From b15a952c52a6825376d3e7f6c1bf5c886c6d8b74 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 12:06:00 +0200 Subject: Adding debian version 5.10.209-2. Signed-off-by: Daniel Baumann --- ...ol-fix-version-string-in-recursive-builds.patch | 30 + .../bugfix/all/cpupower-bump-soname-version.patch | 27 + .../cpupower-fix-checks-for-cpu-existence.patch | 49 + .../bugfix/all/disable-some-marvell-phys.patch | 91 + ...emove-redundant-log-messages-from-drivers.patch | 2557 ++++++++++++++++++++ ...mware_class-log-every-success-and-failure.patch | 83 + ...le_softdep-declarations-for-hard-coded-cr.patch | 70 + .../all/kbuild-fix-recordmcount-dependency.patch | 23 + .../all/libcpupower-hide-private-function.patch | 20 + ...dule-disable-matching-missing-version-crc.patch | 23 + ...f_tables-reject-QUEUE-DROP-verdict-parame.patch | 73 + ...ail-on-invalid-uid-gid-mapping-at-copy-up.patch | 49 + ...rt-net-socket-implement-64-bit-timestamps.patch | 140 ++ ...s-required-for-drm-and-kms-on-r600-onward.patch | 139 ++ ...e-smb2pdu-1-element-arrays-with-flex-arra.patch | 375 +++ ...tddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch | 156 ++ ...d-remove-bpf-run-time-check-at-build-time.patch | 27 + .../patches/bugfix/all/tools-perf-man-date.patch | 44 + ...tools-perf-pmu-events-fix-reproducibility.patch | 175 ++ .../bugfix/all/tools-perf-remove-shebangs.patch | 39 + .../bugfix/all/usbip-document-tcp-wrappers.patch | 29 + ...-cap_convert_nscap-call-into-vfs_setxattr.patch | 100 + .../all/wireguard-ignore-config_android.patch | 29 + ...ts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch | 37 + ...port-__sync_icache_dcache-for-xen-privcmd.patch | 31 + .../arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch | 92 + ...p-correct-voltage-selector-firefly-RK3399.patch | 45 + ...-crc32poly.h-when-building-with-kernel_xz.patch | 39 + ...-not-use-hyphen-in-exported-variable-name.patch | 124 + .../x86/perf-tools-fix-unwind-build-on-i386.patch | 35 + ...6-toshiba_haps-Fix-missing-newline-in-pr_.patch | 34 + ...-build-fix-libunwind-feature-detection-on.patch | 22 + .../x86/viafb-autoload-on-olpc-xo1.5-only.patch | 34 + .../x86-32-disable-3dnow-in-generic-config.patch | 29 + ...low-unprivileged-CLONE_NEWUSER-by-default.patch | 104 + ...isable-auto-loading-as-mitigation-against.patch | 29 + ...ble-building-ashmem-and-binder-as-modules.patch | 106 + .../patches/debian/arch-sh4-fix-uimage-build.patch | 26 + ...about-raid5-6-being-experimental-at-mount.patch | 35 + .../cdc_ncm-cdc_mbim-use-ncm-by-default.patch | 27 + ...ding-as-mitigation-against-local-exploits.patch | 41 + .../arch-powerpc-platforms-8xx-ucode-disable.patch | 29 + ...umentation-fix-broken-link-to-cipso-draft.patch | 18 + .../drivers-media-dvb-dvb-usb-af9005-disable.patch | 15 + .../debian/dfsg/drivers-net-appletalk-cops.patch | 54 + .../dfsg/video-remove-nvidiafb-and-rivafb.patch | 128 + debian/patches/debian/dfsg/vs6624-disable.patch | 24 + .../documentation-drop-sphinx-version-check.patch | 52 + .../export-symbols-needed-by-android-drivers.patch | 113 + ...int-on-use-of-fanotify_access_permissions.patch | 29 + ..._class-refer-to-debian-wiki-firmware-page.patch | 52 + debian/patches/debian/fjes-disable-autoload.patch | 24 + ...ble-link-security-restrictions-by-default.patch | 22 + debian/patches/debian/gitignore.patch | 49 + ...ding-as-mitigation-against-local-exploits.patch | 48 + ...386-686-pae-pci-set-pci-nobios-by-default.patch | 27 + .../debian/ia64-hardcode-arch-script-output.patch | 75 + ...wlwifi-do-not-request-unreleased-firmware.patch | 26 + .../kbuild-abort-build-if-subdirs-used.patch | 37 + ...k-for-module.lds-under-arch-directory-too.patch | 45 + debian/patches/debian/kernelvariables.patch | 82 + ...check-for-libelf-when-building-oot-module.patch | 83 + .../patches/debian/mips-boston-disable-its.patch | 20 + debian/patches/debian/mips-disable-werror.patch | 23 + debian/patches/debian/mips-ieee754-relaxed.patch | 32 + debian/patches/debian/ntfs-mark-it-as-broken.patch | 22 + .../debian/overlayfs-permit-mounts-in-userns.patch | 58 + ...vent-support-asciidoctor-for-documentatio.patch | 54 + ...-auto-loading-as-mitigation-against-local.patch | 34 + .../patches/debian/sched-autogroup-disabled.patch | 19 + .../patches/debian/snd-pcsp-disable-autoload.patch | 30 + debian/patches/debian/tools-perf-install.patch | 52 + debian/patches/debian/tools-perf-version.patch | 128 + .../patches/debian/uname-version-timestamp.patch | 33 + debian/patches/debian/version.patch | 172 ++ ...ss-add-debian-wireless-regdb-certificates.patch | 1452 +++++++++++ .../patches/debian/yama-disable-by-default.patch | 32 + debian/patches/features/all/aufs5/aufs5-base.patch | 332 +++ debian/patches/features/all/aufs5/aufs5-mmap.patch | 405 ++++ .../features/all/aufs5/aufs5-standalone.patch | 308 +++ ...do-not-load-mok-when-secure-boot-disabled.patch | 40 + ...isted-hash-before-loading-a-kernel-module.patch | 117 + ...ODSIGN-check-the-attributes-of-db-and-mok.patch | 113 + ...-of-platform-keyring-for-module-signature.patch | 37 + ...dsign-make-shash-allocation-failure-fatal.patch | 28 + ...ers-media-dvb-usb-af9005-request_firmware.patch | 149 ++ ...dd-kernel-config-option-to-lock-down-when.patch | 153 ++ ...efi_secure_boot-flag-to-indicate-secure-b.patch | 152 ++ ...wn-the-kernel-if-booted-in-secure-boot-mo.patch | 127 + ...-disable-slram-and-phram-when-locked-down.patch | 75 + ...ow-further-restriction-of-perf_event_open.patch | 80 + ...t-Implement-misalignment-fixups-for-multi.patch | 480 ++++ ...m64-dts-raspberry-Add-support-for-the-CM4.patch | 423 ++++ ...ockchip-Add-basic-support-for-Kobol-s-Hel.patch | 419 ++++ ...rockchip-Add-support-for-PCIe-on-helios64.patch | 113 + ...ockchip-Add-support-for-two-PWM-fans-on-h.patch | 61 + ...ockchip-Rely-on-SoC-external-pull-up-on-p.patch | 32 + ...s-rockchip-kobol-helios64-Add-mmc-aliases.patch | 30 + ...kconfig-option-to-exclude-igpu-by-default.patch | 85 + ...add-option-to-exclude-integrated-gpu-only.patch | 91 + .../x86-make-x32-syscall-support-conditional.patch | 193 ++ .../x86/x86-memtest-WARN-if-bad-RAM-found.patch | 28 + debian/patches/series | 141 ++ 103 files changed, 12643 insertions(+) create mode 100644 debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch create mode 100644 debian/patches/bugfix/all/cpupower-bump-soname-version.patch create mode 100644 debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch create mode 100644 debian/patches/bugfix/all/disable-some-marvell-phys.patch create mode 100644 debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch create mode 100644 debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch create mode 100644 debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch create mode 100644 debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch create mode 100644 debian/patches/bugfix/all/libcpupower-hide-private-function.patch create mode 100644 debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch create mode 100644 debian/patches/bugfix/all/netfilter-nf_tables-reject-QUEUE-DROP-verdict-parame.patch create mode 100644 debian/patches/bugfix/all/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch create mode 100644 debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch create mode 100644 debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch create mode 100644 debian/patches/bugfix/all/smb3-Replace-smb2pdu-1-element-arrays-with-flex-arra.patch create mode 100644 debian/patches/bugfix/all/stddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch create mode 100644 debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch create mode 100644 debian/patches/bugfix/all/tools-perf-man-date.patch create mode 100644 debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch create mode 100644 debian/patches/bugfix/all/tools-perf-remove-shebangs.patch create mode 100644 debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch create mode 100644 debian/patches/bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch create mode 100644 debian/patches/bugfix/all/wireguard-ignore-config_android.patch create mode 100644 debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch create mode 100644 debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch create mode 100644 debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch create mode 100644 debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch create mode 100644 debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch create mode 100644 debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch create mode 100644 debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch create mode 100644 debian/patches/bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch create mode 100644 debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch create mode 100644 debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch create mode 100644 debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch create mode 100644 debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch create mode 100644 debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch create mode 100644 debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch create mode 100644 debian/patches/debian/arch-sh4-fix-uimage-build.patch create mode 100644 debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch create mode 100644 debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch create mode 100644 debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch create mode 100644 debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch create mode 100644 debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch create mode 100644 debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch create mode 100644 debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch create mode 100644 debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch create mode 100644 debian/patches/debian/dfsg/vs6624-disable.patch create mode 100644 debian/patches/debian/documentation-drop-sphinx-version-check.patch create mode 100644 debian/patches/debian/export-symbols-needed-by-android-drivers.patch create mode 100644 debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch create mode 100644 debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch create mode 100644 debian/patches/debian/fjes-disable-autoload.patch create mode 100644 debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch create mode 100644 debian/patches/debian/gitignore.patch create mode 100644 debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch create mode 100644 debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch create mode 100644 debian/patches/debian/ia64-hardcode-arch-script-output.patch create mode 100644 debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch create mode 100644 debian/patches/debian/kbuild-abort-build-if-subdirs-used.patch create mode 100644 debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch create mode 100644 debian/patches/debian/kernelvariables.patch create mode 100644 debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch create mode 100644 debian/patches/debian/mips-boston-disable-its.patch create mode 100644 debian/patches/debian/mips-disable-werror.patch create mode 100644 debian/patches/debian/mips-ieee754-relaxed.patch create mode 100644 debian/patches/debian/ntfs-mark-it-as-broken.patch create mode 100644 debian/patches/debian/overlayfs-permit-mounts-in-userns.patch create mode 100644 debian/patches/debian/perf-traceevent-support-asciidoctor-for-documentatio.patch create mode 100644 debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch create mode 100644 debian/patches/debian/sched-autogroup-disabled.patch create mode 100644 debian/patches/debian/snd-pcsp-disable-autoload.patch create mode 100644 debian/patches/debian/tools-perf-install.patch create mode 100644 debian/patches/debian/tools-perf-version.patch create mode 100644 debian/patches/debian/uname-version-timestamp.patch create mode 100644 debian/patches/debian/version.patch create mode 100644 debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch create mode 100644 debian/patches/debian/yama-disable-by-default.patch create mode 100644 debian/patches/features/all/aufs5/aufs5-base.patch create mode 100644 debian/patches/features/all/aufs5/aufs5-mmap.patch create mode 100644 debian/patches/features/all/aufs5/aufs5-standalone.patch create mode 100644 debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch create mode 100644 debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch create mode 100644 debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch create mode 100644 debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch create mode 100644 debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch create mode 100644 debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch create mode 100644 debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch create mode 100644 debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch create mode 100644 debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch create mode 100644 debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch create mode 100644 debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch create mode 100644 debian/patches/features/arm64/arm64-compat-Implement-misalignment-fixups-for-multi.patch create mode 100644 debian/patches/features/arm64/arm64-dts-raspberry-Add-support-for-the-CM4.patch create mode 100644 debian/patches/features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch create mode 100644 debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-PCIe-on-helios64.patch create mode 100644 debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-two-PWM-fans-on-h.patch create mode 100644 debian/patches/features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch create mode 100644 debian/patches/features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch create mode 100644 debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch create mode 100644 debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch create mode 100644 debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch create mode 100644 debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch create mode 100644 debian/patches/series (limited to 'debian/patches') diff --git a/debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch b/debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch new file mode 100644 index 000000000..3f2d75a6a --- /dev/null +++ b/debian/patches/bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch @@ -0,0 +1,30 @@ +From: Ben Hutchings +Date: Fri, 14 Aug 2020 00:43:54 +0100 +Subject: bpftool: Fix version string in recursive builds +Forwarded: https://lore.kernel.org/bpf/20200813235837.GA497088@decadent.org.uk/T/#u + +When bpftool is built as part of a Debian package build, which itself +uses make, "bpftool version" shows: + + bpftool vmake[4]: Entering directory /build/linux-5.8/tools/bpf/bpftool 5.8.8.0 make[4]: Leaving directory /build/linux-5.8 + +Although we pass the "--no-print-directory" option, this is overridden +by the environment variable "MAKEFLAGS=w". Clear MAKEFLAGS for the +"make kernelversion" command. + +I have no explanation for the doubled ".8" in the version string, but +this seems to fix that as well. + +Signed-off-by: Ben Hutchings +--- +--- a/tools/bpf/bpftool/Makefile ++++ b/tools/bpf/bpftool/Makefile +@@ -25,7 +25,7 @@ endif + + LIBBPF = $(LIBBPF_PATH)libbpf.a + +-BPFTOOL_VERSION ?= $(shell make -rR --no-print-directory -sC ../../.. kernelversion) ++BPFTOOL_VERSION ?= $(shell MAKEFLAGS= make -rR --no-print-directory -sC ../../.. kernelversion) + + $(LIBBPF): FORCE + $(if $(LIBBPF_OUTPUT),@mkdir -p $(LIBBPF_OUTPUT)) diff --git a/debian/patches/bugfix/all/cpupower-bump-soname-version.patch b/debian/patches/bugfix/all/cpupower-bump-soname-version.patch new file mode 100644 index 000000000..7e5f52eaa --- /dev/null +++ b/debian/patches/bugfix/all/cpupower-bump-soname-version.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings +Date: Thu, 9 Jun 2016 23:35:08 +0100 +Subject: cpupower: Bump soname version +Forwarded: http://mid.gmane.org/20160610005619.GQ7555@decadent.org.uk + +Several functions in the libcpupower API are renamed or removed in +Linux 4.7. This is an backward-incompatible ABI change, so the +library soname should change from libcpupower.so.0 to +libcpupower.so.1. + +Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library") +Signed-off-by: Ben Hutchings +--- + tools/power/cpupower/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/power/cpupower/Makefile ++++ b/tools/power/cpupower/Makefile +@@ -53,7 +53,7 @@ DESTDIR ?= + + VERSION:= $(shell ./utils/version-gen.sh) + LIB_MAJ= 0.0.1 +-LIB_MIN= 0 ++LIB_MIN= 1 + + PACKAGE = cpupower + PACKAGE_BUGREPORT = linux-pm@vger.kernel.org diff --git a/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch new file mode 100644 index 000000000..5cce9b76a --- /dev/null +++ b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch @@ -0,0 +1,49 @@ +From: Ben Hutchings +Date: Thu, 03 Nov 2016 15:25:26 -0600 +Subject: cpupower: Fix checks for CPU existence +Forwarded: https://marc.info/?l=linux-pm&m=149248268214265 + +Calls to cpufreq_cpu_exists(cpu) were converted to +cpupower_is_cpu_online(cpu) when libcpupower was introduced and the +former function was deleted. However, cpupower_is_cpu_online() does +not distinguish physically absent and offline CPUs, and does not set +errno. + +cpufreq-set has already been fixed (commit c25badc9ceb6). + +In cpufreq-bench, which prints an error message for offline CPUs, +properly distinguish and report the zero and negative cases. + +Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library") +Fixes: 53d1cd6b125f ("cpupowerutils: bench - Fix cpu online check") +Signed-off-by: Ben Hutchings +[carnil: Update/Refresh patch for 4.14.17: The issue with the +incorrect check has been fixed with upstream commit 53d1cd6b125f. +Keep in the patch the distinction and report for the zero and +negative cases.] +--- +--- a/tools/power/cpupower/bench/system.c ++++ b/tools/power/cpupower/bench/system.c +@@ -58,12 +58,19 @@ long long int get_time() + + int set_cpufreq_governor(char *governor, unsigned int cpu) + { ++ int rc; + + dprintf("set %s as cpufreq governor\n", governor); + +- if (cpupower_is_cpu_online(cpu) != 1) { +- perror("cpufreq_cpu_exists"); +- fprintf(stderr, "error: cpu %u does not exist\n", cpu); ++ rc = cpupower_is_cpu_online(cpu); ++ if (rc != 1) { ++ if (rc < 0) ++ fprintf(stderr, "cpupower_is_cpu_online: %s\n", ++ strerror(-rc)); ++ else ++ fprintf(stderr, ++ "error: cpu %u is offline or does not exist\n", ++ cpu); + return -1; + } + diff --git a/debian/patches/bugfix/all/disable-some-marvell-phys.patch b/debian/patches/bugfix/all/disable-some-marvell-phys.patch new file mode 100644 index 000000000..31fd6bf14 --- /dev/null +++ b/debian/patches/bugfix/all/disable-some-marvell-phys.patch @@ -0,0 +1,91 @@ +From: Ian Campbell +Subject: phy/marvell: disable 4-port phys +Date: Wed, 20 Nov 2013 08:30:14 +0000 +Bug-Debian: https://bugs.debian.org/723177 +Forwarded: http://thread.gmane.org/gmane.linux.debian.devel.bugs.general/1107774/ + +The Marvell PHY was originally disabled because it can cause networking +failures on some systems. According to Lennert Buytenhek this is because some +of the variants added did not share the same register layout. Since the known +cases are all 4-ports disable those variants (indicated by a 4 in the +penultimate position of the model name) until they can be audited for +correctness. + +[bwh: Also #if-out the init functions for these PHYs to avoid + compiler warnings] + +--- a/drivers/net/phy/marvell.c ++++ b/drivers/net/phy/marvell.c +@@ -1006,6 +1006,7 @@ static int m88e1118_config_init(struct p + return genphy_soft_reset(phydev); + } + ++#if 0 + static int m88e1149_config_init(struct phy_device *phydev) + { + int err; +@@ -1031,7 +1032,9 @@ static int m88e1149_config_init(struct p + + return genphy_soft_reset(phydev); + } ++#endif + ++#if 0 + static int m88e1145_config_init_rgmii(struct phy_device *phydev) + { + int err; +@@ -1106,6 +1109,7 @@ static int m88e1145_config_init(struct p + + return 0; + } ++#endif + + static int m88e1540_get_fld(struct phy_device *phydev, u8 *msecs) + { +@@ -2272,6 +2276,7 @@ static struct phy_driver marvell_drivers + .get_strings = marvell_get_strings, + .get_stats = marvell_get_stats, + }, ++#if 0 + { + .phy_id = MARVELL_PHY_ID_88E1145, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -2293,6 +2298,8 @@ static struct phy_driver marvell_drivers + .get_tunable = m88e1111_get_tunable, + .set_tunable = m88e1111_set_tunable, + }, ++#endif ++#if 0 + { + .phy_id = MARVELL_PHY_ID_88E1149R, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -2311,6 +2318,8 @@ static struct phy_driver marvell_drivers + .get_strings = marvell_get_strings, + .get_stats = marvell_get_stats, + }, ++#endif ++#if 0 + { + .phy_id = MARVELL_PHY_ID_88E1240, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -2329,6 +2338,7 @@ static struct phy_driver marvell_drivers + .get_strings = marvell_get_strings, + .get_stats = marvell_get_stats, + }, ++#endif + { + .phy_id = MARVELL_PHY_ID_88E1116R, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -2469,9 +2479,9 @@ static struct mdio_device_id __maybe_unu + { MARVELL_PHY_ID_88E1111, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1118, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1121R, MARVELL_PHY_ID_MASK }, +- { MARVELL_PHY_ID_88E1145, MARVELL_PHY_ID_MASK }, +- { MARVELL_PHY_ID_88E1149R, MARVELL_PHY_ID_MASK }, +- { MARVELL_PHY_ID_88E1240, MARVELL_PHY_ID_MASK }, ++/* { MARVELL_PHY_ID_88E1145, MARVELL_PHY_ID_MASK }, */ ++/* { MARVELL_PHY_ID_88E1149R, MARVELL_PHY_ID_MASK }, */ ++/* { MARVELL_PHY_ID_88E1240, MARVELL_PHY_ID_MASK }, */ + { MARVELL_PHY_ID_88E1318S, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1116R, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1510, MARVELL_PHY_ID_MASK }, diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch new file mode 100644 index 000000000..8ee5acc89 --- /dev/null +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -0,0 +1,2557 @@ +From: Ben Hutchings +Subject: firmware: Remove redundant log messages from drivers +Date: Sun, 09 Dec 2012 16:40:31 +0000 +Forwarded: no + +Now that firmware_class logs every success and failure consistently, +many other log messages can be removed from drivers. + +This will probably need to be split up into multiple patches prior to +upstream submission. + +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -901,10 +901,8 @@ static enum ucode_state request_microcod + if (c->x86 >= 0x15) + snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); + +- if (request_firmware_direct(&fw, (const char *)fw_name, device)) { +- pr_debug("failed to load file %s\n", fw_name); ++ if (request_firmware_direct(&fw, (const char *)fw_name, device)) + goto out; +- } + + ret = UCODE_ERROR; + if (!verify_container(fw->data, fw->size, false)) +--- a/drivers/atm/ambassador.c ++++ b/drivers/atm/ambassador.c +@@ -1914,10 +1914,8 @@ static int ucode_init(loader_block *lb, + int res; + + res = request_ihex_firmware(&fw, "atmsar11.fw", &dev->pci_dev->dev); +- if (res) { +- PRINTK (KERN_ERR, "Cannot load microcode data"); ++ if (res) + return res; +- } + + /* First record contains just the start address */ + rec = (const struct ihex_binrec *)fw->data; +--- a/drivers/atm/fore200e.c ++++ b/drivers/atm/fore200e.c +@@ -2400,10 +2400,9 @@ static int fore200e_load_and_start_fw(st + int err; + + sprintf(buf, "%s%s", fore200e->bus->proc_name, FW_EXT); +- if ((err = request_firmware(&firmware, buf, fore200e->dev)) < 0) { +- printk(FORE200E "problem loading firmware image %s\n", fore200e->bus->model_name); ++ err = request_firmware(&firmware, buf, fore200e->dev); ++ if (err) + return err; +- } + + fw_data = (const __le32 *)firmware->data; + fw_size = firmware->size / sizeof(u32); +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -382,10 +382,8 @@ static int ath3k_load_patch(struct usb_d + le32_to_cpu(fw_version.rom_version)); + + ret = request_firmware(&firmware, filename, &udev->dev); +- if (ret < 0) { +- BT_ERR("Patch file not found %s", filename); ++ if (ret) + return ret; +- } + + pt_rom_version = get_unaligned_le32(firmware->data + + firmware->size - 8); +@@ -445,10 +443,8 @@ static int ath3k_load_syscfg(struct usb_ + le32_to_cpu(fw_version.rom_version), clk_value, ".dfu"); + + ret = request_firmware(&firmware, filename, &udev->dev); +- if (ret < 0) { +- BT_ERR("Configuration file not found %s", filename); ++ if (ret) + return ret; +- } + + ret = ath3k_load_fwfile(udev, firmware); + release_firmware(firmware); +--- a/drivers/bluetooth/bcm203x.c ++++ b/drivers/bluetooth/bcm203x.c +@@ -174,7 +174,6 @@ static int bcm203x_probe(struct usb_inte + return -ENOMEM; + + if (request_firmware(&firmware, "BCM2033-MD.hex", &udev->dev) < 0) { +- BT_ERR("Mini driver request failed"); + usb_free_urb(data->urb); + return -EIO; + } +@@ -199,7 +198,6 @@ static int bcm203x_probe(struct usb_inte + release_firmware(firmware); + + if (request_firmware(&firmware, "BCM2033-FW.bin", &udev->dev) < 0) { +- BT_ERR("Firmware request failed"); + usb_free_urb(data->urb); + kfree(data->buffer); + return -EIO; +--- a/drivers/bluetooth/bfusb.c ++++ b/drivers/bluetooth/bfusb.c +@@ -636,10 +636,8 @@ static int bfusb_probe(struct usb_interf + skb_queue_head_init(&data->pending_q); + skb_queue_head_init(&data->completed_q); + +- if (request_firmware(&firmware, "bfubase.frm", &udev->dev) < 0) { +- BT_ERR("Firmware request failed"); ++ if (request_firmware(&firmware, "bfubase.frm", &udev->dev)) + goto done; +- } + + BT_DBG("firmware data %p size %zu", firmware->data, firmware->size); + +--- a/drivers/bluetooth/bt3c_cs.c ++++ b/drivers/bluetooth/bt3c_cs.c +@@ -569,10 +569,8 @@ static int bt3c_open(struct bt3c_info *i + + /* Load firmware */ + err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev); +- if (err < 0) { +- BT_ERR("Firmware request failed"); ++ if (err) + goto error; +- } + + err = bt3c_load_firmware(info, firmware->data, firmware->size); + +--- a/drivers/bluetooth/btmrvl_sdio.c ++++ b/drivers/bluetooth/btmrvl_sdio.c +@@ -483,8 +483,6 @@ static int btmrvl_sdio_download_helper(s + ret = request_firmware(&fw_helper, card->helper, + &card->func->dev); + if ((ret < 0) || !fw_helper) { +- BT_ERR("request_firmware(helper) failed, error code = %d", +- ret); + ret = -ENOENT; + goto done; + } +@@ -583,8 +581,6 @@ static int btmrvl_sdio_download_fw_w_hel + ret = request_firmware(&fw_firmware, card->firmware, + &card->func->dev); + if ((ret < 0) || !fw_firmware) { +- BT_ERR("request_firmware(firmware) failed, error code = %d", +- ret); + ret = -ENOENT; + goto done; + } +--- a/drivers/char/dsp56k.c ++++ b/drivers/char/dsp56k.c +@@ -140,11 +140,8 @@ static int dsp56k_upload(u_char __user * + } + err = request_firmware(&fw, fw_name, &pdev->dev); + platform_device_unregister(pdev); +- if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fw_name, err); ++ if (err) + return err; +- } + if (fw->size % 3) { + printk(KERN_ERR "Bogus length %d in image \"%s\"\n", + fw->size, fw_name); +--- a/drivers/dma/imx-sdma.c ++++ b/drivers/dma/imx-sdma.c +@@ -1733,11 +1733,8 @@ static void sdma_load_firmware(const str + const struct sdma_script_start_addrs *addr; + unsigned short *ram_code; + +- if (!fw) { +- dev_info(sdma->dev, "external firmware not found, using ROM firmware\n"); +- /* In this case we just use the ROM firmware. */ ++ if (!fw) + return; +- } + + if (fw->size < sizeof(*header)) + goto err_firmware; +--- a/drivers/gpu/drm/mga/mga_warp.c ++++ b/drivers/gpu/drm/mga/mga_warp.c +@@ -77,11 +77,8 @@ int mga_warp_install_microcode(drm_mga_p + } + rc = request_ihex_firmware(&fw, firmware_name, &pdev->dev); + platform_device_unregister(pdev); +- if (rc) { +- DRM_ERROR("mga: Failed to load microcode \"%s\"\n", +- firmware_name); ++ if (rc) + return rc; +- } + + size = 0; + where = 0; +--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c +@@ -2445,10 +2445,8 @@ gf100_gr_load_fw(struct gf100_gr *gr, co + if (ret) { + snprintf(f, sizeof(f), "nouveau/%s", name); + ret = request_firmware(&fw, f, device->dev); +- if (ret) { +- nvkm_error(subdev, "failed to load %s\n", name); ++ if (ret) + return ret; +- } + } + + blob->size = fw->size; +--- a/drivers/gpu/drm/r128/r128_cce.c ++++ b/drivers/gpu/drm/r128/r128_cce.c +@@ -162,11 +162,8 @@ static int r128_cce_load_microcode(drm_r + } + rc = request_firmware(&fw, FIRMWARE_NAME, &pdev->dev); + platform_device_unregister(pdev); +- if (rc) { +- pr_err("r128_cce: Failed to load firmware \"%s\"\n", +- FIRMWARE_NAME); ++ if (rc) + return rc; +- } + + if (fw->size != 256 * 8) { + pr_err("r128_cce: Bogus length %zu in firmware \"%s\"\n", +--- a/drivers/gpu/drm/radeon/ni.c ++++ b/drivers/gpu/drm/radeon/ni.c +@@ -833,9 +833,6 @@ int ni_init_microcode(struct radeon_devi + + out: + if (err) { +- if (err != -EINVAL) +- pr_err("ni_cp: Failed to load firmware \"%s\"\n", +- fw_name); + release_firmware(rdev->pfp_fw); + rdev->pfp_fw = NULL; + release_firmware(rdev->me_fw); +--- a/drivers/gpu/drm/radeon/r100.c ++++ b/drivers/gpu/drm/radeon/r100.c +@@ -1047,9 +1047,7 @@ static int r100_cp_init_microcode(struct + } + + err = request_firmware(&rdev->me_fw, fw_name, rdev->dev); +- if (err) { +- pr_err("radeon_cp: Failed to load firmware \"%s\"\n", fw_name); +- } else if (rdev->me_fw->size % 8) { ++ if (err == 0 && rdev->me_fw->size % 8) { + pr_err("radeon_cp: Bogus length %zu in firmware \"%s\"\n", + rdev->me_fw->size, fw_name); + err = -EINVAL; +--- a/drivers/gpu/drm/radeon/r600.c ++++ b/drivers/gpu/drm/radeon/r600.c +@@ -2599,9 +2599,6 @@ int r600_init_microcode(struct radeon_de + + out: + if (err) { +- if (err != -EINVAL) +- pr_err("r600_cp: Failed to load firmware \"%s\"\n", +- fw_name); + release_firmware(rdev->pfp_fw); + rdev->pfp_fw = NULL; + release_firmware(rdev->me_fw); +--- a/drivers/infiniband/hw/qib/qib_sd7220.c ++++ b/drivers/infiniband/hw/qib/qib_sd7220.c +@@ -406,10 +406,8 @@ int qib_sd7220_init(struct qib_devdata * + } + + ret = request_firmware(&fw, SD7220_FW_NAME, &dd->pcidev->dev); +- if (ret) { +- qib_dev_err(dd, "Failed to load IB SERDES image\n"); ++ if (ret) + goto done; +- } + + /* Substitute our deduced value for was_reset */ + ret = qib_ibsd_ucode_loaded(dd->pport, fw); +--- a/drivers/input/touchscreen/atmel_mxt_ts.c ++++ b/drivers/input/touchscreen/atmel_mxt_ts.c +@@ -2827,10 +2827,8 @@ static int mxt_load_fw(struct device *de + int ret; + + ret = request_firmware(&fw, fn, dev); +- if (ret) { +- dev_err(dev, "Unable to open firmware %s\n", fn); ++ if (ret) + return ret; +- } + + /* Check for incorrect enc file */ + ret = mxt_check_firmware_format(dev, fw); +--- a/drivers/isdn/hardware/mISDN/speedfax.c ++++ b/drivers/isdn/hardware/mISDN/speedfax.c +@@ -379,11 +379,8 @@ setup_instance(struct sfax_hw *card) + card->isar.owner = THIS_MODULE; + + err = request_firmware(&firmware, "isdn/ISAR.BIN", &card->pdev->dev); +- if (err < 0) { +- pr_info("%s: firmware request failed %d\n", +- card->name, err); ++ if (err) + goto error_fw; +- } + if (debug & DEBUG_HW) + pr_notice("%s: got firmware %zu bytes\n", + card->name, firmware->size); +--- a/drivers/media/common/siano/smscoreapi.c ++++ b/drivers/media/common/siano/smscoreapi.c +@@ -1156,10 +1156,8 @@ static int smscore_load_firmware_from_fi + return -EINVAL; + + rc = request_firmware(&fw, fw_filename, coredev->device); +- if (rc < 0) { +- pr_err("failed to open firmware file '%s'\n", fw_filename); ++ if (rc < 0) + return rc; +- } + pr_debug("read fw %s, buffer size=0x%zx\n", fw_filename, fw->size); + fw_buf = kmalloc(ALIGN(fw->size + sizeof(struct sms_firmware), + SMS_ALLOC_ALIGNMENT), GFP_KERNEL | coredev->gfp_buf_flags); +--- a/drivers/media/dvb-frontends/af9013.c ++++ b/drivers/media/dvb-frontends/af9013.c +@@ -1049,14 +1049,8 @@ static int af9013_download_firmware(stru + + /* Request the firmware, will block and timeout */ + ret = request_firmware(&firmware, name, &client->dev); +- if (ret) { +- dev_info(&client->dev, "firmware file '%s' not found %d\n", +- name, ret); ++ if (ret) + goto err; +- } +- +- dev_info(&client->dev, "downloading firmware from file '%s'\n", +- name); + + /* Write firmware checksum & size */ + for (i = 0; i < firmware->size; i++) +--- a/drivers/media/dvb-frontends/bcm3510.c ++++ b/drivers/media/dvb-frontends/bcm3510.c +@@ -636,10 +636,9 @@ static int bcm3510_download_firmware(str + int ret,i; + + deb_info("requesting firmware\n"); +- if ((ret = st->config->request_firmware(fe, &fw, BCM3510_DEFAULT_FIRMWARE)) < 0) { +- err("could not load firmware (%s): %d",BCM3510_DEFAULT_FIRMWARE,ret); ++ ret = st->config->request_firmware(fe, &fw, BCM3510_DEFAULT_FIRMWARE); ++ if (ret) + return ret; +- } + deb_info("got firmware: %zu\n", fw->size); + + b = fw->data; +--- a/drivers/media/dvb-frontends/cx24116.c ++++ b/drivers/media/dvb-frontends/cx24116.c +@@ -479,13 +479,8 @@ static int cx24116_firmware_ondemand(str + __func__, CX24116_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- printk(KERN_INFO "%s: Waiting for firmware upload(2)...\n", +- __func__); +- if (ret) { +- printk(KERN_ERR "%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + /* Make sure we don't recurse back through here + * during loading */ +--- a/drivers/media/dvb-frontends/drxd_hard.c ++++ b/drivers/media/dvb-frontends/drxd_hard.c +@@ -891,10 +891,8 @@ static int load_firmware(struct drxd_sta + { + const struct firmware *fw; + +- if (request_firmware(&fw, fw_name, state->dev) < 0) { +- printk(KERN_ERR "drxd: firmware load failure [%s]\n", fw_name); ++ if (request_firmware(&fw, fw_name, state->dev)) + return -EIO; +- } + + state->microcode = kmemdup(fw->data, fw->size, GFP_KERNEL); + if (!state->microcode) { +--- a/drivers/media/dvb-frontends/drxk_hard.c ++++ b/drivers/media/dvb-frontends/drxk_hard.c +@@ -6259,10 +6259,6 @@ static void load_firmware_cb(const struc + + dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded"); + if (!fw) { +- pr_err("Could not load firmware file %s.\n", +- state->microcode_name); +- pr_info("Copy %s to your hotplug directory!\n", +- state->microcode_name); + state->microcode_name = NULL; + + /* +--- a/drivers/media/dvb-frontends/ds3000.c ++++ b/drivers/media/dvb-frontends/ds3000.c +@@ -348,12 +348,8 @@ static int ds3000_firmware_ondemand(stru + DS3000_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, DS3000_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- printk(KERN_INFO "%s: Waiting for firmware upload(2)...\n", __func__); +- if (ret) { +- printk(KERN_ERR "%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + ret = ds3000_load_firmware(fe, fw); + if (ret) +--- a/drivers/media/dvb-frontends/nxt200x.c ++++ b/drivers/media/dvb-frontends/nxt200x.c +@@ -876,12 +876,8 @@ static int nxt2002_init(struct dvb_front + __func__, NXT2002_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, NXT2002_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- pr_debug("%s: Waiting for firmware upload(2)...\n", __func__); +- if (ret) { +- pr_err("%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + ret = nxt2002_load_firmware(fe, fw); + release_firmware(fw); +@@ -943,12 +939,8 @@ static int nxt2004_init(struct dvb_front + __func__, NXT2004_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, NXT2004_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- pr_debug("%s: Waiting for firmware upload(2)...\n", __func__); +- if (ret) { +- pr_err("%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + ret = nxt2004_load_firmware(fe, fw); + release_firmware(fw); +--- a/drivers/media/dvb-frontends/or51132.c ++++ b/drivers/media/dvb-frontends/or51132.c +@@ -326,10 +326,8 @@ static int or51132_set_parameters(struct + printk("or51132: Waiting for firmware upload(%s)...\n", + fwname); + ret = request_firmware(&fw, fwname, state->i2c->dev.parent); +- if (ret) { +- printk(KERN_WARNING "or51132: No firmware uploaded(timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + ret = or51132_load_firmware(fe, fw); + release_firmware(fw); + if (ret) { +--- a/drivers/media/dvb-frontends/or51211.c ++++ b/drivers/media/dvb-frontends/or51211.c +@@ -361,11 +361,8 @@ static int or51211_init(struct dvb_front + OR51211_DEFAULT_FIRMWARE); + ret = config->request_firmware(fe, &fw, + OR51211_DEFAULT_FIRMWARE); +- pr_info("Got Hotplug firmware\n"); +- if (ret) { +- pr_warn("No firmware uploaded (timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + + ret = or51211_load_firmware(fe, fw); + release_firmware(fw); +--- a/drivers/media/dvb-frontends/sp8870.c ++++ b/drivers/media/dvb-frontends/sp8870.c +@@ -304,10 +304,8 @@ static int sp8870_init (struct dvb_front + + /* request the firmware, this will block until someone uploads it */ + printk("sp8870: waiting for firmware upload (%s)...\n", SP8870_DEFAULT_FIRMWARE); +- if (state->config->request_firmware(fe, &fw, SP8870_DEFAULT_FIRMWARE)) { +- printk("sp8870: no firmware upload (timeout or file not found?)\n"); ++ if (state->config->request_firmware(fe, &fw, SP8870_DEFAULT_FIRMWARE)) + return -EIO; +- } + + if (sp8870_firmware_upload(state, fw)) { + printk("sp8870: writing firmware to device failed\n"); +--- a/drivers/media/dvb-frontends/sp887x.c ++++ b/drivers/media/dvb-frontends/sp887x.c +@@ -527,10 +527,8 @@ static int sp887x_init(struct dvb_fronte + /* request the firmware, this will block until someone uploads it */ + printk("sp887x: waiting for firmware upload (%s)...\n", SP887X_DEFAULT_FIRMWARE); + ret = state->config->request_firmware(fe, &fw, SP887X_DEFAULT_FIRMWARE); +- if (ret) { +- printk("sp887x: no firmware upload (timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + + ret = sp887x_initial_setup(fe, fw); + release_firmware(fw); +--- a/drivers/media/dvb-frontends/tda10048.c ++++ b/drivers/media/dvb-frontends/tda10048.c +@@ -483,8 +483,6 @@ static int tda10048_firmware_upload(stru + ret = request_firmware(&fw, TDA10048_DEFAULT_FIRMWARE, + state->i2c->dev.parent); + if (ret) { +- printk(KERN_ERR "%s: Upload failed. (file not found?)\n", +- __func__); + return -EIO; + } else { + printk(KERN_INFO "%s: firmware read %zu bytes.\n", +--- a/drivers/media/dvb-frontends/tda1004x.c ++++ b/drivers/media/dvb-frontends/tda1004x.c +@@ -388,10 +388,8 @@ static int tda10045_fwupload(struct dvb_ + /* request the firmware, this will block until someone uploads it */ + printk(KERN_INFO "tda1004x: waiting for firmware upload (%s)...\n", TDA10045_DEFAULT_FIRMWARE); + ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); +- if (ret) { +- printk(KERN_ERR "tda1004x: no firmware upload (timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + + /* reset chip */ + tda1004x_write_mask(state, TDA1004X_CONFC4, 0x10, 0); +@@ -532,7 +530,6 @@ static int tda10046_fwupload(struct dvb_ + /* remain compatible to old bug: try to load with tda10045 image name */ + ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); + if (ret) { +- printk(KERN_ERR "tda1004x: no firmware upload (timeout or file not found?)\n"); + return ret; + } else { + printk(KERN_INFO "tda1004x: please rename the firmware file to %s\n", +--- a/drivers/media/dvb-frontends/tda10071.c ++++ b/drivers/media/dvb-frontends/tda10071.c +@@ -838,12 +838,8 @@ static int tda10071_init(struct dvb_fron + + /* request the firmware, this will block and timeout */ + ret = request_firmware(&fw, fw_file, &client->dev); +- if (ret) { +- dev_err(&client->dev, +- "did not find the firmware file '%s' (status %d). You can use /scripts/get_dvb_firmware to get the firmware\n", +- fw_file, ret); ++ if (ret) + goto error; +- } + + /* init */ + for (i = 0; i < ARRAY_SIZE(tab2); i++) { +--- a/drivers/media/i2c/cx25840/cx25840-firmware.c ++++ b/drivers/media/i2c/cx25840/cx25840-firmware.c +@@ -113,10 +113,8 @@ int cx25840_loadfw(struct i2c_client *cl + if (is_cx231xx(state) && max_buf_size > 16) + max_buf_size = 16; + +- if (request_firmware(&fw, fwname, FWDEV(client)) != 0) { +- v4l_err(client, "unable to open firmware %s\n", fwname); ++ if (request_firmware(&fw, fwname, FWDEV(client)) != 0) + return -EINVAL; +- } + + start_fw_load(client); + +--- a/drivers/media/pci/bt8xx/bttv-cards.c ++++ b/drivers/media/pci/bt8xx/bttv-cards.c +@@ -3904,10 +3904,8 @@ static int pvr_boot(struct bttv *btv) + int rc; + + rc = request_firmware(&fw_entry, "hcwamc.rbf", &btv->c.pci->dev); +- if (rc != 0) { +- pr_warn("%d: no altera firmware [via hotplug]\n", btv->c.nr); ++ if (rc != 0) + return rc; +- } + rc = pvr_altera_load(btv, fw_entry->data, fw_entry->size); + pr_info("%d: altera firmware upload %s\n", + btv->c.nr, (rc < 0) ? "failed" : "ok"); +--- a/drivers/media/pci/cx18/cx18-av-firmware.c ++++ b/drivers/media/pci/cx18/cx18-av-firmware.c +@@ -70,10 +70,8 @@ int cx18_av_loadfw(struct cx18 *cx) + int i; + int retries1 = 0; + +- if (request_firmware(&fw, FWFILE, &cx->pci_dev->dev) != 0) { +- CX18_ERR_DEV(sd, "unable to open firmware %s\n", FWFILE); ++ if (request_firmware(&fw, FWFILE, &cx->pci_dev->dev) != 0) + return -EINVAL; +- } + + /* The firmware load often has byte errors, so allow for several + retries, both at byte level and at the firmware load level. */ +--- a/drivers/media/pci/cx18/cx18-dvb.c ++++ b/drivers/media/pci/cx18/cx18-dvb.c +@@ -127,9 +127,7 @@ static int yuan_mpc718_mt352_reqfw(struc + int ret; + + ret = request_firmware(fw, fn, &cx->pci_dev->dev); +- if (ret) +- CX18_ERR("Unable to open firmware file %s\n", fn); +- else { ++ if (!ret) { + size_t sz = (*fw)->size; + if (sz < 2 || sz > 64 || (sz % 2) != 0) { + CX18_ERR("Firmware %s has a bad size: %lu bytes\n", +--- a/drivers/media/pci/cx18/cx18-firmware.c ++++ b/drivers/media/pci/cx18/cx18-firmware.c +@@ -92,11 +92,8 @@ static int load_cpu_fw_direct(const char + u32 __iomem *dst = (u32 __iomem *)mem; + const u32 *src; + +- if (request_firmware(&fw, fn, &cx->pci_dev->dev)) { +- CX18_ERR("Unable to open firmware %s\n", fn); +- CX18_ERR("Did you put the firmware in the hotplug firmware directory?\n"); ++ if (request_firmware(&fw, fn, &cx->pci_dev->dev)) + return -ENOMEM; +- } + + src = (const u32 *)fw->data; + +@@ -137,8 +134,6 @@ static int load_apu_fw_direct(const char + int sz; + + if (request_firmware(&fw, fn, &cx->pci_dev->dev)) { +- CX18_ERR("unable to open firmware %s\n", fn); +- CX18_ERR("did you put the firmware in the hotplug firmware directory?\n"); + cx18_setup_page(cx, 0); + return -ENOMEM; + } +--- a/drivers/media/pci/cx23885/cx23885-417.c ++++ b/drivers/media/pci/cx23885/cx23885-417.c +@@ -920,12 +920,8 @@ static int cx23885_load_firmware(struct + retval = request_firmware(&firmware, CX23885_FIRM_IMAGE_NAME, + &dev->pci->dev); + +- if (retval != 0) { +- pr_err("ERROR: Hotplug firmware request failed (%s).