From b121f36bc96809ae6be12bf57374d4aae14bbd61 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 23 Feb 2014 21:34:10 -0200 Subject: linux-libre-lts-knock-3.10.32-1: updating version --- kernels/linux-libre-lts-knock/PKGBUILD | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'kernels') diff --git a/kernels/linux-libre-lts-knock/PKGBUILD b/kernels/linux-libre-lts-knock/PKGBUILD index bd7334688..83213341b 100644 --- a/kernels/linux-libre-lts-knock/PKGBUILD +++ b/kernels/linux-libre-lts-knock/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 206183 2014-02-21 10:15:31Z bpiotrowski $ +# $Id: PKGBUILD 206261 2014-02-23 10:06:10Z andyrtr $ # Maintainer: Tobias Powalowski # Maintainer: Thomas Baechler # Maintainer (Parabola): André Silva @@ -10,11 +10,11 @@ pkgbase=linux-libre-lts-knock # Build stock -LIBRE-LTS-KNOCK kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.10 -_sublevel=31 +_sublevel=32 _knockpatchver=${_basekernel} pkgver=${_basekernel}.${_sublevel} pkgrel=1 -_lxopkgver=${_basekernel}.30 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.31 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -34,7 +34,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'criu-no-expert.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('d562fd52580a3b6b18b6eeb5921d1d5c' - '36a430003252c2f5e7a6f8e3365871ca' + 'e344eea547efba42562dd8ff16593116' '26380d6f05471ef8e065a77d87588009' 'f22e0a6a7634902f5a00eb25ad677c65' '6550ba0e23b7729cd9db2475bde8fac2' @@ -44,7 +44,7 @@ md5sums=('d562fd52580a3b6b18b6eeb5921d1d5c' '04b21c79df0a952c22d681dd4f4562df' 'f3def2cefdcbb954c21d8505d23cc83c' 'd50c1ac47394e9aec637002ef3392bd1' - '8e0bb5cbd34b0e7391049eba25d135be') + 'bfac14a0d1a3a0b0fbf09ba3a0ff6e88') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] -- cgit v1.2.3 From 2c1a93591e705edf2f906507c90e953b82480049 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 23 Feb 2014 21:47:35 -0200 Subject: linux-libre-grsec: update grsec patch --- kernels/linux-libre-grsec/PKGBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'kernels') diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD index b5aad3bbb..28c6c1e8f 100644 --- a/kernels/linux-libre-grsec/PKGBUILD +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -12,7 +12,7 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel _basekernel=3.13 _sublevel=4 _grsecver=3.0 -_timestamp=201402201908 +_timestamp=201402221308 pkgver=${_basekernel}.${_sublevel} pkgrel=1 _lxopkgver=${_basekernel}.3 # nearly always the same as pkgver @@ -46,7 +46,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' '3659d30b1d06dd5b7874ae04c946863b' - '98bb51189e0fe96a10362ddcbb79a134' + '0022d89a923e5e871ba53db1f969e46e' 'a2718a1b47c6c3b0774ce786488d22c3' 'cbe58a543b96ae282c674875b1940e59' '5f66bed97a5c37e48eb2f71b2d354b9a' -- cgit v1.2.3 From a602ffbd7ff9ed3faaf1e7a172d98f4511c8f11f Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 23 Feb 2014 21:52:15 -0200 Subject: linux-libre-{pae,xen}-3.13.5-1: updating version --- .../0001-quirk-asm_volatile_goto.patch | 51 ---------------------- kernels/linux-libre-pae/PKGBUILD | 10 ++--- kernels/linux-libre-pae/linux-libre-pae.install | 6 +++ .../0001-quirk-asm_volatile_goto.patch | 51 ---------------------- kernels/linux-libre-xen/PKGBUILD | 13 ++---- kernels/linux-libre-xen/linux-libre-xen.install | 6 +++ 6 files changed, 19 insertions(+), 118 deletions(-) delete mode 100644 kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch delete mode 100644 kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch (limited to 'kernels') diff --git a/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch deleted file mode 100644 index c9ee40400..000000000 --- a/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch +++ /dev/null @@ -1,51 +0,0 @@ -From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001 -From: Steven Noonan -Date: Thu, 13 Feb 2014 07:01:07 +0000 -Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional - -I started noticing problems with KVM guest destruction on Linux -3.12+, where guest memory wasn't being cleaned up. I bisected it -down to the commit introducing the new 'asm goto'-based atomics, -and found this quirk was later applied to those. - -Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the -known 'asm goto' bug) I am still getting some kind of -miscompilation. If I enable the asm_volatile_goto quirk for my -compiler, KVM guests are destroyed correctly and the memory is -cleaned up. - -So make the quirk unconditional for now, until bug is found -and fixed. - -Suggested-by: Linus Torvalds -Signed-off-by: Steven Noonan -Cc: Peter Zijlstra -Cc: Steven Rostedt -Cc: Jakub Jelinek -Cc: Richard Henderson -Cc: Andrew Morton -Cc: Oleg Nesterov -Cc: -Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net -Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 -Signed-off-by: Ingo Molnar ---- -diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index ded4299..2507fd2 100644 ---- a/include/linux/compiler-gcc4.h -+++ b/include/linux/compiler-gcc4.h -@@ -75,11 +75,7 @@ - * - * (asm goto is automatically volatile - the naming reflects this.) - */ --#if GCC_VERSION <= 40801 --# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) --#else --# define asm_volatile_goto(x...) do { asm goto(x); } while (0) --#endif -+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) - - #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP - #if GCC_VERSION >= 40400 --- -cgit v0.9.2 diff --git a/kernels/linux-libre-pae/PKGBUILD b/kernels/linux-libre-pae/PKGBUILD index b34766072..986eedc2a 100644 --- a/kernels/linux-libre-pae/PKGBUILD +++ b/kernels/linux-libre-pae/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $ +# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $ # Contributor: Tobias Powalowski # Contributor: Thomas Baechler # Maintainer (Parabola): André Silva @@ -6,7 +6,7 @@ pkgbase=linux-libre-pae # Build stock -LIBRE-PAE kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.13 -pkgver=${_basekernel}.4 +pkgver=${_basekernel}.5 pkgrel=1 arch=('i686') url="http://linux-libre.fsfla.org/" @@ -30,10 +30,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch' '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch' '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch' - '0001-quirk-asm_volatile_goto.patch' 'i8042-fix-aliases.patch') md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' - '3659d30b1d06dd5b7874ae04c946863b' + '6e59a1e4b891ca5fa8b03d488fa64e04' '904835a7af0bc5e88007a94cad7c1d9c' 'f302c931bd85309da9d9792b4cc96467' '44260d2cb1a8b51c119d2ce1f83e457a' @@ -99,9 +98,6 @@ prepare() { # Fix i8042 aliases patch -p1 -i "${srcdir}/i8042-fix-aliases.patch" - # Fix compile issues - # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859 - patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch" cat "${srcdir}/config" > ./.config # simpler diff --git a/kernels/linux-libre-pae/linux-libre-pae.install b/kernels/linux-libre-pae/linux-libre-pae.install index 079d1b7ab..6241e6ea2 100644 --- a/kernels/linux-libre-pae/linux-libre-pae.install +++ b/kernels/linux-libre-pae/linux-libre-pae.install @@ -26,6 +26,12 @@ post_upgrade() { echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." mkinitcpio -p linux-libre${KERNEL_NAME} fi + + if [ $(vercmp $2 3.13) -lt 0 ]; then + echo ">>> WARNING: AT keyboard support is no longer built into the kernel." + echo ">>> In order to use your keyboard during early init, you MUST" + echo ">>> include the 'keyboard' hook in your mkinitcpio.conf." + fi } post_remove() { diff --git a/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch deleted file mode 100644 index c9ee40400..000000000 --- a/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch +++ /dev/null @@ -1,51 +0,0 @@ -From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001 -From: Steven Noonan -Date: Thu, 13 Feb 2014 07:01:07 +0000 -Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional - -I started noticing problems with KVM guest destruction on Linux -3.12+, where guest memory wasn't being cleaned up. I bisected it -down to the commit introducing the new 'asm goto'-based atomics, -and found this quirk was later applied to those. - -Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the -known 'asm goto' bug) I am still getting some kind of -miscompilation. If I enable the asm_volatile_goto quirk for my -compiler, KVM guests are destroyed correctly and the memory is -cleaned up. - -So make the quirk unconditional for now, until bug is found -and fixed. - -Suggested-by: Linus Torvalds -Signed-off-by: Steven Noonan -Cc: Peter Zijlstra -Cc: Steven Rostedt -Cc: Jakub Jelinek -Cc: Richard Henderson -Cc: Andrew Morton -Cc: Oleg Nesterov -Cc: -Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net -Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 -Signed-off-by: Ingo Molnar ---- -diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index ded4299..2507fd2 100644 ---- a/include/linux/compiler-gcc4.h -+++ b/include/linux/compiler-gcc4.h -@@ -75,11 +75,7 @@ - * - * (asm goto is automatically volatile - the naming reflects this.) - */ --#if GCC_VERSION <= 40801 --# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) --#else --# define asm_volatile_goto(x...) do { asm goto(x); } while (0) --#endif -+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) - - #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP - #if GCC_VERSION >= 40400 --- -cgit v0.9.2 diff --git a/kernels/linux-libre-xen/PKGBUILD b/kernels/linux-libre-xen/PKGBUILD index 82edc6e05..d5206f166 100644 --- a/kernels/linux-libre-xen/PKGBUILD +++ b/kernels/linux-libre-xen/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $ +# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $ # Contributor: Tobias Powalowski # Contributor: Thomas Baechler # Maintainer (Parabola): André Silva @@ -6,7 +6,7 @@ pkgbase=linux-libre-xen # Build stock -LIBRE-XEN kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.13 -pkgver=${_basekernel}.4 +pkgver=${_basekernel}.5 pkgrel=1 arch=('i686') url="http://linux-libre.fsfla.org/" @@ -30,10 +30,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch' '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch' '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch' - '0001-quirk-asm_volatile_goto.patch' 'i8042-fix-aliases.patch') md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' - '3659d30b1d06dd5b7874ae04c946863b' + '6e59a1e4b891ca5fa8b03d488fa64e04' 'be059d4c29dfd9ac55183133938e9242' 'b7c2805bb287a644c0a303bf7721e534' '44260d2cb1a8b51c119d2ce1f83e457a' @@ -47,8 +46,7 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' 'a724515b350b29c53f20e631c6cf9a14' '1ae4ec847f41fa1b6d488f956e94c893' 'e6fa278c092ad83780e2dd0568e24ca6' - '6baa312bc166681f48e972824f3f6649' - '93dbf73af819b77f03453a9c6de2bb47') + '6baa312bc166681f48e972824f3f6649') _kernelname=${pkgbase#linux-libre} _localversionname=-LIBRE-XEN @@ -99,9 +97,6 @@ prepare() { # Fix i8042 aliases patch -p1 -i "${srcdir}/i8042-fix-aliases.patch" - # Fix compile issues - # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859 - patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch" cat "${srcdir}/config" > ./.config # simpler diff --git a/kernels/linux-libre-xen/linux-libre-xen.install b/kernels/linux-libre-xen/linux-libre-xen.install index 0683dce3d..e8dc463b6 100644 --- a/kernels/linux-libre-xen/linux-libre-xen.install +++ b/kernels/linux-libre-xen/linux-libre-xen.install @@ -26,6 +26,12 @@ post_upgrade() { echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." mkinitcpio -p linux-libre${KERNEL_NAME} fi + + if [ $(vercmp $2 3.13) -lt 0 ]; then + echo ">>> WARNING: AT keyboard support is no longer built into the kernel." + echo ">>> In order to use your keyboard during early init, you MUST" + echo ">>> include the 'keyboard' hook in your mkinitcpio.conf." + fi } post_remove() { -- cgit v1.2.3 From 9976fa7126929479212ad9ba4c2eb182434c6b94 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 23 Feb 2014 21:57:48 -0200 Subject: linux-libre-grsec: add warning about missing keyboard support --- kernels/linux-libre-grsec/linux-libre-grsec.install | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'kernels') diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install index dfdf39530..68eb041c0 100644 --- a/kernels/linux-libre-grsec/linux-libre-grsec.install +++ b/kernels/linux-libre-grsec/linux-libre-grsec.install @@ -100,6 +100,12 @@ post_upgrade() { mkinitcpio -p linux-libre${KERNEL_NAME} fi + if [ $(vercmp $2 3.13) -lt 0 ]; then + echo ">>> WARNING: AT keyboard support is no longer built into the kernel." + echo ">>> In order to use your keyboard during early init, you MUST" + echo ">>> include the 'keyboard' hook in your mkinitcpio.conf." + fi + _add_groups _fix_permissions -- cgit v1.2.3 From 9a7ac1b1bf887565bda2d3da8a376a01add6784d Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 23 Feb 2014 22:01:25 -0200 Subject: linux-libre-knock: revert changes because knock patch is adapted for 3.12 kernel version only --- ...re-that-gss_auth-isn-t-freed-before-its-u.patch | 82 ------- .../0001-quirk-asm_volatile_goto.patch | 51 ---- ...te-a-new-dummy-pipe-for-gssd-to-hold-open.patch | 241 ------------------ ...use-gcc-alias-instead-of-assembler-aliase.patch | 68 ------ ...rect-invalid-use-of-user-timespec-in-the-.patch | 80 ++++++ ...ace-sunrpc_net-gssd_running-flag-with-a-m.patch | 143 ----------- ...f-gssd-is-running-before-attempting-to-us.patch | 50 ---- ...move-the-clntXX-dir-if-creating-the-pipe-.patch | 32 --- ...-add-an-info-file-for-the-dummy-gssd-pipe.patch | 100 -------- ...x-cleanup-of-dummy-gssd-directory-when-no.patch | 50 ---- kernels/linux-libre-knock/PKGBUILD | 269 ++++++++++----------- kernels/linux-libre-knock/config.i686 | 150 +++--------- kernels/linux-libre-knock/config.x86_64 | 156 +++--------- kernels/linux-libre-knock/criu-no-expert.patch | 13 +- kernels/linux-libre-knock/i8042-fix-aliases.patch | 113 --------- .../nfs-check-gssd-running-before-krb5i-auth.patch | 48 ++++ ...my-gssd-directory-when-notification-fails.patch | 50 ++++ ...the-clntXX-dir-if-creating-the-pipe-fails.patch | 32 +++ ...-add-an-info-file-for-the-dummy-gssd-pipe.patch | 96 ++++++++ ...te-a-new-dummy-pipe-for-gssd-to-hold-open.patch | 233 ++++++++++++++++++ ...ace-gssd_running-with-more-reliable-check.patch | 139 +++++++++++ 21 files changed, 890 insertions(+), 1306 deletions(-) delete mode 100644 kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch delete mode 100644 kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch delete mode 100644 kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch delete mode 100644 kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch create mode 100644 kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch delete mode 100644 kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch delete mode 100644 kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch delete mode 100644 kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch delete mode 100644 kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch delete mode 100644 kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch delete mode 100644 kernels/linux-libre-knock/i8042-fix-aliases.patch create mode 100644 kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch create mode 100644 kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch create mode 100644 kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch create mode 100644 kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch create mode 100644 kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch create mode 100644 kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch (limited to 'kernels') diff --git a/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch b/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch deleted file mode 100644 index 93803d2e6..000000000 --- a/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001 -From: Trond Myklebust -Date: Sun, 16 Feb 2014 12:14:13 -0500 -Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall - messages - -Fix a race in which the RPC client is shutting down while the -gss daemon is processing a downcall. If the RPC client manages to -shut down before the gss daemon is done, then the struct gss_auth -used in gss_release_msg() may have already been freed. - -Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com -Reported-by: John -Reported-by: Borislav Petkov -Cc: stable@vger.kernel.org # 3.12+ -Signed-off-by: Trond Myklebust ---- - net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 42fdfc6..a642fd616 100644 ---- a/net/sunrpc/auth_gss/auth_gss.c -+++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -108,6 +108,7 @@ struct gss_auth { - static DEFINE_SPINLOCK(pipe_version_lock); - static struct rpc_wait_queue pipe_version_rpc_waitqueue; - static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue); -+static void gss_put_auth(struct gss_auth *gss_auth); - - static void gss_free_ctx(struct gss_cl_ctx *); - static const struct rpc_pipe_ops gss_upcall_ops_v0; -@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg) - if (gss_msg->ctx != NULL) - gss_put_ctx(gss_msg->ctx); - rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue); -+ gss_put_auth(gss_msg->auth); - kfree(gss_msg); - } - -@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, - if (err) - goto err_free_msg; - }; -+ kref_get(&gss_auth->kref); - return gss_msg; - err_free_msg: - kfree(gss_msg); -@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref) - } - - static void -+gss_put_auth(struct gss_auth *gss_auth) -+{ -+ kref_put(&gss_auth->kref, gss_free_callback); -+} -+ -+static void - gss_destroy(struct rpc_auth *auth) - { - struct gss_auth *gss_auth = container_of(auth, -@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth) - gss_auth->gss_pipe[1] = NULL; - rpcauth_destroy_credcache(auth); - -- kref_put(&gss_auth->kref, gss_free_callback); -+ gss_put_auth(gss_auth); - } - - /* -@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred) - call_rcu(&cred->cr_rcu, gss_free_cred_callback); - if (ctx) - gss_put_ctx(ctx); -- kref_put(&gss_auth->kref, gss_free_callback); -+ gss_put_auth(gss_auth); - } - - static void --- -1.9.0 - diff --git a/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch deleted file mode 100644 index c9ee40400..000000000 --- a/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch +++ /dev/null @@ -1,51 +0,0 @@ -From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001 -From: Steven Noonan -Date: Thu, 13 Feb 2014 07:01:07 +0000 -Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional - -I started noticing problems with KVM guest destruction on Linux -3.12+, where guest memory wasn't being cleaned up. I bisected it -down to the commit introducing the new 'asm goto'-based atomics, -and found this quirk was later applied to those. - -Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the -known 'asm goto' bug) I am still getting some kind of -miscompilation. If I enable the asm_volatile_goto quirk for my -compiler, KVM guests are destroyed correctly and the memory is -cleaned up. - -So make the quirk unconditional for now, until bug is found -and fixed. - -Suggested-by: Linus Torvalds -Signed-off-by: Steven Noonan -Cc: Peter Zijlstra -Cc: Steven Rostedt -Cc: Jakub Jelinek -Cc: Richard Henderson -Cc: Andrew Morton -Cc: Oleg Nesterov -Cc: -Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net -Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 -Signed-off-by: Ingo Molnar ---- -diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index ded4299..2507fd2 100644 ---- a/include/linux/compiler-gcc4.h -+++ b/include/linux/compiler-gcc4.h -@@ -75,11 +75,7 @@ - * - * (asm goto is automatically volatile - the naming reflects this.) - */ --#if GCC_VERSION <= 40801 --# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) --#else --# define asm_volatile_goto(x...) do { asm goto(x); } while (0) --#endif -+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) - - #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP - #if GCC_VERSION >= 40400 --- -cgit v0.9.2 diff --git a/kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch deleted file mode 100644 index 2d398315e..000000000 --- a/kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Thu, 14 Nov 2013 07:25:17 -0500 -Subject: [PATCH 1/6] sunrpc: create a new dummy pipe for gssd to hold open - -rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows -up under rpc_pipefs. That behavior gives us a reliable mechanism to tell -whether it's actually running or not. - -Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted. -Under that directory create another directory called "clntXX", and then -within that a pipe called "gssd". - -We'll never send an upcall along that pipe, and any downcall written to -it will just return -EINVAL. