -ii) mitigation instructions for v1 and v4 might be different on some archs. - -The BPF nospec is required for a future commit, where the BPF verifier does -annotate intermediate BPF programs with speculation barriers. - -Co-developed-by: Piotr Krysiuk <piotras@gmail.com> -Co-developed-by: Benedict Schlueter <benedict.schlueter@rub.de> -Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> -Signed-off-by: Piotr Krysiuk <piotras@gmail.com> -Signed-off-by: Benedict Schlueter <benedict.schlueter@rub.de> -Acked-by: Alexei Starovoitov <ast@kernel.org> -Signed-off-by: Sasha Levin <sashal@kernel.org> ---- - arch/arm/net/bpf_jit_32.c | 3 +++ - arch/arm64/net/bpf_jit_comp.c | 13 +++++++++++++ - arch/mips/net/ebpf_jit.c | 3 +++ - arch/powerpc/net/bpf_jit_comp64.c | 6 ++++++ - arch/riscv/net/bpf_jit_comp32.c | 4 ++++ - arch/riscv/net/bpf_jit_comp64.c | 4 ++++ - arch/s390/net/bpf_jit_comp.c | 5 +++++ - arch/sparc/net/bpf_jit_comp_64.c | 3 +++ - arch/x86/net/bpf_jit_comp.c | 7 +++++++ - arch/x86/net/bpf_jit_comp32.c | 6 ++++++ - include/linux/filter.h | 15 +++++++++++++++ - kernel/bpf/core.c | 19 ++++++++++++++++++- - kernel/bpf/disasm.c | 16 +++++++++------- - 13 files changed, 96 insertions(+), 8 deletions(-) - -diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c -index 0207b6ea6e8a..ce8b04326352 100644 ---- a/arch/arm/net/bpf_jit_32.c -+++ b/arch/arm/net/bpf_jit_32.c -@@ -1602,6 +1602,9 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx) - rn = arm_bpf_get_reg32(src_lo, tmp2[1], ctx); - emit_ldx_r(dst, rn, off, ctx, BPF_SIZE(code)); - break; -+ /* speculation barrier */ -+ case BPF_ST | BPF_NOSPEC: -+ break; - /* ST: *(size *)(dst + off) = imm */ - case BPF_ST | BPF_MEM | BPF_W: - case BPF_ST | BPF_MEM | BPF_H: -diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c -index ef9f1d5e989d..345066b8e9fc 100644 ---- a/arch/arm64/net/bpf_jit_comp.c -+++ b/arch/arm64/net/bpf_jit_comp.c -@@ -829,6 +829,19 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx, - return ret; - break; - -+ /* speculation barrier */ -+ case BPF_ST | BPF_NOSPEC: -+ /* -+ * Nothing required here. -+ * -+ * In case of arm64, we rely on the firmware mitigation of -+ * Speculative Store Bypass as controlled via the ssbd kernel -+ * parameter. Whenever the mitigation is enabled, it works -+ * for all of the kernel code with no need to provide any -+ * additional instructions. -+ */ -+ break; -+ - /* ST: *(size *)(dst + off) = imm */ - case BPF_ST | BPF_MEM | BPF_W: - case BPF_ST | BPF_MEM | BPF_H: -diff --git a/arch/mips/net/ebpf_jit.c b/arch/mips/net/ebpf_jit.c -index 561154cbcc40..b31b91e57c34 100644 ---- a/arch/mips/net/ebpf_jit.c -+++ b/arch/mips/net/ebpf_jit.c -@@ -1355,6 +1355,9 @@ static int build_one_insn(const struct bpf_insn *insn, struct jit_ctx *ctx, - } - break; - -+ case BPF_ST | BPF_NOSPEC: /* speculation barrier */ -+ break; -+ - case BPF_ST | BPF_B | BPF_MEM: - case BPF_ST | BPF_H | BPF_MEM: - case BPF_ST | BPF_W | BPF_MEM: -diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c -index 022103c6a201..658ca2bab13c 100644 ---- a/arch/powerpc/net/bpf_jit_comp64.c -+++ b/arch/powerpc/net/bpf_jit_comp64.c -@@ -646,6 +646,12 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, - } - break; - -+ /* -+ * BPF_ST NOSPEC (speculation barrier) -+ */ -+ case BPF_ST | BPF_NOSPEC: -+ break; -+ - /* - * BPF_ST(X) - */ -diff --git a/arch/riscv/net/bpf_jit_comp32.c b/arch/riscv/net/bpf_jit_comp32.c -index 579575f9cdae..f300f93ba645 100644 ---- a/arch/riscv/net/bpf_jit_comp32.c -+++ b/arch/riscv/net/bpf_jit_comp32.c -@@ -1251,6 +1251,10 @@ int bpf_jit_emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx, - return -1; - break; - -+ /* speculation barrier */ -+ case BPF_ST | BPF_NOSPEC: -+ break; -+ - case BPF_ST | BPF_MEM | BPF_B: - case BPF_ST | BPF_MEM | BPF_H: - case BPF_ST | BPF_MEM | BPF_W: -diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c -index 8a56b5293117..c113ae818b14 100644 ---- a/arch/riscv/net/bpf_jit_comp64.c -+++ b/arch/riscv/net/bpf_jit_comp64.c -@@ -939,6 +939,10 @@ int bpf_jit_emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx, - emit_ld(rd, 0, RV_REG_T1, ctx); - break; - -+ /* speculation barrier */ -+ case BPF_ST | BPF_NOSPEC: -+ break; -+ - /* ST: *(size *)(dst + off) = imm */ - case BPF_ST | BPF_MEM | BPF_B: - emit_imm(RV_REG_T1, imm, ctx); -diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c -index fc44dce59536..dee01d3b23a4 100644 ---- a/arch/s390/net/bpf_jit_comp.c -+++ b/arch/s390/net/bpf_jit_comp.c -@@ -1153,6 +1153,11 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, - break; - } - break; -+ /* -+ * BPF_NOSPEC (speculation barrier) -+ */ -+ case BPF_ST | BPF_NOSPEC: -+ break; - /* - * BPF_ST(X) - */ -diff --git a/arch/sparc/net/bpf_jit_comp_64.c b/arch/sparc/net/bpf_jit_comp_64.c -index 3364e2a00989..fef734473c0f 100644 ---- a/arch/sparc/net/bpf_jit_comp_64.c -+++ b/arch/sparc/net/bpf_jit_comp_64.c -@@ -1287,6 +1287,9 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx) - return 1; - break; - } -+ /* speculation barrier */ -+ case BPF_ST | BPF_NOSPEC: -+ break; - /* ST: *(size *)(dst + off) = imm */ - case BPF_ST | BPF_MEM | BPF_W: - case BPF_ST | BPF_MEM | BPF_H: -diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index d5fa77256058..0a962cd6bac1 100644 ---- a/arch/x86/net/bpf_jit_comp.c -+++ b/arch/x86/net/bpf_jit_comp.c -@@ -1141,6 +1141,13 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, - } - break; - -+ /* speculation barrier */ -+ case BPF_ST | BPF_NOSPEC: -+ if (boot_cpu_has(X86_FEATURE_XMM2)) -+ /* Emit 'lfence' */ -+ EMIT3(0x0F, 0xAE, 0xE8); -+ break; -+ - /* ST: *(u8*)(dst_reg + off) = imm */ - case BPF_ST | BPF_MEM | BPF_B: - if (is_ereg(dst_reg)) -diff --git a/arch/x86/net/bpf_jit_comp32.c b/arch/x86/net/bpf_jit_comp32.c -index 2cf4d217840d..4bd0f98df700 100644 ---- a/arch/x86/net/bpf_jit_comp32.c -+++ b/arch/x86/net/bpf_jit_comp32.c -@@ -1705,6 +1705,12 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, - i++; - break; - } -+ /* speculation barrier */ -+ case BPF_ST | BPF_NOSPEC: -+ if (boot_cpu_has(X86_FEATURE_XMM2)) -+ /* Emit 'lfence' */ -+ EMIT3(0x0F, 0xAE, 0xE8); -+ break; - /* ST: *(u8*)(dst_reg + off) = imm */ - case BPF_ST | BPF_MEM | BPF_H: - case BPF_ST | BPF_MEM | BPF_B: -diff --git a/include/linux/filter.h b/include/linux/filter.h -index e2ffa02f9067..822b701c803d 100644 ---- a/include/linux/filter.h -+++ b/include/linux/filter.h -@@ -72,6 +72,11 @@ struct ctl_table_header; - /* unused opcode to mark call to interpreter with arguments */ - #define BPF_CALL_ARGS 0xe0 - -+/* unused opcode to mark speculation barrier for mitigating -+ * Speculative Store Bypass -+ */ -+#define BPF_NOSPEC 0xc0 -+ - /* As per nm, we expose JITed images as text (code) section for - * kallsyms. That way, tools like perf can find it to match - * addresses. -@@ -372,6 +377,16 @@ static inline bool insn_is_zext(const struct bpf_insn *insn) - .off = 0, \ - .imm = 0 }) - -+/* Speculation barrier */ -+ -+#define BPF_ST_NOSPEC() \ -+ ((struct bpf_insn) { \ -+ .code = BPF_ST | BPF_NOSPEC, \ -+ .dst_reg = 0, \ -+ .src_reg = 0, \ -+ .off = 0, \ -+ .imm = 0 }) -+ - /* Internal classic blocks for direct assignment */ - - #define __BPF_STMT(CODE, K) \ -diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c -index 75c2d184018a..d12efb2550d3 100644 ---- a/kernel/bpf/core.c -+++ b/kernel/bpf/core.c -@@ -32,6 +32,8 @@ - #include <linux/perf_event.h> - #include <linux/extable.h> - #include <linux/log2.h> -+ -+#include <asm/barrier.h> - #include <asm/unaligned.h> - - /* Registers */ -@@ -1380,6 +1382,7 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, u64 *stack) - /* Non-UAPI available opcodes. */ - [BPF_JMP | BPF_CALL_ARGS] = &&JMP_CALL_ARGS, - [BPF_JMP | BPF_TAIL_CALL] = &&JMP_TAIL_CALL, -+ [BPF_ST | BPF_NOSPEC] = &&ST_NOSPEC, - [BPF_LDX | BPF_PROBE_MEM | BPF_B] = &&LDX_PROBE_MEM_B, - [BPF_LDX | BPF_PROBE_MEM | BPF_H] = &&LDX_PROBE_MEM_H, - [BPF_LDX | BPF_PROBE_MEM | BPF_W] = &&LDX_PROBE_MEM_W, -@@ -1624,7 +1627,21 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, u64 *stack) - COND_JMP(s, JSGE, >=) - COND_JMP(s, JSLE, <=) - #undef COND_JMP -- /* STX and ST and LDX*/ -+ /* ST, STX and LDX*/ -+ ST_NOSPEC: -+ /* Speculation barrier for mitigating Speculative Store Bypass. -+ * In case of arm64, we rely on the firmware mitigation as -+ * controlled via the ssbd kernel parameter. Whenever the -+ * mitigation is enabled, it works for all of the kernel code -+ * with no need to provide any additional instructions here. -+ * In case of x86, we use 'lfence' insn for mitigation. We -+ * reuse preexisting logic from Spectre v1 mitigation that -+ * happens to produce the required code on x86 for v4 as well. -+ */ -+#ifdef CONFIG_X86 -+ barrier_nospec(); -+#endif -+ CONT; - #define LDST(SIZEOP, SIZE) \ - STX_MEM_##SIZEOP: \ - *(SIZE *)(unsigned long) (DST + insn->off) = SRC; \ -diff --git a/kernel/bpf/disasm.c b/kernel/bpf/disasm.c -index b44d8c447afd..ff1dd7d45b58 100644 ---- a/kernel/bpf/disasm.c -+++ b/kernel/bpf/disasm.c -@@ -162,15 +162,17 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs, - else - verbose(cbs->private_data, "BUG_%02x\n", insn->code); - } else if (class == BPF_ST) { -- if (BPF_MODE(insn->code) != BPF_MEM) { -+ if (BPF_MODE(insn->code) == BPF_MEM) { -+ verbose(cbs->private_data, "(%02x) *(%s *)(r%d %+d) = %d\n", -+ insn->code, -+ bpf_ldst_string[BPF_SIZE(insn->code) >> 3], -+ insn->dst_reg, -+ insn->off, insn->imm); -+ } else if (BPF_MODE(insn->code) == 0xc0 /* BPF_NOSPEC, no UAPI */) { -+ verbose(cbs->private_data, "(%02x) nospec\n", insn->code); -+ } else { - verbose(cbs->private_data, "BUG_st_%02x\n", insn->code); -- return; - } -- verbose(cbs->private_data, "(%02x) *(%s *)(r%d %+d) = %d\n", -- insn->code, -- bpf_ldst_string[BPF_SIZE(insn->code) >> 3], -- insn->dst_reg, -- insn->off, insn->imm); - } else if (class == BPF_LDX) { - if (BPF_MODE(insn->code) != BPF_MEM) { - verbose(cbs->private_data, "BUG_ldx_%02x\n", insn->code); --- -2.30.2 - diff --git a/debian/patches/bugfix/all/bpf-remove-superfluous-aux-sanitation-on-subprog-rejection.patch b/debian/patches/bugfix/all/bpf-remove-superfluous-aux-sanitation-on-subprog-rejection.patch deleted file mode 100644 index e3b5a84476f9..000000000000 --- a/debian/patches/bugfix/all/bpf-remove-superfluous-aux-sanitation-on-subprog-rejection.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 59089a189e3adde4cf85f2ce479738d1ae4c514d Mon Sep 17 00:00:00 2001 -From: Daniel Borkmann <daniel@iogearbox.net> -Date: Tue, 29 Jun 2021 09:39:15 +0000 -Subject: bpf: Remove superfluous aux sanitation on subprog rejection - -From: Daniel Borkmann <daniel@iogearbox.net> - -commit 59089a189e3adde4cf85f2ce479738d1ae4c514d upstream. - -Follow-up to fe9a5ca7e370 ("bpf: Do not mark insn as seen under speculative -path verification"). The sanitize_insn_aux_data() helper does not serve a -particular purpose in today's code. The original intention for the helper -was that if function-by-function verification fails, a given program would -be cleared from temporary insn_aux_data[], and then its verification would -be re-attempted in the context of the main program a second time. - -However, a failure in do_check_subprogs() will skip do_check_main() and -propagate the error to the user instead, thus such situation can never occur. -Given its interaction is not compatible to the Spectre v1 mitigation (due to -comparing aux->seen with env->pass_cnt), just remove sanitize_insn_aux_data() -to avoid future bugs in this area. - -Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> -Acked-by: Alexei Starovoitov <ast@kernel.org> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - kernel/bpf/verifier.c | 34 ---------------------------------- - 1 file changed, 34 deletions(-) - ---- a/kernel/bpf/verifier.c -+++ b/kernel/bpf/verifier.c -@@ -11707,37 +11707,6 @@ static void free_states(struct bpf_verif - } - } - --/* The verifier is using insn_aux_data[] to store temporary data during -- * verification and to store information for passes that run after the -- * verification like dead code sanitization. do_check_common() for subprogram N -- * may analyze many other subprograms. sanitize_insn_aux_data() clears all -- * temporary data after do_check_common() finds that subprogram N cannot be -- * verified independently. pass_cnt counts the number of times -- * do_check_common() was run and insn->aux->seen tells the pass number -- * insn_aux_data was touched. These variables are compared to clear temporary -- * data from failed pass. For testing and experiments do_check_common() can be -- * run multiple times even when prior attempt to verify is unsuccessful. -- * -- * Note that special handling is needed on !env->bypass_spec_v1 if this is -- * ever called outside of error path with subsequent program rejection. -- */ --static void sanitize_insn_aux_data(struct bpf_verifier_env *env) --{ -- struct bpf_insn *insn = env->prog->insnsi; -- struct bpf_insn_aux_data *aux; -- int i, class; -- -- for (i = 0; i < env->prog->len; i++) { -- class = BPF_CLASS(insn[i].code); -- if (class != BPF_LDX && class != BPF_STX) -- continue; -- aux = &env->insn_aux_data[i]; -- if (aux->seen != env->pass_cnt) -- continue; -- memset(aux, 0, offsetof(typeof(*aux), orig_idx)); -- } --} -- - static int do_check_common(struct bpf_verifier_env *env, int subprog) - { - bool pop_log = !(env->log.level & BPF_LOG_LEVEL2); -@@ -11807,9 +11776,6 @@ out: - if (!ret && pop_log) - bpf_vlog_reset(&env->log, 0); - free_states(env); -- if (ret) -- /* clean aux data in case subprog was rejected */ -- sanitize_insn_aux_data(env); - return ret; - } - diff --git a/debian/patches/bugfix/all/bpf-verifier-allocate-idmap-scratch-in-verifier-env.patch b/debian/patches/bugfix/all/bpf-verifier-allocate-idmap-scratch-in-verifier-env.patch deleted file mode 100644 index 020ce21220e7..000000000000 --- a/debian/patches/bugfix/all/bpf-verifier-allocate-idmap-scratch-in-verifier-env.patch +++ /dev/null @@ -1,149 +0,0 @@ -From c9e73e3d2b1eb1ea7ff068e05007eec3bd8ef1c9 Mon Sep 17 00:00:00 2001 -From: Lorenz Bauer <lmb@cloudflare.com> -Date: Thu, 29 Apr 2021 14:46:56 +0100 -Subject: bpf: verifier: Allocate idmap scratch in verifier env - -From: Lorenz Bauer <lmb@cloudflare.com> - -commit c9e73e3d2b1eb1ea7ff068e05007eec3bd8ef1c9 upstream. - -func_states_equal makes a very short lived allocation for idmap, -probably because it's too large to fit on the stack. However the -function is called quite often, leading to a lot of alloc / free -churn. Replace the temporary allocation with dedicated scratch -space in struct bpf_verifier_env. - -Signed-off-by: Lorenz Bauer <lmb@cloudflare.com> -Signed-off-by: Alexei Starovoitov <ast@kernel.org> -Acked-by: Edward Cree <ecree.xilinx@gmail.com> -Link: https://lore.kernel.org/bpf/20210429134656.122225-4-lmb@cloudflare.com -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - include/linux/bpf_verifier.h | 8 +++++++ - kernel/bpf/verifier.c | 46 ++++++++++++++----------------------------- - 2 files changed, 23 insertions(+), 31 deletions(-) - ---- a/include/linux/bpf_verifier.h -+++ b/include/linux/bpf_verifier.h -@@ -204,6 +204,13 @@ struct bpf_idx_pair { - u32 idx; - }; - -+struct bpf_id_pair { -+ u32 old; -+ u32 cur; -+}; -+ -+/* Maximum number of register states that can exist at once */ -+#define BPF_ID_MAP_SIZE (MAX_BPF_REG + MAX_BPF_STACK / BPF_REG_SIZE) - #define MAX_CALL_FRAMES 8 - struct bpf_verifier_state { - /* call stack tracking */ -@@ -401,6 +408,7 @@ struct bpf_verifier_env { - const struct bpf_line_info *prev_linfo; - struct bpf_verifier_log log; - struct bpf_subprog_info subprog_info[BPF_MAX_SUBPROGS + 1]; -+ struct bpf_id_pair idmap_scratch[BPF_ID_MAP_SIZE]; - struct { - int *insn_state; - int *insn_stack; ---- a/kernel/bpf/verifier.c -+++ b/kernel/bpf/verifier.c -@@ -8962,13 +8962,6 @@ static bool range_within(struct bpf_reg_ - old->s32_max_value >= cur->s32_max_value; - } - --/* Maximum number of register states that can exist at once */ --#define ID_MAP_SIZE (MAX_BPF_REG + MAX_BPF_STACK / BPF_REG_SIZE) --struct idpair { -- u32 old; -- u32 cur; --}; -- - /* If in the old state two registers had the same id, then they need to have - * the same id in the new state as well. But that id could be different from - * the old state, so we need to track the mapping from old to new ids. -@@ -8979,11 +8972,11 @@ struct idpair { - * So we look through our idmap to see if this old id has been seen before. If - * so, we require the new id to match; otherwise, we add the id pair to the map. - */ --static bool check_ids(u32 old_id, u32 cur_id, struct idpair *idmap) -+static bool check_ids(u32 old_id, u32 cur_id, struct bpf_id_pair *idmap) - { - unsigned int i; - -- for (i = 0; i < ID_MAP_SIZE; i++) { -+ for (i = 0; i < BPF_ID_MAP_SIZE; i++) { - if (!idmap[i].old) { - /* Reached an empty slot; haven't seen this id before */ - idmap[i].old = old_id; -@@ -9096,7 +9089,7 @@ next: - - /* Returns true if (rold safe implies rcur safe) */ - static bool regsafe(struct bpf_reg_state *rold, struct bpf_reg_state *rcur, -- struct idpair *idmap) -+ struct bpf_id_pair *idmap) - { - bool equal; - -@@ -9213,7 +9206,7 @@ static bool regsafe(struct bpf_reg_state - - static bool stacksafe(struct bpf_func_state *old, - struct bpf_func_state *cur, -- struct idpair *idmap) -+ struct bpf_id_pair *idmap) - { - int i, spi; - -@@ -9310,32 +9303,23 @@ static bool refsafe(struct bpf_func_stat - * whereas register type in current state is meaningful, it means that - * the current state will reach 'bpf_exit' instruction safely - */ --static bool func_states_equal(struct bpf_func_state *old, -+static bool func_states_equal(struct bpf_verifier_env *env, struct bpf_func_state *old, - struct bpf_func_state *cur) - { -- struct idpair *idmap; -- bool ret = false; - int i; - -- idmap = kcalloc(ID_MAP_SIZE, sizeof(struct idpair), GFP_KERNEL); -- /* If we failed to allocate the idmap, just say it's not safe */ -- if (!idmap) -- return false; -- -- for (i = 0; i < MAX_BPF_REG; i++) { -- if (!regsafe(&old->regs[i], &cur->regs[i], idmap)) -- goto out_free; -- } -+ memset(env->idmap_scratch, 0, sizeof(env->idmap_scratch)); -+ for (i = 0; i < MAX_BPF_REG; i++) -+ if (!regsafe(&old->regs[i], &cur->regs[i], env->idmap_scratch)) -+ return false; - -- if (!stacksafe(old, cur, idmap)) -- goto out_free; -+ if (!stacksafe(old, cur, env->idmap_scratch)) -+ return false; - - if (!refsafe(old, cur)) -- goto out_free; -- ret = true; --out_free: -- kfree(idmap); -- return ret; -+ return false; -+ -+ return true; - } - - static bool states_equal(struct bpf_verifier_env *env, -@@ -9362,7 +9346,7 @@ static bool states_equal(struct bpf_veri - for (i = 0; i <= old->curframe; i++) { - if (old->frame[i]->callsite != cur->frame[i]->callsite) - return false; -- if (!func_states_equal(old->frame[i], cur->frame[i])) -+ if (!func_states_equal(env, old->frame[i], cur->frame[i])) - return false; - } - return true; diff --git a/debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch b/debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch index 3f2d75a6a1fd..3dd3c68bac41 100644 --- a/debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch +++ b/debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch @@ -19,12 +19,12 @@ Signed-off-by: Ben Hutchings <benh@debian.org> --- --- a/tools/bpf/bpftool/Makefile +++ b/tools/bpf/bpftool/Makefile -@@ -25,7 +25,7 @@ endif +@@ -31,7 +31,7 @@ + LIBBPF_BOOTSTRAP = $(LIBBPF_BOOTSTRAP_OUTPUT)libbpf.a - LIBBPF = $(LIBBPF_PATH)libbpf.a + ifeq ($(BPFTOOL_VERSION),) +-BPFTOOL_VERSION := $(shell make -rR --no-print-directory -sC ../../.. kernelversion) ++BPFTOOL_VERSION := $(shell MAKEFLAGS= make -rR --no-print-directory -sC ../../.. kernelversion) + endif --BPFTOOL_VERSION ?= $(shell make -rR --no-print-directory -sC ../../.. kernelversion) -+BPFTOOL_VERSION ?