diff options
| author | Romain Perier <romain.perier@gmail.com> | 2019-12-14 18:39:00 +0100 |
|---|---|---|
| committer | Romain Perier <romain.perier@opensource.viveris.fr> | 2020-01-02 16:58:52 +0100 |
| commit | 1d5e1de82a1e9e86d0f2e218a169c093bcc2ae81 (patch) | |
| tree | eb45de490cf0e535d03b5ade0d75cf353e68ca86 | |
| parent | c04a6d9e9389d34ab05e47a3b62cbb8adc825436 (diff) | |
| download | kernel_replicant_linux-1d5e1de82a1e9e86d0f2e218a169c093bcc2ae81.tar.gz kernel_replicant_linux-1d5e1de82a1e9e86d0f2e218a169c093bcc2ae81.tar.bz2 kernel_replicant_linux-1d5e1de82a1e9e86d0f2e218a169c093bcc2ae81.zip | |
Update to 5.5-rc4
17 files changed, 268 insertions, 289 deletions
diff --git a/debian/changelog b/debian/changelog index 8a097a25b1b5..22dad5385bf9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,28 @@ +linux (5.5~rc4-1~exp1) UNRELEASED; urgency=medium + + * New upstream release candidate + + [ Romain Perier ] + * [rt] Disable until it is updated for 5.5 or later + * [mips*] Remove obsolete patch + MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch + * Retrieve the new aufs5 patches from the upstream tree, with an update in + aufs5-standalone.patch (see its header). + * Refreshed patches: + - debian/dfsg/vs6624-disable.patch + - bugfix/all/firmware_class-log-every-success-and-failure.patch + - bugfix/all/ + radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch + - bugfix/all/disable-some-marvell-phys.patch + - features/all/ + security-perf-allow-further-restriction-of-perf_event_open.patch + - features/x86/x86-make-x32-syscall-support-conditional.patch + - bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch + - features/all/lockdown/ + efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch + + -- Romain Perier <romain.perier@gmail.com> Thu, 02 Jan 2020 16:44:44 +0100 + linux (5.4.6-1~exp1) UNRELEASED; urgency=medium * New upstream stable update: diff --git a/debian/config/defines b/debian/config/defines index 92f55f34f02a..e8b7bcb9e01c 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -141,7 +141,7 @@ debug-info: true signed-code: false [featureset-rt_base] -enabled: true +enabled: false [description] part-long-up: This kernel is not suitable for SMP (multi-processor, diff --git a/debian/patches/bugfix/all/disable-some-marvell-phys.patch b/debian/patches/bugfix/all/disable-some-marvell-phys.patch index 07b118389d20..527bbc0392d9 100644 --- a/debian/patches/bugfix/all/disable-some-marvell-phys.patch +++ b/debian/patches/bugfix/all/disable-some-marvell-phys.patch @@ -18,7 +18,7 @@ Index: debian-kernel/drivers/net/phy/marvell.c =================================================================== --- debian-kernel.orig/drivers/net/phy/marvell.c +++ debian-kernel/drivers/net/phy/marvell.c -@@ -937,6 +937,7 @@ static int m88e1118_config_init(struct p +@@ -1057,6 +1057,7 @@ static int m88e1118_config_init(struct p return genphy_soft_reset(phydev); } @@ -26,7 +26,7 @@ Index: debian-kernel/drivers/net/phy/marvell.c static int m88e1149_config_init(struct phy_device *phydev) { int err; -@@ -962,7 +963,9 @@ static int m88e1149_config_init(struct p +@@ -1082,7 +1083,9 @@ static int m88e1149_config_init(struct p return genphy_soft_reset(phydev); } @@ -36,7 +36,7 @@ Index: debian-kernel/drivers/net/phy/marvell.c static int m88e1145_config_init_rgmii(struct phy_device *phydev) { int err; -@@ -1037,6 +1040,7 @@ static int m88e1145_config_init(struct p +@@ -1157,6 +1160,7 @@ static int m88e1145_config_init(struct p return 0; } @@ -44,7 +44,7 @@ Index: debian-kernel/drivers/net/phy/marvell.c static int m88e1540_get_fld(struct phy_device *phydev, u8 *msecs) { -@@ -2243,6 +2247,7 @@ static struct phy_driver marvell_drivers +@@ -2376,6 +2380,7 @@ static struct phy_driver marvell_drivers .get_strings = marvell_get_strings, .get_stats = marvell_get_stats, }, @@ -52,16 +52,16 @@ Index: debian-kernel/drivers/net/phy/marvell.c { .phy_id = MARVELL_PHY_ID_88E1145, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2262,6 +2267,8 @@ static struct phy_driver marvell_drivers - .get_strings = marvell_get_strings, - .get_stats = marvell_get_stats, +@@ -2398,6 +2403,8 @@ static struct phy_driver marvell_drivers + .set_tunable = m88e1111_set_tunable, + .link_change_notify = m88e1011_link_change_notify, }, +#endif +#if 0 { .phy_id = MARVELL_PHY_ID_88E1149R, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2280,6 +2287,8 @@ static struct phy_driver marvell_drivers +@@ -2416,6 +2423,8 @@ static struct phy_driver marvell_drivers .get_strings = marvell_get_strings, .get_stats = marvell_get_stats, }, @@ -70,7 +70,7 @@ Index: debian-kernel/drivers/net/phy/marvell.c { .phy_id = MARVELL_PHY_ID_88E1240, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2298,6 +2307,7 @@ static struct phy_driver marvell_drivers +@@ -2434,6 +2443,7 @@ static struct phy_driver marvell_drivers .get_strings = marvell_get_strings, .get_stats = marvell_get_stats, }, @@ -78,7 +78,7 @@ Index: debian-kernel/drivers/net/phy/marvell.c { .phy_id = MARVELL_PHY_ID_88E1116R, .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2432,9 +2442,9 @@ static struct mdio_device_id __maybe_unu +@@ -2579,9 +2589,9 @@ static struct mdio_device_id __maybe_unu { MARVELL_PHY_ID_88E1111, MARVELL_PHY_ID_MASK }, { MARVELL_PHY_ID_88E1118, MARVELL_PHY_ID_MASK }, { MARVELL_PHY_ID_88E1121R, MARVELL_PHY_ID_MASK }, diff --git a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch index 5541f3ee7966..466e1eaaf506 100644 --- a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch +++ b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch @@ -22,12 +22,14 @@ NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n" format to detect missing firmware. --- drivers/base/firmware_loader/fallback.c | 2 +- - drivers/base/firmware_loader/main.c | 15 ++++++++------- - 2 files changed, 9 insertions(+), 8 deletions(-) + drivers/base/firmware_loader/main.c | 17 ++++++++--------- + 2 files changed, 9 insertions(+), 10 deletions(-) +diff --git a/drivers/base/firmware_loader/fallback.c b/drivers/base/firmware_loader/fallback.c +index 62ee90b4db56..199f39aa32ef 100644 --- a/drivers/base/firmware_loader/fallback.c +++ b/drivers/base/firmware_loader/fallback.c -@@ -557,7 +557,7 @@ static int fw_load_from_user_helper(stru +@@ -557,7 +557,7 @@ static int fw_load_from_user_helper(struct firmware *firmware, if (opt_flags & FW_OPT_NOWAIT) { timeout = usermodehelper_read_lock_wait(timeout); if (!timeout) { @@ -36,9 +38,11 @@ format to detect missing firmware. name); return -EBUSY; } +diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c +index 249add8c5e05..387b48d4d466 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c -@@ -496,14 +496,12 @@ fw_get_filesystem_firmware(struct device +@@ -496,15 +496,12 @@ fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv, rc = kernel_read_file_from_path(path, &buffer, &size, msize, id); if (rc) { @@ -52,12 +56,13 @@ format to detect missing firmware. + path, rc); continue; } +- dev_dbg(device, "Loading firmware from %s\n", path); + dev_info(device, "firmware: direct-loading firmware %s\n", + fw_priv->fw_name); if (decompress) { dev_dbg(device, "f/w decompressing %s\n", fw_priv->fw_name); -@@ -516,8 +514,6 @@ fw_get_filesystem_firmware(struct device +@@ -517,8 +514,6 @@ fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv, continue; } } else { @@ -66,7 +71,7 @@ format to detect missing firmware. if (!fw_priv->data) fw_priv->data = buffer; fw_priv->size = size; -@@ -527,6 +523,10 @@ fw_get_filesystem_firmware(struct device +@@ -528,6 +523,10 @@ fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv, } __putname(path); @@ -77,3 +82,6 @@ format to detect missing firmware. return rc; } +-- +2.24.0 + diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch index 6a58c734f521..0beeaf3dbd0c 100644 --- a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch +++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch @@ -10,21 +10,31 @@ dependencies of a module. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> [Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] --- -Index: debian-kernel/fs/btrfs/super.c -=================================================================== ---- debian-kernel.orig/fs/btrfs/super.c -+++ debian-kernel/fs/btrfs/super.c -@@ -2455,4 +2455,4 @@ late_initcall(init_btrfs_fs); + fs/btrfs/super.c | 2 +- + fs/ext4/super.c | 2 +- + fs/f2fs/super.c | 1 + + fs/jbd2/journal.c | 1 + + fs/nfsd/nfsctl.c | 3 +++ + 5 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c +index f452a94abdc3..149b4f5b2c13 100644 +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -2464,7 +2464,7 @@ late_initcall(init_btrfs_fs); module_exit(exit_btrfs_fs) MODULE_LICENSE("GPL"); -MODULE_SOFTDEP("pre: crc32c"); +MODULE_SOFTDEP("pre: crypto-crc32c"); -Index: debian-kernel/fs/ext4/super.c -=================================================================== ---- debian-kernel.orig/fs/ext4/super.c -+++ debian-kernel/fs/ext4/super.c -@@ -6199,6 +6199,6 @@ static void __exit ext4_exit_fs(void) + MODULE_SOFTDEP("pre: xxhash64"); + MODULE_SOFTDEP("pre: sha256"); + MODULE_SOFTDEP("pre: blake2b-256"); +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 1d82b56d9b11..1f494d1551ad 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -6186,6 +6186,6 @@ static void __exit ext4_exit_fs(void) MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"); MODULE_DESCRIPTION("Fourth Extended Filesystem"); MODULE_LICENSE("GPL"); @@ -32,21 +42,21 @@ Index: debian-kernel/fs/ext4/super.c +MODULE_SOFTDEP("pre: crypto-crc32c"); module_init(ext4_init_fs) module_exit(ext4_exit_fs) -Index: debian-kernel/fs/f2fs/super.c -=================================================================== ---- debian-kernel.orig/fs/f2fs/super.c -+++ debian-kernel/fs/f2fs/super.c -@@ -3784,4 +3784,5 @@ module_exit(exit_f2fs_fs) +diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c +index 5111e1ffe58a..ab6755c4c9c5 100644 +--- a/fs/f2fs/super.c ++++ b/fs/f2fs/super.c +@@ -3809,4 +3809,5 @@ module_exit(exit_f2fs_fs) MODULE_AUTHOR("Samsung Electronics's Praesto Team"); MODULE_DESCRIPTION("Flash Friendly File System"); MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: crypto-crc32c"); -Index: debian-kernel/fs/jbd2/journal.c -=================================================================== ---- debian-kernel.orig/fs/jbd2/journal.c -+++ debian-kernel/fs/jbd2/journal.c -@@ -2726,6 +2726,7 @@ static void __exit journal_exit(void) +diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c +index 5e408ee24a1a..ace92b6d066b 100644 +--- a/fs/jbd2/journal.c ++++ b/fs/jbd2/journal.c +@@ -2769,6 +2769,7 @@ static void __exit journal_exit(void) } MODULE_LICENSE("GPL"); @@ -54,10 +64,10 @@ Index: debian-kernel/fs/jbd2/journal.c module_init(journal_init); module_exit(journal_exit); -Index: debian-kernel/fs/nfsd/nfsctl.c -=================================================================== ---- debian-kernel.orig/fs/nfsd/nfsctl.c -+++ debian-kernel/fs/nfsd/nfsctl.c +diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c +index 11b42c523f04..c8cd73b1e0d9 100644 +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c @@ -1574,5 +1574,8 @@ static void __exit exit_nfsd(void) MODULE_AUTHOR("Olaf Kirch <okir@monad.swb.de>"); @@ -67,3 +77,6 @@ Index: debian-kernel/fs/nfsd/nfsctl.c +#endif module_init(init_nfsd) module_exit(exit_nfsd) +-- +2.24.0 + diff --git a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch index 98aab274824c..a40c600ae803 100644 --- a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch +++ b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch @@ -41,7 +41,7 @@ Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c #include "amdgpu.h" #include "amdgpu_irq.h" -@@ -1030,6 +1032,28 @@ MODULE_DEVICE_TABLE(pci, pciidlist); +@@ -1017,6 +1019,28 @@ MODULE_DEVICE_TABLE(pci, pciidlist); static struct drm_driver kms_driver; @@ -70,7 +70,7 @@ Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c static int amdgpu_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) { -@@ -1083,6 +1107,11 @@ static int amdgpu_pci_probe(struct pci_d +@@ -1070,6 +1094,11 @@ static int amdgpu_pci_probe(struct pci_d } #endif @@ -80,7 +80,7 @@ Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c + } + /* Get rid of things like offb */ - ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, 0, "amdgpudrmfb"); + ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, "amdgpudrmfb"); if (ret) Index: debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c =================================================================== @@ -135,5 +135,5 @@ Index: debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c + } + /* Get rid of things like offb */ - ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, 0, "radeondrmfb"); + ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, "radeondrmfb"); if (ret) diff --git a/debian/patches/bugfix/arm/ARM-dts-bcm283x-Fix-critical-trip-point.patch b/debian/patches/bugfix/arm/ARM-dts-bcm283x-Fix-critical-trip-point.patch deleted file mode 100644 index 2c5b0f6166a0..000000000000 --- a/debian/patches/bugfix/arm/ARM-dts-bcm283x-Fix-critical-trip-point.