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - include/linux/sunrpc/rpc_pipe_fs.h | 3 +- - net/sunrpc/netns.h | 1 + - net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++++-- - net/sunrpc/sunrpc_syms.c | 8 +++- - 4 files changed, 100 insertions(+), 5 deletions(-) - -diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h -index a353e03..85f1342 100644 ---- a/include/linux/sunrpc/rpc_pipe_fs.h -+++ b/include/linux/sunrpc/rpc_pipe_fs.h -@@ -84,7 +84,8 @@ enum { - - extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb, - const unsigned char *dir_name); --extern void rpc_pipefs_init_net(struct net *net); -+extern int rpc_pipefs_init_net(struct net *net); -+extern void rpc_pipefs_exit_net(struct net *net); - extern struct super_block *rpc_get_sb_net(const struct net *net); - extern void rpc_put_sb_net(const struct net *net); - -diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h -index 779742c..8a8e841 100644 ---- a/net/sunrpc/netns.h -+++ b/net/sunrpc/netns.h -@@ -14,6 +14,7 @@ struct sunrpc_net { - struct cache_detail *rsi_cache; - - struct super_block *pipefs_sb; -+ struct rpc_pipe *gssd_dummy; - struct mutex pipefs_sb_lock; - - struct list_head all_clients; -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index bf04b30..c23458b 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -38,7 +38,7 @@ - #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "") - - static struct file_system_type rpc_pipe_fs_type; -- -+static const struct rpc_pipe_ops gssd_dummy_pipe_ops; - - static struct kmem_cache *rpc_inode_cachep __read_mostly; - -@@ -1159,6 +1159,7 @@ enum { - RPCAUTH_nfsd4_cb, - RPCAUTH_cache, - RPCAUTH_nfsd, -+ RPCAUTH_gssd, - RPCAUTH_RootEOF - }; - -@@ -1195,6 +1196,10 @@ static const struct rpc_filelist files[] = { - .name = "nfsd", - .mode = S_IFDIR | S_IRUGO | S_IXUGO, - }, -+ [RPCAUTH_gssd] = { -+ .name = "gssd", -+ .mode = S_IFDIR | S_IRUGO | S_IXUGO, -+ }, - }; - - /* -@@ -1208,13 +1213,25 @@ struct dentry *rpc_d_lookup_sb(const struct super_block *sb, - } - EXPORT_SYMBOL_GPL(rpc_d_lookup_sb); - --void rpc_pipefs_init_net(struct net *net) -+int rpc_pipefs_init_net(struct net *net) - { - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - -+ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0); -+ if (IS_ERR(sn->gssd_dummy)) -+ return PTR_ERR(sn->gssd_dummy); -+ - mutex_init(&sn->pipefs_sb_lock); - sn->gssd_running = 1; - sn->pipe_version = -1; -+ return 0; -+} -+ -+void rpc_pipefs_exit_net(struct net *net) -+{ -+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); -+ -+ rpc_destroy_pipe_data(sn->gssd_dummy); - } - - /* -@@ -1244,11 +1261,73 @@ void rpc_put_sb_net(const struct net *net) - } - EXPORT_SYMBOL_GPL(rpc_put_sb_net); - -+static const struct rpc_filelist gssd_dummy_clnt_dir[] = { -+ [0] = { -+ .name = "clntXX", -+ .mode = S_IFDIR | S_IRUGO | S_IXUGO, -+ }, -+}; -+ -+static ssize_t -+dummy_downcall(struct file *filp, const char __user *src, size_t len) -+{ -+ return -EINVAL; -+} -+ -+static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { -+ .upcall = rpc_pipe_generic_upcall, -+ .downcall = dummy_downcall, -+}; -+ -+/** -+ * rpc_gssd_dummy_populate - create a dummy gssd pipe -+ * @root: root of the rpc_pipefs filesystem -+ * @pipe_data: pipe data created when netns is initialized -+ * -+ * Create a dummy set of directories and a pipe that gssd can hold open to -+ * indicate that it is up and running. -+ */ -+static struct dentry * -+rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) -+{ -+ int ret = 0; -+ struct dentry *gssd_dentry; -+ struct dentry *clnt_dentry = NULL; -+ struct dentry *pipe_dentry = NULL; -+ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name, -+ strlen(files[RPCAUTH_gssd].name)); -+ -+ /* We should never get this far if "gssd" doesn't exist */ -+ gssd_dentry = d_hash_and_lookup(root, &q); -+ if (!gssd_dentry) -+ return ERR_PTR(-ENOENT); -+ -+ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL); -+ if (ret) { -+ pipe_dentry = ERR_PTR(ret); -+ goto out; -+ } -+ -+ q.name = gssd_dummy_clnt_dir[0].name; -+ q.len = strlen(gssd_dummy_clnt_dir[0].name); -+ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q); -+ if (!clnt_dentry) { -+ pipe_dentry = ERR_PTR(-ENOENT); -+ goto out; -+ } -+ -+ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -+out: -+ dput(clnt_dentry); -+ dput(gssd_dentry); -+ return pipe_dentry; -+} -+ - static int - rpc_fill_super(struct super_block *sb, void *data, int silent) - { - struct inode *inode; -- struct dentry *root; -+ struct dentry *root, *gssd_dentry; - struct net *net = data; - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - int err; -@@ -1266,6 +1345,13 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) - return -ENOMEM; - if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL)) - return -ENOMEM; -+ -+ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy); -+ if (IS_ERR(gssd_dentry)) { -+ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF); -+ return PTR_ERR(gssd_dentry); -+ } -+ - dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n", - net, NET_NAME(net)); - mutex_lock(&sn->pipefs_sb_lock); -@@ -1280,6 +1366,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) - return 0; - - err_depopulate: -+ dput(gssd_dentry); - blocking_notifier_call_chain(&rpc_pipefs_notifier_list, - RPC_PIPEFS_UMOUNT, - sb); -diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c -index 3d6498a..cd30120 100644 ---- a/net/sunrpc/sunrpc_syms.c -+++ b/net/sunrpc/sunrpc_syms.c -@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(struct net *net) - if (err) - goto err_unixgid; - -- rpc_pipefs_init_net(net); -+ err = rpc_pipefs_init_net(net); -+ if (err) -+ goto err_pipefs; -+ - INIT_LIST_HEAD(&sn->all_clients); - spin_lock_init(&sn->rpc_client_lock); - spin_lock_init(&sn->rpcb_clnt_lock); - return 0; - -+err_pipefs: -+ unix_gid_cache_destroy(net); - err_unixgid: - ip_map_cache_destroy(net); - err_ipmap: -@@ -60,6 +65,7 @@ err_proc: - - static __net_exit void sunrpc_exit_net(struct net *net) - { -+ rpc_pipefs_exit_net(net); - unix_gid_cache_destroy(net); - ip_map_cache_destroy(net); - rpc_proc_exit(net); --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch b/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch deleted file mode 100644 index c4242e0ae..000000000 --- a/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 83460ec8dcac14142e7860a01fa59c267ac4657c Mon Sep 17 00:00:00 2001 -From: Andi Kleen -Date: Tue, 12 Nov 2013 15:08:36 -0800 -Subject: [PATCH] syscalls.h: use gcc alias instead of assembler aliases for - syscalls - -Use standard gcc __attribute__((alias(foo))) to define the syscall aliases -instead of custom assembler macros. - -This is far cleaner, and also fixes my LTO kernel build. - -Signed-off-by: Andi Kleen -Cc: Al Viro -Cc: Geert Uytterhoeven -Cc: Tetsuo Handa -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds ---- - include/linux/compat.h | 4 ++-- - include/linux/syscalls.h | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/linux/compat.h b/include/linux/compat.h -index 345da00..ada34c9 100644 ---- a/include/linux/compat.h -+++ b/include/linux/compat.h -@@ -41,14 +41,14 @@ - COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__) - - #define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ -- asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ -+ asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\ -+ __attribute__((alias(__stringify(compat_SyS##name)))); \ - static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ - asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));\ - asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\ - { \ - return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ - } \ -- SYSCALL_ALIAS(compat_sys##name, compat_SyS##name); \ - static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) - - #ifndef compat_user_stack_pointer -diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h -index 7fac04e..c27f846 100644 ---- a/include/linux/syscalls.h -+++ b/include/linux/syscalls.h -@@ -184,7 +184,8 @@ extern struct trace_event_functions exit_syscall_print_funcs; - - #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__) - #define __SYSCALL_DEFINEx(x, name, ...) \ -- asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ -+ asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ -+ __attribute__((alias(__stringify(SyS##name)))); \ - static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ - asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ - asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ -@@ -194,7 +195,6 @@ extern struct trace_event_functions exit_syscall_print_funcs; - __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ - return ret; \ - } \ -- SYSCALL_ALIAS(sys##name, SyS##name); \ - static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) - - asmlinkage long sys_time(time_t __user *tloc); --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch b/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch new file mode 100644 index 000000000..3f1bccc80 --- /dev/null +++ b/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch @@ -0,0 +1,80 @@ +From 2def2ef2ae5f3990aabdbe8a755911902707d268 Mon Sep 17 00:00:00 2001 +From: PaX Team +Date: Thu, 30 Jan 2014 16:59:25 -0800 +Subject: [PATCH] x86, x32: Correct invalid use of user timespec in the kernel + +The x32 case for the recvmsg() timout handling is broken: + + asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, + unsigned int vlen, unsigned int flags, + struct compat_timespec __user *timeout) + { + int datagrams; + struct timespec ktspec; + + if (flags & MSG_CMSG_COMPAT) + return -EINVAL; + + if (COMPAT_USE_64BIT_TIME) + return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, + flags | MSG_CMSG_COMPAT, + (struct timespec *) timeout); + ... + +The timeout pointer parameter is provided by userland (hence the __user +annotation) but for x32 syscalls it's simply cast to a kernel pointer +and is passed to __sys_recvmmsg which will eventually directly +dereference it for both reading and writing. Other callers to +__sys_recvmmsg properly copy from userland to the kernel first. + +The bug was introduced by commit ee4fa23c4bfc ("compat: Use +COMPAT_USE_64BIT_TIME in net/compat.c") and should affect all kernels +since 3.4 (and perhaps vendor kernels if they backported x32 support +along with this code). + +Note that CONFIG_X86_X32_ABI gets enabled at build time and only if +CONFIG_X86_X32 is enabled and ld can build x32 executables. + +Other uses of COMPAT_USE_64BIT_TIME seem fine. + +This addresses CVE-2014-0038. + +Signed-off-by: PaX Team +Signed-off-by: H. Peter Anvin +Cc: # v3.4+ +Signed-off-by: Linus Torvalds +--- + net/compat.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/net/compat.c b/net/compat.c +index dd32e34..f50161f 100644 +--- a/net/compat.c ++++ b/net/compat.c +@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, + if (flags & MSG_CMSG_COMPAT) + return -EINVAL; + +- if (COMPAT_USE_64BIT_TIME) +- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, +- flags | MSG_CMSG_COMPAT, +- (struct timespec *) timeout); +- + if (timeout == NULL) + return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, + flags | MSG_CMSG_COMPAT, NULL); + +- if (get_compat_timespec(&ktspec, timeout)) ++ if (compat_get_timespec(&ktspec, timeout)) + return -EFAULT; + + datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, + flags | MSG_CMSG_COMPAT, &ktspec); +- if (datagrams > 0 && put_compat_timespec(&ktspec, timeout)) ++ if (datagrams > 0 && compat_put_timespec(&ktspec, timeout)) + datagrams = -EFAULT; + + return datagrams; +-- +1.8.5.3 + diff --git a/kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch b/kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch deleted file mode 100644 index 19e04da5d..000000000 --- a/kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 89f842435c630f8426f414e6030bc2ffea0d6f81 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Thu, 14 Nov 2013 07:25:18 -0500 -Subject: [PATCH 2/6] sunrpc: replace sunrpc_net->gssd_running flag with a more - reliable check - -Now that we have a more reliable method to tell if gssd is running, we -can replace the sn->gssd_running flag with a function that will query to -see if it's up and running. - -There's also no need to attempt an upcall that we know will fail, so -just return -EACCES if gssd isn't running. Finally, fix the warn_gss() -message not to claim that that the upcall timed out since we don't -necesarily perform one now when gssd isn't running, and remove the -extraneous newline from the message. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - include/linux/sunrpc/rpc_pipe_fs.h | 2 ++ - net/sunrpc/auth_gss/auth_gss.c | 17 +++++++---------- - net/sunrpc/netns.h | 2 -- - net/sunrpc/rpc_pipe.c | 14 ++++++++++---- - 4 files changed, 19 insertions(+), 16 deletions(-) - -diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h -index 85f1342..7f490be 100644 ---- a/include/linux/sunrpc/rpc_pipe_fs.h -+++ b/include/linux/sunrpc/rpc_pipe_fs.h -@@ -131,5 +131,7 @@ extern int rpc_unlink(struct dentry *); - extern int register_rpc_pipefs(void); - extern void unregister_rpc_pipefs(void); - -+extern bool gssd_running(struct net *net); -+ - #endif - #endif -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 42fdfc6..0a2aee0 100644 ---- a/net/sunrpc/auth_gss/auth_gss.c -+++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -536,8 +536,7 @@ static void warn_gssd(void) - unsigned long now = jiffies; - - if (time_after(now, ratelimit)) { -- printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n" -- "Please check user daemon is running.\n"); -+ pr_warn("RPC: AUTH_GSS upcall failed. Please check user daemon is running.\n"); - ratelimit = now + 15*HZ; - } - } -@@ -600,7 +599,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) - struct rpc_pipe *pipe; - struct rpc_cred *cred = &gss_cred->gc_base; - struct gss_upcall_msg *gss_msg; -- unsigned long timeout; - DEFINE_WAIT(wait); - int err; - -@@ -608,17 +606,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) - __func__, from_kuid(&init_user_ns, cred->cr_uid)); - retry: - err = 0; -- /* Default timeout is 15s unless we know that gssd is not running */ -- timeout = 15 * HZ; -- if (!sn->gssd_running) -- timeout = HZ >> 2; -+ /* if gssd is down, just skip upcalling altogether */ -+ if (!gssd_running(net)) { -+ warn_gssd(); -+ return -EACCES; -+ } - gss_msg = gss_setup_upcall(gss_auth, cred); - if (PTR_ERR(gss_msg) == -EAGAIN) { - err = wait_event_interruptible_timeout(pipe_version_waitqueue, -- sn->pipe_version >= 0, timeout); -+ sn->pipe_version >= 0, 15 * HZ); - if (sn->pipe_version < 0) { -- if (err == 0) -- sn->gssd_running = 0; - warn_gssd(); - err = -EACCES; - } -diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h -index 8a8e841..94e506f 100644 ---- a/net/sunrpc/netns.h -+++ b/net/sunrpc/netns.h -@@ -33,8 +33,6 @@ struct sunrpc_net { - int pipe_version; - atomic_t pipe_users; - struct proc_dir_entry *use_gssp_proc; -- -- unsigned int gssd_running; - }; - - extern int sunrpc_net_id; -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index c23458b..5cd7ad1 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode) - static int - rpc_pipe_open(struct inode *inode, struct file *filp) - { -- struct net *net = inode->i_sb->s_fs_info; -- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - struct rpc_pipe *pipe; - int first_open; - int res = -ENXIO; - - mutex_lock(&inode->i_mutex); -- sn->gssd_running = 1; - pipe = RPC_I(inode)->pipe; - if (pipe == NULL) - goto out; -@@ -1222,7 +1219,6 @@ int rpc_pipefs_init_net(struct net *net) - return PTR_ERR(sn->gssd_dummy); - - mutex_init(&sn->pipefs_sb_lock); -- sn->gssd_running = 1; - sn->pipe_version = -1; - return 0; - } -@@ -1376,6 +1372,16 @@ err_depopulate: - return err; - } - -+bool -+gssd_running(struct net *net) -+{ -+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); -+ struct rpc_pipe *pipe = sn->gssd_dummy; -+ -+ return pipe->nreaders || pipe->nwriters; -+} -+EXPORT_SYMBOL_GPL(gssd_running); -+ - static struct dentry * - rpc_mount(struct file_system_type *fs_type, - int flags, const char *dev_name, void *data) --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch b/kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch deleted file mode 100644 index 87b54fc3e..000000000 --- a/kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 6aa23d76a7b549521a03b63b6d5b7880ea87eab7 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Thu, 14 Nov 2013 07:25:19 -0500 -Subject: [PATCH 3/6] nfs: check if gssd is running before attempting to use - krb5i auth in SETCLIENTID call - -Currently, the client will attempt to use krb5i in the SETCLIENTID call -even if rpc.gssd isn't running. When that fails, it'll then fall back to -RPC_AUTH_UNIX. This introduced a delay when mounting if rpc.gssd isn't -running, and causes warning messages to pop up in the ring buffer. - -Check to see if rpc.gssd is running before even attempting to use krb5i -auth, and just silently skip trying to do so if it isn't. In the event -that the admin is actually trying to mount with krb5*, it will still -fail at a later stage of the mount attempt. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - fs/nfs/nfs4client.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c -index b4a160a..c1b7a80 100644 ---- a/fs/nfs/nfs4client.c -+++ b/fs/nfs/nfs4client.c -@@ -10,6 +10,7 @@ - #include - #include - #include -+#include - #include "internal.h" - #include "callback.h" - #include "delegation.h" -@@ -370,7 +371,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, - __set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags); - __set_bit(NFS_CS_DISCRTRY, &clp->cl_flags); - __set_bit(NFS_CS_NO_RETRANS_TIMEOUT, &clp->cl_flags); -- error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I); -+ -+ error = -EINVAL; -+ if (gssd_running(clp->cl_net)) -+ error = nfs_create_rpc_client(clp, timeparms, -+ RPC_AUTH_GSS_KRB5I); - if (error == -EINVAL) - error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX); - if (error < 0) --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch b/kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch deleted file mode 100644 index 5f2c3dae8..000000000 --- a/kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3396f92f8be606ea485b0a82d4e7749a448b013b Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Thu, 5 Dec 2013 07:33:49 -0500 -Subject: [PATCH 4/6] rpc_pipe: remove the clntXX dir if creating the pipe - fails - -In the event that we create the gssd/clntXX dir, but the pipe creation -subsequently fails, then we should remove the clntXX dir before -returning. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - net/sunrpc/rpc_pipe.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 5cd7ad1..0b74c61 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -1313,6 +1313,8 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) - } - - pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -+ if (IS_ERR(pipe_dentry)) -+ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); - out: - dput(clnt_dentry); - dput(gssd_dentry); --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch deleted file mode 100644 index 8ef6fe25c..000000000 --- a/kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch +++ /dev/null @@ -1,100 +0,0 @@ -From e2f0c83a9de331d9352185ca3642616c13127539 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Thu, 5 Dec 2013 07:34:44 -0500 -Subject: [PATCH 5/6] sunrpc: add an "info" file for the dummy gssd pipe - -rpc.gssd expects to see an "info" file in each clntXX dir. Since adding -the dummy gssd pipe, users that run rpc.gssd see a lot of these messages -spamming the logs: - - rpc.gssd[508]: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory - rpc.gssd[508]: ERROR: failed to read service info - -Add a dummy gssd/clntXX/info file to help silence these messages. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 49 insertions(+), 1 deletion(-) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 0b74c61..5d973b2 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -17,6 +17,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -1275,6 +1276,44 @@ static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { - .downcall = dummy_downcall, - }; - -+/* -+ * Here we present a bogus "info" file to keep rpc.gssd happy. We don't expect -+ * that it will ever use this info to handle an upcall, but rpc.gssd expects -+ * that this file will be there and have a certain format. -+ */ -+static int -+rpc_show_dummy_info(struct seq_file *m, void *v) -+{ -+ seq_printf(m, "RPC server: %s\n", utsname()->nodename); -+ seq_printf(m, "service: foo (1) version 0\n"); -+ seq_printf(m, "address: 127.0.0.1\n"); -+ seq_printf(m, "protocol: tcp\n"); -+ seq_printf(m, "port: 0\n"); -+ return 0; -+} -+ -+static int -+rpc_dummy_info_open(struct inode *inode, struct file *file) -+{ -+ return single_open(file, rpc_show_dummy_info, NULL); -+} -+ -+static const struct file_operations rpc_dummy_info_operations = { -+ .owner = THIS_MODULE, -+ .open = rpc_dummy_info_open, -+ .read = seq_read, -+ .llseek = seq_lseek, -+ .release = single_release, -+}; -+ -+static const struct rpc_filelist gssd_dummy_info_file[] = { -+ [0] = { -+ .name = "info", -+ .i_fop = &rpc_dummy_info_operations, -+ .mode = S_IFREG | S_IRUSR, -+ }, -+}; -+ - /** - * rpc_gssd_dummy_populate - create a dummy gssd pipe - * @root: root of the rpc_pipefs filesystem -@@ -1312,9 +1351,18 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) - goto out; - } - -+ ret = rpc_populate(clnt_dentry, gssd_dummy_info_file, 0, 1, NULL); -+ if (ret) { -+ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); -+ pipe_dentry = ERR_PTR(ret); -+ goto out; -+ } -+ - pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -- if (IS_ERR(pipe_dentry)) -+ if (IS_ERR(pipe_dentry)) { -+ __rpc_depopulate(clnt_dentry, gssd_dummy_info_file, 0, 1); - __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); -+ } - out: - dput(clnt_dentry); - dput(gssd_dentry); --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch b/kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch deleted file mode 100644 index 75505c30d..000000000 --- a/kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 23e66ba97127ff3b064d4c6c5138aa34eafc492f Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Mon, 9 Dec 2013 09:38:00 -0500 -Subject: [PATCH 6/6] rpc_pipe: fix cleanup of dummy gssd directory when - notification fails - -Currently, it could leak dentry references in some cases. Make sure -we clean up properly. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - net/sunrpc/rpc_pipe.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 5d973b2..b185548 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -1369,6 +1369,18 @@ out: - return pipe_dentry; - } - -+static void -+rpc_gssd_dummy_depopulate(struct dentry *pipe_dentry) -+{ -+ struct dentry *clnt_dir = pipe_dentry->d_parent; -+ struct dentry *gssd_dir = clnt_dir->d_parent; -+ -+ __rpc_rmpipe(clnt_dir->d_inode, pipe_dentry); -+ __rpc_depopulate(clnt_dir, gssd_dummy_info_file, 0, 1); -+ __rpc_depopulate(gssd_dir, gssd_dummy_clnt_dir, 0, 1); -+ dput(pipe_dentry); -+} -+ - static int - rpc_fill_super(struct super_block *sb, void *data, int silent) - { -@@ -1412,7 +1424,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) - return 0; - - err_depopulate: -- dput(gssd_dentry); -+ rpc_gssd_dummy_depopulate(gssd_dentry); - blocking_notifier_call_chain(&rpc_pipefs_notifier_list, - RPC_PIPEFS_UMOUNT, - sb); --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/PKGBUILD b/kernels/linux-libre-knock/PKGBUILD index e20a9d8d4..0ca9167b8 100644 --- a/kernels/linux-libre-knock/PKGBUILD +++ b/kernels/linux-libre-knock/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $ +# $Id: PKGBUILD 204911 2014-01-31 09:59:51Z bluewind $ # Maintainer: Tobias Powalowski # Maintainer: Thomas Baechler # Maintainer (Parabola): André Silva @@ -9,12 +9,12 @@ pkgbase=linux-libre-knock # Build stock -LIBRE-KNOCK kernel #pkgbase=linux-libre-custom # Build kernel with a different name -_basekernel=3.13 -_sublevel=4 -_knockpatchver=3.12.4 +_basekernel=3.12 +_sublevel=9 +_knockpatchver=${_basekernel}.4 pkgver=${_basekernel}.${_sublevel} -pkgrel=1 -_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver +pkgrel=2 +_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -32,38 +32,32 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'boot-logo.patch' 'change-default-console-loglevel.patch' 'criu-no-expert.patch' - '0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch' - '0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch' - '0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch' - '0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch' - '0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' - '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch' - '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch' - '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch' - '0001-quirk-asm_volatile_goto.patch' - 'i8042-fix-aliases.patch' + 'sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch' + 'sunrpc-replace-gssd_running-with-more-reliable-check.patch' + 'nfs-check-gssd-running-before-krb5i-auth.patch' + 'rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch' + 'sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' + 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch' + '0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") -md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' - '3659d30b1d06dd5b7874ae04c946863b' +md5sums=('254f59707b6676b59ce5ca5c3c698319' + '348975e36e4dd27f5d8fc50e92de8922' '387673a6510de1e1bce8188fc7a72bd1' - 'b110edf627a7853cf4de27ea8e214001' - 'f932555dc3851fc6a722e0b1fb2da764' + '6eac169d20fd27b55815b0b2db4a473b' + 'f341bc4685a40dc409b144b0f44bb137' '18d660832d681a27084774222fc74c1d' '2967cecc3af9f954ccc822fd63dca6ff' '8267264d9a8966e57fdacd1fa1fc65c4' '44260d2cb1a8b51c119d2ce1f83e457a' '98beb36f9b8cf16e58de2483ea9985e3' - '989dc54ff8b179b0f80333cc97c0d43f' - 'dd2adb99cd3feed6f11022562901965c' - 'b00cc399d3797cb0793e18b5bf387a50' - '7cbd2349cdf046acc37b652c06ba36be' - '10dbaf863e22b2437e68f9190d65c861' - 'd5907a721b97299f0685c583499f7820' - 'a724515b350b29c53f20e631c6cf9a14' - '1ae4ec847f41fa1b6d488f956e94c893' - 'e6fa278c092ad83780e2dd0568e24ca6' - '6baa312bc166681f48e972824f3f6649' - '93dbf73af819b77f03453a9c6de2bb47' + 'd50c1ac47394e9aec637002ef3392bd1' + 'd4a75f77e6bd5d700dcd534cd5f0dfce' + 'dc86fdc37615c97f03c1e0c31b7b833a' + '88eef9d3b5012ef7e82af1af8cc4e517' + 'cec0bb8981936eab2943b2009b7a6fff' + '88d9cddf9e0050a76ec4674f264fb2a1' + 'cb9016630212ef07b168892fbcfd4e5d' + '336d2c4afd7ee5f2bdf0dcb1a54df4b2' '9cdff00e5aa53962869857d64a1ccf01') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. @@ -78,14 +72,17 @@ prepare() { cd "${srcdir}/linux-${_basekernel}" if [ "${_basekernel}" != "${pkgver}" ]; then - patch -p1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" + patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" fi # add knock patch patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff" # add freedo as boot logo - patch -p1 -i "${srcdir}/boot-logo.patch" + patch -Np1 -i "${srcdir}/boot-logo.patch" + + # fix issue on Hal8188EFWImg_CE.c deblobbed file + sed -i "\|DEBLOBBED| s|,||" drivers/staging/rtl8188eu/hal/Hal8188EFWImg_CE.c # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git @@ -93,47 +90,33 @@ prepare() { # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) - patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" + patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch" - # allow Checkpoint/restore (for criu) without EXPERT=y - patch -p1 -i "${srcdir}/criu-no-expert.patch" + # allow criu without expert option set + # patch from fedora + patch -Np1 -i "${srcdir}/criu-no-expert.patch" # fix 15 seconds nfs delay - # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 - patch -p1 -i "${srcdir}/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch" - # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=89f842435c630f8426f414e6030bc2ffea0d6f81 - patch -p1 -i "${srcdir}/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch" - # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=6aa23d76a7b549521a03b63b6d5b7880ea87eab7 - patch -p1 -i "${srcdir}/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch" - + patch -Np1 -i "${srcdir}/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch" + patch -Np1 -i "${srcdir}/sunrpc-replace-gssd_running-with-more-reliable-check.patch" + patch -Np1 -i "${srcdir}/nfs-check-gssd-running-before-krb5i-auth.patch" # fix nfs kernel oops - # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=3396f92f8be606ea485b0a82d4e7749a448b013b - patch -p1 -i "${srcdir}/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch" - # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=e2f0c83a9de331d9352185ca3642616c13127539 - patch -p1 -i "${srcdir}/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch" - # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f - patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch" - - # Fix FS#38921 - # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd - patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch" - - # Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c - patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch" - - # Fix i8042 aliases - patch -p1 -i "${srcdir}/i8042-fix-aliases.patch" - # Fix compile issues - # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859 - patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch" + # #37866 + patch -Np1 -i "${srcdir}/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch" + patch -Np1 -i "${srcdir}/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch" + + patch -Np1 -i "${srcdir}/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch" + + # Fix CVE-2014-0038 + patch -p1 -i "${srcdir}/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch" if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-knock|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ < "${srcdir}/lxo-config.patch" > lxo-config.patch msg2 "Adding loongson-community patches" - patch -p1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch - patch -p0 -i lxo-config.patch + patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch + patch -Np0 -i lxo-config.patch # ensure N32, add localversion, remove uevent helper as per # https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README @@ -159,6 +142,10 @@ prepare() { # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh +} + +build() { + cd "${srcdir}/linux-${_basekernel}" # get kernel version make prepare @@ -173,11 +160,21 @@ prepare() { # rewrite configuration yes "" | make config >/dev/null -} -build() { - cd "${srcdir}/linux-${_basekernel}" + # save configuration for later reuse + if [ "${CARCH}" = "x86_64" ]; then + cat .config > "${startdir}/config.x86_64.last" + else + cat .config > "${startdir}/config.i686.last" + fi + #################### + # stop here + # this is useful to configure the kernel + #msg "Stopping build"; return 1 + #################### + + # build! if [ "$CARCH" == "mips64el" ]; then # The build system passes it directly to linker, disable to avoid # having unknown -Wl,... options. @@ -224,9 +221,12 @@ _package() { cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}" cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}" else - cp arch/${KARCH}/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" + cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}" fi + # add vmlinux + install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux" + # set correct depmod command for install cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" true && install=${install}.pkg @@ -263,14 +263,10 @@ _package() { echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-KNOCK}/version" # Now we call depmod... - depmod -b "${pkgdir}" -F System.map "${_kernver}" + depmod -b "$pkgdir" -F System.map "$_kernver" # move module tree /lib -> /usr/lib - mkdir -p "${pkgdir}/usr" - mv "${pkgdir}/lib" "${pkgdir}/usr/" - - # add vmlinux - install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" + mv "$pkgdir/lib" "$pkgdir/usr" } _package-headers() { @@ -290,127 +286,130 @@ _package-headers() { install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" + cd "${pkgdir}/usr/lib/modules/${_kernver}" + ln -sf ../../../src/linux-${_kernver} build + cd "${srcdir}/linux-${_basekernel}" install -D -m644 Makefile \ - "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" + "${pkgdir}/usr/src/linux-${_kernver}/Makefile" install -D -m644 kernel/Makefile \ - "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" + "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile" install -D -m644 .config \ - "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" + "${pkgdir}/usr/src/linux-${_kernver}/.config" - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include" for i in acpi asm-generic config crypto drm generated keys linux math-emu \ media net pcmcia scsi sound trace uapi video xen; do - cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" + cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/" done # copy arch includes for external modules - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}" - cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}" + cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" # copy files necessary for later builds - cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" - cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}" + cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}" if [ "$CARCH" = "mips64el" ]; then - cp arch/${KARCH}/Kbuild "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" - cp -a arch/${KARCH}/loongson "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" - cp ${srcdir}/Kbuild.platforms "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/" fi # fix permissions on scripts dir - chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" + chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions" - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel" - cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" if [ "${CARCH}" = "i686" ]; then - cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" fi - cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/" # add headers for lirc package # pci for i in bt8xx cx88 saa7134; do - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}" - cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" + cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" done # usb for i in cpia2 em28xx pwc sn9c102; do - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}" - cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" + cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" done # i2c - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c" - cp drivers/media/i2c/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c" + cp drivers/media/i2c/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" for i in cx25840; do - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}" - cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" + cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" done # add docbook makefile install -D -m644 Documentation/DocBook/Makefile \ - "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" + "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" # add dm headers - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" - cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" # add inotify.h - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" - cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/" # add wireless headers - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" - cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" # add dvb headers for external modules # in reference to: # http://bugs.archlinux.org/task/9912 - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" - cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core" + cp drivers/media/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core/" # and... # http://bugs.archlinux.org/task/11194 - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" - cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new # in reference to: # http://bugs.archlinux.org/task/13146 - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" - cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" - cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" + cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" + cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" # add dvb headers # in reference to: # http://bugs.archlinux.org/task/20402 - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" - cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" - cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" - cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb" + cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends" + cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners" + cp drivers/media/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners/" # add xfs and shmem for aufs building - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" - cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm" + cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h" # copy in Kconfig files - for i in $(find . -name "Kconfig*"); do - mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` - cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" + for i in `find . -name "Kconfig*"`; do + mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}" done - chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" - find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; + chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}" + find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \; # strip scripts directory - find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do case "$(file -bi "${binary}")" in *application/x-sharedlib*) # Libraries (.so) /usr/bin/strip ${STRIP_SHARED} "${binary}";; @@ -422,11 +421,11 @@ _package-headers() { done # remove unneeded architectures - rm -rf "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} + rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} if [ "$CARCH" = "mips64el" ]; then - rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86 + rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86 else - rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/mips + rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips fi } @@ -438,13 +437,13 @@ _package-docs() { cd "${srcdir}/linux-${_basekernel}" - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" - cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}" + cp -al Documentation "${pkgdir}/usr/src/linux-${_kernver}" find "${pkgdir}" -type f -exec chmod 444 {} \; find "${pkgdir}" -type d -exec chmod 755 {} \; # remove a file already in linux package - rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" + rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" } pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") diff --git a/kernels/linux-libre-knock/config.i686 b/kernels/linux-libre-knock/config.i686 index 496c46fad..746c13fa7 100644 --- a/kernels/linux-libre-knock/config.i686 +++ b/kernels/linux-libre-knock/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.13.0 Kernel Configuration +# Linux/x86 3.12.7-1 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -38,6 +38,7 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_32_SMP=y CONFIG_X86_HT=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" +CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y @@ -74,6 +75,7 @@ CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y +CONFIG_AUDIT_LOGINUID_IMMUTABLE=y # # IRQ subsystem @@ -157,7 +159,7 @@ CONFIG_CFS_BANDWIDTH=y CONFIG_RT_GROUP_SCHED=y CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set -CONFIG_CHECKPOINT_RESTORE=y +# CONFIG_CHECKPOINT_RESTORE is not set CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y @@ -238,6 +240,7 @@ CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_ATTRS=y CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y @@ -271,7 +274,6 @@ CONFIG_HAVE_GENERIC_DMA_COHERENT=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -467,7 +469,6 @@ CONFIG_FRONTSWAP=y # CONFIG_CMA is not set CONFIG_ZBUD=y CONFIG_ZSWAP=y -CONFIG_MEM_SOFT_DIRTY=y # CONFIG_HIGHPTE is not set CONFIG_X86_CHECK_BIOS_CORRUPTION=y CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y @@ -525,13 +526,13 @@ CONFIG_PM_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y # CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_SLEEP_DEBUG=y -# CONFIG_DPM_WATCHDOG is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y # CONFIG_ACPI_PROCFS is not set +# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=m CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -546,6 +547,7 @@ CONFIG_ACPI_PROCESSOR_AGGREGATOR=m CONFIG_ACPI_THERMAL=m # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y +CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y CONFIG_X86_PM_TIMER=y @@ -560,7 +562,6 @@ CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=m CONFIG_ACPI_APEI_ERST_DEBUG=m -CONFIG_ACPI_EXTLOG=m CONFIG_SFI=y CONFIG_X86_APM_BOOT=y CONFIG_APM=y @@ -574,6 +575,7 @@ CONFIG_APM_DO_ENABLE=y # CPU Frequency scaling # CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_TABLE=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m CONFIG_CPU_FREQ_STAT_DETAILS=y @@ -674,7 +676,7 @@ CONFIG_OLPC_XO1_PM=y CONFIG_OLPC_XO1_RTC=y CONFIG_OLPC_XO1_SCI=y CONFIG_OLPC_XO15_SCI=y -CONFIG_ALIX=y +# CONFIG_ALIX is not set # CONFIG_NET5501 is not set # CONFIG_GEOS is not set CONFIG_AMD_NB=y @@ -806,6 +808,7 @@ CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_TCP_STEALTH=y CONFIG_IPV6=y +CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y @@ -819,7 +822,6 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m -CONFIG_IPV6_VTI=m CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y @@ -882,17 +884,6 @@ CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_SYNPROXY=m -CONFIG_NF_TABLES=m -CONFIG_NFT_EXTHDR=m -CONFIG_NFT_META=m -CONFIG_NFT_CT=m -CONFIG_NFT_RBTREE=m -CONFIG_NFT_HASH=m -CONFIG_NFT_COUNTER=m -CONFIG_NFT_LOG=m -CONFIG_NFT_LIMIT=m -CONFIG_NFT_NAT=m -CONFIG_NFT_COMPAT=m CONFIG_NETFILTER_XTABLES=m # @@ -986,9 +977,7 @@ CONFIG_IP_SET_HASH_IP=m CONFIG_IP_SET_HASH_IPPORT=m CONFIG_IP_SET_HASH_IPPORTIP=m CONFIG_IP_SET_HASH_IPPORTNET=m -CONFIG_IP_SET_HASH_NETPORTNET=m CONFIG_IP_SET_HASH_NET=m -CONFIG_IP_SET_HASH_NETNET=m CONFIG_IP_SET_HASH_NETPORT=m CONFIG_IP_SET_HASH_NETIFACE=m CONFIG_IP_SET_LIST_SET=m @@ -1039,11 +1028,6 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set -CONFIG_NF_TABLES_IPV4=m -CONFIG_NFT_REJECT_IPV4=m -CONFIG_NFT_CHAIN_ROUTE_IPV4=m -CONFIG_NFT_CHAIN_NAT_IPV4=m -CONFIG_NF_TABLES_ARP=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m @@ -1076,9 +1060,6 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m -CONFIG_NF_TABLES_IPV6=m -CONFIG_NFT_CHAIN_ROUTE_IPV6=m -CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1099,7 +1080,6 @@ CONFIG_IP6_NF_SECURITY=m CONFIG_NF_NAT_IPV6=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m -CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1236,7 +1216,6 @@ CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=y -CONFIG_NET_CLS_BPF=m # CONFIG_NET_EMATCH is not set CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=m @@ -1266,7 +1245,6 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_NET_MPLS_GSO=m -CONFIG_HSR=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1434,7 +1412,6 @@ CONFIG_WIMAX_DEBUG_LEVEL=8 CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y CONFIG_RFKILL_INPUT=y -CONFIG_RFKILL_GPIO=m CONFIG_NET_9P=m CONFIG_NET_9P_VIRTIO=m # CONFIG_NET_9P_DEBUG is not set @@ -1446,7 +1423,6 @@ CONFIG_CEPH_LIB=m # CONFIG_CEPH_LIB_PRETTYDEBUG is not set # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set CONFIG_NFC=m -CONFIG_NFC_DIGITAL=m CONFIG_NFC_NCI=m # CONFIG_NFC_NCI_SPI is not set CONFIG_NFC_HCI=m @@ -1459,7 +1435,6 @@ CONFIG_NFC_PN533=m CONFIG_NFC_WILINK=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_SIM=m -CONFIG_NFC_PORT100=m CONFIG_NFC_PN544=m CONFIG_NFC_PN544_MEI=m CONFIG_NFC_MICROREAD=m @@ -1622,7 +1597,6 @@ CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y CONFIG_OF_MTD=y CONFIG_PARPORT=m -CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -1642,10 +1616,10 @@ CONFIG_ISAPNP=y # CONFIG_PNPBIOS is not set CONFIG_PNPACPI=y CONFIG_BLK_DEV=y -# CONFIG_BLK_DEV_NULL_BLK is not set CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m +CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m # CONFIG_CISS_SCSI_TAPE is not set CONFIG_BLK_DEV_DAC960=m @@ -1740,14 +1714,6 @@ CONFIG_ALTERA_STAPL=m CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_VMWARE_VMCI=m - -# -# Intel MIC Host Driver -# - -# -# Intel MIC Card Driver -# CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -2039,6 +2005,7 @@ CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m CONFIG_BCACHE=m # CONFIG_BCACHE_DEBUG is not set +# CONFIG_BCACHE_EDEBUG is not set # CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set @@ -2053,8 +2020,8 @@ CONFIG_DM_CACHE=m CONFIG_DM_CACHE_MQ=m CONFIG_DM_CACHE_CLEANER=m CONFIG_DM_MIRROR=m -CONFIG_DM_LOG_USERSPACE=m CONFIG_DM_RAID=m +CONFIG_DM_LOG_USERSPACE=m CONFIG_DM_ZERO=m CONFIG_DM_MULTIPATH=m CONFIG_DM_MULTIPATH_QL=m @@ -2449,7 +2416,6 @@ CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m -CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m @@ -2534,8 +2500,6 @@ CONFIG_ATH10K_PCI=m # CONFIG_ATH10K_DEBUG is not set CONFIG_ATH10K_DEBUGFS=y # CONFIG_ATH10K_TRACING is not set -CONFIG_WCN36XX=m -# CONFIG_WCN36XX_DEBUGFS is not set CONFIG_B43=m CONFIG_B43_BCMA=y CONFIG_B43_SSB=y @@ -2636,7 +2600,6 @@ CONFIG_RT2800USB_RT53XX=y CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m -CONFIG_RT2800_LIB_MMIO=m CONFIG_RT2X00_LIB_MMIO=m CONFIG_RT2X00_LIB_PCI=m CONFIG_RT2X00_LIB_USB=m @@ -2850,7 +2813,7 @@ CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces # -CONFIG_INPUT_MOUSEDEV=m +CONFIG_INPUT_MOUSEDEV=y CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 @@ -2864,7 +2827,7 @@ CONFIG_INPUT_EVDEV=m CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ADP5588=m CONFIG_KEYBOARD_ADP5589=m -CONFIG_KEYBOARD_ATKBD=m +CONFIG_KEYBOARD_ATKBD=y CONFIG_KEYBOARD_QT1070=m CONFIG_KEYBOARD_QT2160=m # CONFIG_KEYBOARD_LKKBD is not set @@ -2895,7 +2858,7 @@ CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_MOUSE_PS2_SENTELIC=y # CONFIG_MOUSE_PS2_TOUCHKIT is not set CONFIG_MOUSE_PS2_OLPC=y -CONFIG_MOUSE_SERIAL=m +CONFIG_MOUSE_SERIAL=y CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m @@ -3014,9 +2977,7 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m # CONFIG_TOUCHSCREEN_TSC2005 is not set CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_ST1232=m -CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_TPS6507X=m -CONFIG_TOUCHSCREEN_ZFORCE=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m @@ -3042,6 +3003,7 @@ CONFIG_INPUT_RETU_PWRBUTTON=m CONFIG_INPUT_UINPUT=m CONFIG_INPUT_PCF50633_PMU=m CONFIG_INPUT_PCF8574=m +# CONFIG_INPUT_PWM_BEEPER is not set CONFIG_INPUT_GPIO_ROTARY_ENCODER=m CONFIG_INPUT_ADXL34X=m CONFIG_INPUT_ADXL34X_I2C=m @@ -3054,20 +3016,19 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # # Hardware I/O ports # -CONFIG_SERIO=m -CONFIG_SERIO_I8042=m +CONFIG_SERIO=y +CONFIG_SERIO_I8042=y CONFIG_SERIO_SERPORT=m CONFIG_SERIO_CT82C710=m CONFIG_SERIO_PARKBD=m CONFIG_SERIO_PCIPS2=m -CONFIG_SERIO_LIBPS2=m +CONFIG_SERIO_LIBPS2=y CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m CONFIG_SERIO_ARC_PS2=m CONFIG_SERIO_APBPS2=m CONFIG_SERIO_OLPC_APSP=m -CONFIG_HYPERV_KEYBOARD=m CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -3144,6 +3105,7 @@ CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m +CONFIG_SERIAL_ST_ASC=m CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m @@ -3182,13 +3144,10 @@ CONFIG_NSC_GPIO=m # CONFIG_RAW_DRIVER is not set CONFIG_HPET=y CONFIG_HPET_MMAP=y -CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m -CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m -CONFIG_TCG_TIS_I2C_NUVOTON=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m @@ -3290,6 +3249,7 @@ CONFIG_SPI_MASTER=y # CONFIG_SPI_GPIO is not set # CONFIG_SPI_LM70_LLP is not set # CONFIG_SPI_FSL_SPI is not set +# CONFIG_SPI_FSL_DSPI is not set # CONFIG_SPI_OC_TINY is not set # CONFIG_SPI_PXA2XX is not set # CONFIG_SPI_PXA2XX_PCI is not set @@ -3331,8 +3291,8 @@ CONFIG_PTP_1588_CLOCK=m CONFIG_DP83640_PHY=m CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y -CONFIG_GPIOLIB=y CONFIG_GPIO_DEVRES=y +CONFIG_GPIOLIB=y CONFIG_OF_GPIO=y CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set @@ -3367,7 +3327,7 @@ CONFIG_GPIO_ARIZONA=m # CONFIG_GPIO_CS5535=y CONFIG_GPIO_AMD8111=m -# CONFIG_GPIO_INTEL_MID is not set +# CONFIG_GPIO_LANGWELL is not set # CONFIG_GPIO_PCH is not set # CONFIG_GPIO_ML_IOH is not set # CONFIG_GPIO_SODAVILLE is not set @@ -3384,7 +3344,7 @@ CONFIG_GPIO_AMD8111=m # # AC97 GPIO expanders: # -CONFIG_GPIO_UCB1400=m +CONFIG_GPIO_UCB1400=y # # LPC GPIO expanders: @@ -3393,7 +3353,6 @@ CONFIG_GPIO_UCB1400=m # # MODULbus GPIO expanders: # -# CONFIG_GPIO_BCM_KONA is not set # # USB GPIO expanders: @@ -3419,7 +3378,6 @@ CONFIG_BATTERY_OLPC=m # CONFIG_CHARGER_GPIO is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_BQ24190 is not set -CONFIG_CHARGER_BQ24735=m # CONFIG_CHARGER_SMB347 is not set CONFIG_POWER_RESET=y CONFIG_POWER_RESET_GPIO=y @@ -4151,7 +4109,7 @@ CONFIG_VIDEO_UPD64031A=m CONFIG_VIDEO_UPD64083=m # -# Miscellaneous helper chips +# Miscelaneous helper chips # CONFIG_VIDEO_M52790=m @@ -4227,7 +4185,6 @@ CONFIG_DVB_TUNER_CX24113=m CONFIG_DVB_TDA826X=m CONFIG_DVB_TUA6100=m CONFIG_DVB_CX24116=m -CONFIG_DVB_CX24117=m CONFIG_DVB_SI21XX=m CONFIG_DVB_TS2020=m CONFIG_DVB_DS3000=m @@ -4339,7 +4296,6 @@ CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_USB=m CONFIG_DRM_KMS_HELPER=m -CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_LOAD_EDID_FIRMWARE=y CONFIG_DRM_TTM=m @@ -4359,7 +4315,6 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y -CONFIG_DRM_I915_FBDEV=y # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_MGA=m CONFIG_DRM_SIS=m @@ -4478,7 +4433,7 @@ CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m -CONFIG_BACKLIGHT_LM3630A=m +# CONFIG_BACKLIGHT_LM3630 is not set # CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -4697,7 +4652,6 @@ CONFIG_SND_USB_6FIRE=m CONFIG_SND_USB_HIFACE=m CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m -CONFIG_SND_DICE=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m @@ -4775,7 +4729,6 @@ CONFIG_HID_ROCCAT=m CONFIG_HID_SAITEK=m CONFIG_HID_SAMSUNG=m CONFIG_HID_SONY=m -CONFIG_SONY_FF=y CONFIG_HID_SPEEDLINK=m CONFIG_HID_STEELSERIES=m CONFIG_HID_SUNPLUS=m @@ -5008,6 +4961,7 @@ CONFIG_USB_XUSBATM=m # CONFIG_USB_PHY=y CONFIG_NOP_USB_XCEIV=m +# CONFIG_AM335X_PHY_USB is not set CONFIG_SAMSUNG_USBPHY=m CONFIG_SAMSUNG_USB2PHY=m CONFIG_SAMSUNG_USB3PHY=m @@ -5050,7 +5004,6 @@ CONFIG_USB_F_NCM=m CONFIG_USB_F_ECM=m CONFIG_USB_F_SUBSET=m CONFIG_USB_F_RNDIS=m -CONFIG_USB_F_MASS_STORAGE=m # CONFIG_USB_CONFIGFS is not set # CONFIG_USB_ZERO is not set CONFIG_USB_AUDIO=m @@ -5150,7 +5103,6 @@ CONFIG_LEDS_LP5562=m CONFIG_LEDS_CLEVO_MAIL=m CONFIG_LEDS_PCA955X=m # CONFIG_LEDS_PCA963X is not set -CONFIG_LEDS_PCA9685=m # CONFIG_LEDS_DAC124S085 is not set # CONFIG_LEDS_PWM is not set CONFIG_LEDS_BD2802=m @@ -5312,7 +5264,6 @@ CONFIG_DMA_OF=y # CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set -CONFIG_DMA_ENGINE_RAID=y CONFIG_DCA=m CONFIG_AUXDISPLAY=y CONFIG_KS0108=m @@ -5613,6 +5564,7 @@ CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m CONFIG_ASUS_LAPTOP=m +CONFIG_CHROMEOS_LAPTOP=m CONFIG_DELL_LAPTOP=m CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m @@ -5660,8 +5612,6 @@ CONFIG_APPLE_GMUX=m CONFIG_INTEL_RST=y CONFIG_INTEL_SMARTCONNECT=y CONFIG_PVPANIC=m -CONFIG_CHROME_PLATFORMS=y -CONFIG_CHROMEOS_LAPTOP=m # # Hardware Spinlock drivers @@ -5714,15 +5664,6 @@ CONFIG_FMC_TRIVIAL=m CONFIG_FMC_WRITE_EEPROM=m CONFIG_FMC_CHARDEV=m -# -# PHY Subsystem -# -CONFIG_GENERIC_PHY=m -CONFIG_PHY_EXYNOS_MIPI_VIDEO=m -CONFIG_PHY_EXYNOS_DP_VIDEO=m -CONFIG_POWERCAP=y -CONFIG_INTEL_RAPL=m - # # Firmware Drivers # @@ -5741,7 +5682,6 @@ CONFIG_ISCSI_IBFT=m # EFI (Extensible Firmware Interface) Support # # CONFIG_EFI_VARS is not set -CONFIG_UEFI_CPER=y # # File systems @@ -5887,11 +5827,6 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_LOGFS=m CONFIG_CRAMFS=m CONFIG_SQUASHFS=m -# CONFIG_SQUASHFS_FILE_CACHE is not set -CONFIG_SQUASHFS_FILE_DIRECT=y -# CONFIG_SQUASHFS_DECOMP_SINGLE is not set -# CONFIG_SQUASHFS_DECOMP_MULTI is not set -CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZO=y @@ -5921,7 +5856,6 @@ CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y -CONFIG_F2FS_CHECK_FS=y CONFIG_EFIVAR_FS=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y @@ -5937,7 +5871,6 @@ CONFIG_PNFS_FILE_LAYOUT=m CONFIG_PNFS_BLOCK=m CONFIG_PNFS_OBJLAYOUT=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org" -CONFIG_NFS_V4_1_MIGRATION=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set @@ -6075,7 +6008,6 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y -CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 CONFIG_DEBUG_KERNEL=y # @@ -6212,7 +6144,6 @@ CONFIG_LKDTM=m # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_RBTREE_TEST is not set # CONFIG_INTERVAL_TREE_TEST is not set -CONFIG_PERCPU_TEST=m # CONFIG_ATOMIC64_SELFTEST is not set CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_STRING_HELPERS is not set @@ -6227,7 +6158,6 @@ CONFIG_STRICT_DEVMEM=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set -CONFIG_EARLY_PRINTK_EFI=y # CONFIG_X86_PTDUMP is not set CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_RODATA_TEST is not set @@ -6257,8 +6187,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0 # Security options # CONFIG_KEYS=y -CONFIG_PERSISTENT_KEYRINGS=y -CONFIG_BIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEYS_DEBUG_PROC_KEYS is not set @@ -6269,16 +6197,8 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_SECURITY_SELINUX=y -CONFIG_SECURITY_SELINUX_BOOTPARAM=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 -# CONFIG_SECURITY_SELINUX_DISABLE is not set -CONFIG_SECURITY_SELINUX_DEVELOP=y -CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 -# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set -CONFIG_SECURITY_SMACK=y +# CONFIG_SECURITY_SELINUX is not set +# CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 @@ -6291,8 +6211,6 @@ CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_YAMA_STACKED=y # CONFIG_IMA is not set -# CONFIG_DEFAULT_SECURITY_SELINUX is not set -# CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set # CONFIG_DEFAULT_SECURITY_YAMA is not set @@ -6332,7 +6250,7 @@ CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m -CONFIG_CRYPTO_ABLK_HELPER=m +CONFIG_CRYPTO_ABLK_HELPER_X86=m CONFIG_CRYPTO_GLUE_HELPER_X86=m # @@ -6426,7 +6344,6 @@ CONFIG_CRYPTO_ANSI_CPRNG=m CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m -CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m @@ -6447,7 +6364,6 @@ CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y -CONFIG_KVM_VFIO=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -6484,7 +6400,6 @@ CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m CONFIG_AUDIT_GENERIC=y -# CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y @@ -6518,7 +6433,6 @@ CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y -CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y diff --git a/kernels/linux-libre-knock/config.x86_64 b/kernels/linux-libre-knock/config.x86_64 index 9152ab01a..0d06a2842 100644 --- a/kernels/linux-libre-knock/config.x86_64 +++ b/kernels/linux-libre-knock/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.13.0 Kernel Configuration +# Linux/x86 3.12.7-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -39,6 +39,7 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y CONFIG_X86_HT=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" +CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y @@ -75,6 +76,7 @@ CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y +CONFIG_AUDIT_LOGINUID_IMMUTABLE=y # # IRQ subsystem @@ -141,7 +143,6 @@ CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=19 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y -CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y CONFIG_ARCH_USES_NUMA_PROT_NONE=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y @@ -246,6 +247,7 @@ CONFIG_HAVE_OPTPROBES=y CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_ATTRS=y +CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y @@ -265,12 +267,10 @@ CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_CONTEXT_TRACKING=y -CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_HAVE_ARCH_SOFT_DIRTY=y CONFIG_MODULES_USE_ELF_RELA=y -CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y CONFIG_OLD_SIGSUSPEND3=y CONFIG_COMPAT_OLD_SIGACTION=y @@ -282,7 +282,6 @@ CONFIG_COMPAT_OLD_SIGACTION=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -451,7 +450,6 @@ CONFIG_MEMORY_HOTPLUG_SPARSE=y CONFIG_MEMORY_HOTREMOVE=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 -CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y CONFIG_MIGRATION=y @@ -532,13 +530,13 @@ CONFIG_PM_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y # CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_SLEEP_DEBUG=y -# CONFIG_DPM_WATCHDOG is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y # CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y # CONFIG_ACPI_PROCFS is not set +# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=m CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -554,6 +552,7 @@ CONFIG_ACPI_THERMAL=m CONFIG_ACPI_NUMA=y # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y +CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y CONFIG_X86_PM_TIMER=y @@ -569,13 +568,13 @@ CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=m CONFIG_ACPI_APEI_ERST_DEBUG=m -CONFIG_ACPI_EXTLOG=m CONFIG_SFI=y # # CPU Frequency scaling # CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_TABLE=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m CONFIG_CPU_FREQ_STAT_DETAILS=y @@ -789,6 +788,7 @@ CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_TCP_STEALTH=y CONFIG_IPV6=y +CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y @@ -802,7 +802,6 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m -CONFIG_IPV6_VTI=m CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y @@ -865,17 +864,6 @@ CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_SYNPROXY=m -CONFIG_NF_TABLES=m -CONFIG_NFT_EXTHDR=m -CONFIG_NFT_META=m -CONFIG_NFT_CT=m -CONFIG_NFT_RBTREE=m -CONFIG_NFT_HASH=m -CONFIG_NFT_COUNTER=m -CONFIG_NFT_LOG=m -CONFIG_NFT_LIMIT=m -CONFIG_NFT_NAT=m -CONFIG_NFT_COMPAT=m CONFIG_NETFILTER_XTABLES=m # @@ -969,9 +957,7 @@ CONFIG_IP_SET_HASH_IP=m CONFIG_IP_SET_HASH_IPPORT=m CONFIG_IP_SET_HASH_IPPORTIP=m CONFIG_IP_SET_HASH_IPPORTNET=m -CONFIG_IP_SET_HASH_NETPORTNET=m CONFIG_IP_SET_HASH_NET=m -CONFIG_IP_SET_HASH_NETNET=m CONFIG_IP_SET_HASH_NETPORT=m CONFIG_IP_SET_HASH_NETIFACE=m CONFIG_IP_SET_LIST_SET=m @@ -1022,11 +1008,6 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set -CONFIG_NF_TABLES_IPV4=m -CONFIG_NFT_REJECT_IPV4=m -CONFIG_NFT_CHAIN_ROUTE_IPV4=m -CONFIG_NFT_CHAIN_NAT_IPV4=m -CONFIG_NF_TABLES_ARP=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m @@ -1059,9 +1040,6 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m -CONFIG_NF_TABLES_IPV6=m -CONFIG_NFT_CHAIN_ROUTE_IPV6=m -CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1082,7 +1060,6 @@ CONFIG_IP6_NF_SECURITY=m CONFIG_NF_NAT_IPV6=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m -CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1215,7 +1192,6 @@ CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=y -CONFIG_NET_CLS_BPF=m # CONFIG_NET_EMATCH is not set CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=m @@ -1245,7 +1221,6 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_NET_MPLS_GSO=m -CONFIG_HSR=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1409,7 +1384,6 @@ CONFIG_WIMAX_DEBUG_LEVEL=8 CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y CONFIG_RFKILL_INPUT=y -CONFIG_RFKILL_GPIO=m CONFIG_NET_9P=m CONFIG_NET_9P_VIRTIO=m # CONFIG_NET_9P_DEBUG is not set @@ -1421,7 +1395,6 @@ CONFIG_CEPH_LIB=m # CONFIG_CEPH_LIB_PRETTYDEBUG is not set # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set CONFIG_NFC=m -CONFIG_NFC_DIGITAL=m CONFIG_NFC_NCI=m # CONFIG_NFC_NCI_SPI is not set CONFIG_NFC_HCI=m @@ -1434,7 +1407,6 @@ CONFIG_NFC_PN533=m CONFIG_NFC_WILINK=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_SIM=m -CONFIG_NFC_PORT100=m CONFIG_NFC_PN544=m CONFIG_NFC_PN544_MEI=m CONFIG_NFC_MICROREAD=m @@ -1581,7 +1553,6 @@ CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set CONFIG_PARPORT=m -CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -1599,10 +1570,10 @@ CONFIG_PNP=y # CONFIG_PNPACPI=y CONFIG_BLK_DEV=y -# CONFIG_BLK_DEV_NULL_BLK is not set CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m +CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m # CONFIG_CISS_SCSI_TAPE is not set CONFIG_BLK_DEV_DAC960=m @@ -1615,7 +1586,6 @@ CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_NVME=m -CONFIG_BLK_DEV_SKD=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m CONFIG_BLK_DEV_RAM=m @@ -1700,16 +1670,6 @@ CONFIG_ALTERA_STAPL=m CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_VMWARE_VMCI=m - -# -# Intel MIC Host Driver -# -CONFIG_INTEL_MIC_HOST=m - -# -# Intel MIC Card Driver -# -CONFIG_INTEL_MIC_CARD=m CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -1977,6 +1937,7 @@ CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m CONFIG_BCACHE=m # CONFIG_BCACHE_DEBUG is not set +# CONFIG_BCACHE_EDEBUG is not set # CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set @@ -1991,8 +1952,8 @@ CONFIG_DM_CACHE=m CONFIG_DM_CACHE_MQ=m CONFIG_DM_CACHE_CLEANER=m CONFIG_DM_MIRROR=m -CONFIG_DM_LOG_USERSPACE=m CONFIG_DM_RAID=m +CONFIG_DM_LOG_USERSPACE=m CONFIG_DM_ZERO=m CONFIG_DM_MULTIPATH=m CONFIG_DM_MULTIPATH_QL=m @@ -2373,7 +2334,6 @@ CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m -CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m @@ -2458,8 +2418,6 @@ CONFIG_ATH10K_PCI=m # CONFIG_ATH10K_DEBUG is not set CONFIG_ATH10K_DEBUGFS=y # CONFIG_ATH10K_TRACING is not set -CONFIG_WCN36XX=m -# CONFIG_WCN36XX_DEBUGFS is not set CONFIG_B43=m CONFIG_B43_BCMA=y CONFIG_B43_SSB=y @@ -2560,7 +2518,6 @@ CONFIG_RT2800USB_RT53XX=y CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m -CONFIG_RT2800_LIB_MMIO=m CONFIG_RT2X00_LIB_MMIO=m CONFIG_RT2X00_LIB_PCI=m CONFIG_RT2X00_LIB_USB=m @@ -2760,7 +2717,7 @@ CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces # -CONFIG_INPUT_MOUSEDEV=m +CONFIG_INPUT_MOUSEDEV=y CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 @@ -2774,7 +2731,7 @@ CONFIG_INPUT_EVDEV=m CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ADP5588=m CONFIG_KEYBOARD_ADP5589=m -CONFIG_KEYBOARD_ATKBD=m +CONFIG_KEYBOARD_ATKBD=y CONFIG_KEYBOARD_QT1070=m CONFIG_KEYBOARD_QT2160=m # CONFIG_KEYBOARD_LKKBD is not set @@ -2803,8 +2760,8 @@ CONFIG_MOUSE_PS2_LIFEBOOK=y CONFIG_MOUSE_PS2_TRACKPOINT=y CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_MOUSE_PS2_SENTELIC=y -CONFIG_MOUSE_PS2_TOUCHKIT=y -CONFIG_MOUSE_SERIAL=m +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_SERIAL=y CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m @@ -2917,9 +2874,7 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m # CONFIG_TOUCHSCREEN_TSC2005 is not set CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_ST1232=m -CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_TPS6507X=m -CONFIG_TOUCHSCREEN_ZFORCE=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m @@ -2957,18 +2912,17 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # # Hardware I/O ports # -CONFIG_SERIO=m -CONFIG_SERIO_I8042=m +CONFIG_SERIO=y +CONFIG_SERIO_I8042=y CONFIG_SERIO_SERPORT=m CONFIG_SERIO_CT82C710=m CONFIG_SERIO_PARKBD=m CONFIG_SERIO_PCIPS2=m -CONFIG_SERIO_LIBPS2=m +CONFIG_SERIO_LIBPS2=y CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m CONFIG_SERIO_ARC_PS2=m -CONFIG_HYPERV_KEYBOARD=m CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -3043,6 +2997,7 @@ CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m +CONFIG_SERIAL_ST_ASC=m CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m @@ -3079,13 +3034,10 @@ CONFIG_MWAVE=m # CONFIG_RAW_DRIVER is not set CONFIG_HPET=y CONFIG_HPET_MMAP=y -CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m -CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m -CONFIG_TCG_TIS_I2C_NUVOTON=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m @@ -3183,6 +3135,7 @@ CONFIG_SPI_MASTER=y # CONFIG_SPI_BUTTERFLY is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_LM70_LLP is not set +# CONFIG_SPI_FSL_DSPI is not set # CONFIG_SPI_OC_TINY is not set CONFIG_SPI_PXA2XX_DMA=y CONFIG_SPI_PXA2XX=m @@ -3225,8 +3178,8 @@ CONFIG_PTP_1588_CLOCK=m CONFIG_DP83640_PHY=m CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y -CONFIG_GPIOLIB=y CONFIG_GPIO_DEVRES=y +CONFIG_GPIOLIB=y CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set CONFIG_GPIO_SYSFS=y @@ -3258,7 +3211,7 @@ CONFIG_GPIO_ARIZONA=m # CONFIG_GPIO_CS5535=m CONFIG_GPIO_AMD8111=m -# CONFIG_GPIO_INTEL_MID is not set +CONFIG_GPIO_LANGWELL=y # CONFIG_GPIO_PCH is not set # CONFIG_GPIO_ML_IOH is not set # CONFIG_GPIO_RDC321X is not set @@ -3274,7 +3227,7 @@ CONFIG_GPIO_AMD8111=m # # AC97 GPIO expanders: # -CONFIG_GPIO_UCB1400=m +CONFIG_GPIO_UCB1400=y # # LPC GPIO expanders: @@ -3307,7 +3260,6 @@ CONFIG_TEST_POWER=m # CONFIG_CHARGER_GPIO is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_BQ24190 is not set -CONFIG_CHARGER_BQ24735=m # CONFIG_CHARGER_SMB347 is not set CONFIG_POWER_RESET=y CONFIG_POWER_AVS=y @@ -4030,7 +3982,7 @@ CONFIG_VIDEO_UPD64031A=m CONFIG_VIDEO_UPD64083=m # -# Miscellaneous helper chips +# Miscelaneous helper chips # CONFIG_VIDEO_M52790=m @@ -4106,7 +4058,6 @@ CONFIG_DVB_TUNER_CX24113=m CONFIG_DVB_TDA826X=m CONFIG_DVB_TUA6100=m CONFIG_DVB_CX24116=m -CONFIG_DVB_CX24117=m CONFIG_DVB_SI21XX=m CONFIG_DVB_TS2020=m CONFIG_DVB_DS3000=m @@ -4212,7 +4163,6 @@ CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_USB=m CONFIG_DRM_KMS_HELPER=m -CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_LOAD_EDID_FIRMWARE=y CONFIG_DRM_TTM=m @@ -4232,7 +4182,6 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y -CONFIG_DRM_I915_FBDEV=y # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_MGA=m CONFIG_DRM_SIS=m @@ -4347,7 +4296,7 @@ CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m -CONFIG_BACKLIGHT_LM3630A=m +# CONFIG_BACKLIGHT_LM3630 is not set # CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -4526,7 +4475,6 @@ CONFIG_SND_USB_6FIRE=m CONFIG_SND_USB_HIFACE=m CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m -CONFIG_SND_DICE=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m @@ -4604,7 +4552,6 @@ CONFIG_HID_ROCCAT=m CONFIG_HID_SAITEK=m CONFIG_HID_SAMSUNG=m CONFIG_HID_SONY=m -CONFIG_SONY_FF=y CONFIG_HID_SPEEDLINK=m CONFIG_HID_STEELSERIES=m CONFIG_HID_SUNPLUS=m @@ -4835,6 +4782,7 @@ CONFIG_USB_XUSBATM=m # CONFIG_USB_PHY=y CONFIG_NOP_USB_XCEIV=m +# CONFIG_AM335X_PHY_USB is not set CONFIG_SAMSUNG_USBPHY=m CONFIG_SAMSUNG_USB2PHY=m CONFIG_SAMSUNG_USB3PHY=m @@ -4876,7 +4824,6 @@ CONFIG_USB_F_NCM=m CONFIG_USB_F_ECM=m CONFIG_USB_F_SUBSET=m CONFIG_USB_F_RNDIS=m -CONFIG_USB_F_MASS_STORAGE=m # CONFIG_USB_CONFIGFS is not set # CONFIG_USB_ZERO is not set CONFIG_USB_AUDIO=m @@ -4977,7 +4924,6 @@ CONFIG_LEDS_LP5562=m CONFIG_LEDS_CLEVO_MAIL=m CONFIG_LEDS_PCA955X=m # CONFIG_LEDS_PCA963X is not set -CONFIG_LEDS_PCA9685=m # CONFIG_LEDS_DAC124S085 is not set CONFIG_LEDS_BD2802=m CONFIG_LEDS_INTEL_SS4200=m @@ -5134,7 +5080,6 @@ CONFIG_DMA_ACPI=y # CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set -CONFIG_DMA_ENGINE_RAID=y CONFIG_DCA=m CONFIG_AUXDISPLAY=y CONFIG_KS0108=m @@ -5335,11 +5280,15 @@ CONFIG_FT1000_PCMCIA=m # CONFIG_SPEAKUP=m CONFIG_SPEAKUP_SYNTH_ACNTSA=m +CONFIG_SPEAKUP_SYNTH_ACNTPC=m CONFIG_SPEAKUP_SYNTH_APOLLO=m CONFIG_SPEAKUP_SYNTH_AUDPTR=m CONFIG_SPEAKUP_SYNTH_BNS=m CONFIG_SPEAKUP_SYNTH_DECTLK=m CONFIG_SPEAKUP_SYNTH_DECEXT=m +CONFIG_SPEAKUP_SYNTH_DECPC=m +CONFIG_SPEAKUP_SYNTH_DTLK=m +CONFIG_SPEAKUP_SYNTH_KEYPC=m CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m @@ -5405,6 +5354,7 @@ CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m CONFIG_ASUS_LAPTOP=m +CONFIG_CHROMEOS_LAPTOP=m CONFIG_DELL_LAPTOP=m CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m @@ -5450,8 +5400,6 @@ CONFIG_APPLE_GMUX=m CONFIG_INTEL_RST=m CONFIG_INTEL_SMARTCONNECT=y CONFIG_PVPANIC=m -CONFIG_CHROME_PLATFORMS=y -CONFIG_CHROMEOS_LAPTOP=m # # Hardware Spinlock drivers @@ -5502,14 +5450,6 @@ CONFIG_FMC_TRIVIAL=m CONFIG_FMC_WRITE_EEPROM=m CONFIG_FMC_CHARDEV=m -# -# PHY Subsystem -# -CONFIG_GENERIC_PHY=m -CONFIG_PHY_EXYNOS_MIPI_VIDEO=m -CONFIG_POWERCAP=y -CONFIG_INTEL_RAPL=m - # # Firmware Drivers # @@ -5528,7 +5468,6 @@ CONFIG_ISCSI_IBFT=m # EFI (Extensible Firmware Interface) Support # # CONFIG_EFI_VARS is not set -CONFIG_UEFI_CPER=y # # File systems @@ -5675,11 +5614,6 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_LOGFS=m CONFIG_CRAMFS=m CONFIG_SQUASHFS=m -# CONFIG_SQUASHFS_FILE_CACHE is not set -CONFIG_SQUASHFS_FILE_DIRECT=y -# CONFIG_SQUASHFS_DECOMP_SINGLE is not set -# CONFIG_SQUASHFS_DECOMP_MULTI is not set -CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZO=y @@ -5709,7 +5643,6 @@ CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y -CONFIG_F2FS_CHECK_FS=y CONFIG_EFIVAR_FS=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y @@ -5725,7 +5658,6 @@ CONFIG_PNFS_FILE_LAYOUT=m CONFIG_PNFS_BLOCK=m CONFIG_PNFS_OBJLAYOUT=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org" -CONFIG_NFS_V4_1_MIGRATION=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set @@ -5863,7 +5795,6 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y -CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 CONFIG_DEBUG_KERNEL=y # @@ -6000,7 +5931,6 @@ CONFIG_LKDTM=m # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_RBTREE_TEST is not set # CONFIG_INTERVAL_TREE_TEST is not set -CONFIG_PERCPU_TEST=m # CONFIG_ATOMIC64_SELFTEST is not set CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_STRING_HELPERS is not set @@ -6015,7 +5945,6 @@ CONFIG_STRICT_DEVMEM=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set -CONFIG_EARLY_PRINTK_EFI=y # CONFIG_X86_PTDUMP is not set CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_RODATA_TEST is not set @@ -6046,8 +5975,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0 # Security options # CONFIG_KEYS=y -CONFIG_PERSISTENT_KEYRINGS=y -CONFIG_BIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEYS_DEBUG_PROC_KEYS is not set @@ -6058,16 +5985,8 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_SECURITY_SELINUX=y -CONFIG_SECURITY_SELINUX_BOOTPARAM=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 -# CONFIG_SECURITY_SELINUX_DISABLE is not set -CONFIG_SECURITY_SELINUX_DEVELOP=y -CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 -# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set -CONFIG_SECURITY_SMACK=y +# CONFIG_SECURITY_SELINUX is not set +# CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 @@ -6080,8 +5999,6 @@ CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_YAMA_STACKED=y # CONFIG_IMA is not set -# CONFIG_DEFAULT_SECURITY_SELINUX is not set -# CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set # CONFIG_DEFAULT_SECURITY_YAMA is not set @@ -6121,7 +6038,7 @@ CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m -CONFIG_CRYPTO_ABLK_HELPER=m +CONFIG_CRYPTO_ABLK_HELPER_X86=m CONFIG_CRYPTO_GLUE_HELPER_X86=m # @@ -6230,7 +6147,6 @@ CONFIG_CRYPTO_ANSI_CPRNG=m CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m -CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m @@ -6248,7 +6164,6 @@ CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y -CONFIG_KVM_VFIO=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -6271,6 +6186,7 @@ CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y CONFIG_PERCPU_RWSEM=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_CMPXCHG_LOCKREF=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=m @@ -6284,7 +6200,6 @@ CONFIG_CRC32_SLICEBY8=y CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m -# CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y @@ -6318,7 +6233,6 @@ CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y -CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y diff --git a/kernels/linux-libre-knock/criu-no-expert.patch b/kernels/linux-libre-knock/criu-no-expert.patch index 9bbc02812..2124427e9 100644 --- a/kernels/linux-libre-knock/criu-no-expert.patch +++ b/kernels/linux-libre-knock/criu-no-expert.patch @@ -1,8 +1,8 @@ diff --git a/init/Kconfig b/init/Kconfig -index 4e5d96a..4b94ffe 100644 +index be8b7f5..7461760 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1078,7 +1078,7 @@ config DEBUG_BLK_CGROUP +@@ -989,7 +989,7 @@ config DEBUG_BLK_CGROUP endif # CGROUPS config CHECKPOINT_RESTORE @@ -11,3 +11,12 @@ index 4e5d96a..4b94ffe 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. +@@ -1000,7 +1000,7 @@ config CHECKPOINT_RESTORE + If unsure, say N here. + + menuconfig NAMESPACES +- bool "Namespaces support" if EXPERT ++ bool "Namespaces support" + default !EXPERT + help + Provides the way to make tasks work with different objects using diff --git a/kernels/linux-libre-knock/i8042-fix-aliases.patch b/kernels/linux-libre-knock/i8042-fix-aliases.patch deleted file mode 100644 index 961968c78..000000000 --- a/kernels/linux-libre-knock/i8042-fix-aliases.patch +++ /dev/null @@ -1,113 +0,0 @@ -commit 5a420e61e39862c7c3356080eddb23dfe4ccadb7 -Author: Tom Gundersen -Date: Sun Jan 26 17:00:32 2014 +0100 - - Input: i8042 - fix PNP modaliases when both aux and kdb are enabled - - Commit 78551277e4 exposed the PNP modaliases for the i8042 module. However, - when both the aux and the kbd drivers are enabled the aux entries would - override the kdb ones. - - Refactor the device_id lists, and unconditionally attempt to load the driver - if either a kdb or aux devices is present. - - Signed-off-by: Tom Gundersen - -diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h -index 0ec9abb..dbc6958 100644 ---- a/drivers/input/serio/i8042-x86ia64io.h -+++ b/drivers/input/serio/i8042-x86ia64io.h -@@ -747,25 +747,27 @@ static int i8042_pnp_aux_probe(struct pnp_dev *dev, const struct pnp_device_id * - return 0; - } - --static struct pnp_device_id pnp_kbd_devids[] = { -- { .id = "PNP0300", .driver_data = 0 }, -- { .id = "PNP0301", .driver_data = 0 }, -- { .id = "PNP0302", .driver_data = 0 }, -- { .id = "PNP0303", .driver_data = 0 }, -- { .id = "PNP0304", .driver_data = 0 }, -- { .id = "PNP0305", .driver_data = 0 }, -- { .id = "PNP0306", .driver_data = 0 }, -- { .id = "PNP0309", .driver_data = 0 }, -- { .id = "PNP030a", .driver_data = 0 }, -- { .id = "PNP030b", .driver_data = 0 }, -- { .id = "PNP0320", .driver_data = 0 }, -- { .id = "PNP0343", .driver_data = 0 }, -- { .id = "PNP0344", .driver_data = 0 }, -- { .id = "PNP0345", .driver_data = 0 }, -+#define KBD_DEVIDS \ -+ { .id = "PNP0300", .driver_data = 0 }, \ -+ { .id = "PNP0301", .driver_data = 0 }, \ -+ { .id = "PNP0302", .driver_data = 0 }, \ -+ { .id = "PNP0303", .driver_data = 0 }, \ -+ { .id = "PNP0304", .driver_data = 0 }, \ -+ { .id = "PNP0305", .driver_data = 0 }, \ -+ { .id = "PNP0306", .driver_data = 0 }, \ -+ { .id = "PNP0309", .driver_data = 0 }, \ -+ { .id = "PNP030a", .driver_data = 0 }, \ -+ { .id = "PNP030b", .driver_data = 0 }, \ -+ { .id = "PNP0320", .driver_data = 0 }, \ -+ { .id = "PNP0343", .driver_data = 0 }, \ -+ { .id = "PNP0344", .driver_data = 0 }, \ -+ { .id = "PNP0345", .driver_data = 0 }, \ - { .id = "CPQA0D7", .driver_data = 0 }, -+ -+static struct pnp_device_id pnp_kbd_devids[] = { -+ KBD_DEVIDS - { .id = "", }, - }; --MODULE_DEVICE_TABLE(pnp, pnp_kbd_devids); - - static struct pnp_driver i8042_pnp_kbd_driver = { - .name = "i8042 kbd", -@@ -773,21 +775,23 @@ static struct pnp_driver i8042_pnp_kbd_driver = { - .probe = i8042_pnp_kbd_probe, - }; - --static struct pnp_device_id pnp_aux_devids[] = { -- { .id = "AUI0200", .driver_data = 0 }, -- { .id = "FJC6000", .driver_data = 0 }, -- { .id = "FJC6001", .driver_data = 0 }, -- { .id = "PNP0f03", .driver_data = 0 }, -- { .id = "PNP0f0b", .driver_data = 0 }, -- { .id = "PNP0f0e", .driver_data = 0 }, -- { .id = "PNP0f12", .driver_data = 0 }, -- { .id = "PNP0f13", .driver_data = 0 }, -- { .id = "PNP0f19", .driver_data = 0 }, -- { .id = "PNP0f1c", .driver_data = 0 }, -+#define AUX_DEVIDS \ -+ { .id = "AUI0200", .driver_data = 0 }, \ -+ { .id = "FJC6000", .driver_data = 0 }, \ -+ { .id = "FJC6001", .driver_data = 0 }, \ -+ { .id = "PNP0f03", .driver_data = 0 }, \ -+ { .id = "PNP0f0b", .driver_data = 0 }, \ -+ { .id = "PNP0f0e", .driver_data = 0 }, \ -+ { .id = "PNP0f12", .driver_data = 0 }, \ -+ { .id = "PNP0f13", .driver_data = 0 }, \ -+ { .id = "PNP0f19", .driver_data = 0 }, \ -+ { .id = "PNP0f1c", .driver_data = 0 }, \ - { .id = "SYN0801", .driver_data = 0 }, -+ -+static struct pnp_device_id pnp_aux_devids[] = { -+ AUX_DEVIDS - { .id = "", }, - }; --MODULE_DEVICE_TABLE(pnp, pnp_aux_devids); - - static struct pnp_driver i8042_pnp_aux_driver = { - .name = "i8042 aux", -@@ -795,6 +799,13 @@ static struct pnp_driver i8042_pnp_aux_driver = { - .probe = i8042_pnp_aux_probe, - }; - -+static struct pnp_device_id pnp_kdb_aux_devids[] = { -+ KBD_DEVIDS -+ AUX_DEVIDS -+ { .id = "", }, -+}; -+MODULE_DEVICE_TABLE(pnp, pnp_kdb_aux_devids); -+ - static void i8042_pnp_exit(void) - { - if (i8042_pnp_kbd_registered) { diff --git a/kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch b/kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch new file mode 100644 index 000000000..be81fec76 --- /dev/null +++ b/kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch @@ -0,0 +1,48 @@ +Bugzilla: N/A +Upstream-status: queued in NFS git tree (for 3.13/3.14?) + +Currently, the client will attempt to use krb5i in the SETCLIENTID call +even if rpc.gssd isn't running. When that fails, it'll then fall back to +RPC_AUTH_UNIX. This introduced a delay when mounting if rpc.gssd isn't +running, and causes warning messages to pop up in the ring buffer. + +Check to see if rpc.gssd is running before even attempting to use krb5i +auth, and just silently skip trying to do so if it isn't. In the event +that the admin is actually trying to mount with krb5*, it will still +fail at a later stage of the mount attempt. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + fs/nfs/nfs4client.c | 7 ++++++- + 1 files changed, 6 insertions(+), 1 deletions(-) + +diff -up linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c +--- linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c 2013-11-21 10:20:27.288286000 -0500 +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include "internal.h" + #include "callback.h" + #include "delegation.h" +@@ -206,7 +207,11 @@ struct nfs_client *nfs4_init_client(stru + if (clp->cl_minorversion != 0) + __set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags); + __set_bit(NFS_CS_DISCRTRY, &clp->cl_flags); +- error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I); ++ ++ error = -EINVAL; ++ if (gssd_running(clp->cl_net)) ++ error = nfs_create_rpc_client(clp, timeparms, ++ RPC_AUTH_GSS_KRB5I); + if (error == -EINVAL) + error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX); + if (error < 0) + +_______________________________________________ +kernel mailing list +kernel@lists.fedoraproject.org +https://admin.fedoraproject.org/mailman/listinfo/kernel diff --git a/kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch b/kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch new file mode 100644 index 000000000..ed03f34dd --- /dev/null +++ b/kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch @@ -0,0 +1,50 @@ +Bugzilla: 1037793 +Upstream-status: submitted for 3.14 + +Currently, it could leak dentry references in some cases. Make sure +we clean up properly. + +Signed-off-by: Jeff Layton +--- + net/sunrpc/rpc_pipe.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index 5d973b2..b185548 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -1369,6 +1369,18 @@ out: + return pipe_dentry; + } + ++static void ++rpc_gssd_dummy_depopulate(struct dentry *pipe_dentry) ++{ ++ struct dentry *clnt_dir = pipe_dentry->d_parent; ++ struct dentry *gssd_dir = clnt_dir->d_parent; ++ ++ __rpc_rmpipe(clnt_dir->d_inode, pipe_dentry); ++ __rpc_depopulate(clnt_dir, gssd_dummy_info_file, 0, 1); ++ __rpc_depopulate(gssd_dir, gssd_dummy_clnt_dir, 0, 1); ++ dput(pipe_dentry); ++} ++ + static int + rpc_fill_super(struct super_block *sb, void *data, int silent) + { +@@ -1412,7 +1424,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) + return 0; + + err_depopulate: +- dput(gssd_dentry); ++ rpc_gssd_dummy_depopulate(gssd_dentry); + blocking_notifier_call_chain(&rpc_pipefs_notifier_list, + RPC_PIPEFS_UMOUNT, + sb); +-- +1.8.4.2 + +-- +To unsubscribe from this list: send the line "unsubscribe linux-nfs" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch b/kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch new file mode 100644 index 000000000..e4b1a255f --- /dev/null +++ b/kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch @@ -0,0 +1,32 @@ +Bugzilla: 1037793 +Upstream-status: submitted for 3.14 + +In the event that we create the gssd/clntXX dir, but the pipe creation +subsequently fails, then we should remove the clntXX dir before +returning. + +Signed-off-by: Jeff Layton +--- + net/sunrpc/rpc_pipe.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index 5cd7ad1..0b74c61 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -1313,6 +1313,8 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) + } + + pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); ++ if (IS_ERR(pipe_dentry)) ++ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); + out: + dput(clnt_dentry); + dput(gssd_dentry); +-- +1.8.4.2 + +-- +To unsubscribe from this list: send the line "unsubscribe linux-nfs" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch new file mode 100644 index 000000000..dd3b5ba2f --- /dev/null +++ b/kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch @@ -0,0 +1,96 @@ +Bugzilla: 1037793 +Upstream-status: submitted for 3.14 + +rpc.gssd expects to see an "info" file in each clntXX dir. Since adding +the dummy gssd pipe, users that run rpc.gssd see a lot of these messages +spamming the logs: + + rpc.gssd[508]: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory + rpc.gssd[508]: ERROR: failed to read service info + +Add a dummy gssd/clntXX/info file to help silence these messages. + +Signed-off-by: Jeff Layton +--- + net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 49 insertions(+), 1 deletion(-) + +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index 0b74c61..5d973b2 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -1275,6 +1276,44 @@ static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { + .downcall = dummy_downcall, + }; + ++/* ++ * Here we present a bogus "info" file to keep rpc.gssd happy. We don't expect ++ * that it will ever use this info to handle an upcall, but rpc.gssd expects ++ * that this file will be there and have a certain format. ++ */ ++static int ++rpc_show_dummy_info(struct seq_file *m, void *v) ++{ ++ seq_printf(m, "RPC server: %s\n", utsname()->nodename); ++ seq_printf(m, "service: foo (1) version 0\n"); ++ seq_printf(m, "address: 127.0.0.1\n"); ++ seq_printf(m, "protocol: tcp\n"); ++ seq_printf(m, "port: 0\n"); ++ return 0; ++} ++ ++static int ++rpc_dummy_info_open(struct inode *inode, struct file *file) ++{ ++ return single_open(file, rpc_show_dummy_info, NULL); ++} ++ ++static const struct file_operations rpc_dummy_info_operations = { ++ .owner = THIS_MODULE, ++ .open = rpc_dummy_info_open, ++ .read = seq_read, ++ .llseek = seq_lseek, ++ .release = single_release, ++}; ++ ++static const struct rpc_filelist gssd_dummy_info_file[] = { ++ [0] = { ++ .name = "info", ++ .i_fop = &rpc_dummy_info_operations, ++ .mode = S_IFREG | S_IRUSR, ++ }, ++}; ++ + /** + * rpc_gssd_dummy_populate - create a dummy gssd pipe + * @root: root of the rpc_pipefs filesystem +@@ -1312,9 +1351,18 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) + goto out; + } + ++ ret = rpc_populate(clnt_dentry, gssd_dummy_info_file, 0, 1, NULL); ++ if (ret) { ++ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); ++ pipe_dentry = ERR_PTR(ret); ++ goto out; ++ } ++ + pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); +- if (IS_ERR(pipe_dentry)) ++ if (IS_ERR(pipe_dentry)) { ++ __rpc_depopulate(clnt_dentry, gssd_dummy_info_file, 0, 1); + __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); ++ } + out: + dput(clnt_dentry); + dput(gssd_dentry); +-- +1.8.4.2 diff --git a/kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch new file mode 100644 index 000000000..805498a70 --- /dev/null +++ b/kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch @@ -0,0 +1,233 @@ +Bugzilla: N/A +Upstream-status: queued in NFS git tree (for 3.13/3.14?) + +rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows +up under rpc_pipefs. That behavior gives us a reliable mechanism to tell +whether it's actually running or not. + +Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted. +Under that directory create another directory called "clntXX", and then +within that a pipe called "gssd". + +We'll never send an upcall along that pipe, and any downcall written to +it will just return -EINVAL. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + include/linux/sunrpc/rpc_pipe_fs.h | 3 +- + net/sunrpc/netns.h | 1 + + net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++- + net/sunrpc/sunrpc_syms.c | 8 +++- + 4 files changed, 100 insertions(+), 5 deletions(-) + +diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h +--- linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h 2013-11-21 10:11:17.893026000 -0500 +@@ -64,7 +64,8 @@ enum { + + extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb, + const unsigned char *dir_name); +-extern void rpc_pipefs_init_net(struct net *net); ++extern int rpc_pipefs_init_net(struct net *net); ++extern void rpc_pipefs_exit_net(struct net *net); + extern struct super_block *rpc_get_sb_net(const struct net *net); + extern void rpc_put_sb_net(const struct net *net); + +diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h +--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h 2013-11-21 10:11:17.897029000 -0500 +@@ -14,6 +14,7 @@ struct sunrpc_net { + struct cache_detail *rsi_cache; + + struct super_block *pipefs_sb; ++ struct rpc_pipe *gssd_dummy; + struct mutex pipefs_sb_lock; + + struct list_head all_clients; +diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c +--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c 2013-11-21 10:11:17.903026000 -0500 +@@ -38,7 +38,7 @@ + #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "") + + static struct file_system_type rpc_pipe_fs_type; +- ++static const struct rpc_pipe_ops gssd_dummy_pipe_ops; + + static struct kmem_cache *rpc_inode_cachep __read_mostly; + +@@ -1019,6 +1019,7 @@ enum { + RPCAUTH_nfsd4_cb, + RPCAUTH_cache, + RPCAUTH_nfsd, ++ RPCAUTH_gssd, + RPCAUTH_RootEOF + }; + +@@ -1055,6 +1056,10 @@ static const struct rpc_filelist files[] + .name = "nfsd", + .mode = S_IFDIR | S_IRUGO | S_IXUGO, + }, ++ [RPCAUTH_gssd] = { ++ .name = "gssd", ++ .mode = S_IFDIR | S_IRUGO | S_IXUGO, ++ }, + }; + + /* +@@ -1068,13 +1073,25 @@ struct dentry *rpc_d_lookup_sb(const str + } + EXPORT_SYMBOL_GPL(rpc_d_lookup_sb); + +-void rpc_pipefs_init_net(struct net *net) ++int rpc_pipefs_init_net(struct net *net) + { + struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + ++ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0); ++ if (IS_ERR(sn->gssd_dummy)) ++ return PTR_ERR(sn->gssd_dummy); ++ + mutex_init(&sn->pipefs_sb_lock); + sn->gssd_running = 1; + sn->pipe_version = -1; ++ return 0; ++} ++ ++void rpc_pipefs_exit_net(struct net *net) ++{ ++ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); ++ ++ rpc_destroy_pipe_data(sn->gssd_dummy); + } + + /* +@@ -1104,11 +1121,73 @@ void rpc_put_sb_net(const struct net *ne + } + EXPORT_SYMBOL_GPL(rpc_put_sb_net); + ++static const struct rpc_filelist gssd_dummy_clnt_dir[] = { ++ [0] = { ++ .name = "clntXX", ++ .mode = S_IFDIR | S_IRUGO | S_IXUGO, ++ }, ++}; ++ ++static ssize_t ++dummy_downcall(struct file *filp, const char __user *src, size_t len) ++{ ++ return -EINVAL; ++} ++ ++static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { ++ .upcall = rpc_pipe_generic_upcall, ++ .downcall = dummy_downcall, ++}; ++ ++/** ++ * rpc_gssd_dummy_populate - create a dummy gssd pipe ++ * @root: root of the rpc_pipefs filesystem ++ * @pipe_data: pipe data created when netns is initialized ++ * ++ * Create a dummy set of directories and a pipe that gssd can hold open to ++ * indicate that it is up and running. ++ */ ++static struct dentry * ++rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) ++{ ++ int ret = 0; ++ struct dentry *gssd_dentry; ++ struct dentry *clnt_dentry = NULL; ++ struct dentry *pipe_dentry = NULL; ++ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name, ++ strlen(files[RPCAUTH_gssd].name)); ++ ++ /* We should never get this far if "gssd" doesn't exist */ ++ gssd_dentry = d_hash_and_lookup(root, &q); ++ if (!gssd_dentry) ++ return ERR_PTR(-ENOENT); ++ ++ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL); ++ if (ret) { ++ pipe_dentry = ERR_PTR(ret); ++ goto out; ++ } ++ ++ q.name = gssd_dummy_clnt_dir[0].name; ++ q.len = strlen(gssd_dummy_clnt_dir[0].name); ++ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q); ++ if (!clnt_dentry) { ++ pipe_dentry = ERR_PTR(-ENOENT); ++ goto out; ++ } ++ ++ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); ++out: ++ dput(clnt_dentry); ++ dput(gssd_dentry); ++ return pipe_dentry; ++} ++ + static int + rpc_fill_super(struct super_block *sb, void *data, int silent) + { + struct inode *inode; +- struct dentry *root; ++ struct dentry *root, *gssd_dentry; + struct net *net = data; + struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + int err; +@@ -1126,6 +1205,13 @@ rpc_fill_super(struct super_block *sb, v + return -ENOMEM; + if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL)) + return -ENOMEM; ++ ++ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy); ++ if (IS_ERR(gssd_dentry)) { ++ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF); ++ return PTR_ERR(gssd_dentry); ++ } ++ + dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n", + net, NET_NAME(net)); + mutex_lock(&sn->pipefs_sb_lock); +@@ -1140,6 +1226,7 @@ rpc_fill_super(struct super_block *sb, v + return 0; + + err_depopulate: ++ dput(gssd_dentry); + blocking_notifier_call_chain(&rpc_pipefs_notifier_list, + RPC_PIPEFS_UMOUNT, + sb); +diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c +--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c 2013-11-21 10:11:17.908026000 -0500 +@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(st + if (err) + goto err_unixgid; + +- rpc_pipefs_init_net(net); ++ err = rpc_pipefs_init_net(net); ++ if (err) ++ goto err_pipefs; ++ + INIT_LIST_HEAD(&sn->all_clients); + spin_lock_init(&sn->rpc_client_lock); + spin_lock_init(&sn->rpcb_clnt_lock); + return 0; + ++err_pipefs: ++ unix_gid_cache_destroy(net); + err_unixgid: + ip_map_cache_destroy(net); + err_ipmap: +@@ -60,6 +65,7 @@ err_proc: + + static __net_exit void sunrpc_exit_net(struct net *net) + { ++ rpc_pipefs_exit_net(net); + unix_gid_cache_destroy(net); + ip_map_cache_destroy(net); + rpc_proc_exit(net); + diff --git a/kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch b/kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch new file mode 100644 index 000000000..8cd5c0090 --- /dev/null +++ b/kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch @@ -0,0 +1,139 @@ +Bugzilla: N/A +Upstream-status: queued in NFS git tree (for 3.13/3.14?) + +Now that we have a more reliable method to tell if gssd is running, we +can replace the sn->gssd_running flag with a function that will query to +see if it's up and running. + +There's also no need to attempt an upcall that we know will fail, so +just return -EACCES if gssd isn't running. Finally, fix the warn_gss() +message not to claim that that the upcall timed out since we don't +necesarily perform one now when gssd isn't running, and remove the +extraneous newline from the message. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + Fixed up to apply to 3.12.1 by Josh Boyer + + include/linux/sunrpc/rpc_pipe_fs.h | 2 ++ + net/sunrpc/auth_gss/auth_gss.c | 17 +++++++---------- + net/sunrpc/netns.h | 2 -- + net/sunrpc/rpc_pipe.c | 14 ++++++++++---- + 4 files changed, 19 insertions(+), 16 deletions(-) + +diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h +index 85f1342..7f490be 100644 +--- a/include/linux/sunrpc/rpc_pipe_fs.h ++++ b/include/linux/sunrpc/rpc_pipe_fs.h +@@ -131,5 +131,7 @@ extern int rpc_unlink(struct dentry *); + extern int register_rpc_pipefs(void); + extern void unregister_rpc_pipefs(void); + ++extern bool gssd_running(struct net *net); ++ + #endif + #endif +diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c +index 0846566..1ada878 100644 +--- a/net/sunrpc/auth_gss/auth_gss.c ++++ b/net/sunrpc/auth_gss/auth_gss.c +@@ -517,8 +517,7 @@ static void warn_gssd(void) + unsigned long now = jiffies; + + if (time_after(now, ratelimit)) { +- printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n" +- "Please check user daemon is running.\n"); ++ pr_warn("RPC: AUTH_GSS upcall failed. Please check user daemon is running.\n"); + ratelimit = now + 15*HZ; + } + } +@@ -581,7 +580,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) + struct rpc_pipe *pipe; + struct rpc_cred *cred = &gss_cred->gc_base; + struct gss_upcall_msg *gss_msg; +- unsigned long timeout; + DEFINE_WAIT(wait); + int err; + +@@ -589,17 +587,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) + __func__, from_kuid(&init_user_ns, cred->cr_uid)); + retry: + err = 0; +- /* Default timeout is 15s unless we know that gssd is not running */ +- timeout = 15 * HZ; +- if (!sn->gssd_running) +- timeout = HZ >> 2; ++ /* if gssd is down, just skip upcalling altogether */ ++ if (!gssd_running(net)) { ++ warn_gssd(); ++ return -EACCES; ++ } + gss_msg = gss_setup_upcall(gss_auth, cred); + if (PTR_ERR(gss_msg) == -EAGAIN) { + err = wait_event_interruptible_timeout(pipe_version_waitqueue, +- sn->pipe_version >= 0, timeout); ++ sn->pipe_version >= 0, 15 * HZ); + if (sn->pipe_version < 0) { +- if (err == 0) +- sn->gssd_running = 0; + warn_gssd(); + err = -EACCES; + } +diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h +index 8a8e841..94e506f 100644 +--- a/net/sunrpc/netns.h ++++ b/net/sunrpc/netns.h +@@ -33,8 +33,6 @@ struct sunrpc_net { + int pipe_version; + atomic_t pipe_users; + struct proc_dir_entry *use_gssp_proc; +- +- unsigned int gssd_running; + }; + + extern int sunrpc_net_id; +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index 40aef18..ad444f3 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode) + static int + rpc_pipe_open(struct inode *inode, struct file *filp) + { +- struct net *net = inode->i_sb->s_fs_info; +- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + struct rpc_pipe *pipe; + int first_open; + int res = -ENXIO; + + mutex_lock(&inode->i_mutex); +- sn->gssd_running = 1; + pipe = RPC_I(inode)->pipe; + if (pipe == NULL) + goto out; +@@ -1231,7 +1228,6 @@ int rpc_pipefs_init_net(struct net *net) + return PTR_ERR(sn->gssd_dummy); + + mutex_init(&sn->pipefs_sb_lock); +- sn->gssd_running = 1; + sn->pipe_version = -1; + return 0; + } +@@ -1385,6 +1381,16 @@ err_depopulate: + return err; + } + ++bool ++gssd_running(struct net *net) ++{ ++ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); ++ struct rpc_pipe *pipe = sn->gssd_dummy; ++ ++ return pipe->nreaders || pipe->nwriters; ++} ++EXPORT_SYMBOL_GPL(gssd_running); ++ + static struct dentry * + rpc_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) -- cgit v1.2.3 From 0881035933af82bb71763ff8cfd885aa9635a4b2 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 23 Feb 2014 23:39:50 -0200 Subject: linux-libre-{pae,xen}: fix checksums --- kernels/linux-libre-pae/PKGBUILD | 1 - kernels/linux-libre-xen/PKGBUILD | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'kernels') diff --git a/kernels/linux-libre-pae/PKGBUILD b/kernels/linux-libre-pae/PKGBUILD index 986eedc2a..d672e376a 100644 --- a/kernels/linux-libre-pae/PKGBUILD +++ b/kernels/linux-libre-pae/PKGBUILD @@ -46,7 +46,6 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' 'a724515b350b29c53f20e631c6cf9a14' '1ae4ec847f41fa1b6d488f956e94c893' 'e6fa278c092ad83780e2dd0568e24ca6' - '6baa312bc166681f48e972824f3f6649' '93dbf73af819b77f03453a9c6de2bb47') _kernelname=${pkgbase#linux-libre} diff --git a/kernels/linux-libre-xen/PKGBUILD b/kernels/linux-libre-xen/PKGBUILD index d5206f166..557eedd2a 100644 --- a/kernels/linux-libre-xen/PKGBUILD +++ b/kernels/linux-libre-xen/PKGBUILD @@ -46,7 +46,7 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' 'a724515b350b29c53f20e631c6cf9a14' '1ae4ec847f41fa1b6d488f956e94c893' 'e6fa278c092ad83780e2dd0568e24ca6' - '6baa312bc166681f48e972824f3f6649') + '93dbf73af819b77f03453a9c6de2bb47') _kernelname=${pkgbase#linux-libre} _localversionname=-LIBRE-XEN -- cgit v1.2.3 From a8ab61a4d1080d88ba259d9987472670655cf226 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Mon, 24 Feb 2014 03:36:28 -0200 Subject: linux-libre-knock-3.12.13-1: updating version --- ...rect-invalid-use-of-user-timespec-in-the-.patch | 80 ---------------------- kernels/linux-libre-knock/PKGBUILD | 15 ++-- 2 files changed, 5 insertions(+), 90 deletions(-) delete mode 100644 kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch (limited to 'kernels') diff --git a/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch b/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch deleted file mode 100644 index 3f1bccc80..000000000 --- a/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 2def2ef2ae5f3990aabdbe8a755911902707d268 Mon Sep 17 00:00:00 2001 -From: PaX Team -Date: Thu, 30 Jan 2014 16:59:25 -0800 -Subject: [PATCH] x86, x32: Correct invalid use of user timespec in the kernel - -The x32 case for the recvmsg() timout handling is broken: - - asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, - unsigned int vlen, unsigned int flags, - struct compat_timespec __user *timeout) - { - int datagrams; - struct timespec ktspec; - - if (flags & MSG_CMSG_COMPAT) - return -EINVAL; - - if (COMPAT_USE_64BIT_TIME) - return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT, - (struct timespec *) timeout); - ... - -The timeout pointer parameter is provided by userland (hence the __user -annotation) but for x32 syscalls it's simply cast to a kernel pointer -and is passed to __sys_recvmmsg which will eventually directly -dereference it for both reading and writing. Other callers to -__sys_recvmmsg properly copy from userland to the kernel first. - -The bug was introduced by commit ee4fa23c4bfc ("compat: Use -COMPAT_USE_64BIT_TIME in net/compat.c") and should affect all kernels -since 3.4 (and perhaps vendor kernels if they backported x32 support -along with this code). - -Note that CONFIG_X86_X32_ABI gets enabled at build time and only if -CONFIG_X86_X32 is enabled and ld can build x32 executables. - -Other uses of COMPAT_USE_64BIT_TIME seem fine. - -This addresses CVE-2014-0038. - -Signed-off-by: PaX Team -Signed-off-by: H. Peter Anvin -Cc: # v3.4+ -Signed-off-by: Linus Torvalds ---- - net/compat.c | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - -diff --git a/net/compat.c b/net/compat.c -index dd32e34..f50161f 100644 ---- a/net/compat.c -+++ b/net/compat.c -@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, - if (flags & MSG_CMSG_COMPAT) - return -EINVAL; - -- if (COMPAT_USE_64BIT_TIME) -- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, -- flags | MSG_CMSG_COMPAT, -- (struct timespec *) timeout); -- - if (timeout == NULL) - return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT, NULL); - -- if (get_compat_timespec(&ktspec, timeout)) -+ if (compat_get_timespec(&ktspec, timeout)) - return -EFAULT; - - datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT, &ktspec); -- if (datagrams > 0 && put_compat_timespec(&ktspec, timeout)) -+ if (datagrams > 0 && compat_put_timespec(&ktspec, timeout)) - datagrams = -EFAULT; - - return datagrams; --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/PKGBUILD b/kernels/linux-libre-knock/PKGBUILD index 0ca9167b8..0184dc0f1 100644 --- a/kernels/linux-libre-knock/PKGBUILD +++ b/kernels/linux-libre-knock/PKGBUILD @@ -10,11 +10,11 @@ pkgbase=linux-libre-knock # Build stock -LIBRE-KNOCK kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.12 -_sublevel=9 +_sublevel=13 _knockpatchver=${_basekernel}.4 pkgver=${_basekernel}.${_sublevel} -pkgrel=2 -_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver +pkgrel=1 +_lxopkgver=${_basekernel}.12 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -38,10 +38,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch' 'sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch' - '0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('254f59707b6676b59ce5ca5c3c698319' - '348975e36e4dd27f5d8fc50e92de8922' + 'e2ec796847356b785cb06d0563f3f7d5' '387673a6510de1e1bce8188fc7a72bd1' '6eac169d20fd27b55815b0b2db4a473b' 'f341bc4685a40dc409b144b0f44bb137' @@ -57,8 +56,7 @@ md5sums=('254f59707b6676b59ce5ca5c3c698319' 'cec0bb8981936eab2943b2009b7a6fff' '88d9cddf9e0050a76ec4674f264fb2a1' 'cb9016630212ef07b168892fbcfd4e5d' - '336d2c4afd7ee5f2bdf0dcb1a54df4b2' - '9cdff00e5aa53962869857d64a1ccf01') + 'a9a0ee57377ed6e55957f9671eead03a') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -107,9 +105,6 @@ prepare() { patch -Np1 -i "${srcdir}/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch" - # Fix CVE-2014-0038 - patch -p1 -i "${srcdir}/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch" - if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-knock|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ -- cgit v1.2.3 From 60cb72b622eebb3ba5878dc0f0fde86ded6cc732 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Mon, 24 Feb 2014 23:07:23 -0200 Subject: linux-libre-grsec: remove some patches because are included on grsec patch --- ...re-that-gss_auth-isn-t-freed-before-its-u.patch | 82 ---------------------- .../0001-quirk-asm_volatile_goto.patch | 51 -------------- kernels/linux-libre-grsec/PKGBUILD | 15 +--- kernels/linux-libre-grsec/config.i686 | 4 +- kernels/linux-libre-grsec/config.x86_64 | 4 +- 5 files changed, 8 insertions(+), 148 deletions(-) delete mode 100644 kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch delete mode 100644 kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch (limited to 'kernels') diff --git a/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch b/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch deleted file mode 100644 index 93803d2e6..000000000 --- a/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001 -From: Trond Myklebust -Date: Sun, 16 Feb 2014 12:14:13 -0500 -Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall - messages - -Fix a race in which the RPC client is shutting down while the -gss daemon is processing a downcall. If the RPC client manages to -shut down before the gss daemon is done, then the struct gss_auth -used in gss_release_msg() may have already been freed. - -Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com -Reported-by: John -Reported-by: Borislav Petkov -Cc: stable@vger.kernel.org # 3.12+ -Signed-off-by: Trond Myklebust ---- - net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 42fdfc6..a642fd616 100644 ---- a/net/sunrpc/auth_gss/auth_gss.c -+++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -108,6 +108,7 @@ struct gss_auth { - static DEFINE_SPINLOCK(pipe_version_lock); - static struct rpc_wait_queue pipe_version_rpc_waitqueue; - static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue); -+static void gss_put_auth(struct gss_auth *gss_auth); - - static void gss_free_ctx(struct gss_cl_ctx *); - static const struct rpc_pipe_ops gss_upcall_ops_v0; -@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg) - if (gss_msg->ctx != NULL) - gss_put_ctx(gss_msg->ctx); - rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue); -+ gss_put_auth(gss_msg->auth); - kfree(gss_msg); - } - -@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, - if (err) - goto err_free_msg; - }; -+ kref_get(&gss_auth->kref); - return gss_msg; - err_free_msg: - kfree(gss_msg); -@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref) - } - - static void -+gss_put_auth(struct gss_auth *gss_auth) -+{ -+ kref_put(&gss_auth->kref, gss_free_callback); -+} -+ -+static void - gss_destroy(struct rpc_auth *auth) - { - struct gss_auth *gss_auth = container_of(auth, -@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth) - gss_auth->gss_pipe[1] = NULL; - rpcauth_destroy_credcache(auth); - -- kref_put(&gss_auth->kref, gss_free_callback); -+ gss_put_auth(gss_auth); - } - - /* -@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred) - call_rcu(&cred->cr_rcu, gss_free_cred_callback); - if (ctx) - gss_put_ctx(ctx); -- kref_put(&gss_auth->kref, gss_free_callback); -+ gss_put_auth(gss_auth); - } - - static void --- -1.9.0 - diff --git a/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch deleted file mode 100644 index c9ee40400..000000000 --- a/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch +++ /dev/null @@ -1,51 +0,0 @@ -From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001 -From: Steven Noonan -Date: Thu, 13 Feb 2014 07:01:07 +0000 -Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional - -I started noticing problems with KVM guest destruction on Linux -3.12+, where guest memory wasn't being cleaned up. I bisected it -down to the commit introducing the new 'asm goto'-based atomics, -and found this quirk was later applied to those. - -Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the -known 'asm goto' bug) I am still getting some kind of -miscompilation. If I enable the asm_volatile_goto quirk for my -compiler, KVM guests are destroyed correctly and the memory is -cleaned up. - -So make the quirk unconditional for now, until bug is found -and fixed. - -Suggested-by: Linus Torvalds -Signed-off-by: Steven Noonan -Cc: Peter Zijlstra -Cc: Steven Rostedt -Cc: Jakub Jelinek -Cc: Richard Henderson -Cc: Andrew Morton -Cc: Oleg Nesterov -Cc: -Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net -Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 -Signed-off-by: Ingo Molnar ---- -diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index ded4299..2507fd2 100644 ---- a/include/linux/compiler-gcc4.h -+++ b/include/linux/compiler-gcc4.h -@@ -75,11 +75,7 @@ - * - * (asm goto is automatically volatile - the naming reflects this.) - */ --#if GCC_VERSION <= 40801 --# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) --#else --# define asm_volatile_goto(x...) do { asm goto(x); } while (0) --#endif -+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) - - #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP - #if GCC_VERSION >= 40400 --- -cgit v0.9.2 diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD index 28c6c1e8f..1bc252caf 100644 --- a/kernels/linux-libre-grsec/PKGBUILD +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -39,16 +39,14 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch' '0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch' - '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch' '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch' - '0001-quirk-asm_volatile_goto.patch' 'i8042-fix-aliases.