= $(shell MAKEFLAGS= make -rR --no-print-directory -sC ../../.. kernelversion) - - $(LIBBPF): FORCE - $(if $(LIBBPF_OUTPUT),@mkdir -p $(LIBBPF_OUTPUT)) + $(LIBBPF_OUTPUT) $(BOOTSTRAP_OUTPUT) $(LIBBPF_BOOTSTRAP_OUTPUT): diff --git a/debian/patches/bugfix/all/can-bcm-delay-release-of-struct-bcm_op-after-synchro.patch b/debian/patches/bugfix/all/can-bcm-delay-release-of-struct-bcm_op-after-synchro.patch deleted file mode 100644 index 26a9d13b4359..000000000000 --- a/debian/patches/bugfix/all/can-bcm-delay-release-of-struct-bcm_op-after-synchro.patch +++ /dev/null @@ -1,64 +0,0 @@ -From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> -Date: Sat, 19 Jun 2021 13:18:13 -0300 -Subject: can: bcm: delay release of struct bcm_op after synchronize_rcu() -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=d5f9023fa61ee8b94f37a93f08e94b136cf1e463 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3609 - -can_rx_register() callbacks may be called concurrently to the call to -can_rx_unregister(). The callbacks and callback data, though, are -protected by RCU and the struct sock reference count. - -So the callback data is really attached to the life of sk, meaning -that it should be released on sk_destruct. However, bcm_remove_op() -calls tasklet_kill(), and RCU callbacks may be called under RCU -softirq, so that cannot be used on kernels before the introduction of -HRTIMER_MODE_SOFT. - -However, bcm_rx_handler() is called under RCU protection, so after -calling can_rx_unregister(), we may call synchronize_rcu() in order to -wait for any RCU read-side critical sections to finish. That is, -bcm_rx_handler() won't be called anymore for those ops. So, we only -free them, after we do that synchronize_rcu(). - -Fixes: ffd980f976e7 ("[CAN]: Add broadcast manager (bcm) protocol") -Link: https://lore.kernel.org/r/20210619161813.2098382-1-cascardo@canonical.com -Cc: linux-stable <stable@vger.kernel.org> -Reported-by: syzbot+0f7e7e5e2f4f40fa89c0@syzkaller.appspotmail.com -Reported-by: Norbert Slusarek <nslusarek@gmx.net> -Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> -Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> ---- - net/can/bcm.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/net/can/bcm.c b/net/can/bcm.c -index f3e4d9528fa38..0928a39c4423b 100644 ---- a/net/can/bcm.c -+++ b/net/can/bcm.c -@@ -785,6 +785,7 @@ static int bcm_delete_rx_op(struct list_head *ops, struct bcm_msg_head *mh, - bcm_rx_handler, op); - - list_del(&op->list); -+ synchronize_rcu(); - bcm_remove_op(op); - return 1; /* done */ - } -@@ -1533,9 +1534,13 @@ static int bcm_release(struct socket *sock) - REGMASK(op->can_id), - bcm_rx_handler, op); - -- bcm_remove_op(op); - } - -+ synchronize_rcu(); -+ -+ list_for_each_entry_safe(op, next, &bo->rx_ops, list) -+ bcm_remove_op(op); -+ - #if IS_ENABLED(CONFIG_PROC_FS) - /* remove procfs entry */ - if (net->can.bcmproc_dir && bo->bcm_proc_read) --- -2.32.0 - diff --git a/debian/patches/bugfix/all/disable-some-marvell-phys.patch b/debian/patches/bugfix/all/disable-some-marvell-phys.patch index 31fd6bf141d0..9c4987116ae3 100644 --- a/debian/patches/bugfix/all/disable-some-marvell-phys.patch +++ b/debian/patches/bugfix/all/disable-some-marvell-phys.patch @@ -16,7 +16,7 @@ correctness. --- a/drivers/net/phy/marvell.c +++ b/drivers/net/phy/marvell.c -@@ -1006,6 +1006,7 @@ static int m88e1118_config_init(struct p +@@ -1262,6 +1262,7 @@ return genphy_soft_reset(phydev); } @@ -24,7 +24,7 @@ correctness. static int m88e1149_config_init(struct phy_device *phydev) { int err; -@@ -1031,7 +1032,9 @@ static int m88e1149_config_init(struct p +@@ -1287,7 +1288,9 @@ return genphy_soft_reset(phydev); } @@ -34,7 +34,7 @@ correctness. static int m88e1145_config_init_rgmii(struct phy_device *phydev) { int err; -@@ -1106,6 +1109,7 @@ static int m88e1145_config_init(struct p +@@ -1365,6 +1368,7 @@ return 0; } @@ -42,7 +42,7 @@ correctness. static int m88e1540_get_fld(struct phy_device *phydev, u8 *msecs) { -@@ -2272,6 +2276,7 @@ static struct phy_driver marvell_drivers +@@ -2853,6 +2857,7 @@ .get_strings = marvell_get_strings, .get_stats = marvell_get_stats, }, @@ -50,7 +50,7 @@ correctness. { .phy_id = MARVELL_PHY_ID_88E1145, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2293,6 +2298,8 @@ static struct phy_driver marvell_drivers +@@ -2873,6 +2878,8 @@ .get_tunable = m88e1111_get_tunable, .set_tunable = m88e1111_set_tunable, }, @@ -59,7 +59,7 @@ correctness. { .phy_id = MARVELL_PHY_ID_88E1149R, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2311,6 +2318,8 @@ static struct phy_driver marvell_drivers +@@ -2891,6 +2898,8 @@ .get_strings = marvell_get_strings, .get_stats = marvell_get_stats, }, @@ -68,16 +68,16 @@ correctness. { .phy_id = MARVELL_PHY_ID_88E1240, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2329,6 +2338,7 @@ static struct phy_driver marvell_drivers - .get_strings = marvell_get_strings, - .get_stats = marvell_get_stats, +@@ -2911,6 +2920,7 @@ + .get_tunable = m88e1011_get_tunable, + .set_tunable = m88e1011_set_tunable, }, +#endif { .phy_id = MARVELL_PHY_ID_88E1116R, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2469,9 +2479,9 @@ static struct mdio_device_id __maybe_unu - { MARVELL_PHY_ID_88E1111, MARVELL_PHY_ID_MASK }, +@@ -3163,9 +3173,9 @@ + { MARVELL_PHY_ID_88E1111_FINISAR, MARVELL_PHY_ID_MASK }, { MARVELL_PHY_ID_88E1118, MARVELL_PHY_ID_MASK }, { MARVELL_PHY_ID_88E1121R, MARVELL_PHY_ID_MASK }, - { MARVELL_PHY_ID_88E1145, MARVELL_PHY_ID_MASK }, diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch index bb3a8c1fa3ff..d88c53d3ea45 100644 --- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -11,7 +11,7 @@ upstream submission. --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c -@@ -901,10 +901,8 @@ static enum ucode_state request_microcod +@@ -900,10 +900,8 @@ if (c->x86 >= 0x15) snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); @@ -25,7 +25,7 @@ upstream submission. if (!verify_container(fw->data, fw->size, false)) --- a/drivers/atm/ambassador.c +++ b/drivers/atm/ambassador.c -@@ -1914,10 +1914,8 @@ static int ucode_init(loader_block *lb, +@@ -1914,10 +1914,8 @@ int res; res = request_ihex_firmware(&fw, "atmsar11.fw", &dev->pci_dev->dev); @@ -39,7 +39,7 @@ upstream submission. rec = (const struct ihex_binrec *)fw->data; --- a/drivers/atm/fore200e.c +++ b/drivers/atm/fore200e.c -@@ -2400,10 +2400,9 @@ static int fore200e_load_and_start_fw(st +@@ -2397,10 +2397,9 @@ int err; sprintf(buf, "%s%s", fore200e->bus->proc_name, FW_EXT); @@ -54,7 +54,7 @@ upstream submission. fw_size = firmware->size / sizeof(u32); --- a/drivers/bluetooth/ath3k.c +++ b/drivers/bluetooth/ath3k.c -@@ -382,10 +382,8 @@ static int ath3k_load_patch(struct usb_d +@@ -382,10 +382,8 @@ le32_to_cpu(fw_version.rom_version)); ret = request_firmware(&firmware, filename, &udev->dev); @@ -66,7 +66,7 @@ upstream submission. pt_rom_version = get_unaligned_le32(firmware->data + firmware->size - 8); -@@ -445,10 +443,8 @@ static int ath3k_load_syscfg(struct usb_ +@@ -445,10 +443,8 @@ le32_to_cpu(fw_version.rom_version), clk_value, ".dfu"); ret = request_firmware(&firmware, filename, &udev->dev); @@ -80,7 +80,7 @@ upstream submission. release_firmware(firmware); --- a/drivers/bluetooth/bcm203x.c +++ b/drivers/bluetooth/bcm203x.c -@@ -174,7 +174,6 @@ static int bcm203x_probe(struct usb_inte +@@ -174,7 +174,6 @@ return -ENOMEM; if (request_firmware(&firmware, "BCM2033-MD.hex", &udev->dev) < 0) { @@ -88,7 +88,7 @@ upstream submission. usb_free_urb(data->urb); return -EIO; } -@@ -199,7 +198,6 @@ static int bcm203x_probe(struct usb_inte +@@ -199,7 +198,6 @@ release_firmware(firmware); if (request_firmware(&firmware, "BCM2033-FW.bin", &udev->dev) < 0) { @@ -98,7 +98,7 @@ upstream submission. return -EIO; --- a/drivers/bluetooth/bfusb.c +++ b/drivers/bluetooth/bfusb.c -@@ -636,10 +636,8 @@ static int bfusb_probe(struct usb_interf +@@ -636,10 +636,8 @@ skb_queue_head_init(&data->pending_q); skb_queue_head_init(&data->completed_q); @@ -112,7 +112,7 @@ upstream submission. --- a/drivers/bluetooth/bt3c_cs.c +++ b/drivers/bluetooth/bt3c_cs.c -@@ -569,10 +569,8 @@ static int bt3c_open(struct bt3c_info *i +@@ -569,10 +569,8 @@ /* Load firmware */ err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev); @@ -126,7 +126,7 @@ upstream submission. --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c -@@ -483,8 +483,6 @@ static int btmrvl_sdio_download_helper(s +@@ -483,8 +483,6 @@ ret = request_firmware(&fw_helper, card->helper, &card->func->dev); if ((ret < 0) || !fw_helper) { @@ -135,7 +135,7 @@ upstream submission. ret = -ENOENT; goto done; } -@@ -583,8 +581,6 @@ static int btmrvl_sdio_download_fw_w_hel +@@ -583,8 +581,6 @@ ret = request_firmware(&fw_firmware, card->firmware, &card->func->dev); if ((ret < 0) || !fw_firmware) { @@ -146,7 +146,7 @@ upstream submission. } --- a/drivers/char/dsp56k.c +++ b/drivers/char/dsp56k.c -@@ -140,11 +140,8 @@ static int dsp56k_upload(u_char __user * +@@ -140,11 +140,8 @@ } err = request_firmware(&fw, fw_name, &pdev->dev); platform_device_unregister(pdev); @@ -161,7 +161,7 @@ upstream submission. fw->size, fw_name); --- a/drivers/dma/imx-sdma.c +++ b/drivers/dma/imx-sdma.c -@@ -1733,11 +1733,8 @@ static void sdma_load_firmware(const str +@@ -1702,11 +1702,8 @@ const struct sdma_script_start_addrs *addr; unsigned short *ram_code; @@ -176,7 +176,7 @@ upstream submission. goto err_firmware; --- a/drivers/gpu/drm/mga/mga_warp.c +++ b/drivers/gpu/drm/mga/mga_warp.c -@@ -77,11 +77,8 @@ int mga_warp_install_microcode(drm_mga_p +@@ -77,11 +77,8 @@ } rc = request_ihex_firmware(&fw, firmware_name, &pdev->dev); platform_device_unregister(pdev); @@ -191,7 +191,7 @@ upstream submission. where = 0; --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c -@@ -2445,10 +2445,8 @@ gf100_gr_load_fw(struct gf100_gr *gr, co +@@ -2445,10 +2445,8 @@ if (ret) { snprintf(f, sizeof(f), "nouveau/%s", name); ret = request_firmware(&fw, f, device->dev); @@ -205,7 +205,7 @@ upstream submission. blob->size = fw->size; --- a/drivers/gpu/drm/r128/r128_cce.c +++ b/drivers/gpu/drm/r128/r128_cce.c -@@ -162,11 +162,8 @@ static int r128_cce_load_microcode(drm_r +@@ -162,11 +162,8 @@ } rc = request_firmware(&fw, FIRMWARE_NAME, &pdev->dev); platform_device_unregister(pdev); @@ -220,7 +220,7 @@ upstream submission. pr_err("r128_cce: Bogus length %zu in firmware \"%s\"\n", --- a/drivers/gpu/drm/radeon/ni.c +++ b/drivers/gpu/drm/radeon/ni.c -@@ -833,9 +833,6 @@ int ni_init_microcode(struct radeon_devi +@@ -820,9 +820,6 @@ out: if (err) { @@ -232,7 +232,7 @@ upstream submission. release_firmware(rdev->me_fw); --- a/drivers/gpu/drm/radeon/r100.c +++ b/drivers/gpu/drm/radeon/r100.c -@@ -1047,9 +1047,7 @@ static int r100_cp_init_microcode(struct +@@ -1047,9 +1047,7 @@ } err = request_firmware(&rdev->me_fw, fw_name, rdev->dev); @@ -245,7 +245,7 @@ upstream submission. err = -EINVAL; --- a/drivers/gpu/drm/radeon/r600.c +++ b/drivers/gpu/drm/radeon/r600.c -@@ -2599,9 +2599,6 @@ int r600_init_microcode(struct radeon_de +@@ -2600,9 +2600,6 @@ out: if (err) { @@ -257,7 +257,7 @@ upstream submission. release_firmware(rdev->me_fw); --- a/drivers/infiniband/hw/qib/qib_sd7220.c +++ b/drivers/infiniband/hw/qib/qib_sd7220.c -@@ -406,10 +406,8 @@ int qib_sd7220_init(struct qib_devdata * +@@ -406,10 +406,8 @@ } ret = request_firmware(&fw, SD7220_FW_NAME, &dd->pcidev->dev); @@ -271,7 +271,7 @@ upstream submission. ret = qib_ibsd_ucode_loaded(dd->pport, fw); --- a/drivers/input/touchscreen/atmel_mxt_ts.c +++ b/drivers/input/touchscreen/atmel_mxt_ts.c -@@ -2827,10 +2827,8 @@ static int mxt_load_fw(struct device *de +@@ -2870,10 +2870,8 @@ int ret; ret = request_firmware(&fw, fn, dev); @@ -285,7 +285,7 @@ upstream submission. ret = mxt_check_firmware_format(dev, fw); --- a/drivers/isdn/hardware/mISDN/speedfax.c +++ b/drivers/isdn/hardware/mISDN/speedfax.c -@@ -379,11 +379,8 @@ setup_instance(struct sfax_hw *card) +@@ -379,11 +379,8 @@ card->isar.owner = THIS_MODULE; err = request_firmware(&firmware, "isdn/ISAR.BIN", &card->pdev->dev); @@ -300,7 +300,7 @@ upstream submission. card->name, firmware->size); --- a/drivers/media/common/siano/smscoreapi.c +++ b/drivers/media/common/siano/smscoreapi.c -@@ -1156,10 +1156,8 @@ static int smscore_load_firmware_from_fi +@@ -1152,10 +1152,8 @@ return -EINVAL; rc = request_firmware(&fw, fw_filename, coredev->device); @@ -314,7 +314,7 @@ upstream submission. SMS_ALLOC_ALIGNMENT), GFP_KERNEL | coredev->gfp_buf_flags); --- a/drivers/media/dvb-frontends/af9013.c +++ b/drivers/media/dvb-frontends/af9013.c -@@ -1049,14 +1049,8 @@ static int af9013_download_firmware(stru +@@ -1049,14 +1049,8 @@ /* Request the firmware, will block and timeout */ ret = request_firmware(&firmware, name, &client->dev); @@ -332,7 +332,7 @@ upstream submission. for (i = 0; i < firmware->size; i++) --- a/drivers/media/dvb-frontends/bcm3510.c +++ b/drivers/media/dvb-frontends/bcm3510.c -@@ -636,10 +636,9 @@ static int bcm3510_download_firmware(str +@@ -636,10 +636,9 @@ int ret,i; deb_info("requesting firmware\n"); @@ -347,7 +347,7 @@ upstream submission. b = fw->data; --- a/drivers/media/dvb-frontends/cx24116.c +++ b/drivers/media/dvb-frontends/cx24116.c -@@ -479,13 +479,8 @@ static int cx24116_firmware_ondemand(str +@@ -479,13 +479,8 @@ __func__, CX24116_DEFAULT_FIRMWARE); ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE, state->i2c->dev.parent); @@ -364,7 +364,7 @@ upstream submission. * during loading */ --- a/drivers/media/dvb-frontends/drxd_hard.c +++ b/drivers/media/dvb-frontends/drxd_hard.c -@@ -891,10 +891,8 @@ static int load_firmware(struct drxd_sta +@@ -891,10 +891,8 @@ { const struct firmware *fw; @@ -378,7 +378,7 @@ upstream submission. if (!state->microcode) { --- a/drivers/media/dvb-frontends/drxk_hard.c +++ b/drivers/media/dvb-frontends/drxk_hard.c -@@ -6259,10 +6259,6 @@ static void load_firmware_cb(const struc +@@ -6260,10 +6260,6 @@ dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded"); if (!fw) { @@ -391,7 +391,7 @@ upstream submission. /* --- a/drivers/media/dvb-frontends/ds3000.c +++ b/drivers/media/dvb-frontends/ds3000.c -@@ -348,12 +348,8 @@ static int ds3000_firmware_ondemand(stru +@@ -348,12 +348,8 @@ DS3000_DEFAULT_FIRMWARE); ret = request_firmware(&fw, DS3000_DEFAULT_FIRMWARE, state->i2c->dev.parent); @@ -407,7 +407,7 @@ upstream submission. if (ret) --- a/drivers/media/dvb-frontends/nxt200x.c +++ b/drivers/media/dvb-frontends/nxt200x.c -@@ -876,12 +876,8 @@ static int nxt2002_init(struct dvb_front +@@ -861,12 +861,8 @@ __func__, NXT2002_DEFAULT_FIRMWARE); ret = request_firmware(&fw, NXT2002_DEFAULT_FIRMWARE, state->i2c->dev.parent); @@ -421,7 +421,7 @@ upstream submission. ret = nxt2002_load_firmware(fe, fw); release_firmware(fw); -@@ -943,12 +939,8 @@ static int nxt2004_init(struct dvb_front +@@ -928,12 +924,8 @@ __func__, NXT2004_DEFAULT_FIRMWARE); ret = request_firmware(&fw, NXT2004_DEFAULT_FIRMWARE, state->i2c->dev.parent); @@ -437,7 +437,7 @@ upstream submission. release_firmware(fw); --- a/drivers/media/dvb-frontends/or51132.c +++ b/drivers/media/dvb-frontends/or51132.c -@@ -326,10 +326,8 @@ static int or51132_set_parameters(struct +@@ -326,10 +326,8 @@ printk("or51132: Waiting for firmware upload(%s)...\n", fwname); ret = request_firmware(&fw, fwname, state->i2c->dev.parent); @@ -451,7 +451,7 @@ upstream submission. if (ret) { --- a/drivers/media/dvb-frontends/or51211.c +++ b/drivers/media/dvb-frontends/or51211.c -@@ -361,11 +361,8 @@ static int or51211_init(struct dvb_front +@@ -361,11 +361,8 @@ OR51211_DEFAULT_FIRMWARE); ret = config->request_firmware(fe, &fw, OR51211_DEFAULT_FIRMWARE); @@ -466,7 +466,7 @@ upstream submission. release_firmware(fw); --- a/drivers/media/dvb-frontends/sp8870.c +++ b/drivers/media/dvb-frontends/sp8870.c -@@ -304,10 +304,8 @@ static int sp8870_init (struct dvb_front +@@ -304,10 +304,8 @@ /* request the firmware, this will block until someone uploads it */ printk("sp8870: waiting for firmware upload (%s)...\n", SP8870_DEFAULT_FIRMWARE); @@ -480,7 +480,7 @@ upstream submission. printk("sp8870: writing firmware to device failed\n"); --- a/drivers/media/dvb-frontends/sp887x.c +++ b/drivers/media/dvb-frontends/sp887x.c -@@ -527,10 +527,8 @@ static int sp887x_init(struct dvb_fronte +@@ -527,10 +527,8 @@ /* request the firmware, this will block until someone uploads it */ printk("sp887x: waiting for firmware upload (%s)...\n", SP887X_DEFAULT_FIRMWARE); ret = state->config->request_firmware(fe, &fw, SP887X_DEFAULT_FIRMWARE); @@ -494,7 +494,7 @@ upstream submission. release_firmware(fw); --- a/drivers/media/dvb-frontends/tda10048.c +++ b/drivers/media/dvb-frontends/tda10048.c -@@ -483,8 +483,6 @@ static int tda10048_firmware_upload(stru +@@ -483,8 +483,6 @@ ret = request_firmware(&fw, TDA10048_DEFAULT_FIRMWARE, state->i2c->dev.parent); if (ret) { @@ -505,7 +505,7 @@ upstream submission. printk(KERN_INFO "%s: firmware read %zu bytes.\n", --- a/drivers/media/dvb-frontends/tda1004x.c +++ b/drivers/media/dvb-frontends/tda1004x.c -@@ -388,10 +388,8 @@ static int tda10045_fwupload(struct dvb_ +@@ -388,10 +388,8 @@ /* request the firmware, this will block until someone uploads it */ printk(KERN_INFO "tda1004x: waiting for firmware upload (%s)...\n", TDA10045_DEFAULT_FIRMWARE); ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); @@ -517,7 +517,7 @@ upstream submission. /* reset chip */ tda1004x_write_mask(state, TDA1004X_CONFC4, 0x10, 0); -@@ -532,7 +530,6 @@ static int tda10046_fwupload(struct dvb_ +@@ -532,7 +530,6 @@ /* remain compatible to old bug: try to load with tda10045 image name */ ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); if (ret) { @@ -527,7 +527,7 @@ upstream submission. printk(KERN_INFO "tda1004x: please rename the firmware file to %s\n", --- a/drivers/media/dvb-frontends/tda10071.c +++ b/drivers/media/dvb-frontends/tda10071.c -@@ -838,12 +838,8 @@ static int tda10071_init(struct dvb_fron +@@ -838,12 +838,8 @@ /* request the firmware, this will block and timeout */ ret = request_firmware(&fw, fw_file, &client->dev); @@ -543,7 +543,7 @@ upstream submission. for (i = 0; i < ARRAY_SIZE(tab2); i++) { --- a/drivers/media/i2c/cx25840/cx25840-firmware.c +++ b/drivers/media/i2c/cx25840/cx25840-firmware.c -@@ -113,10 +113,8 @@ int cx25840_loadfw(struct i2c_client *cl +@@ -113,10 +113,8 @@ if (is_cx231xx(state) && max_buf_size > 16) max_buf_size = 16; @@ -557,7 +557,7 @@ upstream submission. --- a/drivers/media/pci/bt8xx/bttv-cards.c +++ b/drivers/media/pci/bt8xx/bttv-cards.c -@@ -3904,10 +3904,8 @@ static int pvr_boot(struct bttv *btv) +@@ -3904,10 +3904,8 @@ int rc; rc = request_firmware(&fw_entry, "hcwamc.rbf", &btv->c.pci->dev); @@ -571,7 +571,7 @@ upstream submission. btv->c.nr, (rc < 0) ? "failed" : "ok"); --- a/drivers/media/pci/cx18/cx18-av-firmware.c +++ b/drivers/media/pci/cx18/cx18-av-firmware.c -@@ -70,10 +70,8 @@ int cx18_av_loadfw(struct cx18 *cx) +@@ -70,10 +70,8 @@ int i; int retries1 = 0; @@ -585,7 +585,7 @@ upstream submission. retries, both at byte level and at the firmware load level. */ --- a/drivers/media/pci/cx18/cx18-dvb.c +++ b/drivers/media/pci/cx18/cx18-dvb.c -@@ -127,9 +127,7 @@ static int yuan_mpc718_mt352_reqfw(struc +@@ -127,9 +127,7 @@ int ret; ret = request_firmware(fw, fn, &cx->pci_dev->dev); @@ -598,7 +598,7 @@ upstream submission. CX18_ERR("Firmware %s has a bad size: %lu bytes\n", --- a/drivers/media/pci/cx18/cx18-firmware.c +++ b/drivers/media/pci/cx18/cx18-firmware.c -@@ -92,11 +92,8 @@ static int load_cpu_fw_direct(const char +@@ -92,11 +92,8 @@ u32 __iomem *dst = (u32 __iomem *)mem; const u32 *src; @@ -611,7 +611,7 @@ upstream submission. src = (const u32 *)fw->data; -@@ -137,8 +134,6 @@ static int load_apu_fw_direct(const char +@@ -137,8 +134,6 @@ int sz; if (request_firmware(&fw, fn, &cx->pci_dev->dev)) { @@ -622,7 +622,7 @@ upstream submission. } --- a/drivers/media/pci/cx23885/cx23885-417.c +++ b/drivers/media/pci/cx23885/cx23885-417.c -@@ -920,12 +920,8 @@ static int cx23885_load_firmware(struct +@@ -920,12 +920,8 @@ retval = request_firmware(&firmware, CX23885_FIRM_IMAGE_NAME, &dev->pci->dev); @@ -638,7 +638,7 @@ upstream submission. pr_err("ERROR: Firmware size mismatch (have %zu, expected %d)\n", --- a/drivers/media/pci/cx23885/cx23885-cards.c +++ b/drivers/media/pci/cx23885/cx23885-cards.c -@@ -2480,10 +2480,7 @@ void cx23885_card_setup(struct cx23885_d +@@ -2480,10 +2480,7 @@ cinfo.rev, filename); ret = request_firmware(&fw, filename, &dev->pci->dev); @@ -652,7 +652,7 @@ upstream submission. release_firmware(fw); --- a/drivers/media/pci/cx88/cx88-blackbird.c +++ b/drivers/media/pci/cx88/cx88-blackbird.c -@@ -462,12 +462,8 @@ static int blackbird_load_firmware(struc +@@ -462,12 +462,8 @@ retval = request_firmware(&firmware, CX2341X_FIRM_ENC_FILENAME, &dev->pci->dev); @@ -668,7 +668,7 @@ upstream submission. pr_err("Firmware size mismatch (have %zd, expected %d)\n", --- a/drivers/media/pci/ivtv/ivtv-firmware.c +++ b/drivers/media/pci/ivtv/ivtv-firmware.c -@@ -68,8 +68,6 @@ retry: +@@ -68,8 +68,6 @@ release_firmware(fw); return size; } @@ -679,7 +679,7 @@ upstream