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Stefan Wahren <wahrenst@gmx.net> -Date: Sat, 30 Nov 2019 13:31:13 +0100 -Subject: ARM: dts: bcm283x: Fix critical trip point -Origin: https://git.kernel.org/linus/30e647a764d446723a7e0fb08d209e0104f16173 - -During definition of the CPU thermal zone of BCM283x SoC family there -was a misunderstanding of the meaning "criticial trip point" and the -thermal throttling range of the VideoCore firmware. The latter one takes -effect when the core temperature is at least 85 degree celsius or higher - -So the current critical trip point doesn't make sense, because the -thermal shutdown appears before the firmware has a chance to throttle -the ARM core(s). - -Fix these unwanted shutdowns by increasing the critical trip point -to a value which shouldn't be reached with working thermal throttling. - -Fixes: 0fe4d2181cc4 ("ARM: dts: bcm283x: Add CPU thermal zone with 1 trip point") -Signed-off-by: Stefan Wahren <wahrenst@gmx.net> -Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> ---- - arch/arm/boot/dts/bcm283x.dtsi | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm/boot/dts/bcm283x.dtsi b/arch/arm/boot/dts/bcm283x.dtsi -index 3caaa57eb6c8..839491628e87 100644 ---- a/arch/arm/boot/dts/bcm283x.dtsi -+++ b/arch/arm/boot/dts/bcm283x.dtsi -@@ -37,7 +37,7 @@ cpu_thermal: cpu-thermal { - - trips { - cpu-crit { -- temperature = <80000>; -+ temperature = <90000>; - hysteresis = <0>; - type = "critical"; - }; --- -2.24.0 - diff --git a/debian/patches/bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch b/debian/patches/bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch deleted file mode 100644 index a4bb5d1fc298..000000000000 --- a/debian/patches/bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Aurelien Jarno <aurelien@aurel32.net> -Date: Sun, 1 Dec 2019 20:35:55 +0100 -Subject: libbpf: fix readelf output parsing on powerpc with recent binutils -Origin: https://lore.kernel.org/patchwork/patch/1161149/ - -On powerpc with recent versions of binutils, readelf outputs an extra -field when dumping the symbols of an object file. For example: - - 35: 0000000000000838 96 FUNC LOCAL DEFAULT [<localentry>: 8] 1 btf_is_struct - -The extra "[<localentry>: 8]" prevents the GLOBAL_SYM_COUNT variable to -be computed correctly and causes the checkabi target to fail. - -Fix that by looking for the symbol name in the last field instead of the -8th one. This way it should also cope with future extra fields. - -Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> ---- - tools/lib/bpf/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile -index 99425d0be6ff..333900cf3f4f 100644 ---- a/tools/lib/bpf/Makefile -+++ b/tools/lib/bpf/Makefile -@@ -147,7 +147,7 @@ TAGS_PROG := $(if $(shell which etags 2>/dev/null),etags,ctags) - - GLOBAL_SYM_COUNT = $(shell readelf -s --wide $(BPF_IN_SHARED) | \ - cut -d "@" -f1 | sed 's/_v[0-9]_[0-9]_[0-9].*//' | \ -- awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$8}' | \ -+ awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$NF}' | \ - sort -u | wc -l) - VERSIONED_SYM_COUNT = $(shell readelf -s --wide $(OUTPUT)libbpf.so | \ - grep -Eo '[^ ]+@LIBBPF_' | cut -d@ -f1 | sort -u | wc -l) -@@ -216,7 +216,7 @@ check_abi: $(OUTPUT)libbpf.so - "versioned in $(VERSION_SCRIPT)." >&2; \ - readelf -s --wide $(OUTPUT)libbpf-in.o | \ - cut -d "@" -f1 | sed 's/_v[0-9]_[0-9]_[0-9].*//' | \ -- awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$8}'| \ -+ awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$NF}'| \ - sort -u > $(OUTPUT)libbpf_global_syms.tmp; \ - readelf -s --wide $(OUTPUT)libbpf.so | \ - grep -Eo '[^ ]+@LIBBPF_' | cut -d@ -f1 | \ --- -2.24.0 - diff --git a/debian/patches/debian/dfsg/vs6624-disable.patch b/debian/patches/debian/dfsg/vs6624-disable.patch index 6b213a6ffe35..b99070c0cf8d 100644 --- a/debian/patches/debian/dfsg/vs6624-disable.patch +++ b/debian/patches/debian/dfsg/vs6624-disable.patch @@ -3,13 +3,22 @@ Date: Sun, 27 May 2012 01:56:58 +0100 Subject: vs6624: mark as broken Forwarded: not-needed +--- + drivers/media/i2c/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/media/i2c/Kconfig b/drivers/media/i2c/Kconfig +index c68e002d26ea..9055d4658c78 100644 --- a/drivers/media/i2c/Kconfig +++ b/drivers/media/i2c/Kconfig -@@ -768,6 +768,7 @@ config VIDEO_OV13858 +@@ -843,6 +843,7 @@ config VIDEO_OV13858 OV13858 camera. config VIDEO_VS6624 + depends on BROKEN tristate "ST VS6624 sensor support" depends on VIDEO_V4L2 && I2C - depends on MEDIA_CAMERA_SUPPORT + help +-- +2.24.0 + diff --git a/debian/patches/features/all/aufs5/aufs5-base.patch b/debian/patches/features/all/aufs5/aufs5-base.patch index 7d745da9f6ea..bf5fccd4cd94 100644 --- a/debian/patches/features/all/aufs5/aufs5-base.patch +++ b/debian/patches/features/all/aufs5/aufs5-base.patch @@ -1,7 +1,7 @@ From: J. R. Okajima <hooanon05@yahoo.co.jp> -Date: Sat Aug 3 23:41:50 2019 +0900 +Date: Fri Sep 20 05:32:03 2019 +0900 Subject: aufs5.x-rcN base patch -Origin: https://github.com/sfjro/aufs5-standalone/tree/3326ef6942b5e40f0ecc8248a6a77002d942ea7d +Origin: https://github.com/sfjro/aufs5-standalone/tree/b7cf1e7560f30c37de4674a8249ca24ad926d5d6 Bug-Debian: https://bugs.debian.org/541828 Patch headers added by debian/bin/genpatch-aufs @@ -10,10 +10,10 @@ SPDX-License-Identifier: GPL-2.0 aufs5.x-rcN base patch diff --git a/MAINTAINERS b/MAINTAINERS -index 6426db5198f0..332a330a8614 100644 +index a50e97a63bc8..bd7c76319a85 100644 --- a/MAINTAINERS +++ b/MAINTAINERS -@@ -2818,6 +2818,19 @@ F: include/linux/audit.h +@@ -2822,6 +2822,19 @@ F: include/linux/audit.h F: include/uapi/linux/audit.h