\n", +- CX23885_FIRM_IMAGE_NAME); +- pr_err("Please fix your hotplug setup, the board will not work without firmware loaded!\n"); ++ if (retval != 0) + return -1; +- } + + if (firmware->size != CX23885_FIRM_IMAGE_SIZE) { + pr_err("ERROR: Firmware size mismatch (have %zu, expected %d)\n", +--- a/drivers/media/pci/cx23885/cx23885-cards.c ++++ b/drivers/media/pci/cx23885/cx23885-cards.c +@@ -2480,10 +2480,7 @@ void cx23885_card_setup(struct cx23885_d + cinfo.rev, filename); + + ret = request_firmware(&fw, filename, &dev->pci->dev); +- if (ret != 0) +- pr_err("did not find the firmware file '%s'. You can use /scripts/get_dvb_firmware to get the firmware.", +- filename); +- else ++ if (ret == 0) + altera_init(&netup_config, fw); + + release_firmware(fw); +--- a/drivers/media/pci/cx88/cx88-blackbird.c ++++ b/drivers/media/pci/cx88/cx88-blackbird.c +@@ -462,12 +462,8 @@ static int blackbird_load_firmware(struc + retval = request_firmware(&firmware, CX2341X_FIRM_ENC_FILENAME, + &dev->pci->dev); + +- if (retval != 0) { +- pr_err("Hotplug firmware request failed (%s).\n", +- CX2341X_FIRM_ENC_FILENAME); +- pr_err("Please fix your hotplug setup, the board will not work without firmware loaded!\n"); ++ if (retval != 0) + return -EIO; +- } + + if (firmware->size != BLACKBIRD_FIRM_IMAGE_SIZE) { + pr_err("Firmware size mismatch (have %zd, expected %d)\n", +--- a/drivers/media/pci/ivtv/ivtv-firmware.c ++++ b/drivers/media/pci/ivtv/ivtv-firmware.c +@@ -68,8 +68,6 @@ retry: + release_firmware(fw); + return size; + } +- IVTV_ERR("Unable to open firmware %s (must be %ld bytes)\n", fn, size); +- IVTV_ERR("Did you put the firmware in the hotplug firmware directory?\n"); + return -ENOMEM; + } + +--- a/drivers/media/pci/ngene/ngene-core.c ++++ b/drivers/media/pci/ngene/ngene-core.c +@@ -1236,19 +1236,14 @@ static int ngene_load_firm(struct ngene + break; + } + +- if (request_firmware(&fw, fw_name, &dev->pci_dev->dev) < 0) { +- dev_err(pdev, "Could not load firmware file %s.\n", fw_name); +- dev_info(pdev, "Copy %s to your hotplug directory!\n", +- fw_name); ++ if (request_firmware(&fw, fw_name, &dev->pci_dev->dev)) + return -1; +- } + if (size == 0) + size = fw->size; + if (size != fw->size) { + dev_err(pdev, "Firmware %s has invalid size!", fw_name); + err = -1; + } else { +- dev_info(pdev, "Loading firmware file %s.\n", fw_name); + ngene_fw = (u8 *) fw->data; + err = ngene_command_load_firmware(dev, ngene_fw, size); + } +--- a/drivers/media/pci/saa7164/saa7164-fw.c ++++ b/drivers/media/pci/saa7164/saa7164-fw.c +@@ -406,11 +406,8 @@ int saa7164_downloadfirmware(struct saa7 + __func__, fwname); + + ret = request_firmware(&fw, fwname, &dev->pci->dev); +- if (ret) { +- printk(KERN_ERR "%s() Upload failed. (file not found?)\n", +- __func__); ++ if (ret) + return -ENOMEM; +- } + + printk(KERN_INFO "%s() firmware read %zu bytes.\n", + __func__, fw->size); +--- a/drivers/media/pci/ttpci/av7110.c ++++ b/drivers/media/pci/ttpci/av7110.c +@@ -1501,13 +1501,8 @@ static int get_firmware(struct av7110* a + /* request the av7110 firmware, this will block until someone uploads it */ + ret = request_firmware(&fw, "dvb-ttpci-01.fw", &av7110->dev->pci->dev); + if (ret) { +- if (ret == -ENOENT) { +- printk(KERN_ERR "dvb-ttpci: could not load firmware, file not found: dvb-ttpci-01.fw\n"); +- printk(KERN_ERR "dvb-ttpci: usually this should be in /usr/lib/hotplug/firmware or /lib/firmware\n"); +- printk(KERN_ERR "dvb-ttpci: and can be downloaded from https://linuxtv.org/download/dvb/firmware/\n"); +- } else +- printk(KERN_ERR "dvb-ttpci: cannot request firmware (error %i)\n", +- ret); ++ if (ret == -ENOENT) ++ printk(KERN_ERR "dvb-ttpci: firmware can be downloaded from https://linuxtv.org/download/dvb/firmware/\n"); + return -EINVAL; + } + +--- a/drivers/media/pci/ttpci/av7110_hw.c ++++ b/drivers/media/pci/ttpci/av7110_hw.c +@@ -235,11 +235,8 @@ int av7110_bootarm(struct av7110 *av7110 + //saa7146_setgpio(dev, 3, SAA7146_GPIO_INPUT); + + ret = request_firmware(&fw, fw_name, &dev->pci->dev); +- if (ret) { +- printk(KERN_ERR "dvb-ttpci: Failed to load firmware \"%s\"\n", +- fw_name); ++ if (ret) + return ret; +- } + + mwdebi(av7110, DEBISWAB, DPRAM_BASE, fw->data, fw->size); + release_firmware(fw); +--- a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c ++++ b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c +@@ -65,10 +65,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc + } + } + +- if (err != 0) { +- mfc_err("Firmware is not present in the /lib/firmware directory nor compiled in kernel\n"); ++ if (err != 0) + return -EINVAL; +- } + if (fw_blob->size > dev->fw_buf.size) { + mfc_err("MFC firmware is too big to be loaded\n"); + release_firmware(fw_blob); +--- a/drivers/media/radio/radio-wl1273.c ++++ b/drivers/media/radio/radio-wl1273.c +@@ -502,11 +502,8 @@ static int wl1273_fm_upload_firmware_pat + * Uploading the firmware patch is not always necessary, + * so we only print an info message. + */ +- if (request_firmware(&fw_p, fw_name, dev)) { +- dev_info(dev, "%s - %s not found\n", __func__, fw_name); +- ++ if (request_firmware(&fw_p, fw_name, dev)) + return 0; +- } + + ptr = (__u8 *) fw_p->data; + packet_num = ptr[0]; +--- a/drivers/media/radio/wl128x/fmdrv_common.c ++++ b/drivers/media/radio/wl128x/fmdrv_common.c +@@ -1240,10 +1240,8 @@ static int fm_download_firmware(struct f + + ret = request_firmware(&fw_entry, fw_name, + &fmdev->radio_dev->dev); +- if (ret < 0) { +- fmerr("Unable to read firmware(%s) content\n", fw_name); ++ if (ret) + return ret; +- } + fmdbg("Firmware(%s) length : %zu bytes\n", fw_name, fw_entry->size); + + fw_data = (void *)fw_entry->data; +--- a/drivers/media/tuners/tuner-xc2028.c ++++ b/drivers/media/tuners/tuner-xc2028.c +@@ -1366,7 +1366,6 @@ static void load_firmware_cb(const struc + + tuner_dbg("request_firmware_nowait(): %s\n", fw ? "OK" : "error"); + if (!fw) { +- tuner_err("Could not load firmware %s.\n", priv->fname); + priv->state = XC2028_NODEV; + return; + } +--- a/drivers/media/usb/cpia2/cpia2_core.c ++++ b/drivers/media/usb/cpia2/cpia2_core.c +@@ -912,11 +912,8 @@ static int apply_vp_patch(struct camera_ + struct cpia2_command cmd; + + ret = request_firmware(&fw, fw_name, &cam->dev->dev); +- if (ret) { +- printk(KERN_ERR "cpia2: failed to load VP patch \"%s\"\n", +- fw_name); ++ if (ret) + return ret; +- } + + cmd.req_mode = CAMERAACCESS_TYPE_REPEAT | CAMERAACCESS_VP; + cmd.direction = TRANSFER_WRITE; +--- a/drivers/media/usb/cx231xx/cx231xx-417.c ++++ b/drivers/media/usb/cx231xx/cx231xx-417.c +@@ -983,11 +983,6 @@ static int cx231xx_load_firmware(struct + dev->dev); + + if (retval != 0) { +- dev_err(dev->dev, +- "ERROR: Hotplug firmware request failed (%s).\n", +- CX231xx_FIRM_IMAGE_NAME); +- dev_err(dev->dev, +- "Please fix your hotplug setup, the board will not work without firmware loaded!\n"); + vfree(p_current_fw); + vfree(p_buffer); + return retval; +--- a/drivers/media/usb/dvb-usb/dib0700_devices.c ++++ b/drivers/media/usb/dvb-usb/dib0700_devices.c +@@ -2408,12 +2408,9 @@ static int stk9090m_frontend_attach(stru + + dib9000_i2c_enumeration(&adap->dev->i2c_adap, 1, 0x10, 0x80); + +- if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) { +- deb_info("%s: Upload failed. (file not found?)\n", __func__); ++ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) + return -ENODEV; +- } else { +- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); +- } ++ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); + stk9090m_config.microcode_B_fe_size = state->frontend_firmware->size; + stk9090m_config.microcode_B_fe_buffer = state->frontend_firmware->data; + +@@ -2478,12 +2475,9 @@ static int nim9090md_frontend_attach(str + msleep(20); + dib0700_set_gpio(adap->dev, GPIO0, GPIO_OUT, 1); + +- if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) { +- deb_info("%s: Upload failed. (file not found?)\n", __func__); ++ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) + return -EIO; +- } else { +- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); +- } ++ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); + nim9090md_config[0].microcode_B_fe_size = state->frontend_firmware->size; + nim9090md_config[0].microcode_B_fe_buffer = state->frontend_firmware->data; + nim9090md_config[1].microcode_B_fe_size = state->frontend_firmware->size; +--- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c ++++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c +@@ -90,13 +90,9 @@ int dvb_usb_download_firmware(struct usb + int ret; + const struct firmware *fw = NULL; + +- if ((ret = request_firmware(&fw, props->firmware, &udev->dev)) != 0) { +- err("did not find the firmware file '%s' (status %d). You can use /scripts/get_dvb_firmware to get the firmware", +- props->firmware,ret); ++ ret = request_firmware(&fw, props->firmware, &udev->dev); ++ if (ret) + return ret; +- } +- +- info("downloading firmware from file '%s'",props->firmware); + + switch (props->usb_ctrl) { + case CYPRESS_AN2135: +--- a/drivers/media/usb/dvb-usb/gp8psk.c ++++ b/drivers/media/usb/dvb-usb/gp8psk.c +@@ -131,19 +131,14 @@ static int gp8psk_load_bcm4500fw(struct + const u8 *ptr; + u8 *buf; + if ((ret = request_firmware(&fw, bcm4500_firmware, +- &d->udev->dev)) != 0) { +- err("did not find the bcm4500 firmware file '%s' (status %d). You can use /scripts/get_dvb_firmware to get the firmware", +- bcm4500_firmware,ret); ++ &d->udev->dev)) != 0) + return ret; +- } + + ret = -EINVAL; + + if (gp8psk_usb_out_op(d, LOAD_BCM4500,1,0,NULL, 0)) + goto out_rel_fw; + +- info("downloading bcm4500 firmware from file '%s'",bcm4500_firmware); +- + ptr = fw->data; + buf = kmalloc(64, GFP_KERNEL); + if (!buf) { +--- a/drivers/media/usb/dvb-usb/opera1.c ++++ b/drivers/media/usb/dvb-usb/opera1.c +@@ -450,8 +450,6 @@ static int opera1_xilinx_load_firmware(s + info("start downloading fpga firmware %s",filename); + + if ((ret = request_firmware(&fw, filename, &dev->dev)) != 0) { +- err("did not find the firmware file '%s'. You can use /scripts/get_dvb_firmware to get the firmware", +- filename); + return ret; + } else { + p = kmalloc(fw->size, GFP_KERNEL); +--- a/drivers/media/usb/go7007/go7007-driver.c ++++ b/drivers/media/usb/go7007/go7007-driver.c +@@ -84,10 +84,8 @@ static int go7007_load_encoder(struct go + u16 intr_val, intr_data; + + if (go->boot_fw == NULL) { +- if (request_firmware(&fw_entry, fw_name, go->dev)) { +- v4l2_err(go, "unable to load firmware from file \"%s\"\n", fw_name); ++ if (request_firmware(&fw_entry, fw_name, go->dev)) + return -1; +- } + if (fw_entry->size < 16 || memcmp(fw_entry->data, "WISGO7007FW", 11)) { + v4l2_err(go, "file \"%s\" does not appear to be go7007 firmware\n", fw_name); + release_firmware(fw_entry); +--- a/drivers/media/usb/go7007/go7007-fw.c ++++ b/drivers/media/usb/go7007/go7007-fw.c +@@ -1565,12 +1565,8 @@ int go7007_construct_fw_image(struct go7 + default: + return -1; + } +- if (request_firmware(&fw_entry, GO7007_FW_NAME, go->dev)) { +- dev_err(go->dev, +- "unable to load firmware from file \"%s\"\n", +- GO7007_FW_NAME); ++ if (request_firmware(&fw_entry, GO7007_FW_NAME, go->dev)) + return -1; +- } + code = kcalloc(codespace, 2, GFP_KERNEL); + if (code == NULL) + goto fw_failed; +--- a/drivers/media/usb/go7007/go7007-loader.c ++++ b/drivers/media/usb/go7007/go7007-loader.c +@@ -67,11 +67,8 @@ static int go7007_loader_probe(struct us + + dev_info(&interface->dev, "loading firmware %s\n", fw1); + +- if (request_firmware(&fw, fw1, &usbdev->dev)) { +- dev_err(&interface->dev, +- "unable to load firmware from file \"%s\"\n", fw1); ++ if (request_firmware(&fw, fw1, &usbdev->dev)) + goto failed2; +- } + ret = cypress_load_firmware(usbdev, fw, CYPRESS_FX2); + release_firmware(fw); + if (0 != ret) { +@@ -82,11 +79,8 @@ static int go7007_loader_probe(struct us + if (fw2 == NULL) + return 0; + +- if (request_firmware(&fw, fw2, &usbdev->dev)) { +- dev_err(&interface->dev, +- "unable to load firmware from file \"%s\"\n", fw2); ++ if (request_firmware(&fw, fw2, &usbdev->dev)) + goto failed2; +- } + ret = cypress_load_firmware(usbdev, fw, CYPRESS_FX2); + release_firmware(fw); + if (0 != ret) { +--- a/drivers/media/usb/gspca/vicam.c ++++ b/drivers/media/usb/gspca/vicam.c +@@ -230,10 +230,8 @@ static int sd_init(struct gspca_dev *gsp + + ret = request_ihex_firmware(&fw, VICAM_FIRMWARE, + &gspca_dev->dev->dev); +- if (ret) { +- pr_err("Failed to load \"vicam/firmware.fw\": %d\n", ret); ++ if (ret) + return ret; +- } + + firmware_buf = kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!firmware_buf) { +--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c ++++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c +@@ -1370,25 +1370,6 @@ static int pvr2_locate_firmware(struct p + "request_firmware fatal error with code=%d",ret); + return ret; + } +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "***WARNING*** Device %s firmware seems to be missing.", +- fwtypename); +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "Did you install the pvrusb2 firmware files in their proper location?"); +- if (fwcount == 1) { +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "request_firmware unable to locate %s file %s", +- fwtypename,fwnames[0]); +- } else { +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "request_firmware unable to locate one of the following %s files:", +- fwtypename); +- for (idx = 0; idx < fwcount; idx++) { +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "request_firmware: Failed to find %s", +- fwnames[idx]); +- } +- } + return ret; + } + +--- a/drivers/media/usb/s2255/s2255drv.c ++++ b/drivers/media/usb/s2255/s2255drv.c +@@ -2278,10 +2278,8 @@ static int s2255_probe(struct usb_interf + } + /* load the first chunk */ + if (request_firmware(&dev->fw_data->fw, +- FIRMWARE_FILE_NAME, &dev->udev->dev)) { +- dev_err(&interface->dev, "sensoray 2255 failed to get firmware\n"); ++ FIRMWARE_FILE_NAME, &dev->udev->dev)) + goto errorREQFW; +- } + /* check the firmware is valid */ + fw_size = dev->fw_data->fw->size; + pdata = (__le32 *) &dev->fw_data->fw->data[fw_size - 8]; +--- a/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c ++++ b/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c +@@ -282,10 +282,8 @@ static int ttusb_boot_dsp(struct ttusb * + + err = request_firmware(&fw, "ttusb-budget/dspbootcode.bin", + &ttusb->dev->dev); +- if (err) { +- pr_err("failed to request firmware\n"); ++ if (err) + return err; +- } + + /* BootBlock */ + b[0] = 0xaa; +--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c ++++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c +@@ -1324,11 +1324,8 @@ static int ttusb_dec_boot_dsp(struct ttu + dprintk("%s\n", __func__); + + result = request_firmware(&fw_entry, dec->firmware_name, &dec->udev->dev); +- if (result) { +- printk(KERN_ERR "%s: Firmware (%s) unavailable.\n", +- __func__, dec->firmware_name); ++ if (result) + return result; +- } + + firmware = fw_entry->data; + firmware_size = fw_entry->size; +--- a/drivers/misc/ti-st/st_kim.c ++++ b/drivers/misc/ti-st/st_kim.c +@@ -295,11 +295,8 @@ static long download_firmware(struct kim + request_firmware(&kim_gdata->fw_entry, bts_scr_name, + &kim_gdata->kim_pdev->dev); + if (unlikely((err != 0) || (kim_gdata->fw_entry->data == NULL) || +- (kim_gdata->fw_entry->size == 0))) { +- pr_err(" request_firmware failed(errno %ld) for %s", err, +- bts_scr_name); ++ (kim_gdata->fw_entry->size == 0))) + return -EINVAL; +- } + ptr = (void *)kim_gdata->fw_entry->data; + len = kim_gdata->fw_entry->size; + /* +--- a/drivers/net/can/softing/softing_fw.c ++++ b/drivers/net/can/softing/softing_fw.c +@@ -226,11 +226,8 @@ int softing_load_app_fw(const char *file + int8_t type_end = 0, type_entrypoint = 0; + + ret = request_firmware(&fw, file, &card->pdev->dev); +- if (ret) { +- dev_alert(&card->pdev->dev, "request_firmware(%s) got %i\n", +- file, ret); ++ if (ret) + return ret; +- } + dev_dbg(&card->pdev->dev, "firmware(%s) got %lu bytes\n", + file, (unsigned long)fw->size); + /* parse the firmware */ +--- a/drivers/net/ethernet/3com/typhoon.c ++++ b/drivers/net/ethernet/3com/typhoon.c +@@ -1282,11 +1282,8 @@ typhoon_request_firmware(struct typhoon + return 0; + + err = request_firmware(&typhoon_fw, FIRMWARE_NAME, &tp->pdev->dev); +- if (err) { +- netdev_err(tp->dev, "Failed to load firmware \"%s\"\n", +- FIRMWARE_NAME); ++ if (err) + return err; +- } + + image_data = typhoon_fw->data; + remaining = typhoon_fw->size; +--- a/drivers/net/ethernet/adaptec/starfire.c ++++ b/drivers/net/ethernet/adaptec/starfire.c +@@ -1002,11 +1002,8 @@ static int netdev_open(struct net_device + #endif /* VLAN_SUPPORT */ + + retval = request_firmware(&fw_rx, FIRMWARE_RX, &np->pci_dev->dev); +- if (retval) { +- printk(KERN_ERR "starfire: Failed to load firmware \"%s\"\n", +- FIRMWARE_RX); ++ if (retval) + goto out_init; +- } + if (fw_rx->size % 4) { + printk(KERN_ERR "starfire: bogus length %zu in \"%s\"\n", + fw_rx->size, FIRMWARE_RX); +@@ -1014,11 +1011,8 @@ static int netdev_open(struct net_device + goto out_rx; + } + retval = request_firmware(&fw_tx, FIRMWARE_TX, &np->pci_dev->dev); +- if (retval) { +- printk(KERN_ERR "starfire: Failed to load firmware \"%s\"\n", +- FIRMWARE_TX); ++ if (retval) + goto out_rx; +- } + if (fw_tx->size % 4) { + printk(KERN_ERR "starfire: bogus length %zu in \"%s\"\n", + fw_tx->size, FIRMWARE_TX); +--- a/drivers/net/ethernet/alacritech/slicoss.c ++++ b/drivers/net/ethernet/alacritech/slicoss.c +@@ -1051,11 +1051,8 @@ static int slic_load_rcvseq_firmware(str + file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_RCV_FIRMWARE_OASIS : + SLIC_RCV_FIRMWARE_MOJAVE; + err = request_firmware(&fw, file, &sdev->pdev->dev); +- if (err) { +- dev_err(&sdev->pdev->dev, +- "failed to load receive sequencer firmware %s\n", file); ++ if (err) + return err; +- } + /* Do an initial sanity check concerning firmware size now. A further + * check follows below. + */ +@@ -1126,10 +1123,8 @@ static int slic_load_firmware(struct sli + file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_FIRMWARE_OASIS : + SLIC_FIRMWARE_MOJAVE; + err = request_firmware(&fw, file, &sdev->pdev->dev); +- if (err) { +- dev_err(&sdev->pdev->dev, "failed to load firmware %s\n", file); ++ if (err) + return err; +- } + /* Do an initial sanity check concerning firmware size now. A further + * check follows below. + */ +--- a/drivers/net/ethernet/alteon/acenic.c ++++ b/drivers/net/ethernet/alteon/acenic.c +@@ -2881,11 +2881,8 @@ static int ace_load_firmware(struct net_ + fw_name = "acenic/tg1.bin"; + + ret = request_firmware(&fw, fw_name, &ap->pdev->dev); +- if (ret) { +- printk(KERN_ERR "%s: Failed to load firmware \"%s\"\n", +- ap->name, fw_name); ++ if (ret) + return ret; +- } + + fw_data = (void *)fw->data; + +--- a/drivers/net/ethernet/broadcom/bnx2.c ++++ b/drivers/net/ethernet/broadcom/bnx2.c +@@ -3712,16 +3712,13 @@ static int bnx2_request_uncached_firmwar + } + + rc = request_firmware(&bp->mips_firmware, mips_fw_file, &bp->pdev->dev); +- if (rc) { +- pr_err("Can't load firmware file \"%s\"\n", mips_fw_file); ++ if (rc) + goto out; +- } + + rc = request_firmware(&bp->rv2p_firmware, rv2p_fw_file, &bp->pdev->dev); +- if (rc) { +- pr_err("Can't load firmware file \"%s\"\n", rv2p_fw_file); ++ if (rc) + goto err_release_mips_firmware; +- } ++ + mips_fw = (const struct bnx2_mips_fw_file *) bp->mips_firmware->data; + rv2p_fw = (const struct bnx2_rv2p_fw_file *) bp->rv2p_firmware->data; + if (bp->mips_firmware->size < sizeof(*mips_fw) || +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -11413,11 +11413,8 @@ static int tg3_request_firmware(struct t + { + const struct tg3_firmware_hdr *fw_hdr; + +- if (request_firmware(&tp->fw, tp->fw_needed, &tp->pdev->dev)) { +- netdev_err(tp->dev, "Failed to load firmware \"%s\"\n", +- tp->fw_needed); ++ if (request_firmware(&tp->fw, tp->fw_needed, &tp->pdev->dev)) + return -ENOENT; +- } + + fw_hdr = (struct tg3_firmware_hdr *)tp->fw->data; + +--- a/drivers/net/ethernet/brocade/bna/cna_fwimg.c ++++ b/drivers/net/ethernet/brocade/bna/cna_fwimg.c +@@ -24,10 +24,8 @@ cna_read_firmware(struct pci_dev *pdev, + const struct firmware *fw; + u32 n; + +- if (request_firmware(&fw, fw_name, &pdev->dev)) { +- dev_alert(&pdev->dev, "can't load firmware %s\n", fw_name); ++ if (request_firmware(&fw, fw_name, &pdev->dev)) + goto error; +- } + + *bfi_image = (u32 *)fw->data; + *bfi_image_size = fw->size/sizeof(u32); +--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c ++++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +@@ -1036,12 +1036,8 @@ int t3_get_edc_fw(struct cphy *phy, int + fw_name = get_edc_fw_name(edc_idx); + if (fw_name) + ret = request_firmware(&fw, fw_name, &adapter->pdev->dev); +- if (ret < 0) { +- dev_err(&adapter->pdev->dev, +- "could not upgrade firmware: unable to load %s\n", +- fw_name); ++ if (ret) + return ret; +- } + + /* check size, take checksum in account */ + if (fw->size > size + 4) { +@@ -1078,11 +1074,8 @@ static int upgrade_fw(struct adapter *ad + struct device *dev = &adap->pdev->dev; + + ret = request_firmware(&fw, FW_FNAME, dev); +- if (ret < 0) { +- dev_err(dev, "could not upgrade firmware: unable to load %s\n", +- FW_FNAME); ++ if (ret) + return ret; +- } + ret = t3_load_fw(adap, fw->data, fw->size); + release_firmware(fw); + +@@ -1127,11 +1120,8 @@ static int update_tpsram(struct adapter + snprintf(buf, sizeof(buf), TPSRAM_NAME, rev); + + ret = request_firmware(&tpsram, buf, dev); +- if (ret < 0) { +- dev_err(dev, "could not load TP SRAM: unable to load %s\n", +- buf); ++ if (ret) + return ret; +- } + + ret = t3_check_tpsram(adap, tpsram->data, tpsram->size); + if (ret) +--- a/drivers/net/ethernet/intel/e100.c ++++ b/drivers/net/ethernet/intel/e100.c +@@ -1262,9 +1262,6 @@ static const struct firmware *e100_reque + + if (err) { + if (required) { +- netif_err(nic, probe, nic->netdev, +- "Failed to load firmware \"%s\": %d\n", +- fw_name, err); + return ERR_PTR(err); + } else { + netif_info(nic, probe, nic->netdev, +--- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c ++++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c +@@ -580,8 +580,6 @@ static int myri10ge_load_hotplug_firmwar + unsigned i; + + if ((status = request_firmware(&fw, mgp->fw_name, dev)) < 0) { +- dev_err(dev, "Unable to load %s firmware image via hotplug\n", +- mgp->fw_name); + status = -EINVAL; + goto abort_with_nothing; + } +--- a/drivers/net/ethernet/smsc/smc91c92_cs.c ++++ b/drivers/net/ethernet/smsc/smc91c92_cs.c +@@ -647,10 +647,8 @@ static int osi_load_firmware(struct pcmc + int i, err; + + err = request_firmware(&fw, FIRMWARE_NAME, &link->dev); +- if (err) { +- pr_err("Failed to load firmware \"%s\"\n", FIRMWARE_NAME); ++ if (err) + return err; +- } + + /* Download the Seven of Diamonds firmware */ + for (i = 0; i < fw->size; i++) { +--- a/drivers/net/ethernet/sun/cassini.c ++++ b/drivers/net/ethernet/sun/cassini.c +@@ -793,11 +793,8 @@ static void cas_saturn_firmware_init(str + return; + + err = request_firmware(&fw, fw_name, &cp->pdev->dev); +- if (err) { +- pr_err("Failed to load firmware \"%s\"\n", +- fw_name); ++ if (err) + return; +- } + if (fw->size < 2) { + pr_err("bogus length %zu in \"%s\"\n", + fw->size, fw_name); +--- a/drivers/net/hamradio/yam.c ++++ b/drivers/net/hamradio/yam.c +@@ -357,11 +357,8 @@ static unsigned char *add_mcs(unsigned c + } + err = request_firmware(&fw, fw_name[predef], &pdev->dev); + platform_device_unregister(pdev); +- if (err) { +- printk(KERN_ERR "Failed to load firmware \"%s\"\n", +- fw_name[predef]); ++ if (err) + return NULL; +- } + if (fw->size != YAM_FPGA_SIZE) { + printk(KERN_ERR "Bogus length %zu in firmware \"%s\"\n", + fw->size, fw_name[predef]); +--- a/drivers/net/usb/kaweth.c ++++ b/drivers/net/usb/kaweth.c +@@ -305,10 +305,8 @@ static int kaweth_download_firmware(stru + int ret; + + ret = request_firmware(&fw, fwname, &kaweth->dev->dev); +- if (ret) { +- dev_err(&kaweth->intf->dev, "Firmware request failed\n"); ++ if (ret) + return ret; +- } + + if (fw->size > KAWETH_FIRMWARE_BUF_SIZE) { + dev_err(&kaweth->intf->dev, "Firmware too big: %zu\n", +--- a/drivers/net/wimax/i2400m/fw.c ++++ b/drivers/net/wimax/i2400m/fw.c +@@ -1578,11 +1578,8 @@ int i2400m_dev_bootstrap(struct i2400m * + } + d_printf(1, dev, "trying firmware %s (%d)\n", fw_name, itr); + ret = request_firmware(&fw, fw_name, dev); +- if (ret < 0) { +- dev_err(dev, "fw %s: cannot load file: %d\n", +- fw_name, ret); ++ if (ret) + continue; +- } + i2400m->fw_name = fw_name; + ret = i2400m_fw_bootstrap(i2400m, fw, flags); + release_firmware(fw); +@@ -1625,8 +1622,6 @@ void i2400m_fw_cache(struct i2400m *i240 + kref_init(&i2400m_fw->kref); + result = request_firmware(&i2400m_fw->fw, i2400m->fw_name, dev); + if (result < 0) { +- dev_err(dev, "firmware %s: failed to cache: %d\n", +- i2400m->fw_name, result); + kfree(i2400m_fw); + i2400m_fw = (void *) ~0; + } else +--- a/drivers/net/wireless/ath/ath9k/hif_usb.c ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.c +@@ -1216,9 +1216,6 @@ static void ath9k_hif_usb_firmware_cb(co + if (!ret) + return; + +- dev_err(&hif_dev->udev->dev, +- "ath9k_htc: Failed to get firmware %s\n", +- hif_dev->fw_name); + goto err_fw; + } + +--- a/drivers/net/wireless/ath/carl9170/usb.c ++++ b/drivers/net/wireless/ath/carl9170/usb.c +@@ -1029,7 +1029,6 @@ static void carl9170_usb_firmware_step2( + return; + } + +- dev_err(&ar->udev->dev, "firmware not found.\n"); + carl9170_usb_firmware_failed(ar); + } + +--- a/drivers/net/wireless/atmel/at76c50x-usb.c ++++ b/drivers/net/wireless/atmel/at76c50x-usb.c +@@ -1616,13 +1616,8 @@ static struct fwentry *at76_load_firmwar + + at76_dbg(DBG_FW, "downloading firmware %s", fwe->fwname); + ret = request_firmware(&fwe->fw, fwe->fwname, &udev->dev); +- if (ret < 0) { +- dev_err(&udev->dev, "firmware %s not found!\n", +- fwe->fwname); +- dev_err(&udev->dev, +- "you may need to download the firmware from http://developer.berlios.de/projects/at76c503a/\n"); ++ if (ret) + goto exit; +- } + + at76_dbg(DBG_FW, "got it."); + fwh = (struct at76_fw_header *)(fwe->fw->data); +--- a/drivers/net/wireless/atmel/atmel.c ++++ b/drivers/net/wireless/atmel/atmel.c +@@ -3892,12 +3892,8 @@ static int reset_atmel_card(struct net_d + strcpy(priv->firmware_id, "atmel_at76c502.bin"); + } + err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev); +- if (err != 0) { +- printk(KERN_ALERT +- "%s: firmware %s is missing, cannot continue.\n", +- dev->name, priv->firmware_id); ++ if (err != 0) + return err; +- } + } else { + int fw_index = 0; + int success = 0; +--- a/drivers/net/wireless/broadcom/b43/main.c ++++ b/drivers/net/wireless/broadcom/b43/main.c +@@ -2245,19 +2245,8 @@ int b43_do_request_fw(struct b43_request + } + err = request_firmware(&ctx->blob, ctx->fwname, + ctx->dev->dev->dev); +- if (err == -ENOENT) { +- snprintf(ctx->errors[ctx->req_type], +- sizeof(ctx->errors[ctx->req_type]), +- "Firmware file \"%s\" not found\n", +- ctx->fwname); ++ if (err) + return err; +- } else if (err) { +- snprintf(ctx->errors[ctx->req_type], +- sizeof(ctx->errors[ctx->req_type]), +- "Firmware file \"%s\" request failed (err=%d)\n", +- ctx->fwname, err); +- return err; +- } + fw_ready: + if (ctx->blob->size < sizeof(struct b43_fw_header)) + goto err_format; +--- a/drivers/net/wireless/broadcom/b43legacy/main.c ++++ b/drivers/net/wireless/broadcom/b43legacy/main.c +@@ -1524,11 +1524,8 @@ static int do_request_fw(struct b43legac + } else { + err = request_firmware(fw, path, dev->dev->dev); + } +- if (err) { +- b43legacyerr(dev->wl, "Firmware file \"%s\" not found " +- "or load failed.\n", path); ++ if (err) + return err; +- } + if ((*fw)->size < sizeof(struct b43legacy_fw_header)) + goto err_format; + hdr = (struct b43legacy_fw_header *)((*fw)->data); +--- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c +@@ -377,19 +377,13 @@ static int brcms_request_fw(struct brcms + sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i], + UCODE_LOADER_API_VER); + status = request_firmware(&wl->fw.fw_bin[i], fw_name, device); +- if (status) { +- wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n", +- KBUILD_MODNAME, fw_name); ++ if (status) + return status; +- } + sprintf(fw_name, "%s_hdr-%d.fw", brcms_firmwares[i], + UCODE_LOADER_API_VER); + status = request_firmware(&wl->fw.fw_hdr[i], fw_name, device); +- if (status) { +- wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n", +- KBUILD_MODNAME, fw_name); ++ if (status) + return status; +- } + wl->fw.hdr_num_entries[i] = + wl->fw.fw_hdr[i]->size / (sizeof(struct firmware_hdr)); + } +--- a/drivers/net/wireless/intel/ipw2x00/ipw2100.c ++++ b/drivers/net/wireless/intel/ipw2x00/ipw2100.c +@@ -8370,12 +8370,8 @@ static int ipw2100_get_firmware(struct i + + rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev); + +- if (rc < 0) { +- printk(KERN_ERR DRV_NAME ": " +- "%s: Firmware '%s' not available or load failed.\n", +- priv->net_dev->name, fw_name); ++ if (rc) + return rc; +- } + IPW_DEBUG_INFO("firmware data %p size %zd\n", fw->fw_entry->data, + fw->fw_entry->size); + +--- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c ++++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c +@@ -3396,10 +3396,8 @@ static int ipw_get_fw(struct ipw_priv *p + + /* ask firmware_class module to get the boot firmware off disk */ + rc = request_firmware(raw, name, &priv->pci_dev->dev); +- if (rc < 0) { +- IPW_ERROR("%s request_firmware failed: Reason %d\n", name, rc); ++ if (rc) + return rc; +- } + + if ((*raw)->size < sizeof(*fw)) { + IPW_ERROR("%s is too small (%zd)\n", name, (*raw)->size); +--- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c ++++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c +@@ -1837,7 +1837,6 @@ il3945_read_ucode(struct il_priv *il) + sprintf(buf, "%s%u%s", name_pre, idx, ".ucode"); + ret = request_firmware(&ucode_raw, buf, &il->pci_dev->dev); + if (ret < 0) { +- IL_ERR("%s firmware file req failed: %d\n", buf, ret); + if (ret == -ENOENT) + continue; + else +--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c ++++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c +@@ -235,8 +235,6 @@ static int iwl_request_firmware(struct i + } + + if (drv->fw_index < cfg->ucode_api_min) { +- IWL_ERR(drv, "no suitable firmware found!\n"); +- + if (cfg->ucode_api_min == cfg->ucode_api_max) { + IWL_ERR(drv, "%s%d is required\n", cfg->fw_name_pre, + cfg->ucode_api_max); +--- a/drivers/net/wireless/intersil/orinoco/fw.c ++++ b/drivers/net/wireless/intersil/orinoco/fw.c +@@ -132,7 +132,6 @@ orinoco_dl_firmware(struct orinoco_priva + err = request_firmware(&fw_entry, firmware, priv->dev); + + if (err) { +- dev_err(dev, "Cannot find firmware %s\n", firmware); + err = -ENOENT; + goto free; + } +@@ -292,10 +291,8 @@ symbol_dl_firmware(struct orinoco_privat + const struct firmware *fw_entry; + + if (!orinoco_cached_fw_get(priv, true)) { +- if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) { +- dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw); ++ if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) + return -ENOENT; +- } + } else + fw_entry = orinoco_cached_fw_get(priv, true); + +@@ -311,10 +308,8 @@ symbol_dl_firmware(struct orinoco_privat + } + + if (!orinoco_cached_fw_get(priv, false)) { +- if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) { +- dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw); ++ if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) + return -ENOENT; +- } + } else + fw_entry = orinoco_cached_fw_get(priv, false); + +--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c ++++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c +@@ -1664,7 +1664,6 @@ static int ezusb_probe(struct usb_interf + if (ezusb_firmware_download(upriv, &firmware) < 0) + goto error; + } else { +- err("No firmware to download"); + goto error; + } + +--- a/drivers/net/wireless/intersil/p54/p54pci.c ++++ b/drivers/net/wireless/intersil/p54/p54pci.c +@@ -502,7 +502,6 @@ static void p54p_firmware_step2(const st + int err; + + if (!fw) { +- dev_err(&pdev->dev, "Cannot find firmware (isl3886pci)\n"); + err = -ENOENT; + goto out; + } +--- a/drivers/net/wireless/intersil/p54/p54spi.c ++++ b/drivers/net/wireless/intersil/p54/p54spi.c +@@ -157,10 +157,8 @@ static int p54spi_request_firmware(struc + /* FIXME: should driver use it's own struct device? */ + ret = request_firmware(&priv->firmware, "3826.arm", &priv->spi->dev); + +- if (ret < 0) { +- dev_err(&priv->spi->dev, "request_firmware() failed: %d", ret); ++ if (ret) + return ret; +- } + + ret = p54_parse_firmware(dev, priv->firmware); + if (ret) { +--- a/drivers/net/wireless/intersil/p54/p54usb.c ++++ b/drivers/net/wireless/intersil/p54/p54usb.c +@@ -929,7 +929,6 @@ static void p54u_load_firmware_cb(const + err = p54u_start_ops(priv); + } else { + err = -ENOENT; +- dev_err(&udev->dev, "Firmware not found.\n"); + } + + complete(&priv->fw_wait_load); +--- a/drivers/net/wireless/intersil/prism54/islpci_dev.c ++++ b/drivers/net/wireless/intersil/prism54/islpci_dev.c +@@ -80,12 +80,9 @@ isl_upload_firmware(islpci_private *priv + const u32 *fw_ptr; + + rc = request_firmware(&fw_entry, priv->firmware, PRISM_FW_PDEV); +- if (rc) { +- printk(KERN_ERR +- "%s: request_firmware() failed for '%s'\n", +- "prism54", priv->firmware); ++ if (rc) + return rc; +- } ++ + /* prepare the Direct Memory Base register */ + reg = ISL38XX_DEV_FIRMWARE_ADDRES; + +--- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c ++++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c +@@ -818,8 +818,6 @@ static int if_usb_prog_firmware(struct l + kernel_param_lock(THIS_MODULE); + ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev); + if (ret < 0) { +- pr_err("request_firmware() failed with %#x\n", ret); +- pr_err("firmware %s not found\n", lbtf_fw_name); + kernel_param_unlock(THIS_MODULE); + goto done; + } +--- a/drivers/net/wireless/marvell/mwifiex/main.c ++++ b/drivers/net/wireless/marvell/mwifiex/main.c +@@ -527,11 +527,8 @@ static int _mwifiex_fw_dpc(const struct + struct wireless_dev *wdev; + struct completion *fw_done = adapter->fw_done; + +- if (!firmware) { +- mwifiex_dbg(adapter, ERROR, +- "Failed to get firmware %s\n", adapter->fw_name); ++ if (!firmware) + goto err_dnld_fw; +- } + + memset(&fw, 0, sizeof(struct mwifiex_fw_image)); + adapter->firmware = firmware; +--- a/drivers/net/wireless/marvell/mwl8k.c ++++ b/drivers/net/wireless/marvell/mwl8k.c +@@ -5727,16 +5727,12 @@ static int mwl8k_firmware_load_success(s + static void mwl8k_fw_state_machine(const struct firmware *fw, void *context) + { + struct mwl8k_priv *priv = context; +- struct mwl8k_device_info *di = priv->device_info; + int rc; + + switch (priv->fw_state) { + case FW_STATE_INIT: +- if (!fw) { +- printk(KERN_ERR "%s: Error requesting helper fw %s\n", +- pci_name(priv->pdev), di->helper_image); ++ if (!fw) + goto fail; +- } + priv->fw_helper = fw; + rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode, + true); +@@ -5771,11 +5767,8 @@ static void mwl8k_fw_state_machine(const + break; + + case FW_STATE_LOADING_ALT: +- if (!fw) { +- printk(KERN_ERR "%s: Error requesting alt fw %s\n", +- pci_name(priv->pdev), di->helper_image); ++ if (!fw) + goto fail; +- } + priv->fw_ucode = fw; + rc = mwl8k_firmware_load_success(priv); + if (rc) +@@ -5813,10 +5806,8 @@ retry: + + /* Ask userland hotplug daemon for the device firmware */ + rc = mwl8k_request_firmware(priv, fw_image, nowait); +- if (rc) { +- wiphy_err(hw->wiphy, "Firmware files not found\n"); ++ if (rc) + return rc; +- } + + if (nowait) + return rc; +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c +@@ -38,10 +38,8 @@ static int rt2x00lib_request_firmware(st + rt2x00_info(rt2x00dev, "Loading firmware file '%s'\n", fw_name); + + retval = request_firmware(&fw, fw_name, device); +- if (retval) { +- rt2x00_err(rt2x00dev, "Failed to request Firmware\n"); ++ if (retval) + return retval; +- } + + if (!fw || !fw->size || !fw->data) { + rt2x00_err(rt2x00dev, "Failed to read Firmware\n"); +--- a/drivers/net/wireless/realtek/rtlwifi/core.c ++++ b/drivers/net/wireless/realtek/rtlwifi/core.c +@@ -88,7 +88,6 @@ static void rtl_fw_do_work(const struct + if (!err) + goto found_alt; + } +- pr_err("Selected firmware is not available\n"); + rtlpriv->max_fw_size = 0; + goto exit; + } +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c +@@ -63,13 +63,11 @@ static void rtl92se_fw_cb(const struct f + struct ieee80211_hw *hw = context; + struct rtl_priv *rtlpriv = rtl_priv(hw); + struct rt_firmware *pfirmware = NULL; +- char *fw_name = "rtlwifi/rtl8192sefw.bin"; + + rtl_dbg(rtlpriv, COMP_ERR, DBG_LOUD, + "Firmware callback routine entered!\n"); + complete(&rtlpriv->firmware_loading_complete); + if (!firmware) { +- pr_err("Firmware %s not available\n", fw_name); + rtlpriv->max_fw_size = 0; + return; + } +--- a/drivers/net/wireless/ti/wl1251/main.c ++++ b/drivers/net/wireless/ti/wl1251/main.c +@@ -57,10 +57,8 @@ static int wl1251_fetch_firmware(struct + + ret = request_firmware(&fw, WL1251_FW_NAME, dev); + +- if (ret < 0) { +- wl1251_error("could not get firmware: %d", ret); ++ if (ret) + return ret; +- } + + if (fw->size % 4) { + wl1251_error("firmware size is not multiple of 32 bits: %zu", +@@ -96,10 +94,8 @@ static int wl1251_fetch_nvs(struct wl125 + + ret = request_firmware(&fw, WL1251_NVS_NAME, dev); + +- if (ret < 0) { +- wl1251_error("could not get nvs file: %d", ret); ++ if (ret) + return ret; +- } + + if (fw->size % 4) { + wl1251_error("nvs size is not multiple of 32 bits: %zu", +--- a/drivers/net/wireless/ti/wlcore/main.c ++++ b/drivers/net/wireless/ti/wlcore/main.c +@@ -764,10 +764,8 @@ static int wl12xx_fetch_firmware(struct + + ret = request_firmware(&fw, fw_name, wl->dev); + +- if (ret < 0) { +- wl1271_error("could not get firmware %s: %d", fw_name, ret); ++ if (ret) + return ret; +- } + + if (fw->size % 4) { + wl1271_error("firmware size is not multiple of 32 bits: %zu", +--- a/drivers/net/wireless/zydas/zd1201.c ++++ b/drivers/net/wireless/zydas/zd1201.c +@@ -62,8 +62,6 @@ static int zd1201_fw_upload(struct usb_d + + err = request_firmware(&fw_entry, fwfile, &dev->dev); + if (err) { +- dev_err(&dev->dev, "Failed to load %s firmware file!\n", fwfile); +- dev_err(&dev->dev, "Make sure the hotplug firmware loader is installed.\n"); + dev_err(&dev->dev, "Goto http://linux-lc100020.sourceforge.net for more info.\n"); + return err; + } +--- a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c ++++ b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c +@@ -108,16 +108,9 @@ static void int_urb_complete(struct urb + static int request_fw_file( + const struct firmware **fw, const char *name, struct device *device) + { +- int r; +- + dev_dbg_f(device, "fw name %s\n", name); + +- r = request_firmware(fw, name, device); +- if (r) +- dev_err(device, +- "Could not load firmware file %s. Error number %d\n", +- name, r); +- return r; ++ return request_firmware(fw, name, device); + } + + static inline u16 get_bcdDevice(const struct usb_device *udev) +--- a/drivers/scsi/advansys.c ++++ b/drivers/scsi/advansys.c +@@ -4103,8 +4103,6 @@ static int AscInitAsc1000Driver(ASC_DVC_ + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code |= ASC_IERR_MCODE_CHKSUM; + return err; + } +@@ -4469,8 +4467,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_ + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; + return err; + } +@@ -4969,8 +4965,6 @@ static int AdvInitAsc38C0800Driver(ADV_D + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; + return err; + } +@@ -5457,8 +5451,6 @@ static int AdvInitAsc38C1600Driver(ADV_D + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; + return err; + } +--- a/drivers/scsi/aic94xx/aic94xx_init.c ++++ b/drivers/scsi/aic94xx/aic94xx_init.c +@@ -369,8 +369,6 @@ static ssize_t asd_store_update_bios(str + filename_ptr, + &asd_ha->pcidev->dev); + if (err) { +- asd_printk("Failed to load bios image file %s, error %d\n", +- filename_ptr, err); + err = FAIL_OPEN_BIOS_FILE; + goto out1; + } +--- a/drivers/scsi/aic94xx/aic94xx_seq.c ++++ b/drivers/scsi/aic94xx/aic94xx_seq.c +@@ -1302,11 +1302,8 @@ int asd_init_seqs(struct asd_ha_struct * + + err = asd_request_firmware(asd_ha); + +- if (err) { +- asd_printk("Failed to load sequencer firmware file %s, error %d\n", +- SAS_RAZOR_SEQUENCER_FW_FILE, err); ++ if (err) + return err; +- } + + err = asd_seq_download_seqs(asd_ha); + if (err) { +--- a/drivers/scsi/bfa/bfad.c ++++ b/drivers/scsi/bfa/bfad.c +@@ -1749,7 +1749,6 @@ bfad_read_firmware(struct pci_dev *pdev, + const struct firmware *fw; + + if (request_firmware(&fw, fw_name, &pdev->dev)) { +- printk(KERN_ALERT "Can't locate firmware %s\n", fw_name); + *bfi_image = NULL; + goto out; + } +--- a/drivers/scsi/ipr.c ++++ b/drivers/scsi/ipr.c +@@ -4102,10 +4102,8 @@ static ssize_t ipr_store_update_fw(struc + if (endline) + *endline = '\0'; + +- if (request_firmware(&fw_entry, fname, &ioa_cfg->pdev->dev)) { +- dev_err(&ioa_cfg->pdev->dev, "Firmware file %s not found\n", fname); ++ if (request_firmware(&fw_entry, fname, &ioa_cfg->pdev->dev)) + return -EIO; +- } + + image_hdr = (struct ipr_ucode_image_header *)fw_entry->data; + +--- a/drivers/scsi/pm8001/pm8001_ctl.c ++++ b/drivers/scsi/pm8001/pm8001_ctl.c +@@ -841,9 +841,6 @@ static ssize_t pm8001_store_update_fw(st + pm8001_ha->dev); + + if (ret) { +- pm8001_dbg(pm8001_ha, FAIL, +- "Failed to load firmware image file %s, error %d\n", +- filename_ptr, ret); + pm8001_ha->fw_status = FAIL_OPEN_BIOS_FILE; + goto out; + } +--- a/drivers/scsi/qla1280.c ++++ b/drivers/scsi/qla1280.c +@@ -1514,8 +1514,6 @@ qla1280_request_firmware(struct scsi_qla + err = request_firmware(&fw, fwname, &ha->pdev->dev); + + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + fw = ERR_PTR(err); + goto unlock; + } +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -7935,10 +7935,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, + /* Load firmware blob. */ + blob = qla2x00_request_firmware(vha); + if (!blob) { +- ql_log(ql_log_info, vha, 0x0083, +- "Firmware image unavailable.\n"); +- ql_log(ql_log_info, vha, 0x0084, +- "Firmware images can be retrieved from: "QLA_FW_URL ".\n"); + return QLA_FUNCTION_FAILED; + } + +@@ -8041,9 +8037,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * + + blob = qla2x00_request_firmware(vha); + if (!blob) { +- ql_log(ql_log_warn, vha, 0x0092, +- "-> Firmware file not found.