submission. --- a/drivers/media/pci/ngene/ngene-core.c +++ b/drivers/media/pci/ngene/ngene-core.c -@@ -1236,19 +1236,14 @@ static int ngene_load_firm(struct ngene +@@ -1236,19 +1236,14 @@ break; } @@ -702,7 +702,7 @@ upstream submission. } --- a/drivers/media/pci/saa7164/saa7164-fw.c +++ b/drivers/media/pci/saa7164/saa7164-fw.c -@@ -406,11 +406,8 @@ int saa7164_downloadfirmware(struct saa7 +@@ -406,11 +406,8 @@ __func__, fwname); ret = request_firmware(&fw, fwname, &dev->pci->dev); @@ -717,7 +717,7 @@ upstream submission. __func__, fw->size); --- a/drivers/media/pci/ttpci/av7110.c +++ b/drivers/media/pci/ttpci/av7110.c -@@ -1501,13 +1501,8 @@ static int get_firmware(struct av7110* a +@@ -1502,13 +1502,8 @@ /* request the av7110 firmware, this will block until someone uploads it */ ret = request_firmware(&fw, "dvb-ttpci-01.fw", &av7110->dev->pci->dev); if (ret) { @@ -735,7 +735,7 @@ upstream submission. --- a/drivers/media/pci/ttpci/av7110_hw.c +++ b/drivers/media/pci/ttpci/av7110_hw.c -@@ -235,11 +235,8 @@ int av7110_bootarm(struct av7110 *av7110 +@@ -235,11 +235,8 @@ //saa7146_setgpio(dev, 3, SAA7146_GPIO_INPUT); ret = request_firmware(&fw, fw_name, &dev->pci->dev); @@ -750,7 +750,7 @@ upstream submission. release_firmware(fw); --- a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c +++ b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c -@@ -65,10 +65,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc +@@ -65,10 +65,8 @@ } } @@ -764,7 +764,7 @@ upstream submission. release_firmware(fw_blob); --- a/drivers/media/radio/radio-wl1273.c +++ b/drivers/media/radio/radio-wl1273.c -@@ -502,11 +502,8 @@ static int wl1273_fm_upload_firmware_pat +@@ -502,11 +502,8 @@ * Uploading the firmware patch is not always necessary, * so we only print an info message. */ @@ -779,7 +779,7 @@ upstream submission. packet_num = ptr[0]; --- a/drivers/media/radio/wl128x/fmdrv_common.c +++ b/drivers/media/radio/wl128x/fmdrv_common.c -@@ -1240,10 +1240,8 @@ static int fm_download_firmware(struct f +@@ -1240,10 +1240,8 @@ ret = request_firmware(&fw_entry, fw_name, &fmdev->radio_dev->dev); @@ -793,7 +793,7 @@ upstream submission. fw_data = (void *)fw_entry->data; --- a/drivers/media/tuners/tuner-xc2028.c +++ b/drivers/media/tuners/tuner-xc2028.c -@@ -1366,7 +1366,6 @@ static void load_firmware_cb(const struc +@@ -1366,7 +1366,6 @@ tuner_dbg("request_firmware_nowait(): %s\n", fw ? "OK" : "error"); if (!fw) { @@ -803,7 +803,7 @@ upstream submission. } --- a/drivers/media/usb/cpia2/cpia2_core.c +++ b/drivers/media/usb/cpia2/cpia2_core.c -@@ -912,11 +912,8 @@ static int apply_vp_patch(struct camera_ +@@ -912,11 +912,8 @@ struct cpia2_command cmd; ret = request_firmware(&fw, fw_name, &cam->dev->dev); @@ -818,7 +818,7 @@ upstream submission. cmd.direction = TRANSFER_WRITE; --- a/drivers/media/usb/cx231xx/cx231xx-417.c +++ b/drivers/media/usb/cx231xx/cx231xx-417.c -@@ -983,11 +983,6 @@ static int cx231xx_load_firmware(struct +@@ -983,11 +983,6 @@ dev->dev); if (retval != 0) { @@ -832,7 +832,7 @@ upstream submission. return retval; --- a/drivers/media/usb/dvb-usb/dib0700_devices.c +++ b/drivers/media/usb/dvb-usb/dib0700_devices.c -@@ -2408,12 +2408,9 @@ static int stk9090m_frontend_attach(stru +@@ -2408,12 +2408,9 @@ dib9000_i2c_enumeration(&adap->dev->i2c_adap, 1, 0x10, 0x80); @@ -847,7 +847,7 @@ upstream submission. stk9090m_config.microcode_B_fe_size = state->frontend_firmware->size; stk9090m_config.microcode_B_fe_buffer = state->frontend_firmware->data; -@@ -2478,12 +2475,9 @@ static int nim9090md_frontend_attach(str +@@ -2478,12 +2475,9 @@ msleep(20); dib0700_set_gpio(adap->dev, GPIO0, GPIO_OUT, 1); @@ -864,7 +864,7 @@ upstream submission. nim9090md_config[1].microcode_B_fe_size = state->frontend_firmware->size; --- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c +++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c -@@ -90,13 +90,9 @@ int dvb_usb_download_firmware(struct usb +@@ -90,13 +90,9 @@ int ret; const struct firmware *fw = NULL; @@ -882,7 +882,7 @@ upstream submission. case CYPRESS_AN2135: --- a/drivers/media/usb/dvb-usb/gp8psk.c +++ b/drivers/media/usb/dvb-usb/gp8psk.c -@@ -131,19 +131,14 @@ static int gp8psk_load_bcm4500fw(struct +@@ -131,19 +131,14 @@ const u8 *ptr; u8 *buf; if ((ret = request_firmware(&fw, bcm4500_firmware, @@ -905,7 +905,7 @@ upstream submission. if (!buf) { --- a/drivers/media/usb/dvb-usb/opera1.c +++ b/drivers/media/usb/dvb-usb/opera1.c -@@ -450,8 +450,6 @@ static int opera1_xilinx_load_firmware(s +@@ -450,8 +450,6 @@ info("start downloading fpga firmware %s",filename); if ((ret = request_firmware(&fw, filename, &dev->dev)) != 0) { @@ -916,7 +916,7 @@ upstream submission. p = kmalloc(fw->size, GFP_KERNEL); --- a/drivers/media/usb/go7007/go7007-driver.c +++ b/drivers/media/usb/go7007/go7007-driver.c -@@ -84,10 +84,8 @@ static int go7007_load_encoder(struct go +@@ -84,10 +84,8 @@ u16 intr_val, intr_data; if (go->boot_fw == NULL) { @@ -930,7 +930,7 @@ upstream submission. release_firmware(fw_entry); --- a/drivers/media/usb/go7007/go7007-fw.c +++ b/drivers/media/usb/go7007/go7007-fw.c -@@ -1565,12 +1565,8 @@ int go7007_construct_fw_image(struct go7 +@@ -1565,12 +1565,8 @@ default: return -1; } @@ -946,7 +946,7 @@ upstream submission. goto fw_failed; --- a/drivers/media/usb/go7007/go7007-loader.c +++ b/drivers/media/usb/go7007/go7007-loader.c -@@ -67,11 +67,8 @@ static int go7007_loader_probe(struct us +@@ -67,11 +67,8 @@ dev_info(&interface->dev, "loading firmware %s\n", fw1); @@ -959,7 +959,7 @@ upstream submission. ret = cypress_load_firmware(usbdev, fw, CYPRESS_FX2); release_firmware(fw); if (0 != ret) { -@@ -82,11 +79,8 @@ static int go7007_loader_probe(struct us +@@ -82,11 +79,8 @@ if (fw2 == NULL) return 0; @@ -974,7 +974,7 @@ upstream submission. if (0 != ret) { --- a/drivers/media/usb/gspca/vicam.c +++ b/drivers/media/usb/gspca/vicam.c -@@ -230,10 +230,8 @@ static int sd_init(struct gspca_dev *gsp +@@ -230,10 +230,8 @@ ret = request_ihex_firmware(&fw, VICAM_FIRMWARE, &gspca_dev->dev->dev); @@ -988,7 +988,7 @@ upstream submission. if (!firmware_buf) { --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c -@@ -1370,25 +1370,6 @@ static int pvr2_locate_firmware(struct p +@@ -1370,25 +1370,6 @@ "request_firmware fatal error with code=%d",ret); return ret; } @@ -1016,7 +1016,7 @@ upstream submission. --- a/drivers/media/usb/s2255/s2255drv.c +++ b/drivers/media/usb/s2255/s2255drv.c -@@ -2278,10 +2278,8 @@ static int s2255_probe(struct usb_interf +@@ -2278,10 +2278,8 @@ } /* load the first chunk */ if (request_firmware(&dev->fw_data->fw, @@ -1030,7 +1030,7 @@ upstream submission. pdata = (__le32 *) &dev->fw_data->fw->data[fw_size - 8]; --- a/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c +++ b/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c -@@ -282,10 +282,8 @@ static int ttusb_boot_dsp(struct ttusb * +@@ -282,10 +282,8 @@ err = request_firmware(&fw, "ttusb-budget/dspbootcode.bin", &ttusb->dev->dev); @@ -1044,7 +1044,7 @@ upstream submission. b[0] = 0xaa; --- a/drivers/media/usb/ttusb-dec/ttusb_dec.c +++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c -@@ -1324,11 +1324,8 @@ static int ttusb_dec_boot_dsp(struct ttu +@@ -1320,11 +1320,8 @@ dprintk("%s\n", __func__); result = request_firmware(&fw_entry, dec->firmware_name, &dec->udev->dev); @@ -1059,7 +1059,7 @@ upstream submission. firmware_size = fw_entry->size; --- a/drivers/misc/ti-st/st_kim.c +++ b/drivers/misc/ti-st/st_kim.c -@@ -295,11 +295,8 @@ static long download_firmware(struct kim +@@ -295,11 +295,8 @@ request_firmware(&kim_gdata->fw_entry, bts_scr_name, &kim_gdata->kim_pdev->dev); if (unlikely((err != 0) || (kim_gdata->fw_entry->data == NULL) || @@ -1074,7 +1074,7 @@ upstream submission. /* --- a/drivers/net/can/softing/softing_fw.c +++ b/drivers/net/can/softing/softing_fw.c -@@ -226,11 +226,8 @@ int softing_load_app_fw(const char *file +@@ -226,11 +226,8 @@ int8_t type_end = 0, type_entrypoint = 0; ret = request_firmware(&fw, file, &card->pdev->dev); @@ -1089,7 +1089,7 @@ upstream submission. /* parse the firmware */ --- a/drivers/net/ethernet/3com/typhoon.c +++ b/drivers/net/ethernet/3com/typhoon.c -@@ -1282,11 +1282,8 @@ typhoon_request_firmware(struct typhoon +@@ -1282,11 +1282,8 @@ return 0; err = request_firmware(&typhoon_fw, FIRMWARE_NAME, &tp->pdev->dev); @@ -1104,7 +1104,7 @@ upstream submission. remaining = typhoon_fw->size; --- a/drivers/net/ethernet/adaptec/starfire.c +++ b/drivers/net/ethernet/adaptec/starfire.c -@@ -1002,11 +1002,8 @@ static int netdev_open(struct net_device +@@ -1002,11 +1002,8 @@ #endif /* VLAN_SUPPORT */ retval = request_firmware(&fw_rx, FIRMWARE_RX, &np->pci_dev->dev); @@ -1117,7 +1117,7 @@ upstream submission. if (fw_rx->size % 4) { printk(KERN_ERR "starfire: bogus length %zu in \"%s\"\n", fw_rx->size, FIRMWARE_RX); -@@ -1014,11 +1011,8 @@ static int netdev_open(struct net_device +@@ -1014,11 +1011,8 @@ goto out_rx; } retval = request_firmware(&fw_tx, FIRMWARE_TX, &np->pci_dev->dev); @@ -1132,7 +1132,7 @@ upstream submission. fw_tx->size, FIRMWARE_TX); --- a/drivers/net/ethernet/alacritech/slicoss.c +++ b/drivers/net/ethernet/alacritech/slicoss.c -@@ -1051,11 +1051,8 @@ static int slic_load_rcvseq_firmware(str +@@ -1051,11 +1051,8 @@ file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_RCV_FIRMWARE_OASIS : SLIC_RCV_FIRMWARE_MOJAVE; err = request_firmware(&fw, file, &sdev->pdev->dev); @@ -1145,7 +1145,7 @@ upstream submission. /* Do an initial sanity check concerning firmware size now. A further * check follows below. */ -@@ -1126,10 +1123,8 @@ static int slic_load_firmware(struct sli +@@ -1126,10 +1123,8 @@ file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_FIRMWARE_OASIS : SLIC_FIRMWARE_MOJAVE; err = request_firmware(&fw, file, &sdev->pdev->dev); @@ -1159,7 +1159,7 @@ upstream submission. */ --- a/drivers/net/ethernet/alteon/acenic.c +++ b/drivers/net/ethernet/alteon/acenic.c -@@ -2881,11 +2881,8 @@ static int ace_load_firmware(struct net_ +@@ -2881,11 +2881,8 @@ fw_name = "acenic/tg1.bin"; ret = request_firmware(&fw, fw_name, &ap->pdev->dev); @@ -1174,7 +1174,7 @@ upstream submission. --- a/drivers/net/ethernet/broadcom/bnx2.c +++ b/drivers/net/ethernet/broadcom/bnx2.c -@@ -3712,16 +3712,13 @@ static int bnx2_request_uncached_firmwar +@@ -3712,16 +3712,13 @@ } rc = request_firmware(&bp->mips_firmware, mips_fw_file, &bp->pdev->dev); @@ -1196,7 +1196,7 @@ upstream submission. if (bp->mips_firmware->size < sizeof(*mips_fw) || --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -@@ -13475,11 +13475,8 @@ static int bnx2x_init_firmware(struct bn +@@ -13471,11 +13471,8 @@ BNX2X_DEV_INFO("Loading %s\n", fw_file_name); rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev); @@ -1211,7 +1211,7 @@ upstream submission. if (rc) { --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c -@@ -11413,11 +11413,8 @@ static int tg3_request_firmware(struct t +@@ -11407,11 +11407,8 @@ { const struct tg3_firmware_hdr *fw_hdr; @@ -1226,7 +1226,7 @@ upstream submission. --- a/drivers/net/ethernet/brocade/bna/cna_fwimg.c +++ b/drivers/net/ethernet/brocade/bna/cna_fwimg.c -@@ -24,10 +24,8 @@ cna_read_firmware(struct pci_dev *pdev, +@@ -24,10 +24,8 @@ const struct firmware *fw; u32 n; @@ -1240,7 +1240,7 @@ upstream submission. *bfi_image_size = fw->size/sizeof(u32); --- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c -@@ -1036,12 +1036,8 @@ int t3_get_edc_fw(struct cphy *phy, int +@@ -1036,12 +1036,8 @@ fw_name = get_edc_fw_name(edc_idx); if (fw_name) ret = request_firmware(&fw, fw_name, &adapter->pdev->dev); @@ -1254,7 +1254,7 @@ upstream submission. /* check size, take checksum in account */ if (fw->size > size + 4) { -@@ -1078,11 +1074,8 @@ static int upgrade_fw(struct adapter *ad +@@ -1078,11 +1074,8 @@ struct device *dev = &adap->pdev->dev; ret = request_firmware(&fw, FW_FNAME, dev); @@ -1267,7 +1267,7 @@ upstream submission. ret = t3_load_fw(adap, fw->data, fw->size); release_firmware(fw); -@@ -1127,11 +1120,8 @@ static int update_tpsram(struct adapter +@@ -1127,11 +1120,8 @@ snprintf(buf, sizeof(buf), TPSRAM_NAME, rev); ret = request_firmware(&tpsram, buf, dev); @@ -1282,7 +1282,7 @@ upstream submission. if (ret) --- a/drivers/net/ethernet/intel/e100.c +++ b/drivers/net/ethernet/intel/e100.c -@@ -1262,9 +1262,6 @@ static const struct firmware *e100_reque +@@ -1262,9 +1262,6 @@ if (err) { if (required) { @@ -1294,7 +1294,7 @@ upstream submission. netif_info(nic, probe, nic->netdev, --- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c +++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c -@@ -580,8 +580,6 @@ static int myri10ge_load_hotplug_firmwar +@@ -580,8 +580,6 @@ unsigned i; if ((status = request_firmware(&fw, mgp->fw_name, dev)) < 0) { @@ -1305,7 +1305,7 @@ upstream submission. } --- a/drivers/net/ethernet/smsc/smc91c92_cs.c +++ b/drivers/net/ethernet/smsc/smc91c92_cs.c -@@ -647,10 +647,8 @@ static int osi_load_firmware(struct pcmc +@@ -647,10 +647,8 @@ int i, err; err = request_firmware(&fw, FIRMWARE_NAME, &link->dev); @@ -1319,7 +1319,7 @@ upstream submission. for (i = 0; i < fw->size; i++) { --- a/drivers/net/ethernet/sun/cassini.c +++ b/drivers/net/ethernet/sun/cassini.c -@@ -793,11 +793,8 @@ static void cas_saturn_firmware_init(str +@@ -793,11 +793,8 @@ return; err = request_firmware(&fw, fw_name, &cp->pdev->dev); @@ -1334,7 +1334,7 @@ upstream submission. fw->size, fw_name); --- a/drivers/net/hamradio/yam.c +++ b/drivers/net/hamradio/yam.c -@@ -357,11 +357,8 @@ static unsigned char *add_mcs(unsigned c +@@ -357,11 +357,8 @@ } err = request_firmware(&fw, fw_name[predef], &pdev->dev); platform_device_unregister(pdev); @@ -1349,7 +1349,7 @@ upstream submission. fw->size, fw_name[predef]); --- a/drivers/net/usb/kaweth.c +++ b/drivers/net/usb/kaweth.c -@@ -305,10 +305,8 @@ static int kaweth_download_firmware(stru +@@ -305,10 +305,8 @@ int ret; ret = request_firmware(&fw, fwname, &kaweth->dev->dev); @@ -1361,33 +1361,9 @@ upstream submission. if (fw->size > KAWETH_FIRMWARE_BUF_SIZE) { dev_err(&kaweth->intf->dev, "Firmware too big: %zu\n", ---- a/drivers/net/wimax/i2400m/fw.c -+++ b/drivers/net/wimax/i2400m/fw.c -@@ -1578,11 +1578,8 @@ int i2400m_dev_bootstrap(struct i2400m * - } - d_printf(1, dev, "trying firmware %s (%d)\n", fw_name, itr); - ret = request_firmware(&fw, fw_name, dev); -- if (ret < 0) { -- dev_err(dev, "fw %s: cannot load file: %d\n", -- fw_name, ret); -+ if (ret) - continue; -- } - i2400m->fw_name = fw_name; - ret = i2400m_fw_bootstrap(i2400m, fw, flags); - release_firmware(fw); -@@ -1625,8 +1622,6 @@ void i2400m_fw_cache(struct i2400m *i240 - kref_init(&i2400m_fw->kref); - result = request_firmware(&i2400m_fw->fw, i2400m->fw_name, dev); - if (result < 0) { -- dev_err(dev, "firmware %s: failed to cache: %d\n", -- i2400m->fw_name, result); - kfree(i2400m_fw); - i2400m_fw = (void *) ~0; - } else --- a/drivers/net/wireless/ath/ath9k/hif_usb.c +++ b/drivers/net/wireless/ath/ath9k/hif_usb.c -@@ -1216,9 +1216,6 @@ static void ath9k_hif_usb_firmware_cb(co +@@ -1216,9 +1216,6 @@ if (!ret) return; @@ -1399,7 +1375,7 @@ upstream submission. --- a/drivers/net/wireless/ath/carl9170/usb.c +++ b/drivers/net/wireless/ath/carl9170/usb.c -@@ -1029,7 +1029,6 @@ static void carl9170_usb_firmware_step2( +@@ -1029,7 +1029,6 @@ return; } @@ -1409,7 +1385,7 @@ upstream submission. --- a/drivers/net/wireless/atmel/at76c50x-usb.c +++ b/drivers/net/wireless/atmel/at76c50x-usb.c -@@ -1616,13 +1616,8 @@ static struct fwentry *at76_load_firmwar +@@ -1616,13 +1616,8 @@ at76_dbg(DBG_FW, "downloading firmware %s", fwe->fwname); ret = request_firmware(&fwe->fw, fwe->fwname, &udev->dev); @@ -1426,7 +1402,7 @@ upstream submission. fwh = (struct at76_fw_header *)(fwe->fw->data); --- a/drivers/net/wireless/atmel/atmel.c +++ b/drivers/net/wireless/atmel/atmel.c -@@ -3892,12 +3892,8 @@ static int reset_atmel_card(struct net_d +@@ -3891,12 +3891,8 @@ strcpy(priv->firmware_id, "atmel_at76c502.bin"); } err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev); @@ -1442,7 +1418,7 @@ upstream submission. int success = 0; --- a/drivers/net/wireless/broadcom/b43/main.c +++ b/drivers/net/wireless/broadcom/b43/main.c -@@ -2245,19 +2245,8 @@ int b43_do_request_fw(struct b43_request +@@ -2245,19 +2245,8 @@ } err = request_firmware(&ctx->blob, ctx->fwname, ctx->dev->dev->dev); @@ -1465,7 +1441,7 @@ upstream submission. goto err_format; --- a/drivers/net/wireless/broadcom/b43legacy/main.c +++ b/drivers/net/wireless/broadcom/b43legacy/main.c -@@ -1524,11 +1524,8 @@ static int do_request_fw(struct b43legac +@@ -1524,11 +1524,8 @@ } else { err = request_firmware(fw, path, dev->dev->dev); } @@ -1480,7 +1456,7 @@ upstream submission. hdr = (struct b43legacy_fw_header *)((*fw)->data); --- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c -@@ -377,19 +377,13 @@ static int brcms_request_fw(struct brcms +@@ -376,19 +376,13 @@ sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i], UCODE_LOADER_API_VER); status = request_firmware(&wl->fw.fw_bin[i], fw_name, device); @@ -1504,7 +1480,7 @@ upstream submission. } --- a/drivers/net/wireless/intel/ipw2x00/ipw2100.c +++ b/drivers/net/wireless/intel/ipw2x00/ipw2100.c -@@ -8370,12 +8370,8 @@ static int ipw2100_get_firmware(struct i +@@ -8370,12 +8370,8 @@ rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev); @@ -1520,7 +1496,7 @@ upstream submission. --- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c +++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c -@@ -3396,10 +3396,8 @@ static int ipw_get_fw(struct ipw_priv *p +@@ -3396,10 +3396,8 @@ /* ask firmware_class module to get the boot firmware off disk */ rc = request_firmware(raw, name, &priv->pci_dev->dev); @@ -1534,7 +1510,7 @@ upstream submission. IPW_ERROR("%s is too small (%zd)\n", name, (*raw)->size); --- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c -@@ -1837,7 +1837,6 @@ il3945_read_ucode(struct il_priv *il) +@@ -1835,7 +1835,6 @@ sprintf(buf, "%s%u%s", name_pre, idx, ".ucode"); ret = request_firmware(&ucode_raw, buf, &il->pci_dev->dev); if (ret < 0) { @@ -1544,7 +1520,7 @@ upstream submission. else --- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c -@@ -235,8 +235,6 @@ static int iwl_request_firmware(struct i +@@ -181,8 +181,6 @@ } if (drv->fw_index < cfg->ucode_api_min) { @@ -1555,7 +1531,7 @@ upstream submission. cfg->ucode_api_max); --- a/drivers/net/wireless/intersil/orinoco/fw.c +++ b/drivers/net/wireless/intersil/orinoco/fw.c -@@ -132,7 +132,6 @@ orinoco_dl_firmware(struct orinoco_priva +@@ -132,7 +132,6 @@ err = request_firmware(&fw_entry, firmware, priv->dev); if (err) { @@ -1563,7 +1539,7 @@ upstream submission. err = -ENOENT; goto free; } -@@ -292,10 +291,8 @@ symbol_dl_firmware(struct orinoco_privat +@@ -292,10 +291,8 @@ const struct firmware *fw_entry; if (!orinoco_cached_fw_get(priv, true)) { @@ -1575,7 +1551,7 @@ upstream submission. } else fw_entry = orinoco_cached_fw_get(priv, true); -@@ -311,10 +308,8 @@ symbol_dl_firmware(struct orinoco_privat +@@ -311,10 +308,8 @@ } if (!orinoco_cached_fw_get(priv, false)) { @@ -1589,7 +1565,7 @@ upstream submission. --- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c +++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -@@ -1664,7 +1664,6 @@ static int ezusb_probe(struct usb_interf +@@ -1708,7 +1708,6 @@ if (ezusb_firmware_download(upriv, &firmware) < 0) goto error; } else { @@ -1599,7 +1575,7 @@ upstream submission. --- a/drivers/net/wireless/intersil/p54/p54pci.c +++ b/drivers/net/wireless/intersil/p54/p54pci.c -@@ -502,7 +502,6 @@ static void p54p_firmware_step2(const st +@@ -502,7 +502,6 @@ int err; if (!fw) { @@ -1609,7 +1585,7 @@ upstream submission. } --- a/drivers/net/wireless/intersil/p54/p54spi.c +++ b/drivers/net/wireless/intersil/p54/p54spi.c -@@ -157,10 +157,8 @@ static int p54spi_request_firmware(struc +@@ -157,10 +157,8 @@ /* FIXME: should driver use it's own struct device? */ ret = request_firmware(&priv->firmware, "3826.arm", &priv->spi->dev); @@ -1623,7 +1599,7 @@ upstream submission. if (ret) { --- a/drivers/net/wireless/intersil/p54/p54usb.c +++ b/drivers/net/wireless/intersil/p54/p54usb.c -@@ -929,7 +929,6 @@ static void p54u_load_firmware_cb(const +@@ -929,7 +929,6 @@ err = p54u_start_ops(priv); } else { err = -ENOENT; @@ -1633,7 +1609,7 @@ upstream submission. complete(&priv->fw_wait_load); --- a/drivers/net/wireless/intersil/prism54/islpci_dev.c +++ b/drivers/net/wireless/intersil/prism54/islpci_dev.c -@@ -80,12 +80,9 @@ isl_upload_firmware(islpci_private *priv +@@ -80,12 +80,9 @@ const u32 *fw_ptr; rc = request_firmware(&fw_entry, priv->firmware, PRISM_FW_PDEV); @@ -1650,7 +1626,7 @@ upstream submission. --- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c +++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c -@@ -818,8 +818,6 @@ static int if_usb_prog_firmware(struct l +@@ -818,8 +818,6 @@ kernel_param_lock(THIS_MODULE); ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev); if (ret < 0) { @@ -1661,7 +1637,7 @@ upstream submission. } --- a/drivers/net/wireless/marvell/mwifiex/main.c +++ b/drivers/net/wireless/marvell/mwifiex/main.c -@@ -527,11 +527,8 @@ static int _mwifiex_fw_dpc(const struct +@@ -527,11 +527,8 @@ struct wireless_dev *wdev; struct completion *fw_done = adapter->fw_done; @@ -1676,7 +1652,7 @@ upstream submission. adapter->firmware = firmware; --- a/drivers/net/wireless/marvell/mwl8k.c +++ b/drivers/net/wireless/marvell/mwl8k.c -@@ -5727,16 +5727,12 @@ static int mwl8k_firmware_load_success(s +@@ -5732,16 +5732,12 @@ static void mwl8k_fw_state_machine(const struct firmware *fw, void *context) { struct mwl8k_priv *priv = context; @@ -1694,7 +1670,7 @@ upstream submission. priv->fw_helper = fw; rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode, true); -@@ -5771,11 +5767,8 @@ static void mwl8k_fw_state_machine(const +@@ -5776,11 +5772,8 @@ break; case FW_STATE_LOADING_ALT: @@ -1707,7 +1683,7 @@ upstream submission. priv->fw_ucode = fw; rc = mwl8k_firmware_load_success(priv); if (rc) -@@ -5813,10 +5806,8 @@ retry: +@@ -5818,10 +5811,8 @@ /* Ask userland hotplug daemon for the device firmware */ rc = mwl8k_request_firmware(priv, fw_image, nowait); @@ -1721,7 +1697,7 @@ upstream submission. return rc; --- a/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c -@@ -38,10 +38,8 @@ static int rt2x00lib_request_firmware(st +@@ -38,10 +38,8 @@ rt2x00_info(rt2x00dev, "Loading firmware file '%s'\n", fw_name); retval = request_firmware(&fw, fw_name, device); @@ -1735,7 +1711,7 @@ upstream submission. rt2x00_err(rt2x00dev, "Failed to read Firmware\n"); --- a/drivers/net/wireless/realtek/rtlwifi/core.c +++ b/drivers/net/wireless/realtek/rtlwifi/core.c -@@ -88,7 +88,6 @@ static void rtl_fw_do_work(const struct +@@ -88,7 +88,6 @@ if (!err) goto found_alt; } @@ -1745,7 +1721,7 @@ upstream submission. } --- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c -@@ -63,13 +63,11 @@ static void rtl92se_fw_cb(const struct f +@@ -63,13 +63,11 @@ struct ieee80211_hw *hw = context; struct rtl_priv *rtlpriv = rtl_priv(hw); struct rt_firmware *pfirmware = NULL; @@ -1761,7 +1737,7 @@ upstream submission. } --- a/drivers/net/wireless/ti/wl1251/main.c +++ b/drivers/net/wireless/ti/wl1251/main.c -@@ -57,10 +57,8 @@ static int wl1251_fetch_firmware(struct +@@ -57,10 +57,8 @@ ret = request_firmware(&fw, WL1251_FW_NAME, dev); @@ -1773,7 +1749,7 @@ upstream submission. if (fw->size % 4) { wl1251_error("firmware size is not multiple of 32 bits: %zu", -@@ -96,10 +94,8 @@ static int wl1251_fetch_nvs(struct wl125 +@@ -96,10 +94,8 @@ ret = request_firmware(&fw, WL1251_NVS_NAME, dev); @@ -1787,7 +1763,7 @@ upstream submission. wl1251_error("nvs size is not multiple of 32 bits: %zu", --- a/drivers/net/wireless/ti/wlcore/main.c +++ b/drivers/net/wireless/ti/wlcore/main.c -@@ -764,10 +764,8 @@ static int wl12xx_fetch_firmware(struct +@@ -764,10 +764,8 @@ ret = request_firmware(&fw, fw_name, wl->dev); @@ -1801,7 +1777,7 @@ upstream submission. wl1271_error("firmware size is not multiple of 32 bits: %zu", --- a/drivers/net/wireless/zydas/zd1201.c +++ b/drivers/net/wireless/zydas/zd1201.c -@@ -62,8 +62,6 @@ static int zd1201_fw_upload(struct usb_d +@@ -62,8 +62,6 @@ err = request_firmware(&fw_entry, fwfile, &dev->dev); if (err) { @@ -1812,7 +1788,7 @@ upstream submission. } --- a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c +++ b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c -@@ -108,16 +108,9 @@ static void int_urb_complete(struct urb +@@ -108,16 +108,9 @@ static int request_fw_file( const struct firmware **fw, const char *name, struct device *device) { @@ -1832,7 +1808,7 @@ upstream submission. static inline u16 get_bcdDevice(const struct usb_device *udev) --- a/drivers/scsi/advansys.c +++ b/drivers/scsi/advansys.c -@@ -4103,8 +4103,6 @@ static int AscInitAsc1000Driver(ASC_DVC_ +@@ -4045,8 +4045,6 @@ err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1841,7 +1817,7 @@ upstream submission. asc_dvc->err_code |= ASC_IERR_MCODE_CHKSUM; return err; } -@@ -4469,8 +4467,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_ +@@ -4411,8 +4409,6 @@ err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1850,7 +1826,7 @@ upstream submission. asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; return err; } -@@ -4969,8 +4965,6 @@ static int AdvInitAsc38C0800Driver(ADV_D +@@ -4911,8 +4907,6 @@ err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1859,7 +1835,7 @@ upstream submission. asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; return err; } -@@ -5457,8 +5451,6 @@ static int AdvInitAsc38C1600Driver(ADV_D +@@ -5399,8 +5393,6 @@ err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1870,7 +1846,7 @@ upstream submission. } --- a/drivers/scsi/aic94xx/aic94xx_init.c +++ b/drivers/scsi/aic94xx/aic94xx_init.c -@@ -369,8 +369,6 @@ static ssize_t asd_store_update_bios(str +@@ -370,8 +370,6 @@ filename_ptr, &asd_ha->pcidev->dev); if (err) { @@ -1881,7 +1857,7 @@ upstream submission. } --- a/drivers/scsi/aic94xx/aic94xx_seq.c +++ b/drivers/scsi/aic94xx/aic94xx_seq.c -@@ -1302,11 +1302,8 @@ int asd_init_seqs(struct asd_ha_struct * +@@ -1302,11 +1302,8 @@ err = asd_request_firmware(asd_ha); @@ -1896,7 +1872,7 @@ upstream submission. if (err) { --- a/drivers/scsi/bfa/bfad.c +++ b/drivers/scsi/bfa/bfad.c -@@ -1749,7 +1749,6 @@ bfad_read_firmware(struct pci_dev *pdev, +@@ -1749,7 +1749,6 @@ const struct firmware *fw; if (request_firmware(&fw, fw_name, &pdev->dev)) { @@ -1906,7 +1882,7 @@ upstream submission. } --- a/drivers/scsi/ipr.c +++ b/drivers/scsi/ipr.c -@@ -4102,10 +4102,8 @@ static ssize_t ipr_store_update_fw(struc +@@ -4102,10 +4102,8 @@ if (endline) *endline = '\0'; @@ -1920,7 +1896,7 @@ upstream submission. --- a/drivers/scsi/pm8001/pm8001_ctl.c +++ b/drivers/scsi/pm8001/pm8001_ctl.c -@@ -841,9 +841,6 @@ static ssize_t pm8001_store_update_fw(st +@@ -838,9 +838,6 @@ pm8001_ha->dev); if (ret) { @@ -1932,7 +1908,7 @@ upstream submission. } --- a/drivers/scsi/qla1280.c +++ b/drivers/scsi/qla1280.c -@@ -1514,8 +1514,6 @@ qla1280_request_firmware(struct scsi_qla +@@ -1514,8 +1514,6 @@ err = request_firmware(&fw, fwname, &ha->pdev->dev); if (err) { @@ -1943,7 +1919,7 @@ upstream submission. } --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c -@@ -7935,10 +7935,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, +@@ -8029,10 +8029,6 @@ /* Load firmware blob. */ blob = qla2x00_request_firmware(vha); if (!blob) { @@ -1954,7 +1930,7 @@ upstream submission. return QLA_FUNCTION_FAILED; } -@@ -8041,9 +8037,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * +@@ -8135,9 +8131,6 @@ blob = qla2x00_request_firmware(vha); if (!blob) { @@ -1966,7 +1942,7 @@ upstream submission. --- a/drivers/scsi/qla2xxx/qla_nx.c +++ b/drivers/scsi/qla2xxx/qla_nx.c -@@ -2431,11 +2431,8 @@ try_blob_fw: +@@ -2429,11 +2429,8 @@ /* Load firmware blob. */ blob = ha->hablob = qla2x00_request_firmware(vha); @@ -1981,7 +1957,7 @@ upstream submission. if (qla82xx_validate_firmware_blob(vha, --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -7346,8 +7346,6 @@ qla2x00_request_firmware(scsi_qla_host_t +@@ -7335,8 +7335,6 @@ goto out; if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { @@ -1992,7 +1968,7 @@ upstream submission. } --- a/drivers/scsi/qlogicpti.c +++ b/drivers/scsi/qlogicpti.c -@@ -486,11 +486,8 @@ static int qlogicpti_load_firmware(struc +@@ -486,11 +486,8 @@ int i, timeout; err = request_firmware(&fw, fwname, &qpti->op->dev); @@ -2007,7 +1983,7 @@ upstream submission. fw->size, fwname); --- a/drivers/staging/rtl8192u/r819xU_firmware.c +++ b/drivers/staging/rtl8192u/r819xU_firmware.c -@@ -240,10 +240,8 @@ bool init_firmware(struct net_device *de +@@ -240,10 +240,8 @@ */ if (rst_opt == OPT_SYSTEM_RESET) { rc = request_firmware(&fw_entry, fw_name[init_step], &priv->udev->dev); @@ -2021,7 +1997,7 @@ upstream submission. RT_TRACE(COMP_ERR, "img file size exceed the container buffer fail!\n"); --- a/drivers/staging/rtl8712/hal_init.c +++ b/drivers/staging/rtl8712/hal_init.c -@@ -60,8 +60,6 @@ int rtl871x_load_fw(struct _adapter *pad +@@ -63,8 +63,6 @@ dev_info(dev, "r8712u: Loading firmware from \"%s\"\n", firmware_file); rc = request_firmware_nowait(THIS_MODULE, 1, firmware_file, dev, GFP_KERNEL, padapter, rtl871x_load_fw_cb); @@ -2032,7 +2008,7 @@ upstream submission. MODULE_FIRMWARE("rtlwifi/rtl8712u.bin"); --- a/drivers/staging/vt6656/main_usb.c +++ b/drivers/staging/vt6656/main_usb.c -@@ -109,11 +109,8 @@ static int vnt_download_firmware(struct +@@ -109,11 +109,8 @@ dev_dbg(dev, "---->Download firmware\n"); ret = request_firmware(&fw, FIRMWARE_NAME, dev); @@ -2045,23 +2021,9 @@ upstream submission. for (ii = 0; ii < fw->size; ii += FIRMWARE_CHUNK_SIZE) { length = min_t(int, fw->size - ii, FIRMWARE_CHUNK_SIZE); ---- a/drivers/tty/cyclades.c -+++ b/drivers/tty/cyclades.c -@@ -3484,10 +3484,8 @@ static int cyz_load_fw(struct pci_dev *p - int retval; - - retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev); -- if (retval) { -- dev_err(&pdev->dev, "can't get firmware\n"); -+ if (retval) - goto err; -- } - - /* Check whether the firmware is already loaded and running. If - positive, skip this board */ --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c -@@ -854,13 +854,8 @@ static int moxa_init_board(struct moxa_b +@@ -854,13 +854,8 @@ } ret = request_firmware(&fw, file, dev); @@ -2078,7 +2040,7 @@ upstream submission. --- a/drivers/tty/serial/icom.c +++ b/drivers/tty/serial/icom.c -@@ -362,7 +362,6 @@ static void load_code(struct icom_port * +@@ -362,7 +362,6 @@ /* Load Call Setup into Adapter */ if (request_firmware(&fw, "icom_call_setup.bin", &dev->dev) < 0) { @@ -2086,7 +2048,7 @@ upstream submission. status = -1; goto load_code_exit; } -@@ -382,7 +381,6 @@ static void load_code(struct icom_port * +@@ -382,7 +381,6 @@ /* Load Resident DCE portion of Adapter */ if (request_firmware(&fw, "icom_res_dce.bin", &dev->dev) < 0) { @@ -2094,7 +2056,7 @@ upstream submission. status = -1; goto load_code_exit; } -@@ -427,7 +425,6 @@ static void load_code(struct icom_port * +@@ -427,7 +425,6 @@ } if (request_firmware(&fw, "icom_asc.bin", &dev->dev) < 0) { @@ -2104,7 +2066,7 @@ upstream submission. } --- a/drivers/tty/serial/ucc_uart.c +++ b/drivers/tty/serial/ucc_uart.c -@@ -1161,10 +1161,8 @@ static void uart_firmware_cont(const str +@@ -1161,10 +1161,8 @@ struct device *dev = context; int ret; @@ -2118,7 +2080,7 @@ upstream submission. --- a/drivers/usb/atm/cxacru.c +++ b/drivers/usb/atm/cxacru.c -@@ -1087,8 +1087,6 @@ static int cxacru_find_firmware(struct c +@@ -1084,8 +1084,6 @@ return -ENOENT; } @@ -2129,7 +2091,7 @@ upstream submission. --- a/drivers/usb/atm/ueagle-atm.c +++ b/drivers/usb/atm/ueagle-atm.c -@@ -606,10 +606,8 @@ static void uea_upload_pre_firmware(cons +@@ -606,10 +606,8 @@ int ret, size; uea_enters(usb); @@ -2141,7 +2103,7 @@ upstream submission. pfw = fw_entry->data; size = fw_entry->size; -@@ -704,10 +702,6 @@ static int uea_load_firmware(struct usb_ +@@ -704,10 +702,6 @@ ret = request_firmware_nowait(THIS_MODULE, 1, fw_name, &usb->dev, GFP_KERNEL, usb, uea_upload_pre_firmware); @@ -2152,7 +2114,7 @@ upstream submission. uea_leaves(usb); return ret; -@@ -869,12 +863,8 @@ static int request_dsp(struct uea_softc +@@ -869,12 +863,8 @@ } ret = request_firmware(&sc->dsp_firm, dsp_name, &sc->usb_dev->dev); @@ -2166,7 +2128,7 @@ upstream submission. if (UEA_CHIP_VERSION(sc) == EAGLE_IV) ret = check_dsp_e4(sc->dsp_firm->data, sc->dsp_firm->size); -@@ -1587,12 +1577,8 @@ static int request_cmvs_old(struct uea_s +@@ -1587,12 +1577,8 @@ cmvs_file_name(sc, cmv_name, 1); ret = request_firmware(fw, cmv_name, &sc->usb_dev->dev); @@ -2180,7 +2142,7 @@ upstream submission. data = (u8 *) (*fw)->data; size = (*fw)->size; -@@ -1629,9 +1615,6 @@ static int request_cmvs(struct uea_softc +@@ -1629,9 +1615,6 @@ "try to get older cmvs\n", cmv_name); return request_cmvs_old(sc, cmvs, fw); } @@ -2190,7 +2152,7 @@ upstream submission. return ret; } -@@ -1914,11 +1897,8 @@ static int load_XILINX_firmware(struct u +@@ -1914,11 +1897,8 @@ uea_enters(INS_TO_USBDEV(sc)); ret = request_firmware(&fw_entry, fw_name, &sc->usb_dev->dev); @@ -2205,7 +2167,7 @@ upstream submission. size = fw_entry->size; --- a/drivers/usb/misc/emi26.c +++ b/drivers/usb/misc/emi26.c -@@ -85,21 +85,17 @@ static int emi26_load_firmware (struct u +@@ -85,21 +85,17 @@ err = request_ihex_firmware(&loader_fw, "emi26/loader.fw", &dev->dev); if (err) @@ -2232,7 +2194,7 @@ upstream submission. err = emi26_set_reset(dev,1); --- a/drivers/usb/misc/ezusb.c +++ b/drivers/usb/misc/ezusb.c -@@ -76,12 +76,8 @@ static int ezusb_ihex_firmware_download( +@@ -64,12 +64,8 @@ const struct ihex_binrec *record; if (request_ihex_firmware(&firmware, firmware_path, @@ -2248,7 +2210,7 @@ upstream submission. if (ret < 0) --- a/drivers/usb/misc/isight_firmware.c +++ b/drivers/usb/misc/isight_firmware.c -@@ -45,7 +45,6 @@ static int isight_firmware_load(struct u +@@ -45,7 +45,6 @@ return -ENOMEM; if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) { @@ -2258,7 +2220,7 @@ upstream submission. } --- a/drivers/usb/serial/io_edgeport.c +++ b/drivers/usb/serial/io_edgeport.c -@@ -375,11 +375,8 @@ static void update_edgeport_E2PROM(struc +@@ -332,11 +332,8 @@ response = request_ihex_firmware(&fw, fw_name, &edge_serial->serial->dev->dev); @@ -2273,7 +2235,7 @@ upstream submission. BootMajorVersion = rec->data[0]; --- a/drivers/usb/serial/io_ti.c +++ b/drivers/usb/serial/io_ti.c -@@ -1010,8 +1010,6 @@ static int download_fw(struct edgeport_s +@@ -1006,8 +1006,6 @@ status = request_firmware(&fw, fw_name, dev); if (status) { @@ -2284,7 +2246,7 @@ upstream submission. --- a/drivers/usb/serial/ti_usb_3410_5052.c +++ b/drivers/usb/serial/ti_usb_3410_5052.c -@@ -1663,10 +1663,8 @@ static int ti_download_firmware(struct t +@@ -1629,10 +1629,8 @@ } check_firmware: @@ -2298,7 +2260,7 @@ upstream submission. release_firmware(fw_p); --- a/drivers/video/fbdev/broadsheetfb.c +++ b/drivers/video/fbdev/broadsheetfb.c -@@ -743,10 +743,8 @@ static ssize_t broadsheet_loadstore_wave +@@ -743,10 +743,8 @@ return -EINVAL; err = request_firmware(&fw_entry, "broadsheet.wbf", dev); @@ -2312,7 +2274,7 @@ upstream submission. if ((fw_entry->size < 8*1024) || (fw_entry->size > 64*1024)) { --- a/drivers/video/fbdev/metronomefb.c +++ b/drivers/video/fbdev/metronomefb.c -@@ -679,10 +679,8 @@ static int metronomefb_probe(struct plat +@@ -679,10 +679,8 @@ a) request the waveform file from userspace b) process waveform and decode into metromem */ retval = request_firmware(&fw_entry, "metronome.wbf", &dev->dev); @@ -2326,7 +2288,7 @@ upstream submission. par); --- a/sound/drivers/vx/vx_hwdep.c +++ b/sound/drivers/vx/vx_hwdep.c -@@ -58,10 +58,8 @@ int snd_vx_setup_firmware(struct vx_core +@@ -58,10 +58,8 @@ if (! fw_files[chip->type][i]) continue; sprintf(path, "vx/%s", fw_files[chip->type][i]); @@ -2340,7 +2302,7 @@ upstream submission. release_firmware(fw); --- a/sound/isa/msnd/msnd_pinnacle.c +++ b/sound/isa/msnd/msnd_pinnacle.c -@@ -376,15 +376,11 @@ static int upload_dsp_code(struct snd_ca +@@ -376,15 +376,11 @@ outb(HPBLKSEL_0, chip->io + HP_BLKS); err = request_firmware(&init_fw, INITCODEFILE, card->dev); @@ -2360,7 +2322,7 @@ upstream submission. if (snd_msnd_upload_host(chip, init_fw->data, init_fw->size) < 0) { --- a/sound/isa/sscape.c +++ b/sound/isa/sscape.c -@@ -531,10 +531,8 @@ static int sscape_upload_bootblock(struc +@@ -531,10 +531,8 @@ int ret; ret = request_firmware(&init_fw, "scope.cod", card->dev); @@ -2372,7 +2334,7 @@ upstream submission. ret = upload_dma_data(sscape, init_fw->data, init_fw->size); release_firmware(init_fw); -@@ -571,11 +569,8 @@ static int sscape_upload_microcode(struc +@@ -571,11 +569,8 @@ snprintf(name, sizeof(name), "sndscape.co%d", version); err = request_firmware(&init_fw, name, card->dev); @@ -2387,7 +2349,7 @@ upstream submission. snd_printk(KERN_INFO "sscape: MIDI firmware loaded %zu KBs\n", --- a/sound/isa/wavefront/wavefront_synth.c +++ b/sound/isa/wavefront/wavefront_synth.c -@@ -1959,10 +1959,8 @@ wavefront_download_firmware (snd_wavefro +@@ -1959,10 +1959,8 @@ const struct firmware *firmware; err = request_firmware(&firmware, path, dev->card->dev); @@ -2401,7 +2363,7 @@ upstream submission. buf = firmware->data; --- a/sound/pci/asihpi/hpidspcd.c +++ b/sound/pci/asihpi/hpidspcd.c -@@ -35,8 +35,6 @@ short hpi_dsp_code_open(u32 adapter, voi +@@ -35,8 +35,6 @@ err = request_firmware(&firmware, fw_name, &dev->dev); if (err || !firmware) { @@ -2412,7 +2374,7 @@ upstream submission. if (firmware->size < sizeof(header)) { --- a/sound/pci/cs46xx/cs46xx_lib.c +++ b/sound/pci/cs46xx/cs46xx_lib.c -@@ -3235,11 +3235,8 @@ int snd_cs46xx_start_dsp(struct snd_cs46 +@@ -3235,11 +3235,8 @@ #ifdef CONFIG_SND_CS46XX_NEW_DSP for (i = 0; i < CS46XX_DSP_MODULES; i++) { err = load_firmware(chip, &chip->modules[i], module_names[i]); @@ -2427,7 +2389,7 @@ upstream submission. dev_err(chip->card->dev, "image download error [%s]\n", --- a/sound/pci/echoaudio/echoaudio.c +++ b/sound/pci/echoaudio/echoaudio.c -@@ -49,11 +49,8 @@ static int get_firmware(const struct fir +@@ -48,11 +48,8 @@ "firmware requested: %s\n", card_fw[fw_index].data); snprintf(name, sizeof(name), "ea/%s", card_fw[fw_index].data); err = request_firmware(fw_entry, name, &chip->pci->dev); @@ -2442,7 +2404,7 @@ upstream submission. return err; --- a/sound/pci/emu10k1/emu10k1_main.c +++ b/sound/pci/emu10k1/emu10k1_main.c -@@ -873,10 +873,8 @@ static int snd_emu10k1_emu1010_init(stru +@@ -873,10 +873,8 @@ dev_info(emu->card->dev, "emu1010: EMU_HANA_ID = 0x%x\n", reg); err = snd_emu1010_load_firmware(emu, 0, &emu->firmware); @@ -2456,7 +2418,7 @@ upstream submission. snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®); --- a/sound/pci/hda/hda_intel.c +++ b/sound/pci/hda/hda_intel.c -@@ -2057,8 +2057,6 @@ static void azx_firmware_cb(const struct +@@ -2027,8 +2027,6 @@ if (fw) chip->fw = fw; @@ -2467,7 +2429,7 @@ upstream submission. azx_probe_continue(chip); --- a/sound/pci/korg1212/korg1212.c +++ b/sound/pci/korg1212/korg1212.c -@@ -2335,7 +2335,6 @@ static int snd_korg1212_create(struct sn +@@ -2334,7 +2334,6 @@ err = request_firmware(&dsp_code, "korg/k1212.dsp", &pci->dev); if (err < 0) { @@ -2477,7 +2439,7 @@ upstream submission. } --- a/sound/pci/mixart/mixart_hwdep.c +++ b/sound/pci/mixart/mixart_hwdep.c -@@ -558,11 +558,8 @@ int snd_mixart_setup_firmware(struct mix +@@ -559,11 +559,8 @@ for (i = 0; i < 3; i++) { sprintf(path, "mixart/%s", fw_files[i]); @@ -2492,7 +2454,7 @@ upstream submission. release_firmware(fw_entry); --- a/sound/pci/pcxhr/pcxhr_hwdep.c +++ b/sound/pci/pcxhr/pcxhr_hwdep.c -@@ -372,12 +372,8 @@ int pcxhr_setup_firmware(struct pcxhr_mg +@@ -372,12 +372,8 @@ if (!fw_files[fw_set][i]) continue; sprintf(path, "pcxhr/%s", fw_files[fw_set][i]); @@ -2508,7 +2470,7 @@ upstream submission. release_firmware(fw_entry); --- a/sound/pci/riptide/riptide.c +++ b/sound/pci/riptide/riptide.c -@@ -1217,11 +1217,8 @@ static int try_to_load_firmware(struct c +@@ -1216,11 +1216,8 @@ if (!chip->fw_entry) { err = request_firmware(&chip->fw_entry, "riptide.hex", &chip->pci->dev); @@ -2523,7 +2485,7 @@ upstream submission. if (err) { --- a/sound/pci/rme9652/hdsp.c +++ b/sound/pci/rme9652/hdsp.c -@@ -5111,11 +5111,8 @@ static int hdsp_request_fw_loader(struct +@@ -5180,11 +5180,8 @@ return -EINVAL; } @@ -2538,7 +2500,7 @@ upstream submission. "too short firmware size %d (expected %d)\n", --- a/sound/soc/codecs/wm2000.c +++ b/sound/soc/codecs/wm2000.c -@@ -894,10 +894,8 @@ static int wm2000_i2c_probe(struct i2c_c +@@ -894,10 +894,8 @@ } ret = request_firmware(&fw, filename, &i2c->dev); @@ -2552,7 +2514,7 @@ upstream submission. wm2000->anc_download_size = fw->size + 2; --- a/sound/usb/6fire/firmware.c +++ b/sound/usb/6fire/firmware.c -@@ -203,8 +203,6 @@ static int usb6fire_fw_ezusb_upload( +@@ -203,8 +203,6 @@ ret = request_firmware(&fw, fwname, &device->dev); if (ret < 0) { kfree(rec); @@ -2561,7 +2523,7 @@ upstream