F: kernel/audit* @@ -34,7 +34,7 @@ index 6426db5198f0..332a330a8614 100644 M: Miguel Ojeda Sandonis <miguel.ojeda.sandonis@gmail.com> S: Maintained diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 44c9985f352a..fc0584d8b8fd 100644 +index ab7ca5989097..80d06084b043 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -738,6 +738,24 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, @@ -128,7 +128,7 @@ index d28d30b13043..34c8093ddb1d 100644 * vfsmount lock must be held for write */ diff --git a/fs/read_write.c b/fs/read_write.c -index 1f5088dec566..f84e1d9c2434 100644 +index 5bbf587f5bc1..3265bb84f152 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -498,6 +498,28 @@ static ssize_t __vfs_write(struct file *file, const char __user *p, @@ -202,7 +202,7 @@ index 4d1ff010bc5a..457f4e4a5cc1 100644 if (wait) sync_inodes_sb(sb); diff --git a/include/linux/fs.h b/include/linux/fs.h -index 56b8e358af5c..5e914b18a5a2 100644 +index 997a530ff4e9..3dbec51c2037 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1331,6 +1331,7 @@ extern void fasync_free(struct fasync_struct *); diff --git a/debian/patches/features/all/aufs5/aufs5-mmap.patch b/debian/patches/features/all/aufs5/aufs5-mmap.patch index 5bfe2a8f08e7..367c0b842909 100644 --- a/debian/patches/features/all/aufs5/aufs5-mmap.patch +++ b/debian/patches/features/all/aufs5/aufs5-mmap.patch @@ -1,7 +1,7 @@ From: J. R. Okajima <hooanon05@yahoo.co.jp> -Date: Sat Aug 3 23:41:50 2019 +0900 +Date: Fri Sep 20 05:32:03 2019 +0900 Subject: aufs5.x-rcN mmap patch -Origin: https://github.com/sfjro/aufs5-standalone/tree/3326ef6942b5e40f0ecc8248a6a77002d942ea7d +Origin: https://github.com/sfjro/aufs5-standalone/tree/b7cf1e7560f30c37de4674a8249ca24ad926d5d6 Bug-Debian: https://bugs.debian.org/541828 Patch headers added by debian/bin/genpatch-aufs @@ -83,7 +83,7 @@ Index: debian-kernel/include/linux/mm.h =================================================================== --- debian-kernel.orig/include/linux/mm.h +++ debian-kernel/include/linux/mm.h -@@ -1515,6 +1515,28 @@ static inline void unmap_shared_mapping_ +@@ -1495,6 +1495,28 @@ static inline void unmap_shared_mapping_ unmap_mapping_range(mapping, holebegin, holelen, 0); } @@ -116,7 +116,7 @@ Index: debian-kernel/include/linux/mm_types.h =================================================================== --- debian-kernel.orig/include/linux/mm_types.h +++ debian-kernel/include/linux/mm_types.h -@@ -262,6 +262,7 @@ struct vm_region { +@@ -267,6 +267,7 @@ struct vm_region { unsigned long vm_top; /* region allocated to here */ unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */ struct file *vm_file; /* the backing file or NULL */ @@ -124,7 +124,7 @@ Index: debian-kernel/include/linux/mm_types.h int vm_usage; /* region usage count (access under nommu_region_sem) */ bool vm_icache_flushed : 1; /* true if the icache has been flushed for -@@ -336,6 +337,7 @@ struct vm_area_struct { +@@ -341,6 +342,7 @@ struct vm_area_struct { unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE units */ struct file * vm_file; /* File we map to (can be NULL). */ @@ -136,7 +136,7 @@ Index: debian-kernel/kernel/fork.c =================================================================== --- debian-kernel.orig/kernel/fork.c +++ debian-kernel/kernel/fork.c -@@ -562,7 +562,7 @@ static __latent_entropy int dup_mmap(str +@@ -565,7 +565,7 @@ static __latent_entropy int dup_mmap(str struct inode *inode = file_inode(file); struct address_space *mapping = file->f_mapping; @@ -162,7 +162,7 @@ Index: debian-kernel/mm/filemap.c =================================================================== --- debian-kernel.orig/mm/filemap.c +++ debian-kernel/mm/filemap.c -@@ -2695,7 +2695,7 @@ vm_fault_t filemap_page_mkwrite(struct v +@@ -2675,7 +2675,7 @@ vm_fault_t filemap_page_mkwrite(struct v vm_fault_t ret = VM_FAULT_LOCKED; sb_start_pagefault(inode->i_sb); @@ -184,7 +184,7 @@ Index: debian-kernel/mm/mmap.c mpol_put(vma_policy(vma)); vm_area_free(vma); return next; -@@ -940,7 +940,7 @@ again: +@@ -915,7 +915,7 @@ again: if (remove_next) { if (file) { uprobe_munmap(next, next->vm_start, next->vm_end); @@ -193,7 +193,7 @@ Index: debian-kernel/mm/mmap.c } if (next->anon_vma) anon_vma_merge(vma, next); -@@ -1865,8 +1865,8 @@ out: +@@ -1843,8 +1843,8 @@ out: return addr; unmap_and_free_vma: @@ -203,7 +203,7 @@ Index: debian-kernel/mm/mmap.c /* Undo any partial mapping done by a device driver. */ unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); -@@ -2695,7 +2695,7 @@ int __split_vma(struct mm_struct *mm, st +@@ -2673,7 +2673,7 @@ int __split_vma(struct mm_struct *mm, st goto out_free_mpol; if (new->vm_file) @@ -212,7 +212,7 @@ Index: debian-kernel/mm/mmap.c if (new->vm_ops && new->vm_ops->open) new->vm_ops->open(new); -@@ -2714,7 +2714,7 @@ int __split_vma(struct mm_struct *mm, st +@@ -2692,7 +2692,7 @@ int __split_vma(struct mm_struct *mm, st if (new->vm_ops && new->vm_ops->close) new->vm_ops->close(new); if (new->vm_file) @@ -221,7 +221,7 @@ Index: debian-kernel/mm/mmap.c unlink_anon_vmas(new); out_free_mpol: mpol_put(vma_policy(new)); -@@ -2906,7 +2906,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsign +@@ -2884,7 +2884,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsign struct vm_area_struct *vma; unsigned long populate = 0; unsigned long ret = -EINVAL; @@ -230,7 +230,7 @@ Index: debian-kernel/mm/mmap.c pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.