\n"); +- + return QLA_FUNCTION_FAILED; + } + +--- a/drivers/scsi/qla2xxx/qla_nx.c ++++ b/drivers/scsi/qla2xxx/qla_nx.c +@@ -2431,11 +2431,8 @@ try_blob_fw: + + /* Load firmware blob. */ + blob = ha->hablob = qla2x00_request_firmware(vha); +- if (!blob) { +- ql_log(ql_log_fatal, vha, 0x00a3, +- "Firmware image not present.\n"); ++ if (!blob) + goto fw_load_failed; +- } + + /* Validating firmware blob */ + if (qla82xx_validate_firmware_blob(vha, +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7346,8 +7346,6 @@ qla2x00_request_firmware(scsi_qla_host_t + goto out; + + if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { +- ql_log(ql_log_warn, vha, 0x0063, +- "Failed to load firmware image (%s).\n", blob->name); + blob->fw = NULL; + blob = NULL; + } +--- a/drivers/scsi/qlogicpti.c ++++ b/drivers/scsi/qlogicpti.c +@@ -486,11 +486,8 @@ static int qlogicpti_load_firmware(struc + int i, timeout; + + err = request_firmware(&fw, fwname, &qpti->op->dev); +- if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); ++ if (err) + return err; +- } + if (fw->size % 2) { + printk(KERN_ERR "Bogus length %zu in image \"%s\"\n", + fw->size, fwname); +--- a/drivers/staging/rtl8192u/r819xU_firmware.c ++++ b/drivers/staging/rtl8192u/r819xU_firmware.c +@@ -240,10 +240,8 @@ bool init_firmware(struct net_device *de + */ + if (rst_opt == OPT_SYSTEM_RESET) { + rc = request_firmware(&fw_entry, fw_name[init_step], &priv->udev->dev); +- if (rc < 0) { +- RT_TRACE(COMP_ERR, "request firmware fail!\n"); ++ if (rc) + goto download_firmware_fail; +- } + + if (fw_entry->size > sizeof(pfirmware->firmware_buf)) { + RT_TRACE(COMP_ERR, "img file size exceed the container buffer fail!\n"); +--- a/drivers/staging/rtl8712/hal_init.c ++++ b/drivers/staging/rtl8712/hal_init.c +@@ -60,8 +60,6 @@ int rtl871x_load_fw(struct _adapter *pad + dev_info(dev, "r8712u: Loading firmware from \"%s\"\n", firmware_file); + rc = request_firmware_nowait(THIS_MODULE, 1, firmware_file, dev, + GFP_KERNEL, padapter, rtl871x_load_fw_cb); +- if (rc) +- dev_err(dev, "r8712u: Firmware request error %d\n", rc); + return rc; + } + MODULE_FIRMWARE("rtlwifi/rtl8712u.bin"); +--- a/drivers/staging/vt6656/main_usb.c ++++ b/drivers/staging/vt6656/main_usb.c +@@ -109,11 +109,8 @@ static int vnt_download_firmware(struct + dev_dbg(dev, "---->Download firmware\n"); + + ret = request_firmware(&fw, FIRMWARE_NAME, dev); +- if (ret) { +- dev_err(dev, "firmware file %s request failed (%d)\n", +- FIRMWARE_NAME, ret); ++ if (ret) + goto end; +- } + + for (ii = 0; ii < fw->size; ii += FIRMWARE_CHUNK_SIZE) { + length = min_t(int, fw->size - ii, FIRMWARE_CHUNK_SIZE); +--- a/drivers/tty/cyclades.c ++++ b/drivers/tty/cyclades.c +@@ -3484,10 +3484,8 @@ static int cyz_load_fw(struct pci_dev *p + int retval; + + retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev); +- if (retval) { +- dev_err(&pdev->dev, "can't get firmware\n"); ++ if (retval) + goto err; +- } + + /* Check whether the firmware is already loaded and running. If + positive, skip this board */ +--- a/drivers/tty/moxa.c ++++ b/drivers/tty/moxa.c +@@ -854,13 +854,8 @@ static int moxa_init_board(struct moxa_b + } + + ret = request_firmware(&fw, file, dev); +- if (ret) { +- printk(KERN_ERR "MOXA: request_firmware failed. Make sure " +- "you've placed '%s' file into your firmware " +- "loader directory (e.g. /lib/firmware)\n", +- file); ++ if (ret) + goto err_free; +- } + + ret = moxa_load_fw(brd, fw); + +--- a/drivers/tty/serial/icom.c ++++ b/drivers/tty/serial/icom.c +@@ -362,7 +362,6 @@ static void load_code(struct icom_port * + + /* Load Call Setup into Adapter */ + if (request_firmware(&fw, "icom_call_setup.bin", &dev->dev) < 0) { +- dev_err(&dev->dev,"Unable to load icom_call_setup.bin firmware image\n"); + status = -1; + goto load_code_exit; + } +@@ -382,7 +381,6 @@ static void load_code(struct icom_port * + + /* Load Resident DCE portion of Adapter */ + if (request_firmware(&fw, "icom_res_dce.bin", &dev->dev) < 0) { +- dev_err(&dev->dev,"Unable to load icom_res_dce.bin firmware image\n"); + status = -1; + goto load_code_exit; + } +@@ -427,7 +425,6 @@ static void load_code(struct icom_port * + } + + if (request_firmware(&fw, "icom_asc.bin", &dev->dev) < 0) { +- dev_err(&dev->dev,"Unable to load icom_asc.bin firmware image\n"); + status = -1; + goto load_code_exit; + } +--- a/drivers/tty/serial/ucc_uart.c ++++ b/drivers/tty/serial/ucc_uart.c +@@ -1161,10 +1161,8 @@ static void uart_firmware_cont(const str + struct device *dev = context; + int ret; + +- if (!fw) { +- dev_err(dev, "firmware not found\n"); ++ if (!fw) + return; +- } + + firmware = (struct qe_firmware *) fw->data; + +--- a/drivers/usb/atm/cxacru.c ++++ b/drivers/usb/atm/cxacru.c +@@ -1087,8 +1087,6 @@ static int cxacru_find_firmware(struct c + return -ENOENT; + } + +- usb_info(usbatm, "found firmware %s\n", buf); +- + return 0; + } + +--- a/drivers/usb/atm/ueagle-atm.c ++++ b/drivers/usb/atm/ueagle-atm.c +@@ -606,10 +606,8 @@ static void uea_upload_pre_firmware(cons + int ret, size; + + uea_enters(usb); +- if (!fw_entry) { +- uea_err(usb, "firmware is not available\n"); ++ if (!fw_entry) + goto err; +- } + + pfw = fw_entry->data; + size = fw_entry->size; +@@ -704,10 +702,6 @@ static int uea_load_firmware(struct usb_ + ret = request_firmware_nowait(THIS_MODULE, 1, fw_name, &usb->dev, + GFP_KERNEL, usb, + uea_upload_pre_firmware); +- if (ret) +- uea_err(usb, "firmware %s is not available\n", fw_name); +- else +- uea_info(usb, "loading firmware %s\n", fw_name); + + uea_leaves(usb); + return ret; +@@ -869,12 +863,8 @@ static int request_dsp(struct uea_softc + } + + ret = request_firmware(&sc->dsp_firm, dsp_name, &sc->usb_dev->dev); +- if (ret < 0) { +- uea_err(INS_TO_USBDEV(sc), +- "requesting firmware %s failed with error %d\n", +- dsp_name, ret); ++ if (ret) + return ret; +- } + + if (UEA_CHIP_VERSION(sc) == EAGLE_IV) + ret = check_dsp_e4(sc->dsp_firm->data, sc->dsp_firm->size); +@@ -1587,12 +1577,8 @@ static int request_cmvs_old(struct uea_s + + cmvs_file_name(sc, cmv_name, 1); + ret = request_firmware(fw, cmv_name, &sc->usb_dev->dev); +- if (ret < 0) { +- uea_err(INS_TO_USBDEV(sc), +- "requesting firmware %s failed with error %d\n", +- cmv_name, ret); ++ if (ret) + return ret; +- } + + data = (u8 *) (*fw)->data; + size = (*fw)->size; +@@ -1629,9 +1615,6 @@ static int request_cmvs(struct uea_softc + "try to get older cmvs\n", cmv_name); + return request_cmvs_old(sc, cmvs, fw); + } +- uea_err(INS_TO_USBDEV(sc), +- "requesting firmware %s failed with error %d\n", +- cmv_name, ret); + return ret; + } + +@@ -1914,11 +1897,8 @@ static int load_XILINX_firmware(struct u + uea_enters(INS_TO_USBDEV(sc)); + + ret = request_firmware(&fw_entry, fw_name, &sc->usb_dev->dev); +- if (ret) { +- uea_err(INS_TO_USBDEV(sc), "firmware %s is not available\n", +- fw_name); ++ if (ret) + goto err0; +- } + + pfw = fw_entry->data; + size = fw_entry->size; +--- a/drivers/usb/misc/emi26.c ++++ b/drivers/usb/misc/emi26.c +@@ -85,21 +85,17 @@ static int emi26_load_firmware (struct u + + err = request_ihex_firmware(&loader_fw, "emi26/loader.fw", &dev->dev); + if (err) +- goto nofw; ++ goto wraperr; + + err = request_ihex_firmware(&bitstream_fw, "emi26/bitstream.fw", + &dev->dev); + if (err) +- goto nofw; ++ goto wraperr; + + err = request_ihex_firmware(&firmware_fw, "emi26/firmware.fw", + &dev->dev); +- if (err) { +- nofw: +- dev_err(&dev->dev, "%s - request_firmware() failed\n", +- __func__); ++ if (err) + goto wraperr; +- } + + /* Assert reset (stop the CPU in the EMI) */ + err = emi26_set_reset(dev,1); +--- a/drivers/usb/misc/ezusb.c ++++ b/drivers/usb/misc/ezusb.c +@@ -76,12 +76,8 @@ static int ezusb_ihex_firmware_download( + const struct ihex_binrec *record; + + if (request_ihex_firmware(&firmware, firmware_path, +- &dev->dev)) { +- dev_err(&dev->dev, +- "%s - request \"%s\" failed\n", +- __func__, firmware_path); ++ &dev->dev)) + goto out; +- } + + ret = ezusb_set_reset(dev, fx.cpucs_reg, 0); + if (ret < 0) +--- a/drivers/usb/misc/isight_firmware.c ++++ b/drivers/usb/misc/isight_firmware.c +@@ -45,7 +45,6 @@ static int isight_firmware_load(struct u + return -ENOMEM; + + if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) { +- printk(KERN_ERR "Unable to load isight firmware\n"); + ret = -ENODEV; + goto out; + } +--- a/drivers/usb/serial/io_edgeport.c ++++ b/drivers/usb/serial/io_edgeport.c +@@ -375,11 +375,8 @@ static void update_edgeport_E2PROM(struc + + response = request_ihex_firmware(&fw, fw_name, + &edge_serial->serial->dev->dev); +- if (response) { +- dev_err(dev, "Failed to load image \"%s\" err %d\n", +- fw_name, response); ++ if (response) + return; +- } + + rec = (const struct ihex_binrec *)fw->data; + BootMajorVersion = rec->data[0]; +--- a/drivers/usb/serial/io_ti.c ++++ b/drivers/usb/serial/io_ti.c +@@ -1010,8 +1010,6 @@ static int download_fw(struct edgeport_s + + status = request_firmware(&fw, fw_name, dev); + if (status) { +- dev_err(dev, "Failed to load image \"%s\" err %d\n", +- fw_name, status); + return status; + } + +--- a/drivers/usb/serial/ti_usb_3410_5052.c ++++ b/drivers/usb/serial/ti_usb_3410_5052.c +@@ -1663,10 +1663,8 @@ static int ti_download_firmware(struct t + } + + check_firmware: +- if (status) { +- dev_err(&dev->dev, "%s - firmware not found\n", __func__); ++ if (status) + return -ENOENT; +- } + if (fw_p->size > TI_FIRMWARE_BUF_SIZE) { + dev_err(&dev->dev, "%s - firmware too large %zu\n", __func__, fw_p->size); + release_firmware(fw_p); +--- a/drivers/video/fbdev/broadsheetfb.c ++++ b/drivers/video/fbdev/broadsheetfb.c +@@ -743,10 +743,8 @@ static ssize_t broadsheet_loadstore_wave + return -EINVAL; + + err = request_firmware(&fw_entry, "broadsheet.wbf", dev); +- if (err < 0) { +- dev_err(dev, "Failed to get broadsheet waveform\n"); ++ if (err) + goto err_failed; +- } + + /* try to enforce reasonable min max on waveform */ + if ((fw_entry->size < 8*1024) || (fw_entry->size > 64*1024)) { +--- a/drivers/video/fbdev/metronomefb.c ++++ b/drivers/video/fbdev/metronomefb.c +@@ -679,10 +679,8 @@ static int metronomefb_probe(struct plat + a) request the waveform file from userspace + b) process waveform and decode into metromem */ + retval = request_firmware(&fw_entry, "metronome.wbf", &dev->dev); +- if (retval < 0) { +- dev_err(&dev->dev, "Failed to get waveform\n"); ++ if (retval) + goto err_csum_table; +- } + + retval = load_waveform((u8 *) fw_entry->data, fw_entry->size, 3, 31, + par); +--- a/sound/drivers/vx/vx_hwdep.c ++++ b/sound/drivers/vx/vx_hwdep.c +@@ -58,10 +58,8 @@ int snd_vx_setup_firmware(struct vx_core + if (! fw_files[chip->type][i]) + continue; + sprintf(path, "vx/%s", fw_files[chip->type][i]); +- if (request_firmware(&fw, path, chip->dev)) { +- snd_printk(KERN_ERR "vx: can't load firmware %s\n", path); ++ if (request_firmware(&fw, path, chip->dev)) + return -ENOENT; +- } + err = chip->ops->load_dsp(chip, i, fw); + if (err < 0) { + release_firmware(fw); +--- a/sound/isa/msnd/msnd_pinnacle.c ++++ b/sound/isa/msnd/msnd_pinnacle.c +@@ -376,15 +376,11 @@ static int upload_dsp_code(struct snd_ca + outb(HPBLKSEL_0, chip->io + HP_BLKS); + + err = request_firmware(&init_fw, INITCODEFILE, card->dev); +- if (err < 0) { +- printk(KERN_ERR LOGNAME ": Error loading " INITCODEFILE); ++ if (err) + goto cleanup1; +- } + err = request_firmware(&perm_fw, PERMCODEFILE, card->dev); +- if (err < 0) { +- printk(KERN_ERR LOGNAME ": Error loading " PERMCODEFILE); ++ if (err) + goto cleanup; +- } + + memcpy_toio(chip->mappedbase, perm_fw->data, perm_fw->size); + if (snd_msnd_upload_host(chip, init_fw->data, init_fw->size) < 0) { +--- a/sound/isa/sscape.c ++++ b/sound/isa/sscape.c +@@ -531,10 +531,8 @@ static int sscape_upload_bootblock(struc + int ret; + + ret = request_firmware(&init_fw, "scope.cod", card->dev); +- if (ret < 0) { +- snd_printk(KERN_ERR "sscape: Error loading scope.cod"); ++ if (ret) + return ret; +- } + ret = upload_dma_data(sscape, init_fw->data, init_fw->size); + + release_firmware(init_fw); +@@ -571,11 +569,8 @@ static int sscape_upload_microcode(struc + snprintf(name, sizeof(name), "sndscape.co%d", version); + + err = request_firmware(&init_fw, name, card->dev); +- if (err < 0) { +- snd_printk(KERN_ERR "sscape: Error loading sndscape.co%d", +- version); ++ if (err) + return err; +- } + err = upload_dma_data(sscape, init_fw->data, init_fw->size); + if (err == 0) + snd_printk(KERN_INFO "sscape: MIDI firmware loaded %zu KBs\n", +--- a/sound/isa/wavefront/wavefront_synth.c ++++ b/sound/isa/wavefront/wavefront_synth.c +@@ -1959,10 +1959,8 @@ wavefront_download_firmware (snd_wavefro + const struct firmware *firmware; + + err = request_firmware(&firmware, path, dev->card->dev); +- if (err < 0) { +- snd_printk(KERN_ERR "firmware (%s) download failed!!!\n", path); ++ if (err) + return 1; +- } + + len = 0; + buf = firmware->data; +--- a/sound/pci/asihpi/hpidspcd.c ++++ b/sound/pci/asihpi/hpidspcd.c +@@ -35,8 +35,6 @@ short hpi_dsp_code_open(u32 adapter, voi + err = request_firmware(&firmware, fw_name, &dev->dev); + + if (err || !firmware) { +- dev_err(&dev->dev, "%d, request_firmware failed for %s\n", +- err, fw_name); + goto error1; + } + if (firmware->size < sizeof(header)) { +--- a/sound/pci/cs46xx/cs46xx_lib.c ++++ b/sound/pci/cs46xx/cs46xx_lib.c +@@ -3235,11 +3235,8 @@ int snd_cs46xx_start_dsp(struct snd_cs46 + #ifdef CONFIG_SND_CS46XX_NEW_DSP + for (i = 0; i < CS46XX_DSP_MODULES; i++) { + err = load_firmware(chip, &chip->modules[i], module_names[i]); +- if (err < 0) { +- dev_err(chip->card->dev, "firmware load error [%s]\n", +- module_names[i]); ++ if (err < 0) + return err; +- } + err = cs46xx_dsp_load_module(chip, chip->modules[i]); + if (err < 0) { + dev_err(chip->card->dev, "image download error [%s]\n", +--- a/sound/pci/echoaudio/echoaudio.c ++++ b/sound/pci/echoaudio/echoaudio.c +@@ -49,11 +49,8 @@ static int get_firmware(const struct fir + "firmware requested: %s\n", card_fw[fw_index].data); + snprintf(name, sizeof(name), "ea/%s", card_fw[fw_index].data); + err = request_firmware(fw_entry, name, &chip->pci->dev); +- if (err < 0) +- dev_err(chip->card->dev, +- "get_firmware(): Firmware not available (%d)\n", err); + #ifdef CONFIG_PM_SLEEP +- else ++ if (!err) + chip->fw_cache[fw_index] = *fw_entry; + #endif + return err; +--- a/sound/pci/emu10k1/emu10k1_main.c ++++ b/sound/pci/emu10k1/emu10k1_main.c +@@ -873,10 +873,8 @@ static int snd_emu10k1_emu1010_init(stru + dev_info(emu->card->dev, "emu1010: EMU_HANA_ID = 0x%x\n", reg); + + err = snd_emu1010_load_firmware(emu, 0, &emu->firmware); +- if (err < 0) { +- dev_info(emu->card->dev, "emu1010: Loading Firmware failed\n"); ++ if (err < 0) + return err; +- } + + /* ID, should read & 0x7f = 0x55 when FPGA programmed. */ + snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®); +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -2057,8 +2057,6 @@ static void azx_firmware_cb(const struct + + if (fw) + chip->fw = fw; +- else +- dev_err(card->dev, "Cannot load firmware, continue without patching\n"); + if (!chip->disabled) { + /* continue probing */ + azx_probe_continue(chip); +--- a/sound/pci/korg1212/korg1212.c ++++ b/sound/pci/korg1212/korg1212.c +@@ -2335,7 +2335,6 @@ static int snd_korg1212_create(struct sn + + err = request_firmware(&dsp_code, "korg/k1212.dsp", &pci->dev); + if (err < 0) { +- snd_printk(KERN_ERR "firmware not available\n"); + snd_korg1212_free(korg1212); + return err; + } +--- a/sound/pci/mixart/mixart_hwdep.c ++++ b/sound/pci/mixart/mixart_hwdep.c +@@ -558,11 +558,8 @@ int snd_mixart_setup_firmware(struct mix + + for (i = 0; i < 3; i++) { + sprintf(path, "mixart/%s", fw_files[i]); +- if (request_firmware(&fw_entry, path, &mgr->pci->dev)) { +- dev_err(&mgr->pci->dev, +- "miXart: can't load firmware %s\n", path); ++ if (request_firmware(&fw_entry, path, &mgr->pci->dev)) + return -ENOENT; +- } + /* fake hwdep dsp record */ + err = mixart_dsp_load(mgr, i, fw_entry); + release_firmware(fw_entry); +--- a/sound/pci/pcxhr/pcxhr_hwdep.c ++++ b/sound/pci/pcxhr/pcxhr_hwdep.c +@@ -372,12 +372,8 @@ int pcxhr_setup_firmware(struct pcxhr_mg + if (!fw_files[fw_set][i]) + continue; + sprintf(path, "pcxhr/%s", fw_files[fw_set][i]); +- if (request_firmware(&fw_entry, path, &mgr->pci->dev)) { +- dev_err(&mgr->pci->dev, +- "pcxhr: can't load firmware %s\n", +- path); ++ if (request_firmware(&fw_entry, path, &mgr->pci->dev)) + return -ENOENT; +- } + /* fake hwdep dsp record */ + err = pcxhr_dsp_load(mgr, i, fw_entry); + release_firmware(fw_entry); +--- a/sound/pci/riptide/riptide.c ++++ b/sound/pci/riptide/riptide.c +@@ -1217,11 +1217,8 @@ static int try_to_load_firmware(struct c + if (!chip->fw_entry) { + err = request_firmware(&chip->fw_entry, "riptide.hex", + &chip->pci->dev); +- if (err) { +- snd_printk(KERN_ERR +- "Riptide: Firmware not available %d\n", err); ++ if (err) + return -EIO; +- } + } + err = loadfirmware(cif, chip->fw_entry->data, chip->fw_entry->size); + if (err) { +--- a/sound/pci/rme9652/hdsp.c ++++ b/sound/pci/rme9652/hdsp.c +@@ -5111,11 +5111,8 @@ static int hdsp_request_fw_loader(struct + return -EINVAL; + } + +- if (request_firmware(&fw, fwfile, &hdsp->pci->dev)) { +- dev_err(hdsp->card->dev, +- "cannot load firmware %s\n", fwfile); ++ if (request_firmware(&fw, fwfile, &hdsp->pci->dev)) + return -ENOENT; +- } + if (fw->size < HDSP_FIRMWARE_SIZE) { + dev_err(hdsp->card->dev, + "too short firmware size %d (expected %d)\n", +--- a/sound/soc/codecs/wm2000.c ++++ b/sound/soc/codecs/wm2000.c +@@ -894,10 +894,8 @@ static int wm2000_i2c_probe(struct i2c_c + } + + ret = request_firmware(&fw, filename, &i2c->dev); +- if (ret != 0) { +- dev_err(&i2c->dev, "Failed to acquire ANC data: %d\n", ret); ++ if (ret != 0) + goto err_supplies; +- } + + /* Pre-cook the concatenation of the register address onto the image */ + wm2000->anc_download_size = fw->size + 2; +--- a/sound/usb/6fire/firmware.c ++++ b/sound/usb/6fire/firmware.c +@@ -203,8 +203,6 @@ static int usb6fire_fw_ezusb_upload( + ret = request_firmware(&fw, fwname, &device->dev); + if (ret < 0) { + kfree(rec); +- dev_err(&intf->dev, +- "error requesting ezusb firmware %s.\n", fwname); + return ret; + } + ret = usb6fire_fw_ihex_init(fw, rec); +@@ -280,8 +278,6 @@ static int usb6fire_fw_fpga_upload( + + ret = request_firmware(&fw, fwname, &device->dev); + if (ret < 0) { +- dev_err(&intf->dev, "unable to get fpga firmware %s.\n", +- fwname); + kfree(buffer); + return -EIO; + } diff --git a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch new file mode 100644 index 000000000..092a74496 --- /dev/null +++ b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch @@ -0,0 +1,83 @@ +From: Ben Hutchings +Subject: firmware_class: Log every success and failure against given device +Date: Sun, 09 Dec 2012 16:02:00 +0000 +Forwarded: no + +The hundreds of users of request_firmware() have nearly as many +different log formats for reporting failures. They also have only the +vaguest hint as to what went wrong; only firmware_class really knows +that. Therefore, add specific log messages for the failure modes that +aren't currently logged. + +In case of a driver that tries multiple names, this may result in the +impression that it failed to initialise. Therefore, also log successes. + +This makes many error messages in drivers redundant, which will be +removed in later patches. + +This does not cover the case where we fall back to a user-mode helper +(which is no longer enabled in Debian). + +NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n" +format to detect missing firmware. +--- + drivers/base/firmware_loader/fallback.c | 2 +- + drivers/base/firmware_loader/main.c | 17 ++++++++--------- + 2 files changed, 9 insertions(+), 10 deletions(-) + +--- a/drivers/base/firmware_loader/fallback.c ++++ b/drivers/base/firmware_loader/fallback.c +@@ -558,7 +558,7 @@ static int fw_load_from_user_helper(stru + if (opt_flags & FW_OPT_NOWAIT) { + timeout = usermodehelper_read_lock_wait(timeout); + if (!timeout) { +- dev_dbg(device, "firmware: %s loading timed out\n", ++ dev_err(device, "firmware: %s loading timed out\n", + name); + return -EBUSY; + } +--- a/drivers/base/firmware_loader/main.c ++++ b/drivers/base/firmware_loader/main.c +@@ -535,18 +535,15 @@ fw_get_filesystem_firmware(struct device + file_size_ptr, + READING_FIRMWARE); + if (rc < 0) { +- if (rc != -ENOENT) +- dev_warn(device, "loading %s failed with error %d\n", +- path, rc); +- else +- dev_dbg(device, "loading %s failed for no such file or directory.\n", +- path); ++ dev_dbg(device, "loading %s failed with error %d\n", ++ path, rc); + continue; + } + size = rc; + rc = 0; + +- dev_dbg(device, "Loading firmware from %s\n", path); ++ dev_info(device, "firmware: direct-loading firmware %s\n", ++ fw_priv->fw_name); + if (decompress) { + dev_dbg(device, "f/w decompressing %s\n", + fw_priv->fw_name); +@@ -559,8 +556,6 @@ fw_get_filesystem_firmware(struct device + continue; + } + } else { +- dev_dbg(device, "direct-loading %s\n", +- fw_priv->fw_name); + if (!fw_priv->data) + fw_priv->data = buffer; + fw_priv->size = size; +@@ -570,6 +565,10 @@ fw_get_filesystem_firmware(struct device + } + __putname(path); + ++ if (rc) ++ dev_err(device, "firmware: failed to load %s (%d)\n", ++ fw_priv->fw_name, rc); ++ + return rc; + } + diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch new file mode 100644 index 000000000..540a1341c --- /dev/null +++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch @@ -0,0 +1,70 @@ +From: Ben Hutchings +Date: Wed, 13 Apr 2016 21:48:06 +0100 +Subject: fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers +Bug-Debian: https://bugs.debian.org/819725 +Forwarded: http://mid.gmane.org/20160517133631.GF7555@decadent.org.uk + +This helps initramfs builders and other tools to find the full +dependencies of a module. + +Signed-off-by: Ben Hutchings +[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] +--- + fs/btrfs/super.c | 2 +- + fs/ext4/super.c | 2 +- + fs/f2fs/super.c | 1 + + fs/jbd2/journal.c | 1 + + fs/nfsd/nfsctl.c | 3 +++ + 5 files changed, 7 insertions(+), 2 deletions(-) + +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -2597,7 +2597,7 @@ late_initcall(init_btrfs_fs); + module_exit(exit_btrfs_fs) + + MODULE_LICENSE("GPL"); +-MODULE_SOFTDEP("pre: crc32c"); ++MODULE_SOFTDEP("pre: crypto-crc32c"); + MODULE_SOFTDEP("pre: xxhash64"); + MODULE_SOFTDEP("pre: sha256"); + MODULE_SOFTDEP("pre: blake2b-256"); +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -6746,6 +6746,6 @@ static void __exit ext4_exit_fs(void) + MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"); + MODULE_DESCRIPTION("Fourth Extended Filesystem"); + MODULE_LICENSE("GPL"); +-MODULE_SOFTDEP("pre: crc32c"); ++MODULE_SOFTDEP("pre: crypto-crc32c"); + module_init(ext4_init_fs) + module_exit(ext4_exit_fs) +--- a/fs/f2fs/super.c ++++ b/fs/f2fs/super.c +@@ -4122,5 +4122,5 @@ module_exit(exit_f2fs_fs) + MODULE_AUTHOR("Samsung Electronics's Praesto Team"); + MODULE_DESCRIPTION("Flash Friendly File System"); + MODULE_LICENSE("GPL"); +-MODULE_SOFTDEP("pre: crc32"); ++MODULE_SOFTDEP("pre: crypto-crc32"); + +--- a/fs/jbd2/journal.c ++++ b/fs/jbd2/journal.c +@@ -3012,6 +3012,7 @@ static void __exit journal_exit(void) + } + + MODULE_LICENSE("GPL"); ++MODULE_SOFTDEP("pre: crypto-crc32c"); + module_init(journal_init); + module_exit(journal_exit); + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1580,5 +1580,8 @@ static void __exit exit_nfsd(void) + + MODULE_AUTHOR("Olaf Kirch "); + MODULE_LICENSE("GPL"); ++#ifdef CONFIG_NFSD_V4 ++MODULE_SOFTDEP("pre: crypto-md5"); ++#endif + module_init(init_nfsd) + module_exit(exit_nfsd) diff --git a/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch b/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch new file mode 100644 index 000000000..820479896 --- /dev/null +++ b/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings +Subject: kbuild: Fix recordmcount dependency for OOT modules +Date: Mon, 08 Sep 2014 18:31:24 +0100 +Forwarded: no + +We never rebuild anything in-tree when building an out-of-tree +modules, so external modules should not depend on the recordmcount +sources. + +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -232,6 +232,11 @@ cmd_record_mcount = \ + endif # CC_USING_RECORD_MCOUNT + endif # CONFIG_FTRACE_MCOUNT_RECORD + ++# Don't require recordmcount source for an OOT build. ++ifdef KBUILD_EXTMOD ++recordmcount_source := ++endif ++ + ifdef CONFIG_STACK_VALIDATION + ifneq ($(SKIP_STACK_VALIDATION),1) + diff --git a/debian/patches/bugfix/all/libcpupower-hide-private-function.patch b/debian/patches/bugfix/all/libcpupower-hide-private-function.patch new file mode 100644 index 000000000..ac76e638e --- /dev/null +++ b/debian/patches/bugfix/all/libcpupower-hide-private-function.patch @@ -0,0 +1,20 @@ +From: Ben Hutchings +Date: Sat, 01 Dec 2018 19:22:50 +0000 +Subject: libcpupower: Hide private function + +cpupower_read_sysfs() (previously known as sysfs_read_file()) is an +internal function in libcpupower and should not be exported when +libcpupower is a shared library. Change its visibility to "hidden". + +Signed-off-by: Ben Hutchings +--- +--- a/tools/power/cpupower/lib/cpupower.c ++++ b/tools/power/cpupower/lib/cpupower.c +@@ -15,6 +15,7 @@ + #include "cpupower.h" + #include "cpupower_intern.h" + ++__attribute__((visibility("hidden"))) + unsigned int cpupower_read_sysfs(const char *path, char *buf, size_t buflen) + { + int fd; diff --git a/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch new file mode 100644 index 000000000..2ab62688a --- /dev/null +++ b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings +Date: Fri, 02 Dec 2016 23:06:18 +0000 +Subject: module: Disable matching missing version CRC +Forwarded: not-needed + +This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061. +We want to fail closed if a symbol version CRC is missing, as the +alternative may allow subverting module signing. +--- +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -1313,9 +1313,8 @@ static int check_version(const struct lo + goto bad_version; + } + +- /* Broken toolchain. Warn once, then let it go.. */ +- pr_warn_once("%s: no symbol version for %s\n", info->name, symname); +- return 1; ++ pr_warn("%s: no symbol version for %s\n", info->name, symname); ++ return 0; + + bad_version: + pr_warn("%s: disagrees about version of symbol %s\n", diff --git a/debian/patches/bugfix/all/netfilter-nf_tables-reject-QUEUE-DROP-verdict-parame.patch b/debian/patches/bugfix/all/netfilter-nf_tables-reject-QUEUE-DROP-verdict-parame.patch new file mode 100644 index 000000000..a6e35b7f2 --- /dev/null +++ b/debian/patches/bugfix/all/netfilter-nf_tables-reject-QUEUE-DROP-verdict-parame.patch @@ -0,0 +1,73 @@ +From: Florian Westphal +Date: Sat, 20 Jan 2024 22:50:04 +0100 +Subject: netfilter: nf_tables: reject QUEUE/DROP verdict parameters +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit?id=11351dcb86e3eec82492e20a63bb36f5a340dc85 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-1086 + +commit f342de4e2f33e0e39165d8639387aa6c19dff660 upstream. + +This reverts commit e0abdadcc6e1. + +core.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP +verdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar, +or 0. + +Due to the reverted commit, its possible to provide a positive +value, e.g. NF_ACCEPT (1), which results in use-after-free. + +Its not clear to me why this commit was made. + +NF_QUEUE is not used by nftables; "queue" rules in nftables +will result in use of "nft_queue" expression. + +If we later need to allow specifiying errno values from userspace +(do not know why), this has to call NF_DROP_GETERR and check that +"err <= 0" holds true. + +Fixes: e0abdadcc6e1 ("netfilter: nf_tables: accept QUEUE/DROP verdict parameters") +Cc: stable@vger.kernel.org +Reported-by: Notselwyn +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/netfilter/nf_tables_api.c | 16 ++++++---------- + 1 file changed, 6 insertions(+), 10 deletions(-) + +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 0d0b76a5ddfa..f586e8b3c6cf 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -9340,16 +9340,10 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, + data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE])); + + switch (data->verdict.code) { +- default: +- switch (data->verdict.code & NF_VERDICT_MASK) { +- case NF_ACCEPT: +- case NF_DROP: +- case NF_QUEUE: +- break; +- default: +- return -EINVAL; +- } +- fallthrough; ++ case NF_ACCEPT: ++ case NF_DROP: ++ case NF_QUEUE: ++ break; + case NFT_CONTINUE: + case NFT_BREAK: + case NFT_RETURN: +@@ -9384,6 +9378,8 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, + + data->verdict.chain = chain; + break; ++ default: ++ return -EINVAL; + } + + desc->len = sizeof(data->verdict); +-- +2.43.0 + diff --git a/debian/patches/bugfix/all/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch b/debian/patches/bugfix/all/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch new file mode 100644 index 000000000..368787579 --- /dev/null +++ b/debian/patches/bugfix/all/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch @@ -0,0 +1,49 @@ +From: Miklos Szeredi +Date: Tue, 24 Jan 2023 16:41:18 +0100 +Subject: ovl: fail on invalid uid/gid mapping at copy up +Origin: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-0386 + +If st_uid/st_gid doesn't have a mapping in the mounter's user_ns, then +copy-up should fail, just like it would fail if the mounter task was doing +the copy using "cp -a". + +There's a corner case where the "cp -a" would succeed but copy up fail: if +there's a mapping of the invalid uid/gid (65534 by default) in the user +namespace. This is because stat(2) will return this value if the mapping +doesn't exist in the current user_ns and "cp -a" will in turn be able to +create a file with this uid/gid. + +This behavior would be inconsistent with POSIX ACL's, which return -1 for +invalid uid/gid which result in a failed copy. + +For consistency and simplicity fail the copy of the st_uid/st_gid are +invalid. + +Fixes: 459c7c565ac3 ("ovl: unprivieged mounts") +Cc: # v5.11 +Signed-off-by: Miklos Szeredi +Reviewed-by: Christian Brauner +Reviewed-by: Seth Forshee +--- + fs/overlayfs/copy_up.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c +index 140f2742074d..c14e90764e35 100644 +--- a/fs/overlayfs/copy_up.c ++++ b/fs/overlayfs/copy_up.c +@@ -1011,6 +1011,10 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, + if (err) + return err; + ++ if (!kuid_has_mapping(current_user_ns(), ctx.stat.uid) || ++ !kgid_has_mapping(current_user_ns(), ctx.stat.gid)) ++ return -EOVERFLOW; ++ + ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags); + + if (parent) { +-- +2.40.1 + diff --git a/debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch b/debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch new file mode 100644 index 000000000..7367a1416 --- /dev/null +++ b/debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch @@ -0,0 +1,140 @@ +From: Ben Hutchings +Date: Tue, 20 Aug 2019 18:12:35 +0100 +Subject: Partially revert "net: socket: implement 64-bit timestamps" + +The introduction of SIOCGSTAMP{,NS}_OLD and move of SICOGSTAMP{,NS} to +a different header has caused build failures for various user-space +programs including qemu and suricata. It also causes a test failure +for glibc. + +For now, remove the _OLD suffix on the old ioctl numbers and require +programs using 64-bit timestamps to explicitly use SIOCGSTAMP{,NS}_NEW. + +References: https://lore.kernel.org/lkml/af0eb47a-5b98-1bd9-3e8d-652e7f28b01f@de.ibm.com/ +References: https://bugs.debian.org/934316 +References: https://ci.debian.net/data/autopkgtest/testing/amd64/g/glibc/2772289/log.gz +Signed-off-by: Ben Hutchings +--- +--- a/arch/alpha/include/uapi/asm/sockios.h ++++ b/arch/alpha/include/uapi/asm/sockios.h +@@ -11,7 +11,7 @@ + #define SIOCSPGRP _IOW('s', 8, pid_t) + #define SIOCGPGRP _IOR('s', 9, pid_t) + +-#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ +-#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ ++#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ ++#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ + + #endif /* _ASM_ALPHA_SOCKIOS_H */ +--- a/arch/mips/include/uapi/asm/sockios.h ++++ b/arch/mips/include/uapi/asm/sockios.h +@@ -21,7 +21,7 @@ + #define SIOCSPGRP _IOW('s', 8, pid_t) + #define SIOCGPGRP _IOR('s', 9, pid_t) + +-#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ +-#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ ++#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ ++#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ + + #endif /* _ASM_SOCKIOS_H */ +--- a/arch/sh/include/uapi/asm/sockios.h ++++ b/arch/sh/include/uapi/asm/sockios.h +@@ -12,7 +12,6 @@ + #define SIOCSPGRP _IOW('s', 8, pid_t) + #define SIOCGPGRP _IOR('s', 9, pid_t) + +-#define SIOCGSTAMP_OLD _IOR('s', 100, struct __kernel_old_timeval) /* Get stamp (timeval) */ +-#define SIOCGSTAMPNS_OLD _IOR('s', 101, struct __kernel_old_timespec) /* Get stamp (timespec) */ +- ++#define SIOCGSTAMP _IOR('s', 100, struct __kernel_old_timeval) /* Get stamp (timeval) */ ++#define SIOCGSTAMPNS _IOR('s', 101, struct __kernel_old_timespec) /* Get stamp (timespec) */ + #endif /* __ASM_SH_SOCKIOS_H */ +--- a/arch/xtensa/include/uapi/asm/sockios.h ++++ b/arch/xtensa/include/uapi/asm/sockios.h +@@ -26,7 +26,7 @@ + #define SIOCSPGRP _IOW('s', 8, pid_t) + #define SIOCGPGRP _IOR('s', 9, pid_t) + +-#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ +-#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ ++#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ ++#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ + + #endif /* _XTENSA_SOCKIOS_H */ +--- a/include/uapi/asm-generic/sockios.h ++++ b/include/uapi/asm-generic/sockios.h +@@ -8,7 +8,7 @@ + #define FIOGETOWN 0x8903 + #define SIOCGPGRP 0x8904 + #define SIOCATMARK 0x8905 +-#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ +-#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ ++#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ ++#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ + + #endif /* __ASM_GENERIC_SOCKIOS_H */ +--- a/include/uapi/linux/sockios.h ++++ b/include/uapi/linux/sockios.h +@@ -19,7 +19,6 @@ + #ifndef _LINUX_SOCKIOS_H + #define _LINUX_SOCKIOS_H + +-#include + #include + + /* Linux-specific socket ioctls */ +@@ -37,17 +36,6 @@ + /* Get stamp (timespec) */ + #define SIOCGSTAMPNS_NEW _IOR(SOCK_IOC_TYPE, 0x07, long long[2]) + +-#if __BITS_PER_LONG == 64 || (defined(__x86_64__) && defined(__ILP32__)) +-/* on 64-bit and x32, avoid the ?: operator */ +-#define SIOCGSTAMP SIOCGSTAMP_OLD +-#define SIOCGSTAMPNS SIOCGSTAMPNS_OLD +-#else +-#define SIOCGSTAMP ((sizeof(struct timeval)) == 8 ? \ +- SIOCGSTAMP_OLD : SIOCGSTAMP_NEW) +-#define SIOCGSTAMPNS ((sizeof(struct timespec)) == 8 ? \ +- SIOCGSTAMPNS_OLD : SIOCGSTAMPNS_NEW) +-#endif +- + /* Routing table calls. */ + #define SIOCADDRT 0x890B /* add routing table entry */ + #define SIOCDELRT 0x890C /* delete routing table entry */ +--- a/net/socket.c ++++ b/net/socket.c +@@ -1163,14 +1163,14 @@ static long sock_ioctl(struct file *file + + err = open_related_ns(&net->ns, get_net_ns); + break; +- case SIOCGSTAMP_OLD: +- case SIOCGSTAMPNS_OLD: ++ case SIOCGSTAMP: ++ case SIOCGSTAMPNS: + if (!sock->ops->gettstamp) { + err = -ENOIOCTLCMD; + break; + } + err = sock->ops->gettstamp(sock, argp, +- cmd == SIOCGSTAMP_OLD, ++ cmd == SIOCGSTAMP, + !IS_ENABLED(CONFIG_64BIT)); + break; + case SIOCGSTAMP_NEW: +@@ -3273,11 +3273,11 @@ static int compat_sock_ioctl_trans(struc + case SIOCGIFMAP: + case SIOCSIFMAP: + return compat_sioc_ifmap(net, cmd, argp); +- case SIOCGSTAMP_OLD: +- case SIOCGSTAMPNS_OLD: ++ case SIOCGSTAMP: ++ case SIOCGSTAMPNS: + if (!sock->ops->gettstamp) + return -ENOIOCTLCMD; +- return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD, ++ return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP, + !COMPAT_USE_64BIT_TIME); + + case SIOCETHTOOL: diff --git a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch new file mode 100644 index 000000000..a40c600ae --- /dev/null +++ b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch @@ -0,0 +1,139 @@ +From: Ben Hutchings +Subject: radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward +Date: Tue, 08 Jan 2013 03:25:52 +0000 +Bug-Debian: https://bugs.debian.org/607194 +Bug-Debian: https://bugs.debian.org/607471 +Bug-Debian: https://bugs.debian.org/610851 +Bug-Debian: https://bugs.debian.org/627497 +Bug-Debian: https://bugs.debian.org/632212 +Bug-Debian: https://bugs.debian.org/637943 +Bug-Debian: https://bugs.debian.org/649448 +Bug-Debian: https://bugs.debian.org/697229 +Forwarded: no + +radeon requires firmware/microcode for the GPU in all chips, but for +newer chips (apparently R600 'Evergreen' onward) it also expects +firmware for the memory controller and other sub-blocks. + +radeon attempts to gracefully fall back and disable some features if +the firmware is not available, but becomes unstable - the framebuffer +and/or system memory may be corrupted, or the display may stay black. + +Therefore, perform a basic check for the existence of +/lib/firmware/{radeon,amdgpu} when a device is probed, and abort if it +is missing, except for the pre-R600 case. + +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 29 ++++++++++++++++++++++++ + drivers/gpu/drm/radeon/radeon_drv.c | 30 +++++++++++++++++++++++++ + 2 files changed, 59 insertions(+) + +Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +=================================================================== +--- debian-kernel.orig/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c ++++ debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +@@ -36,6 +36,8 @@ + #include + #include + #include ++#include ++#include + + #include "amdgpu.h" + #include "amdgpu_irq.h" +@@ -1017,6 +1019,28 @@ MODULE_DEVICE_TABLE(pci, pciidlist); + + static struct drm_driver kms_driver; + ++/* Test that /lib/firmware/amdgpu is a directory (or symlink to a ++ * directory). We could try to match the udev search path, but let's ++ * keep it simple. ++ */ ++static bool amdgpu_firmware_installed(void) ++{ ++#if IS_BUILTIN(CONFIG_DRM_AMDGPU) ++ /* It may be too early to tell. Assume it's there. */ ++ return true; ++#else ++ struct path path; ++ ++ if (kern_path("/lib/firmware/amdgpu", LOOKUP_DIRECTORY | LOOKUP_FOLLOW, ++ &path) == 0) { ++ path_put(&path); ++ return true; ++ } ++ ++ return false; ++#endif ++} ++ + static int amdgpu_pci_probe(struct pci_dev *pdev, + const struct pci_device_id *ent) + { +@@ -1070,6 +1094,11 @@ static int amdgpu_pci_probe(struct pci_d + } + #endif + ++ if (!amdgpu_firmware_installed()) { ++ DRM_ERROR("amdgpu requires firmware installed\n"); ++ return -ENODEV; ++ } ++ + /* Get rid of things like offb */ + ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, "amdgpudrmfb"); + if (ret) +Index: debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c +=================================================================== +--- debian-kernel.orig/drivers/gpu/drm/radeon/radeon_drv.c ++++ debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c +@@ -48,6 +48,8 @@ + #include + #include + #include ++#include ++#include + + #include "radeon_drv.h" + +@@ -321,6 +323,28 @@ static struct drm_driver kms_driver; + + bool radeon_device_is_virtual(void); + ++/* Test that /lib/firmware/radeon is a directory (or symlink to a ++ * directory). We could try to match the udev search path, but let's ++ * keep it simple. ++ */ ++static bool radeon_firmware_installed(void) ++{ ++#if IS_BUILTIN(CONFIG_DRM_RADEON) ++ /* It may be too early to tell. Assume it's there. */ ++ return true; ++#else ++ struct path path; ++ ++ if (kern_path("/lib/firmware/radeon", LOOKUP_DIRECTORY | LOOKUP_FOLLOW, ++ &path) == 0) { ++ path_put(&path); ++ return true; ++ } ++ ++ return false; ++#endif ++} ++ + static int radeon_pci_probe(struct pci_dev *pdev, + const struct pci_device_id *ent) + { +@@ -360,6 +384,12 @@ static int radeon_pci_probe(struct pci_d + if (vga_switcheroo_client_probe_defer(pdev)) + return -EPROBE_DEFER; + ++ if ((ent->driver_data & RADEON_FAMILY_MASK) >= CHIP_R600 && ++ !radeon_firmware_installed()) { ++ DRM_ERROR("radeon kernel modesetting for R600 or later requires firmware installed\n"); ++ return -ENODEV; ++ } ++ + /* Get rid of things like offb */ + ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, "radeondrmfb"); + if (ret) diff --git a/debian/patches/bugfix/all/smb3-Replace-smb2pdu-1-element-arrays-with-flex-arra.patch b/debian/patches/bugfix/all/smb3-Replace-smb2pdu-1-element-arrays-with-flex-arra.patch new file mode 100644 index 000000000..bc4e28488 --- /dev/null +++ b/debian/patches/bugfix/all/smb3-Replace-smb2pdu-1-element-arrays-with-flex-arra.patch @@ -0,0 +1,375 @@ +From: Kees Cook +Date: Fri, 26 Jan 2024 22:31:43 +0300 +Subject: smb3: Replace smb2pdu 1-element arrays with flex-arrays +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit?id=06aa6eff7b243891c631b40852a0c453e274955d + +commit eb3e28c1e89b4984308777231887e41aa8a0151f upstream. + +The kernel is globally removing the ambiguous 0-length and 1-element +arrays in favor of flexible arrays, so that we can gain both compile-time +and run-time array bounds checking[1]. + +Replace the trailing 1-element array with a flexible array in the +following structures: + + struct smb2_err_rsp + struct smb2_tree_connect_req + struct smb2_negotiate_rsp + struct smb2_sess_setup_req + struct smb2_sess_setup_rsp + struct smb2_read_req + struct smb2_read_rsp + struct smb2_write_req + struct smb2_write_rsp + struct smb2_query_directory_req + struct smb2_query_directory_rsp + struct smb2_set_info_req + struct smb2_change_notify_rsp + struct smb2_create_rsp + struct smb2_query_info_req + struct smb2_query_info_rsp + +Replace the trailing 1-element array with a flexible array, but leave +the existing structure padding: + + struct smb2_file_all_info + struct smb2_lock_req + +Adjust all related size calculations to match the changes to sizeof(). + +No machine code output or .data section differences are produced after +these changes. + +[1] For lots of details, see both: + https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element-arrays + https://people.kernel.org/kees/bounded-flexible-arrays-in-c + +Cc: Steve French +Cc: Paulo Alcantara +Cc: Ronnie Sahlberg +Cc: Shyam Prasad N +Cc: Tom Talpey +Cc: Namjae Jeon +Cc: Sergey Senozhatsky +Cc: linux-cifs@vger.kernel.org +Cc: samba-technical@lists.samba.org +Reviewed-by: Namjae Jeon +Signed-off-by: Kees Cook +Signed-off-by: Steve French +Signed-off-by: Vasiliy Kovalev +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/smb2misc.c | 2 +- + fs/cifs/smb2ops.c | 14 +++++++------- + fs/cifs/smb2pdu.c | 13 ++++++------- + fs/cifs/smb2pdu.h | 42 ++++++++++++++++++++++++------------------ + 4 files changed, 38 insertions(+), 33 deletions(-) + +diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c +index b98bba887f84..660e00eb4206 100644 +--- a/fs/cifs/smb2misc.c ++++ b/fs/cifs/smb2misc.c +@@ -117,7 +117,7 @@ static __u32 get_neg_ctxt_len(struct smb2_sync_hdr *hdr, __u32 len, + } else if (nc_offset + 1 == non_ctxlen) { + cifs_dbg(FYI, "no SPNEGO security blob in negprot rsp\n"); + size_of_pad_before_neg_ctxts = 0; +- } else if (non_ctxlen == SMB311_NEGPROT_BASE_SIZE) ++ } else if (non_ctxlen == SMB311_NEGPROT_BASE_SIZE + 1) + /* has padding, but no SPNEGO blob */ + size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen + 1; + else +diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c +index 26edaeb4245d..84850a55c8b7 100644 +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -5561,7 +5561,7 @@ struct smb_version_values smb20_values = { + .header_size = sizeof(struct smb2_sync_hdr), + .header_preamble_size = 0, + .max_header_size = MAX_SMB2_HDR_SIZE, +- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, ++ .read_rsp_size = sizeof(struct smb2_read_rsp), + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, +@@ -5583,7 +5583,7 @@ struct smb_version_values smb21_values = { + .header_size = sizeof(struct smb2_sync_hdr), + .header_preamble_size = 0, + .max_header_size = MAX_SMB2_HDR_SIZE, +- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, ++ .read_rsp_size = sizeof(struct smb2_read_rsp), + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, +@@ -5604,7 +5604,7 @@ struct smb_version_values smb3any_values = { + .header_size = sizeof(struct smb2_sync_hdr), + .header_preamble_size = 0, + .max_header_size = MAX_SMB2_HDR_SIZE, +- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, ++ .read_rsp_size = sizeof(struct smb2_read_rsp), + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, +@@ -5625,7 +5625,7 @@ struct smb_version_values smbdefault_values = { + .header_size = sizeof(struct smb2_sync_hdr), + .header_preamble_size = 0, + .max_header_size = MAX_SMB2_HDR_SIZE, +- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, ++ .read_rsp_size = sizeof(struct smb2_read_rsp), + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, +@@ -5646,7 +5646,7 @@ struct smb_version_values smb30_values = { + .header_size = sizeof(struct smb2_sync_hdr), + .header_preamble_size = 0, + .max_header_size = MAX_SMB2_HDR_SIZE, +- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, ++ .read_rsp_size = sizeof(struct smb2_read_rsp), + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, +@@ -5667,7 +5667,7 @@ struct smb_version_values smb302_values = { + .header_size = sizeof(struct smb2_sync_hdr), + .header_preamble_size = 0, + .max_header_size = MAX_SMB2_HDR_SIZE, +- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, ++ .read_rsp_size = sizeof(struct smb2_read_rsp), + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, +@@ -5688,7 +5688,7 @@ struct smb_version_values smb311_values = { + .header_size = sizeof(struct smb2_sync_hdr), + .header_preamble_size = 0, + .max_header_size = MAX_SMB2_HDR_SIZE, +- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, ++ .read_rsp_size = sizeof(struct smb2_read_rsp), + .lock_cmd = SMB2_LOCK, + .cap_unix = 0, + .cap_nt_find = SMB2_NT_FIND, +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c +index 76679dc4e632..4aec01841f0f 100644 +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -1261,7 +1261,7 @@ SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data) + + /* Testing shows that buffer offset must be at location of Buffer[0] */ + req->SecurityBufferOffset = +- cpu_to_le16(sizeof(struct smb2_sess_setup_req) - 1 /* pad */); ++ cpu_to_le16(sizeof(struct smb2_sess_setup_req)); + req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len); + + memset(&rqst, 0, sizeof(struct smb_rqst)); +@@ -1760,8 +1760,7 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, + iov[0].iov_len = total_len - 1; + + /* Testing shows that buffer offset must be at location of Buffer[0] */ +- req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req) +- - 1 /* pad */); ++ req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)); + req->PathLength = cpu_to_le16(unc_path_len - 2); + iov[1].iov_base = unc_path; + iov[1].iov_len = unc_path_len; +@@ -4676,7 +4675,7 @@ int SMB2_query_directory_init(const unsigned int xid, + memcpy(bufptr, &asteriks, len); + + req->FileNameOffset = +- cpu_to_le16(sizeof(struct smb2_query_directory_req) - 1); ++ cpu_to_le16(sizeof(struct smb2_query_directory_req)); + req->FileNameLength = cpu_to_le16(len); + /* + * BB could be 30 bytes or so longer if we used SMB2 specific +@@ -4873,7 +4872,7 @@ SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, + req->AdditionalInformation = cpu_to_le32(additional_info); + + req->BufferOffset = +- cpu_to_le16(sizeof(struct smb2_set_info_req) - 1); ++ cpu_to_le16(sizeof(struct smb2_set_info_req)); + req->BufferLength = cpu_to_le32(*size); + + memcpy(req->Buffer, *data, *size); +@@ -5105,9 +5104,9 @@ build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, + req->VolatileFileId = volatile_fid; + /* 1 for pad */ + req->InputBufferOffset = +- cpu_to_le16(sizeof(struct smb2_query_info_req) - 1); ++ cpu_to_le16(sizeof(struct smb2_query_info_req)); + req->OutputBufferLength = cpu_to_le32( +- outbuf_len + sizeof(struct smb2_query_info_rsp) - 1); ++ outbuf_len + sizeof(struct smb2_query_info_rsp)); + + iov->iov_base = (char *)req; + iov->iov_len = total_len; +diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h +index 89a732b31390..eaa873175318 100644 +--- a/fs/cifs/smb2pdu.h ++++ b/fs/cifs/smb2pdu.h +@@ -220,7 +220,7 @@ struct smb2_err_rsp { + __le16 StructureSize; + __le16 Reserved; /* MBZ */ + __le32 ByteCount; /* even if zero, at least one byte follows */ +- __u8 ErrorData[1]; /* variable length */ ++ __u8 ErrorData[]; /* variable length */ + } __packed; + + #define SYMLINK_ERROR_TAG 0x4c4d5953 +@@ -464,7 +464,7 @@ struct smb2_negotiate_rsp { + __le16 SecurityBufferOffset; + __le16 SecurityBufferLength; + __le32 NegotiateContextOffset; /* Pre:SMB3.1.1 was reserved/ignored */ +- __u8 Buffer[1]; /* variable length GSS security buffer */ ++ __u8 Buffer[]; /* variable length GSS security buffer */ + } __packed; + + /* Flags */ +@@ -481,7 +481,7 @@ struct smb2_sess_setup_req { + __le16 SecurityBufferOffset; + __le16 SecurityBufferLength; + __u64 PreviousSessionId; +- __u8 Buffer[1]; /* variable length GSS security buffer */ ++ __u8 Buffer[]; /* variable length GSS security buffer */ + } __packed; + + /* Currently defined SessionFlags */ +@@ -494,7 +494,7 @@ struct smb2_sess_setup_rsp { + __le16 SessionFlags; + __le16 SecurityBufferOffset; + __le16 SecurityBufferLength; +- __u8 Buffer[1]; /* variable length GSS security buffer */ ++ __u8 Buffer[]; /* variable length GSS security buffer */ + } __packed; + + struct smb2_logoff_req { +@@ -520,7 +520,7 @@ struct smb2_tree_connect_req { + __le16 Flags; /* Reserved MBZ for dialects prior to SMB3.1.1 */ + __le16 PathOffset; + __le16 PathLength; +- __u8 Buffer[1]; /* variable length */ ++ __u8 Buffer[]; /* variable length */ + } __packed; + + /* See MS-SMB2 section 2.2.9.2 */ +@@ -828,7 +828,7 @@ struct smb2_create_rsp { + __u64 VolatileFileId; /* opaque endianness */ + __le32 CreateContextsOffset; + __le32 CreateContextsLength; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + struct create_context { +@@ -1289,7 +1289,7 @@ struct smb2_read_plain_req { + __le32 RemainingBytes; + __le16 ReadChannelInfoOffset; + __le16 ReadChannelInfoLength; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + /* Read flags */ +@@ -1304,7 +1304,7 @@ struct smb2_read_rsp { + __le32 DataLength; + __le32 DataRemaining; + __u32 Flags; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + /* For write request Flags field below the following flags are defined: */ +@@ -1324,7 +1324,7 @@ struct smb2_write_req { + __le16 WriteChannelInfoOffset; + __le16 WriteChannelInfoLength; + __le32 Flags; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + struct smb2_write_rsp { +@@ -1335,7 +1335,7 @@ struct smb2_write_rsp { + __le32 DataLength; + __le32 DataRemaining; + __u32 Reserved2; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + /* notify flags */ +@@ -1371,7 +1371,7 @@ struct smb2_change_notify_rsp { + __le16 StructureSize; /* Must be 9 */ + __le16 OutputBufferOffset; + __le32 OutputBufferLength; +- __u8 Buffer[1]; /* array of file notify structs */ ++ __u8 Buffer[]; /* array of file notify structs */ + } __packed; + + #define SMB2_LOCKFLAG_SHARED_LOCK 0x0001 +@@ -1394,7 +1394,10 @@ struct smb2_lock_req { + __u64 PersistentFileId; /* opaque endianness */ + __u64 VolatileFileId; /* opaque endianness */ + /* Followed by at least one */ +- struct smb2_lock_element locks[1]; ++ union { ++ struct smb2_lock_element lock; ++ DECLARE_FLEX_ARRAY(struct smb2_lock_element, locks); ++ }; + } __packed; + + struct smb2_lock_rsp { +@@ -1434,7 +1437,7 @@ struct smb2_query_directory_req { + __le16 FileNameOffset; + __le16 FileNameLength; + __le32 OutputBufferLength; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + struct smb2_query_directory_rsp { +@@ -1442,7 +1445,7 @@ struct smb2_query_directory_rsp { + __le16 StructureSize; /* Must be 9 */ + __le16 OutputBufferOffset; + __le32 OutputBufferLength; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + /* Possible InfoType values */ +@@ -1483,7 +1486,7 @@ struct smb2_query_info_req { + __le32 Flags; + __u64 PersistentFileId; /* opaque endianness */ + __u64 VolatileFileId; /* opaque endianness */ +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + struct smb2_query_info_rsp { +@@ -1491,7 +1494,7 @@ struct smb2_query_info_rsp { + __le16 StructureSize; /* Must be 9 */ + __le16 OutputBufferOffset; + __le32 OutputBufferLength; +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + /* +@@ -1514,7 +1517,7 @@ struct smb2_set_info_req { + __le32 AdditionalInformation; + __u64 PersistentFileId; /* opaque endianness */ + __u64 VolatileFileId; /* opaque endianness */ +- __u8 Buffer[1]; ++ __u8 Buffer[]; + } __packed; + + struct smb2_set_info_rsp { +@@ -1716,7 +1719,10 @@ struct smb2_file_all_info { /* data block encoding of response to level 18 */ + __le32 Mode; + __le32 AlignmentRequirement; + __le32 FileNameLength; +- char FileName[1]; ++ union { ++ char __pad; /* Legacy structure padding */ ++ DECLARE_FLEX_ARRAY(char, FileName); ++ }; + } __packed; /* level 18 Query */ + + struct smb2_file_eof_info { /* encoding of request for level 10 */ +-- +2.43.0 + diff --git a/debian/patches/bugfix/all/stddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch b/debian/patches/bugfix/all/stddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch new file mode 100644 index 000000000..8f8066530 --- /dev/null +++ b/debian/patches/bugfix/all/stddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch @@ -0,0 +1,156 @@ +From: Kees Cook +Date: Fri, 26 Jan 2024 22:31:42 +0300 +Subject: stddef: Introduce DECLARE_FLEX_ARRAY() helper +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit?id=ef8316e0e29e98d9cf7e0689ddffa37e79d33736 + +commit 3080ea5553cc909b000d1f1d964a9041962f2c5b upstream. + +There are many places where kernel code wants to have several different +typed trailing flexible arrays. This would normally be done with multiple +flexible arrays in a union, but since GCC and Clang don't (on the surface) +allow this, there have been many open-coded workarounds, usually involving +neighboring 0-element arrays at the end of a structure. For example, +instead of something like this: + +struct thing { + ... + union { + struct type1 foo[]; + struct type2 bar[]; + }; +}; + +code works around the compiler with: + +struct thing { + ... + struct type1 foo[0]; + struct type2 bar[]; +}; + +Another case is when a flexible array is wanted as the single member +within a struct (which itself is usually in a union). For example, this +would be worked around as: + +union many { + ... + struct { + struct type3 baz[0]; + }; +}; + +These kinds of work-arounds cause problems with size checks against such +zero-element arrays (for example when building with -Warray-bounds and +-Wzero-length-bounds, and with the coming FORTIFY_SOURCE improvements), +so they must all be converted to "real" flexible arrays, avoiding warnings +like this: + +fs/hpfs/anode.c: In function 'hpfs_add_sector_to_btree': +fs/hpfs/anode.c:209:27: warning: array subscript 0 is outside the bounds of an interior zero-length array 'struct bplus_internal_node[0]' [-Wzero-length-bounds] + 209 | anode->btree.u.internal[0].down = cpu_to_le32(a); + | ~~~~~~~~~~~~~~~~~~~~~~~^~~ +In file included from fs/hpfs/hpfs_fn.h:26, + from fs/hpfs/anode.c:10: +fs/hpfs/hpfs.h:412:32: note: while referencing 'internal' + 412 | struct bplus_internal_node internal[0]; /* (internal) 2-word entries giving + | ^~~~~~~~ + +drivers/net/can/usb/etas_es58x/es58x_fd.c: In function 'es58x_fd_tx_can_msg': +drivers/net/can/usb/etas_es58x/es58x_fd.c:360:35: warning: array subscript 65535 is outside the bounds of an interior zero-length array 'u8[0]' {aka 'unsigned char[]'} [-Wzero-length-bounds] + 360 | tx_can_msg = (typeof(tx_can_msg))&es58x_fd_urb_cmd->raw_msg[msg_len]; + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +In file included from drivers/net/can/usb/etas_es58x/es58x_core.h:22, + from drivers/net/can/usb/etas_es58x/es58x_fd.c:17: +drivers/net/can/usb/etas_es58x/es58x_fd.h:231:6: note: while referencing 'raw_msg' + 231 | u8 raw_msg[0]; + | ^~~~~~~ + +However, it _is_ entirely possible to have one or more flexible arrays +in a struct or union: it just has to be in another struct. And since it +cannot be alone in a struct, such a struct must have at least 1 other +named member -- but that member can be zero sized. Wrap all this nonsense +into the new DECLARE_FLEX_ARRAY() in support of having flexible arrays +in unions (or alone in a struct). + +As with struct_group(), since this is needed in UAPI headers as well, +implement the core there, with a non-UAPI wrapper. + +Additionally update kernel-doc to understand its existence. + +https://github.com/KSPP/linux/issues/137 + +Cc: Arnd Bergmann +Cc: "Gustavo A. R. Silva" +Signed-off-by: Kees Cook +Signed-off-by: Vasiliy Kovalev +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/stddef.h | 13 +++++++++++++ + include/uapi/linux/stddef.h | 16 ++++++++++++++++ + scripts/kernel-doc | 3 ++- + 3 files changed, 31 insertions(+), 1 deletion(-) + +diff --git a/include/linux/stddef.h b/include/linux/stddef.h +index 938216f8ab7e..31fdbb784c24 100644 +--- a/include/linux/stddef.h ++++ b/include/linux/stddef.h +@@ -84,4 +84,17 @@ enum { + #define struct_group_tagged(TAG, NAME, MEMBERS...) \ + __struct_group(TAG, NAME, /* no attrs */, MEMBERS) + ++/** ++ * DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union ++ * ++ * @TYPE: The type of each flexible array element ++ * @NAME: The name of the flexible array member ++ * ++ * In order to have a flexible array member in a union or alone in a ++ * struct, it needs to be wrapped in an anonymous struct with at least 1 ++ * named member, but that member can be empty. ++ */ ++#define DECLARE_FLEX_ARRAY(TYPE, NAME) \ ++ __DECLARE_FLEX_ARRAY(TYPE, NAME) ++ + #endif +diff --git a/include/uapi/linux/stddef.h b/include/uapi/linux/stddef.h +index c3725b492263..7837ba4fe728 100644 +--- a/include/uapi/linux/stddef.h ++++ b/include/uapi/linux/stddef.h +@@ -28,4 +28,20 @@ + struct { MEMBERS } ATTRS; \ + struct TAG { MEMBERS } ATTRS NAME; \ + } ++ ++/** ++ * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union ++ * ++ * @TYPE: The type of each flexible array element ++ * @NAME: The name of the flexible array member ++ * ++ * In order to have a flexible array member in a union or alone in a ++ * struct, it needs to be wrapped in an anonymous struct with at least 1 ++ * named member, but that member can be empty. ++ */ ++#define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ ++ struct { \ ++ struct { } __empty_ ## NAME; \ ++ TYPE NAME[]; \ ++ } + #endif +diff --git a/scripts/kernel-doc b/scripts/kernel-doc +index 19af6dd160e6..7a04d4c05326 100755 +--- a/scripts/kernel-doc ++++ b/scripts/kernel-doc +@@ -1232,7 +1232,8 @@ sub dump_struct($$) { + $members =~ s/DECLARE_KFIFO\s*\(([^,)]+),\s*([^,)]+),\s*([^,)]+)\)/$2 \*$1/gos; + # replace DECLARE_KFIFO_PTR + $members =~ s/DECLARE_KFIFO_PTR\s*\(([^,)]+),\s*([^,)]+)\)/$2 \*$1/gos; +- ++ # replace DECLARE_FLEX_ARRAY ++ $members =~ s/(?:__)?DECLARE_FLEX_ARRAY\s*\($args,\s*$args\)/$1 $2\[\]/gos; + my $declaration = $members; + + # Split nested struct/union elements as newer ones +-- +2.43.0 + diff --git a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch new file mode 100644 index 000000000..3818dbb17 --- /dev/null +++ b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings +Date: Sun, 21 Feb 2016 15:33:15 +0000 +Subject: tools/build: Remove bpf() run-time check at build time +Forwarded: no + +It is not correct to test that a syscall works on the build system's +kernel. We might be building on an earlier kernel version or with +security restrictions that block bpf(). + +Signed-off-by: Ben Hutchings +--- +--- a/tools/build/feature/test-bpf.c ++++ b/tools/build/feature/test-bpf.c +@@ -35,8 +35,10 @@ int main(void) + attr.prog_flags = 0; + + /* +- * Test existence of __NR_bpf and BPF_PROG_LOAD. +- * This call should fail if we run the testcase. ++ * bwh: Don't use the bpf() syscall as we might be building on a ++ * much older kernel. Do "use" the attr structure here to avoid ++ * a "set but not used" warning. + */ +- return syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr)); ++ (void)&attr; ++ return 0; + } diff --git a/debian/patches/bugfix/all/tools-perf-man-date.patch b/debian/patches/bugfix/all/tools-perf-man-date.patch new file mode 100644 index 000000000..80a19b554 --- /dev/null +++ b/debian/patches/bugfix/all/tools-perf-man-date.patch @@ -0,0 +1,44 @@ +From: Ben Hutchings +Date: Mon, 13 Jul 2015 20:29:20 +0100 +Subject: perf tools: Use $KBUILD_BUILD_TIMESTAMP as man page date +Forwarded: http://mid.gmane.org/20160517132809.GE7555@decadent.org.uk + +This allows man pages to be built reproducibly. + +Signed-off-by: Ben Hutchings +--- + tools/perf/Documentation/Makefile | 3 +++ + tools/perf/Documentation/asciidoc.conf | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile +index adc5a7e44b98..2161b2e838b7 100644 +--- a/tools/perf/Documentation/Makefile ++++ b/tools/perf/Documentation/Makefile +@@ -132,6 +132,9 @@ endif + ifdef DOCBOOK_SUPPRESS_SP + XMLTO_EXTRA += -m manpage-suppress-sp.xsl + endif ++ifdef KBUILD_BUILD_TIMESTAMP ++ASCIIDOC_EXTRA += -a revdate=$(shell date -u -d '$(KBUILD_BUILD_TIMESTAMP)' +%Y-%m-%d) ++endif + + SHELL_PATH ?= $(SHELL) + # Shell quote; +diff --git a/tools/perf/Documentation/asciidoc.conf b/tools/perf/Documentation/asciidoc.conf +index 2b62ba1e72b7..82d3060177ba 100644 +--- a/tools/perf/Documentation/asciidoc.conf ++++ b/tools/perf/Documentation/asciidoc.conf +@@ -71,6 +71,9 @@ ifdef::backend-docbook[] + [header] + template::[header-declarations] + ++ ++template::[docinfo] ++ + ifdef::perf_date[] + {perf_date} + endif::perf_date[] +-- +2.23.0 + diff --git a/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch b/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch new file mode 100644 index 000000000..6da31fcd3 --- /dev/null +++ b/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch @@ -0,0 +1,175 @@ +From: Ben Hutchings +Date: Sun, 25 Aug 2019 13:49:41 +0100 +Subject: tools/perf: pmu-events: Fix reproducibility +Forwarded: https://lore.kernel.org/lkml/20190825131329.naqzd5kwg7mw5d3f@decadent.org.uk/T/#u + +jevents.c uses nftw() to enumerate files and outputs the corresponding +C structs in the order they are found. This makes it sensitive to +directory ordering, so that the perf executable is not reproducible. + +To avoid this, store all the files and directories found and then sort +them by their (relative) path. (This maintains the parent-first +ordering that nftw() promises.) Then apply the existing callbacks to +them in the sorted order. + +Don't both storing the stat buffers as we don't need them. + +References: https://tests.reproducible-builds.org/debian/dbdtxt/bullseye/i386/linux_4.19.37-6.diffoscope.txt.gz +Signed-off-by: Ben Hutchings +--- +--- a/tools/perf/pmu-events/jevents.c ++++ b/tools/perf/pmu-events/jevents.c +@@ -50,6 +50,18 @@ + #include "json.h" + #include "pmu-events.h" + ++struct ordered_ftw_entry { ++ const char *fpath; ++ int typeflag; ++ struct FTW ftwbuf; ++}; ++ ++struct ordered_ftw_state { ++ struct ordered_ftw_entry *entries; ++ size_t n; ++ size_t max; ++}; ++ + int verbose; + char *prog; + +@@ -905,6 +917,78 @@ static int get_maxfds(void) + */ + static FILE *eventsfp; + static char *mapfile; ++static struct ordered_ftw_state *ordered_ftw_state; ++ ++static int ordered_ftw_add(const char *fpath, const struct stat *sb, ++ int typeflag, struct FTW *ftwbuf) ++{ ++ struct ordered_ftw_state *state = ordered_ftw_state; ++ struct ordered_ftw_entry *entry; ++ ++ if (ftwbuf->level == 0 || ftwbuf->level > 3) ++ return 0; ++ ++ /* Grow array if necessary */ ++ if (state->n >= state->max) { ++ if (state->max == 0) ++ state->max = 16; ++ else ++ state->max *= 2; ++ state->entries = realloc(state->entries, ++ state->max * sizeof(*state->entries)); ++ } ++ ++ entry = &state->entries[state->n++]; ++ entry->fpath = strdup(fpath); ++ entry->typeflag = typeflag; ++ entry->ftwbuf = *ftwbuf; ++ ++ return 0; ++} ++ ++static int ordered_ftw_compare(const void *left, const void *right) ++{ ++ const struct ordered_ftw_entry *left_entry = left; ++ const struct ordered_ftw_entry *right_entry = right; ++ ++ return strcmp(left_entry->fpath, right_entry->fpath); ++} ++ ++/* ++ * Wrapper for nftw() that iterates files in ASCII-order to ensure ++ * reproducible output ++ */ ++static int ordered_ftw(const char *dirpath, ++ int (*fn)(const char *, int, struct FTW *), ++ int nopenfd) ++{ ++ struct ordered_ftw_state state = { NULL, 0, 0 }; ++ size_t i; ++ int rc; ++ ++ ordered_ftw_state = &state; ++ rc = nftw(dirpath, ordered_ftw_add, nopenfd, 0); ++ if (rc) ++ goto out; ++ ++ qsort(state.entries, state.n, sizeof(*state.entries), ++ ordered_ftw_compare); ++ ++ for (i = 0; i < state.n; i++) { ++ rc = fn(state.entries[i].fpath, ++ state.entries[i].typeflag, ++ &state.entries[i].ftwbuf); ++ if (rc) ++ goto out; ++ } ++ ++out: ++ for (i = 0; i < state.n; i++) ++ free((char *)state.entries[i].fpath); ++ free(state.entries);; ++ ++ return rc; ++} + + static int is_leaf_dir(const char *fpath) + { +@@ -957,19 +1041,19 @@ static int is_json_file(const char *name + return 0; + } + +-static int preprocess_arch_std_files(const char *fpath, const struct stat *sb, ++static int preprocess_arch_std_files(const char *fpath, + int typeflag, struct FTW *ftwbuf) + { + int level = ftwbuf->level; + int is_file = typeflag == FTW_F; + + if (level == 1 && is_file && is_json_file(fpath)) +- return json_events(fpath, save_arch_std_events, (void *)sb); ++ return json_events(fpath, save_arch_std_events, NULL); + + return 0; + } + +-static int process_one_file(const char *fpath, const struct stat *sb, ++static int process_one_file(const char *fpath, + int typeflag, struct FTW *ftwbuf) + { + char *tblname, *bname; +@@ -994,9 +1078,9 @@ static int process_one_file(const char * + } else + bname = (char *) fpath + ftwbuf->base; + +- pr_debug("%s %d %7jd %-20s %s\n", ++ pr_debug("%s %d %-20s %s\n", + is_file ? "f" : is_dir ? "d" : "x", +- level, sb->st_size, bname, fpath); ++ level, bname, fpath); + + /* base dir or too deep */ + if (level == 0 || level > 3) +@@ -1152,17 +1236,17 @@ int main(int argc, char *argv[]) + */ + + maxfds = get_maxfds(); +- rc = nftw(ldirname, preprocess_arch_std_files, maxfds, 0); ++ rc = ordered_ftw(ldirname, preprocess_arch_std_files, maxfds); + if (rc) + goto err_processing_std_arch_event_dir; + +- rc = nftw(ldirname, process_one_file, maxfds, 0); ++ rc = ordered_ftw(ldirname, process_one_file, maxfds); + if (rc) + goto err_processing_dir; + + sprintf(ldirname, "%s/test", start_dirname); + +- rc = nftw(ldirname, process_one_file, maxfds, 0); ++ rc = ordered_ftw(ldirname, process_one_file, maxfds); + if (rc) + goto err_processing_dir; + diff --git a/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch b/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch new file mode 100644 index 000000000..9766e0e4a --- /dev/null +++ b/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch @@ -0,0 +1,39 @@ +From: Ben Hutchings +Date: Fri, 25 Sep 2015 20:09:23 +0100 +Subject: tools/perf: Remove shebang lines from perf scripts +Forwarded: no + +perf scripts need to be invoked through perf, not directly through +perl (or other language interpreter). So including shebang lines in +them is useless and possibly misleading. + +Signed-off-by: Ben Hutchings +--- +--- a/tools/perf/scripts/perl/rw-by-file.pl ++++ b/tools/perf/scripts/perl/rw-by-file.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2009, Tom Zanussi + +--- a/tools/perf/scripts/perl/rw-by-pid.pl ++++ b/tools/perf/scripts/perl/rw-by-pid.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2009, Tom Zanussi + +--- a/tools/perf/scripts/perl/rwtop.pl ++++ b/tools/perf/scripts/perl/rwtop.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2010, Tom Zanussi + +--- a/tools/perf/scripts/perl/wakeup-latency.pl ++++ b/tools/perf/scripts/perl/wakeup-latency.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2009, Tom Zanussi + diff --git a/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch b/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch new file mode 100644 index 000000000..d9d7b301d --- /dev/null +++ b/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Date: Sun, 24 Jun 2012 02:51:39 +0100 +Subject: usbip: Document TCP wrappers +Forwarded: no + +Add references to TCP wrappers configuration in the manual page. + +--- a/tools/usb/usbip/doc/usbipd.8 ++++ b/tools/usb/usbip/doc/usbipd.8 +@@ -14,7 +14,8 @@ Devices have to explicitly be exported u + before usbipd makes them available to other hosts. + + The daemon accepts connections from USB/IP clients +-on TCP port 3240 by default. ++on TCP port 3240 by default. The clients authorised to connect may be ++configured as documented in hosts_access(5). + + .SH OPTIONS + .HP +@@ -69,7 +70,8 @@ Show version. + + .B usbipd + offers no authentication or authorization for USB/IP. Any +-USB/IP client can connect and use exported devices. ++USB/IP client running on an authorised host can connect and ++use exported devices. + + .SH EXAMPLES + diff --git a/debian/patches/bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch b/debian/patches/bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch new file mode 100644 index 000000000..d6f698251 --- /dev/null +++ b/debian/patches/bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch @@ -0,0 +1,100 @@ +From: Miklos Szeredi +Date: Mon, 14 Dec 2020 15:26:13 +0100 +Subject: vfs: move cap_convert_nscap() call into vfs_setxattr() +Origin: https://git.kernel.org/linus/7c03e2cda4a584cadc398e8f6641ca9988a39d52 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3493 + +cap_convert_nscap() does permission checking as well as conversion of the +xattr value conditionally based on fs's user-ns. + +This is needed by overlayfs and probably other layered fs (ecryptfs) and is +what vfs_foo() is supposed to do anyway. + +Signed-off-by: Miklos Szeredi +Acked-by: James Morris +--- + fs/xattr.c | 17 +++++++++++------ + include/linux/capability.h | 2 +- + security/commoncap.c | 3 +-- + 3 files changed, 13 insertions(+), 9 deletions(-) + +diff --git a/fs/xattr.c b/fs/xattr.c +index cd7a563e8bcd..fd57153b1f61 100644 +--- a/fs/xattr.c ++++ b/fs/xattr.c +@@ -276,8 +276,16 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value, + { + struct inode *inode = dentry->d_inode; + struct inode *delegated_inode = NULL; ++ const void *orig_value = value; + int error; + ++ if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { ++ error = cap_convert_nscap(dentry, &value, size); ++ if (error < 0) ++ return error; ++ size = error; ++ } ++ + retry_deleg: + inode_lock(inode); + error = __vfs_setxattr_locked(dentry, name, value, size, flags, +@@ -289,6 +297,9 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value, + if (!error) + goto retry_deleg; + } ++ if (value != orig_value) ++ kfree(value); ++ + return error; + } + EXPORT_SYMBOL_GPL(vfs_setxattr); +@@ -537,12 +548,6 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, + if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || + (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) + posix_acl_fix_xattr_from_user(kvalue, size); +- else if (strcmp(kname, XATTR_NAME_CAPS) == 0) { +- error = cap_convert_nscap(d, &kvalue, size); +- if (error < 0) +- goto out; +- size = error; +- } + } + + error = vfs_setxattr(d, kname, kvalue, size, flags); +diff --git a/include/linux/capability.h b/include/linux/capability.h +index 1e7fe311cabe..b2f698915c0f 100644 +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -270,6 +270,6 @@ static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) + /* audit system wants to get cap info from files as well */ + extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); + +-extern int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size); ++extern int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size); + + #endif /* !_LINUX_CAPABILITY_H */ +diff --git a/security/commoncap.c b/security/commoncap.c +index 59bf3c1674c8..bacc1111d871 100644 +--- a/security/commoncap.c ++++ b/security/commoncap.c +@@ -473,7 +473,7 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap) + * + * If all is ok, we return the new size, on error return < 0. + */ +-int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) ++int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size) + { + struct vfs_ns_cap_data *nscap; + uid_t nsrootid; +@@ -516,7 +516,6 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) + nscap->magic_etc = cpu_to_le32(nsmagic); + memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); + +- kvfree(*ivalue); + *ivalue = nscap; + return newsize; + } +-- +2.31.0 + diff --git a/debian/patches/bugfix/all/wireguard-ignore-config_android.patch b/debian/patches/bugfix/all/wireguard-ignore-config_android.patch new file mode 100644 index 000000000..5ff53c0b7 --- /dev/null +++ b/debian/patches/bugfix/all/wireguard-ignore-config_android.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Date: Thu, 07 Jul 2022 18:58:43 +0200 +Subject: wireguard: Clear keys after suspend despite CONFIG_ANDROID=y +Forwarded: not-needed + +WireGuard assumes that CONFIG_ANDROID implies Android power +management, i.e. user-space suspending the system automatically at +short intervals, and so does not clear keys after a suspend/resume +cycle. Debian systems don't do that kind of power management but we +do set CONFIG_ANDROID on some architectures as a dependency of Binder. + +In 5.20, CONFIG_PM_USERSPACE_AUTOSLEEP will be introduced to tell the +kernel that this kind of power management is in use, and +CONFIG_ANDROID will be removed. For now, remove this one test that +does the wrong thing for us. + +References: https://lwn.net/Articles/899743/ +--- +--- a/drivers/net/wireguard/device.c ++++ b/drivers/net/wireguard/device.c +@@ -71,7 +71,7 @@ static int wg_pm_notification(struct not + * its normal operation rather than as a somewhat rare event, then we + * don't actually want to clear keys. + */ +- if (IS_ENABLED(CONFIG_PM_AUTOSLEEP) || IS_ENABLED(CONFIG_ANDROID)) ++ if (IS_ENABLED(CONFIG_PM_AUTOSLEEP)) + return 0; + + if (action != PM_HIBERNATION_PREPARE && action != PM_SUSPEND_PREPARE) diff --git a/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch b/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch new file mode 100644 index 000000000..9e6622fb0 --- /dev/null +++ b/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch @@ -0,0 +1,37 @@ +From: Ben Hutchings +Date: Fri, 17 Feb 2017 01:30:30 +0000 +Subject: ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419 +Forwarded: https://www.spinics.net/lists/arm-kernel/msg563610.html +Bug-Debian: https://bugs.debian.org/855017 + +The old board code for the TS419 assigns MPP pins 15 and 16 as SATA +activity signals (and none as SATA presence signals). Currently the +device tree assigns the SoC's default pinmux groups for SATA, which +conflict with the second Ethernet port. + +Reported-by: gmbh@gazeta.pl +Tested-by: gmbh@gazeta.pl +References: https://bugs.debian.org/855017 +Cc: stable@vger.kernel.org # 3.15+ +Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419") +Signed-off-by: Ben Hutchings +--- + arch/arm/boot/dts/kirkwood-ts419.dtsi | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/arch/arm/boot/dts/kirkwood-ts419.dtsi b/arch/arm/boot/dts/kirkwood-ts419.dtsi +index 02bd53762705..532506cb0f4a 100644 +--- a/arch/arm/boot/dts/kirkwood-ts419.dtsi ++++ b/arch/arm/boot/dts/kirkwood-ts419.dtsi +@@ -73,3 +73,11 @@ + phy-handle = <ðphy1>; + }; + }; ++ ++&pmx_sata0 { ++ marvell,pins = "mpp15"; ++}; ++ ++&pmx_sata1 { ++ marvell,pins = "mpp16"; ++}; diff --git a/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch b/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch new file mode 100644 index 000000000..1bdd37fbe --- /dev/null +++ b/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch @@ -0,0 +1,31 @@ +From: Ben Hutchings +Date: Wed, 11 Jul 2018 23:40:55 +0100 +Subject: ARM: mm: Export __sync_icache_dcache() for xen-privcmd +Forwarded: https://marc.info/?l=linux-arm-kernel&m=153134944429241 + +The xen-privcmd driver, which can be modular, calls set_pte_at() +which in turn may call __sync_icache_dcache(). + +The call to __sync_icache_dcache() may be optimised out because it is +conditional on !pte_special(), and xen-privcmd calls pte_mkspecial(). +However, in a non-LPAE configuration there is no "special" bit and the +call is really unconditional. + +Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE") +Signed-off-by: Ben Hutchings +--- + arch/arm/mm/flush.c | 1 + + 1 file changed, 1 insertion(+) + +Index: debian-kernel/arch/arm/mm/flush.c +=================================================================== +--- debian-kernel.orig/arch/arm/mm/flush.c ++++ debian-kernel/arch/arm/mm/flush.c +@@ -292,6 +292,7 @@ void __sync_icache_dcache(pte_t pteval) + if (pte_exec(pteval)) + __flush_icache_all(); + } ++EXPORT_SYMBOL_GPL(__sync_icache_dcache); + #endif + + /* diff --git a/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch b/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch new file mode 100644 index 000000000..b3b031668 --- /dev/null +++ b/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch @@ -0,0 +1,92 @@ +From: Geoff Levand +Date: Wed, 13 Jun 2018 10:56:08 -0700 +Subject: arm64/acpi: Add fixup for HPE m400 quirks +Forwarded: https://patchwork.codeaurora.org/patch/547277/ + +Adds a new ACPI init routine acpi_fixup_m400_quirks that adds +a work-around for HPE ProLiant m400 APEI firmware problems. + +The work-around disables APEI when CONFIG_ACPI_APEI is set and +m400 firmware is detected. Without this fixup m400 systems +experience errors like these on startup: + + [Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 2 + [Hardware Error]: event severity: fatal + [Hardware Error]: Error 0, type: fatal + [Hardware Error]: section_type: memory error + [Hardware Error]: error_status: 0x0000000000001300 + [Hardware Error]: error_type: 10, invalid address + Kernel panic - not syncing: Fatal hardware error! + +Signed-off-by: Geoff Levand +[bwh: Adjust context to apply to Linux 4.19] +--- + arch/arm64/kernel/acpi.c | 40 ++++++++++++++++++++++++++++++++++++---- + 1 file changed, 36 insertions(+), 4 deletions(-) + +Index: debian-kernel/arch/arm64/kernel/acpi.c +=================================================================== +--- debian-kernel.orig/arch/arm64/kernel/acpi.c ++++ debian-kernel/arch/arm64/kernel/acpi.c +@@ -32,6 +32,8 @@ + #include + #include + ++#include ++ + int acpi_noirq = 1; /* skip ACPI IRQ initialization */ + int acpi_disabled = 1; + EXPORT_SYMBOL(acpi_disabled); +@@ -178,6 +180,33 @@ out: + } + + /* ++ * acpi_fixup_m400_quirks - Work-around for HPE ProLiant m400 APEI firmware ++ * problems. ++ */ ++static void __init acpi_fixup_m400_quirks(void) ++{ ++ acpi_status status; ++ struct acpi_table_header *header; ++#if !defined(CONFIG_ACPI_APEI) ++ int hest_disable = HEST_DISABLED; ++#endif ++ ++ if (!IS_ENABLED(CONFIG_ACPI_APEI) || hest_disable != HEST_ENABLED) ++ return; ++ ++ status = acpi_get_table(ACPI_SIG_HEST, 0, &header); ++ ++ if (ACPI_SUCCESS(status) && !strncmp(header->oem_id, "HPE ", 6) && ++ !strncmp(header->oem_table_id, "ProLiant", 8) && ++ MIDR_IMPLEMENTOR(read_cpuid_id()) == ARM_CPU_IMP_APM) { ++ hest_disable = HEST_DISABLED; ++ pr_info("Disabled APEI for m400.\n"); ++ } ++ ++ acpi_put_table(header); ++} ++ ++/* + * acpi_boot_table_init() called from setup_arch(), always. + * 1. find RSDP and get its address, and then find XSDT + * 2. extract all tables and checksums them all +@@ -232,11 +261,14 @@ done: + if (acpi_disabled) { + if (earlycon_acpi_spcr_enable) + early_init_dt_scan_chosen_stdout(); +- } else { +- acpi_parse_spcr(earlycon_acpi_spcr_enable, true); +- if (IS_ENABLED(CONFIG_ACPI_BGRT)) +- acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt); ++ return; + } ++ ++ acpi_parse_spcr(earlycon_acpi_spcr_enable, true); ++ if (IS_ENABLED(CONFIG_ACPI_BGRT)) ++ acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt); ++ ++ acpi_fixup_m400_quirks(); + } + + pgprot_t __acpi_get_mem_attribute(phys_addr_t addr) diff --git a/debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch b/debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch new file mode 100644 index 000000000..2d568d35e --- /dev/null +++ b/debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch @@ -0,0 +1,45 @@ +From: Heinrich Schuchardt +Date: Mon, 4 Jun 2018 19:15:23 +0200 +Subject: arm64: dts: rockchip: correct voltage selector on Firefly-RK3399 +Bug-Debian: https://bugs.debian.org/900799 +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/patch/?id=710e8c4a54be82ee8a97324e7b4330bf191e08bf + +Without this patch the Firefly-RK3399 board boot process hangs after these +lines: + + fan53555-regulator 0-0040: FAN53555 Option[8] Rev[1] Detected! + fan53555-reg: supplied by vcc_sys + vcc1v8_s3: supplied by vcc_1v8 + +Blacklisting driver fan53555 allows booting. + +The device tree uses a value of fcs,suspend-voltage-selector different to +any other board. + +Changing this setting to the usual value is sufficient to enable booting +and also matches the value used in the vendor kernel. + +Fixes: 171582e00db1 ("arm64: dts: rockchip: add support for firefly-rk3399 board") +Cc: stable@vger.kernel.org +Signed-off-by: Heinrich Schuchardt +Signed-off-by: Heiko Stuebner +--- + arch/arm64/boot/dts/rockchip/rk3399-firefly.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts b/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts +index 86ff1eb..d8a2f0b 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts +@@ -421,7 +421,7 @@ + vdd_cpu_b: regulator@40 { + compatible = "silergy,syr827"; + reg = <0x40>; +- fcs,suspend-voltage-selector = <0>; ++ fcs,suspend-voltage-selector = <1>; + regulator-name = "vdd_cpu_b"; + regulator-min-microvolt = <712500>; + regulator-max-microvolt = <1500000>; +-- +cgit v1.1 + diff --git a/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch b/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch new file mode 100644 index 000000000..0b3acfadb --- /dev/null +++ b/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch @@ -0,0 +1,39 @@ +From: Krzysztof Kozlowski +Date: Wed, 29 Aug 2018 09:32:23 +0200 +Subject: powerpc/boot: Fix missing crc32poly.h when building with KERNEL_XZ +Origin: https://patchwork.ozlabs.org/patch/963258/ + +After commit faa16bc404d7 ("lib: Use existing define with +polynomial") the lib/xz/xz_crc32.c includes a header from include/linux +directory thus any other user of this code should define proper include +path. + +This fixes the build error on powerpc with CONFIG_KERNEL_XZ: + + In file included from ../arch/powerpc/boot/../../../lib/decompress_unxz.c:233:0, + from ../arch/powerpc/boot/decompress.c:42: + ../arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:29: fatal error: linux/crc32poly.h: No such file or directory + +Reported-by: Michal Kubecek +Fixes: faa16bc404d7 ("lib: Use existing define with polynomial") +Signed-off-by: Krzysztof Kozlowski +Reported-by: kbuild test robot +Reported-by: Meelis Roos +Tested-by: Michal Kubecek +--- + arch/powerpc/boot/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile +index 0fb96c26136f..ba4182fb185d 100644 +--- a/arch/powerpc/boot/Makefile ++++ b/arch/powerpc/boot/Makefile +@@ -63,7 +63,7 @@ ifeq ($(call cc-option-yn, -fstack-protector),y) + BOOTCFLAGS += -fno-stack-protector + endif + +-BOOTCFLAGS += -I$(objtree)/$(obj) -I$(srctree)/$(obj) ++BOOTCFLAGS += -I$(objtree)/$(obj) -I$(srctree)/$(obj) -I$(srctree)/include + + DTC_FLAGS ?= -p 1024 + diff --git a/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch b/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch new file mode 100644 index 000000000..25e5b1044 --- /dev/null +++ b/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch @@ -0,0 +1,124 @@ +From: Ben Hutchings +Date: Sat, 19 Aug 2017 21:42:09 +0100 +Subject: sh: Do not use hyphen in exported variable names +Forwarded: https://marc.info/?l=linux-sh&m=150317827322995&w=2 + +arch/sh/Makefile defines and exports ld-bfd to be used by +arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile. Similarly +arch/sh/boot/Makefile defines and exports suffix-y to be used by +arch/sh/boot/compressed/Makefile. However some shells, including +dash, will not pass through environment variables whose name includes +a hyphen. Usually GNU make does not use a shell to recurse, but if +e.g. $(srctree) contains '~' it will use a shell here. + +Rename these variables to ld_bfd and suffix_y. + +References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0 +Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.") +Signed-off-by: Ben Hutchings +--- + arch/sh/Makefile | 10 +++++----- + arch/sh/boot/Makefile | 16 ++++++++-------- + arch/sh/boot/compressed/Makefile | 6 +++--- + arch/sh/boot/romimage/Makefile | 4 ++-- + 4 files changed, 18 insertions(+), 18 deletions(-) + +--- a/arch/sh/Makefile ++++ b/arch/sh/Makefile +@@ -102,16 +102,16 @@ UTS_MACHINE := sh + LDFLAGS_vmlinux += -e _stext + + ifdef CONFIG_CPU_LITTLE_ENDIAN +-ld-bfd := elf32-sh-linux +-LDFLAGS_vmlinux += --defsym jiffies=jiffies_64 --oformat $(ld-bfd) ++ld_bfd := elf32-sh-linux ++LDFLAGS_vmlinux += --defsym jiffies=jiffies_64 --oformat $(ld_bfd) + KBUILD_LDFLAGS += -EL + else +-ld-bfd := elf32-shbig-linux +-LDFLAGS_vmlinux += --defsym jiffies=jiffies_64+4 --oformat $(ld-bfd) ++ld_bfd := elf32-shbig-linux ++LDFLAGS_vmlinux += --defsym jiffies=jiffies_64+4 --oformat $(ld_bfd) + KBUILD_LDFLAGS += -EB + endif + +-export ld-bfd ++export ld_bfd + + head-y := arch/sh/kernel/head_32.o + +--- a/arch/sh/boot/Makefile ++++ b/arch/sh/boot/Makefile +@@ -19,12 +19,12 @@ CONFIG_ZERO_PAGE_OFFSET ?