submission. return ret; } ret = usb6fire_fw_ihex_init(fw, rec); -@@ -280,8 +278,6 @@ static int usb6fire_fw_fpga_upload( +@@ -280,8 +278,6 @@ ret = request_firmware(&fw, fwname, &device->dev); if (ret < 0) { diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch index 52c9511b05f1..35dacbf59873 100644 --- a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch +++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch @@ -17,11 +17,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> fs/nfsd/nfsctl.c | 3 +++ 5 files changed, 7 insertions(+), 2 deletions(-) -diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c -index f452a94abdc3..149b4f5b2c13 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c -@@ -2464,7 +2464,7 @@ late_initcall(init_btrfs_fs); +@@ -2697,7 +2697,7 @@ module_exit(exit_btrfs_fs) MODULE_LICENSE("GPL"); @@ -30,11 +28,9 @@ index f452a94abdc3..149b4f5b2c13 100644 MODULE_SOFTDEP("pre: xxhash64"); MODULE_SOFTDEP("pre: sha256"); MODULE_SOFTDEP("pre: blake2b-256"); -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 1d82b56d9b11..1f494d1551ad 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c -@@ -6186,6 +6186,6 @@ static void __exit ext4_exit_fs(void) +@@ -6822,6 +6822,6 @@ MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"); MODULE_DESCRIPTION("Fourth Extended Filesystem"); MODULE_LICENSE("GPL"); @@ -42,21 +38,9 @@ index 1d82b56d9b11..1f494d1551ad 100644 +MODULE_SOFTDEP("pre: crypto-crc32c"); module_init(ext4_init_fs) module_exit(ext4_exit_fs) -diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c -index 5111e1ffe58a..ab6755c4c9c5 100644 ---- a/fs/f2fs/super.c -+++ b/fs/f2fs/super.c -@@ -3809,4 +3809,5 @@ module_exit(exit_f2fs_fs) - MODULE_AUTHOR("Samsung Electronics's Praesto Team"); - MODULE_DESCRIPTION("Flash Friendly File System"); - MODULE_LICENSE("GPL"); -+MODULE_SOFTDEP("pre: crypto-crc32"); - -diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c -index 5e408ee24a1a..ace92b6d066b 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c -@@ -2769,6 +2769,7 @@ static void __exit journal_exit(void) +@@ -3008,6 +3008,7 @@ } MODULE_LICENSE("GPL"); @@ -64,11 +48,9 @@ index 5e408ee24a1a..ace92b6d066b 100644 module_init(journal_init); module_exit(journal_exit); -diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c -index 11b42c523f04..c8cd73b1e0d9 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c -@@ -1574,5 +1574,8 @@ static void __exit exit_nfsd(void) +@@ -1579,5 +1579,8 @@ MODULE_AUTHOR("Olaf Kirch <okir@monad.swb.de>"); MODULE_LICENSE("GPL"); @@ -77,6 +59,3 @@ index 11b42c523f04..c8cd73b1e0d9 100644 +#endif module_init(init_nfsd) module_exit(exit_nfsd) --- -2.24.0 - diff --git a/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch b/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch index 820479896eee..eef21694e326 100644 --- a/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch +++ b/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch @@ -9,9 +9,9 @@ sources. --- a/scripts/Makefile.build +++ b/scripts/Makefile.build -@@ -232,6 +232,11 @@ cmd_record_mcount = \ - endif # CC_USING_RECORD_MCOUNT - endif # CONFIG_FTRACE_MCOUNT_RECORD +@@ -217,6 +217,11 @@ + $(sub_cmd_record_mcount)) + endif # CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT +# Don't require recordmcount source for an OOT build. +ifdef KBUILD_EXTMOD @@ -19,5 +19,5 @@ sources. +endif + ifdef CONFIG_STACK_VALIDATION + ifndef CONFIG_LTO_CLANG ifneq ($(SKIP_STACK_VALIDATION),1) - diff --git a/debian/patches/bugfix/all/libcpupower-hide-private-function.patch b/debian/patches/bugfix/all/libcpupower-hide-private-function.patch deleted file mode 100644 index ac76e638eab2..000000000000 --- a/debian/patches/bugfix/all/libcpupower-hide-private-function.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Ben Hutchings <ben@decadent.org.uk> -Date: Sat, 01 Dec 2018 19:22:50 +0000 -Subject: libcpupower: Hide private function - -cpupower_read_sysfs() (previously known as sysfs_read_file()) is an -internal function in libcpupower and should not be exported when -libcpupower is a shared library. Change its visibility to "hidden". - -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- ---- a/tools/power/cpupower/lib/cpupower.c -+++ b/tools/power/cpupower/lib/cpupower.c -@@ -15,6 +15,7 @@ - #include "cpupower.h" - #include "cpupower_intern.h" - -+__attribute__((visibility("hidden"))) - unsigned int cpupower_read_sysfs(const char *path, char *buf, size_t buflen) - { - int fd; diff --git a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch index a40c600ae803..99797bc3b830 100644 --- a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch +++ b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch @@ -28,22 +28,20 @@ is missing, except for the pre-R600 case. drivers/gpu/drm/radeon/radeon_drv.c | 30 +++++++++++++++++++++++++ 2 files changed, 59 insertions(+) -Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -=================================================================== ---- debian-kernel.orig/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -+++ debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -@@ -36,6 +36,8 @@ - #include <linux/vga_switcheroo.h> +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +@@ -37,6 +37,8 @@ #include <drm/drm_probe_helper.h> #include <linux/mmu_notifier.h> + #include <linux/suspend.h> +#include <linux/namei.h> +#include <linux/path.h> #include "amdgpu.h" #include "amdgpu_irq.h" -@@ -1017,6 +1019,28 @@ MODULE_DEVICE_TABLE(pci, pciidlist); +@@ -1195,6 +1197,28 @@ - static struct drm_driver kms_driver; + static const struct drm_driver amdgpu_kms_driver; +/* Test that /lib/firmware/amdgpu is a directory (or symlink to a + * directory). We could try to match the udev search path, but let's @@ -70,7 +68,7 @@ Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c static int amdgpu_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) { -@@ -1070,6 +1094,11 @@ static int amdgpu_pci_probe(struct pci_d +@@ -1259,6 +1283,11 @@ } #endif @@ -82,11 +80,9 @@ Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c /* Get rid of things like offb */ ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, "amdgpudrmfb"); if (ret) -Index: debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c -=================================================================== ---- debian-kernel.orig/drivers/gpu/drm/radeon/radeon_drv.c -+++ debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c -@@ -48,6 +48,8 @@ +--- a/drivers/gpu/drm/radeon/radeon_drv.c ++++ b/drivers/gpu/drm/radeon/radeon_drv.c +@@ -49,6 +49,8 @@ #include <drm/drm_probe_helper.h> #include <drm/drm_vblank.h> #include <drm/radeon_drm.h> @@ -94,10 +90,10 @@ Index: debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c +#include <linux/path.h> #include "radeon_drv.h" + #include "radeon.h" +@@ -289,6 +291,28 @@ -@@ -321,6 +323,28 @@ static struct drm_driver kms_driver; - - bool radeon_device_is_virtual(void); + static const struct drm_driver kms_driver; +/* Test that /lib/firmware/radeon is a directory (or symlink to a + * directory). We could try to match the udev search path, but let's @@ -124,7 +120,7 @@ Index: debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c static int radeon_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) { -@@ -360,6 +384,12 @@ static int radeon_pci_probe(struct pci_d +@@ -329,6 +353,12 @@ if (vga_switcheroo_client_probe_defer(pdev)) return -EPROBE_DEFER; diff --git a/debian/patches/bugfix/all/sctp-add-size-validation-when-walking-chunks.patch b/debian/patches/bugfix/all/sctp-add-size-validation-when-walking-chunks.patch deleted file mode 100644 index 80085baf02c8..000000000000 --- a/debian/patches/bugfix/all/sctp-add-size-validation-when-walking-chunks.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Date: Mon, 28 Jun 2021 16:13:42 -0300 -Subject: sctp: add size validation when walking chunks -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=6ef81a5c0e22233e13c748e813c54d3bf0145782 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3655 - -[ Upstream commit 50619dbf8db77e98d821d615af4f634d08e22698 ] - -The first chunk in a packet is ensured to be present at the beginning of -sctp_rcv(), as a packet needs to have at least 1 chunk. But the second -one, may not be completely available and ch->length can be over -uninitialized memory. - -Fix here is by only trying to walk on the next chunk if there is enough to -hold at least the header, and then proceed with the ch->length validation -that is already there. - -Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> -Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Signed-off-by: David S. Miller <davem@davemloft.net> -Signed-off-by: Sasha Levin <sashal@kernel.org> ---- - net/sctp/input.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/net/sctp/input.c b/net/sctp/input.c -index 8924e2e142c8..f72bff93745c 100644 ---- a/net/sctp/input.c -+++ b/net/sctp/input.c -@@ -1247,7 +1247,7 @@ static struct sctp_association *__sctp_rcv_walk_lookup(struct net *net, - - ch = (struct sctp_chunkhdr *)ch_end; - chunk_num++; -- } while (ch_end < skb_tail_pointer(skb)); -+ } while (ch_end + sizeof(*ch) < skb_tail_pointer(skb)); - - return asoc; - } --- -2.32.0 - diff --git a/debian/patches/bugfix/all/sctp-fix-return-value-check-in-__sctp_rcv_asconf_loo.patch b/debian/patches/bugfix/all/sctp-fix-return-value-check-in-__sctp_rcv_asconf_loo.patch deleted file mode 100644 index 90726c41f94b..000000000000 --- a/debian/patches/bugfix/all/sctp-fix-return-value-check-in-__sctp_rcv_asconf_loo.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Date: Tue, 27 Jul 2021 23:40:54 -0300 -Subject: sctp: fix return value check in __sctp_rcv_asconf_lookup -Origin: https://lore.kernel.org/linux-sctp/599e6c1fdcc50f16597380118c9b3b6790241d50.1627439903.git.marcelo.leitner@gmail.com/ - -As Ben Hutchings noticed, this check should have been inverted: the call -returns true in case of success. - -Reported-by: Ben Hutchings <ben@decadent.org.uk> -Fixes: 0c5dc070ff3d ("sctp: validate from_addr_param return") -Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Reviewed-by: Xin Long <lucien.xin@gmail.com> ---- - net/sctp/input.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/net/sctp/input.c b/net/sctp/input.c -index eb3c2a34a31c..5ef86fdb1176 100644 ---- a/net/sctp/input.c -+++ b/net/sctp/input.c -@@ -1203,7 +1203,7 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( - if (unlikely(!af)) - return NULL; - -- if (af->from_addr_param(&paddr, param, peer_port, 0)) -+ if (!af->from_addr_param(&paddr, param, peer_port, 0)) - return NULL; - - return __sctp_lookup_association(net, laddr, &paddr, transportp); --- -2.32.0 - diff --git a/debian/patches/bugfix/all/sctp-validate-from_addr_param-return.patch b/debian/patches/bugfix/all/sctp-validate-from_addr_param-return.patch deleted file mode 100644 index 6ac54f4c2293..000000000000 --- a/debian/patches/bugfix/all/sctp-validate-from_addr_param-return.patch +++ /dev/null @@ -1,239 +0,0 @@ -From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Date: Mon, 28 Jun 2021 16:13:41 -0300 -Subject: sctp: validate from_addr_param return -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=d4dbef7046e24669278eba4455e9e8053ead6ba0 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3655 - -[ Upstream commit 0c5dc070ff3d6246d22ddd931f23a6266249e3db ] - -Ilja reported that, simply putting it, nothing was validating that -from_addr_param functions were operating on initialized memory. That is, -the parameter itself was being validated by sctp_walk_params, but it -doesn't check for types and their specific sizes and it could be a 0-length -one, causing from_addr_param to potentially work over the next parameter or -even uninitialized memory. - -The fix here is to, in all calls to from_addr_param, check if enough space -is there for the wanted IP address type. - -Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> -Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Signed-off-by: David S. Miller <davem@davemloft.net> -Signed-off-by: Sasha Levin <sashal@kernel.org> ---- - include/net/sctp/structs.h | 2 +- - net/sctp/bind_addr.c | 19 +++++++++++-------- - net/sctp/input.c | 6 ++++-- - net/sctp/ipv6.c | 7 ++++++- - net/sctp/protocol.c | 7 ++++++- - net/sctp/sm_make_chunk.c | 29 ++++++++++++++++------------- - 6 files changed, 44 insertions(+), 26 deletions(-) - -diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h -index 0bdff38eb4bb..51d698f2656f 100644 ---- a/include/net/sctp/structs.h -+++ b/include/net/sctp/structs.h -@@ -458,7 +458,7 @@ struct sctp_af { - int saddr); - void (*from_sk) (union sctp_addr *, - struct sock *sk); -- void (*from_addr_param) (union sctp_addr *, -+ bool (*from_addr_param) (union sctp_addr *, - union sctp_addr_param *, - __be16 port, int iif); - int (*to_addr_param) (const union sctp_addr *, -diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c -index 53e5ed79f63f..59e653b528b1 100644 ---- a/net/sctp/bind_addr.c -+++ b/net/sctp/bind_addr.c -@@ -270,22 +270,19 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, - rawaddr = (union sctp_addr_param *)raw_addr_list; - - af = sctp_get_af_specific(param_type2af(param->type)); -- if (unlikely(!af)) { -+ if (unlikely(!af) || -+ !af->from_addr_param(&addr, rawaddr, htons(port), 0)) { - retval = -EINVAL; -- sctp_bind_addr_clean(bp); -- break; -+ goto out_err; - } - -- af->from_addr_param(&addr, rawaddr, htons(port), 0); - if (sctp_bind_addr_state(bp, &addr) != -1) - goto next; - retval = sctp_add_bind_addr(bp, &addr, sizeof(addr), - SCTP_ADDR_SRC, gfp); -- if (retval) { -+ if (retval) - /* Can't finish building the list, clean up. */ -- sctp_bind_addr_clean(bp); -- break; -- } -+ goto out_err; - - next: - len = ntohs(param->length); -@@ -294,6 +291,12 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, - } - - return retval; -+ -+out_err: -+ if (retval) -+ sctp_bind_addr_clean(bp); -+ -+ return retval; - } - - /******************************************************************** -diff --git a/net/sctp/input.c b/net/sctp/input.c -index d508f6f3dd08..8924e2e142c8 100644 ---- a/net/sctp/input.c -+++ b/net/sctp/input.c -@@ -1131,7 +1131,8 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct net *net, - if (!af) - continue; - -- af->from_addr_param(paddr, params.addr, sh->source, 0); -+ if (!af->from_addr_param(paddr, params.addr, sh->source, 0)) -+ continue; - - asoc = __sctp_lookup_association(net, laddr, paddr, transportp); - if (asoc) -@@ -1174,7 +1175,8 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( - if (unlikely(!af)) - return NULL; - -- af->from_addr_param(&paddr, param, peer_port, 0); -+ if (af->from_addr_param(&paddr, param, peer_port, 0)) -+ return NULL; - - return __sctp_lookup_association(net, laddr, &paddr, transportp); - } -diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c -index c8074f435d3e..d594b949ae82 100644 ---- a/net/sctp/ipv6.c -+++ b/net/sctp/ipv6.c -@@ -530,15 +530,20 @@ static void sctp_v6_to_sk_daddr(union sctp_addr *addr, struct sock *sk) - } - - /* Initialize a sctp_addr from an address parameter. */ --static void sctp_v6_from_addr_param(union sctp_addr *addr, -+static bool sctp_v6_from_addr_param(union sctp_addr *addr, - union sctp_addr_param *param, - __be16 port, int iif) - { -+ if (ntohs(param->v6.param_hdr.length) < sizeof(struct sctp_ipv6addr_param)) -+ return false; -+ - addr->v6.sin6_family = AF_INET6; - addr->v6.sin6_port = port; - addr->v6.sin6_flowinfo = 0; /* BUG */ - addr->v6.sin6_addr = param->v6.addr; - addr->v6.sin6_scope_id = iif; -+ -+ return true; - } - - /* Initialize an address parameter from a sctp_addr and return the length -diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c -index 25833238fe93..47fb87ce489f 100644 ---- a/net/sctp/protocol.c -+++ b/net/sctp/protocol.c -@@ -253,14 +253,19 @@ static void sctp_v4_to_sk_daddr(union sctp_addr *addr, struct sock *sk) - } - - /* Initialize a sctp_addr from an address parameter. */ --static void sctp_v4_from_addr_param(union sctp_addr *addr, -+static bool sctp_v4_from_addr_param(union sctp_addr *addr, - union sctp_addr_param *param, - __be16 port, int iif) - { -+ if (ntohs(param->v4.param_hdr.length) < sizeof(struct sctp_ipv4addr_param)) -+ return false; -+ - addr->v4.sin_family = AF_INET; - addr->v4.sin_port = port; - addr->v4.sin_addr.s_addr = param->v4.addr.s_addr; - memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); -+ -+ return true; - } - - /* Initialize an address parameter from a sctp_addr and return the length -diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c -index b9d6babe2870..7411fa442821 100644 ---- a/net/sctp/sm_make_chunk.c -+++ b/net/sctp/sm_make_chunk.c -@@ -2329,11 +2329,13 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, - - /* Process the initialization parameters. */ - sctp_walk_params(param, peer_init, init_hdr.params) { -- if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || -- param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { -+ if (!src_match && -+ (param.p->type == SCTP_PARAM_IPV4_ADDRESS || -+ param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { - af = sctp_get_af_specific(param_type2af(param.p->type)); -- af->from_addr_param(&addr, param.addr, -- chunk->sctp_hdr->source, 0); -+ if (!af->from_addr_param(&addr, param.addr, -+ chunk->sctp_hdr->source, 0)) -+ continue; - if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) - src_match = 1; - } -@@ -2514,7 +2516,8 @@ static int sctp_process_param(struct sctp_association *asoc, - break; - do_addr_param: - af = sctp_get_af_specific(param_type2af(param.p->type)); -- af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); -+ if (!af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0)) -+ break; - scope = sctp_scope(peer_addr); - if (sctp_in_scope(net, &addr, scope)) - if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) -@@ -2615,15 +2618,13 @@ static int sctp_process_param(struct sctp_association *asoc, - addr_param = param.v + sizeof(struct sctp_addip_param); - - af = sctp_get_af_specific(param_type2af(addr_param->p.type)); -- if (af == NULL) -+ if (!af) - break; - -- af->from_addr_param(&addr, addr_param, -- htons(asoc->peer.port), 0); -+ if (!af->from_addr_param(&addr, addr_param, -+ htons(asoc->peer.port), 0)) -+ break; - -- /* if the address is invalid, we can't process it. -- * XXX: see spec for what to do. -- */ - if (!af->addr_valid(&addr, NULL, NULL)) - break; - -@@ -3037,7 +3038,8 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, - if (unlikely(!af)) - return SCTP_ERROR_DNS_FAILED; - -- af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); -+ if (!af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0)) -+ return SCTP_ERROR_DNS_FAILED; - - /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast - * or multicast address. -@@ -3314,7 +3316,8 @@ static void sctp_asconf_param_success(struct sctp_association *asoc, - - /* We have checked the packet before, so we do not check again. */ - af = sctp_get_af_specific(param_type2af(addr_param->p.type)); -- af->from_addr_param(&addr, addr_param, htons(bp->port), 0); -+ if (!af->from_addr_param(&addr, addr_param, htons(bp->port), 0)) -+ return; - - switch (asconf_param->param_hdr.type) { - case SCTP_PARAM_ADD_IP: --- -2.32.0 - diff --git a/debian/patches/bugfix/all/seq_file-Disallow-extremely-large-seq-buffer-allocat.patch b/debian/patches/bugfix/all/seq_file-Disallow-extremely-large-seq-buffer-allocat.patch deleted file mode 100644 index a07e8c852caf..000000000000 --- a/debian/patches/bugfix/all/seq_file-Disallow-extremely-large-seq-buffer-allocat.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 78e3147f18b610966abb445200b4f7b94063a00b Mon Sep 17 00:00:00 2001 -From: Eric Sandeen <sandeen@redhat.com> -Date: Tue, 6 Jul 2021 19:56:03 +0200 -Subject: [PATCH] seq_file: Disallow extremely large seq buffer allocations - -There is no reasonable need for a buffer larger than this, -and it avoids int overflow pitfalls. - -Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation") -Reported-by: Qualys Security Advisory <qsa@qualys.com> -Suggested-by: Al Viro <viro@zeniv.linux.org.uk> -Signed-off-by: Eric Sandeen <sandeen@redhat.com> ---- - fs/seq_file.