\n", current->comm, current->pid); -@@ -2981,10 +2981,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsign +@@ -2959,10 +2959,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsign } } @@ -259,7 +259,7 @@ Index: debian-kernel/mm/mmap.c out: up_write(&mm->mmap_sem); if (populate) -@@ -3274,7 +3291,7 @@ struct vm_area_struct *copy_vma(struct v +@@ -3253,7 +3270,7 @@ struct vm_area_struct *copy_vma(struct v if (anon_vma_clone(new_vma, vma)) goto out_free_mempol; if (new_vma->vm_file) @@ -272,7 +272,7 @@ Index: debian-kernel/mm/nommu.c =================================================================== --- debian-kernel.orig/mm/nommu.c +++ debian-kernel/mm/nommu.c -@@ -552,7 +552,7 @@ static void __put_nommu_region(struct vm +@@ -563,7 +563,7 @@ static void __put_nommu_region(struct vm up_write(&nommu_region_sem); if (region->vm_file) @@ -281,7 +281,7 @@ Index: debian-kernel/mm/nommu.c /* IO memory and memory shared directly out of the pagecache * from ramfs/tmpfs mustn't be released here */ -@@ -690,7 +690,7 @@ static void delete_vma(struct mm_struct +@@ -695,7 +695,7 @@ static void delete_vma(struct mm_struct if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) @@ -290,7 +290,7 @@ Index: debian-kernel/mm/nommu.c put_nommu_region(vma->vm_region); vm_area_free(vma); } -@@ -1213,7 +1213,7 @@ unsigned long do_mmap(struct file *file, +@@ -1218,7 +1218,7 @@ unsigned long do_mmap(struct file *file, goto error_just_free; } } @@ -299,7 +299,7 @@ Index: debian-kernel/mm/nommu.c kmem_cache_free(vm_region_jar, region); region = pregion; result = start; -@@ -1290,10 +1290,10 @@ error_just_free: +@@ -1295,10 +1295,10 @@ error_just_free: up_write(&nommu_region_sem); error: if (region->vm_file) diff --git a/debian/patches/features/all/aufs5/aufs5-standalone.patch b/debian/patches/features/all/aufs5/aufs5-standalone.patch index a5d576c45e36..70b3b08a96c8 100644 --- a/debian/patches/features/all/aufs5/aufs5-standalone.patch +++ b/debian/patches/features/all/aufs5/aufs5-standalone.patch @@ -1,17 +1,22 @@ From: J. R. Okajima <hooanon05@yahoo.co.jp> -Date: Sat Aug 3 23:41:50 2019 +0900 +Date: Tue Sep 3 18:57:39 2019 +0900 Subject: aufs5.x-rcN standalone patch -Origin: https://github.com/sfjro/aufs5-standalone/tree/3326ef6942b5e40f0ecc8248a6a77002d942ea7d +Origin: https://github.com/sfjro/aufs5-standalone/tree/b7cf1e7560f30c37de4674a8249ca24ad926d5d6 Bug-Debian: https://bugs.debian.org/541828 -Patch headers added by debian/bin/genpatch-aufs +Patch headers added by debian/bin/genpatch-aufs. This patch collides with the +upstream code base, so it has been updated to remove the export of the symbol +__devcgroup_check_permission in security/device_cgroup.c (the symbol is no longer +global, it is static now). SPDX-License-Identifier: GPL-2.0 aufs5.x-rcN standalone patch +diff --git a/fs/dcache.c b/fs/dcache.c +index 046000653e4d..15aa871d1b45 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -1369,6 +1369,7 @@ rename_retry: +@@ -1371,6 +1371,7 @@ void d_walk(struct dentry *parent, void *data, seq = 1; goto again; } @@ -19,7 +24,7 @@ aufs5.x-rcN standalone patch struct check_mount { struct vfsmount *mnt; -@@ -2914,6 +2915,7 @@ void d_exchange(struct dentry *dentry1, +@@ -2916,6 +2917,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2) write_sequnlock(&rename_lock); } @@ -27,9 +32,11 @@ aufs5.x-rcN standalone patch /** * d_ancestor - search for an ancestor +diff --git a/fs/exec.c b/fs/exec.c +index 74d88dab98dd..71eb4fcace94 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -110,6 +110,7 @@ bool path_noexec(const struct path *path +@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path) return (path->mnt->mnt_flags & MNT_NOEXEC) || (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); } @@ -37,9 +44,11 @@ aufs5.x-rcN standalone patch #ifdef CONFIG_USELIB /* +diff --git a/fs/fcntl.c b/fs/fcntl.c +index c01290dcb893..113ccee10a97 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c -@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, un +@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, unsigned long arg) out: return error; } @@ -47,9 +56,11 @@ aufs5.x-rcN standalone patch static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, int force) +diff --git a/fs/file_table.c b/fs/file_table.c +index 30d55c9a1744..34b9bbf4c556 100644 --- a/fs/file_table.c +++ b/fs/file_table.c -@@ -162,6 +162,7 @@ over: +@@ -162,6 +162,7 @@ struct file *alloc_empty_file(int flags, const struct cred *cred) } return ERR_PTR(-ENFILE); } @@ -65,9 +76,11 @@ aufs5.x-rcN standalone patch void __init files_init(void) { +diff --git a/fs/inode.c b/fs/inode.c +index aaeacde398ee..5be87f2d3828 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -1682,6 +1682,7 @@ int update_time(struct inode *inode, str +@@ -1682,6 +1682,7 @@ int update_time(struct inode *inode, struct timespec64 *time, int flags) return update_time(inode, time, flags); } @@ -75,9 +88,11 @@ aufs5.x-rcN standalone patch /** * touch_atime - update the access time +diff --git a/fs/namespace.c b/fs/namespace.c +index 5575ea7f1361..5a37cc5b92f0 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -431,6 +431,7 @@ void __mnt_drop_write(struct vfsmount *m +@@ -431,6 +431,7 @@ void __mnt_drop_write(struct vfsmount *mnt) mnt_dec_writers(real_mount(mnt)); preempt_enable(); } @@ -85,7 +100,7 @@ aufs5.x-rcN standalone patch /** * mnt_drop_write - give up write access to a mount -@@ -781,6 +782,7 @@ int is_current_mnt_ns(struct vfsmount *m +@@ -781,6 +782,7 @@ int is_current_mnt_ns(struct vfsmount *mnt) { return check_mnt(real_mount(mnt)); } @@ -93,7 +108,7 @@ aufs5.x-rcN standalone patch /* * vfsmount lock must be held for write -@@ -1903,6 +1905,7 @@ int iterate_mounts(int (*f)(struct vfsmo +@@ -1903,6 +1905,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg, } return 0; } @@ -101,9 +116,11 @@ aufs5.x-rcN standalone patch static void lock_mnt_tree(struct mount *mnt) { +diff --git a/fs/notify/group.c b/fs/notify/group.c +index 133f723aca07..0b9f7f6d8390 100644 --- a/fs/notify/group.c +++ b/fs/notify/group.c -@@ -99,6 +99,7 @@ void fsnotify_get_group(struct fsnotify_ +@@ -99,6 +99,7 @@ void fsnotify_get_group(struct fsnotify_group *group) { refcount_inc(&group->refcnt); } @@ -111,9 +128,11 @@ aufs5.x-rcN standalone patch /* * Drop a reference to a group. Free it if it's through. +diff --git a/fs/open.c b/fs/open.c +index b62f5c0923a8..89af4b9c7319 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -65,6 +65,7 @@ int do_truncate(struct dentry *dentry, l +@@ -65,6 +65,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, inode_unlock(dentry->d_inode); return ret; } @@ -121,9 +140,11 @@ aufs5.x-rcN standalone patch long vfs_truncate(const struct path *path, loff_t length) { +diff --git a/fs/read_write.c b/fs/read_write.c +index 3265bb84f152..5b2dbddb0efe 100644 --- a/fs/read_write.c +++ b/fs/read_write.c -@@ -468,6 +468,7 @@ ssize_t vfs_read(struct file *file, char +@@ -468,6 +468,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) return ret; } @@ -139,7 +160,7 @@ aufs5.x-rcN standalone patch