= 0x00001000 + CONFIG_ENTRY_OFFSET ?= 0x00001000 + CONFIG_PHYSICAL_START ?= $(CONFIG_MEMORY_START) + +-suffix-y := bin +-suffix-$(CONFIG_KERNEL_GZIP) := gz +-suffix-$(CONFIG_KERNEL_BZIP2) := bz2 +-suffix-$(CONFIG_KERNEL_LZMA) := lzma +-suffix-$(CONFIG_KERNEL_XZ) := xz +-suffix-$(CONFIG_KERNEL_LZO) := lzo ++suffix_y := bin ++suffix_$(CONFIG_KERNEL_GZIP) := gz ++suffix_$(CONFIG_KERNEL_BZIP2) := bz2 ++suffix_$(CONFIG_KERNEL_LZMA) := lzma ++suffix_$(CONFIG_KERNEL_XZ) := xz ++suffix_$(CONFIG_KERNEL_LZO) := lzo + + targets := zImage vmlinux.srec romImage uImage uImage.srec uImage.gz \ + uImage.bz2 uImage.lzma uImage.xz uImage.lzo uImage.bin +@@ -106,10 +106,10 @@ OBJCOPYFLAGS_uImage.srec := -I binary -O + $(obj)/uImage.srec: $(obj)/uImage + $(call if_changed,objcopy) + +-$(obj)/uImage: $(obj)/uImage.$(suffix-y) ++$(obj)/uImage: $(obj)/uImage.$(suffix_y) + @ln -sf $(notdir $<) $@ + @echo ' Image $@ is ready' + + export CONFIG_PAGE_OFFSET CONFIG_MEMORY_START CONFIG_BOOT_LINK_OFFSET \ + CONFIG_PHYSICAL_START CONFIG_ZERO_PAGE_OFFSET CONFIG_ENTRY_OFFSET \ +- KERNEL_MEMORY suffix-y ++ KERNEL_MEMORY suffix_y +--- a/arch/sh/boot/compressed/Makefile ++++ b/arch/sh/boot/compressed/Makefile +@@ -30,7 +30,7 @@ endif + + ccflags-remove-$(CONFIG_MCOUNT) += -pg + +-LDFLAGS_vmlinux := --oformat $(ld-bfd) -Ttext $(IMAGE_OFFSET) -e startup \ ++LDFLAGS_vmlinux := --oformat $(ld_bfd) -Ttext $(IMAGE_OFFSET) -e startup \ + -T $(obj)/../../kernel/vmlinux.lds + + # +@@ -68,7 +68,7 @@ $(obj)/vmlinux.bin.lzo: $(vmlinux.bin.al + + OBJCOPYFLAGS += -R .empty_zero_page + +-LDFLAGS_piggy.o := -r --format binary --oformat $(ld-bfd) -T ++LDFLAGS_piggy.o := -r --format binary --oformat $(ld_bfd) -T + +-$(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/vmlinux.bin.$(suffix-y) FORCE ++$(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/vmlinux.bin.$(suffix_y) FORCE + $(call if_changed,ld) +--- a/arch/sh/boot/romimage/Makefile ++++ b/arch/sh/boot/romimage/Makefile +@@ -13,7 +13,7 @@ mmcif-obj-$(CONFIG_CPU_SUBTYPE_SH7724) : + load-$(CONFIG_ROMIMAGE_MMCIF) := $(mmcif-load-y) + obj-$(CONFIG_ROMIMAGE_MMCIF) := $(mmcif-obj-y) + +-LDFLAGS_vmlinux := --oformat $(ld-bfd) -Ttext $(load-y) -e romstart \ ++LDFLAGS_vmlinux := --oformat $(ld_bfd) -Ttext $(load-y) -e romstart \ + -T $(obj)/../../kernel/vmlinux.lds + + $(obj)/vmlinux: $(obj)/head.o $(obj-y) $(obj)/piggy.o FORCE +@@ -24,7 +24,7 @@ OBJCOPYFLAGS += -j .empty_zero_page + $(obj)/zeropage.bin: vmlinux FORCE + $(call if_changed,objcopy) + +-LDFLAGS_piggy.o := -r --format binary --oformat $(ld-bfd) -T ++LDFLAGS_piggy.o := -r --format binary --oformat $(ld_bfd) -T + + $(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/zeropage.bin arch/sh/boot/zImage FORCE + $(call if_changed,ld) diff --git a/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch b/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch new file mode 100644 index 000000000..f9baa7bd3 --- /dev/null +++ b/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch @@ -0,0 +1,35 @@ +From: Ben Hutchings +Date: Sat, 22 Jul 2017 17:37:33 +0100 +Subject: perf tools: Fix unwind build on i386 +Forwarded: no + +EINVAL may not be defined when building unwind-libunwind.c with +REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in +LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks +for a negative return value and doesn't care what it is. So change +-EINVAL to -1. + +Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.") +Signed-off-by: Ben Hutchings +--- + +--- a/tools/perf/arch/x86/util/unwind-libunwind.c ++++ b/tools/perf/arch/x86/util/unwind-libunwind.c +@@ -66,7 +66,7 @@ int LIBUNWIND__ARCH_REG_ID(int regnum) + break; + default: + pr_err("unwind: invalid reg id %d\n", regnum); +- return -EINVAL; ++ return -1; + } + + return id; +@@ -106,7 +106,7 @@ int LIBUNWIND__ARCH_REG_ID(int regnum) + break; + default: + pr_err("unwind: invalid reg id %d\n", regnum); +- return -EINVAL; ++ return -1; + } + + return id; diff --git a/debian/patches/bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch b/debian/patches/bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch new file mode 100644 index 000000000..73d28aeb6 --- /dev/null +++ b/debian/patches/bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch @@ -0,0 +1,34 @@ +From: Hans de Goede +Date: Wed, 19 May 2021 15:56:18 +0200 +Subject: platform/x86: toshiba_haps: Fix missing newline in pr_debug call in + toshiba_haps_notify +Origin: https://git.kernel.org/linus/7dc4a18d017ca26abd1cea197e486fb3e5cd7632 +Bug-Debian: https://bugs.debian.org/799193 + +The pr_debug() call in toshiba_haps_notify() is missing a newline at the +end of the string, add this. + +BugLink: https://bugs.debian.org/799193 +Reported-by: Salvatore Bonaccorso +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20210519135618.139701-1-hdegoede@redhat.com +--- + drivers/platform/x86/toshiba_haps.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/platform/x86/toshiba_haps.c b/drivers/platform/x86/toshiba_haps.c +index b237bd6b1ee5..49e84095bb01 100644 +--- a/drivers/platform/x86/toshiba_haps.c ++++ b/drivers/platform/x86/toshiba_haps.c +@@ -131,7 +131,7 @@ static const struct attribute_group haps_attr_group = { + */ + static void toshiba_haps_notify(struct acpi_device *device, u32 event) + { +- pr_debug("Received event: 0x%x", event); ++ pr_debug("Received event: 0x%x\n", event); + + acpi_bus_generate_netlink_event(device->pnp.device_class, + dev_name(&device->dev), +-- +2.32.0 + diff --git a/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch b/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch new file mode 100644 index 000000000..cfbf98e82 --- /dev/null +++ b/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch @@ -0,0 +1,22 @@ +From: Ben Hutchings +Date: Fri, 25 Sep 2015 22:50:50 +0100 +Subject: Revert "perf build: Fix libunwind feature detection on 32-bit x86" +Forwarded: no + +This reverts commit 05b41775e2edd69a83f592e3534930c934d4038e. +It broke feature detection that was working just fine for us. +--- + tools/perf/Makefile.config | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/Makefile.config ++++ b/tools/perf/Makefile.config +@@ -38,7 +38,7 @@ ifeq ($(SRCARCH),x86) + LIBUNWIND_LIBS = -lunwind-x86_64 -lunwind -llzma + $(call detected,CONFIG_X86_64) + else +- LIBUNWIND_LIBS = -lunwind-x86 -llzma -lunwind ++ LIBUNWIND_LIBS = -lunwind -lunwind-x86 + endif + NO_PERF_REGS := 0 + endif diff --git a/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch b/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch new file mode 100644 index 000000000..62b4eb7de --- /dev/null +++ b/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch @@ -0,0 +1,34 @@ +From: Ben Hutchings +Date: Sat, 20 Apr 2013 15:52:02 +0100 +Subject: viafb: Autoload on OLPC XO 1.5 only +Bug-Debian: https://bugs.debian.org/705788 +Forwarded: no + +It appears that viafb won't work automatically on all the boards for +which it has a PCI device ID match. Currently, it is blacklisted by +udev along with most other framebuffer drivers, so this doesn't matter +much. + +However, this driver is required for console support on the XO 1.5. +We need to allow it to be autoloaded on this model only, and then +un-blacklist it in udev. + +--- +--- a/drivers/video/fbdev/via/via-core.c ++++ b/drivers/video/fbdev/via/via-core.c +@@ -695,7 +695,14 @@ static const struct pci_device_id via_pc + .driver_data = UNICHROME_VX900 }, + { } + }; +-MODULE_DEVICE_TABLE(pci, via_pci_table); ++ ++static const struct pci_device_id via_pci_autoload_table[] __initconst = { ++ /* OLPC XO 1.5 */ ++ { PCI_DEVICE(PCI_VENDOR_ID_VIA, UNICHROME_VX855_DID), ++ .subvendor = 0x152d, .subdevice = 0x0833 }, ++ { } ++}; ++MODULE_DEVICE_TABLE(pci, via_pci_autoload_table); + + static const struct dev_pm_ops via_pm_ops = { + #ifdef CONFIG_PM_SLEEP diff --git a/debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch b/debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch new file mode 100644 index 000000000..074c856be --- /dev/null +++ b/debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Date: Tue, 25 Sep 2018 19:44:13 +0100 +Subject: x86-32: Disable 3D-Now in generic config + +We want the 686 flavour to run on Geode LX and similar AMD family 5 +CPUs as well as family 6 and higher CPUs. This used to work with +CONFIG_M686=y. However commit 25d76ac88821 "x86/Kconfig: Explicitly +enumerate i686-class CPUs in Kconfig" in Linux 4.16 has made the +kernel require family 6 or higher. + +It looks like a sensible choice would be to enable CONFIG_MGEODE_LX +and CONFIG_X86_GENERIC (for more generic optimisations), but this +currently enables CONFIG_X86_USE_3D_NOW which will cause the kernel to +crash on CPUs without the AMD-specific 3D-Now instructions. + +Make CONFIG_X86_USE_3DNOW depend on CONFIG_X86_GENERIC being disabled. + +--- +--- a/arch/x86/Kconfig.cpu ++++ b/arch/x86/Kconfig.cpu +@@ -337,7 +337,7 @@ config X86_USE_PPRO_CHECKSUM + + config X86_USE_3DNOW + def_bool y +- depends on (MCYRIXIII || MK7 || MGEODE_LX) && !UML ++ depends on (MCYRIXIII || MK7 || MGEODE_LX) && !X86_GENERIC && !UML + + # + # P6_NOPs are a relatively minor optimization that require a family >= diff --git a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch new file mode 100644 index 000000000..801fd6a8d --- /dev/null +++ b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch @@ -0,0 +1,104 @@ +From: Serge Hallyn +Date: Fri, 31 May 2013 19:12:12 +0000 (+0100) +Subject: add sysctl to disallow unprivileged CLONE_NEWUSER by default +Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8 + +add sysctl to disallow unprivileged CLONE_NEWUSER by default + +This is a short-term patch. Unprivileged use of CLONE_NEWUSER +is certainly an intended feature of user namespaces. However +for at least saucy we want to make sure that, if any security +issues are found, we have a fail-safe. + +Signed-off-by: Serge Hallyn +[bwh: Remove unneeded binary sysctl bits] +[bwh: Keep this sysctl, but change the default to enabled] +--- +diff --git a/kernel/fork.c b/kernel/fork.c +index efc5493203ae..bc596683cc31 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -106,6 +106,11 @@ + + #define CREATE_TRACE_POINTS + #include ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#else ++#define unprivileged_userns_clone 0 ++#endif + + /* + * Minimum number of threads to boot the kernel +@@ -1861,6 +1866,10 @@ static __latent_entropy struct task_struct *copy_process( + if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) + return ERR_PTR(-EINVAL); + ++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) ++ if (!capable(CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ + /* + * Thread groups must share signals as well, and detached threads + * can only be started up within the thread group. +@@ -2961,6 +2970,12 @@ int ksys_unshare(unsigned long unshare_flags) + if (unshare_flags & CLONE_NEWNS) + unshare_flags |= CLONE_FS; + ++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { ++ err = -EPERM; ++ if (!capable(CAP_SYS_ADMIN)) ++ goto bad_unshare_out; ++ } ++ + err = check_unshare_flags(unshare_flags); + if (err) + goto bad_unshare_out; +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index db1ce7af2563..2bb29f495b02 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -200,6 +200,10 @@ static int min_extfrag_threshold; + static int max_extfrag_threshold = 1000; + #endif + ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#endif ++ + #endif /* CONFIG_SYSCTL */ + + #if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_SYSCTL) +@@ -1882,6 +1886,15 @@ static struct ctl_table kern_table[] = { + .proc_handler = proc_dointvec, + }, + #endif ++#ifdef CONFIG_USER_NS ++ { ++ .procname = "unprivileged_userns_clone", ++ .data = &unprivileged_userns_clone, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, ++ }, ++#endif + #ifdef CONFIG_PROC_SYSCTL + { + .procname = "tainted", +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index 87804e0371fe..2fd16493231b 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -21,6 +21,9 @@ + #include + #include + ++/* sysctl */ ++int unprivileged_userns_clone = 1; ++ + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); + +-- +2.27.0 + diff --git a/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch b/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch new file mode 100644 index 000000000..3b33f845a --- /dev/null +++ b/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Date: Fri, 19 Nov 2010 02:12:48 +0000 +Subject: [PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +Recent review has revealed several bugs in obscure protocol +implementations that can be exploited by local users for denial of +service or privilege escalation. We can mitigate the effect of any +remaining vulnerabilities in such protocols by preventing unprivileged +users from loading the modules, so that they are only exploitable on +systems where the administrator has chosen to load the protocol. + +The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was +not present in the 'lenny' kernel, and seems to receive only sporadic +maintenance. Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings +--- + net/ieee802154/socket.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +--- a/net/ieee802154/socket.c ++++ b/net/ieee802154/socket.c +@@ -1122,4 +1122,4 @@ module_init(af_ieee802154_init); + module_exit(af_ieee802154_remove); + + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_IEEE802154); ++/* MODULE_ALIAS_NETPROTO(PF_IEEE802154); */ diff --git a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch new file mode 100644 index 000000000..2df107cfb --- /dev/null +++ b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch @@ -0,0 +1,106 @@ +From: Ben Hutchings +Date: Fri, 22 Jun 2018 17:27:00 +0100 +Subject: android: Enable building ashmem and binder as modules +Bug-Debian: https://bugs.debian.org/901492 + +We want to enable use of the Android ashmem and binder drivers to +support Anbox, but they should not be built-in as that would waste +resources and increase security attack surface on systems that don't +need them. + +- Add a MODULE_LICENSE declaration to ashmem +- Change the Makefiles to build each driver as an object with the + "_linux" suffix (which is what Anbox expects) +- Change config symbol types to tristate +--- + drivers/android/Kconfig | 2 +- + drivers/android/Makefile | 7 ++++--- + drivers/android/binder_alloc.c | 2 +- + drivers/staging/android/Kconfig | 2 +- + drivers/staging/android/Makefile | 3 ++- + drivers/staging/android/ashmem.c | 3 +++ + 6 files changed, 12 insertions(+), 7 deletions(-) + +Index: debian-kernel/drivers/android/Kconfig +=================================================================== +--- debian-kernel.orig/drivers/android/Kconfig ++++ debian-kernel/drivers/android/Kconfig +@@ -9,7 +9,7 @@ config ANDROID + if ANDROID + + config ANDROID_BINDER_IPC +- bool "Android Binder IPC Driver" ++ tristate "Android Binder IPC Driver" + depends on MMU + default n + help +Index: debian-kernel/drivers/android/Makefile +=================================================================== +--- debian-kernel.orig/drivers/android/Makefile ++++ debian-kernel/drivers/android/Makefile +@@ -1,6 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0-only + ccflags-y += -I$(src) # needed for trace events + +-obj-$(CONFIG_ANDROID_BINDERFS) += binderfs.o +-obj-$(CONFIG_ANDROID_BINDER_IPC) += binder.o binder_alloc.o +-obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o ++obj-$(CONFIG_ANDROID_BINDER_IPC) += binder_linux.o ++binder_linux-y := binder.o binder_alloc.o ++binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o ++binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o +Index: debian-kernel/drivers/android/binder_alloc.c +=================================================================== +--- debian-kernel.orig/drivers/android/binder_alloc.c ++++ debian-kernel/drivers/android/binder_alloc.c +@@ -38,7 +38,7 @@ enum { + }; + static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR; + +-module_param_named(debug_mask, binder_alloc_debug_mask, ++module_param_named(alloc_debug_mask, binder_alloc_debug_mask, + uint, 0644); + + #define binder_alloc_debug(mask, x...) \ +Index: debian-kernel/drivers/staging/android/Kconfig +=================================================================== +--- debian-kernel.orig/drivers/staging/android/Kconfig ++++ debian-kernel/drivers/staging/android/Kconfig +@@ -4,7 +4,7 @@ menu "Android" + if ANDROID + + config ASHMEM +- bool "Enable the Anonymous Shared Memory Subsystem" ++ tristate "Enable the Anonymous Shared Memory Subsystem" + depends on SHMEM + help + The ashmem subsystem is a new shared memory allocator, similar to +Index: debian-kernel/drivers/staging/android/Makefile +=================================================================== +--- debian-kernel.orig/drivers/staging/android/Makefile ++++ debian-kernel/drivers/staging/android/Makefile +@@ -3,4 +3,5 @@ ccflags-y += -I$(src) # needed for tra + + obj-y += ion/ + +-obj-$(CONFIG_ASHMEM) += ashmem.o ++obj-$(CONFIG_ASHMEM) += ashmem_linux.o ++ashmem_linux-y += ashmem.o +Index: debian-kernel/drivers/staging/android/ashmem.c +=================================================================== +--- debian-kernel.orig/drivers/staging/android/ashmem.c ++++ debian-kernel/drivers/staging/android/ashmem.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include "ashmem.h" + + #define ASHMEM_NAME_PREFIX "dev/ashmem/" +@@ -953,3 +954,5 @@ out: + return ret; + } + device_initcall(ashmem_init); ++ ++MODULE_LICENSE("GPL v2"); diff --git a/debian/patches/debian/arch-sh4-fix-uimage-build.patch b/debian/patches/debian/arch-sh4-fix-uimage-build.patch new file mode 100644 index 000000000..89e626b6b --- /dev/null +++ b/debian/patches/debian/arch-sh4-fix-uimage-build.patch @@ -0,0 +1,26 @@ +From: Nobuhiro Iwamatsu +Subject: [sh4] Fix uImage build +Bug-Debian: https://bugs.debian.org/569034 +Forwarded: not-needed + +[bwh: This was added without a description, but I think it is done + only to avoid a build-dependency on u-boot-tools.] +--- + arch/sh/Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/sh/Makefile b/arch/sh/Makefile +index da9cf952f33c..974bbd9dcfcf 100644 +--- a/arch/sh/Makefile ++++ b/arch/sh/Makefile +@@ -85,7 +85,6 @@ OBJCOPYFLAGS := -O binary -R .note -R .note.gnu.build-id -R .comment \ + + # Give the various platforms the opportunity to set default image types + defaultimage-y := zImage +-defaultimage-$(CONFIG_SH_SH7785LCR) := uImage + defaultimage-$(CONFIG_SH_RSK) := uImage + defaultimage-$(CONFIG_SH_URQUELL) := uImage + defaultimage-$(CONFIG_SH_MIGOR) := uImage +-- +2.27.0 + diff --git a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch new file mode 100644 index 000000000..9f21e0705 --- /dev/null +++ b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch @@ -0,0 +1,35 @@ +From: Adam Borowski +Date: Tue, 28 Mar 2017 16:55:05 +0200 +Subject: btrfs: warn about RAID5/6 being experimental at mount time +Bug-Debian: https://bugs.debian.org/863290 +Origin: https://bugs.debian.org/863290#5 + +Too many people come complaining about losing their data -- and indeed, +there's no warning outside a wiki and the mailing list tribal knowledge. +Message severity chosen for consistency with XFS -- "alert" makes dmesg +produce nice red background which should get the point across. + +Signed-off-by: Adam Borowski +[bwh: Also add_taint() so this is flagged in bug reports] +--- + fs/btrfs/disk-io.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -3060,6 +3060,15 @@ retry_root_backup: + btrfs_set_and_info(fs_info, SSD, "enabling ssd optimizations"); + } + ++ if ((fs_info->avail_data_alloc_bits | ++ fs_info->avail_metadata_alloc_bits | ++ fs_info->avail_system_alloc_bits) & ++ BTRFS_BLOCK_GROUP_RAID56_MASK) { ++ btrfs_alert(fs_info, ++ "btrfs RAID5/6 is EXPERIMENTAL and has known data-loss bugs"); ++ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); ++ } ++ + /* + * Mount does not set all options immediately, we can do it now and do + * not have to wait for transaction commit diff --git a/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch b/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch new file mode 100644 index 000000000..70b446860 --- /dev/null +++ b/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings +Subject: cdc_ncm,cdc_mbim: Use NCM by default +Date: Sun, 31 Mar 2013 03:58:04 +0100 +Forwarded: not-needed + +Devices that support both NCM and MBIM modes should be kept in NCM +mode unless there is userland support for MBIM. + +Set the default value of cdc_ncm.prefer_mbim to false and leave it to +userland (modem-manager) to override this with a modprobe.conf file +once it's ready to speak MBIM. + +--- +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -53,11 +53,7 @@ + #include + #include + +-#if IS_ENABLED(CONFIG_USB_NET_CDC_MBIM) +-static bool prefer_mbim = true; +-#else + static bool prefer_mbim; +-#endif + module_param(prefer_mbim, bool, 0644); + MODULE_PARM_DESC(prefer_mbim, "Prefer MBIM setting on dual NCM/MBIM functions"); + diff --git a/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch new file mode 100644 index 000000000..83583184e --- /dev/null +++ b/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch @@ -0,0 +1,41 @@ +From: Ben Hutchings +Date: Thu, 16 Feb 2017 19:09:17 +0000 +Subject: dccp: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +We can mitigate the effect of vulnerabilities in obscure protocols by +preventing unprivileged users from loading the modules, so that they +are only exploitable on systems where the administrator has chosen to +load the protocol. + +The 'dccp' protocol is not actively maintained or widely used. +Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings +--- +--- a/net/dccp/ipv4.c ++++ b/net/dccp/ipv4.c +@@ -1071,8 +1071,8 @@ module_exit(dccp_v4_exit); + * values directly, Also cover the case where the protocol is not specified, + * i.e. net-pf-PF_INET-proto-0-type-SOCK_DCCP + */ +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6); +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6); ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6); */ ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6); */ + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Arnaldo Carvalho de Melo "); + MODULE_DESCRIPTION("DCCP - Datagram Congestion Controlled Protocol"); +--- a/net/dccp/ipv6.c ++++ b/net/dccp/ipv6.c +@@ -1125,8 +1125,8 @@ module_exit(dccp_v6_exit); + * values directly, Also cover the case where the protocol is not specified, + * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP + */ +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); */ ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); */ + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Arnaldo Carvalho de Melo "); + MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol"); diff --git a/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch b/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch new file mode 100644 index 000000000..0e5176908 --- /dev/null +++ b/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Date: Mon, 13 Apr 2009 17:34:00 +0100 +Subject: Remove microcode patches for mgsuvd (not enabled in Debian configs) +Forwarded: not-needed + +diff --git a/arch/powerpc/platforms/8xx/Kconfig b/arch/powerpc/platforms/8xx/Kconfig +index 48a920a..81570b6 100644 +--- a/arch/powerpc/platforms/8xx/Kconfig ++++ b/arch/powerpc/platforms/8xx/Kconfig +@@ -160,16 +160,19 @@ config NO_UCODE_PATCH + + config USB_SOF_UCODE_PATCH + bool "USB SOF patch" ++ depends on BROKEN + help + Help not implemented yet, coming soon. + + config I2C_SPI_UCODE_PATCH + bool "I2C/SPI relocation patch" ++ depends on BROKEN + help + Help not implemented yet, coming soon. + + config I2C_SPI_SMC1_UCODE_PATCH + bool "I2C/SPI/SMC1 relocation patch" ++ depends on BROKEN + help + Help not implemented yet, coming soon. + diff --git a/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch b/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch new file mode 100644 index 000000000..840cf24d7 --- /dev/null +++ b/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch @@ -0,0 +1,18 @@ +From: Ben Hutchings +Date: Sat, 24 Aug 2019 19:00:41 +0100 +Subject: Documentation: Fix broken link to CIPSO draft +Forwarded: not-needed + +We exclude the CIPSO draft text as its licence is not DFSG compliant. +Link to the IETF's online version instead. + +--- +--- a/Documentation/netlabel/draft_ietf.rst ++++ b/Documentation/netlabel/draft_ietf.rst +@@ -1,5 +1,4 @@ + Draft IETF CIPSO IP Security + ---------------------------- + +- .. include:: draft-ietf-cipso-ipsecurity-01.txt +- :literal: ++https://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 diff --git a/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch b/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch new file mode 100644 index 000000000..4e42da9a9 --- /dev/null +++ b/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch @@ -0,0 +1,15 @@ +From: Ben Hutchings +Date: Mon, 17 Aug 2009 02:45:41 +0100 +Subject: dvb-usb-af9005: mark as broken +Forwarded: not-needed + +--- a/drivers/media/usb/dvb-usb/Kconfig ++++ b/drivers/media/usb/dvb-usb/Kconfig +@@ -227,6 +227,7 @@ config DVB_USB_OPERA1 + + config DVB_USB_AF9005 + tristate "Afatech AF9005 DVB-T USB1.1 support" ++ depends on BROKEN + depends on DVB_USB + select MEDIA_TUNER_MT2060 if MEDIA_SUBDRV_AUTOSELECT + select MEDIA_TUNER_QT1010 if MEDIA_SUBDRV_AUTOSELECT diff --git a/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch b/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch new file mode 100644 index 000000000..44258800a --- /dev/null +++ b/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch @@ -0,0 +1,54 @@ +From: Frederik Schüler +Date: Fri, 05 Jan 2007 15:55:24 +0000 +Subject: Add removal patches for: 3c359, smctr, keyspan, cops +Forwarded: not-needed + +--- + drivers/net/appletalk/Kconfig | 26 -------------------------- + drivers/net/appletalk/Makefile | 1 - + 2 files changed, 27 deletions(-) + +--- a/drivers/net/appletalk/Kconfig ++++ b/drivers/net/appletalk/Kconfig +@@ -50,33 +50,6 @@ config LTPC + This driver is experimental, which means that it may not work. + See the file . + +-config COPS +- tristate "COPS LocalTalk PC support" +- depends on DEV_APPLETALK && (ISA || EISA) +- help +- This allows you to use COPS AppleTalk cards to connect to LocalTalk +- networks. You also need version 1.3.3 or later of the netatalk +- package. This driver is experimental, which means that it may not +- work. This driver will only work if you choose "AppleTalk DDP" +- networking support, above. +- Please read the file +- . +- +-config COPS_DAYNA +- bool "Dayna firmware support" +- depends on COPS +- help +- Support COPS compatible cards with Dayna style firmware (Dayna +- DL2000/ Daynatalk/PC (half length), COPS LT-95, Farallon PhoneNET PC +- III, Farallon PhoneNET PC II). +- +-config COPS_TANGENT +- bool "Tangent firmware support" +- depends on COPS +- help +- Support COPS compatible cards with Tangent style firmware (Tangent +- ATB_II, Novell NL-1000, Daystar Digital LT-200. +- + config IPDDP + tristate "Appletalk-IP driver support" + depends on DEV_APPLETALK && ATALK +--- a/drivers/net/appletalk/Makefile ++++ b/drivers/net/appletalk/Makefile +@@ -4,5 +4,4 @@ + # + + obj-$(CONFIG_IPDDP) += ipddp.o +-obj-$(CONFIG_COPS) += cops.o + obj-$(CONFIG_LTPC) += ltpc.o diff --git a/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch b/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch new file mode 100644 index 000000000..4adc90c2d --- /dev/null +++ b/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch @@ -0,0 +1,128 @@ +From: Ben Hutchings +Date: Sat, 2 Jun 2012 19:53:38 +0100 +Subject: video: Remove nvidiafb and rivafb +Bug-Debian: https://bugs.debian.org/383481 +Forwarded: no + +These drivers contain register programming code provided by the +hardware vendor that appears to have been deliberately obfuscated. +This is arguably not the preferred form for modification. + +These drivers are also largely redundant with nouveau. The RIVA 128 +(NV3) is not supported by nouveau but is about 15 years old and +probably discontinued 10 years ago. + +--- +--- a/drivers/video/fbdev/Kconfig ++++ b/drivers/video/fbdev/Kconfig +@@ -866,99 +866,6 @@ config FB_ATMEL + help + This enables support for the AT91 LCD Controller. + +-config FB_NVIDIA +- tristate "nVidia Framebuffer Support" +- depends on FB && PCI +- select FB_BACKLIGHT if FB_NVIDIA_BACKLIGHT +- select FB_MODE_HELPERS +- select FB_CFB_FILLRECT +- select FB_CFB_COPYAREA +- select FB_CFB_IMAGEBLIT +- select BITREVERSE +- select VGASTATE +- help +- This driver supports graphics boards with the nVidia chips, TNT +- and newer. For very old chipsets, such as the RIVA128, then use +- the rivafb. +- Say Y if you have such a graphics board. +- +- To compile this driver as a module, choose M here: the +- module will be called nvidiafb. +- +-config FB_NVIDIA_I2C +- bool "Enable DDC Support" +- depends on FB_NVIDIA +- select FB_DDC +- help +- This enables I2C support for nVidia Chipsets. This is used +- only for getting EDID information from the attached display +- allowing for robust video mode handling and switching. +- +- Because fbdev-2.6 requires that drivers must be able to +- independently validate video mode parameters, you should say Y +- here. +- +-config FB_NVIDIA_DEBUG +- bool "Lots of debug output" +- depends on FB_NVIDIA +- help +- Say Y here if you want the nVidia driver to output all sorts +- of debugging information to provide to the maintainer when +- something goes wrong. +- +-config FB_NVIDIA_BACKLIGHT +- bool "Support for backlight control" +- depends on FB_NVIDIA +- default y +- help +- Say Y here if you want to control the backlight of your display. +- +-config FB_RIVA +- tristate "nVidia Riva support" +- depends on FB && PCI +- select FB_BACKLIGHT if FB_RIVA_BACKLIGHT +- select FB_MODE_HELPERS +- select FB_CFB_FILLRECT +- select FB_CFB_COPYAREA +- select FB_CFB_IMAGEBLIT +- select BITREVERSE +- select VGASTATE +- help +- This driver supports graphics boards with the nVidia Riva/Geforce +- chips. +- Say Y if you have such a graphics board. +- +- To compile this driver as a module, choose M here: the +- module will be called rivafb. +- +-config FB_RIVA_I2C +- bool "Enable DDC Support" +- depends on FB_RIVA +- select FB_DDC +- help +- This enables I2C support for nVidia Chipsets. This is used +- only for getting EDID information from the attached display +- allowing for robust video mode handling and switching. +- +- Because fbdev-2.6 requires that drivers must be able to +- independently validate video mode parameters, you should say Y +- here. +- +-config FB_RIVA_DEBUG +- bool "Lots of debug output" +- depends on FB_RIVA +- help +- Say Y here if you want the Riva driver to output all sorts +- of debugging information to provide to the maintainer when +- something goes wrong. +- +-config FB_RIVA_BACKLIGHT +- bool "Support for backlight control" +- depends on FB_RIVA +- default y +- help +- Say Y here if you want to control the backlight of your display. +- + config FB_I740 + tristate "Intel740 support" + depends on FB && PCI +--- a/drivers/video/fbdev/Makefile ++++ b/drivers/video/fbdev/Makefile +@@ -21,8 +21,6 @@ obj-$(CONFIG_FB_PM3) += pm3fb.o + + obj-$(CONFIG_FB_I740) += i740fb.o + obj-$(CONFIG_FB_MATROX) += matrox/ +-obj-$(CONFIG_FB_RIVA) += riva/ +-obj-$(CONFIG_FB_NVIDIA) += nvidia/ + obj-$(CONFIG_FB_ATY) += aty/ macmodes.o + obj-$(CONFIG_FB_ATY128) += aty/ macmodes.o + obj-$(CONFIG_FB_RADEON) += aty/ diff --git a/debian/patches/debian/dfsg/vs6624-disable.patch b/debian/patches/debian/dfsg/vs6624-disable.patch new file mode 100644 index 000000000..b99070c0c --- /dev/null +++ b/debian/patches/debian/dfsg/vs6624-disable.patch @@ -0,0 +1,24 @@ +From: Ben Hutchings +Date: Sun, 27 May 2012 01:56:58 +0100 +Subject: vs6624: mark as broken +Forwarded: not-needed + +--- + drivers/media/i2c/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/media/i2c/Kconfig b/drivers/media/i2c/Kconfig +index c68e002d26ea..9055d4658c78 100644 +--- a/drivers/media/i2c/Kconfig ++++ b/drivers/media/i2c/Kconfig +@@ -843,6 +843,7 @@ config VIDEO_OV13858 + OV13858 camera. + + config VIDEO_VS6624 ++ depends on BROKEN + tristate "ST VS6624 sensor support" + depends on VIDEO_V4L2 && I2C + help +-- +2.24.0 + diff --git a/debian/patches/debian/documentation-drop-sphinx-version-check.patch b/debian/patches/debian/documentation-drop-sphinx-version-check.patch new file mode 100644 index 000000000..cb7f53bbe --- /dev/null +++ b/debian/patches/debian/documentation-drop-sphinx-version-check.patch @@ -0,0 +1,52 @@ +From 252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001 +From: Bastian Blank +Date: Tue, 4 Aug 2020 09:44:19 +0000 +Subject: [PATCH 1/2] Documentation: Drop sphinx version check +Forwarded: not-needed + +--- + Documentation/Makefile | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/Documentation/Makefile b/Documentation/Makefile +index 6b12dd82f712..613276ca41f6 100644 +--- a/Documentation/Makefile ++++ b/Documentation/Makefile +@@ -78,14 +78,12 @@ quiet_cmd_sphinx = SPHINX $@ --> file://$(abspath $(BUILDDIR)/$3/$4) + $(abspath $(BUILDDIR)/$3/$4) + + htmldocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,html,$(var),,$(var))) + + linkcheckdocs: + @$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,linkcheck,$(var),,$(var))) + + latexdocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,latex,$(var),latex,$(var))) + + ifeq ($(HAVE_PDFLATEX),0) +@@ -97,7 +95,6 @@ pdfdocs: + else # HAVE_PDFLATEX + + pdfdocs: latexdocs +- @$(srctree)/scripts/sphinx-pre-install --version-check + $(foreach var,$(SPHINXDIRS), \ + $(MAKE) PDFLATEX="$(PDFLATEX)" LATEXOPTS="$(LATEXOPTS)" -C $(BUILDDIR)/$(var)/latex || exit; \ + mkdir -p $(BUILDDIR)/$(var)/pdf; \ +@@ -107,11 +104,9 @@ pdfdocs: latexdocs + endif # HAVE_PDFLATEX + + epubdocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,epub,$(var),epub,$(var))) + + xmldocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,xml,$(var),xml,$(var))) + + endif # HAVE_SPHINX +-- +2.28.0 + diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch new file mode 100644 index 000000000..66b6b9722 --- /dev/null +++ b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch @@ -0,0 +1,113 @@ +From: Ben Hutchings +Date: Mon, 07 Sep 2020 02:51:53 +0100 +Subject: Export symbols needed by Android drivers +Bug-Debian: https://bugs.debian.org/901492 + +We want to enable use of the Android ashmem and binder drivers to +support Anbox, but they should not be built-in as that would waste +resources and increase security attack surface on systems that don't +need them. + +Export the currently un-exported symbols they depend on. + +--- + fs/file.c | 1 + + kernel/sched/core.c | 1 + + kernel/sched/wait.c | 1 + + kernel/task_work.c | 1 + + mm/memory.c | 1 + + mm/shmem.c | 1 + + security/security.c | 4 ++++ + 7 files changed, 10 insertions(+) + +--- a/fs/file.c ++++ b/fs/file.c +@@ -823,6 +823,7 @@ int close_fd_get_file(unsigned int fd, s + + return ret; + } ++EXPORT_SYMBOL(close_fd_get_file); + + void do_close_on_exec(struct files_struct *files) + { +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -5049,6 +5049,7 @@ int can_nice(const struct task_struct *p + return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || + capable(CAP_SYS_NICE)); + } ++EXPORT_SYMBOL_GPL(can_nice); + + #ifdef __ARCH_WANT_SYS_NICE + +--- a/kernel/task_work.c ++++ b/kernel/task_work.c +@@ -57,6 +57,7 @@ int task_work_add(struct task_struct *ta + + return 0; + } ++EXPORT_SYMBOL(task_work_add); + + /** + * task_work_cancel_match - cancel a pending work added by task_work_add() +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1578,6 +1578,7 @@ void zap_page_range(struct vm_area_struc + mmu_notifier_invalidate_range_end(&range); + tlb_finish_mmu(&tlb, start, range.end); + } ++EXPORT_SYMBOL_GPL(zap_page_range); + + /** + * zap_page_range_single - remove user pages in a given range +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -4288,6 +4288,7 @@ int shmem_zero_setup(struct vm_area_stru + + return 0; + } ++EXPORT_SYMBOL_GPL(shmem_zero_setup); + + /** + * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags. +--- a/security/security.c ++++ b/security/security.c +@@ -729,24 +729,28 @@ int security_binder_set_context_mgr(cons + { + return call_int_hook(binder_set_context_mgr, 0, mgr); + } ++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); + + int security_binder_transaction(const struct cred *from, + const struct cred *to) + { + return call_int_hook(binder_transaction, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transaction); + + int security_binder_transfer_binder(const struct cred *from, + const struct cred *to) + { + return call_int_hook(binder_transfer_binder, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_binder); + + int security_binder_transfer_file(const struct cred *from, + const struct cred *to, struct file *file) + { + return call_int_hook(binder_transfer_file, 0, from, to, file); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_file); + + int security_ptrace_access_check(struct task_struct *child, unsigned int mode) + { +--- a/kernel/sched/wait.c ++++ b/kernel/sched/wait.c +@@ -229,6 +229,7 @@ void __wake_up_pollfree(struct wait_queu + /* POLLFREE must have cleared the queue. */ + WARN_ON_ONCE(waitqueue_active(wq_head)); + } ++EXPORT_SYMBOL_GPL(__wake_up_pollfree); + + /* + * Note: we use "set_current_state()" _after_ the wait-queue add, diff --git a/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch b/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch new file mode 100644 index 000000000..82cdda18e --- /dev/null +++ b/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Subject: fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS +Date: Wed, 13 Jul 2016 01:37:22 +0100 +Forwarded: not-needed + +Various free and proprietary AV products use this feature and users +apparently want it. But punting access checks to userland seems like +an easy way to deadlock the system, and there will be nothing we can +do about that. So warn and taint the kernel if this feature is +actually used. + +--- +--- a/fs/notify/fanotify/fanotify_user.c ++++ b/fs/notify/fanotify/fanotify_user.c +@@ -1170,6 +1170,14 @@ static int do_fanotify_mark(int fanotify + if (ignored) + mask &= ~FANOTIFY_EVENT_FLAGS; + ++#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS ++ if (mask & FANOTIFY_PERM_EVENTS) { ++ pr_warn_once("%s (%d): Using fanotify permission checks may lead to deadlock; tainting kernel\n", ++ current->comm, current->pid); ++ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); ++ } ++#endif ++ + f = fdget(fanotify_fd); + if (unlikely(!f.file)) + return -EBADF; diff --git a/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch b/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch new file mode 100644 index 000000000..27bc69903 --- /dev/null +++ b/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch @@ -0,0 +1,52 @@ +From: Ben Hutchings +Date: Mon, 12 Mar 2018 01:14:03 +0000 +Subject: firmware_class: Refer to Debian wiki page when logging missing firmware +Bug-Debian: https://bugs.debian.org/888405 +Forwarded: not-needed + +If firmware loading fails due to a missing file, log a second error +message referring to our wiki page about firmware. This will explain +why some firmware is in non-free, or can't be packaged at all. Only +do this once per boot. + +Do something similar in the radeon and amdgpu drivers, where we have +an early check to avoid failing at a point where we cannot display +anything. + +--- +--- a/drivers/base/firmware_loader/main.c ++++ b/drivers/base/firmware_loader/main.c +@@ -334,9 +334,12 @@ fw_get_filesystem_firmware(struct device + } + __putname(path); + +- if (rc) ++ if (rc) { + dev_err(device, "firmware: failed to load %s (%d)\n", + fw_priv->fw_name, rc); ++ if (rc == -ENOENT) ++ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); ++ } + + return rc; + } +--- a/drivers/gpu/drm/radeon/radeon_drv.c ++++ b/drivers/gpu/drm/radeon/radeon_drv.c +@@ -367,6 +367,7 @@ static int radeon_pci_probe(struct pci_d + if ((ent->driver_data & RADEON_FAMILY_MASK) >= CHIP_R600 && + !radeon_firmware_installed()) { + DRM_ERROR("radeon kernel modesetting for R600 or later requires firmware installed\n"); ++ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); + return -ENODEV; + } + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +@@ -626,6 +626,7 @@ static int amdgpu_pci_probe(struct pci_d + + if (!amdgpu_firmware_installed()) { + DRM_ERROR("amdgpu requires firmware installed\n"); ++ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); + return -ENODEV; + } + diff --git a/debian/patches/debian/fjes-disable-autoload.patch b/debian/patches/debian/fjes-disable-autoload.patch new file mode 100644 index 000000000..59b56708e --- /dev/null +++ b/debian/patches/debian/fjes-disable-autoload.patch @@ -0,0 +1,24 @@ +From: Ben Hutchings +Date: Sat, 18 Mar 2017 20:47:58 +0000 +Subject: fjes: Disable auto-loading +Bug-Debian: https://bugs.debian.org/853976 +Forwarded: no + +fjes matches a generic ACPI device ID, and relies on its probe +function to distinguish whether that really corresponds to a supported +device. Very few system will need the driver and it wastes memory on +all the other systems where the same device ID appears, so disable +auto-loading. + +--- +--- a/drivers/net/fjes/fjes_main.c ++++ b/drivers/net/fjes/fjes_main.c +@@ -81,7 +81,7 @@ static const struct acpi_device_id fjes_ + {ACPI_MOTHERBOARD_RESOURCE_HID, 0}, + {"", 0}, + }; +-MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids); ++/* MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids); */ + + static struct acpi_driver fjes_acpi_driver = { + .name = DRV_NAME, diff --git a/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch b/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch new file mode 100644 index 000000000..e2a8679a5 --- /dev/null +++ b/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch @@ -0,0 +1,22 @@ +From: Ben Hutchings +Subject: fs: Enable link security restrictions by default +Date: Fri, 02 Nov 2012 05:32:06 +0000 +Bug-Debian: https://bugs.debian.org/609455 +Forwarded: not-needed + +This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415 +('VFS: don't do protected {sym,hard}links by default'). + +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -885,8 +885,8 @@ static inline void put_link(struct namei + path_put(&last->link); + } + +-int sysctl_protected_symlinks __read_mostly = 0; +-int sysctl_protected_hardlinks __read_mostly = 0; ++int sysctl_protected_symlinks __read_mostly = 1; ++int sysctl_protected_hardlinks __read_mostly = 1; + int sysctl_protected_fifos __read_mostly; + int sysctl_protected_regular __read_mostly; + diff --git a/debian/patches/debian/gitignore.patch b/debian/patches/debian/gitignore.patch new file mode 100644 index 000000000..78a7235fa --- /dev/null +++ b/debian/patches/debian/gitignore.patch @@ -0,0 +1,49 @@ +From: Ian Campbell +Date: Thu, 17 Jan 2013 08:55:21 +0000 +Subject: Tweak gitignore for Debian pkg-kernel using git svn. +Forwarded: not-needed + +[bwh: Tweak further for pure git] + +--- a/.gitignore ++++ b/.gitignore +@@ -71,11 +71,6 @@ modules.order + /*.spec + + # +-# Debian directory (make deb-pkg) +-# +-/debian/ +- +-# + # Snap directory (make snap-pkg) + # + /snap/ +@@ -86,16 +81,6 @@ modules.order + /tar-install/ + + # +-# We don't want to ignore the following even if they are dot-files +-# +-!.clang-format +-!.cocciconfig +-!.get_maintainer.ignore +-!.gitattributes +-!.gitignore +-!.mailmap +- +-# + # Generated include files + # + /include/config/ +@@ -155,3 +140,10 @@ x509.genkey + + # Documentation toolchain + sphinx_*/ ++ ++# ++# Debian packaging: ignore everything at the top level, since it isn't ++# included in our repository ++# ++/* ++!