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' '3659d30b1d06dd5b7874ae04c946863b' '0022d89a923e5e871ba53db1f969e46e' - 'a2718a1b47c6c3b0774ce786488d22c3' - 'cbe58a543b96ae282c674875b1940e59' + 'c7dae5d3fbb294ea14e67915ac86a37a' + 'd4b95575b9cc32b7ba4ad8624972ddf9' '5f66bed97a5c37e48eb2f71b2d354b9a' '2967cecc3af9f954ccc822fd63dca6ff' '8267264d9a8966e57fdacd1fa1fc65c4' @@ -61,9 +59,7 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' '10dbaf863e22b2437e68f9190d65c861' 'd5907a721b97299f0685c583499f7820' 'a724515b350b29c53f20e631c6cf9a14' - '1ae4ec847f41fa1b6d488f956e94c893' 'e6fa278c092ad83780e2dd0568e24ca6' - '6baa312bc166681f48e972824f3f6649' '93dbf73af819b77f03453a9c6de2bb47' 'ac92b702b8497d2be14f96e077a7f48f') if [ "$CARCH" != "mips64el" ]; then @@ -116,18 +112,11 @@ prepare() { # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch" - # Fix FS#38921 - # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd - patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch" - # Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch" # Fix i8042 aliases patch -p1 -i "${srcdir}/i8042-fix-aliases.patch" - # Fix compile issues - # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859 - patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch" if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile diff --git a/kernels/linux-libre-grsec/config.i686 b/kernels/linux-libre-grsec/config.i686 index 3d48a9b03..5bbdedd4a 100644 --- a/kernels/linux-libre-grsec/config.i686 +++ b/kernels/linux-libre-grsec/config.i686 @@ -5874,7 +5874,9 @@ CONFIG_JFFS2_FS_DEBUG=0 CONFIG_JFFS2_FS_WRITEBUFFER=y # CONFIG_JFFS2_FS_WBUF_VERIFY is not set # CONFIG_JFFS2_SUMMARY is not set -# CONFIG_JFFS2_FS_XATTR is not set +CONFIG_JFFS2_FS_XATTR=y +CONFIG_JFFS2_FS_POSIX_ACL=y +CONFIG_JFFS2_FS_SECURITY=y # CONFIG_JFFS2_COMPRESSION_OPTIONS is not set CONFIG_JFFS2_ZLIB=y # CONFIG_JFFS2_LZO is not set diff --git a/kernels/linux-libre-grsec/config.x86_64 b/kernels/linux-libre-grsec/config.x86_64 index 0269c67cc..f89860f78 100644 --- a/kernels/linux-libre-grsec/config.x86_64 +++ b/kernels/linux-libre-grsec/config.x86_64 @@ -5662,7 +5662,9 @@ CONFIG_JFFS2_FS_DEBUG=0 CONFIG_JFFS2_FS_WRITEBUFFER=y # CONFIG_JFFS2_FS_WBUF_VERIFY is not set # CONFIG_JFFS2_SUMMARY is not set -# CONFIG_JFFS2_FS_XATTR is not set +CONFIG_JFFS2_FS_XATTR=y +CONFIG_JFFS2_FS_POSIX_ACL=y +CONFIG_JFFS2_FS_SECURITY=y # CONFIG_JFFS2_COMPRESSION_OPTIONS is not set CONFIG_JFFS2_ZLIB=y # CONFIG_JFFS2_LZO is not set -- cgit v1.2.3 From f87f46a4b736917e557907e70268f47533e48a72 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 25 Feb 2014 01:30:27 -0200 Subject: linux-libre-grsec: add module-blacklist.conf, sysctl.conf and known-exploit-detection.patch on source line --- kernels/linux-libre-grsec/PKGBUILD | 12 +- kernels/linux-libre-grsec/config.i686 | 2 +- .../known-exploit-detection.patch | 410 ++++++++++----------- 3 files changed, 208 insertions(+), 216 deletions(-) (limited to 'kernels') diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD index 1bc252caf..e17657146 100644 --- a/kernels/linux-libre-grsec/PKGBUILD +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -41,11 +41,14 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch' '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch' 'i8042-fix-aliases.patch' + 'module-blacklist.conf' + 'sysctl.conf' + 'known-exploit-detection.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' '3659d30b1d06dd5b7874ae04c946863b' '0022d89a923e5e871ba53db1f969e46e' - 'c7dae5d3fbb294ea14e67915ac86a37a' + '21da34d98cc007a78a11660863537c0d' 'd4b95575b9cc32b7ba4ad8624972ddf9' '5f66bed97a5c37e48eb2f71b2d354b9a' '2967cecc3af9f954ccc822fd63dca6ff' @@ -61,6 +64,9 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' 'a724515b350b29c53f20e631c6cf9a14' 'e6fa278c092ad83780e2dd0568e24ca6' '93dbf73af819b77f03453a9c6de2bb47' + 'f93ef6157fbb23820bd5ae08fd3f451e' + '0db7629711f4ed76bd1f9da9f97bc4ea' + 'cb789bf97bc65fd4cf240d99df9c24c0' 'ac92b702b8497d2be14f96e077a7f48f') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. @@ -118,6 +124,10 @@ prepare() { # Fix i8042 aliases patch -p1 -i "${srcdir}/i8042-fix-aliases.patch" + # add known exploit detection patch + # http://lkml.org/lkml/2013/12/12/358 + patch -Np1 -i "${srcdir}/known-exploit-detection.patch" + if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ diff --git a/kernels/linux-libre-grsec/config.i686 b/kernels/linux-libre-grsec/config.i686 index 5bbdedd4a..07840923d 100644 --- a/kernels/linux-libre-grsec/config.i686 +++ b/kernels/linux-libre-grsec/config.i686 @@ -497,7 +497,7 @@ CONFIG_KEXEC=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_X86_NEED_RELOCS=y -CONFIG_PHYSICAL_ALIGN=0x100000 +CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set diff --git a/kernels/linux-libre-grsec/known-exploit-detection.patch b/kernels/linux-libre-grsec/known-exploit-detection.patch index 4837a9ce5..7629b4d85 100644 --- a/kernels/linux-libre-grsec/known-exploit-detection.patch +++ b/kernels/linux-libre-grsec/known-exploit-detection.patch @@ -1,147 +1,29 @@ -diff --git a/include/linux/exploit.h b/include/linux/exploit.h -new file mode 100644 -index 0000000..a8df72a ---- /dev/null -+++ b/include/linux/exploit.h -@@ -0,0 +1,23 @@ -+#ifndef _LINUX_EXPLOIT_H -+#define _LINUX_EXPLOIT_H -+ -+#ifdef CONFIG_EXPLOIT_DETECTION -+extern void _exploit(const char *id); -+ -+#define exploit_on(cond, id) \ -+ do { \ -+ if (unlikely(cond)) \ -+ _exploit(id); \ -+ } while (0) -+ -+#else -+ -+#define exploit_on(cond, id) \ -+ do { \ -+ } while (0) -+ -+#endif -+ -+#define exploit(id) exploit_on(true, id) -+ -+#endif -diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..a828dfb 100644 ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -167,5 +167,17 @@ config DEFAULT_SECURITY - default "yama" if DEFAULT_SECURITY_YAMA - default "" if DEFAULT_SECURITY_DAC - --endmenu -+config EXPLOIT_DETECTION -+ bool "Known exploit detection" -+ depends on PRINTK -+ default y -+ help -+ This option enables the detection of users/programs who attempt to -+ break into the kernel using publicly known (past) exploits. -+ -+ Upon detection, a message will be printed in the kernel log. - -+ The runtime overhead of enabling this option is extremely small, so -+ you are recommended to say Y. -+ -+endmenu -diff --git a/security/Makefile b/security/Makefile -index c26c81e..d152a1d 100644 ---- a/security/Makefile -+++ b/security/Makefile -@@ -28,3 +28,5 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o - # Object integrity file lists - subdir-$(CONFIG_INTEGRITY) += integrity - obj-$(CONFIG_INTEGRITY) += integrity/built-in.o -+ -+obj-$(CONFIG_EXPLOIT_DETECTION) += exploit.o -diff --git a/security/exploit.c b/security/exploit.c -new file mode 100644 -index 0000000..a732613 ---- /dev/null -+++ b/security/exploit.c -@@ -0,0 +1,28 @@ -+#include +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index 3432443..f5af562 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -38,6 +38,7 @@ + #include + #include + #include +#include -+#include -+#include -+#include -+ -+void _exploit(const char *id) -+{ -+ /* -+ * This function needs to be super defensive/conservative, since -+ * userspace can easily get to it from several different contexts. -+ * We don't want it to become an attack vector in itself! -+ * -+ * We can assume that we're in process context, but spinlocks may -+ * be held, etc. -+ */ -+ -+ struct task_struct *task = current; -+ pid_t pid = task_pid_nr(task); -+ uid_t uid = from_kuid(&init_user_ns, current_uid()); -+ char comm[sizeof(task->comm)]; -+ -+ get_task_comm(comm, task); -+ -+ pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n", -+ id, pid, uid, comm); -+} -+EXPORT_SYMBOL(_exploit); -diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h -index 75cef3f..65811d4 100644 ---- a/include/uapi/linux/audit.h -+++ b/include/uapi/linux/audit.h -@@ -131,6 +131,7 @@ - #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ - #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */ - #define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */ -+#define AUDIT_ANOM_EXPLOIT 1703 /* Known exploit attempt */ - #define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */ - #define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */ - #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ -diff --git a/security/exploit.c b/security/exploit.c -index a732613..3d8ee5b 100644 ---- a/security/exploit.c -+++ b/security/exploit.c -@@ -1,3 +1,4 @@ -+#include - #include - #include - #include -@@ -19,9 +20,24 @@ void _exploit(const char *id) - pid_t pid = task_pid_nr(task); - uid_t uid = from_kuid(&init_user_ns, current_uid()); - char comm[sizeof(task->comm)]; -+#ifdef CONFIG_AUDIT -+ struct audit_buffer *ab; -+#endif - get_task_comm(comm, task); + #include + #include +@@ -184,8 +185,10 @@ static int msr_open(struct inode *inode, struct file *file) + unsigned int cpu = iminor(file_inode(file)); + struct cpuinfo_x86 *c; -+#ifdef CONFIG_AUDIT -+ ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT); -+ if (ab) { -+ audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=", -+ id, pid, uid, -+ from_kuid(&init_user_ns, audit_get_loginuid(task)), -+ audit_get_sessionid(task)); -+ audit_log_untrustedstring(ab, comm); -+ audit_log_end(ab); +- if (!capable(CAP_SYS_RAWIO)) ++ if (!capable(CAP_SYS_RAWIO)) { ++ exploit("CVE-2013-0268"); + return -EPERM; + } -+#endif -+ - pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n", - id, pid, uid, comm); - } + + if (cpu >= nr_cpu_ids || !cpu_online(cpu)) + return -ENXIO; /* No such CPU */ diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index bf34577..48490c1 100644 +index ee52ddd..be4c296 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -32,6 +32,7 @@ @@ -150,9 +32,9 @@ index bf34577..48490c1 100644 #include +#include - struct eb_objects { - struct list_head objects; -@@ -785,8 +786,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, + #define __EXEC_OBJECT_HAS_PIN (1<<31) + #define __EXEC_OBJECT_HAS_FENCE (1<<30) +@@ -878,8 +879,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, * the worst case where we need to allocate the entire * relocation tree as a single array. */ @@ -164,30 +46,6 @@ index bf34577..48490c1 100644 relocs_total += exec[i].relocation_count; length = exec[i].relocation_count * -diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index 88458fa..fad04f1 100644 ---- a/arch/x86/kernel/msr.c -+++ b/arch/x86/kernel/msr.c -@@ -37,6 +37,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -174,8 +175,10 @@ static int msr_open(struct inode *inode, struct file *file) - unsigned int cpu = iminor(file_inode(file)); - struct cpuinfo_x86 *c; - -- if (!capable(CAP_SYS_RAWIO)) -+ if (!capable(CAP_SYS_RAWIO)) { -+ exploit("CVE-2013-0268"); - return -EPERM; -+ } - - if (cpu >= nr_cpu_ids || !cpu_online(cpu)) - return -ENXIO; /* No such CPU */ diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c index b1ce4c7..2fe83f0 100644 --- a/fs/hfs/trans.c @@ -212,50 +70,6 @@ index b1ce4c7..2fe83f0 100644 dst = out; dstlen = HFS_MAX_NAMELEN; if (nls_io) { -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 13fb113..df7a51a 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - - static struct kmem_cache *user_ns_cachep __read_mostly; - -@@ -806,11 +807,15 @@ static bool new_idmap_permitted(const struct file *file, - kuid_t uid = make_kuid(ns->parent, id); - if (uid_eq(uid, file->f_cred->fsuid)) - return true; -+ -+ exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959"); - } - else if (cap_setid == CAP_SETGID) { - kgid_t gid = make_kgid(ns->parent, id); - if (gid_eq(gid, file->f_cred->fsgid)) - return true; -+ -+ exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959"); - } - } - -@@ -822,9 +827,12 @@ static bool new_idmap_permitted(const struct file *file, - * (CAP_SETUID or CAP_SETGID) over the parent user namespace. - * And the opener of the id file also had the approprpiate capability. - */ -- if (ns_capable(ns->parent, cap_setid) && -- file_ns_capable(file, ns->parent, cap_setid)) -- return true; -+ if (ns_capable(ns->parent, cap_setid)) { -+ if (file_ns_capable(file, ns->parent, cap_setid)) -+ return true; -+ -+ exploit("CVE-2013-1959"); -+ } - - return false; - } diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c index 968ce41..5f47a1a 100644 --- a/fs/hfsplus/catalog.c @@ -304,8 +118,49 @@ index 4a4fea0..2d5e283 100644 err = -EIO; goto out; } +diff --git a/include/linux/exploit.h b/include/linux/exploit.h +new file mode 100644 +index 0000000..a8df72a +--- /dev/null ++++ b/include/linux/exploit.h +@@ -0,0 +1,23 @@ ++#ifndef _LINUX_EXPLOIT_H ++#define _LINUX_EXPLOIT_H ++ ++#ifdef CONFIG_EXPLOIT_DETECTION ++extern void _exploit(const char *id); ++ ++#define exploit_on(cond, id) \ ++ do { \ ++ if (unlikely(cond)) \ ++ _exploit(id); \ ++ } while (0) ++ ++#else ++ ++#define exploit_on(cond, id) \ ++ do { \ ++ } while (0) ++ ++#endif ++ ++#define exploit(id) exploit_on(true, id) ++ ++#endif +diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h +index 44b05a0..0a820b4 100644 +--- a/include/uapi/linux/audit.h ++++ b/include/uapi/linux/audit.h +@@ -134,6 +134,7 @@ + #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ + #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */ + #define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */ ++#define AUDIT_ANOM_EXPLOIT 1703 /* Known exploit attempt */ + #define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */ + #define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */ + #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ diff --git a/kernel/events/core.c b/kernel/events/core.c -index 953c143..32b9383 100644 +index 11b21f0..a881843 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -39,6 +39,7 @@ @@ -316,7 +171,7 @@ index 953c143..32b9383 100644 #include "internal.h" -@@ -5721,6 +5722,7 @@ static void sw_perf_event_destroy(struct perf_event *event) +@@ -5772,6 +5773,7 @@ static void sw_perf_event_destroy(struct perf_event *event) static int perf_swevent_init(struct perf_event *event) { u64 event_id = event->attr.config; @@ -324,8 +179,52 @@ index 953c143..32b9383 100644 if (event->attr.type != PERF_TYPE_SOFTWARE) return -ENOENT; +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index 583473e..4614b6e 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + static struct kmem_cache *user_ns_cachep __read_mostly; + +@@ -827,11 +828,15 @@ static bool new_idmap_permitted(const struct file *file, + kuid_t uid = make_kuid(ns->parent, id); + if (uid_eq(uid, file->f_cred->fsuid)) + return true; ++ ++ exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959"); + } + else if (cap_setid == CAP_SETGID) { + kgid_t gid = make_kgid(ns->parent, id); + if (gid_eq(gid, file->f_cred->fsgid)) + return true; ++ ++ exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959"); + } + } + +@@ -843,9 +848,12 @@ static bool new_idmap_permitted(const struct file *file, + * (CAP_SETUID or CAP_SETGID) over the parent user namespace. + * And the opener of the id file also had the approprpiate capability. + */ +- if (ns_capable(ns->parent, cap_setid) && +- file_ns_capable(file, ns->parent, cap_setid)) +- return true; ++ if (ns_capable(ns->parent, cap_setid)) { ++ if (file_ns_capable(file, ns->parent, cap_setid)) ++ return true; ++ ++ exploit("CVE-2013-1959"); ++ } + + return false; + } diff --git a/net/core/sock.c b/net/core/sock.c -index 0b39e7a..c16246f 100644 +index 997c88b..5fc9f05 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -117,6 +117,7 @@ @@ -336,7 +235,7 @@ index 0b39e7a..c16246f 100644 #include -@@ -1753,8 +1754,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len, +@@ -1758,8 +1759,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len, int i; err = -EMSGSIZE; @@ -348,3 +247,86 @@ index 0b39e7a..c16246f 100644 timeo = sock_sndtimeo(sk, noblock); while (!skb) { +diff --git a/security/Kconfig b/security/Kconfig +index 0ebde71..9afec5d 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -1120,5 +1120,17 @@ config DEFAULT_SECURITY + default "yama" if DEFAULT_SECURITY_YAMA + default "" if DEFAULT_SECURITY_DAC + +-endmenu ++config EXPLOIT_DETECTION ++ bool "Known exploit detection" ++ depends on PRINTK ++ default y ++ help ++ This option enables the detection of users/programs who attempt to ++ break into the kernel using publicly known (past) exploits. + ++ Upon detection, a message will be printed in the kernel log. ++ ++ The runtime overhead of enabling this option is extremely small, so ++ you are recommended to say Y. ++ ++endmenu +diff --git a/security/Makefile b/security/Makefile +index a5918e0..abc70cd 100644 +--- a/security/Makefile ++++ b/security/Makefile +@@ -27,3 +27,5 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o + # Object integrity file lists + subdir-$(CONFIG_INTEGRITY) += integrity + obj-$(CONFIG_INTEGRITY) += integrity/built-in.o ++ ++obj-$(CONFIG_EXPLOIT_DETECTION) += exploit.o +diff --git a/security/exploit.c b/security/exploit.c +new file mode 100644 +index 0000000..3d8ee5b +--- /dev/null ++++ b/security/exploit.c +@@ -0,0 +1,44 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++void _exploit(const char *id) ++{ ++ /* ++ * This function needs to be super defensive/conservative, since ++ * userspace can easily get to it from several different contexts. ++ * We don't want it to become an attack vector in itself! ++ * ++ * We can assume that we're in process context, but spinlocks may ++ * be held, etc. ++ */ ++ ++ struct task_struct *task = current; ++ pid_t pid = task_pid_nr(task); ++ uid_t uid = from_kuid(&init_user_ns, current_uid()); ++ char comm[sizeof(task->comm)]; ++#ifdef CONFIG_AUDIT ++ struct audit_buffer *ab; ++#endif ++ ++ get_task_comm(comm, task); ++ ++#ifdef CONFIG_AUDIT ++ ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT); ++ if (ab) { ++ audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=", ++ id, pid, uid, ++ from_kuid(&init_user_ns, audit_get_loginuid(task)), ++ audit_get_sessionid(task)); ++ audit_log_untrustedstring(ab, comm); ++ audit_log_end(ab); ++ } ++#endif ++ ++ pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n", ++ id, pid, uid, comm); ++} ++EXPORT_SYMBOL(_exploit); -- cgit v1.2.3 From 9f723766b260d4942426216ecede5ebe4631c456 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 25 Feb 2014 03:36:04 -0200 Subject: gradm-3.0-4: updating source --- kernels/gradm/PKGBUILD | 9 ++-- kernels/gradm/usr.patch | 115 ------------------------------------------------ 2 files changed, 3 insertions(+), 121 deletions(-) delete mode 100644 kernels/gradm/usr.patch (limited to 'kernels') diff --git a/kernels/gradm/PKGBUILD b/kernels/gradm/PKGBUILD index 52e0582b7..6ca4aacd9 100644 --- a/kernels/gradm/PKGBUILD +++ b/kernels/gradm/PKGBUILD @@ -5,8 +5,8 @@ pkgname=gradm pkgver=3.0 -_timestamp=201311242038 -pkgrel=2 +_timestamp=201401291757 +pkgrel=4 pkgdesc='Administrative interface for the grsecurity Role Based Access Control system' arch=(i686 x86_64 mips64el) url=http://grsecurity.net/ @@ -14,14 +14,12 @@ license=(GPL2) depends=(pam) source=( http://grsecurity.net/stable/$pkgname-$pkgver-$_timestamp.tar.gz - usr.patch learn_config policy ) build() { cd "$srcdir/$pkgname" - patch -Np1 < ../usr.patch sed -i -e 's/^CFLAGS :=/CFLAGS +=/' -e 's:sbin:usr/bin:' Makefile make } @@ -33,7 +31,6 @@ package() { rm -rf "$pkgdir/dev" } -sha256sums=('9d9040ef2be90b6a4db5b68ba5b7bc658cbbcdb8c71c643b8f95373e4a892e55' - '7342323d2da3724afe745506690a1a5b194f3f0e959811ca320d820bf74c9ffa' +sha256sums=('9c99714e6d10797a7348c6ffe2561dfcfe5e7659c9d86118d381b8bdb09ae7a6' 'ec8e824e8a29a67be76bf853814ee85e80c4063009e5693d5db8cdb45bd45813' '61c0e84098e8386e5496dafce559558adef32e2a4a1241a9fa3bd56eab192dcd') diff --git a/kernels/gradm/usr.patch b/kernels/gradm/usr.patch deleted file mode 100644 index b3e5e77ab..000000000 --- a/kernels/gradm/usr.patch +++ /dev/null @@ -1,115 +0,0 @@ -diff --git a/gradm_adm.c b/gradm_adm.c -index bdcfd7d..9681b3c 100644 ---- a/gradm_adm.c -+++ b/gradm_adm.c -@@ -72,12 +72,13 @@ add_gradm_acl(struct role_acl *role) - - gradm_name = gr_strdup(gradm_realpath); - if (gr_enable && strcmp(gradm_name, GRADM_PATH)) { -- printf("You are attempting to use a gradm binary other " -- "than the installed version. Depending on your " -+ printf("You are attempting to use a gradm binary (%s) other " -+ "than the installed version (%s). Depending on your " - "policy, you could be locking yourself out of " - "your machine by enabling the RBAC system with " - "this binary. Press \'y\' if you wish to ignore " -- "this warning, or any other key to cancel.