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/fs/seq_file.c b/fs/seq_file.c -index 5059248f2d64..d6aacbac793a 100644 ---- a/fs/seq_file.c -+++ b/fs/seq_file.c -@@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m) - - static void *seq_buf_alloc(unsigned long size) - { -+ if (unlikely(size > MAX_RW_COUNT)) -+ return NULL; -+ - return kvmalloc(size, GFP_KERNEL_ACCOUNT); - } - --- -2.32.0 - diff --git a/debian/patches/bugfix/all/swiotlb-manipulate-orig_addr-when-tlb_addr-has-offse.patch b/debian/patches/bugfix/all/swiotlb-manipulate-orig_addr-when-tlb_addr-has-offse.patch deleted file mode 100644 index cb3584b82cad..000000000000 --- a/debian/patches/bugfix/all/swiotlb-manipulate-orig_addr-when-tlb_addr-has-offse.patch +++ /dev/null @@ -1,128 +0,0 @@ -From: Bumyong Lee <bumyong.lee@samsung.com> -Date: Mon, 10 May 2021 18:10:04 +0900 -Subject: swiotlb: manipulate orig_addr when tlb_addr has offset -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=e6108147dd91b94d1979b110f265710c254c99d5 -Bug-Debian: https://bugs.debian.org/989778 - -commit 5f89468e2f060031cd89fd4287298e0eaf246bf6 upstream. - -in case of driver wants to sync part of ranges with offset, -swiotlb_tbl_sync_single() copies from orig_addr base to tlb_addr with -offset and ends up with data mismatch. - -It was removed from -"swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single", -but said logic has to be added back in. - -From Linus's email: -"That commit which the removed the offset calculation entirely, because the old - - (unsigned long)tlb_addr & (IO_TLB_SIZE - 1) - -was wrong, but instead of removing it, I think it should have just -fixed it to be - - (tlb_addr - mem->start) & (IO_TLB_SIZE - 1); - -instead. That way the slot offset always matches the slot index calculation." - -(Unfortunatly that broke NVMe). - -The use-case that drivers are hitting is as follow: - -1. Get dma_addr_t from dma_map_single() - -dma_addr_t tlb_addr = dma_map_single(dev, vaddr, vsize, DMA_TO_DEVICE); - - |<---------------vsize------------->| - +-----------------------------------+ - | | original buffer - +-----------------------------------+ - vaddr - - swiotlb_align_offset - |<----->|<---------------vsize------------->| - +-------+-----------------------------------+ - | | | swiotlb buffer - +-------+-----------------------------------+ - tlb_addr - -2. Do something -3. Sync dma_addr_t through dma_sync_single_for_device(..) - -dma_sync_single_for_device(dev, tlb_addr + offset, size, DMA_TO_DEVICE); - - Error case. - Copy data to original buffer but it is from base addr (instead of - base addr + offset) in original buffer: - - swiotlb_align_offset - |<----->|<- offset ->|<- size ->| - +-------+-----------------------------------+ - | | |##########| | swiotlb buffer - +-------+-----------------------------------+ - tlb_addr - - |<- size ->| - +-----------------------------------+ - |##########| | original buffer - +-----------------------------------+ - vaddr - -The fix is to copy the data to the original buffer and take into -account the offset, like so: - - swiotlb_align_offset - |<----->|<- offset ->|<- size ->| - +-------+-----------------------------------+ - | | |##########| | swiotlb buffer - +-------+-----------------------------------+ - tlb_addr - - |<- offset ->|<- size ->| - +-----------------------------------+ - | |##########| | original buffer - +-----------------------------------+ - vaddr - -[One fix which was Linus's that made more sense to as it created a -symmetry would break NVMe. The reason for that is the: - unsigned int offset = (tlb_addr - mem->start) & (IO_TLB_SIZE - 1); - -would come up with the proper offset, but it would lose the -alignment (which this patch contains).] - -Fixes: 16fc3cef33a0 ("swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single") -Signed-off-by: Bumyong Lee <bumyong.lee@samsung.com> -Signed-off-by: Chanho Park <chanho61.park@samsung.com> -Reviewed-by: Christoph Hellwig <hch@lst.de> -Reported-by: Dominique MARTINET <dominique.martinet@atmark-techno.com> -Reported-by: Horia Geantă <horia.geanta@nxp.com> -Tested-by: Horia Geantă <horia.geanta@nxp.com> -CC: stable@vger.kernel.org -Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - kernel/dma/swiotlb.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c -index 0f61b14b0099..0ed0e1f215c7 100644 ---- a/kernel/dma/swiotlb.c -+++ b/kernel/dma/swiotlb.c -@@ -667,6 +667,9 @@ void swiotlb_tbl_sync_single(struct device *hwdev, phys_addr_t tlb_addr, - if (orig_addr == INVALID_PHYS_ADDR) - return; - -+ orig_addr += (tlb_addr & (IO_TLB_SIZE - 1)) - -+ swiotlb_align_offset(hwdev, orig_addr); -+ - switch (target) { - case SYNC_FOR_CPU: - if (likely(dir == DMA_FROM_DEVICE || dir == DMA_BIDIRECTIONAL)) --- -2.32.0 - diff --git a/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch b/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch index 38a0eb8505c7..c0cf9b073ddb 100644 --- a/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch +++ b/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch @@ -38,7 +38,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> int verbose; char *prog; -@@ -905,6 +917,78 @@ static int get_maxfds(void) +@@ -971,6 +983,78 @@ */ static FILE *eventsfp; static char *mapfile; @@ -85,14 +85,14 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> + */ +static int ordered_ftw(const char *dirpath, + int (*fn)(const char *, int, struct FTW *), -+ int nopenfd) ++ int nopenfd, int flags) +{ + struct ordered_ftw_state state = { NULL, 0, 0 }; + size_t i; + int rc; + + ordered_ftw_state = &state; -+ rc = nftw(dirpath, ordered_ftw_add, nopenfd, 0); ++ rc = nftw(dirpath, ordered_ftw_add, nopenfd, flags); + if (rc) + goto out; + @@ -117,7 +117,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> static int is_leaf_dir(const char *fpath) { -@@ -957,19 +1041,19 @@ static int is_json_file(const char *name +@@ -1023,19 +1107,19 @@ return 0; } @@ -140,7 +140,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> int typeflag, struct FTW *ftwbuf) { char *tblname, *bname; -@@ -994,9 +1078,9 @@ static int process_one_file(const char * +@@ -1065,9 +1149,9 @@ } else bname = (char *) fpath + ftwbuf->base; @@ -151,31 +151,30 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> + level, bname, fpath); /* base dir or too deep */ - if (level == 0 || level > 3) -@@ -1151,7 +1235,7 @@ int main(int argc, char *argv[]) + if (level == 0 || level > 4) +@@ -1241,21 +1325,21 @@ + */ maxfds = get_maxfds(); - mapfile = NULL; - rc = nftw(ldirname, preprocess_arch_std_files, maxfds, 0); -+ rc = ordered_ftw(ldirname, preprocess_arch_std_files, maxfds); - if (rc && verbose) { - pr_info("%s: Error preprocessing arch standard files %s\n", - prog, ldirname); -@@ -1165,7 +1249,7 @@ int main(int argc, char *argv[]) - goto empty_map; - } ++ rc = ordered_ftw(ldirname, preprocess_arch_std_files, maxfds, 0); + if (rc) + goto err_processing_std_arch_event_dir; - rc = nftw(ldirname, process_one_file, maxfds, 0); -+ rc = ordered_ftw(ldirname, process_one_file, maxfds); - if (rc && verbose) { - pr_info("%s: Error walking file tree %s\n", prog, ldirname); - goto empty_map; -@@ -1181,7 +1265,7 @@ int main(int argc, char *argv[]) ++ rc = ordered_ftw(ldirname, process_one_file, maxfds, 0); + if (rc) + goto err_processing_dir; sprintf(ldirname, "%s/test", start_dirname); +- rc = nftw(ldirname, preprocess_arch_std_files, maxfds, 0); ++ rc = ordered_ftw(ldirname, preprocess_arch_std_files, maxfds, 0); + if (rc) + goto err_processing_std_arch_event_dir; + - rc = nftw(ldirname, process_one_file, maxfds, 0); -+ rc = ordered_ftw(ldirname, process_one_file, maxfds); - if (rc && verbose) { - pr_info("%s: Error walking file tree %s rc=%d for test\n", - prog, ldirname, rc); ++ rc = ordered_ftw(ldirname, process_one_file, maxfds, 0); + if (rc) + goto err_processing_dir; + diff --git a/debian/patches/bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch b/debian/patches/bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch deleted file mode 100644 index d6f6982518bb..000000000000 --- a/debian/patches/bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch +++ /dev/null @@ -1,100 +0,0 @@ -From: Miklos Szeredi <mszeredi@redhat.com> -Date: Mon, 14 Dec 2020 15:26:13 +0100 -Subject: vfs: move cap_convert_nscap() call into vfs_setxattr() -Origin: https://git.kernel.org/linus/7c03e2cda4a584cadc398e8f6641ca9988a39d52 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3493 - -cap_convert_nscap() does permission checking as well as conversion of the -xattr value conditionally based on fs's user-ns. - -This is needed by overlayfs and probably other layered fs (ecryptfs) and is -what vfs_foo() is supposed to do anyway. - -Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> -Acked-by: James Morris <jamorris@linux.microsoft.com> ---- - fs/xattr.c | 17 +++++++++++------ - include/linux/capability.h | 2 +- - security/commoncap.c | 3 +-- - 3 files changed, 13 insertions(+), 9 deletions(-) - -diff --git a/fs/xattr.c b/fs/xattr.c -index cd7a563e8bcd..fd57153b1f61 100644 ---- a/fs/xattr.c -+++ b/fs/xattr.c -@@ -276,8 +276,16 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value, - { - struct inode *inode = dentry->d_inode; - struct inode *delegated_inode = NULL; -+ const void *orig_value = value; - int error; - -+ if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { -+ error = cap_convert_nscap(dentry, &value, size); -+ if (error < 0) -+ return error; -+ size = error; -+ } -+ - retry_deleg: - inode_lock(inode); - error = __vfs_setxattr_locked(dentry, name, value, size, flags, -@@ -289,6 +297,9 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value, - if (!error) - goto retry_deleg; - } -+ if (value != orig_value) -+ kfree(value); -+ - return error; - } - EXPORT_SYMBOL_GPL(vfs_setxattr); -@@ -537,12 +548,6 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, - if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || - (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) - posix_acl_fix_xattr_from_user(kvalue, size); -- else if (strcmp(kname, XATTR_NAME_CAPS) == 0) { -- error = cap_convert_nscap(d, &kvalue, size); -- if (error < 0) -- goto out; -- size = error; -- } - } - - error = vfs_setxattr(d, kname, kvalue, size, flags); -diff --git a/include/linux/capability.h b/include/linux/capability.h -index 1e7fe311cabe..b2f698915c0f 100644 ---- a/include/linux/capability.h -+++ b/include/linux/capability.h -@@ -270,6 +270,6 @@ static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) - /* audit system wants to get cap info from files as well */ - extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); - --extern int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size); -+extern int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size); - - #endif /* !_LINUX_CAPABILITY_H */ -diff --git a/security/commoncap.c b/security/commoncap.c -index 59bf3c1674c8..bacc1111d871 100644 ---- a/security/commoncap.c -+++ b/security/commoncap.c -@@ -473,7 +473,7 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap) - * - * If all is ok, we return the new size, on error return < 0. - */ --int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) -+int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size) - { - struct vfs_ns_cap_data *nscap; - uid_t nsrootid; -@@ -516,7 +516,6 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) - nscap->magic_etc = cpu_to_le32(nsmagic); - memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); - -- kvfree(*ivalue); - *ivalue = nscap; - return newsize; - } --- -2.31.0 - diff --git a/debian/patches/bugfix/arm/ARM-dts-sun8i-h3-orangepi-plus-Fix-ethernet-phy-mode.patch b/debian/patches/bugfix/arm/ARM-dts-sun8i-h3-orangepi-plus-Fix-ethernet-phy-mode.patch deleted file mode 100644 index 11daff1248c0..000000000000 --- a/debian/patches/bugfix/arm/ARM-dts-sun8i-h3-orangepi-plus-Fix-ethernet-phy-mode.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Salvatore Bonaccorso <carnil@debian.org> -Date: Tue, 18 May 2021 22:33:49 +0200 -Subject: ARM: dts: sun8i: h3: orangepi-plus: Fix ethernet phy-mode -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/patch/?id=b19d3479f25e8a0ff24df0b46c82e50ef0f900dd -Bug-Debian: https://bugs.debian.org/988574 - -Commit bbc4d71d6354 ("net: phy: realtek: fix rtl8211e rx/tx delay -config") sets the RX/TX delay according to the phy-mode property in the -device tree. For the Orange Pi Plus board this is "rgmii", which is the -wrong setting. - -Following the example of a900cac3750b ("ARM: dts: sun7i: a20: bananapro: -Fix ethernet phy-mode") the phy-mode is changed to "rgmii-id" which gets -the Ethernet working again on this board. - -Fixes: bbc4d71d6354 ("net: phy: realtek: fix rtl8211e rx/tx delay config") -Reported-by: "B.R. Oake" <broake@mailfence.com> -Reported-by: Vagrant Cascadian <vagrant@reproducible-builds.org> -Link: https://bugs.debian.org/988574 -Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> -Signed-off-by: Maxime Ripard <maxime@cerno.tech> -Link: https://lore.kernel.org/r/20210524122111.416885-1-carnil@debian.org ---- - arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts b/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts -index 97f497854e05d..d05fa679dcd30 100644 ---- a/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts -+++ b/arch/arm/boot/dts/sun8i-h3-orangepi-plus.dts -@@ -85,7 +85,7 @@ - pinctrl-0 = <&emac_rgmii_pins>; - phy-supply = <®_gmac_3v3>; - phy-handle = <&ext_rgmii_phy>; -- phy-mode = "rgmii"; -+ phy-mode = "rgmii-id"; - - status = "okay"; - }; --- -2.32.0.rc0 - diff --git a/debian/patches/bugfix/s390x/s390-sclp_vt220-fix-console-name-to-match-device.patch b/debian/patches/bugfix/s390x/s390-sclp_vt220-fix-console-name-to-match-device.patch deleted file mode 100644 index 173177912886..000000000000 --- a/debian/patches/bugfix/s390x/s390-sclp_vt220-fix-console-name-to-match-device.patch +++ /dev/null @@ -1,62 +0,0 @@ -From: Valentin Vidic <vvidic@valentin-vidic.from.hr> -Date: Tue, 27 Apr 2021 21:40:10 +0200 -Subject: s390/sclp_vt220: fix console name to match device -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=78cddc9aa6be2122da9ee3a4d2fff0be5db08cea -Bug-Debian: https://bugs.debian.org/961056 - -[ Upstream commit b7d91d230a119fdcc334d10c9889ce9c5e15118b ] - -Console name reported in /proc/consoles: - - ttyS1 -W- (EC p ) 4:65 - -does not match the char device name: - - crw--w---- 1 root root 4, 65 May 17 12:18 /dev/ttysclp0 - -so debian-installer inside a QEMU s390x instance gets confused and fails -to start with the following error: - - steal-ctty: No such file or directory - -Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr> -Link: https://lore.kernel.org/r/20210427194010.9330-1-vvidic@valentin-vidic.from.hr -Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> -Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> -Signed-off-by: Sasha Levin <sashal@kernel.org> ---- - arch/s390/kernel/setup.c | 2 +- - drivers/s390/char/sclp_vt220.c | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c -index 83a3f346e5bd..5cd9d20af31e 100644 ---- a/arch/s390/kernel/setup.c -+++ b/arch/s390/kernel/setup.c -@@ -166,7 +166,7 @@ static void __init set_preferred_console(void) - else if (CONSOLE_IS_3270) - add_preferred_console("tty3270", 0, NULL); - else if (CONSOLE_IS_VT220) -- add_preferred_console("ttyS", 1, NULL); -+ add_preferred_console("ttysclp", 0, NULL); - else if (CONSOLE_IS_HVC) - add_preferred_console("hvc", 0, NULL); - } -diff --git a/drivers/s390/char/sclp_vt220.c b/drivers/s390/char/sclp_vt220.c -index 3f9a6ef650fa..3c2ed6d01387 100644 ---- a/drivers/s390/char/sclp_vt220.c -+++ b/drivers/s390/char/sclp_vt220.c -@@ -35,8 +35,8 @@ - #define SCLP_VT220_MINOR 65 - #define SCLP_VT220_DRIVER_NAME "sclp_vt220" - #define SCLP_VT220_DEVICE_NAME "ttysclp" --#define SCLP_VT220_CONSOLE_NAME "ttyS" --#define SCLP_VT220_CONSOLE_INDEX 1 /* console=ttyS1 */ -+#define SCLP_VT220_CONSOLE_NAME "ttysclp" -+#define SCLP_VT220_CONSOLE_INDEX 0 /* console=ttysclp0 */ - - /* Representation of a single write request */ - struct sclp_vt220_request { --- -2.32.0 - diff --git a/debian/patches/bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch b/debian/patches/bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch deleted file mode 100644 index 73d28aeb6279..000000000000 --- a/debian/patches/bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Hans de Goede <hdegoede@redhat.com> -Date: Wed, 19 May 2021 15:56:18 +0200 -Subject: platform/x86: toshiba_haps: Fix missing newline in pr_debug call in - toshiba_haps_notify -Origin: https://git.kernel.org/linus/7dc4a18d017ca26abd1cea197e486fb3e5cd7632 -Bug-Debian: https://bugs.debian.org/799193 - -The pr_debug() call in toshiba_haps_notify() is missing a newline at the -end of the string, add this. - -BugLink: https://bugs.debian.org/799193 -Reported-by: Salvatore Bonaccorso <carnil@debian.org> -Signed-off-by: Hans de Goede <hdegoede@redhat.com> -Link: https://lore.kernel.org/r/20210519135618.139701-1-hdegoede@redhat.com ---- - drivers/platform/x86/toshiba_haps.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/platform/x86/toshiba_haps.c b/drivers/platform/x86/toshiba_haps.c -index b237bd6b1ee5..49e84095bb01 100644 ---- a/drivers/platform/x86/toshiba_haps.c -+++ b/drivers/platform/x86/toshiba_haps.c -@@ -131,7 +131,7 @@ static const struct attribute_group haps_attr_group = { - */ - static void toshiba_haps_notify(struct acpi_device *device, u32 event) - { -- pr_debug("Received event: 0x%x", event); -+ pr_debug("Received event: 0x%x\n", event); - - acpi_bus_generate_netlink_event(device->pnp.device_class, - dev_name(&device->dev), --- -2.32.0 - diff --git a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch index 2df107cfb83a..72c17c95fd9b 100644 --- a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch +++ b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch @@ -21,11 +21,9 @@ need them. drivers/staging/android/ashmem.c | 3 +++ 6 files changed, 12 insertions(+), 7 deletions(-) -Index: debian-kernel/drivers/android/Kconfig -=================================================================== ---- debian-kernel.orig/drivers/android/Kconfig -+++ debian-kernel/drivers/android/Kconfig -@@ -9,7 +9,7 @@ config ANDROID +--- a/drivers/android/Kconfig ++++ b/drivers/android/Kconfig +@@ -9,7 +9,7 @@ if ANDROID config ANDROID_BINDER_IPC @@ -34,10 +32,8 @@ Index: debian-kernel/drivers/android/Kconfig depends on MMU default n help -Index: debian-kernel/drivers/android/Makefile -=================================================================== ---- debian-kernel.orig/drivers/android/Makefile -+++ debian-kernel/drivers/android/Makefile +--- a/drivers/android/Makefile ++++ b/drivers/android/Makefile @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only ccflags-y += -I$(src) # needed for trace events @@ -49,11 +45,9 @@ Index: debian-kernel/drivers/android/Makefile +binder_linux-y := binder.o binder_alloc.o +binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o +binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o -Index: debian-kernel/drivers/android/binder_alloc.c -=================================================================== ---- debian-kernel.orig/drivers/android/binder_alloc.c -+++ debian-kernel/drivers/android/binder_alloc.c -@@ -38,7 +38,7 @@ enum { +--- a/drivers/android/binder_alloc.c ++++ b/drivers/android/binder_alloc.c +@@ -38,7 +38,7 @@ }; static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR; @@ -62,11 +56,9 @@ Index: debian-kernel/drivers/android/binder_alloc.c uint, 0644); #define binder_alloc_debug(mask, x...) \ -Index: debian-kernel/drivers/staging/android/Kconfig -=================================================================== ---- debian-kernel.orig/drivers/staging/android/Kconfig -+++ debian-kernel/drivers/staging/android/Kconfig -@@ -4,7 +4,7 @@ menu "Android" +--- a/drivers/staging/android/Kconfig ++++ b/drivers/staging/android/Kconfig +@@ -4,7 +4,7 @@ if ANDROID config ASHMEM @@ -75,21 +67,17 @@ Index: debian-kernel/drivers/staging/android/Kconfig depends on SHMEM help The ashmem subsystem is a new shared memory allocator, similar to -Index: debian-kernel/drivers/staging/android/Makefile -=================================================================== ---- debian-kernel.orig/drivers/staging/android/Makefile -+++ debian-kernel/drivers/staging/android/Makefile -@@ -3,4 +3,5 @@ ccflags-y += -I$(src) # needed for tra - - obj-y += ion/ +--- a/drivers/staging/android/Makefile ++++ b/drivers/staging/android/Makefile +@@ -1,4 +1,5 @@ + # SPDX-License-Identifier: GPL-2.0 + ccflags-y += -I$(src) # needed for trace events -obj-$(CONFIG_ASHMEM) += ashmem.o +obj-$(CONFIG_ASHMEM) += ashmem_linux.o +ashmem_linux-y += ashmem.o -Index: debian-kernel/drivers/staging/android/ashmem.c -=================================================================== ---- debian-kernel.orig/drivers/staging/android/ashmem.c -+++ debian-kernel/drivers/staging/android/ashmem.c +--- a/drivers/staging/android/ashmem.c ++++ b/drivers/staging/android/ashmem.c @@ -24,6 +24,7 @@ #include <linux/bitops.h> #include <linux/mutex.h> @@ -98,7 +86,7 @@ Index: debian-kernel/drivers/staging/android/ashmem.c #include "ashmem.h" #define ASHMEM_NAME_PREFIX "dev/ashmem/" -@@ -953,3 +954,5 @@ out: +@@ -965,3 +966,5 @@ return ret; } device_initcall(ashmem_init); diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch index 41651a651f05..3bc2c83ae60b 100644 --- a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch +++ b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch @@ -20,23 +20,9 @@ Export the currently un-exported symbols they depend on. security/security.c | 4 ++++ 7 files changed, 10 insertions(+) -Index: debian-kernel/fs/file.c -=================================================================== ---- debian-kernel.orig/fs/file.c -+++ debian-kernel/fs/file.c -@@ -676,6 +680,7 @@ out_unlock: - *res = NULL; - return -ENOENT; - } -+EXPORT_SYMBOL(__close_fd_get_file); - - void do_close_on_exec(struct files_struct *files) - { -Index: debian-kernel/kernel/fork.c -=================================================================== ---- debian-kernel.orig/kernel/fork.c -+++ debian-kernel/kernel/fork.c -@@ -1131,6 +1131,7 @@ void mmput_async(struct mm_struct *mm) +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -1134,6 +1134,7 @@ schedule_work(&mm->async_put_work); } } @@ -44,11 +30,9 @@ Index: debian-kernel/kernel/fork.c #endif /** -Index: debian-kernel/kernel/sched/core.c -=================================================================== ---- debian-kernel.orig/kernel/sched/core.c -+++ debian-kernel/kernel/sched/core.c -@@ -4667,6 +4667,7 @@ int can_nice(const struct task_struct *p +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -5774,6 +5774,7 @@ return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } @@ -56,35 +40,29 @@ Index: debian-kernel/kernel/sched/core.c #ifdef __ARCH_WANT_SYS_NICE -Index: debian-kernel/kernel/task_work.c -=================================================================== ---- debian-kernel.orig/kernel/task_work.c -+++ debian-kernel/kernel/task_work.c -@@ -52,6 +52,7 @@ task_work_add(struct task_struct *task, +--- a/kernel/task_work.c ++++ b/kernel/task_work.c +@@ -60,6 +60,7 @@ return 0; } -+EXPORT_SYMBOL(task_work_add); ++EXPORT_SYMBOL_GPL(task_work_add); /** - * task_work_cancel - cancel a pending work added by task_work_add() -Index: debian-kernel/mm/memory.c -=================================================================== ---- debian-kernel.orig/mm/memory.c -+++ debian-kernel/mm/memory.c -@@ -1367,6 +1367,7 @@ void zap_page_range(struct vm_area_struc + * task_work_cancel_match - cancel a pending work added by task_work_add() +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1560,6 +1560,7 @@ mmu_notifier_invalidate_range_end(&range); - tlb_finish_mmu(&tlb, start, range.end); + tlb_finish_mmu(&tlb); } +EXPORT_SYMBOL_GPL(zap_page_range); /** * zap_page_range_single - remove user pages in a given range -Index: debian-kernel/mm/shmem.c -=================================================================== ---- debian-kernel.orig/mm/shmem.c -+++ debian-kernel/mm/shmem.c -@@ -4158,6 +4158,7 @@ int shmem_zero_setup(struct vm_area_stru +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -4231,6 +4231,7 @@ return 0; } @@ -92,11 +70,9 @@ Index: debian-kernel/mm/shmem.c /** * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags. -Index: debian-kernel/security/security.c -=================================================================== ---- debian-kernel.orig/security/security.c -+++ debian-kernel/security/security.c -@@ -725,24 +725,28 @@ int security_binder_set_context_mgr(stru +--- a/security/security.c ++++ b/security/security.c +@@ -750,24 +750,28 @@ { return call_int_hook(binder_set_context_mgr, 0, mgr); } @@ -125,3 +101,13 @@ Index: debian-kernel/security/security.c int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { +--- a/fs/file.c ++++ b/fs/file.c +@@ -788,6 +788,7 @@ + + return ret; + } ++EXPORT_SYMBOL_GPL(close_fd_get_file); + + void do_close_on_exec(struct files_struct *files) + { diff --git a/debian/patches/debian/ia64-hardcode-arch-script-output.patch b/debian/patches/debian/ia64-hardcode-arch-script-output.patch index 064157efc04f..b46f9517340b 100644 --- a/debian/patches/debian/ia64-hardcode-arch-script-output.patch +++ b/debian/patches/debian/ia64-hardcode-arch-script-output.patch @@ -24,11 +24,9 @@ their own scripts in the future. arch/ia64/Makefile | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) -Index: debian-kernel/arch/ia64/Makefile -=================================================================== ---- debian-kernel.orig/arch/ia64/Makefile -+++ debian-kernel/arch/ia64/Makefile -@@ -28,16 +28,7 @@ cflags-y := -pipe $(EXTRA) -ffixed-r13 - +--- a/arch/ia64/Makefile ++++ b/arch/ia64/Makefile +@@ -26,16 +26,7 @@ -falign-functions=32 -frename-registers -fno-optimize-sibling-calls KBUILD_CFLAGS_KERNEL := -mconstant-gp @@ -46,7 +44,7 @@ Index: debian-kernel/arch/ia64/Makefile quiet_cmd_gzip = GZIP $@ cmd_gzip = cat $(real-prereqs) | $(KGZIP) -n -f -9 > $@ -@@ -57,7 +48,7 @@ drivers-$(CONFIG_OPROFILE) += arch/ia64/ +@@ -54,7 +45,7 @@ PHONY += compressed check @@ -55,21 +53,19 @@ Index: debian-kernel/arch/ia64/Makefile compressed: vmlinux.gz -@@ -69,9 +60,6 @@ vmlinux.gz: vmlinux.bin FORCE +@@ -66,9 +57,6 @@ vmlinux.bin: vmlinux FORCE $(call if_changed,objcopy) -unwcheck: vmlinux -- -$(Q)READELF=$(READELF) $(PYTHON) $(srctree)/arch/ia64/scripts/unwcheck.py $< +- -$(Q)READELF=$(READELF) $(PYTHON3) $(srctree)/arch/ia64/scripts/unwcheck.py $< - archclean: archheaders: -@@ -85,7 +73,6 @@ install: vmlinux.gz +@@ -82,5 +70,4 @@ define archhelp echo '* compressed - Build compressed kernel image' echo ' install - Install compressed kernel image' - echo '* unwcheck - Check vmlinux for invalid unwind info' endef - - archprepare: make_nr_irqs_h diff --git a/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch b/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch index 04e6363196d3..13a2af254c29 100644 --- a/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch +++ b/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch @@ -24,22 +24,29 @@ rules.real and change Makefile.modfinal to look for it in both places. --- --- a/scripts/Makefile.modfinal +++ b/scripts/Makefile.modfinal -@@ -28,15 +28,16 @@ quiet_cmd_cc_o_c = CC [M] $@ +@@ -29,6 +29,7 @@ $(call if_changed_dep,cc_o_c) ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink) +ARCH_MODULE_LDS := $(word 1,$(wildcard scripts/module.lds arch/$(SRCARCH)/module.lds)) - quiet_cmd_ld_ko_o = LD [M] $@ - cmd_ld_ko_o = \ + ifdef CONFIG_LTO_CLANG + # With CONFIG_LTO_CLANG, reuse the object file we compiled for modpost to +@@ -53,7 +54,7 @@ + cmd_ld_ko_o += \ $(LD) -r $(KBUILD_LDFLAGS) \ $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ - -T scripts/module.lds -o $@ $(filter %.o, $^); \ + -T $(ARCH_MODULE_LDS) -o $@ $(filter %.o, $^); \ $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) --$(modules): %.ko: %.o %.mod.o scripts/module.lds FORCE -+$(modules): %.ko: %.o %.mod.o $(ARCH_MODULE_LDS) FORCE - +$(call if_changed,ld_ko_o) + quiet_cmd_btf_ko = BTF [M] $@ +@@ -74,7 +75,7 @@ - targets += $(modules) $(modules:.ko=.mod.o) + + # Re-generate module BTFs if either module's .ko or vmlinux changed +-$(modules): %.ko: %$(prelink-ext).o %.mod.o scripts/module.lds $(if $(KBUILD_BUILTIN),vmlinux) FORCE ++$(modules): %.ko: %$(prelink-ext).o %.mod.o $(ARCH_MODULE_LDS) $(if $(KBUILD_BUILTIN),vmlinux) FORCE + +$(call if_changed_except,ld_ko_o,vmlinux) + ifdef CONFIG_DEBUG_INFO_BTF_MODULES + +$(if $(newer-prereqs),$(call cmd,btf_ko)) diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch index c574f984a041..5d71bd7017ec 100644 --- a/debian/patches/debian/kernelvariables.patch +++ b/debian/patches/debian/kernelvariables.patch @@ -17,7 +17,7 @@ use of $(ARCH) needs to be moved after this. --- --- a/Makefile +++ b/Makefile -@@ -363,31 +363,6 @@ include scripts/subarch.include +@@ -384,31 +384,6 @@ # Note: Some architectures assign CROSS_COMPILE in their arch/*/Makefile ARCH ?= $(SUBARCH) @@ -41,15 +41,15 @@ use of $(ARCH) needs to be moved after this. - SRCARCH := sparc -endif - --# Additional ARCH settings for sh --ifeq ($(ARCH),sh64) -- SRCARCH := sh +-export cross_compiling := +-ifneq ($(SRCARCH),$(SUBARCH)) +-cross_compiling := 1 -endif - KCONFIG_CONFIG ?= .config export KCONFIG_CONFIG -@@ -442,6 +417,30 @@ CFLAGS_KERNEL = +@@ -486,6 +461,30 @@ AFLAGS_KERNEL = LDFLAGS_vmlinux = diff --git a/debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch b/debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch index fd2abdd4cf34..13fe03596cce 100644 --- a/debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch +++ b/debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch @@ -16,12 +16,12 @@ Compile resolve_btfids tool at kernel compilation start". --- a/Makefile +++ b/Makefile -@@ -1070,18 +1070,6 @@ export mod_sign_cmd +@@ -1108,18 +1108,6 @@ HOST_LIBELF_LIBS = $(shell pkg-config libelf --libs 2>/dev/null || echo -lelf) -has_libelf = $(call try-run,\ -- echo "int main() {}" | $(HOSTCC) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) +- echo "int main() {}" | $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) - -ifdef CONFIG_STACK_VALIDATION - ifeq ($(has_libelf),1) @@ -35,7 +35,7 @@ Compile resolve_btfids tool at kernel compilation start". PHONY += resolve_btfids_clean resolve_btfids_O = $(abspath $(objtree))/tools/bpf/resolve_btfids -@@ -1093,16 +1081,6 @@ ifneq ($(wildcard $(resolve_btfids_O)),) +@@ -1131,16 +1119,6 @@ $(Q)$(MAKE) -sC $(srctree)/tools/bpf/resolve_btfids O=$(resolve_btfids_O) clean endif @@ -51,8 +51,8 @@ Compile resolve_btfids tool at kernel compilation start". - PHONY += prepare0 - export MODORDER := $(extmod-prefix)modules.order -@@ -1226,6 +1204,28 @@ uapi-asm-generic: + export extmod_prefix = $(if $(KBUILD_EXTMOD),$(KBUILD_EXTMOD)/) +@@ -1269,6 +1247,28 @@ $(Q)$(MAKE) $(asm-generic)=arch/$(SRCARCH)/include/generated/uapi/asm \ generic=include/uapi/asm-generic diff --git a/debian/patches/debian/snd-pcsp-disable-autoload.patch b/debian/patches/debian/snd-pcsp-disable-autoload.patch index 5871dc6ef0f2..e593f51446b3 100644 --- a/debian/patches/debian/snd-pcsp-disable-autoload.patch +++ b/debian/patches/debian/snd-pcsp-disable-autoload.patch @@ -19,10 +19,10 @@ remove the alias, to ensure it's not loaded where it's not wanted. --- a/sound/drivers/pcsp/pcsp.c +++ b/sound/drivers/pcsp/pcsp.c -@@ -21,7 +21,7 @@ MODULE_AUTHOR("Stas Sergeev <stsp@users. +@@ -22,7 +22,7 @@ + MODULE_AUTHOR("Stas Sergeev <stsp@users.sourceforge.net>"); MODULE_DESCRIPTION("PC-Speaker driver"); MODULE_LICENSE("GPL"); - MODULE_SUPPORTED_DEVICE("{{PC-Speaker, pcsp}}"); -MODULE_ALIAS("platform:pcspkr"); +/*MODULE_ALIAS("platform:pcspkr");*/ diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch index 542dc53d9342..917af7609b6f 100644 --- a/debian/patches/debian/version.patch +++ b/debian/patches/debian/version.patch @@ -17,17 +17,17 @@ are set. --- a/Makefile +++ b/Makefile -@@ -1195,7 +1195,7 @@ PHONY += prepare archprepare +@@ -1234,7 +1234,7 @@ archprepare: outputmakefile archheaders archscripts scripts include/config/kernel.release \ asm-generic $(version_h) $(autoksyms_h) include/generated/utsrelease.h \ -- include/generated/autoconf.h -+ include/generated/autoconf.h include/generated/package.h +- include/generated/autoconf.h remove-stale-files ++ include/generated/autoconf.h include/generated/package.h remove-stale-files prepare0: archprepare $(Q)$(MAKE) $(build)=scripts/mod -@@ -1258,6 +1258,16 @@ define filechk_version.h - ((c) > 255 ? 255 : (c)))' +@@ -1308,6 +1308,16 @@ + echo \#define LINUX_VERSION_SUBLEVEL $(SUBLEVEL) endef +ifneq ($(DISTRIBUTION_OFFICIAL_BUILD),) @@ -43,7 +43,7 @@ are set. $(version_h): PATCHLEVEL := $(if $(PATCHLEVEL), $(PATCHLEVEL), 0) $(version_h): SUBLEVEL := $(if $(SUBLEVEL), $(SUBLEVEL), 0) $(version_h): FORCE -@@ -1267,6 +1277,9 @@ $(version_h): FORCE +@@ -1316,6 +1326,9 @@ include/generated/utsrelease.h: include/config/kernel.release FORCE $(call filechk,utsrelease.h) @@ -63,7 +63,7 @@ are set. #include <asm/cpu.h> #include <asm/delay.h> -@@ -101,9 +102,9 @@ show_regs (struct pt_regs *regs) +@@ -101,9 +102,9 @@ print_modules(); printk("\n"); show_regs_print_info(KERN_DEFAULT); @@ -83,9 +83,9 @@ are set. #include <linux/seq_buf.h> +#include <generated/package.h> + #include <asm/interrupt.h> #include <asm/io.h> - #include <asm/processor.h> -@@ -1474,8 +1475,9 @@ void show_regs(struct pt_regs * regs) +@@ -1475,8 +1476,9 @@ printk("NIP: "REG" LR: "REG" CTR: "REG"\n", regs->nip, regs->link, regs->ctr); @@ -107,7 +107,7 @@ are set. #include <asm/current.h> #include <asm/ptrace.h> #include <asm/sysrq.h> -@@ -17,8 +18,9 @@ void show_regs(struct pt_regs *regs) +@@ -17,8 +18,9 @@ { printk("\n"); print_modules(); @@ -129,7 +129,7 @@ are set. /* * The number of tasks checked: -@@ -128,10 +129,11 @@ static void check_hung_task(struct task_ +@@ -128,10 +129,11 @@ sysctl_hung_task_warnings--; pr_err("INFO: task %s:%d blocked for more than %ld seconds.\n", t->comm, t->pid, (jiffies - t->last_switch_time) / HZ); @@ -145,15 +145,15 @@ are set. sched_show_task(t); --- a/lib/dump_stack.c +++ b/lib/dump_stack.c -@@ -12,6 +12,7 @@ - #include <linux/atomic.h> +@@ -13,6 +13,7 @@ #include <linux/kexec.h> #include <linux/utsname.h> + #include <linux/stop_machine.h> +#include <generated/package.h> static char dump_stack_arch_desc_str[128]; -@@ -44,13 +45,14 @@ void __init dump_stack_set_arch_desc(con +@@ -45,13 +46,14 @@ */ void dump_stack_print_info(const char *log_lvl) { diff --git a/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch b/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch index 8b24abe49fc0..3233fbf100a6 100644 --- a/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch +++ b/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch @@ -26,8 +26,8 @@ routine")] --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c -@@ -175,6 +175,10 @@ static int __init load_uefi_certs(void) - kfree(dbx); +@@ -191,6 +191,10 @@ + kfree(mokx); } + /* the MOK can not be trusted when secure boot is disabled */ diff --git a/debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch b/debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch index 9ee1919ec92d..328a8dff6293 100644 --- a/debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch +++ b/debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch @@ -20,7 +20,7 @@ Signed-off-by: Ben Hutchings <benh@debian.org> --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c -@@ -76,49 +76,59 @@ static __init void *get_cert_list(efi_ch +@@ -76,49 +76,59 @@ * * Return: Status */ @@ -94,17 +94,36 @@ Signed-off-by: Ben Hutchings <benh@debian.org> return 0; } -@@ -175,12 +185,17 @@ static int __init load_uefi_certs(void) +@@ -176,27 +186,17 @@ kfree(dbx); } +- mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status); +- if (!mokx) { +- if (status == EFI_NOT_FOUND) +- pr_debug("mokx variable wasn't found\n"); +- else +- pr_info("Couldn't get mokx list\n"); +- } else { +- rc = parse_efi_signature_list("UEFI:MokListXRT", +- mokx, mokxsize, +- get_handler_for_dbx); +- if (rc) +- pr_err("Couldn't parse mokx signatures %d\n", rc); +- kfree(mokx); +- } +- - /* the MOK can not be trusted when secure boot is disabled */ -+ /* the MOK and MOKx can not be trusted when secure boot is disabled */ - if (!efi_enabled(EFI_SECURE_BOOT)) - return 0; - - /* Load the MokListRT certs */ +- if (!efi_enabled(EFI_SECURE_BOOT)) +- return 0; +- +- /* Load the MokListRT certs */ - rc = load_moklist_certs(); ++ /* the MOK and MOKx can not be trusted when secure boot is disabled */ ++ if (!efi_enabled(EFI_SECURE_BOOT)) ++ return 0; ++ ++ /* Load the MokListRT certs */ + rc = load_moklist_certs("MokListRT", L"MokListRT", + get_handler_for_db); + if (rc) diff --git a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch index 431281249274..99d81b553fac 100644 --- a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch +++ b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch @@ -31,7 +31,7 @@ cc: linux-efi@vger.kernel.org --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1124,19 +1124,7 @@ void __init setup_arch(char **cmdline_p) +@@ -1126,19 +1126,7 @@ /* Allocate bigger log buffer */ setup_log_buf(1); @@ -54,7 +54,7 @@ cc: linux-efi@vger.kernel.org --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile -@@ -25,6 +25,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_m +@@ -28,6 +28,7 @@ obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o obj-$(CONFIG_EFI_TEST) += test/ obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o @@ -106,7 +106,7 @@ cc: linux-efi@vger.kernel.org +} --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -776,6 +776,14 @@ extern int __init efi_setup_pcdp_console +@@ -782,6 +782,14 @@ #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ #define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */ #define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */ @@ -121,7 +121,7 @@ cc: linux-efi@vger.kernel.org #ifdef CONFIG_EFI /* -@@ -799,6 +807,7 @@ static inline bool efi_rt_services_suppo +@@ -805,6 +813,7 @@ { return (efi.runtime_supported_mask & mask) == mask; } @@ -129,7 +129,7 @@ cc: linux-efi@vger.kernel.org #else static inline bool efi_enabled(int feature) { -@@ -822,6 +831,7 @@ static inline bool efi_rt_services_suppo +@@ -822,6 +831,7 @@ { return false; } @@ -137,7 +137,7 @@ cc: linux-efi@vger.kernel.org #endif extern int efi_status_to_err(efi_status_t status); -@@ -1083,12 +1093,6 @@ static inline bool efi_runtime_disabled( +@@ -1077,13 +1087,6 @@ extern void efi_call_virt_check_flags(unsigned long flags, const char *call); extern unsigned long efi_call_virt_save_flags(void); @@ -147,6 +147,7 @@ cc: linux-efi@vger.kernel.org - efi_secureboot_mode_disabled, - efi_secureboot_mode_enabled, -}; - enum efi_secureboot_mode efi_get_secureboot(void); - - #ifdef CONFIG_RESET_ATTACK_MITIGATION +- + static inline + enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var) + { diff --git a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch index 5004e5dcaf1c..124b932c8df6 100644 --- a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch +++ b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch @@ -23,7 +23,7 @@ Cc: linux-mtd@lists.infradead.org --- a/drivers/mtd/devices/phram.c +++ b/drivers/mtd/devices/phram.c -@@ -294,7 +294,11 @@ static int phram_param_call(const char * +@@ -317,7 +317,11 @@ #endif } @@ -33,7 +33,7 @@ Cc: linux-mtd@lists.infradead.org +}; +__module_param_call(MODULE_PARAM_PREFIX, phram, &phram_param_ops, NULL, + 0200, -1, KERNEL_PARAM_FL_HWPARAM | hwparam_iomem); - MODULE_PARM_DESC(phram, "Memory region to map. \"phram=<name>,<start>,<length>\""); + MODULE_PARM_DESC(phram, "Memory region to map. \"phram=<name>,<start>,<length>[,<erasesize>]\""); --- a/drivers/mtd/devices/slram.c @@ -46,7 +46,7 @@ Cc: linux-mtd@lists.infradead.org #include <linux/mtd/mtd.h> -@@ -65,7 +66,7 @@ typedef struct slram_mtd_list { +@@ -65,7 +66,7 @@ #ifdef MODULE static char *map[SLRAM_MAX_DEVICES_PARAMS]; @@ -55,7 +55,7 @@ Cc: linux-mtd@lists.infradead.org MODULE_PARM_DESC(map, "List of memory regions to map. \"map=<name>, <start>, <length / end>\""); #else static char *map; -@@ -281,11 +282,17 @@ static int __init init_slram(void) +@@ -281,11 +282,17 @@ #ifndef MODULE char *devstart; char *devlength; diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch b/debian/patches/features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch deleted file mode 100644 index deeed703463d..000000000000 --- a/debian/patches/features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch +++ /dev/null @@ -1,419 +0,0 @@ -From: Uwe Kleine-König <uwe@kleine-koenig.org> -Date: Wed, 14 Oct 2020 22:00:30 +0200 -Subject: arm64: dts: rockchip: Add basic support for Kobol's Helios64 -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=09e006cfb43e8ec38afe28278b210dab72e6cac8 - -The hardware is described in detail on Kobol's wiki at -https://wiki.kobol.io/helios64/intro/. - -Up to now the following