/debian/ diff --git a/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch new file mode 100644 index 000000000..b532d0054 --- /dev/null +++ b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch @@ -0,0 +1,48 @@ +From: Ben Hutchings +Date: Mon, 05 Aug 2019 00:29:11 +0100 +Subject: hamradio: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +We can mitigate the effect of vulnerabilities in obscure protocols by +preventing unprivileged users from loading the modules, so that they +are only exploitable on systems where the administrator has chosen to +load the protocol. + +The 'ham' radio protocols (ax25, netrom, rose) are not actively +maintained or widely used. Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings +--- +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -1986,7 +1986,7 @@ module_init(ax25_init); + MODULE_AUTHOR("Jonathan Naylor G4KLX "); + MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_AX25); ++/* MODULE_ALIAS_NETPROTO(PF_AX25); */ + + static void __exit ax25_exit(void) + { +--- a/net/netrom/af_netrom.c ++++ b/net/netrom/af_netrom.c +@@ -1486,7 +1486,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NE + MODULE_AUTHOR("Jonathan Naylor G4KLX "); + MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_NETROM); ++/* MODULE_ALIAS_NETPROTO(PF_NETROM); */ + + static void __exit nr_exit(void) + { +--- a/net/rose/af_rose.c ++++ b/net/rose/af_rose.c +@@ -1577,7 +1577,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of + MODULE_AUTHOR("Jonathan Naylor G4KLX "); + MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_ROSE); ++/* MODULE_ALIAS_NETPROTO(PF_ROSE); */ + + static void __exit rose_exit(void) + { diff --git a/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch new file mode 100644 index 000000000..1b216d0d1 --- /dev/null +++ b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings +Date: Tue, 16 Feb 2016 02:45:42 +0000 +Subject: [i386/686-pae] PCI: Set pci=nobios by default +Forwarded: not-needed + +CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped +W+X, which is undesirable for security reasons and will result in a +warning at boot now that we enable CONFIG_DEBUG_WX. + +This can be overridden using the kernel parameter "pci=nobios", but we +want to disable W+X by default. Disable PCI BIOS probing by default; +it can still be enabled using "pci=bios". + +--- +--- a/arch/x86/pci/common.c ++++ b/arch/x86/pci/common.c +@@ -21,8 +21,8 @@ + #include + #include + +-unsigned int pci_probe = PCI_PROBE_BIOS | PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | +- PCI_PROBE_MMCONF; ++unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | PCI_PROBE_MMCONF | ++ (IS_ENABLED(CONFIG_X86_64) || IS_ENABLED(CONFIG_X86_PAE) ? 0 : PCI_PROBE_BIOS); + + static int pci_bf_sort; + int pci_routeirq; diff --git a/debian/patches/debian/ia64-hardcode-arch-script-output.patch b/debian/patches/debian/ia64-hardcode-arch-script-output.patch new file mode 100644 index 000000000..064157efc --- /dev/null +++ b/debian/patches/debian/ia64-hardcode-arch-script-output.patch @@ -0,0 +1,75 @@ +From: dann frazier +Subject: Hardcode arch script output +Date: Mon, 26 Mar 2007 16:30:51 -0600 +Bug-Debian: https://bugs.debian.org/392592 +Forwarded: not-needed + +Here's a patch that simply uses hardcoded definitions instead of +doing the dynamic tests that require architecture-specific scripts. + +I don't particularly like this approach because it restricts +portability and diverts from upstream. But, it is simpler, and this +really needs to be fixed somehow before etch (along with a rebuild of +linux-modules-extra-2.6), so I'm willing to live with it if my other +patch is deemed unacceptable. + +My primary concern is that, in the future, the output of these scripts +will change and we (or our successors) will either not notice or +forget to update the hardcoded values. + +Including the scripts in linux-kbuild will avoid this manual step +altogether, and allow for the possibility of other archs to provide +their own scripts in the future. +--- + arch/ia64/Makefile | 17 ++--------------- + 1 file changed, 2 insertions(+), 15 deletions(-) + +Index: debian-kernel/arch/ia64/Makefile +=================================================================== +--- debian-kernel.orig/arch/ia64/Makefile ++++ debian-kernel/arch/ia64/Makefile +@@ -28,16 +28,7 @@ cflags-y := -pipe $(EXTRA) -ffixed-r13 - + -falign-functions=32 -frename-registers -fno-optimize-sibling-calls + KBUILD_CFLAGS_KERNEL := -mconstant-gp + +-GAS_STATUS = $(shell $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") +-KBUILD_CPPFLAGS += $(shell $(srctree)/arch/ia64/scripts/toolchain-flags "$(CC)" "$(OBJDUMP)" "$(READELF)") +- +-ifeq ($(GAS_STATUS),buggy) +-$(error Sorry, you need a newer version of the assember, one that is built from \ +- a source-tree that post-dates 18-Dec-2002. You can find a pre-compiled \ +- static binary of such an assembler at: \ +- \ +- ftp://ftp.hpl.hp.com/pub/linux-ia64/gas-030124.tar.gz) +-endif ++KBUILD_CPPFLAGS += -DHAVE_WORKING_TEXT_ALIGN -DHAVE_MODEL_SMALL_ATTRIBUTE -DHAVE_SERIALIZE_DIRECTIVE + + quiet_cmd_gzip = GZIP $@ + cmd_gzip = cat $(real-prereqs) | $(KGZIP) -n -f -9 > $@ +@@ -57,7 +48,7 @@ drivers-$(CONFIG_OPROFILE) += arch/ia64/ + + PHONY += compressed check + +-all: compressed unwcheck ++all: compressed + + compressed: vmlinux.gz + +@@ -69,9 +60,6 @@ vmlinux.gz: vmlinux.bin FORCE + vmlinux.bin: vmlinux FORCE + $(call if_changed,objcopy) + +-unwcheck: vmlinux +- -$(Q)READELF=$(READELF) $(PYTHON) $(srctree)/arch/ia64/scripts/unwcheck.py $< +- + archclean: + + archheaders: +@@ -85,7 +73,6 @@ install: vmlinux.gz + define archhelp + echo '* compressed - Build compressed kernel image' + echo ' install - Install compressed kernel image' +- echo '* unwcheck - Check vmlinux for invalid unwind info' + endef + + archprepare: make_nr_irqs_h diff --git a/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch b/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch new file mode 100644 index 000000000..c8061436d --- /dev/null +++ b/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch @@ -0,0 +1,26 @@ +From: Ben Hutchings +Subject: iwlwifi: Do not request unreleased firmware for IWL6000 +Bug-Debian: https://bugs.debian.org/689416 +Forwarded: not-needed + +The iwlwifi driver currently supports firmware API versions 4-6 for +these devices. It will request the file for the latest supported +version and then fall back to earlier versions. However, the latest +version that has actually been released is 4, so we expect the +requests for versions 6 and then 5 to fail. + +The installer appears to report any failed request, and it is probably +not easy to detect that this particular failure is harmless. So stop +requesting the unreleased firmware. + +--- a/drivers/net/wireless/intel/iwlwifi/cfg/6000.c ++++ b/drivers/net/wireless/intel/iwlwifi/cfg/6000.c +@@ -31,7 +31,7 @@ + #include "dvm/commands.h" /* needed for BT for now */ + + /* Highest firmware API version supported */ +-#define IWL6000_UCODE_API_MAX 6 ++#define IWL6000_UCODE_API_MAX 4 /* v5-6 are supported but not released */ + #define IWL6050_UCODE_API_MAX 5 + #define IWL6000G2_UCODE_API_MAX 6 + #define IWL6035_UCODE_API_MAX 6 diff --git a/debian/patches/debian/kbuild-abort-build-if-subdirs-used.patch b/debian/patches/debian/kbuild-abort-build-if-subdirs-used.patch new file mode 100644 index 000000000..ec23040d8 --- /dev/null +++ b/debian/patches/debian/kbuild-abort-build-if-subdirs-used.patch @@ -0,0 +1,37 @@ +From: Ben Hutchings +Date: Mon, 26 Apr 2021 18:27:16 +0200 +Subject: kbuild: Abort build if SUBDIRS used +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/987575 + +DKMS and module-assistant both build OOT modules as root. If they +build an old OOT module that still use SUBDIRS this causes Kbuild +to try building a full kernel, which obviously fails but not before +deleting files from the installed headers package. + +To avoid such mishaps, detect this situation and abort the build. + +The error message is based on that used in commit 0126be38d988 +"kbuild: announce removal of SUBDIRS if used". +--- +--- a/Makefile ++++ b/Makefile +@@ -218,6 +218,18 @@ ifeq ("$(origin M)", "command line") + KBUILD_EXTMOD := $(M) + endif + ++# Old syntax make ... SUBDIRS=$PWD should be rejected to avoid mishaps ++# (see Debian bugs #982334, #987575) ++ifndef KBUILD_EXTMOD ++ ifdef SUBDIRS ++ $(warning =============== ERROR ==============) ++ $(warning 'SUBDIRS' was removed in Linux 5.3) ++ $(warning Use 'M=' or 'KBUILD_EXTMOD=' instead) ++ $(warning ====================================) ++ $(error .) ++ endif ++endif ++ + $(if $(word 2, $(KBUILD_EXTMOD)), \ + $(error building multiple external modules is not supported)) + diff --git a/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch b/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch new file mode 100644 index 000000000..04e636319 --- /dev/null +++ b/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch @@ -0,0 +1,45 @@ +From: Ben Hutchings +Date: Thu, 10 Dec 2020 17:31:39 +0100 +Subject: kbuild: Look for module.lds under arch directory too +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/975571 + +The module.lds linker script is now built under the scripts directory, +where previously it was under arch/$(SRCARCH). + +However, we package the scripts directory as linux-kbuild, which is +meant to be able to do support native and cross-builds. That means it +shouldn't contain files for a specific target architecture without a +wrapper to select between them, and it doesn't appear that linker +scripts are powerful enough to implement such a wrapper. + +Building module.lds in a different location would require relatively +large changes. Moving it in the package build rules can work, but we +need to support custom kernel builds from the same source so we can't +assume it's moved. + +Therefore, we move module.lds under the arch build directory in +rules.real and change Makefile.modfinal to look for it in both places. + +--- +--- a/scripts/Makefile.modfinal ++++ b/scripts/Makefile.modfinal +@@ -28,15 +28,16 @@ quiet_cmd_cc_o_c = CC [M] $@ + $(call if_changed_dep,cc_o_c) + + ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink) ++ARCH_MODULE_LDS := $(word 1,$(wildcard scripts/module.lds arch/$(SRCARCH)/module.lds)) + + quiet_cmd_ld_ko_o = LD [M] $@ + cmd_ld_ko_o = \ + $(LD) -r $(KBUILD_LDFLAGS) \ + $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ +- -T scripts/module.lds -o $@ $(filter %.o, $^); \ ++ -T $(ARCH_MODULE_LDS) -o $@ $(filter %.o, $^); \ + $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) + +-$(modules): %.ko: %.o %.mod.o scripts/module.lds FORCE ++$(modules): %.ko: %.o %.mod.o $(ARCH_MODULE_LDS) FORCE + +$(call if_changed,ld_ko_o) + + targets += $(modules) $(modules:.ko=.mod.o) diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch new file mode 100644 index 000000000..c574f984a --- /dev/null +++ b/debian/patches/debian/kernelvariables.patch @@ -0,0 +1,82 @@ +From: Bastian Blank +Subject: kbuild: Make the toolchain variables easily overwritable +Date: Sun, 22 Feb 2009 15:39:35 +0100 +Forwarded: not-needed + +Allow make variables to be overridden for each flavour by a file in +the build tree, .kernelvariables. + +We currently use this for ARCH, KERNELRELEASE, CC, and in some cases +also CROSS_COMPILE, KCFLAGS. + +This file can only be read after we establish the build tree, and all +use of $(ARCH) needs to be moved after this. + +[bwh: Updated for 5.3: include .kernelvariables from current directory + rather than using undefined $(obj).] +--- +--- a/Makefile ++++ b/Makefile +@@ -363,31 +363,6 @@ include scripts/subarch.include + # Note: Some architectures assign CROSS_COMPILE in their arch/*/Makefile + ARCH ?= $(SUBARCH) + +-# Architecture as present in compile.h +-UTS_MACHINE := $(ARCH) +-SRCARCH := $(ARCH) +- +-# Additional ARCH settings for x86 +-ifeq ($(ARCH),i386) +- SRCARCH := x86 +-endif +-ifeq ($(ARCH),x86_64) +- SRCARCH := x86 +-endif +- +-# Additional ARCH settings for sparc +-ifeq ($(ARCH),sparc32) +- SRCARCH := sparc +-endif +-ifeq ($(ARCH),sparc64) +- SRCARCH := sparc +-endif +- +-# Additional ARCH settings for sh +-ifeq ($(ARCH),sh64) +- SRCARCH := sh +-endif +- + KCONFIG_CONFIG ?= .config + export KCONFIG_CONFIG + +@@ -442,6 +417,30 @@ CFLAGS_KERNEL = + AFLAGS_KERNEL = + LDFLAGS_vmlinux = + ++-include .kernelvariables ++ ++# Architecture as present in compile.h ++UTS_MACHINE := $(ARCH) ++SRCARCH := $(ARCH) ++ ++# Additional ARCH settings for x86 ++ifeq ($(ARCH),i386) ++ SRCARCH := x86 ++endif ++ifeq ($(ARCH),x86_64) ++ SRCARCH := x86 ++endif ++ ++# Additional ARCH settings for sparc ++ifeq ($(ARCH),sparc64) ++ SRCARCH := sparc ++endif ++ ++# Additional ARCH settings for sh ++ifeq ($(ARCH),sh64) ++ SRCARCH := sh ++endif ++ + # Use USERINCLUDE when you must reference the UAPI directories only. + USERINCLUDE := \ + -I$(srctree)/arch/$(SRCARCH)/include/uapi \ diff --git a/debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch b/debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch new file mode 100644 index 000000000..037999c8d --- /dev/null +++ b/debian/patches/debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch @@ -0,0 +1,83 @@ +From: Ben Hutchings +Date: Mon, 07 Sep 2020 03:38:04 +0100 +Subject: Makefile: Do not check for libelf when building OOT module + +When building out-of-tree modules, the necessary tools should have +already been built. We therefore do not need libelf-dev to be +installed. + +This effectively reverts commit 9f0c18aec620 "objtool: Fix +CONFIG_STACK_VALIDATION=y warning for out-of-tree modules", and +similarly moves the check introduced by commit 33a57ce0a54d "bpf: +Compile resolve_btfids tool at kernel compilation start". +--- + Makefile | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -1083,18 +1083,6 @@ export mod_sign_cmd + + HOST_LIBELF_LIBS = $(shell pkg-config libelf --libs 2>/dev/null || echo -lelf) + +-has_libelf = $(call try-run,\ +- echo "int main() {}" | $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) +- +-ifdef CONFIG_STACK_VALIDATION +- ifeq ($(has_libelf),1) +- objtool_target := tools/objtool FORCE +- else +- SKIP_STACK_VALIDATION := 1 +- export SKIP_STACK_VALIDATION +- endif +-endif +- + PHONY += resolve_btfids_clean + + resolve_btfids_O = $(abspath $(objtree))/tools/bpf/resolve_btfids +@@ -1106,16 +1094,6 @@ ifneq ($(wildcard $(resolve_btfids_O)),) + $(Q)$(MAKE) -sC $(srctree)/tools/bpf/resolve_btfids O=$(resolve_btfids_O) clean + endif + +-ifdef CONFIG_BPF +-ifdef CONFIG_DEBUG_INFO_BTF +- ifeq ($(has_libelf),1) +- resolve_btfids_target := tools/bpf/resolve_btfids FORCE +- else +- ERROR_RESOLVE_BTFIDS := 1 +- endif +-endif # CONFIG_DEBUG_INFO_BTF +-endif # CONFIG_BPF +- + PHONY += prepare0 + + export MODORDER := $(extmod-prefix)modules.order +@@ -1239,6 +1217,28 @@ uapi-asm-generic: + $(Q)$(MAKE) $(asm-generic)=arch/$(SRCARCH)/include/generated/uapi/asm \ + generic=include/uapi/asm-generic + ++has_libelf = $(call try-run,\ ++ echo "int main() {}" | $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) ++ ++ifdef CONFIG_STACK_VALIDATION ++ ifeq ($(has_libelf),1) ++ objtool_target := tools/objtool FORCE ++ else ++ SKIP_STACK_VALIDATION := 1 ++ export SKIP_STACK_VALIDATION ++ endif ++endif ++ ++ifdef CONFIG_BPF ++ifdef CONFIG_DEBUG_INFO_BTF ++ ifeq ($(has_libelf),1) ++ resolve_btfids_target := tools/bpf/resolve_btfids FORCE ++ else ++ ERROR_RESOLVE_BTFIDS := 1 ++ endif ++endif # CONFIG_DEBUG_INFO_BTF ++endif # CONFIG_BPF ++ + PHONY += prepare-objtool prepare-resolve_btfids + prepare-objtool: $(objtool_target) + ifeq ($(SKIP_STACK_VALIDATION),1) diff --git a/debian/patches/debian/mips-boston-disable-its.patch b/debian/patches/debian/mips-boston-disable-its.patch new file mode 100644 index 000000000..be108f35e --- /dev/null +++ b/debian/patches/debian/mips-boston-disable-its.patch @@ -0,0 +1,20 @@ +From: YunQiang Su +Date: Mon, 14 May 2018 16:16:18 +0800 +Subject: Disable uImage generation for mips generic +Forwarded: not-needed + +MIPS generic trys to generate uImage when build, which then ask for +u-boot-tools. + +--- a/arch/mips/generic/Platform ++++ b/arch/mips/generic/Platform +@@ -14,9 +14,6 @@ cflags-$(CONFIG_MIPS_GENERIC) += -I$(src + + load-$(CONFIG_MIPS_GENERIC) += 0xffffffff80100000 + zload-$(CONFIG_MIPS_GENERIC) += 0xffffffff81000000 +-all-$(CONFIG_MIPS_GENERIC) := vmlinux.gz.itb +- +-its-y := vmlinux.its.S + its-$(CONFIG_FIT_IMAGE_FDT_BOSTON) += board-boston.its.S + its-$(CONFIG_FIT_IMAGE_FDT_NI169445) += board-ni169445.its.S + its-$(CONFIG_FIT_IMAGE_FDT_OCELOT) += board-ocelot.its.S diff --git a/debian/patches/debian/mips-disable-werror.patch b/debian/patches/debian/mips-disable-werror.patch new file mode 100644 index 000000000..b8fe8b44c --- /dev/null +++ b/debian/patches/debian/mips-disable-werror.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings +Date: Mon, 13 Sep 2010 02:16:18 +0100 +Subject: [PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild" +Forwarded: not-needed + +This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and +5373633cc9253ba82547473e899cab141c54133e. + +We really don't want to add -Werror anywhere. +--- +--- a/arch/mips/Kbuild ++++ b/arch/mips/Kbuild +@@ -1,10 +1,4 @@ + # SPDX-License-Identifier: GPL-2.0 +-# Fail on warnings - also for files referenced in subdirs +-# -Werror can be disabled for specific files using: +-# CFLAGS_ := -Wno-error +-ifeq ($(W),) +-subdir-ccflags-y := -Werror +-endif + + # platform specific definitions + include arch/mips/Kbuild.platforms diff --git a/debian/patches/debian/mips-ieee754-relaxed.patch b/debian/patches/debian/mips-ieee754-relaxed.patch new file mode 100644 index 000000000..20dff251c --- /dev/null +++ b/debian/patches/debian/mips-ieee754-relaxed.patch @@ -0,0 +1,32 @@ +From: YunQiang Su +Date: Mon 16 Nov 2020 09:11:00 +0800 +Subject: Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only +Forwarded: not-needed + +There are 2 mode of value of IEEE NaN hardcoded by CPU. +Currently, our mipsel/mips64el port is in so-called lagacy mode. +Loongson 3A 4000 is set as the so-called 2008 mode. + +To make Debian workable on Loongson 3A 4000, we need set the kerenl in +RELAXED mode. + +https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking + +diff --git a/arch/mips/kernel/fpu-probe.c b/arch/mips/kernel/fpu-probe.c +index e689d6a83..667226f94 100644 +--- a/arch/mips/kernel/fpu-probe.c ++++ b/arch/mips/kernel/fpu-probe.c +@@ -144,7 +144,12 @@ static void cpu_set_fpu_2008(struct cpuinfo_mips *c) + * IEEE 754 conformance mode to use. Affects the NaN encoding and the + * ABS.fmt/NEG.fmt execution mode. + */ +-static enum { STRICT, LEGACY, STD2008, RELAXED } ieee754 = STRICT; ++enum ieee754_mode { STRICT, LEGACY, STD2008, RELAXED }; ++#ifdef CONFIG_CPU_LOONGSON64 ++static enum ieee754_mode ieee754 = RELAXED; ++#else ++static enum ieee754_mode ieee754 = STRICT; ++#endif + + /* + * Set the IEEE 754 NaN encodings and the ABS.fmt/NEG.fmt execution modes diff --git a/debian/patches/debian/ntfs-mark-it-as-broken.patch b/debian/patches/debian/ntfs-mark-it-as-broken.patch new file mode 100644 index 000000000..207f9751e --- /dev/null +++ b/debian/patches/debian/ntfs-mark-it-as-broken.patch @@ -0,0 +1,22 @@ +From: Ben Hutchings +Date: Thu, 25 Apr 2019 15:31:33 +0100 +Subject: ntfs: mark it as broken + +NTFS has unfixed issues CVE-2018-12929, CVE-2018-12930, and +CVE-2018-12931. ntfs-3g is a better supported alternative. + +Make sure it can't be enabled even in custom kernels. + +--- +Index: debian-kernel/fs/ntfs/Kconfig +=================================================================== +--- debian-kernel.orig/fs/ntfs/Kconfig ++++ debian-kernel/fs/ntfs/Kconfig +@@ -1,6 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0-only + config NTFS_FS + tristate "NTFS file system support" ++ depends on BROKEN + select NLS + help + NTFS is the file system of Microsoft Windows NT, 2000, XP and 2003. diff --git a/debian/patches/debian/overlayfs-permit-mounts-in-userns.patch b/debian/patches/debian/overlayfs-permit-mounts-in-userns.patch new file mode 100644 index 000000000..2cba9b70e --- /dev/null +++ b/debian/patches/debian/overlayfs-permit-mounts-in-userns.patch @@ -0,0 +1,58 @@ +From: Nicolas Schier +Subject: ovl: permit overlayfs mounts in user namespaces (taints kernel) +Date: Mon, 19 Nov 2018 20:36:14 +0100 + +Permit overlayfs mounts within user namespaces to allow utilisation of e.g. +unprivileged LXC overlay snapshots. + +Except by the Ubuntu community [1], overlayfs mounts in user namespaces are +expected to be a security risk [2] and thus are not enabled on upstream +Linux kernels. For the non-Ubuntu users that have to stick to unprivileged +overlay-based LXCs, this meant to patch and compile the kernel manually. +Instead, adding the kernel tainting 'permit_mounts_in_userns' module +parameter allows a kind of a user-friendly way to enable the feature. + +Testable with: + + sudo modprobe overlay permit_mounts_in_userns=1 + sudo sysctl -w kernel.unprivileged_userns_clone=1 + mkdir -p lower upper work mnt + unshare --map-root-user --mount \ + mount -t overlay none mnt \ + -o lowerdir=lower,upperdir=upper,workdir=work + +[1]: Ubuntu allows unprivileged mounting of overlay filesystem +https://lists.ubuntu.com/archives/kernel-team/2014-February/038091.html + +[2]: User namespaces + overlayfs = root privileges +https://lwn.net/Articles/671641/ + +Signed-off-by: Nicolas Schier +[bwh: Forward-ported to 5.6: adjust context] +--- +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -53,6 +53,11 @@ module_param_named(xino_auto, ovl_xino_a + MODULE_PARM_DESC(xino_auto, + "Auto enable xino feature"); + ++static bool ovl_permit_mounts_in_userns; ++module_param_named_unsafe(permit_mounts_in_userns, ovl_permit_mounts_in_userns, ++ bool, 0444); ++MODULE_PARM_DESC(permit_mounts_in_userns, "Permit mounts in user namespaces"); ++ + static void ovl_entry_stack_free(struct ovl_entry *oe) + { + unsigned int i; +@@ -1777,6 +1782,11 @@ static int __init ovl_init(void) + if (ovl_inode_cachep == NULL) + return -ENOMEM; + ++ if (unlikely(ovl_permit_mounts_in_userns)) { ++ pr_warn("overlayfs: Allowing overlay mounts in user namespaces bears security risks\n"); ++ ovl_fs_type.fs_flags |= FS_USERNS_MOUNT; ++ } ++ + err = ovl_aio_request_cache_init(); + if (!err) { + err = register_filesystem(&ovl_fs_type); diff --git a/debian/patches/debian/perf-traceevent-support-asciidoctor-for-documentatio.patch b/debian/patches/debian/perf-traceevent-support-asciidoctor-for-documentatio.patch new file mode 100644 index 000000000..89df33ab0 --- /dev/null +++ b/debian/patches/debian/perf-traceevent-support-asciidoctor-for-documentatio.patch @@ -0,0 +1,54 @@ +From cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001 +From: Bastian Blank +Date: Tue, 4 Aug 2020 09:44:37 +0000 +Subject: [PATCH 2/2] perf/traceevent: Support asciidoctor for documentation +Forwarded: not-needed + +--- + tools/lib/perf/Documentation/Makefile | 2 +- + tools/lib/traceevent/Documentation/Makefile | 2 +- + tools/perf/Documentation/Makefile | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tools/lib/perf/Documentation/Makefile b/tools/lib/perf/Documentation/Makefile +index 972754082a85..272d06173a3e 100644 +--- a/tools/lib/perf/Documentation/Makefile ++++ b/tools/lib/perf/Documentation/Makefile +@@ -35,7 +35,7 @@ htmldir = $(docdir)/html + exdir = $(docdir)/examples + + ASCIIDOC = asciidoc +-ASCIIDOC_EXTRA = --unsafe -f asciidoc.conf ++ASCIIDOC_EXTRA = + ASCIIDOC_HTML = xhtml11 + MANPAGE_XSL = manpage-normal.xsl + XMLTO_EXTRA = +diff --git a/tools/lib/traceevent/Documentation/Makefile b/tools/lib/traceevent/Documentation/Makefile +index aa72ab96c3c1..f3a4ff3b8b0e 100644 +--- a/tools/lib/traceevent/Documentation/Makefile ++++ b/tools/lib/traceevent/Documentation/Makefile +@@ -28,7 +28,7 @@ mandir?=$(prefix)/share/man + man3dir=$(mandir)/man3 + + ASCIIDOC=asciidoc +-ASCIIDOC_EXTRA = --unsafe -f asciidoc.conf ++ASCIIDOC_EXTRA = + ASCIIDOC_HTML = xhtml11 + MANPAGE_XSL = manpage-normal.xsl + XMLTO_EXTRA = +diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile +index 6e54979c2124..7bfa6ae971ab 100644 +--- a/tools/perf/Documentation/Makefile ++++ b/tools/perf/Documentation/Makefile +@@ -48,7 +48,7 @@ man5dir=$(mandir)/man5 + man7dir=$(mandir)/man7 + + ASCIIDOC=asciidoc +-ASCIIDOC_EXTRA += --unsafe -f asciidoc.conf ++ASCIIDOC_EXTRA += + ASCIIDOC_HTML = xhtml11 + MANPAGE_XSL = manpage-normal.xsl + XMLTO_EXTRA = +-- +2.28.0 + diff --git a/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch b/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch new file mode 100644 index 000000000..3343aecac --- /dev/null +++ b/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch @@ -0,0 +1,34 @@ +From: Ben Hutchings +Date: Fri, 19 Nov 2010 02:12:48 +0000 +Subject: [PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +Recent review has revealed several bugs in obscure protocol +implementations that can be exploited by local users for denial of +service or privilege escalation. We can mitigate the effect of any +remaining vulnerabilities in such protocols by preventing unprivileged +users from loading the modules, so that they are only exploitable on +systems where the administrator has chosen to load the protocol. + +The 'rds' protocol is one such protocol that has been found to be +vulnerable, and which was not present in the 'lenny' kernel. +Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings +--- + net/rds/af_rds.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c +index 98e0538..d8d4525 100644 +--- a/net/rds/af_rds.c ++++ b/net/rds/af_rds.c +@@ -574,4 +574,4 @@ MODULE_DESCRIPTION("RDS: Reliable Datagram Sockets" + " v" DRV_VERSION " (" DRV_RELDATE ")"); + MODULE_VERSION(DRV_VERSION); + MODULE_LICENSE("Dual BSD/GPL"); +-MODULE_ALIAS_NETPROTO(PF_RDS); ++/* MODULE_ALIAS_NETPROTO(PF_RDS); */ +-- +1.7.2.3 + diff --git a/debian/patches/debian/sched-autogroup-disabled.patch b/debian/patches/debian/sched-autogroup-disabled.patch new file mode 100644 index 000000000..e9988022e --- /dev/null +++ b/debian/patches/debian/sched-autogroup-disabled.patch @@ -0,0 +1,19 @@ +From: Ben Hutchings +Subject: sched: Do not enable autogrouping by default +Date: Wed, 16 Mar 2011 03:17:06 +0000 +Forwarded: not-needed + +We want to provide the option of autogrouping but without enabling +it by default yet. + +--- a/kernel/sched/autogroup.c ++++ b/kernel/sched/autogroup.c +@@ -5,7 +5,7 @@ + #include + #include "sched.h" + +-unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1; ++unsigned int __read_mostly sysctl_sched_autogroup_enabled = 0; + static struct autogroup autogroup_default; + static atomic_t autogroup_seq_nr; + diff --git a/debian/patches/debian/snd-pcsp-disable-autoload.patch b/debian/patches/debian/snd-pcsp-disable-autoload.patch new file mode 100644 index 000000000..5871dc6ef --- /dev/null +++ b/debian/patches/debian/snd-pcsp-disable-autoload.patch @@ -0,0 +1,30 @@ +From: Ben Hutchings +Date: Wed, 05 Feb 2014 23:01:30 +0000 +Subject: snd-pcsp: Disable autoload +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/697709 + +There are two drivers claiming the platform:pcspkr device: +- pcspkr creates an input(!) device that can only beep +- snd-pcsp creates an equivalent input device plus a PCM device that can + play barely recognisable renditions of sampled sound + +snd-pcsp is blacklisted by the alsa-base package, but not everyone +installs that. On PCs where no sound is wanted at all, both drivers +will still be loaded and one or other will complain that it couldn't +claim the relevant I/O range. + +In case anyone finds snd-pcsp useful, we continue to build it. But +remove the alias, to ensure it's not loaded where it's not wanted. + +--- a/sound/drivers/pcsp/pcsp.c ++++ b/sound/drivers/pcsp/pcsp.c +@@ -21,7 +21,7 @@ MODULE_AUTHOR("Stas Sergeev +Date: Fri, 07 Oct 2011 21:37:52 +0100 +Subject: Install perf scripts non-executable +Forwarded: no + +[bwh: Forward-ported to 4.13] +--- + tools/perf/Makefile.perf | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +--- a/tools/perf/Makefile.perf ++++ b/tools/perf/Makefile.perf +@@ -952,8 +952,8 @@ endif + ifndef NO_LIBPERL + $(call QUIET_INSTALL, perl-scripts) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/Perf-Trace-Util/lib/Perf/Trace'; \ +- $(INSTALL) scripts/perl/Perf-Trace-Util/lib/Perf/Trace/* -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/Perf-Trace-Util/lib/Perf/Trace'; \ +- $(INSTALL) scripts/perl/*.pl -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl'; \ ++ $(INSTALL) -m 644 scripts/perl/Perf-Trace-Util/lib/Perf/Trace/* -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/Perf-Trace-Util/lib/Perf/Trace'; \ ++ $(INSTALL) -m 644 scripts/perl/*.pl -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl'; \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/bin'; \ + $(INSTALL) scripts/perl/bin/* -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/bin' + endif +@@ -967,22 +967,22 @@ ifndef NO_LIBPYTHON + endif + $(call QUIET_INSTALL, perf_completion-script) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d'; \ +- $(INSTALL) perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf_$(VERSION)' ++ $(INSTALL) -m 644 perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf_$(VERSION)' + $(call QUIET_INSTALL, perf-tip) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(tip_instdir_SQ)'; \ +- $(INSTALL) Documentation/tips.txt -t '$(DESTDIR_SQ)$(tip_instdir_SQ)' ++ $(INSTALL) -m 644 Documentation/tips.txt -t '$(DESTDIR_SQ)$(tip_instdir_SQ)' + + install-tests: all install-gtk + $(call QUIET_INSTALL, tests) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \ +- $(INSTALL) tests/attr.py '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \ ++ $(INSTALL) -m 644 tests/attr.py '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \ + $(INSTALL) tests/pe-file.exe* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \ +- $(INSTALL) tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \ ++ $(INSTALL) -m 644 tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \ +- $(INSTALL) tests/shell/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \ ++ $(INSTALL) -m 644 tests/shell/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib'; \ +- $(INSTALL) tests/shell/lib/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib' ++ $(INSTALL) -m 644 tests/shell/lib/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib' + + install-bin: install-tools install-tests install-traceevent-plugins + diff --git a/debian/patches/debian/tools-perf-version.patch b/debian/patches/debian/tools-perf-version.patch new file mode 100644 index 000000000..ccc28833d --- /dev/null +++ b/debian/patches/debian/tools-perf-version.patch @@ -0,0 +1,128 @@ +From: Bastian Blank +Date: Mon, 26 Sep 2011 13:53:12 +0100 +Subject: Create manpages and binaries including the version +Forwarded: no + +[bwh: Fix version insertion in perf man page cross-references and perf +man page title. Install bash_completion script for perf with a +version-dependent name. And do the same for trace.] +--- + tools/perf/Documentation/Makefile | 14 ++++++++------ + tools/perf/Makefile.perf | 16 ++++++++-------- + tools/perf/util/Build | 1 + + tools/perf/util/vdso.c | 4 ++-- + 4 files changed, 19 insertions(+), 16 deletions(-) + +diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile +index 6e54979c2124..db2cb7669da1 100644 +--- a/tools/perf/Documentation/Makefile ++++ b/tools/perf/Documentation/Makefile +@@ -195,14 +195,16 @@ ifdef missing_tools + $(error "You need to install $(missing_tools) for man pages") + endif + +-do-install-man: man ++do-install-man: $(addprefix install-man-,$(_DOC_MAN1)) ++ ++install-man-perf.1: $(OUTPUT)perf.1 ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir) ++ sed -e 's/"PERF"/"PERF_$(VERSION)"/' -e 's/fBperf-/fBperf_$(VERSION)-/g' $^ > $(DESTDIR)$(man1dir)/perf_$(VERSION).1 ++ ++install-man-perf%.1: $(OUTPUT)perf%.1 + $(call QUIET_INSTALL, Documentation-man) \ + $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir); \ +-# $(INSTALL) -d -m 755 $(DESTDIR)$(man5dir); \ +-# $(INSTALL) -d -m 755 $(DESTDIR)$(man7dir); \ +- $(INSTALL) -m 644 $(DOC_MAN1) $(DESTDIR)$(man1dir); \ +-# $(INSTALL) -m 644 $(DOC_MAN5) $(DESTDIR)$(man5dir); \ +-# $(INSTALL) -m 644 $(DOC_MAN7) $(DESTDIR)$(man7dir) ++ sed -e 's/"PERF\\-/"PERF_$(VERSION)\\-/' -e 's/fBperf-/fBperf_$(VERSION)-/g' $^ > $(DESTDIR)$(man1dir)/perf_$(VERSION)$*.1 + + install-man: check-man-tools man do-install-man + +diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf +index 86dbb51bb272..ed69643c3249 100644 +--- a/tools/perf/Makefile.perf ++++ b/tools/perf/Makefile.perf +@@ -888,23 +888,23 @@ endif + install-tools: all install-gtk + $(call QUIET_INSTALL, binaries) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(bindir_SQ)'; \ +- $(INSTALL) $(OUTPUT)perf '$(DESTDIR_SQ)$(bindir_SQ)'; \ +- $(LN) '$(DESTDIR_SQ)$(bindir_SQ)/perf' '$(DESTDIR_SQ)$(bindir_SQ)/trace' ++ $(INSTALL) $(OUTPUT)perf '$(DESTDIR_SQ)$(bindir_SQ)/perf_$(VERSION)'; \ ++ $(LN) '$(DESTDIR_SQ)$(bindir_SQ)/perf_$(VERSION)' '$(DESTDIR_SQ)$(bindir_SQ)/trace_$(VERSION)' ++ $(call QUIET_INSTALL, libexec) \ ++ $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)' + ifndef NO_PERF_READ_VDSO32 + $(call QUIET_INSTALL, perf-read-vdso32) \ +- $(INSTALL) $(OUTPUT)perf-read-vdso32 '$(DESTDIR_SQ)$(bindir_SQ)'; ++ $(INSTALL) $(OUTPUT)perf-read-vdso32 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)'; + endif + ifndef NO_PERF_READ_VDSOX32 + $(call QUIET_INSTALL, perf-read-vdsox32) \ +- $(INSTALL) $(OUTPUT)perf-read-vdsox32 '$(DESTDIR_SQ)$(bindir_SQ)'; ++ $(INSTALL) $(OUTPUT)perf-read-vdsox32 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)'; + endif + ifndef NO_JVMTI + $(call QUIET_INSTALL, $(LIBJVMTI)) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(libdir_SQ)'; \ + $(INSTALL) $(OUTPUT)$(LIBJVMTI) '$(DESTDIR_SQ)$(libdir_SQ)'; + endif +- $(call QUIET_INSTALL, libexec) \ +- $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)' + ifndef NO_LIBBPF + $(call QUIET_INSTALL, bpf-headers) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perf_include_instdir_SQ)/bpf'; \ +@@ -942,7 +942,7 @@ ifndef NO_LIBPYTHON + endif + $(call QUIET_INSTALL, perf_completion-script) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d'; \ +- $(INSTALL) perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf' ++ $(INSTALL) perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf_$(VERSION)' + $(call QUIET_INSTALL, perf-tip) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(tip_instdir_SQ)'; \ + $(INSTALL) Documentation/tips.txt -t '$(DESTDIR_SQ)$(tip_instdir_SQ)' +@@ -967,7 +967,7 @@ install-python_ext: + + # 'make install-doc' should call 'make -C Documentation install' + $(INSTALL_DOC_TARGETS): +- $(Q)$(MAKE) -C $(DOC_DIR) O=$(OUTPUT) $(@:-doc=) ASCIIDOC_EXTRA=$(ASCIIDOC_EXTRA) ++ $(Q)$(MAKE) -C $(DOC_DIR) O=$(OUTPUT) $(@:-doc=) ASCIIDOC_EXTRA=$(ASCIIDOC_EXTRA) VERSION=$(VERSION) + + ### Cleaning rules + +diff --git a/tools/perf/util/Build b/tools/perf/util/Build +index 8d18380ecd10..5dd0f6c387b3 100644 +--- a/tools/perf/util/Build ++++ b/tools/perf/util/Build +@@ -234,6 +234,7 @@ CFLAGS_hweight.o += -Wno-unused-parameter -DETC_PERFCONFIG="BUILD_STR($(ET + CFLAGS_parse-events.o += -Wno-redundant-decls + CFLAGS_expr.o += -Wno-redundant-decls + CFLAGS_header.o += -include $(OUTPUT)PERF-VERSION-FILE ++CFLAGS_vdso.o += -DPERFEXECDIR='"$(perfexec_instdir_SQ)"' + + $(OUTPUT)util/kallsyms.o: ../lib/symbol/kallsyms.c FORCE + $(call rule_mkdir) +diff --git a/tools/perf/util/vdso.c b/tools/perf/util/vdso.c +index 3cc91ad048ea..e7483388bb5d 100644 +--- a/tools/perf/util/vdso.c ++++ b/tools/perf/util/vdso.c +@@ -55,12 +55,12 @@ static struct vdso_info *vdso_info__new(void) + .vdso32 = { + .temp_file_name = VDSO__TEMP_FILE_NAME, + .dso_name = DSO__NAME_VDSO32, +- .read_prog = "perf-read-vdso32", ++ .read_prog = PERFEXECDIR "/perf-read-vdso32", + }, + .vdsox32 = { + .temp_file_name = VDSO__TEMP_FILE_NAME, + .dso_name = DSO__NAME_VDSOX32, +- .read_prog = "perf-read-vdsox32", ++ .read_prog = PERFEXECDIR "/perf-read-vdsox32", + }, + #endif + }; +-- +2.27.0 + diff --git a/debian/patches/debian/uname-version-timestamp.patch b/debian/patches/debian/uname-version-timestamp.patch new file mode 100644 index 000000000..5cd565c1e --- /dev/null +++ b/debian/patches/debian/uname-version-timestamp.patch @@ -0,0 +1,33 @@ +From: Ben Hutchings +Subject: Make mkcompile_h accept an alternate timestamp string +Date: Tue, 12 May 2015 19:29:22 +0100 +Forwarded: not-needed + +We want to include the Debian version in the utsname::version string +instead of a full timestamp string. However, we still need to provide +a standard timestamp string for gen_initramfs_list.sh to make the +kernel image reproducible. + +Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to +$KBUILD_BUILD_TIMESTAMP. + +--- a/scripts/mkcompile_h ++++ b/scripts/mkcompile_h +@@ -37,10 +37,14 @@ else + VERSION=$KBUILD_BUILD_VERSION + fi + +-if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then +- TIMESTAMP=`date` ++if [ -z "$KBUILD_BUILD_VERSION_TIMESTAMP" ]; then ++ if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then ++ TIMESTAMP=`date` ++ else ++ TIMESTAMP=$KBUILD_BUILD_TIMESTAMP ++ fi + else +- TIMESTAMP=$KBUILD_BUILD_TIMESTAMP ++ TIMESTAMP=$KBUILD_BUILD_VERSION_TIMESTAMP + fi + if test -z "$KBUILD_BUILD_USER"; then + LINUX_COMPILE_BY=$(whoami | sed 's/\\/\\\\/') diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch new file mode 100644 index 000000000..542dc53d9 --- /dev/null +++ b/debian/patches/debian/version.patch @@ -0,0 +1,172 @@ +From: Ben Hutchings +Subject: Include package version along with kernel release in stack traces +Date: Tue, 24 Jul 2012 03:13:10 +0100 +Forwarded: not-needed + +For distribution binary packages we assume +$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION +are set. +--- + Makefile | 15 ++++++++++++++- + arch/ia64/kernel/process.c | 5 +++-- + arch/powerpc/kernel/process.c | 6 ++++-- + arch/x86/um/sysrq_64.c | 6 ++++-- + kernel/hung_task.c | 6 ++++-- + lib/dump_stack.c | 6 ++++-- + 6 files changed, 33 insertions(+), 11 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -1195,7 +1195,7 @@ PHONY += prepare archprepare + + archprepare: outputmakefile archheaders archscripts scripts include/config/kernel.release \ + asm-generic $(version_h) $(autoksyms_h) include/generated/utsrelease.h \ +- include/generated/autoconf.h ++ include/generated/autoconf.h include/generated/package.h + + prepare0: archprepare + $(Q)$(MAKE) $(build)=scripts/mod +@@ -1258,6 +1258,16 @@ define filechk_version.h + ((c) > 255 ? 255 : (c)))' + endef + ++ifneq ($(DISTRIBUTION_OFFICIAL_BUILD),) ++define filechk_package.h ++ echo \#define LINUX_PACKAGE_ID \" $(DISTRIBUTOR) $(DISTRIBUTION_VERSION)\" ++endef ++else ++define filechk_package.h ++ echo \#define LINUX_PACKAGE_ID \"\" ++endef ++endif ++ + $(version_h): PATCHLEVEL := $(if $(PATCHLEVEL), $(PATCHLEVEL), 0) + $(version_h): SUBLEVEL := $(if $(SUBLEVEL), $(SUBLEVEL), 0) + $(version_h): FORCE +@@ -1267,6 +1277,9 @@ $(version_h): FORCE + include/generated/utsrelease.h: include/config/kernel.release FORCE + $(call filechk,utsrelease.h) + ++include/generated/package.h: $(srctree)/Makefile FORCE ++ $(call filechk,package.h) ++ + PHONY += headerdep + headerdep: + $(Q)find $(srctree)/include/ -name '*.h' | xargs --max-args 1 \ +--- a/arch/ia64/kernel/process.c ++++ b/arch/ia64/kernel/process.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -101,9 +102,9 @@ show_regs (struct pt_regs *regs) + print_modules(); + printk("\n"); + show_regs_print_info(KERN_DEFAULT); +- printk("psr : %016lx ifs : %016lx ip : [<%016lx>] %s (%s)\n", ++ printk("psr : %016lx ifs : %016lx ip : [<%016lx>] %s (%s%s)\n", + regs->cr_ipsr, regs->cr_ifs, ip, print_tainted(), +- init_utsname()->release); ++ init_utsname()->release, LINUX_PACKAGE_ID); + printk("ip is at %pS\n", (void *)ip); + printk("unat: %016lx pfs : %016lx rsc : %016lx\n", + regs->ar_unat, regs->ar_pfs, regs->ar_rsc); +--- a/arch/powerpc/kernel/process.c ++++ b/arch/powerpc/kernel/process.