\n>"); -+ "this warning, or any other key to cancel.\n>", -+ gradm_name, GRADM_PATH); - if (getchar() != 'y') - exit(EXIT_FAILURE); - } -@@ -259,11 +260,6 @@ static void add_fulllearn_shutdown_acl(void) - ADD_OBJ("/dev/urandom", "r"); - ADD_OBJ("/dev/random", "r"); - ADD_OBJ("/etc", "r"); -- ADD_OBJ("/bin", "rx"); -- ADD_OBJ("/sbin", "rx"); -- ADD_OBJ("/lib", "rx"); -- ADD_OBJ("/lib32", "rx"); -- ADD_OBJ("/lib64", "rx"); - ADD_OBJ("/usr", "rx"); - ADD_OBJ("/proc", "r"); - ADD_OBJ("/boot", "h"); -@@ -276,9 +272,9 @@ static void add_fulllearn_shutdown_acl(void) - ADD_OBJ("/proc/slabinfo", "h"); - ADD_OBJ("/proc/modules", "h"); - ADD_OBJ("/proc/kallsyms", "h"); -- ADD_OBJ("/lib/modules", "hs"); -- ADD_OBJ("/lib32/modules", "hs"); -- ADD_OBJ("/lib64/modules", "hs"); -+ ADD_OBJ("/usr/lib/modules", "hs"); -+ ADD_OBJ("/usr/lib32/modules", "hs"); -+ ADD_OBJ("/usr/lib64/modules", "hs"); - ADD_OBJ("/etc/ssh", "h"); - add_cap_acl(current_subject, "-CAP_ALL", NULL); - -diff --git a/gradm_analyze.c b/gradm_analyze.c -index 74ec86f..da365a4 100644 ---- a/gradm_analyze.c -+++ b/gradm_analyze.c -@@ -778,17 +778,17 @@ analyze_acls(void) - errs_found++; - } - -- if (!stat("/lib/modules", &fstat) && !check_permission(role, def_acl, "/lib/modules", &chk)) { -+ if (!stat("/usr/lib/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib/modules", &chk)) { - fprintf(stderr, -- "Writing access is allowed by role %s to /lib/modules, the directory which " -+ "Writing access is allowed by role %s to /usr/lib/modules, the directory which " - "holds kernel modules.\n\n", - role->rolename); - errs_found++; - } - -- if (!stat("/lib64/modules", &fstat) && !check_permission(role, def_acl, "/lib64/modules", &chk)) { -+ if (!stat("/usr/lib64/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib64/modules", &chk)) { - fprintf(stderr, -- "Writing access is allowed by role %s to /lib64/modules, the directory which " -+ "Writing access is allowed by role %s to /usr/lib64/modules, the directory which " - "holds kernel modules.\n\n", - role->rolename); - errs_found++; -diff --git a/gradm_defs.h b/gradm_defs.h -index 961a7b9..56d6378 100644 ---- a/gradm_defs.h -+++ b/gradm_defs.h -@@ -4,9 +4,9 @@ - #ifndef GRSEC_DIR - #define GRSEC_DIR "/etc/grsec" - #endif --#define GRLEARN_PATH "/sbin/grlearn" --#define GRADM_PATH "/sbin/gradm" --#define GRPAM_PATH "/sbin/gradm_pam" -+#define GRLEARN_PATH "/usr/bin/grlearn" -+#define GRADM_PATH "/usr/bin/gradm" -+#define GRPAM_PATH "/usr/bin/gradm_pam" - #define GRDEV_PATH "/dev/grsec" - #define GR_POLICY_PATH GRSEC_DIR "/policy" - #define GR_PW_PATH GRSEC_DIR "/pw" -diff --git a/gradm_fulllearn.c b/gradm_fulllearn.c -index 4d10060..6ce744d 100644 ---- a/gradm_fulllearn.c -+++ b/gradm_fulllearn.c -@@ -449,8 +449,8 @@ static const char *initial_roles_str = - "\t/proc/slabinfo\th\n" - "\t/proc/modules\th\n" - "\t/proc/kallsyms\th\n" --"\t/lib/modules\ths\n" --"\t/lib64/modules\ths\n" -+"\t/usr/lib/modules\ths\n" -+"\t/usr/lib64/modules\ths\n" - "\t/etc/ssh\th\n" - "}\n\n" - "role admin sA\n" -@@ -463,10 +463,6 @@ static const char *initial_roles_str = - "\t/dev/urandom r\n" - "\t/dev/random r\n" - "\t/etc r\n" --"\t/bin rx\n" --"\t/sbin rx\n" --"\t/lib rx\n" --"\t/lib64 rx\n" - "\t/usr rx\n" - "\t/proc r\n" - "\t$grsec_denied\n" -- cgit v1.2.3 From ef908aca0b76901da1491ab0ed29a1e8e19640f6 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 25 Feb 2014 03:54:30 -0200 Subject: xen-4.3.2-1: updating version --- kernels/xen/ChangeLog | 7 +++ kernels/xen/PKGBUILD | 75 +++++++++++++++++-------- kernels/xen/xsa73-4.3-unstable.patch | 105 ----------------------------------- kernels/xen/xsa75-4.3-unstable.patch | 55 ------------------ kernels/xen/xsa78.patch | 23 -------- 5 files changed, 60 insertions(+), 205 deletions(-) delete mode 100644 kernels/xen/xsa73-4.3-unstable.patch delete mode 100644 kernels/xen/xsa75-4.3-unstable.patch delete mode 100644 kernels/xen/xsa78.patch (limited to 'kernels') diff --git a/kernels/xen/ChangeLog b/kernels/xen/ChangeLog index 63c33c223..8f9ef80fe 100644 --- a/kernels/xen/ChangeLog +++ b/kernels/xen/ChangeLog @@ -1,3 +1,10 @@ +2014-02-19 David Sutton + * 4.3.2-1: + New upstream release + Removed unnecessary security patches (since now integrated into source) + Attempts to pull down additional required source file to ensure not corrupted + Added missing dependancy libseccomp + 2013-11-25 David Sutton * 4.3.1-2: Changed bluez dependancy from bluez4 to bluez diff --git a/kernels/xen/PKGBUILD b/kernels/xen/PKGBUILD index 6ff16c8cd..e19b5c06f 100644 --- a/kernels/xen/PKGBUILD +++ b/kernels/xen/PKGBUILD @@ -5,8 +5,8 @@ # Maintainer (Parabola): André Silva pkgname=xen -pkgver=4.3.1 -pkgrel=2 +pkgver=4.3.2 +pkgrel=1 pkgdesc="Virtual Machine Hypervisor & Tools (Parabola rebranded)" arch=(i686 x86_64) url="http://www.xenproject.org/" @@ -21,6 +21,15 @@ options=(!buildflags !strip) install=$pkgname.install changelog=ChangeLog source=(http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.gz + http://xenbits.xen.org/xen-extfiles/ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz + http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz + http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz + http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz + http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2 + http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz + http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz + http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz + http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 xen.install 09_xen bios_workaround.patch @@ -38,11 +47,27 @@ source=(http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g conf.d-xenstored tmpfiles.d-$pkgname.conf grub.conf - xsa73-4.3-unstable.patch - xsa75-4.3-unstable.patch - xsa78.patch $pkgname.conf) -sha256sums=('3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd' +noextract=(lwip-1.3.0.tar.gz + zlib-1.2.3.tar.gz + newlib-1.16.0.tar.gz + pciutils-2.2.9.tar.bz2 + polarssl-1.1.4-gpl.tgz + grub-0.97.tar.gz + tpm_emulator-0.7.4.tar.gz + gmp-4.3.2.tar.bz2 + ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) + +sha256sums=('17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69' + '632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c' + '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f' + '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e' + 'db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07' + 'f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24' + '2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6' + '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b' + '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459' + '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775' '0f6ebf3437974d1708c9e74005b976479ab8ff28adec394208153bf404b411f8' '74a957d783458b7481c7a09c3ed94ec2e07ee7943e4b7fa33d3684b8d585139e' '914cc983da1fe89ff125d751c979b4968f8952da21b19b900fcd4e6b33e14552' @@ -60,11 +85,17 @@ sha256sums=('3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd' '0e1ad0a6a72b0c22025a556c23235a8f663427f1e769c45fe39d1c525bf82eff' '40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf' '78398fb27edfedb432b5f4e4bf87b5dbee41f180c623d29f758234a49d8bf4b4' - '18f62049d714c3460df1f698663e42d0f8a16b9b4f62e66b40fdea635a348be5' - '4bac312d49a4a88633af652c09128ba1bba2ca97e2e56e5fe7da6e4671c56ccb' - 'bb13b280bb456c1d7c8f468e23e336e6b2d06eb364c6823f1b426fcfe09f6ed3' '50a9b7fd19e8beb1dea09755f07318f36be0b7ec53d3c9e74f3266a63e682c0c') -sha512sums=('f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf37835528aca33a0f9e04c82d5f8c4ba79c03a1780d2b72cbb90cc26f77275' +sha512sums=('ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302' + 'c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4' + '1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d' + '021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e' + '40eb96bbc6736a16b6399e0cdb73e853d0d90b685c967e77899183446664d64570277a633fdafdefc351b46ce210a99115769a1d9f47ac749d7e82837d4d1ac3' + '2b3d98d027e46d8c08037366dde6f0781ca03c610ef2b380984639e4ef39899ed8d8b8e4cd9c9dc54df101279b95879bd66bfd4d04ad07fef41e847ea7ae32b5' + '88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad' + 'c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb' + '4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35' + '2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf' '78bfb62166ffcf136e12985809b3f412e0145a7f17388a559071f644970ccdfd2a02fe9aa4a180069b923c2e4354b061a4057096de856497f10d9cac57eae4b3' '8667a97e10f09c5ce5ba604e38a073b7d7944f4d24c5c78a7235443b65a8cc7b6e7de90e40aa335bb17fda0858d6b517ba1e8b5a0bd6bba4ad75ad44b73f6c9c' '7118bf02ff5338e70b3f27f8ea390cd05ea37a4ceabb4adc9d32fc57329e35e98330f0e865261dd4e670436e1a725832598888d44b1e2b17b351f59318860878' @@ -82,9 +113,6 @@ sha512sums=('f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf 'c996d48737ad31528b0b2b1379e3ebae948d290de9ddc71f33c7c56f0634466bc7afb2eab847e851c19e3c13bb99468a0778d908606486959a40ff3272189bd3' '53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef' '04000a802e96c11929cb94c9a2bcafbb4307620192388441d979ea85836c3395954dea53d449c1cc25c3a0a30c49d318b8de59a053c6254f5a81e87864648a9c' - '78c94d3e473abaf857213754c7f0ef1a0dd06354cd137d1567a48d92b4106cbefd112f1dcecc90bc1f8c75d76a0e8a3425408f777044de8ec754bcda32bb7f97' - '4fb6f678dccc9f23f2c3b27617718bc6c0a87505f7483f4d07563b7b2cc37d57d3b5ef658ee5867258916c5c2695a5086cc7790196aed85357c6d3168c06749b' - 'b55cb25f88acc348e6777063f241269730f06482fe430706ac500cbd7127bc7c70188f84a282dc8a0369cc838999d47a09afc33fc9f24b5c214bdf59352c414c' 'ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b') prepare() { @@ -101,14 +129,19 @@ prepare() { # Uncomment line below if you want to enable ATI Passthrough support (some reported successes) #patch -Np1 -i ../ati-passthrough.patch - # Add Security Patches - patch -Np1 -i ../xsa73-4.3-unstable.patch - patch -Np1 -i ../xsa75-4.3-unstable.patch - patch -Np1 -i ../xsa78.patch - # Fix Install Paths sed -i 's:/sbin:/bin:' config/StdGNU.mk + # Copy supporting tarballs into place + cp ../lwip-1.3.0.tar.gz stubdom/ + cp ../zlib-1.2.3.tar.gz stubdom/ + cp ../newlib-1.16.0.tar.gz stubdom/ + cp ../pciutils-2.2.9.tar.bz2 stubdom/ + cp ../polarssl-1.1.4-gpl.tgz stubdom/ + cp ../grub-0.97.tar.gz stubdom/ + cp ../tpm_emulator-0.7.4.tar.gz stubdom/ + cp ../gmp-4.3.2.tar.bz2 stubdom/ + } build() { @@ -157,10 +190,8 @@ package() { fi # Compress and move syms file to a different directory - if [ "$CARCH" == "x86_64" ]; then - gzip boot/$pkgname-syms-$pkgver - mv boot/$pkgname-syms-$pkgver.gz usr/share/xen - fi + gzip boot/$pkgname-syms-$pkgver + mv boot/$pkgname-syms-$pkgver.gz usr/share/xen ##### Kill unwanted stuff ##### # hypervisor symlinks diff --git a/kernels/xen/xsa73-4.3-unstable.patch b/kernels/xen/xsa73-4.3-unstable.patch deleted file mode 100644 index aa36b40a1..000000000 --- a/kernels/xen/xsa73-4.3-unstable.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 068bfa76bbd52430e65853375e1d5db99d193e2f Mon Sep 17 00:00:00 2001 -From: Andrew Cooper -Date: Thu, 31 Oct 2013 20:49:00 +0000 -Subject: [PATCH] gnttab: correct locking order reversal - -Coverity ID 1087189 - -Correct a lock order reversal between a domains page allocation and grant -table locks. - -This is CVE-2013-4494 / XSA-73. - -Signed-off-by: Andrew Cooper - -Consolidate error handling. - -Signed-off-by: Jan Beulich -Reviewed-by: Keir Fraser -Tested-by: Matthew Daley ---- - xen/common/grant_table.c | 52 +++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 44 insertions(+), 8 deletions(-) - -diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c -index f42bc7a..48df928 100644 ---- a/xen/common/grant_table.c -+++ b/xen/common/grant_table.c -@@ -1518,6 +1518,8 @@ gnttab_transfer( - - for ( i = 0; i < count; i++ ) - { -+ bool_t okay; -+ - if (i && hypercall_preempt_check()) - return i; - -@@ -1626,16 +1628,18 @@ gnttab_transfer( - * pages when it is dying. - */ - if ( unlikely(e->is_dying) || -- unlikely(e->tot_pages >= e->max_pages) || -- unlikely(!gnttab_prepare_for_transfer(e, d, gop.ref)) ) -+ unlikely(e->tot_pages >= e->max_pages) ) - { -- if ( !e->is_dying ) -- gdprintk(XENLOG_INFO, "gnttab_transfer: " -- "Transferee has no reservation " -- "headroom (%d,%d) or provided a bad grant ref (%08x) " -- "or is dying (%d)\n", -- e->tot_pages, e->max_pages, gop.ref, e->is_dying); - spin_unlock(&e->page_alloc_lock); -+ -+ if ( e->is_dying ) -+ gdprintk(XENLOG_INFO, "gnttab_transfer: " -+ "Transferee (d%d) is dying\n", e->domain_id); -+ else -+ gdprintk(XENLOG_INFO, "gnttab_transfer: " -+ "Transferee (d%d) has no headroom (tot %u, max %u)\n", -+ e->domain_id, e->tot_pages, e->max_pages); -+ - rcu_unlock_domain(e); - put_gfn(d, gop.mfn); - page->count_info &= ~(PGC_count_mask|PGC_allocated); -@@ -1647,6 +1651,38 @@ gnttab_transfer( - /* Okay, add the page to 'e'. */ - if ( unlikely(domain_adjust_tot_pages(e, 1) == 1) ) - get_knownalive_domain(e); -+ -+ /* -+ * We must drop the lock to avoid a possible deadlock in -+ * gnttab_prepare_for_transfer. We have reserved a page in e so can -+ * safely drop the lock and re-aquire it later to add page to the -+ * pagelist. -+ */ -+ spin_unlock(&e->page_alloc_lock); -+ okay = gnttab_prepare_for_transfer(e, d, gop.ref); -+ spin_lock(&e->page_alloc_lock); -+ -+ if ( unlikely(!okay) || unlikely(e->is_dying) ) -+ { -+ bool_t drop_dom_ref = (domain_adjust_tot_pages(e, -1) == 0); -+ -+ spin_unlock(&e->page_alloc_lock); -+ -+ if ( okay /* i.e. e->is_dying due to the surrounding if() */ ) -+ gdprintk(XENLOG_INFO, "gnttab_transfer: " -+ "Transferee (d%d) is now dying\n", e->domain_id); -+ -+ if ( drop_dom_ref ) -+ put_domain(e); -+ rcu_unlock_domain(e); -+ -+ put_gfn(d, gop.mfn); -+ page->count_info &= ~(PGC_count_mask|PGC_allocated); -+ free_domheap_page(page); -+ gop.status = GNTST_general_error; -+ goto copyback; -+ } -+ - page_list_add_tail(page, &e->page_list); - page_set_owner(page, e); - --- -1.7.10.4 - diff --git a/kernels/xen/xsa75-4.3-unstable.patch b/kernels/xen/xsa75-4.3-unstable.patch deleted file mode 100644 index 6c0c5bca1..000000000 --- a/kernels/xen/xsa75-4.3-unstable.patch +++ /dev/null @@ -1,55 +0,0 @@ -nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing - -Otherwise uninitialized data may be used, leading to crashes. - -This is XSA-75. - -Reported-and-tested-by: Jeff Zimmerman -Signed-off-by: Jan Beulich -Reviewed-and-tested-by: Andrew Cooper - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1508,15 +1508,10 @@ static void clear_vvmcs_launched(struct - } - } - --int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) -+static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) - { - struct nestedvmx *nvmx = &vcpu_2_nvmx(v); - struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); -- int rc; -- -- rc = vmx_inst_check_privilege(regs, 0); -- if ( rc != X86EMUL_OKAY ) -- return rc; - - /* check VMCS is valid and IO BITMAP is set */ - if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) && -@@ -1535,6 +1530,10 @@ int nvmx_handle_vmresume(struct cpu_user - struct vcpu *v = current; - struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); - struct nestedvmx *nvmx = &vcpu_2_nvmx(v); -+ int rc = vmx_inst_check_privilege(regs, 0); -+ -+ if ( rc != X86EMUL_OKAY ) -+ return rc; - - if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) - { -@@ -1554,10 +1553,13 @@ int nvmx_handle_vmresume(struct cpu_user - int nvmx_handle_vmlaunch(struct cpu_user_regs *regs) - { - bool_t launched; -- int rc; - struct vcpu *v = current; - struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); - struct nestedvmx *nvmx = &vcpu_2_nvmx(v); -+ int rc = vmx_inst_check_privilege(regs, 0); -+ -+ if ( rc != X86EMUL_OKAY ) -+ return rc; - - if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) - { diff --git a/kernels/xen/xsa78.patch b/kernels/xen/xsa78.patch deleted file mode 100644 index 180506cdd..000000000 --- a/kernels/xen/xsa78.patch +++ /dev/null @@ -1,23 +0,0 @@ -VT-d: fix TLB flushing in dma_pte_clear_one() - -The third parameter of __intel_iommu_iotlb_flush() is to indicate -whether the to be flushed entry was a present one. A few lines before, -we bailed if !dma_pte_present(*pte), so there's no need to check the -flag here again - we can simply always pass TRUE here. - -This is CVE-2013-6375 / XSA-78. - -Suggested-by: Cheng Yueqiang -Signed-off-by: Jan Beulich - ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c -@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom - iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); - - if ( !this_cpu(iommu_dont_flush_iotlb) ) -- __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1); -+ __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1); - - unmap_vtd_domain_page(page); - -- cgit v1.2.3 From 24b30c561f61fee31a934615a3a66a3cfd0386df Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 2 Mar 2014 20:09:04 -0200 Subject: linux-libre-rt-3.12.12_rt19-1: updating version --- kernels/linux-libre-rt/PKGBUILD | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'kernels') diff --git a/kernels/linux-libre-rt/PKGBUILD b/kernels/linux-libre-rt/PKGBUILD index 02863ff53..4a6b2c0ec 100644 --- a/kernels/linux-libre-rt/PKGBUILD +++ b/kernels/linux-libre-rt/PKGBUILD @@ -9,12 +9,12 @@ pkgbase=linux-libre-rt # Build stock -LIBRE-RT kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.12 -_releasever=11 -_rtpatchver=rt17 +_releasever=12 +_rtpatchver=rt19 _pkgver=${_basekernel}.${_releasever} pkgver=${_basekernel}.${_releasever}_${_rtpatchver} pkgrel=1 -_lxopkgver=${_basekernel}.11 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.12 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -40,8 +40,8 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2") md5sums=('254f59707b6676b59ce5ca5c3c698319' - '8d78b7fe81e226b022b331e8a1da74b7' - '5c46965799741357e7a48c2c32735929' + 'e2ec796847356b785cb06d0563f3f7d5' + '97e5652f6039a48544897129c8adaf98' 'e40789b1e59136235827a3b3bf40c121' 'bf542c4038d3e7d0da4c92bac0466198' '82496e68851d1960543a07ba51cdb44a' @@ -56,7 +56,7 @@ md5sums=('254f59707b6676b59ce5ca5c3c698319' 'cec0bb8981936eab2943b2009b7a6fff' '88d9cddf9e0050a76ec4674f264fb2a1' 'cb9016630212ef07b168892fbcfd4e5d' - '5a595801584a112426ccc0fe3753aa06') + 'a9a0ee57377ed6e55957f9671eead03a') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] -- cgit v1.2.3 From 5952ed79a86c4dde47343a628849f718cdfeaa7b Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 2 Mar 2014 20:25:37 -0200 Subject: linux-libre-grsec-3.13.5-1: updating version --- kernels/linux-libre-grsec/PKGBUILD | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'kernels') diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD index e17657146..8f83b01e3 100644 --- a/kernels/linux-libre-grsec/PKGBUILD +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $ +# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $ # Maintainer: Tobias Powalowski # Maintainer: Thomas Baechler # Maintainer (Parabola): André Silva @@ -10,12 +10,12 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.13 -_sublevel=4 +_sublevel=5 _grsecver=3.0 -_timestamp=201402221308 +_timestamp=201402241943 pkgver=${_basekernel}.${_sublevel} pkgrel=1 -_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.5 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -46,8 +46,8 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'known-exploit-detection.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' - '3659d30b1d06dd5b7874ae04c946863b' - '0022d89a923e5e871ba53db1f969e46e' + '6e59a1e4b891ca5fa8b03d488fa64e04' + '810f3caa18b89eda5b41a2cff5821a4a' '21da34d98cc007a78a11660863537c0d' 'd4b95575b9cc32b7ba4ad8624972ddf9' '5f66bed97a5c37e48eb2f71b2d354b9a' @@ -67,7 +67,7 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' 'f93ef6157fbb23820bd5ae08fd3f451e' '0db7629711f4ed76bd1f9da9f97bc4ea' 'cb789bf97bc65fd4cf240d99df9c24c0' - 'ac92b702b8497d2be14f96e077a7f48f') + '5fcb6203b54aaf7dcbdf6e2c6f159b14') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] -- cgit v1.2.3 From 92bfab9e35fcfacd69a091ade8c692f0ef622241 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 2 Mar 2014 23:00:37 -0200 Subject: linux-libre-rt: fix checksums --- kernels/linux-libre-rt/PKGBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'kernels') diff --git a/kernels/linux-libre-rt/PKGBUILD b/kernels/linux-libre-rt/PKGBUILD index 4a6b2c0ec..edb795663 100644 --- a/kernels/linux-libre-rt/PKGBUILD +++ b/kernels/linux-libre-rt/PKGBUILD @@ -40,7 +40,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2") md5sums=('254f59707b6676b59ce5ca5c3c698319' - 'e2ec796847356b785cb06d0563f3f7d5' + 'a763ffc196d8ffa49c676a43448d75a4' '97e5652f6039a48544897129c8adaf98' 'e40789b1e59136235827a3b3bf40c121' 'bf542c4038d3e7d0da4c92bac0466198' -- cgit v1.2.3