peripherals are working: - - - UART - - Micro-SD card - - eMMC - - ethernet port 1 - - status LED - - temperature sensor on i2c bus 2 - -Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org> -Link: https://lore.kernel.org/r/20201014200030.845759-3-uwe@kleine-koenig.org -Signed-off-by: Heiko Stuebner <heiko@sntech.de> ---- - arch/arm64/boot/dts/rockchip/Makefile | 1 + - .../dts/rockchip/rk3399-kobol-helios64.dts | 372 ++++++++++++++++++ - 2 files changed, 373 insertions(+) - create mode 100644 arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts - -diff --git a/arch/arm64/boot/dts/rockchip/Makefile b/arch/arm64/boot/dts/rockchip/Makefile -index 26661c7b736b..28b26a874313 100644 ---- a/arch/arm64/boot/dts/rockchip/Makefile -+++ b/arch/arm64/boot/dts/rockchip/Makefile -@@ -26,6 +26,7 @@ dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-hugsun-x99.dtb - dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-khadas-edge.dtb - dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-khadas-edge-captain.dtb - dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-khadas-edge-v.dtb -+dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-kobol-helios64.dtb - dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-leez-p710.dtb - dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-nanopc-t4.dtb - dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-nanopi-m4.dtb -diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -new file mode 100644 -index 000000000000..2a561be724b2 ---- /dev/null -+++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -@@ -0,0 +1,372 @@ -+// SPDX-License-Identifier: (GPL-2.0+ OR MIT) -+/* -+ * Copyright (c) 2020 Aditya Prayoga <aditya@kobol.io> -+ */ -+ -+/* -+ * The Kobol Helios64 is a board designed to operate as a NAS and optionally -+ * ships with an enclosing that can host five 2.5" hard disks. -+ * -+ * See https://wiki.kobol.io/helios64/intro/ for further details. -+ */ -+ -+/dts-v1/; -+#include "rk3399.dtsi" -+#include "rk3399-opp.dtsi" -+ -+/ { -+ model = "Kobol Helios64"; -+ compatible = "kobol,helios64", "rockchip,rk3399"; -+ -+ avdd_1v8_s0: avdd-1v8-s0 { -+ compatible = "regulator-fixed"; -+ regulator-name = "avdd_1v8_s0"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <1800000>; -+ regulator-max-microvolt = <1800000>; -+ vin-supply = <&vcc3v3_sys_s3>; -+ }; -+ -+ clkin_gmac: external-gmac-clock { -+ compatible = "fixed-clock"; -+ clock-frequency = <125000000>; -+ clock-output-names = "clkin_gmac"; -+ #clock-cells = <0>; -+ }; -+ -+ leds { -+ compatible = "gpio-leds"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&sys_grn_led_on &sys_red_led_on>; -+ -+ led-0 { -+ label = "helios64:green:status"; -+ gpios = <&gpio0 RK_PB4 GPIO_ACTIVE_HIGH>; -+ default-state = "on"; -+ }; -+ -+ led-1 { -+ label = "helios64:red:fault"; -+ gpios = <&gpio0 RK_PB5 GPIO_ACTIVE_HIGH>; -+ default-state = "keep"; -+ }; -+ }; -+ -+ vcc1v8_sys_s0: vcc1v8-sys-s0 { -+ compatible = "regulator-fixed"; -+ regulator-name = "vcc1v8_sys_s0"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <1800000>; -+ regulator-max-microvolt = <1800000>; -+ vin-supply = <&vcc1v8_sys_s3>; -+ }; -+ -+ vcc3v0_sd: vcc3v0-sd { -+ compatible = "regulator-fixed"; -+ enable-active-high; -+ gpio = <&gpio0 RK_PA1 GPIO_ACTIVE_HIGH>; -+ regulator-name = "vcc3v0_sd"; -+ regulator-boot-on; -+ regulator-min-microvolt = <3000000>; -+ regulator-max-microvolt = <3000000>; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&sdmmc0_pwr_h>; -+ vin-supply = <&vcc3v3_sys_s3>; -+ }; -+ -+ vcc3v3_sys_s3: vcc_lan: vcc3v3-sys-s3 { -+ compatible = "regulator-fixed"; -+ regulator-name = "vcc3v3_sys_s3"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <3300000>; -+ regulator-max-microvolt = <3300000>; -+ vin-supply = <&vcc5v0_sys>; -+ -+ regulator-state-mem { -+ regulator-on-in-suspend; -+ }; -+ }; -+ -+ vcc5v0_sys: vcc5v0-sys { -+ compatible = "regulator-fixed"; -+ regulator-name = "vcc5v0_sys"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <5000000>; -+ regulator-max-microvolt = <5000000>; -+ vin-supply = <&vcc12v_dcin_bkup>; -+ -+ regulator-state-mem { -+ regulator-on-in-suspend; -+ }; -+ }; -+ -+ vcc12v_dcin: vcc12v-dcin { -+ compatible = "regulator-fixed"; -+ regulator-name = "vcc12v_dcin"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <12000000>; -+ regulator-max-microvolt = <12000000>; -+ }; -+ -+ vcc12v_dcin_bkup: vcc12v-dcin-bkup { -+ compatible = "regulator-fixed"; -+ regulator-name = "vcc12v_dcin_bkup"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <12000000>; -+ regulator-max-microvolt = <12000000>; -+ vin-supply = <&vcc12v_dcin>; -+ }; -+}; -+ -+/* -+ * The system doesn't run stable with cpu freq enabled, so disallow the lower -+ * frequencies until this problem is properly understood and resolved. -+ */ -+&cluster0_opp { -+ /delete-node/ opp00; -+ /delete-node/ opp01; -+ /delete-node/ opp02; -+ /delete-node/ opp03; -+ /delete-node/ opp04; -+}; -+ -+&cluster1_opp { -+ /delete-node/ opp00; -+ /delete-node/ opp01; -+ /delete-node/ opp02; -+ /delete-node/ opp03; -+ /delete-node/ opp04; -+ /delete-node/ opp05; -+ /delete-node/ opp06; -+}; -+ -+&cpu_b0 { -+ cpu-supply = <&vdd_cpu_b>; -+}; -+ -+&cpu_b1 { -+ cpu-supply = <&vdd_cpu_b>; -+}; -+ -+&cpu_l0 { -+ cpu-supply = <&vdd_cpu_l>; -+}; -+ -+&cpu_l1 { -+ cpu-supply = <&vdd_cpu_l>; -+}; -+ -+&cpu_l2 { -+ cpu-supply = <&vdd_cpu_l>; -+}; -+ -+&cpu_l3 { -+ cpu-supply = <&vdd_cpu_l>; -+}; -+ -+&emmc_phy { -+ status = "okay"; -+}; -+ -+&gmac { -+ assigned-clock-parents = <&clkin_gmac>; -+ assigned-clocks = <&cru SCLK_RMII_SRC>; -+ clock_in_out = "input"; -+ phy-mode = "rgmii"; -+ phy-supply = <&vcc_lan>; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&rgmii_pins &gphy_reset>; -+ rx_delay = <0x20>; -+ tx_delay = <0x28>; -+ snps,reset-active-low; -+ snps,reset-delays-us = <0 10000 50000>; -+ snps,reset-gpio = <&gpio3 RK_PB7 GPIO_ACTIVE_LOW>; -+ status = "okay"; -+}; -+ -+&i2c0 { -+ clock-frequency = <400000>; -+ i2c-scl-rising-time-ns = <168>; -+ i2c-scl-falling-time-ns = <4>; -+ status = "okay"; -+ -+ rk808: pmic@1b { -+ compatible = "rockchip,rk808"; -+ reg = <0x1b>; -+ interrupt-parent = <&gpio0>; -+ interrupts = <10 IRQ_TYPE_LEVEL_LOW>; -+ clock-output-names = "xin32k", "rk808-clkout2"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&pmic_int_l>; -+ vcc1-supply = <&vcc5v0_sys>; -+ vcc2-supply = <&vcc5v0_sys>; -+ vcc3-supply = <&vcc5v0_sys>; -+ vcc4-supply = <&vcc5v0_sys>; -+ vcc6-supply = <&vcc5v0_sys>; -+ vcc7-supply = <&vcc5v0_sys>; -+ vcc8-supply = <&vcc3v3_sys_s3>; -+ vcc9-supply = <&vcc5v0_sys>; -+ vcc10-supply = <&vcc5v0_sys>; -+ vcc11-supply = <&vcc5v0_sys>; -+ vcc12-supply = <&vcc3v3_sys_s3>; -+ vddio-supply = <&vcc3v0_s3>; -+ wakeup-source; -+ #clock-cells = <1>; -+ -+ regulators { -+ vdd_cpu_l: DCDC_REG2 { -+ regulator-name = "vdd_cpu_l"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <750000>; -+ regulator-max-microvolt = <1350000>; -+ regulator-ramp-delay = <6001>; -+ -+ regulator-state-mem { -+ regulator-off-in-suspend; -+ }; -+ }; -+ -+ vcc1v8_sys_s3: DCDC_REG4 { -+ regulator-name = "vcc1v8_sys_s3"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <1800000>; -+ regulator-max-microvolt = <1800000>; -+ -+ regulator-state-mem { -+ regulator-on-in-suspend; -+ regulator-suspend-microvolt = <1800000>; -+ }; -+ }; -+ -+ vcc_sdio_s0: LDO_REG4 { -+ regulator-name = "vcc_sdio_s0"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <1800000>; -+ regulator-max-microvolt = <3000000>; -+ -+ regulator-state-mem { -+ regulator-on-in-suspend; -+ regulator-suspend-microvolt = <3000000>; -+ }; -+ }; -+ -+ vcc3v0_s3: LDO_REG8 { -+ regulator-name = "vcc3v0_s3"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <3000000>; -+ regulator-max-microvolt = <3000000>; -+ -+ regulator-state-mem { -+ regulator-on-in-suspend; -+ regulator-suspend-microvolt = <3000000>; -+ }; -+ }; -+ }; -+ }; -+ -+ vdd_cpu_b: regulator@40 { -+ compatible = "silergy,syr827"; -+ reg = <0x40>; -+ fcs,suspend-voltage-selector = <1>; -+ regulator-name = "vdd_cpu_b"; -+ regulator-always-on; -+ regulator-boot-on; -+ regulator-min-microvolt = <712500>; -+ regulator-max-microvolt = <1500000>; -+ regulator-ramp-delay = <1000>; -+ vin-supply = <&vcc5v0_sys>; -+ -+ regulator-state-mem { -+ regulator-off-in-suspend; -+ }; -+ }; -+}; -+ -+&i2c2 { -+ clock-frequency = <400000>; -+ i2c-scl-rising-time-ns = <160>; -+ i2c-scl-falling-time-ns = <30>; -+ status = "okay"; -+ -+ temp@4c { -+ compatible = "national,lm75"; -+ reg = <0x4c>; -+ }; -+}; -+ -+&io_domains { -+ audio-supply = <&vcc1v8_sys_s0>; -+ bt656-supply = <&vcc1v8_sys_s0>; -+ gpio1830-supply = <&vcc3v0_s3>; -+ sdmmc-supply = <&vcc_sdio_s0>; -+ status = "okay"; -+}; -+ -+&pinctrl { -+ gmac { -+ gphy_reset: gphy-reset { -+ rockchip,pins = <3 RK_PB7 RK_FUNC_GPIO &pcfg_output_low>; -+ }; -+ }; -+ -+ leds { -+ sys_grn_led_on: sys-grn-led-on { -+ rockchip,pins = <0 RK_PB4 RK_FUNC_GPIO &pcfg_pull_down>; -+ }; -+ -+ sys_red_led_on: sys-red-led-on { -+ rockchip,pins = <0 RK_PB5 RK_FUNC_GPIO &pcfg_pull_down>; -+ }; -+ }; -+ -+ pmic { -+ pmic_int_l: pmic-int-l { -+ rockchip,pins = <0 RK_PB2 RK_FUNC_GPIO &pcfg_pull_up>; -+ }; -+ }; -+ -+ vcc3v0-sd { -+ sdmmc0_pwr_h: sdmmc0-pwr-h { -+ rockchip,pins = <0 RK_PA1 RK_FUNC_GPIO &pcfg_pull_up>; -+ }; -+ }; -+}; -+ -+&pmu_io_domains { -+ pmu1830-supply = <&vcc3v0_s3>; -+ status = "okay"; -+}; -+ -+&sdhci { -+ bus-width = <8>; -+ mmc-hs200-1_8v; -+ non-removable; -+ vqmmc-supply = <&vcc1v8_sys_s0>; -+ status = "okay"; -+}; -+ -+&sdmmc { -+ bus-width = <4>; -+ cap-sd-highspeed; -+ cd-gpios = <&gpio0 RK_PA7 GPIO_ACTIVE_LOW>; -+ disable-wp; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>; -+ vmmc-supply = <&vcc3v0_sd>; -+ vqmmc-supply = <&vcc_sdio_s0>; -+ status = "okay"; -+}; -+ -+&uart2 { -+ status = "okay"; -+}; --- -2.28.0 - diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch b/debian/patches/features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch deleted file mode 100644 index ef6dab336cd1..000000000000 --- a/debian/patches/features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Uwe Kleine-König <uwe@kleine-koenig.org> -Date: Sun, 24 Jan 2021 22:03:28 +0100 -Subject: arm64: dts: rockchip: Rely on SoC external pull up on pmic-int-l on Helios64 -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e58ba111421375c5948c3e8145bdd84b06ac095 - -According to the schematic there is an external pull up, so there is no -need to enable the internal one additionally. Using no pull up matches -the vendor device tree. - -Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org> -Link: https://lore.kernel.org/r/20210124210328.611707-2-uwe@kleine-koenig.org -Signed-off-by: Heiko Stuebner <heiko@sntech.de> ---- - arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -index 2a561be724b2..66c725a34220 100644 ---- a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -+++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -@@ -331,7 +331,7 @@ sys_red_led_on: sys-red-led-on { - - pmic { - pmic_int_l: pmic-int-l { -- rockchip,pins = <0 RK_PB2 RK_FUNC_GPIO &pcfg_pull_up>; -+ rockchip,pins = <0 RK_PB2 RK_FUNC_GPIO &pcfg_pull_none>; - }; - }; - --- -2.30.2 - diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch b/debian/patches/features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch deleted file mode 100644 index ad4b53de9d30..000000000000 --- a/debian/patches/features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Uwe Kleine-König <ukleinek@debian.org> -Date: Wed, 29 Mar 2021 09:45:58 +0100 -Subject: arm64: dts: rockchip: kobol-helios64: Add mmc aliases - -This patch is part of commit 5dcbe7e3862d ("arm64: dts: rockchip: move mmc -aliases to board dts on rk3399") upstream. It is applied here only for Kobol's -helios64 to simplify conflict resolution for some further patches. It currently -is a noop as the same aliases already exist in rk3399.dtsi. - -Link: https://lore.kernel.org/r/20210324122235.1059292-7-heiko@sntech.de ---- -diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -index 66c725a34220..19485b552bc4 100644 ---- a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -+++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts -@@ -18,6 +18,11 @@ / { - model = "Kobol Helios64"; - compatible = "kobol,helios64", "rockchip,rk3399"; - -+ aliases { -+ mmc0 = &sdmmc; -+ mmc1 = &sdhci; -+ }; -+ - avdd_1v8_s0: avdd-1v8-s0 { - compatible = "regulator-fixed"; - regulator-name = "avdd_1v8_s0"; --- -2.30.2 - diff --git a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch index 1840fc4bdd44..692854d51997 100644 --- a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch +++ b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch @@ -15,7 +15,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- --- a/drivers/iommu/intel/Kconfig +++ b/drivers/iommu/intel/Kconfig -@@ -45,14 +45,28 @@ config INTEL_IOMMU_SVM +@@ -46,14 +46,28 @@ to access DMA resources through process address space by means of a Process Address Space ID (PASID). @@ -53,7 +53,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> bool "Workaround broken graphics drivers (going away soon)" --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c -@@ -338,11 +338,7 @@ static int intel_iommu_attach_device(str +@@ -347,11 +347,7 @@ static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova); @@ -66,16 +66,16 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> #ifdef CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON int intel_iommu_sm = 1; -@@ -354,7 +350,7 @@ int intel_iommu_enabled = 0; +@@ -363,7 +359,7 @@ EXPORT_SYMBOL_GPL(intel_iommu_enabled); static int dmar_map_gfx = 1; -static int dmar_map_intgpu = 1; +static int dmar_map_intgpu = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_ON); - static int dmar_forcedac; static int intel_iommu_strict; static int intel_iommu_superpage = 1; -@@ -442,6 +438,7 @@ static int __init intel_iommu_setup(char + static int iommu_identity_mapping; +@@ -446,6 +442,7 @@ while (*str) { if (!strncmp(str, "on", 2)) { dmar_disabled = 0; diff --git a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch index 1717d8fe2485..5fa8cfd805b0 100644 --- a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch +++ b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch @@ -22,18 +22,18 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -1837,6 +1837,8 @@ +@@ -1897,6 +1897,8 @@ bypassed by not enabling DMAR with this option. In this case, gfx device will use physical address for DMA. + intgpu_off [Default Off] + Bypass the DMAR unit for an integrated GPU only. - forcedac [X86-64] - With this option iommu will not optimize to look - for io virtual address below 32-bit forcing dual + strict [Default Off] + With this option on every unmap_single operation will + result in a hardware IOTLB flush operation as opposed --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c -@@ -54,6 +54,9 @@ +@@ -53,6 +53,9 @@ #define CONTEXT_SIZE VTD_PAGE_SIZE #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY) @@ -43,15 +43,15 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB) #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e) -@@ -351,6 +354,7 @@ int intel_iommu_enabled = 0; +@@ -360,6 +363,7 @@ EXPORT_SYMBOL_GPL(intel_iommu_enabled); static int dmar_map_gfx = 1; +static int dmar_map_intgpu = 1; - static int dmar_forcedac; static int intel_iommu_strict; static int intel_iommu_superpage = 1; -@@ -360,6 +364,7 @@ static int iommu_skip_te_disable; + static int iommu_identity_mapping; +@@ -367,6 +371,7 @@ #define IDENTMAP_GFX 2 #define IDENTMAP_AZALIA 4 @@ -59,7 +59,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> int intel_iommu_gfx_mapped; EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped); -@@ -445,6 +450,9 @@ static int __init intel_iommu_setup(char +@@ -449,6 +454,9 @@ } else if (!strncmp(str, "igfx_off", 8)) { dmar_map_gfx = 0; pr_info("Disable GFX device mapping\n"); @@ -67,9 +67,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> + dmar_map_intgpu = 0; + pr_info("Disable integrated GPU device mapping\n"); } else if (!strncmp(str, "forcedac", 8)) { - pr_info("Forcing DAC for PCI devices\n"); - dmar_forcedac = 1; -@@ -2890,6 +2898,9 @@ static int device_def_domain_type(struct + pr_warn("intel_iommu=forcedac deprecated; use iommu.forcedac instead\n"); + iommu_dma_forcedac = true; +@@ -2897,6 +2905,9 @@ if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev)) return IOMMU_DOMAIN_IDENTITY; @@ -79,7 +79,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> } return 0; -@@ -3325,6 +3336,9 @@ static int __init init_dmars(void) +@@ -3334,6 +3345,9 @@ if (!dmar_map_gfx) iommu_identity_mapping |= IDENTMAP_GFX; diff --git a/debian/patches/series b/debian/patches/series index aa7245e357ab..54e544ee249c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -76,14 +76,8 @@ bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch -bugfix/arm/ARM-dts-sun8i-h3-orangepi-plus-Fix-ethernet-phy-mode.patch -bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch -bugfix/s390x/s390-sclp_vt220-fix-console-name-to-match-device.patch # Arch features -features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch -features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch -features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch features/arm64/arm64-dts-rockchip-Add-support-for-two-PWM-fans-on-h.patch features/arm64/arm64-dts-rockchip-Add-support-for-PCIe-on-helios64.patch features/arm64/arm64-dts-rockchip-disable-USB-type-c-DisplayPort.patch @@ -96,11 +90,6 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch -bugfix/all/Revert-PCI-PM-Do-not-read-power-state-in-pci_enable_.patch -bugfix/all/swiotlb-manipulate-orig_addr-when-tlb_addr-has-offse.patch -bugfix/all/Revert-drm-amdgpu-gfx9-fix-the-doorbell-missing-when.patch -bugfix/all/Revert-drm-amdgpu-gfx10-enlarge-CP_MEC_DOORBELL_RANG.patch -bugfix/all/block-return-the-correct-bvec-when-checking-for-gaps.patch # Miscellaneous features @@ -121,20 +110,6 @@ features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signatu # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch -bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch -bugfix/all/can-bcm-delay-release-of-struct-bcm_op-after-synchro.patch -bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch -bugfix/all/seq_file-Disallow-extremely-large-seq-buffer-allocat.patch -bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch -bugfix/all/sctp-validate-from_addr_param-return.patch -bugfix/all/sctp-add-size-validation-when-walking-chunks.patch -bugfix/all/sctp-fix-return-value-check-in-__sctp_rcv_asconf_loo.patch -bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch -bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch -bugfix/all/bpf-remove-superfluous-aux-sanitation-on-subprog-rejection.patch -bugfix/all/bpf-Add-kconfig-knob-for-disabling-unpriv-bpf-by-def.patch -bugfix/all/bpf-verifier-allocate-idmap-scratch-in-verifier-env.patch -bugfix/all/bpf-fix-pointer-arithmetic-mask-tightening-under-state-pruning.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch @@ -147,7 +122,6 @@ bugfix/all/tools-perf-remove-shebangs.patch bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch bugfix/all/cpupower-bump-soname-version.patch -bugfix/all/libcpupower-hide-private-function.patch bugfix/all/cpupower-fix-checks-for-cpu-existence.patch bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch diff --git a/debian/rules.d/scripts/kconfig/Makefile b/debian/rules.d/scripts/kconfig/Makefile index 864b50544a2b..c9ad2aaf9814 100644 --- a/debian/rules.d/scripts/kconfig/Makefile +++ b/debian/rules.d/scripts/kconfig/Makefile @@ -2,7 +2,7 @@ PROGS = conf include $(top_rulesdir)/Makefile.inc -conf: conf.o confdata.o expr.o lexer.lex.o parser.tab.o preprocess.o symbol.o util.o +conf: conf.o confdata.o expr.o lexer.lex.o menu.o parser.tab.o preprocess.o symbol.o util.o lexer.lex.o: parser.tab.h diff --git a/debian/rules.d/tools/bpf/bpftool/Makefile b/debian/rules.d/tools/bpf/bpftool/Makefile index 1df6c1f86b2b..f2b04125ea7f 100644 --- a/debian/rules.d/tools/bpf/bpftool/Makefile +++ b/debian/rules.d/tools/bpf/bpftool/Makefile @@ -24,8 +24,4 @@ install: $(MAKE_BPFTOOL) install ifeq (,$(filter nodoc,$(DEB_BUILD_PROFILES))) $(MAKE_BPFTOOL) doc-install -# doc-install installs a bpf-helpers.7 that conflicts -# with the one distributed by the manpages package. - rm $(DESTDIR)/usr/share/man/man7/bpf-helpers.7 - rmdir $(DESTDIR)/usr/share/man/man7/ endif |