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -1474,8 +1475,9 @@ void show_regs(struct pt_regs * regs) + + printk("NIP: "REG" LR: "REG" CTR: "REG"\n", + regs->nip, regs->link, regs->ctr); +- printk("REGS: %px TRAP: %04lx %s (%s)\n", +- regs, regs->trap, print_tainted(), init_utsname()->release); ++ printk("REGS: %px TRAP: %04lx %s (%s%s)\n", ++ regs, regs->trap, print_tainted(), init_utsname()->release, ++ LINUX_PACKAGE_ID); + printk("MSR: "REG" ", regs->msr); + print_msr_bits(regs->msr); + pr_cont(" CR: %08lx XER: %08lx\n", regs->ccr, regs->xer); +--- a/arch/x86/um/sysrq_64.c ++++ b/arch/x86/um/sysrq_64.c +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -17,8 +18,9 @@ void show_regs(struct pt_regs *regs) + { + printk("\n"); + print_modules(); +- printk(KERN_INFO "Pid: %d, comm: %.20s %s %s\n", task_pid_nr(current), +- current->comm, print_tainted(), init_utsname()->release); ++ printk(KERN_INFO "Pid: %d, comm: %.20s %s %s%s\n", task_pid_nr(current), ++ current->comm, print_tainted(), init_utsname()->release, ++ LINUX_PACKAGE_ID); + printk(KERN_INFO "RIP: %04lx:[<%016lx>]\n", PT_REGS_CS(regs) & 0xffff, + PT_REGS_IP(regs)); + printk(KERN_INFO "RSP: %016lx EFLAGS: %08lx\n", PT_REGS_SP(regs), +--- a/kernel/hung_task.c ++++ b/kernel/hung_task.c +@@ -23,6 +23,7 @@ + #include + + #include ++#include + + /* + * The number of tasks checked: +@@ -128,10 +129,11 @@ static void check_hung_task(struct task_ + sysctl_hung_task_warnings--; + pr_err("INFO: task %s:%d blocked for more than %ld seconds.\n", + t->comm, t->pid, (jiffies - t->last_switch_time) / HZ); +- pr_err(" %s %s %.*s\n", ++ pr_err(" %s %s %.*s%s\n", + print_tainted(), init_utsname()->release, + (int)strcspn(init_utsname()->version, " "), +- init_utsname()->version); ++ init_utsname()->version, ++ LINUX_PACKAGE_ID); + pr_err("\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\"" + " disables this message.\n"); + sched_show_task(t); +--- a/lib/dump_stack.c ++++ b/lib/dump_stack.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + + static char dump_stack_arch_desc_str[128]; + +@@ -44,13 +45,14 @@ void __init dump_stack_set_arch_desc(con + */ + void dump_stack_print_info(const char *log_lvl) + { +- printk("%sCPU: %d PID: %d Comm: %.20s %s%s %s %.*s\n", ++ printk("%sCPU: %d PID: %d Comm: %.20s %s%s %s %.*s%s\n", + log_lvl, raw_smp_processor_id(), current->pid, current->comm, + kexec_crash_loaded() ? "Kdump: loaded " : "", + print_tainted(), + init_utsname()->release, + (int)strcspn(init_utsname()->version, " "), +- init_utsname()->version); ++ init_utsname()->version, ++ LINUX_PACKAGE_ID); + + if (dump_stack_arch_desc_str[0] != '\0') + printk("%sHardware name: %s\n", diff --git a/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch b/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch new file mode 100644 index 000000000..edbf8657f --- /dev/null +++ b/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch @@ -0,0 +1,1452 @@ +From: Ben Hutchings +Date: Fri, 13 Apr 2018 20:10:28 +0100 +Subject: wireless: Add Debian wireless-regdb certificates +Forwarded: not-needed + +This hex dump is generated using: + +{ + for cert in debian/certs/wireless-regdb-*.pem; do + openssl x509 -in $cert -outform der; + done +} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex +--- + net/wireless/certs/debian.hex | 1426 +++++++++++++++++++++++++++++++++ + 1 file changed, 1426 insertions(+) + create mode 100644 net/wireless/certs/debian.hex + +diff --git a/net/wireless/certs/debian.hex b/net/wireless/certs/debian.hex +new file mode 100644 +index 000000000000..c5ab03f8c500 +--- /dev/null ++++ b/net/wireless/certs/debian.hex +@@ -0,0 +1,1426 @@ ++0x30, ++0x82, ++0x02, ++0xbd, ++0x30, ++0x82, ++0x01, ++0xa5, ++0x02, ++0x14, ++0x57, ++0x7e, ++0x02, ++0x1c, ++0xb9, ++0x80, ++0xe0, ++0xe8, ++0x20, ++0x82, ++0x1b, ++0xa7, ++0xb5, ++0x4b, ++0x49, ++0x61, ++0xb8, ++0xb4, ++0xfa, ++0xdf, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x30, ++0x1a, ++0x31, ++0x18, ++0x30, ++0x16, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x0f, ++0x62, ++0x65, ++0x6e, ++0x68, ++0x40, ++0x64, ++0x65, ++0x62, ++0x69, ++0x61, ++0x6e, ++0x2e, ++0x6f, ++0x72, ++0x67, ++0x30, ++0x20, ++0x17, ++0x0d, ++0x32, ++0x30, ++0x30, ++0x31, ++0x33, ++0x30, ++0x31, ++0x33, ++0x32, ++0x36, ++0x31, ++0x33, ++0x5a, ++0x18, ++0x0f, ++0x32, ++0x31, ++0x32, ++0x30, ++0x30, ++0x31, ++0x30, ++0x36, ++0x31, ++0x33, ++0x32, ++0x36, ++0x31, ++0x33, ++0x5a, ++0x30, ++0x1a, ++0x31, ++0x18, ++0x30, ++0x16, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x0f, ++0x62, ++0x65, ++0x6e, ++0x68, ++0x40, ++0x64, ++0x65, ++0x62, ++0x69, ++0x61, ++0x6e, ++0x2e, ++0x6f, ++0x72, ++0x67, ++0x30, ++0x82, ++0x01, ++0x22, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x01, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x0f, ++0x00, ++0x30, ++0x82, ++0x01, ++0x0a, ++0x02, ++0x82, ++0x01, ++0x01, ++0x00, ++0x9d, ++0xe1, ++0x77, ++0xa0, ++0x24, ++0xa0, ++0xd5, ++0x79, ++0x65, ++0x3a, ++0x07, ++0x90, ++0xc9, ++0xf6, ++0xa5, ++0xa6, ++0x1f, ++0x84, ++0x1c, ++0x23, ++0x07, ++0x4b, ++0x4f, ++0xa5, ++0x03, ++0xc6, ++0x0f, ++0xf7, ++0x54, ++0xd5, ++0x8b, ++0x7e, ++0x79, ++0x81, ++0x00, ++0xd2, ++0xe9, ++0x3d, ++0xf4, ++0x97, ++0xfe, ++0x84, ++0xcd, ++0x55, ++0xbd, ++0xc9, ++0x8f, ++0x21, ++0x57, ++0x88, ++0x06, ++0x39, ++0x90, ++0x66, ++0x41, ++0x26, ++0x79, ++0x2c, ++0xca, ++0x3f, ++0x95, ++0x87, ++0x01, ++0x11, ++0x2f, ++0x2f, ++0xb0, ++0xe1, ++0x0b, ++0x43, ++0xfc, ++0x5f, ++0x2f, ++0x4f, ++0x67, ++0x04, ++0xdb, ++0x4d, ++0xb7, ++0x72, ++0x4d, ++0xd1, ++0xc5, ++0x76, ++0x73, ++0x4d, ++0x91, ++0x69, ++0xb0, ++0x71, ++0x17, ++0x36, ++0xea, ++0xab, ++0x0a, ++0x3a, ++0xcd, ++0x95, ++0x9b, ++0x76, ++0x1b, ++0x8e, ++0x21, ++0x17, ++0x8f, ++0xc5, ++0x02, ++0xbf, ++0x24, ++0xc7, ++0xc0, ++0x40, ++0xb1, ++0x3b, ++0xc4, ++0x80, ++0x7c, ++0x71, ++0xa5, ++0x51, ++0xdc, ++0xf7, ++0x3a, ++0x58, ++0x7f, ++0xb1, ++0x07, ++0x81, ++0x8a, ++0x10, ++0xd1, ++0xf6, ++0x93, ++0x17, ++0x71, ++0xe0, ++0xfa, ++0x51, ++0x79, ++0x15, ++0xd4, ++0xd7, ++0x8f, ++0xad, ++0xbd, ++0x6f, ++0x38, ++0xe1, ++0x26, ++0x7d, ++0xbc, ++0xf0, ++0x3e, ++0x80, ++0x89, ++0xb4, ++0xec, ++0x8e, ++0x69, ++0x90, ++0xdb, ++0x97, ++0x8a, ++0xf0, ++0x23, ++0x23, ++0x83, ++0x82, ++0x3b, ++0x6a, ++0xb1, ++0xac, ++0xeb, ++0xe7, ++0x99, ++0x74, ++0x2a, ++0x35, ++0x8e, ++0xa9, ++0x64, ++0xfd, ++0x46, ++0x9e, ++0xe8, ++0xe5, ++0x48, ++0x61, ++0x31, ++0x6e, ++0xe6, ++0xfc, ++0x19, ++0x18, ++0x54, ++0xc3, ++0x1b, ++0x4f, ++0xd6, ++0x00, ++0x44, ++0x87, ++0x1c, ++0x37, ++0x45, ++0xea, ++0xf5, ++0xc9, ++0xcb, ++0x0f, ++0x0c, ++0x55, ++0xec, ++0xcf, ++0x6a, ++0xc2, ++0x45, ++0x26, ++0x23, ++0xa2, ++0x31, ++0x52, ++0x4d, ++0xee, ++0x21, ++0x7d, ++0xfd, ++0x58, ++0x72, ++0xc2, ++0x28, ++0xc5, ++0x8e, ++0xa9, ++0xd0, ++0xee, ++0x01, ++0x77, ++0x08, ++0xa5, ++0xf0, ++0x22, ++0x2b, ++0x47, ++0x79, ++0x2b, ++0xcf, ++0x9a, ++0x46, ++0xb5, ++0x8f, ++0xfd, ++0x64, ++0xa2, ++0xb5, ++0xed, ++0x02, ++0x03, ++0x01, ++0x00, ++0x01, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x01, ++0x00, ++0x20, ++0x44, ++0xfe, ++0xa9, ++0x9e, ++0xdd, ++0x9b, ++0xea, ++0xce, ++0x25, ++0x75, ++0x08, ++0xf0, ++0x2b, ++0x53, ++0xf7, ++0x5a, ++0x36, ++0x1c, ++0x4a, ++0x23, ++0x7f, ++0xd0, ++0x41, ++0x3c, ++0x12, ++0x2b, ++0xb9, ++0x80, ++0x4e, ++0x8a, ++0x15, ++0x5d, ++0x1f, ++0x40, ++0xa7, ++0x26, ++0x28, ++0x32, ++0xc3, ++0x5b, ++0x06, ++0x28, ++0x2d, ++0x3d, ++0x08, ++0x09, ++0x1e, ++0x01, ++0xe9, ++0x67, ++0xe3, ++0x33, ++0xe6, ++0x15, ++0x45, ++0x39, ++0xee, ++0x17, ++0x83, ++0xdb, ++0x42, ++0xff, ++0x7f, ++0x35, ++0xf4, ++0xac, ++0x16, ++0xdb, ++0xba, ++0xb8, ++0x1a, ++0x20, ++0x21, ++0x41, ++0xff, ++0xf3, ++0x92, ++0xff, ++0x65, ++0x6e, ++0x29, ++0x16, ++0xd0, ++0xbf, ++0x8d, ++0xdf, ++0x48, ++0x2c, ++0x73, ++0x36, ++0x7f, ++0x22, ++0xe6, ++0xee, ++0x78, ++0xb4, ++0x63, ++0x83, ++0x0e, ++0x39, ++0xeb, ++0xaf, ++0x10, ++0x2a, ++0x90, ++0xd3, ++0xfc, ++0xe6, ++0xc3, ++0x8f, ++0x97, ++0x5b, ++0x76, ++0xbf, ++0x9b, ++0xf5, ++0x98, ++0xd2, ++0x53, ++0x06, ++0x8b, ++0xf8, ++0xa4, ++0x04, ++0x9b, ++0x1b, ++0x62, ++0x6a, ++0x9d, ++0xac, ++0xe6, ++0x4b, ++0x0d, ++0xc9, ++0xd7, ++0x56, ++0x63, ++0x15, ++0x01, ++0x38, ++0x8c, ++0xbe, ++0xf1, ++0x44, ++0xc4, ++0x38, ++0x27, ++0xe0, ++0xcf, ++0x72, ++0xd6, ++0x3d, ++0xe4, ++0xf7, ++0x4b, ++0x3b, ++0xd2, ++0xb1, ++0x0c, ++0xd5, ++0x83, ++0x6d, ++0x1e, ++0x10, ++0x04, ++0x69, ++0x29, ++0x88, ++0x69, ++0xe0, ++0x7d, ++0xd7, ++0xdb, ++0xb4, ++0x59, ++0x72, ++0x8d, ++0x9d, ++0x3c, ++0x43, ++0xaf, ++0xc6, ++0x7d, ++0xb7, ++0x21, ++0x15, ++0x52, ++0x8a, ++0xe9, ++0x9b, ++0x6b, ++0x2e, ++0xe8, ++0x27, ++0x3c, ++0x3f, ++0x2d, ++0x84, ++0xfb, ++0x9a, ++0x22, ++0x0a, ++0x9f, ++0x6a, ++0x25, ++0xe6, ++0x39, ++0xe4, ++0x74, ++0x73, ++0xb6, ++0x2a, ++0x70, ++0xaa, ++0x1d, ++0xcb, ++0xcc, ++0xd4, ++0xa0, ++0x1b, ++0x26, ++0x71, ++0x63, ++0x04, ++0xc5, ++0x12, ++0x21, ++0x48, ++0xba, ++0x92, ++0x27, ++0x06, ++0xa8, ++0x3e, ++0x6d, ++0xa1, ++0x43, ++0xa5, ++0xd2, ++0x2a, ++0xf7, ++0xca, ++0xc4, ++0x26, ++0xe8, ++0x5b, ++0x1f, ++0xe4, ++0xdc, ++0x89, ++0xdc, ++0x1f, ++0x04, ++0x79, ++0x3f, ++0x30, ++0x82, ++0x02, ++0xcd, ++0x30, ++0x82, ++0x01, ++0xb5, ++0x02, ++0x14, ++0x3a, ++0xbb, ++0xc6, ++0xec, ++0x14, ++0x6e, ++0x09, ++0xd1, ++0xb6, ++0x01, ++0x6a, ++0xb9, ++0xd6, ++0xcf, ++0x71, ++0xdd, ++0x23, ++0x3f, ++0x03, ++0x28, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x30, ++0x22, ++0x31, ++0x20, ++0x30, ++0x1e, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x17, ++0x72, ++0x6f, ++0x6d, ++0x61, ++0x69, ++0x6e, ++0x2e, ++0x70, ++0x65, ++0x72, ++0x69, ++0x65, ++0x72, ++0x40, ++0x67, ++0x6d, ++0x61, ++0x69, ++0x6c, ++0x2e, ++0x63, ++0x6f, ++0x6d, ++0x30, ++0x20, ++0x17, ++0x0d, ++0x32, ++0x30, ++0x30, ++0x32, ++0x32, ++0x34, ++0x31, ++0x39, ++0x30, ++0x31, ++0x34, ++0x34, ++0x5a, ++0x18, ++0x0f, ++0x32, ++0x31, ++0x32, ++0x30, ++0x30, ++0x31, ++0x33, ++0x31, ++0x31, ++0x39, ++0x30, ++0x31, ++0x34, ++0x34, ++0x5a, ++0x30, ++0x22, ++0x31, ++0x20, ++0x30, ++0x1e, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x17, ++0x72, ++0x6f, ++0x6d, ++0x61, ++0x69, ++0x6e, ++0x2e, ++0x70, ++0x65, ++0x72, ++0x69, ++0x65, ++0x72, ++0x40, ++0x67, ++0x6d, ++0x61, ++0x69, ++0x6c, ++0x2e, ++0x63, ++0x6f, ++0x6d, ++0x30, ++0x82, ++0x01, ++0x22, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x01, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x0f, ++0x00, ++0x30, ++0x82, ++0x01, ++0x0a, ++0x02, ++0x82, ++0x01, ++0x01, ++0x00, ++0xf0, ++0xb8, ++0x4f, ++0x3f, ++0x70, ++0x78, ++0xf8, ++0x74, ++0x45, ++0xa2, ++0x28, ++0xaf, ++0x04, ++0x75, ++0x04, ++0xa3, ++0xf3, ++0xa7, ++0xc7, ++0x04, ++0xac, ++0xb6, ++0xe1, ++0xfc, ++0xe1, ++0xc0, ++0x3d, ++0xe0, ++0x26, ++0x90, ++0x8a, ++0x45, ++0x60, ++0xc4, ++0x75, ++0xf3, ++0x1a, ++0x33, ++0x37, ++0x56, ++0x7d, ++0x30, ++0x07, ++0x75, ++0x0e, ++0xa6, ++0x79, ++0x06, ++0x95, ++0x9d, ++0x17, ++0x3c, ++0x09, ++0xa9, ++0x7f, ++0xab, ++0x95, ++0x5d, ++0xed, ++0xe0, ++0x75, ++0x26, ++0x2f, ++0x65, ++0x65, ++0xcd, ++0x61, ++0xb1, ++0x33, ++0x27, ++0x67, ++0x41, ++0xa1, ++0x01, ++0x13, ++0xe9, ++0x13, ++0x6a, ++0x6d, ++0x4e, ++0x98, ++0xe1, ++0x9e, ++0x7b, ++0x0b, ++0x5b, ++0x44, ++0xef, ++0x68, ++0x5a, ++0x6f, ++0x7d, ++0x97, ++0xa1, ++0x33, ++0x22, ++0x97, ++0x12, ++0x21, ++0x09, ++0x8f, ++0x90, ++0xe0, ++0x25, ++0x94, ++0xdd, ++0x8a, ++0x3a, ++0xf7, ++0x4a, ++0x60, ++0x04, ++0x26, ++0x6d, ++0x00, ++0x82, ++0xe4, ++0xcf, ++0x64, ++0x1c, ++0x79, ++0x15, ++0x24, ++0xf2, ++0x42, ++0x86, ++0xf5, ++0x10, ++0x86, ++0xac, ++0x20, ++0x88, ++0x90, ++0x87, ++0xdf, ++0x8c, ++0x37, ++0x7c, ++0xbf, ++0x35, ++0xd5, ++0x6f, ++0x9f, ++0x77, ++0xc3, ++0xcd, ++0x69, ++0x25, ++0x06, ++0xc2, ++0x65, ++0x51, ++0x71, ++0x89, ++0x7f, ++0x6e, ++0x4d, ++0xe5, ++0xd5, ++0x8a, ++0x36, ++0x1a, ++0xad, ++0xc1, ++0x18, ++0xd6, ++0x14, ++0x42, ++0x87, ++0xf0, ++0x93, ++0x83, ++0xf1, ++0x99, ++0x74, ++0xc4, ++0x13, ++0xaa, ++0x3b, ++0x66, ++0x85, ++0x6f, ++0xe0, ++0xbc, ++0x5f, ++0xb6, ++0x40, ++0xa6, ++0x41, ++0x06, ++0x0a, ++0xba, ++0x0e, ++0xe9, ++0x32, ++0x44, ++0x10, ++0x39, ++0x53, ++0xcd, ++0xbf, ++0xf3, ++0xd3, ++0x26, ++0xf6, ++0xb6, ++0x2b, ++0x40, ++0x2e, ++0xb9, ++0x88, ++0xc1, ++0xf4, ++0xe3, ++0xa0, ++0x28, ++0x77, ++0x4f, ++0xba, ++0xa8, ++0xca, ++0x9c, ++0x05, ++0xba, ++0x88, ++0x96, ++0x99, ++0x54, ++0x89, ++0xa2, ++0x8d, ++0xf3, ++0x73, ++0xa1, ++0x8c, ++0x4a, ++0xa8, ++0x71, ++0xee, ++0x2e, ++0xd2, ++0x83, ++0x14, ++0x48, ++0xbd, ++0x98, ++0xc6, ++0xce, ++0xdc, ++0xa8, ++0xa3, ++0x97, ++0x2e, ++0x40, ++0x16, ++0x2f, ++0x02, ++0x03, ++0x01, ++0x00, ++0x01, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x01, ++0x00, ++0x76, ++0x5d, ++0x03, ++0x3d, ++0xb6, ++0x96, ++0x00, ++0x1b, ++0x6e, ++0x0c, ++0xdd, ++0xbb, ++0xc8, ++0xdf, ++0xbc, ++0xeb, ++0x6c, ++0x01, ++0x40, ++0x1a, ++0x2b, ++0x07, ++0x60, ++0xa1, ++0x1a, ++0xe1, ++0x43, ++0x57, ++0xfa, ++0xbe, ++0xde, ++0xbb, ++0x8f, ++0x73, ++0xf3, ++0x92, ++0xa2, ++0xaa, ++0x83, ++0x01, ++0xc1, ++0x17, ++0xe4, ++0x9d, ++0x09, ++0x41, ++0xe0, ++0x32, ++0x33, ++0x97, ++0x4b, ++0xf2, ++0xdc, ++0x0f, ++0x8b, ++0xa8, ++0xb8, ++0x5a, ++0x04, ++0x86, ++0xf6, ++0x71, ++0xa1, ++0x97, ++0xd0, ++0x54, ++0x56, ++0x10, ++0x8e, ++0x54, ++0x99, ++0x0d, ++0x2a, ++0xa9, ++0xaf, ++0x1b, ++0x55, ++0x59, ++0x06, ++0x2b, ++0xa4, ++0x5f, ++0xb1, ++0x54, ++0xa6, ++0xec, ++0xc7, ++0xd6, ++0x43, ++0xee, ++0x86, ++0x2c, ++0x9b, ++0x18, ++0x9d, ++0x8f, ++0x00, ++0x82, ++0xc1, ++0x88, ++0x61, ++0x16, ++0x85, ++0x3c, ++0x17, ++0x56, ++0xfe, ++0x6a, ++0xa0, ++0x7a, ++0x68, ++0xc5, ++0x7b, ++0x3d, ++0x3c, ++0xb6, ++0x13, ++0x18, ++0x99, ++0x6d, ++0x74, ++0x65, ++0x13, ++0x67, ++0xb7, ++0xfc, ++0x5a, ++0x44, ++0x48, ++0x72, ++0xa0, ++0x73, ++0xb8, ++0xff, ++0x02, ++0x9d, ++0x7c, ++0x5b, ++0xf9, ++0x7c, ++0x75, ++0x0a, ++0x3c, ++0x81, ++0x80, ++0x3c, ++0x41, ++0xf2, ++0xd5, ++0xfa, ++0x3d, ++0x1f, ++0xe3, ++0xda, ++0x8c, ++0xa5, ++0x17, ++0x1f, ++0x53, ++0x1a, ++0x75, ++0xad, ++0x4e, ++0x11, ++0x1c, ++0x07, ++0xec, ++0x0a, ++0x69, ++0xfd, ++0x33, ++0xfa, ++0x32, ++0x7e, ++0x66, ++0xf5, ++0x29, ++0xe8, ++0x4d, ++0x8a, ++0xfa, ++0x0d, ++0x4b, ++0x68, ++0xc3, ++0x95, ++0x11, ++0xba, ++0x6f, ++0x1e, ++0x07, ++0x8c, ++0x85, ++0xc7, ++0xc7, ++0xc9, ++0xc1, ++0x30, ++0xa3, ++0x70, ++0xb0, ++0xa1, ++0xe0, ++0xd5, ++0x85, ++0x15, ++0x94, ++0x77, ++0xc1, ++0x1c, ++0x91, ++0xf1, ++0x5f, ++0x50, ++0xcd, ++0x2c, ++0x57, ++0x4b, ++0x22, ++0x4f, ++0xee, ++0x95, ++0xd7, ++0xa7, ++0xa4, ++0x59, ++0x62, ++0xae, ++0xb9, ++0xbf, ++0xd7, ++0x63, ++0x5a, ++0x04, ++0xfc, ++0x24, ++0x11, ++0xae, ++0x34, ++0x4b, ++0xf4, ++0x0c, ++0x9f, ++0x0b, ++0x59, ++0x7d, ++0x27, ++0x39, ++0x54, ++0x69, ++0x4f, ++0xfd, ++0x6e, ++0x44, ++0x9f, ++0x21, +-- +2.25.1 + diff --git a/debian/patches/debian/yama-disable-by-default.patch b/debian/patches/debian/yama-disable-by-default.patch new file mode 100644 index 000000000..c33ac0c9d --- /dev/null +++ b/debian/patches/debian/yama-disable-by-default.patch @@ -0,0 +1,32 @@ +From: Ben Hutchings +Subject: yama: Disable by default +Date: Wed, 19 Jun 2013 04:35:28 +0100 +Bug-Debian: https://bugs.debian.org/712740 +Forwarded: not-needed + +--- + security/yama/yama_lsm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c +index efac68556b45..95ff3e778a17 100644 +--- a/security/yama/yama_lsm.c ++++ b/security/yama/yama_lsm.c +@@ -28,7 +28,7 @@ + #define YAMA_SCOPE_CAPABILITY 2 + #define YAMA_SCOPE_NO_ATTACH 3 + +-static int ptrace_scope = YAMA_SCOPE_RELATIONAL; ++static int ptrace_scope = YAMA_SCOPE_DISABLED; + + /* describe a ptrace relationship for potential exception */ + struct ptrace_relation { +@@ -481,7 +481,7 @@ static inline void yama_init_sysctl(void) { } + + static int __init yama_init(void) + { +- pr_info("Yama: becoming mindful.\n"); ++ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + yama_init_sysctl(); + return 0; diff --git a/debian/patches/features/all/aufs5/aufs5-base.patch b/debian/patches/features/all/aufs5/aufs5-base.patch new file mode 100644 index 000000000..60f24b56b --- /dev/null +++ b/debian/patches/features/all/aufs5/aufs5-base.patch @@ -0,0 +1,332 @@ +From: J. R. Okajima +Date: Tue Apr 7 22:14:47 2020 +0900 +Subject: aufs5.6 base patch +Origin: https://github.com/sfjro/aufs5-standalone/tree/7c07d9737e9de058981f020d66ac0d4407a80899 +Bug-Debian: https://bugs.debian.org/541828 + +Patch headers added by debian/bin/genpatch-aufs + +SPDX-License-Identifier: GPL-2.0 +aufs5.6 base patch + +diff --git a/MAINTAINERS b/MAINTAINERS +index b4a43a9e7fbc..32f7c8c48001 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -2984,6 +2984,19 @@ F: include/linux/audit.h + F: include/uapi/linux/audit.h + F: kernel/audit* + ++AUFS (advanced multi layered unification filesystem) FILESYSTEM ++M: "J. R. Okajima" ++L: aufs-users@lists.sourceforge.net (members only) ++L: linux-unionfs@vger.kernel.org ++W: http://aufs.sourceforge.net ++T: git://github.com/sfjro/aufs4-linux.git ++S: Supported ++F: Documentation/filesystems/aufs/ ++F: Documentation/ABI/testing/debugfs-aufs ++F: Documentation/ABI/testing/sysfs-aufs ++F: fs/aufs/ ++F: include/uapi/linux/aufs_type.h ++ + AUXILIARY DISPLAY DRIVERS + M: Miguel Ojeda Sandonis + S: Maintained +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index 475e1a738560..8d77e68aa52b 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -763,6 +763,24 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, + return error; + } + ++/* ++ * for AUFS ++ * no get/put for file. ++ */ ++struct file *loop_backing_file(struct super_block *sb) ++{ ++ struct file *ret; ++ struct loop_device *l; ++ ++ ret = NULL; ++ if (MAJOR(sb->s_dev) == LOOP_MAJOR) { ++ l = sb->s_bdev->bd_disk->private_data; ++ ret = l->lo_backing_file; ++ } ++ return ret; ++} ++EXPORT_SYMBOL_GPL(loop_backing_file); ++ + /* loop sysfs attributes */ + + static ssize_t loop_attr_show(struct device *dev, char *page, +diff --git a/fs/dcache.c b/fs/dcache.c +index 361ea7ab30ea..3cd36474f302 100644 +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -1285,7 +1285,7 @@ enum d_walk_ret { + * + * The @enter() callbacks are called with d_lock held. + */ +-static void d_walk(struct dentry *parent, void *data, ++void d_walk(struct dentry *parent, void *data, + enum d_walk_ret (*enter)(void *, struct dentry *)) + { + struct dentry *this_parent; +diff --git a/fs/fcntl.c b/fs/fcntl.c +index 2e4c0fa2074b..0b28a37f7e50 100644 +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -32,7 +32,7 @@ + + #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) + +-static int setfl(int fd, struct file * filp, unsigned long arg) ++int setfl(int fd, struct file *filp, unsigned long arg) + { + struct inode * inode = file_inode(filp); + int error = 0; +@@ -63,6 +63,8 @@ static int setfl(int fd, struct file * filp, unsigned long arg) + + if (filp->f_op->check_flags) + error = filp->f_op->check_flags(arg); ++ if (!error && filp->f_op->setfl) ++ error = filp->f_op->setfl(filp, arg); + if (error) + return error; + +diff --git a/fs/inode.c b/fs/inode.c +index 72c4c347afb7..a7ff2099c2ef 100644 +--- a/fs/inode.c ++++ b/fs/inode.c +@@ -1768,7 +1768,7 @@ EXPORT_SYMBOL(generic_update_time); + * This does the actual work of updating an inodes time or version. Must have + * had called mnt_want_write() before calling this. + */ +-static int update_time(struct inode *inode, struct timespec64 *time, int flags) ++int update_time(struct inode *inode, struct timespec64 *time, int flags) + { + if (inode->i_op->update_time) + return inode->i_op->update_time(inode, time, flags); +diff --git a/fs/namespace.c b/fs/namespace.c +index f30ed401cc6d..8ddebaf7ad57 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -792,6 +792,12 @@ static inline int check_mnt(struct mount *mnt) + return mnt->mnt_ns == current->nsproxy->mnt_ns; + } + ++/* for aufs, CONFIG_AUFS_BR_FUSE */ ++int is_current_mnt_ns(struct vfsmount *mnt) ++{ ++ return check_mnt(real_mount(mnt)); ++} ++ + /* + * vfsmount lock must be held for write + */ +diff --git a/fs/read_write.c b/fs/read_write.c +index 4fb797822567..744831cd0094 100644 +--- a/fs/read_write.c ++++ b/fs/read_write.c +@@ -507,6 +507,28 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t + return ret; + } + ++vfs_readf_t vfs_readf(struct file *file) ++{ ++ const struct file_operations *fop = file->f_op; ++ ++ if (fop->read) ++ return fop->read; ++ if (fop->read_iter) ++ return new_sync_read; ++ return ERR_PTR(-ENOSYS); /* doesn't have ->read(|_iter)() op */ ++} ++ ++vfs_writef_t vfs_writef(struct file *file) ++{ ++ const struct file_operations *fop = file->f_op; ++ ++ if (fop->write) ++ return fop->write; ++ if (fop->write_iter) ++ return new_sync_write; ++ return ERR_PTR(-ENOSYS); /* doesn't have ->write(|_iter)() op */ ++} ++ + /* caller is responsible for file_start_write/file_end_write */ + ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) + { +diff --git a/fs/splice.c b/fs/splice.c +index d7c8a7c4db07..f0b625e27554 100644 +--- a/fs/splice.c ++++ b/fs/splice.c +@@ -839,8 +839,8 @@ EXPORT_SYMBOL(generic_splice_sendpage); + /* + * Attempt to initiate a splice from pipe to file. + */ +-static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, +- loff_t *ppos, size_t len, unsigned int flags) ++long do_splice_from(struct pipe_inode_info *pipe, struct file *out, ++ loff_t *ppos, size_t len, unsigned int flags) + { + if (out->f_op->splice_write) + return out->f_op->splice_write(pipe, out, ppos, len, flags); +@@ -850,9 +850,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, + /* + * Attempt to initiate a splice from a file to a pipe. + */ +-static long do_splice_to(struct file *in, loff_t *ppos, +- struct pipe_inode_info *pipe, size_t len, +- unsigned int flags) ++long do_splice_to(struct file *in, loff_t *ppos, ++ struct pipe_inode_info *pipe, size_t len, ++ unsigned int flags) + { + int ret; + +diff --git a/fs/sync.c b/fs/sync.c +index 1373a610dc78..b7b5a0a0df6f 100644 +--- a/fs/sync.c ++++ b/fs/sync.c +@@ -28,7 +28,7 @@ + * wait == 1 case since in that case write_inode() functions do + * sync_dirty_buffer() and thus effectively write one block at a time. + */ +-static int __sync_filesystem(struct super_block *sb, int wait) ++int __sync_filesystem(struct super_block *sb, int wait) + { + if (wait) + sync_inodes_sb(sb); +diff --git a/include/linux/fs.h b/include/linux/fs.h +index f5abba86107d..0b008da5678d 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -1360,6 +1360,7 @@ extern void fasync_free(struct fasync_struct *); + /* can be called from interrupts */ + extern void kill_fasync(struct fasync_struct **, int, int); + ++extern int setfl(int fd, struct file *filp, unsigned long arg); + extern void __f_setown(struct file *filp, struct pid *, enum pid_type, int force); + extern int f_setown(struct file *filp, unsigned long arg, int force); + extern void f_delown(struct file *filp); +@@ -1848,6 +1849,7 @@ struct file_operations { + ssize_t (*sendpage) (struct file *, struct page *, int, size_t, loff_t *, int); + unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long); + int (*check_flags)(int); ++ int (*setfl)(struct file *, unsigned long); + int (*flock) (struct file *, int, struct file_lock *); + ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); + ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); +@@ -1918,6 +1920,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, + struct iovec *fast_pointer, + struct iovec **ret_pointer); + ++typedef ssize_t (*vfs_readf_t)(struct file *, char __user *, size_t, loff_t *); ++typedef ssize_t (*vfs_writef_t)(struct file *, const char __user *, size_t, ++ loff_t *); ++vfs_readf_t vfs_readf(struct file *file); ++vfs_writef_t vfs_writef(struct file *file); ++ + extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); + extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *); + extern ssize_t vfs_readv(struct file *, const struct iovec __user *, +@@ -2352,6 +2360,7 @@ extern int current_umask(void); + extern void ihold(struct inode * inode); + extern void iput(struct inode *); + extern int generic_update_time(struct inode *, struct timespec64 *, int); ++extern int update_time(struct inode *, struct timespec64 *, int); + + /* /sys/fs */ + extern struct kobject *fs_kobj; +@@ -2633,6 +2642,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb) + return false; + } + #endif ++extern int __sync_filesystem(struct super_block *, int); + extern int sync_filesystem(struct super_block *); + extern const struct file_operations def_blk_fops; + extern const struct file_operations def_chr_fops; +diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h +index 8fce5c98a4b0..c1a3f172e97a 100644 +--- a/include/linux/lockdep.h ++++ b/include/linux/lockdep.h +@@ -395,6 +395,8 @@ static inline int lockdep_match_key(struct lockdep_map *lock, + return lock->key == key; + } + ++struct lock_class *lockdep_hlock_class(struct held_lock *hlock); ++ + /* + * Acquire a lock. + * +@@ -540,6 +542,7 @@ struct lockdep_map { }; + + #define lockdep_depth(tsk) (0) + ++#define lockdep_is_held(lock) (1) + #define lockdep_is_held_type(l, r) (1) + + #define lockdep_assert_held(l) do { (void)(l); } while (0) +diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h +index 8f882f5881e8..6b9808f09843 100644 +--- a/include/linux/mnt_namespace.h ++++ b/include/linux/mnt_namespace.h +@@ -7,12 +7,15 @@ struct mnt_namespace; + struct fs_struct; + struct user_namespace; + struct ns_common; ++struct vfsmount; + + extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *, + struct user_namespace *, struct fs_struct *); + extern void put_mnt_ns(struct mnt_namespace *ns); + extern struct ns_common *from_mnt_ns(struct mnt_namespace *); + ++extern int is_current_mnt_ns(struct vfsmount *mnt); ++ + extern const struct file_operations proc_mounts_operations; + extern const struct file_operations proc_mountinfo_operations; + extern const struct file_operations proc_mountstats_operations; +diff --git a/include/linux/splice.h b/include/linux/splice.h +index 5c47013f708e..fef6c59ed92a 100644 +--- a/include/linux/splice.h ++++ b/include/linux/splice.h +@@ -93,4 +93,10 @@ extern void splice_shrink_spd(struct splice_pipe_desc *); + + extern const struct pipe_buf_operations page_cache_pipe_buf_ops; + extern const struct pipe_buf_operations default_pipe_buf_ops; ++ ++extern long do_splice_from(struct pipe_inode_info *pipe, struct file *out, ++ loff_t *ppos, size_t len, unsigned int flags); ++extern long do_splice_to(struct file *in, loff_t *ppos, ++ struct pipe_inode_info *pipe, size_t len, ++ unsigned int flags); + #endif +diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c +index 29a8de4c50b9..6cfff5e18c84 100644 +--- a/kernel/locking/lockdep.c ++++ b/kernel/locking/lockdep.c +@@ -169,7 +169,7 @@ static + struct lock_class lock_classes[MAX_LOCKDEP_KEYS]; + static DECLARE_BITMAP(lock_classes_in_use, MAX_LOCKDEP_KEYS); + +-static inline struct lock_class *hlock_class(struct held_lock *hlock) ++inline struct lock_class *lockdep_hlock_class(struct held_lock *hlock) + { + unsigned int class_idx = hlock->class_idx; + +@@ -190,6 +190,7 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock) + */ + return lock_classes + class_idx; + } ++#define hlock_class(hlock) lockdep_hlock_class(hlock) + + #ifdef CONFIG_LOCK_STAT + static DEFINE_PER_CPU(struct lock_class_stats[MAX_LOCKDEP_KEYS], cpu_lock_stats); +-- +2.27.0 + diff --git a/debian/patches/features/all/aufs5/aufs5-mmap.patch b/debian/patches/features/all/aufs5/aufs5-mmap.patch new file mode 100644 index 000000000..4cf1e0b2b --- /dev/null +++ b/debian/patches/features/all/aufs5/aufs5-mmap.patch @@ -0,0 +1,405 @@ +From: J. R. Okajima +Date: Tue Apr 7 22:14:47 2020 +0900 +Subject: aufs5.6 mmap patch +Origin: https://github.com/sfjro/aufs5-standalone/tree/7c07d9737e9de058981f020d66ac0d4407a80899 +Bug-Debian: https://bugs.debian.org/541828 + +Patch headers added by debian/bin/genpatch-aufs + +SPDX-License-Identifier: GPL-2.0 +aufs5.6 mmap patch + +Index: debian-kernel/fs/proc/base.c +=================================================================== +--- debian-kernel.orig/fs/proc/base.c ++++ debian-kernel/fs/proc/base.c +@@ -2170,7 +2170,7 @@ static int map_files_get_link(struct den + rc = -ENOENT; + vma = find_exact_vma(mm, vm_start, vm_end); + if (vma && vma->vm_file) { +- *path = vma->vm_file->f_path; ++ *path = vma_pr_or_file(vma)->f_path; + path_get(path); + rc = 0; + } +Index: debian-kernel/fs/proc/nommu.c +=================================================================== +--- debian-kernel.orig/fs/proc/nommu.c ++++ debian-kernel/fs/proc/nommu.c +@@ -40,7 +40,10 @@ static int nommu_region_show(struct seq_ + file = region->vm_file; + + if (file) { +- struct inode *inode = file_inode(region->vm_file); ++ struct inode *inode; ++ ++ file = vmr_pr_or_file(region); ++ inode = file_inode(file); + dev = inode->i_sb->s_dev; + ino = inode->i_ino; + } +Index: debian-kernel/fs/proc/task_mmu.c +=================================================================== +--- debian-kernel.orig/fs/proc/task_mmu.c ++++ debian-kernel/fs/proc/task_mmu.c +@@ -280,7 +280,10 @@ show_map_vma(struct seq_file *m, struct + const char *name = NULL; + + if (file) { +- struct inode *inode = file_inode(vma->vm_file); ++ struct inode *inode; ++ ++ file = vma_pr_or_file(vma); ++ inode = file_inode(file); + dev = inode->i_sb->s_dev; + ino = inode->i_ino; + pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; +@@ -1793,7 +1796,7 @@ static int show_numa_map(struct seq_file + struct proc_maps_private *proc_priv = &numa_priv->proc_maps; + struct vm_area_struct *vma = v; + struct numa_maps *md = &numa_priv->md; +- struct file *file = vma->vm_file; ++ struct file *file = vma_pr_or_file(vma); + struct mm_struct *mm = vma->vm_mm; + struct mempolicy *pol; + char buffer[64]; +Index: debian-kernel/fs/proc/task_nommu.c +=================================================================== +--- debian-kernel.orig/fs/proc/task_nommu.c ++++ debian-kernel/fs/proc/task_nommu.c +@@ -155,7 +155,10 @@ static int nommu_vma_show(struct seq_fil + file = vma->vm_file; + + if (file) { +- struct inode *inode = file_inode(vma->vm_file); ++ struct inode *inode; ++ ++ file = vma_pr_or_file(vma); ++ inode = file_inode(file); + dev = inode->i_sb->s_dev; + ino = inode->i_ino; + pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT; +Index: debian-kernel/include/linux/mm.h +=================================================================== +--- debian-kernel.orig/include/linux/mm.h ++++ debian-kernel/include/linux/mm.h +@@ -1684,6 +1684,28 @@ static inline void unmap_shared_mapping_ + unmap_mapping_range(mapping, holebegin, holelen, 0); + } + ++extern void vma_do_file_update_time(struct vm_area_struct *, const char[], int); ++extern struct file *vma_do_pr_or_file(struct vm_area_struct *, const char[], ++ int); ++extern void vma_do_get_file(struct vm_area_struct *, const char[], int); ++extern void vma_do_fput(struct vm_area_struct *, const char[], int); ++ ++#define vma_file_update_time(vma) vma_do_file_update_time(vma, __func__, \ ++ __LINE__) ++#define vma_pr_or_file(vma) vma_do_pr_or_file(vma, __func__, \ ++ __LINE__) ++#define vma_get_file(vma) vma_do_get_file(vma, __func__, __LINE__) ++#define vma_fput(vma) vma_do_fput(vma, __func__, __LINE__) ++ ++#ifndef CONFIG_MMU ++extern struct file *vmr_do_pr_or_file(struct vm_region *, const char[], int); ++extern void vmr_do_fput(struct vm_region *, const char[], int); ++ ++#define vmr_pr_or_file(region) vmr_do_pr_or_file(region, __func__, \ ++ __LINE__) ++#define vmr_fput(region) vmr_do_fput(region, __func__, __LINE__) ++#endif /* !CONFIG_MMU */ ++ + extern int access_process_vm(struct task_struct *tsk, unsigned long addr, + void *buf, int len, unsigned int gup_flags); + extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, +Index: debian-kernel/include/linux/mm_types.h +=================================================================== +--- debian-kernel.orig/include/linux/mm_types.h ++++ debian-kernel/include/linux/mm_types.h +@@ -276,6 +276,7 @@ struct vm_region { + unsigned long vm_top; /* region allocated to here */ + unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */ + struct file *vm_file; /* the backing file or NULL */ ++ struct file *vm_prfile; /* the virtual backing file or NULL */ + + int vm_usage; /* region usage count (access under nommu_region_sem) */ + bool vm_icache_flushed : 1; /* true if the icache has been flushed for +@@ -355,6 +356,7 @@ struct vm_area_struct { + unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE + units */ + struct file * vm_file; /* File we map to (can be NULL). */ ++ struct file *vm_prfile; /* shadow of vm_file */ + void * vm_private_data; /* was vm_pte (shared mem) */ + + #ifdef CONFIG_SWAP +Index: debian-kernel/kernel/fork.c +=================================================================== +--- debian-kernel.orig/kernel/fork.c ++++ debian-kernel/kernel/fork.c +@@ -570,7 +570,7 @@ static __latent_entropy int dup_mmap(str + struct inode *inode = file_inode(file); + struct address_space *mapping = file->f_mapping; + +- get_file(file); ++ vma_get_file(tmp); + if (tmp->vm_flags & VM_DENYWRITE) + atomic_dec(&inode->i_writecount); + i_mmap_lock_write(mapping); +Index: debian-kernel/mm/Makefile +=================================================================== +--- debian-kernel.orig/mm/Makefile ++++ debian-kernel/mm/Makefile +@@ -52,7 +52,7 @@ obj-y := filemap.o mempool.o oom_kill. + mm_init.o percpu.o slab_common.o \ + compaction.o vmacache.o \ + interval_tree.o list_lru.o workingset.o \ +- debug.o gup.o $(mmu-y) ++ prfile.o debug.o gup.o $(mmu-y) + + # Give 'page_alloc' its own module-parameter namespace + page-alloc-y := page_alloc.o +Index: debian-kernel/mm/filemap.c +=================================================================== +--- debian-kernel.orig/mm/filemap.c ++++ debian-kernel/mm/filemap.c +@@ -2676,7 +2676,7 @@ vm_fault_t filemap_page_mkwrite(struct v + vm_fault_t ret = VM_FAULT_LOCKED; + + sb_start_pagefault(inode->i_sb); +- file_update_time(vmf->vma->vm_file); ++ vma_file_update_time(vmf->vma); + lock_page(page); + if (page->mapping != inode->i_mapping) { + unlock_page(page); +Index: debian-kernel/mm/mmap.c +=================================================================== +--- debian-kernel.orig/mm/mmap.c ++++ debian-kernel/mm/mmap.c +@@ -179,7 +179,7 @@ static struct vm_area_struct *remove_vma + if (vma->vm_ops && vma->vm_ops->close) + vma->vm_ops->close(vma); + if (vma->vm_file) +- fput(vma->vm_file); ++ vma_fput(vma); + mpol_put(vma_policy(vma)); + vm_area_free(vma); + return next; +@@ -910,7 +910,7 @@ again: + if (remove_next) { + if (file) { + uprobe_munmap(next, next->vm_start, next->vm_end); +- fput(file); ++ vma_fput(vma); + } + if (next->anon_vma) + anon_vma_merge(vma, next); +@@ -1831,8 +1831,8 @@ out: + return addr; + + unmap_and_free_vma: ++ vma_fput(vma); + vma->vm_file = NULL; +- fput(file); + + /* Undo any partial mapping done by a device driver. */ + unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); +@@ -2683,7 +2683,7 @@ int __split_vma(struct mm_struct *mm, st + goto out_free_mpol; + + if (new->vm_file) +- get_file(new->vm_file); ++ vma_get_file(new); + + if (new->vm_ops && new->vm_ops->open) + new->vm_ops->open(new); +@@ -2702,7 +2702,7 @@ int __split_vma(struct mm_struct *mm, st + if (new->vm_ops && new->vm_ops->close) + new->vm_ops->close(new); + if (new->vm_file) +- fput(new->vm_file); ++ vma_fput(new); + unlink_anon_vmas(new); + out_free_mpol: + mpol_put(vma_policy(new)); +@@ -2894,7 +2894,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsign + struct vm_area_struct *vma; + unsigned long populate = 0; + unsigned long ret = -EINVAL; +- struct file *file; ++ struct file *file, *prfile; + + pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.\n", + current->comm, current->pid); +@@ -2969,10 +2969,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsign + } + } + +- file = get_file(vma->vm_file); ++ vma_get_file(vma); ++ file = vma->vm_file; ++ prfile = vma->vm_prfile; + ret = do_mmap_pgoff(vma->vm_file, start, size, + prot, flags, pgoff, &populate, NULL); ++ if (!IS_ERR_VALUE(ret) && file && prfile) { ++ struct vm_area_struct *new_vma; ++ ++ new_vma = find_vma(mm, ret); ++ if (!new_vma->vm_prfile) ++ new_vma->vm_prfile = prfile; ++ if (new_vma != vma) ++ get_file(prfile); ++ } ++ /* ++ * two fput()s instead of vma_fput(vma), ++ * coz vma may not be available anymore. ++ */ + fput(file); ++ if (prfile) ++ fput(prfile); + out: + mmap_write_unlock(mm); + if (populate) +@@ -3263,7 +3280,7 @@ struct vm_area_struct *copy_vma(struct v + if (anon_vma_clone(new_vma, vma)) + goto out_free_mempol; + if (new_vma->vm_file) +- get_file(new_vma->vm_file); ++ vma_get_file(new_vma); + if (new_vma->vm_ops && new_vma->vm_ops->open) + new_vma->vm_ops->open(new_vma); + vma_link(mm, new_vma, prev, rb_link, rb_parent); +Index: debian-kernel/mm/nommu.c +=================================================================== +--- debian-kernel.orig/mm/nommu.c ++++ debian-kernel/mm/nommu.c +@@ -540,7 +540,7 @@ static void __put_nommu_region(struct vm + up_write(&nommu_region_sem); + + if (region->vm_file) +- fput(region->vm_file); ++ vmr_fput(region); + + /* IO memory and memory shared directly out of the pagecache + * from ramfs/tmpfs mustn't be released here */ +@@ -672,7 +672,7 @@ static void delete_vma(struct mm_struct + if (vma->vm_ops && vma->vm_ops->close) + vma->vm_ops->close(vma); + if (vma->vm_file) +- fput(vma->vm_file); ++ vma_fput(vma); + put_nommu_region(vma->vm_region); + vm_area_free(vma); + } +@@ -1195,7 +1195,7 @@ unsigned long do_mmap(struct file *file, + goto error_just_free; + } + } +- fput(region->vm_file); ++ vmr_fput(region); + kmem_cache_free(vm_region_jar, region); + region = pregion; + result = start; +@@ -1272,10 +1272,10 @@ error_just_free: + up_write(&nommu_region_sem); + error: + if (region->vm_file) +- fput(region->vm_file); ++ vmr_fput(region); + kmem_cache_free(vm_region_jar, region); + if (vma->vm_file) +- fput(vma->vm_file); ++ vma_fput(vma); + vm_area_free(vma); + return ret; + +Index: debian-kernel/mm/prfile.c +=================================================================== +--- /dev/null ++++ debian-kernel/mm/prfile.c +@@ -0,0 +1,86 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * Mainly for aufs which mmap(2) different file and wants to print different ++ * path in /proc/PID/maps. ++ * Call these functions via macros defined in linux/mm.h. ++ * ++ * See Documentation/filesystems/aufs/design/06mmap.txt ++ * ++ * Copyright (c) 2014-2020 Junjro R. Okajima ++ * Copyright (c) 2014 Ian Campbell ++ */ ++ ++#include ++#include ++#include ++ ++/* #define PRFILE_TRACE */ ++static inline void prfile_trace(struct file *f, struct file *pr, ++ const char func[], int line, const char func2[]) ++{ ++#ifdef PRFILE_TRACE ++ if (pr) ++ pr_info("%s:%d: %s, %pD2\n", func, line, func2, f); ++#endif ++} ++ ++void vma_do_file_update_time(struct vm_area_struct *vma, const char func[], ++ int line) ++{ ++ struct file *f = vma->vm_file, *pr = vma->vm_prfile; ++ ++ prfile_trace(f, pr, func, line, __func__); ++ file_update_time(f); ++ if (f && pr) ++ file_update_time(pr); ++} ++ ++struct file *vma_do_pr_or_file(struct vm_area_struct *vma, const char func[], ++ int line) ++{ ++ struct file *f = vma->vm_file, *pr = vma->vm_prfile; ++ ++ prfile_trace(f, pr, func, line, __func__); ++ return (f && pr) ? pr : f; ++} ++ ++void vma_do_get_file(struct vm_area_struct *vma, const char func[], int line) ++{ ++ struct file *f = vma->vm_file, *pr = vma->vm_prfile; ++ ++ prfile_trace(f, pr, func, line, __func__); ++ get_file(f); ++ if (f && pr) ++ get_file(pr); ++} ++ ++void vma_do_fput(struct vm_area_struct *vma, const char func[], int line) ++{ ++ struct file *f = vma->vm_file, *pr = vma->vm_prfile; ++ ++ prfile_trace(f, pr, func, line, __func__); ++ fput(f); ++ if (f && pr) ++ fput(pr); ++} ++ ++#ifndef CONFIG_MMU ++struct file *vmr_do_pr_or_file(struct vm_region *region, const char func[], ++ int line) ++{ ++ struct file *f = region->vm_file, *pr = region->vm_prfile; ++ ++ prfile_trace(f, pr, func, line, __func__); ++ return (f && pr) ? pr : f; ++} ++ ++void vmr_do_fput(struct vm_region *region, const char func[], int line) ++{ ++ struct file *f = region->vm_file, *pr = region->vm_prfile; ++ ++ prfile_trace(f, pr, func, line, __func__); ++ fput(f); ++ if (f && pr) ++ fput(pr); ++} ++#endif /* !CONFIG_MMU */ diff --git a/debian/patches/features/all/aufs5/aufs5-standalone.patch b/debian/patches/features/all/aufs5/aufs5-standalone.patch new file mode 100644 index 000000000..ffd06c8ce --- /dev/null +++ b/debian/patches/features/all/aufs5/aufs5-standalone.patch @@ -0,0 +1,308 @@ +From: J. R. Okajima +Date: Tue Apr 7 22:14:47 2020 +0900 +Subject: aufs5.6 standalone patch +Origin: https://github.com/sfjro/aufs5-standalone/tree/7c07d9737e9de058981f020d66ac0d4407a80899 +Bug-Debian: https://bugs.debian.org/541828 + +Patch headers added by debian/bin/genpatch-aufs + +SPDX-License-Identifier: GPL-2.0 +aufs5.6 standalone patch + +Index: debian-kernel/fs/dcache.c +=================================================================== +--- debian-kernel.orig/fs/dcache.c ++++ debian-kernel/fs/dcache.c +@@ -1390,6 +1390,7 @@ rename_retry: + seq = 1; + goto again; + } ++EXPORT_SYMBOL_GPL(d_walk); + + struct check_mount { + struct vfsmount *mnt; +@@ -2935,6 +2936,7 @@ void d_exchange(struct dentry *dentry1, + + write_sequnlock(&rename_lock); + } ++EXPORT_SYMBOL_GPL(d_exchange); + + /** + * d_ancestor - search for an ancestor +Index: debian-kernel/fs/exec.c +=================================================================== +--- debian-kernel.orig/fs/exec.c ++++ debian-kernel/fs/exec.c +@@ -111,6 +111,7 @@ bool path_noexec(const struct path *path + return (path->mnt->mnt_flags & MNT_NOEXEC) || + (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); + } ++EXPORT_SYMBOL_GPL(path_noexec); + + #ifdef CONFIG_USELIB + /* +Index: debian-kernel/fs/fcntl.c +=================================================================== +--- debian-kernel.orig/fs/fcntl.c ++++ debian-kernel/fs/fcntl.c +@@ -85,6 +85,7 @@ int setfl(int fd, struct file *filp, uns + out: + return error; + } ++EXPORT_SYMBOL_GPL(setfl); + + static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, + int force) +Index: debian-kernel/fs/file_table.c +=================================================================== +--- debian-kernel.orig/fs/file_table.c ++++ debian-kernel/fs/file_table.c +@@ -162,6 +162,7 @@ over: + } + return ERR_PTR(-ENFILE); + } ++EXPORT_SYMBOL_GPL(alloc_empty_file); + + /* + * Variant of alloc_empty_file() that doesn't check and modify nr_files. +@@ -376,6 +377,7 @@ void __fput_sync(struct file *file) + } + + EXPORT_SYMBOL(fput); ++EXPORT_SYMBOL_GPL(__fput_sync); + + void __init files_init(void) + { +Index: debian-kernel/fs/inode.c +=================================================================== +--- debian-kernel.orig/fs/inode.c ++++ debian-kernel/fs/inode.c +@@ -1774,6 +1774,7 @@ int update_time(struct inode *inode, str + return