vfs_writef_t vfs_writef(struct file *file) { -@@ -519,6 +521,7 @@ vfs_writef_t vfs_writef(struct file *fil +@@ -519,6 +521,7 @@ vfs_writef_t vfs_writef(struct file *file) return new_sync_write; return ERR_PTR(-ENOSYS); } @@ -147,7 +168,7 @@ aufs5.x-rcN standalone patch ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { -@@ -588,6 +591,7 @@ ssize_t vfs_write(struct file *file, con +@@ -588,6 +591,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_ return ret; } @@ -155,9 +176,11 @@ aufs5.x-rcN standalone patch /* file_ppos returns &file->f_pos or NULL if file is stream */ static inline loff_t *file_ppos(struct file *file) +diff --git a/fs/splice.c b/fs/splice.c +index d9bcc4a71a0a..bf8725e99070 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -847,6 +847,7 @@ long do_splice_from(struct pipe_inode_in +@@ -862,6 +862,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out, return splice_write(pipe, out, ppos, len, flags); } @@ -165,7 +188,7 @@ aufs5.x-rcN standalone patch /* * Attempt to initiate a splice from a file to a pipe. -@@ -876,6 +877,7 @@ long do_splice_to(struct file *in, loff_ +@@ -891,6 +892,7 @@ long do_splice_to(struct file *in, loff_t *ppos, return splice_read(in, ppos, pipe, len, flags); } @@ -173,9 +196,11 @@ aufs5.x-rcN standalone patch /** * splice_direct_to_actor - splices data directly between two non-pipes +diff --git a/fs/sync.c b/fs/sync.c +index 457f4e4a5cc1..67c66358f3fe 100644 --- a/fs/sync.c +++ b/fs/sync.c -@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block +@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block *sb, int wait) sb->s_op->sync_fs(sb, wait); return __sync_blockdev(sb->s_bdev, wait); } @@ -183,9 +208,11 @@ aufs5.x-rcN standalone patch /* * Write out and wait upon all dirty data associated with this +diff --git a/fs/xattr.c b/fs/xattr.c +index 90dd78f0eb27..40b01dd1b14a 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry +@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, *xattr_value = value; return error; } @@ -193,9 +220,11 @@ aufs5.x-rcN standalone patch ssize_t __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, +diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c +index 9d1b34c71e3c..bfa1670007fe 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c -@@ -174,6 +174,7 @@ inline struct lock_class *lockdep_hlock_ +@@ -174,6 +174,7 @@ inline struct lock_class *lockdep_hlock_class(struct held_lock *hlock) */ return lock_classes + class_idx; } @@ -203,23 +232,20 @@ aufs5.x-rcN standalone patch #define hlock_class(hlock) lockdep_hlock_class(hlock) #ifdef CONFIG_LOCK_STAT +diff --git a/kernel/task_work.c b/kernel/task_work.c +index 0fef395662a6..83fb1ecfc33d 100644 --- a/kernel/task_work.c +++ b/kernel/task_work.c -@@ -117,3 +117,4 @@ void task_work_run(void) +@@ -116,3 +116,4 @@ void task_work_run(void) } while (work); } } +EXPORT_SYMBOL_GPL(task_work_run); ---- a/security/device_cgroup.c -+++ b/security/device_cgroup.c -@@ -824,3 +824,4 @@ int __devcgroup_check_permission(short t - - return 0; - } -+EXPORT_SYMBOL_GPL(__devcgroup_check_permission); +diff --git a/security/security.c b/security/security.c +index cd2d18d2d279..fbf716450399 100644 --- a/security/security.c +++ b/security/security.c -@@ -1040,6 +1040,7 @@ int security_path_rmdir(const struct pat +@@ -1036,6 +1036,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry) return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } @@ -227,7 +253,7 @@ aufs5.x-rcN standalone patch int security_path_unlink(const struct path *dir, struct dentry *dentry) { -@@ -1056,6 +1057,7 @@ int security_path_symlink(const struct p +@@ -1052,6 +1053,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry, return 0; return call_int_hook(path_symlink, 0, dir, dentry, old_name); } @@ -235,7 +261,7 @@ aufs5.x-rcN standalone patch int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) -@@ -1064,6 +1066,7 @@ int security_path_link(struct dentry *ol +@@ -1060,6 +1062,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir, return 0; return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } @@ -243,7 +269,7 @@ aufs5.x-rcN standalone patch int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, -@@ -1091,6 +1094,7 @@ int security_path_truncate(const struct +@@ -1087,6 +1090,7 @@ int security_path_truncate(const struct path *path) return 0; return call_int_hook(path_truncate, 0, path); } @@ -251,7 +277,7 @@ aufs5.x-rcN standalone patch int security_path_chmod(const struct path *path, umode_t mode) { -@@ -1098,6 +1102,7 @@ int security_path_chmod(const struct pat +@@ -1094,6 +1098,7 @@ int security_path_chmod(const struct path *path, umode_t mode) return 0; return call_int_hook(path_chmod, 0, path, mode); } @@ -259,7 +285,7 @@ aufs5.x-rcN standalone patch int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { -@@ -1105,6 +1110,7 @@ int security_path_chown(const struct pat +@@ -1101,6 +1106,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) return 0; return call_int_hook(path_chown, 0, path, uid, gid); } @@ -267,7 +293,7 @@ aufs5.x-rcN standalone patch int security_path_chroot(const struct path *path) { -@@ -1205,6 +1211,7 @@ int security_inode_permission(struct ino +@@ -1201,6 +1207,7 @@ int security_inode_permission(struct inode *inode, int mask) return 0; return call_int_hook(inode_permission, 0, inode, mask); } @@ -275,7 +301,7 @@ aufs5.x-rcN standalone patch int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { -@@ -1382,6 +1389,7 @@ int security_file_permission(struct file +@@ -1378,6 +1385,7 @@ int security_file_permission(struct file *file, int mask) return fsnotify_perm(file, mask); } @@ -283,3 +309,6 @@ aufs5.x-rcN standalone patch int security_file_alloc(struct file *file) { +-- +2.24.0 + diff --git a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch index beb3afa5cdc6..263f8ef49f8c 100644 --- a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch +++ b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch @@ -22,9 +22,11 @@ cc: linux-efi@vger.kernel.org 4 files changed, 51 insertions(+), 19 deletions(-) create mode 100644 drivers/firmware/efi/secureboot.c +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index cedfe2077a69..21371b49dd32 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1179,19 +1179,7 @@ void __init setup_arch(char **cmdline_p) +@@ -1193,19 +1193,7 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -45,9 +47,11 @@ cc: linux-efi@vger.kernel.org reserve_initrd(); +diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile +index 554d795270d9..d2e17e26ac55 100644 --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile -@@ -24,6 +24,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_m +@@ -24,6 +24,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_map.o obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o obj-$(CONFIG_EFI_TEST) += test/ obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o @@ -55,6 +59,9 @@ cc: linux-efi@vger.kernel.org obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o +diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c +new file mode 100644 +index 000000000000..bf16cfb6a028 --- /dev/null +++ b/drivers/firmware/efi/secureboot.c @@ -0,0 +1,39 @@ @@ -91,19 +98,21 @@ cc: linux-efi@vger.kernel.org + pr_info("Secure boot enabled\n"); + break; + default: -+ pr_warning("Secure boot could not be determined (mode %u)\n", -+ mode); ++ pr_warn("Secure boot could not be determined (mode %u)\n", ++ mode); + break; + } + } +} +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 99dfea595c8c..c68e6251604b 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -1202,6 +1202,14 @@ extern int __init efi_setup_pcdp_console - #define EFI_DBG 8 /* Print additional debug info at runtime */ +@@ -1203,6 +1203,14 @@ extern int __init efi_setup_pcdp_console(char *); #define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */ #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ -+#define EFI_SECURE_BOOT 11 /* Are we in Secure Boot mode? */ + #define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */ ++#define EFI_SECURE_BOOT 12 /* Are we in Secure Boot mode? */ + +enum efi_secureboot_mode { + efi_secureboot_mode_unset, @@ -114,15 +123,15 @@ cc: linux-efi@vger.kernel.org #ifdef CONFIG_EFI /* -@@ -1212,6 +1220,7 @@ static inline bool efi_enabled(int featu - return test_bit(feature, &efi.flags) != 0; +@@ -1221,6 +1229,7 @@ static inline bool __pure efi_soft_reserve_enabled(void) + return IS_ENABLED(CONFIG_EFI_SOFT_RESERVE) + && __efi_soft_reserve_enabled(); } - extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused); +extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); #else static inline bool efi_enabled(int feature) { -@@ -1225,6 +1234,7 @@ efi_capsule_pending(int *reset_type) +@@ -1239,6 +1248,7 @@ static inline bool efi_soft_reserve_enabled(void) { return false; } @@ -130,7 +139,7 @@ cc: linux-efi@vger.kernel.org #endif extern int efi_status_to_err(efi_status_t status); -@@ -1616,12 +1626,6 @@ static inline bool efi_runtime_disabled( +@@ -1644,12 +1654,6 @@ static inline bool efi_runtime_disabled(void) { return true; } extern void efi_call_virt_check_flags(unsigned long flags, const char *call); extern unsigned long efi_call_virt_save_flags(void); @@ -143,3 +152,6 @@ cc: linux-efi@vger.kernel.org enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table); #ifdef CONFIG_RESET_ATTACK_MITIGATION +-- +2.24.0 + diff --git a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch index 6acd429db468..1ffdc9e0e201 100644 --- a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch +++ b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch @@ -15,9 +15,16 @@ at run-time regardless of whether the default is changed. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- + include/linux/perf_event.h | 5 +++++ + kernel/events/core.c | 8 ++++++++ + security/Kconfig | 9 +++++++++ + 3 files changed, 22 insertions(+) + +diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h +index 6d4c22aee384..e9c8c4e0cc5b 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -1145,6 +1145,11 @@ extern int perf_cpu_time_max_percent_han +@@ -1270,6 +1270,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, int perf_event_max_stack_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); @@ -26,12 +33,14 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> + return sysctl_perf_event_paranoid > 2; +} + - static inline bool perf_paranoid_tracepoint_raw(void) - { - return sysctl_perf_event_paranoid > -1; + /* Access to perf_event_open(2) syscall. */ + #define PERF_SECURITY_OPEN 0 + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 4ff86d57f9e5..4bc23d47ec07 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -389,8 +389,13 @@ static struct srcu_struct pmus_srcu; +@@ -398,8 +398,13 @@ static cpumask_var_t perf_online_mask; * 0 - disallow raw tracepoint access for unpriv * 1 - disallow cpu events for unpriv * 2 - disallow kernel profiling for unpriv @@ -45,19 +54,21 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -9395,6 +9400,9 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -11170,6 +11175,9 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; + if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) + return -EACCES; + - err = perf_copy_attr(attr_uptr, &attr); + /* Do we allow access to perf_event_open(2) ? */ + err = security_perf_event_open(&attr, PERF_SECURITY_OPEN); if (err) - return err; +diff --git a/security/Kconfig b/security/Kconfig +index 2a1a2d396228..c66f43a36dbe 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -18,6 +18,15 @@ config SECURITY_DMESG_RESTRICT +@@ -19,6 +19,15 @@ config SECURITY_DMESG_RESTRICT If you are unsure how to answer this question, answer N. @@ -73,3 +84,6 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> config SECURITY bool "Enable different security models" depends on SYSFS +-- +2.24.0 + diff --git a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch b/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch deleted file mode 100644 index a40d273dca06..000000000000 --- a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch +++ /dev/null @@ -1,57 +0,0 @@ -From: Aurelien Jarno <aurelien@aurel32.net> -Date: Sun, 20 Jul 2014 19:16:31 +0200 -Subject: MIPS: Loongson 3: Add Loongson LS3A RS780E 1-way machine definition -Forwarded: no - -Add a Loongson LS3A RS780E 1-way machine definition, which only differs -from other Loongson 3 based machines by the UART base clock speed. - -Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> -[bwh: Forward-ported to 4.2] ---- - arch/mips/include/asm/bootinfo.h | 1 + - arch/mips/loongson64/common/machtype.c | 1 + - arch/mips/loongson64/common/serial.c | 1 + - arch/mips/loongson64/common/uart_base.c | 1 + - 4 files changed, 4 insertions(+) - ---- a/arch/mips/include/asm/bootinfo.h -+++ b/arch/mips/include/asm/bootinfo.h -@@ -71,6 +71,7 @@ enum loongson_machine_type { - MACH_LEMOTE_NAS, - MACH_LEMOTE_LL2F, - MACH_LOONGSON_GENERIC, -+ MACH_LOONGSON_3A780E1W, - MACH_LOONGSON_END - }; - ---- a/arch/mips/loongson64/common/machtype.c -+++ b/arch/mips/loongson64/common/machtype.c -@@ -28,6 +28,7 @@ static const char *system_types[] = { - [MACH_LEMOTE_NAS] = "lemote-nas-2f", - [MACH_LEMOTE_LL2F] = "lemote-lynloong-2f", - [MACH_LOONGSON_GENERIC] = "generic-loongson-machine", -+ [MACH_LOONGSON_3A780E1W] = "loongson-ls3a-rs780e-1w", - [MACH_LOONGSON_END] = NULL, - }; - ---- a/arch/mips/loongson64/common/serial.c -+++ b/arch/mips/loongson64/common/serial.c -@@ -48,6 +48,7 @@ static struct plat_serial8250_port uart8 - [MACH_LEMOTE_NAS] = {PORT_M(3, 3686400), {} }, - [MACH_LEMOTE_LL2F] = {PORT(3, 1843200), {} }, - [MACH_LOONGSON_GENERIC] = {PORT_M(2, 25000000), {} }, -+ [MACH_LOONGSON_3A780E1W] = {PORT_M(2, 33177600), {} }, - [MACH_LOONGSON_END] = {}, - }; - ---- a/arch/mips/loongson64/common/uart_base.c -+++ b/arch/mips/loongson64/common/uart_base.c -@@ -25,6 +25,7 @@ void prom_init_loongson_uart_base(void) - { - switch (mips_machtype) { - case MACH_LOONGSON_GENERIC: -+ case MACH_LOONGSON_3A780E1W: - /* The CPU provided serial port (CPU) */ - loongson_uart_base[0] = LOONGSON_REG_BASE + 0x1e0; - break; diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch index cf6b4eda6ff9..3e82000ad04f 100644 --- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -19,17 +19,19 @@ Kconfig parameter to set its default value and a kernel parameter Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- - Documentation/admin-guide/kernel-parameters.txt | 4 ++ - arch/x86/Kconfig | 8 ++++ - arch/x86/entry/common.c | 3 + - arch/x86/entry/syscall_64.c | 46 ++++++++++++++++++++++++ - arch/x86/include/asm/elf.h | 4 +- - arch/x86/include/asm/syscall.h | 13 ++++++ + .../admin-guide/kernel-parameters.txt | 4 ++ + arch/x86/Kconfig | 8 ++++ + arch/x86/entry/common.c | 3 +- + arch/x86/entry/syscall_64.c | 46 +++++++++++++++++++ + arch/x86/include/asm/elf.h | 4 +- + arch/x86/include/asm/syscall.h | 13 ++++++ 6 files changed, 76 insertions(+), 2 deletions(-) +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index ade4e6ec23e0..566631580a15 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4678,6 +4678,10 @@ +@@ -4733,6 +4733,10 @@ switches= [HW,M68k] @@ -40,9 +42,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> sysfs.deprecated=0|1 [KNL] Enable/disable old style sysfs layout for old udev on older distributions. When this option is enabled +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 5e8949953660..9049f22e0fe9 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -2901,6 +2901,14 @@ config COMPAT_32 +@@ -2935,6 +2935,14 @@ config COMPAT_32 select HAVE_UID16 select OLD_SIGSUSPEND3 @@ -57,9 +61,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> config COMPAT def_bool y depends on IA32_EMULATION || X86_X32 +diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c +index 9747876980b5..99d198306659 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c -@@ -289,7 +289,8 @@ __visible void do_syscall_64(unsigned lo +@@ -293,7 +293,8 @@ __visible void do_syscall_64(unsigned long nr, struct pt_regs *regs) nr = array_index_nospec(nr, NR_syscalls); regs->ax = sys_call_table[nr](regs); #ifdef CONFIG_X86_X32_ABI @@ -69,6 +75,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> (nr & ~__X32_SYSCALL_BIT) < X32_NR_syscalls)) { nr = array_index_nospec(nr & ~__X32_SYSCALL_BIT, X32_NR_syscalls); +diff --git a/arch/x86/entry/syscall_64.c b/arch/x86/entry/syscall_64.c +index adf619a856e8..cf450e0a9d5a 100644 --- a/arch/x86/entry/syscall_64.c +++ b/arch/x86/entry/syscall_64.c @@ -4,6 +4,9 @@ @@ -78,10 +86,10 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +#include <linux/moduleparam.h> +#undef MODULE_PARAM_PREFIX +#define MODULE_PARAM_PREFIX "syscall." + #include <linux/syscalls.h> #include <asm/asm-offsets.h> #include <asm/syscall.h> - -@@ -47,4 +50,47 @@ asmlinkage const sys_call_ptr_t x32_sys_ +@@ -53,4 +56,47 @@ asmlinkage const sys_call_ptr_t x32_sys_call_table[__NR_syscall_x32_max+1] = { #undef __SYSCALL_64 #undef __SYSCALL_X32 @@ -129,6 +137,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +arch_param_cb(x32, &x32_param_ops, NULL, 0444); + #endif +diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h +index 69c0f892e310..4cfc1795e2c4 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -11,6 +11,7 @@ @@ -149,6 +159,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> #if __USER32_DS != __USER_DS # error "The following code assumes __USER32_DS == __USER_DS" +diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h +index 8db3fdb6102e..704f7fc1dd08 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h @@ -13,6 +13,7 @@ @@ -159,7 +171,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> #include <asm/asm-offsets.h> /* For NR_syscalls */ #include <asm/thread_info.h> /* for TS_COMPAT */ #include <asm/unistd.h> -@@ -40,6 +41,18 @@ extern const sys_call_ptr_t ia32_sys_cal +@@ -40,6 +41,18 @@ extern const sys_call_ptr_t ia32_sys_call_table[]; extern const sys_call_ptr_t x32_sys_call_table[]; #endif @@ -178,3 +190,6 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> /* * Only the low 32 bits of orig_ax are meaningful, so we return int. * This importantly ignores the high bits on 64-bit, so comparisons +-- +2.24.0 + diff --git a/debian/patches/series b/debian/patches/series index 93120a19e34e..25f79e5765ea 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -71,11 +71,8 @@ bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch -bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch -bugfix/arm/ARM-dts-bcm283x-Fix-critical-trip-point.patch # Arch features -features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch features/x86/x86-memtest-WARN-if-bad-RAM-found.patch features/x86/x86-make-x32-syscall-support-conditional.patch |