inode->i_op->update_time(inode, time, flags); + return generic_update_time(inode, time, flags); + } ++EXPORT_SYMBOL_GPL(update_time); + + /** + * touch_atime - update the access time +Index: debian-kernel/fs/namespace.c +=================================================================== +--- debian-kernel.orig/fs/namespace.c ++++ debian-kernel/fs/namespace.c +@@ -431,6 +431,7 @@ void __mnt_drop_write(struct vfsmount *m + mnt_dec_writers(real_mount(mnt)); + preempt_enable(); + } ++EXPORT_SYMBOL_GPL(__mnt_drop_write); + + /** + * mnt_drop_write - give up write access to a mount +@@ -797,6 +798,7 @@ int is_current_mnt_ns(struct vfsmount *m + { + return check_mnt(real_mount(mnt)); + } ++EXPORT_SYMBOL_GPL(is_current_mnt_ns); + + /* + * vfsmount lock must be held for write +@@ -1961,6 +1963,7 @@ int iterate_mounts(int (*f)(struct vfsmo + } + return 0; + } ++EXPORT_SYMBOL_GPL(iterate_mounts); + + static void lock_mnt_tree(struct mount *mnt) + { +Index: debian-kernel/fs/notify/group.c +=================================================================== +--- debian-kernel.orig/fs/notify/group.c ++++ debian-kernel/fs/notify/group.c +@@ -100,6 +100,7 @@ void fsnotify_get_group(struct fsnotify_ + { + refcount_inc(&group->refcnt); + } ++EXPORT_SYMBOL_GPL(fsnotify_get_group); + + /* + * Drop a reference to a group. Free it if it's through. +Index: debian-kernel/fs/open.c +=================================================================== +--- debian-kernel.orig/fs/open.c ++++ debian-kernel/fs/open.c +@@ -65,6 +65,7 @@ int do_truncate(struct dentry *dentry, l + inode_unlock(dentry->d_inode); + return ret; + } ++EXPORT_SYMBOL_GPL(do_truncate); + + long vfs_truncate(const struct path *path, loff_t length) + { +Index: debian-kernel/fs/read_write.c +=================================================================== +--- debian-kernel.orig/fs/read_write.c ++++ debian-kernel/fs/read_write.c +@@ -488,6 +488,7 @@ ssize_t vfs_read(struct file *file, char + inc_syscr(current); + return ret; + } ++EXPORT_SYMBOL_GPL(vfs_read); + + static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos) + { +@@ -517,6 +518,7 @@ vfs_readf_t vfs_readf(struct file *file) + return new_sync_read; + return ERR_PTR(-ENOSYS); /* doesn't have ->read(|_iter)() op */ + } ++EXPORT_SYMBOL_GPL(vfs_readf); + + vfs_writef_t vfs_writef(struct file *file) + { +@@ -528,6 +530,7 @@ vfs_writef_t vfs_writef(struct file *fil + return new_sync_write; + return ERR_PTR(-ENOSYS); /* doesn't have ->write(|_iter)() op */ + } ++EXPORT_SYMBOL_GPL(vfs_writef); + + /* caller is responsible for file_start_write/file_end_write */ + ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) +@@ -608,6 +611,7 @@ ssize_t vfs_write(struct file *file, con + file_end_write(file); + return ret; + } ++EXPORT_SYMBOL_GPL(vfs_write); + + /* file_ppos returns &file->f_pos or NULL if file is stream */ + static inline loff_t *file_ppos(struct file *file) +Index: debian-kernel/fs/splice.c +=================================================================== +--- debian-kernel.orig/fs/splice.c ++++ debian-kernel/fs/splice.c +@@ -870,6 +870,7 @@ long do_splice_to(struct file *in, loff_ + return in->f_op->splice_read(in, ppos, pipe, len, flags); + return default_file_splice_read(in, ppos, pipe, len, flags); + } ++EXPORT_SYMBOL_GPL(do_splice_from); + + /** + * splice_direct_to_actor - splices data directly between two non-pipes +@@ -1016,6 +1017,7 @@ static int direct_splice_actor(struct pi + return do_splice_from(pipe, file, sd->opos, sd->total_len, + sd->flags); + } ++EXPORT_SYMBOL_GPL(do_splice_to); + + /** + * do_splice_direct - splices data directly between two files +Index: debian-kernel/fs/sync.c +=================================================================== +--- debian-kernel.orig/fs/sync.c ++++ debian-kernel/fs/sync.c +@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block + sb->s_op->sync_fs(sb, wait); + return __sync_blockdev(sb->s_bdev, wait); + } ++EXPORT_SYMBOL_GPL(__sync_filesystem); + + /* + * Write out and wait upon all dirty data associated with this +Index: debian-kernel/fs/xattr.c +=================================================================== +--- debian-kernel.orig/fs/xattr.c ++++ debian-kernel/fs/xattr.c +@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry + *xattr_value = value; + return error; + } ++EXPORT_SYMBOL_GPL(vfs_getxattr_alloc); + + ssize_t + __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, +Index: debian-kernel/kernel/locking/lockdep.c +=================================================================== +--- debian-kernel.orig/kernel/locking/lockdep.c ++++ debian-kernel/kernel/locking/lockdep.c +@@ -190,6 +190,7 @@ inline struct lock_class *lockdep_hlock_ + */ + return lock_classes + class_idx; + } ++EXPORT_SYMBOL_GPL(lockdep_hlock_class); + #define hlock_class(hlock) lockdep_hlock_class(hlock) + + #ifdef CONFIG_LOCK_STAT +Index: debian-kernel/kernel/task_work.c +=================================================================== +--- debian-kernel.orig/kernel/task_work.c ++++ debian-kernel/kernel/task_work.c +@@ -139,3 +139,4 @@ void task_work_run(void) + } while (work); + } + } ++EXPORT_SYMBOL_GPL(task_work_run); +Index: debian-kernel/security/security.c +=================================================================== +--- debian-kernel.orig/security/security.c ++++ debian-kernel/security/security.c +@@ -1096,6 +1096,7 @@ int security_path_rmdir(const struct pat + return 0; + return call_int_hook(path_rmdir, 0, dir, dentry); + } ++EXPORT_SYMBOL_GPL(security_path_rmdir); + + int security_path_unlink(const struct path *dir, struct dentry *dentry) + { +@@ -1112,6 +1113,7 @@ int security_path_symlink(const struct p + return 0; + return call_int_hook(path_symlink, 0, dir, dentry, old_name); + } ++EXPORT_SYMBOL_GPL(security_path_symlink); + + int security_path_link(struct dentry *old_dentry, const struct path *new_dir, + struct dentry *new_dentry) +@@ -1120,6 +1122,7 @@ int security_path_link(struct dentry *ol + return 0; + return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); + } ++EXPORT_SYMBOL_GPL(security_path_link); + + int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry, +@@ -1147,6 +1150,7 @@ int security_path_truncate(const struct + return 0; + return call_int_hook(path_truncate, 0, path); + } ++EXPORT_SYMBOL_GPL(security_path_truncate); + + int security_path_chmod(const struct path *path, umode_t mode) + { +@@ -1154,6 +1158,7 @@ int security_path_chmod(const struct pat + return 0; + return call_int_hook(path_chmod, 0, path, mode); + } ++EXPORT_SYMBOL_GPL(security_path_chmod); + + int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) + { +@@ -1161,6 +1166,7 @@ int security_path_chown(const struct pat + return 0; + return call_int_hook(path_chown, 0, path, uid, gid); + } ++EXPORT_SYMBOL_GPL(security_path_chown); + + int security_path_chroot(const struct path *path) + { +@@ -1261,6 +1267,7 @@ int security_inode_permission(struct ino + return 0; + return call_int_hook(inode_permission, 0, inode, mask); + } ++EXPORT_SYMBOL_GPL(security_inode_permission); + + int security_inode_setattr(struct dentry *dentry, struct iattr *attr) + { +@@ -1453,6 +1460,7 @@ int security_file_permission(struct file + + return fsnotify_perm(file, mask); + } ++EXPORT_SYMBOL_GPL(security_file_permission); + + int security_file_alloc(struct file *file) + { diff --git a/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch b/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch new file mode 100644 index 000000000..5d4ec82f0 --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch @@ -0,0 +1,40 @@ +From: "Lee, Chun-Yi" +Date: Tue, 13 Mar 2018 18:37:59 +0800 +Subject: [PATCH 1/5] MODSIGN: do not load mok when secure boot disabled +Origin: https://lore.kernel.org/patchwork/patch/933173/ + +The mok can not be trusted when the secure boot is disabled. Which +means that the kernel embedded certificate is the only trusted key. + +Due to db/dbx are authenticated variables, they needs manufacturer's +KEK for update. So db/dbx are secure when secureboot disabled. + +Cc: David Howells +Cc: Josh Boyer +Cc: James Bottomley +Signed-off-by: "Lee, Chun-Yi" +[Rebased by Luca Boccassi] +[bwh: Forward-ported to 5.5.9: + - get_cert_list() takes a pointer to status and returns the cert list + - Adjust filename] +[Salvatore Bonaccorso: Forward-ported to 5.10: Refresh for changes in +38a1f03aa240 ("integrity: Move import of MokListRT certs to a separate +routine"). Refresh in context for change in ebd9c2ae369a ("integrity: Load mokx +variables into the blacklist keyring")] +--- + security/integrity/platform_certs/load_uefi.c | 26 +++++++++++++++----------- + 1 file changed, 15 insertions(+), 11 deletions(-) + +--- a/security/integrity/platform_certs/load_uefi.c ++++ b/security/integrity/platform_certs/load_uefi.c +@@ -176,6 +176,10 @@ static int __init load_uefi_certs(void) + kfree(dbx); + } + ++ /* the MOK can not be trusted when secure boot is disabled */ ++ if (!efi_enabled(EFI_SECURE_BOOT)) ++ return 0; ++ + mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status); + if (!mokx) { + if (status == EFI_NOT_FOUND) diff --git a/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch b/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch new file mode 100644 index 000000000..a7ec5ccb5 --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch @@ -0,0 +1,117 @@ +From: "Lee, Chun-Yi" +Date: Tue, 13 Mar 2018 18:38:02 +0800 +Subject: [PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a + kernel module +Origin: https://lore.kernel.org/patchwork/patch/933175/ + +This patch adds the logic for checking the kernel module's hash +base on blacklist. The hash must be generated by sha256 and enrolled +to dbx/mokx. + +For example: + sha256sum sample.ko + mokutil --mokx --import-hash $HASH_RESULT + +Whether the signature on ko file is stripped or not, the hash can be +compared by kernel. + +Cc: David Howells +Cc: Josh Boyer +Cc: James Bottomley +Signed-off-by: "Lee, Chun-Yi" +[Rebased by Luca Boccassi] +--- + kernel/module_signing.c | 59 +++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 57 insertions(+), 2 deletions(-) + +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -12,15 +12,62 @@ + #include + #include + #include ++#include ++#include + #include "module-internal.h" + ++static int mod_is_hash_blacklisted(const void *mod, size_t verifylen) ++{ ++ struct crypto_shash *tfm; ++ struct shash_desc *desc; ++ size_t digest_size, desc_size; ++ u8 *digest; ++ int ret = 0; ++ ++ tfm = crypto_alloc_shash("sha256", 0, 0); ++ if (IS_ERR(tfm)) ++ goto error_return; ++ ++ desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); ++ digest_size = crypto_shash_digestsize(tfm); ++ digest = kzalloc(digest_size + desc_size, GFP_KERNEL); ++ if (!digest) { ++ pr_err("digest memory buffer allocate fail\n"); ++ ret = -ENOMEM; ++ goto error_digest; ++ } ++ desc = (void *)digest + digest_size; ++ desc->tfm = tfm; ++ ret = crypto_shash_init(desc); ++ if (ret < 0) ++ goto error_shash; ++ ++ ret = crypto_shash_finup(desc, mod, verifylen, digest); ++ if (ret < 0) ++ goto error_shash; ++ ++ pr_debug("%ld digest: %*phN\n", verifylen, (int) digest_size, digest); ++ ++ ret = is_hash_blacklisted(digest, digest_size, "bin"); ++ if (ret == -EKEYREJECTED) ++ pr_err("Module hash %*phN is blacklisted\n", ++ (int) digest_size, digest); ++ ++error_shash: ++ kfree(digest); ++error_digest: ++ crypto_free_shash(tfm); ++error_return: ++ return ret; ++} ++ + /* + * Verify the signature on a module. + */ + int mod_verify_sig(const void *mod, struct load_info *info) + { + struct module_signature ms; +- size_t sig_len, modlen = info->len; ++ size_t sig_len, modlen = info->len, wholelen; + int ret; + + pr_devel("==>%s(,%zu)\n", __func__, modlen); +@@ -28,6 +75,7 @@ int mod_verify_sig(const void *mod, stru + if (modlen <= sizeof(ms)) + return -EBADMSG; + ++ wholelen = modlen + sizeof(MODULE_SIG_STRING) - 1; + memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms)); + + ret = mod_check_sig(&ms, modlen, "module"); +@@ -38,8 +86,15 @@ int mod_verify_sig(const void *mod, stru + modlen -= sig_len + sizeof(ms); + info->len = modlen; + +- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + VERIFY_USE_SECONDARY_KEYRING, + VERIFYING_MODULE_SIGNATURE, + NULL, NULL); ++ pr_devel("verify_pkcs7_signature() = %d\n", ret); ++ ++ /* checking hash of module is in blacklist */ ++ if (!ret) ++ ret = mod_is_hash_blacklisted(mod, wholelen); ++ ++ return ret; + } diff --git a/debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch b/debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch new file mode 100644 index 000000000..530885944 --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch @@ -0,0 +1,113 @@ +From: "Lee, Chun-Yi" +Date: Tue, 13 Mar 2018 18:38:03 +0800 +Subject: [PATCH 4/4] MODSIGN: check the attributes of db and mok +Origin: https://lore.kernel.org/patchwork/patch/933176/ + +That's better for checking the attributes of db and mok variables +before loading certificates to kernel keyring. + +For db and dbx, both of them are authenticated variables. Which +means that they can only be modified by manufacturer's key. So +the kernel should checks EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS +attribute before we trust it. + +For mok-rt and mokx-rt, both of them are created by shim boot loader +to forward the mok/mokx content to runtime. They must be runtime-volatile +variables. So kernel should checks that the attributes map did not set +EFI_VARIABLE_NON_VOLATILE bit before we trust it. + +Cc: David Howells +Cc: Josh Boyer +Cc: James Bottomley +Signed-off-by: "Lee, Chun-Yi" +[Rebased by Luca Boccassi] +[bwh: Forward-ported to 5.5.9: + - get_cert_list() takes a pointer to status and returns the cert list + - Adjust filename, context] +[bwh: Forward-ported to 5.10: MokListRT and MokListXRT are now both + loaded through a single code path.] +--- + security/integrity/platform_certs/load_uefi.c | 27 ++++++++++++++----- + 1 file changed, 21 insertions(+), 6 deletions(-) + +--- a/security/integrity/platform_certs/load_uefi.c ++++ b/security/integrity/platform_certs/load_uefi.c +@@ -35,11 +35,13 @@ static __init bool uefi_check_ignore_db( + * Get a certificate list blob from the named EFI variable. + */ + static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, +- unsigned long *size, efi_status_t *status) ++ unsigned long *size, efi_status_t *status, ++ u32 pos_attr, u32 neg_attr) + { + unsigned long lsize = 4; + unsigned long tmpdb[4]; + void *db; ++ u32 attr = 0; + + *status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); + if (*status == EFI_NOT_FOUND) +@@ -54,13 +56,22 @@ static __init void *get_cert_list(efi_ch + if (!db) + return NULL; + +- *status = efi.get_variable(name, guid, NULL, &lsize, db); ++ *status = efi.get_variable(name, guid, &attr, &lsize, db); + if (*status != EFI_SUCCESS) { + kfree(db); + pr_err("Error reading db var: 0x%lx\n", *status); + return NULL; + } + ++ /* must have positive attributes and no negative attributes */ ++ if ((pos_attr && !(attr & pos_attr)) || ++ (neg_attr && (attr & neg_attr))) { ++ kfree(db); ++ pr_err("Error reading db var attributes: 0x%016x\n", attr); ++ *status = EFI_SECURITY_VIOLATION; ++ return NULL; ++ } ++ + *size = lsize; + return db; + } +@@ -106,7 +117,8 @@ static int __init load_moklist_certs(voi + /* Get MokListRT. It might not exist, so it isn't an error + * if we can't get it. + */ +- mok = get_cert_list(L"MokListRT", &mok_var, &moksize, &status); ++ mok = get_cert_list(L"MokListRT", &mok_var, &moksize, &status, ++ 0, EFI_VARIABLE_NON_VOLATILE); + if (mok) { + rc = parse_efi_signature_list("UEFI:MokListRT", + mok, moksize, get_handler_for_db); +@@ -145,7 +157,8 @@ static int __init load_uefi_certs(void) + * if we can't get them. + */ + if (!uefi_check_ignore_db()) { +- db = get_cert_list(L"db", &secure_var, &dbsize, &status); ++ db = get_cert_list(L"db", &secure_var, &dbsize, &status, ++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, 0); + if (!db) { + if (status == EFI_NOT_FOUND) + pr_debug("MODSIGN: db variable wasn't found\n"); +@@ -161,7 +174,8 @@ static int __init load_uefi_certs(void) + } + } + +- dbx = get_cert_list(L"dbx", &secure_var, &dbxsize, &status); ++ dbx = get_cert_list(L"dbx", &secure_var, &dbxsize, &status, ++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, 0); + if (!dbx) { + if (status == EFI_NOT_FOUND) + pr_debug("dbx variable wasn't found\n"); +@@ -180,7 +194,8 @@ static int __init load_uefi_certs(void) + if (!efi_enabled(EFI_SECURE_BOOT)) + return 0; + +- mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status); ++ mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status, ++ 0, EFI_VARIABLE_NON_VOLATILE); + if (!mokx) { + if (status == EFI_NOT_FOUND) + pr_debug("mokx variable wasn't found\n"); diff --git a/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch b/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch new file mode 100644 index 000000000..f00bf3d24 --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch @@ -0,0 +1,37 @@ +From: Robert Holmes +Date: Tue, 23 Apr 2019 07:39:29 +0000 +Subject: [PATCH] KEYS: Make use of platform keyring for module signature + verify +Bug-Debian: https://bugs.debian.org/935945 +Origin: https://src.fedoraproject.org/rpms/kernel/raw/master/f/KEYS-Make-use-of-platform-keyring-for-module-signature.patch + +This patch completes commit 278311e417be ("kexec, KEYS: Make use of +platform keyring for signature verify") which, while adding the +platform keyring for bzImage verification, neglected to also add +this keyring for module verification. + +As such, kernel modules signed with keys from the MokList variable +were not successfully verified. + +Signed-off-by: Robert Holmes +Signed-off-by: Jeremy Cline +--- + kernel/module_signing.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -135,6 +135,13 @@ int mod_verify_sig(const void *mod, stru + VERIFYING_MODULE_SIGNATURE, + NULL, NULL); + pr_devel("verify_pkcs7_signature() = %d\n", ret); ++ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ VERIFY_USE_PLATFORM_KEYRING, ++ VERIFYING_MODULE_SIGNATURE, ++ NULL, NULL); ++ pr_devel("verify_pkcs7_signature() = %d\n", ret); ++ } + + /* checking hash of module is in blacklist */ + if (!ret) diff --git a/debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch b/debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch new file mode 100644 index 000000000..2ae3ddde4 --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch @@ -0,0 +1,28 @@ +From: Ben Hutchings +Date: Sun, 05 May 2019 13:45:06 +0100 +Subject: MODSIGN: Make shash allocation failure fatal + +mod_is_hash_blacklisted() currently returns 0 (suceess) if +crypto_alloc_shash() fails. This should instead be a fatal error, +so unwrap and pass up the error code. + +Signed-off-by: Ben Hutchings +--- +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -51,11 +51,13 @@ static int mod_is_hash_blacklisted(const + struct shash_desc *desc; + size_t digest_size, desc_size; + u8 *digest; +- int ret = 0; ++ int ret; + + tfm = crypto_alloc_shash("sha256", 0, 0); +- if (IS_ERR(tfm)) ++ if (IS_ERR(tfm)) { ++ ret = PTR_ERR(tfm); + goto error_return; ++ } + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + digest_size = crypto_shash_digestsize(tfm); diff --git a/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch b/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch new file mode 100644 index 000000000..a24ba17ef --- /dev/null +++ b/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch @@ -0,0 +1,149 @@ +From: Ben Hutchings +Date: Mon, 24 Aug 2009 23:19:58 +0100 +Subject: af9005: Use request_firmware() to load register init script +Forwarded: no + +Read the register init script from the Windows driver. This is sick +but should avoid the potential copyright infringement in distributing +a version of the script which is directly derived from the driver. +--- + drivers/media/dvb/dvb-usb/Kconfig | 2 +- + drivers/media/dvb/dvb-usb/af9005-fe.c | 66 ++++++++++++++++++++++++++------ + 2 files changed, 54 insertions(+), 14 deletions(-) + +Index: debian-kernel/drivers/media/usb/dvb-usb/Kconfig +=================================================================== +--- debian-kernel.orig/drivers/media/usb/dvb-usb/Kconfig ++++ debian-kernel/drivers/media/usb/dvb-usb/Kconfig +@@ -260,10 +260,10 @@ config DVB_USB_OPERA1 + + config DVB_USB_AF9005 + tristate "Afatech AF9005 DVB-T USB1.1 support" +- depends on BROKEN + depends on DVB_USB + select MEDIA_TUNER_MT2060 if MEDIA_SUBDRV_AUTOSELECT + select MEDIA_TUNER_QT1010 if MEDIA_SUBDRV_AUTOSELECT ++ select FW_LOADER + help + Say Y here to support the Afatech AF9005 based DVB-T USB1.1 receiver + and the TerraTec Cinergy T USB XE (Rev.1) +Index: debian-kernel/drivers/media/usb/dvb-usb/af9005-fe.c +=================================================================== +--- debian-kernel.orig/drivers/media/usb/dvb-usb/af9005-fe.c ++++ debian-kernel/drivers/media/usb/dvb-usb/af9005-fe.c +@@ -9,10 +9,26 @@ + * see Documentation/driver-api/media/drivers/dvb-usb.rst for more information + */ + #include "af9005.h" +-#include "af9005-script.h" + #include "mt2060.h" + #include "qt1010.h" + #include ++#include ++ ++/* Register initialisation script to be extracted from the Windows driver */ ++ ++typedef struct { ++ __le16 reg; ++ u8 pos; ++ u8 len; ++ u8 val; ++ u8 pad; ++} __packed RegDesc; ++ ++#define WIN_DRV_NAME "AF05BDA.sys" ++#define WIN_DRV_VERSION "6.3.2.1" ++#define WIN_DRV_SIZE 133504 ++#define WIN_DRV_SCRIPT_OFFSET 88316 ++#define WIN_DRV_SCRIPT_SIZE 1110 + + struct af9005_fe_state { + struct dvb_usb_device *d; +@@ -804,6 +820,8 @@ static int af9005_fe_init(struct dvb_fro + { + struct af9005_fe_state *state = fe->demodulator_priv; + struct dvb_usb_adapter *adap = fe->dvb->priv; ++ const struct firmware *fw; ++ const RegDesc *script; + int ret, i, scriptlen; + u8 temp, temp0 = 0, temp1 = 0, temp2 = 0; + u8 buf[2]; +@@ -956,37 +974,55 @@ static int af9005_fe_init(struct dvb_fro + if ((ret = af9005_write_ofdm_register(state->d, 0xaefb, 0x01))) + return ret; + +- /* load init script */ +- deb_info("load init script\n"); +- scriptlen = sizeof(script) / sizeof(RegDesc); ++ /* load and validate init script */ ++ deb_info("load init script from Windows driver\n"); ++ ret = request_firmware(&fw, WIN_DRV_NAME, &state->d->udev->dev); ++ if (ret) ++ return ret; ++ BUILD_BUG_ON(sizeof(RegDesc) != 6); ++ if (fw->size != WIN_DRV_SIZE || ++ memcmp(fw->data + WIN_DRV_SCRIPT_OFFSET, ++ "\x80\xa1\x00\x08\x0a\x00", 6) || ++ memcmp(fw->data + WIN_DRV_SCRIPT_OFFSET + WIN_DRV_SCRIPT_SIZE - 6, ++ "\x49\xa3\x00\x06\x02\x00", 6)) { ++ err("%s is invalid - should be version %s, size %u bytes\n", ++ WIN_DRV_NAME, WIN_DRV_VERSION, WIN_DRV_SIZE); ++ ret = -EINVAL; ++ goto fail_release; ++ } ++ ++ script = (const RegDesc *)(fw->data + WIN_DRV_SCRIPT_OFFSET); ++ scriptlen = WIN_DRV_SCRIPT_SIZE / sizeof(RegDesc); + for (i = 0; i < scriptlen; i++) { ++ u16 reg = le16_to_cpu(script[i].reg); + if ((ret = +- af9005_write_register_bits(state->d, script[i].reg, ++ af9005_write_register_bits(state->d, reg, + script[i].pos, + script[i].len, script[i].val))) +- return ret; ++ goto fail_release; + /* save 3 bytes of original fcw */ +- if (script[i].reg == 0xae18) ++ if (reg == 0xae18) + temp2 = script[i].val; +- if (script[i].reg == 0xae19) ++ if (reg == 0xae19) + temp1 = script[i].val; +- if (script[i].reg == 0xae1a) ++ if (reg == 0xae1a) + temp0 = script[i].val; + + /* save original unplug threshold */ +- if (script[i].reg == xd_p_reg_unplug_th) ++ if (reg == xd_p_reg_unplug_th) + state->original_if_unplug_th = script[i].val; +- if (script[i].reg == xd_p_reg_unplug_rf_gain_th) ++ if (reg == xd_p_reg_unplug_rf_gain_th) + state->original_rf_unplug_th = script[i].val; +- if (script[i].reg == xd_p_reg_unplug_dtop_if_gain_th) ++ if (reg == xd_p_reg_unplug_dtop_if_gain_th) + state->original_dtop_if_unplug_th = script[i].val; +- if (script[i].reg == xd_p_reg_unplug_dtop_rf_gain_th) ++ if (reg == xd_p_reg_unplug_dtop_rf_gain_th) + state->original_dtop_rf_unplug_th = script[i].val; + + } + state->original_fcw = + ((u32) temp2 << 16) + ((u32) temp1 << 8) + (u32) temp0; + ++ release_firmware(fw); + + /* save original TOPs */ + deb_info("save original TOPs\n"); +@@ -1066,6 +1102,10 @@ static int af9005_fe_init(struct dvb_fro + + deb_info("profit!\n"); + return 0; ++ ++fail_release: ++ release_firmware(fw); ++ return ret; + } + + static int af9005_fe_sleep(struct dvb_frontend *fe) diff --git a/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch new file mode 100644 index 000000000..7f9ee1cf9 --- /dev/null +++ b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch @@ -0,0 +1,153 @@ +From: Linn Crosetto +Date: Tue, 30 Aug 2016 11:54:38 -0600 +Subject: arm64: add kernel config option to lock down when in Secure Boot mode +Bug-Debian: https://bugs.debian.org/831827 +Forwarded: no + +Add a kernel configuration option to lock down the kernel, to restrict +userspace's ability to modify the running kernel when UEFI Secure Boot is +enabled. Based on the x86 patch by Matthew Garrett. + +Determine the state of Secure Boot in the EFI stub and pass this to the +kernel using the FDT. + +Signed-off-by: Linn Crosetto +[bwh: Forward-ported to 4.10: adjust context] +[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] +[bwh: Forward-ported to 4.15 and lockdown patch set: + - Pass result of efi_get_secureboot() in stub through to + efi_set_secure_boot() in main kernel + - Use lockdown API and naming] +[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()] +[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection] +[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this] +[bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a + sys_table parameter] +[bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so: + - Add Secure Boot mode to the parameter enumeration in fdtparams.c + - Add a parameter to efi_get_fdt_params() to return the Secure Boot mode + - Since Xen does not have a property name defined for Secure Boot mode, + change efi_get_fdt_prop() to handle a missing property name by clearing + the output variable] +[Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename +arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c] +--- + drivers/firmware/efi/efi-init.c | 5 ++++- + drivers/firmware/efi/fdtparams.c | 12 +++++++++++- + drivers/firmware/efi/libstub/fdt.c | 6 ++++++ + include/linux/efi.h | 3 ++- + 4 files changed, 23 insertions(+), 3 deletions(-) + +--- a/drivers/firmware/efi/efi-init.c ++++ b/drivers/firmware/efi/efi-init.c +@@ -210,9 +210,10 @@ void __init efi_init(void) + { + struct efi_memory_map_data data; + u64 efi_system_table; ++ u32 secure_boot; + + /* Grab UEFI information placed in FDT by stub */ +- efi_system_table = efi_get_fdt_params(&data); ++ efi_system_table = efi_get_fdt_params(&data, &secure_boot); + if (!efi_system_table) + return; + +@@ -234,6 +235,8 @@ void __init efi_init(void) + return; + } + ++ efi_set_secure_boot(secure_boot); ++ + reserve_regions(); + efi_esrt_init(); + efi_mokvar_table_init(); +--- a/drivers/firmware/efi/fdtparams.c ++++ b/drivers/firmware/efi/fdtparams.c +@@ -16,6 +16,7 @@ enum { + MMSIZE, + DCSIZE, + DCVERS, ++ SBMODE, + + PARAMCOUNT + }; +@@ -26,6 +27,7 @@ static __initconst const char name[][22] + [MMSIZE] = "MemMap Size ", + [DCSIZE] = "MemMap Desc. Size ", + [DCVERS] = "MemMap Desc. Version ", ++ [SBMODE] = "Secure Boot Enabled ", + }; + + static __initconst const struct { +@@ -41,6 +43,7 @@ static __initconst const struct { + [MMSIZE] = "xen,uefi-mmap-size", + [DCSIZE] = "xen,uefi-mmap-desc-size", + [DCVERS] = "xen,uefi-mmap-desc-ver", ++ [SBMODE] = "", + } + }, { + #endif +@@ -51,6 +54,7 @@ static __initconst const struct { + [MMSIZE] = "linux,uefi-mmap-size", + [DCSIZE] = "linux,uefi-mmap-desc-size", + [DCVERS] = "linux,uefi-mmap-desc-ver", ++ [SBMODE] = "linux,uefi-secure-boot", + } + } + }; +@@ -62,6 +66,11 @@ static int __init efi_get_fdt_prop(const + int len; + u64 val; + ++ if (!pname[0]) { ++ memset(var, 0, size); ++ return 0; ++ } ++ + prop = fdt_getprop(fdt, node, pname, &len); + if (!prop) + return 1; +@@ -79,7 +88,7 @@ static int __init efi_get_fdt_prop(const + return 0; + } + +-u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm) ++u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm, u32 *secure_boot) + { + const void *fdt = initial_boot_params; + unsigned long systab; +@@ -93,6 +102,7 @@ u64 __init efi_get_fdt_params(struct efi + [MMSIZE] = { &mm->size, sizeof(mm->size) }, + [DCSIZE] = { &mm->desc_size, sizeof(mm->desc_size) }, + [DCVERS] = { &mm->desc_version, sizeof(mm->desc_version) }, ++ [SBMODE] = { secure_boot, sizeof(*secure_boot) }, + }; + + BUILD_BUG_ON(ARRAY_SIZE(target) != ARRAY_SIZE(name)); +--- a/drivers/firmware/efi/libstub/fdt.c ++++ b/drivers/firmware/efi/libstub/fdt.c +@@ -148,6 +148,12 @@ static efi_status_t update_fdt(void *ori + } + } + ++ fdt_val32 = cpu_to_fdt32(efi_get_secureboot()); ++ status = fdt_setprop(fdt, node, "linux,uefi-secure-boot", ++ &fdt_val32, sizeof(fdt_val32)); ++ if (status) ++ goto fdt_set_fail; ++ + /* Shrink the FDT back to its minimum size: */ + fdt_pack(fdt); + +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -665,7 +665,8 @@ extern void efi_mem_reserve(phys_addr_t + extern int efi_mem_reserve_persistent(phys_addr_t addr, u64 size); + extern void efi_initialize_iomem_resources(struct resource *code_resource, + struct resource *data_resource, struct resource *bss_resource); +-extern u64 efi_get_fdt_params(struct efi_memory_map_data *data); ++extern u64 efi_get_fdt_params(struct efi_memory_map_data *data, ++ u32 *secure_boot); + extern struct kobject *efi_kobj; + + extern int efi_reboot_quirk_mode; diff --git a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch new file mode 100644 index 000000000..431281249 --- /dev/null +++ b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch @@ -0,0 +1,152 @@ +From: David Howells +Date: Mon, 18 Feb 2019 12:45:03 +0000 +Subject: [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28 + +UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT +flag that can be passed to efi_enabled() to find out whether secure boot is +enabled. + +Move the switch-statement in x86's setup_arch() that inteprets the +secure_boot boot parameter to generic code and set the bit there. + +Suggested-by: Ard Biesheuvel +Signed-off-by: David Howells +Reviewed-by: Ard Biesheuvel +cc: linux-efi@vger.kernel.org +[rperier: Forward-ported to 5.5: + - Use pr_warn() + - Adjust context] +[bwh: Forward-ported to 5.6: adjust context] +[bwh: Forward-ported to 5.7: + - Use the next available bit in efi.flags + - Adjust context] +--- + arch/x86/kernel/setup.c | 14 +---------- + drivers/firmware/efi/Makefile | 1 + + drivers/firmware/efi/secureboot.c | 39 +++++++++++++++++++++++++++++++ + include/linux/efi.h | 16 ++++++++----- + 4 files changed, 51 insertions(+), 19 deletions(-) + create mode 100644 drivers/firmware/efi/secureboot.c + +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -1124,19 +1124,7 @@ void __init setup_arch(char **cmdline_p) + /* Allocate bigger log buffer */ + setup_log_buf(1); + +- if (efi_enabled(EFI_BOOT)) { +- switch (boot_params.secure_boot) { +- case efi_secureboot_mode_disabled: +- pr_info("Secure boot disabled\n"); +- break; +- case efi_secureboot_mode_enabled: +- pr_info("Secure boot enabled\n"); +- break; +- default: +- pr_info("Secure boot could not be determined\n"); +- break; +- } +- } ++ efi_set_secure_boot(boot_params.secure_boot); + + reserve_initrd(); + +--- a/drivers/firmware/efi/Makefile ++++ b/drivers/firmware/efi/Makefile +@@ -25,6 +25,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_m + obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o + obj-$(CONFIG_EFI_TEST) += test/ + obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o ++obj-$(CONFIG_EFI) += secureboot.o + obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o + obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o + obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE) += embedded-firmware.o +--- /dev/null ++++ b/drivers/firmware/efi/secureboot.c +@@ -0,0 +1,39 @@ ++ ++/* Core kernel secure boot support. ++ * ++ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt ++ ++#include ++#include ++#include ++ ++/* ++ * Decide what to do when UEFI secure boot mode is enabled. ++ */ ++void __init efi_set_secure_boot(enum efi_secureboot_mode mode) ++{ ++ if (efi_enabled(EFI_BOOT)) { ++ switch (mode) { ++ case efi_secureboot_mode_disabled: ++ pr_info("Secure boot disabled\n"); ++ break; ++ case efi_secureboot_mode_enabled: ++ set_bit(EFI_SECURE_BOOT, &efi.flags); ++ pr_info("Secure boot enabled\n"); ++ break; ++ default: ++ pr_warn("Secure boot could not be determined (mode %u)\n", ++ mode); ++ break; ++ } ++ } ++} +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -776,6 +776,14 @@ extern int __init efi_setup_pcdp_console + #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ + #define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */ + #define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */ ++#define EFI_SECURE_BOOT 13 /* Are we in Secure Boot mode? */ ++ ++enum efi_secureboot_mode { ++ efi_secureboot_mode_unset, ++ efi_secureboot_mode_unknown, ++ efi_secureboot_mode_disabled, ++ efi_secureboot_mode_enabled, ++}; + + #ifdef CONFIG_EFI + /* +@@ -799,6 +807,7 @@ static inline bool efi_rt_services_suppo + { + return (efi.runtime_supported_mask & mask) == mask; + } ++extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); + #else + static inline bool efi_enabled(int feature) + { +@@ -822,6 +831,7 @@ static inline bool efi_rt_services_suppo + { + return false; + } ++static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} + #endif + + extern int efi_status_to_err(efi_status_t status); +@@ -1083,12 +1093,6 @@ static inline bool efi_runtime_disabled( + extern void efi_call_virt_check_flags(unsigned long flags, const char *call); + extern unsigned long efi_call_virt_save_flags(void); + +-enum efi_secureboot_mode { +- efi_secureboot_mode_unset, +- efi_secureboot_mode_unknown, +- efi_secureboot_mode_disabled, +- efi_secureboot_mode_enabled, +-}; + enum efi_secureboot_mode efi_get_secureboot(void); + + #ifdef CONFIG_RESET_ATTACK_MITIGATION diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch new file mode 100644 index 000000000..627e37154 --- /dev/null +++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -0,0 +1,127 @@ +From: Ben Hutchings +Date: Tue, 10 Sep 2019 11:54:28 +0100 +Subject: efi: Lock down the kernel if booted in secure boot mode + +Based on an earlier patch by David Howells, who wrote the following +description: + +> UEFI Secure Boot provides a mechanism for ensuring that the firmware will +> only load signed bootloaders and kernels. Certain use cases may also +> require that all kernel modules also be signed. Add a configuration option +> that to lock down the kernel - which includes requiring validly signed +> modules - if the kernel is secure-booted. + +Signed-off-by: Ben Hutchings +--- + arch/x86/kernel/setup.c | 4 ++-- + drivers/firmware/efi/secureboot.c | 3 +++ + include/linux/security.h | 6 ++++++ + security/lockdown/Kconfig | 15 +++++++++++++++ + security/lockdown/lockdown.c | 2 +- + 5 files changed, 27 insertions(+), 3 deletions(-) + +Index: debian-kernel/arch/x86/kernel/setup.c +=================================================================== +--- debian-kernel.orig/arch/x86/kernel/setup.c ++++ debian-kernel/arch/x86/kernel/setup.c +@@ -979,6 +979,8 @@ void __init setup_arch(char **cmdline_p) + if (efi_enabled(EFI_BOOT)) + efi_init(); + ++ efi_set_secure_boot(boot_params.secure_boot); ++ + dmi_setup(); + + /* +@@ -1130,8 +1132,6 @@ void __init setup_arch(char **cmdline_p) + /* Allocate bigger log buffer */ + setup_log_buf(1); + +- efi_set_secure_boot(boot_params.secure_boot); +- + reserve_initrd(); + + acpi_table_upgrade(); +Index: debian-kernel/drivers/firmware/efi/secureboot.c +=================================================================== +--- debian-kernel.orig/drivers/firmware/efi/secureboot.c ++++ debian-kernel/drivers/firmware/efi/secureboot.c +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + /* + * Decide what to do when UEFI secure boot mode is enabled. +@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi + break; + case efi_secureboot_mode_enabled: + set_bit(EFI_SECURE_BOOT, &efi.flags); ++#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT ++ lock_kernel_down("EFI Secure Boot", ++ LOCKDOWN_INTEGRITY_MAX); ++#endif + pr_info("Secure boot enabled\n"); + break; + default: +Index: debian-kernel/include/linux/security.h +=================================================================== +--- debian-kernel.orig/include/linux/security.h ++++ debian-kernel/include/linux/security.h +@@ -451,6 +451,7 @@ int security_inode_notifysecctx(struct i + int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); + int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); + int security_locked_down(enum lockdown_reason what); ++int lock_kernel_down(const char *where, enum lockdown_reason level); + #else /* CONFIG_SECURITY */ + + static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) +@@ -1291,6 +1292,11 @@ static inline int security_locked_down(e + { + return 0; + } ++static inline int ++lock_kernel_down(const char *where, enum lockdown_reason level) ++{ ++ return -EOPNOTSUPP; ++} + #endif /* CONFIG_SECURITY */ + + #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) +Index: debian-kernel/security/lockdown/Kconfig +=================================================================== +--- debian-kernel.orig/security/lockdown/Kconfig ++++ debian-kernel/security/lockdown/Kconfig +@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI + disabled. + + endchoice ++ ++config LOCK_DOWN_IN_EFI_SECURE_BOOT ++ bool "Lock down the kernel in EFI Secure Boot mode" ++ default n ++ depends on SECURITY_LOCKDOWN_LSM ++ depends on EFI ++ select SECURITY_LOCKDOWN_LSM_EARLY ++ help ++ UEFI Secure Boot provides a mechanism for ensuring that the firmware ++ will only load signed bootloaders and kernels. Secure boot mode may ++ be determined from EFI variables provided by the system firmware if ++ not indicated by the boot parameters. ++ ++ Enabling this option results in kernel lockdown being ++ triggered in confidentiality mode if EFI Secure Boot is set. +Index: debian-kernel/security/lockdown/lockdown.c +=================================================================== +--- debian-kernel.orig/security/lockdown/lockdown.c ++++ debian-kernel/security/lockdown/lockdown.c +@@ -23,7 +23,7 @@ static const enum lockdown_reason lockdo + /* + * Put the kernel into lock-down mode. + */ +-static int lock_kernel_down(const char *where, enum lockdown_reason level) ++int lock_kernel_down(const char *where, enum lockdown_reason level) + { + if (kernel_locked_down >= level) + return -EPERM; diff --git a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch new file mode 100644 index 000000000..5004e5dca --- /dev/null +++ b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch @@ -0,0 +1,75 @@ +From: Ben Hutchings +Date: Fri, 30 Aug 2019 15:54:24 +0100 +Subject: mtd: phram,slram: Disable when the kernel is locked down +Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/ + +These drivers allow mapping arbitrary memory ranges as MTD devices. +This should be disabled to preserve the kernel's integrity when it is +locked down. + +* Add the HWPARAM flag to the module parameters +* When slram is built-in, it uses __setup() to read kernel parameters, + so add an explicit check security_locked_down() check + +Signed-off-by: Ben Hutchings +Cc: Matthew Garrett +Cc: David Howells +Cc: Joern Engel +Cc: linux-mtd@lists.infradead.org +--- + drivers/mtd/devices/phram.c | 6 +++++- + drivers/mtd/devices/slram.c | 9 ++++++++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +--- a/drivers/mtd/devices/phram.c ++++ b/drivers/mtd/devices/phram.c +@@ -294,7 +294,11 @@ static int phram_param_call(const char * + #endif + } + +-module_param_call(phram, phram_param_call, NULL, NULL, 0200); ++static const struct kernel_param_ops phram_param_ops = { ++ .set = phram_param_call ++}; ++__module_param_call(MODULE_PARAM_PREFIX, phram, &phram_param_ops, NULL, ++ 0200, -1, KERNEL_PARAM_FL_HWPARAM | hwparam_iomem); + MODULE_PARM_DESC(phram, "Memory region to map. \"phram=,,\""); + + +--- a/drivers/mtd/devices/slram.c ++++ b/drivers/mtd/devices/slram.c +@@ -43,6 +43,7 @@ + #include + #include + #include ++#include + + #include + +@@ -65,7 +66,7 @@ typedef struct slram_mtd_list { + #ifdef MODULE + static char *map[SLRAM_MAX_DEVICES_PARAMS]; + +-module_param_array(map, charp, NULL, 0); ++module_param_hw_array(map, charp, iomem, NULL, 0); + MODULE_PARM_DESC(map, "List of memory regions to map. \"map=, , \""); + #else + static char *map; +@@ -281,11 +282,17 @@ static int __init init_slram(void) + #ifndef MODULE + char *devstart; + char *devlength; ++ int ret; + + if (!map) { + E("slram: not enough parameters.\n"); + return(-EINVAL); + } ++ ++ ret = security_locked_down(LOCKDOWN_MODULE_PARAMETERS); ++ if (ret) ++ return ret; ++ + while (map) { + devname = devstart = devlength = NULL; + diff --git a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch new file mode 100644 index 000000000..33db1f765 --- /dev/null +++ b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch @@ -0,0 +1,80 @@ +From: Ben Hutchings +Date: Mon, 11 Jan 2016 15:23:55 +0000 +Subject: security,perf: Allow further restriction of perf_event_open +Forwarded: https://lkml.org/lkml/2016/1/11/587 + +When kernel.perf_event_open is set to 3 (or greater), disallow all +access to performance events by users without CAP_SYS_ADMIN. +Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that +makes this value the default. + +This is based on a similar feature in grsecurity +(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making +the variable read-only. It also allows enabling further restriction +at run-time regardless of whether the default is changed. + +Signed-off-by: Ben Hutchings +--- + include/linux/perf_event.h | 5 +++++ + kernel/events/core.c | 8 ++++++++ + security/Kconfig | 9 +++++++++ + 3 files changed, 22 insertions(+) + +--- a/include/linux/perf_event.h ++++ b/include/linux/perf_event.h +@@ -1305,6 +1305,11 @@ int perf_cpu_time_max_percent_handler(st + int perf_event_max_stack_handler(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos); + ++static inline bool perf_paranoid_any(void) ++{ ++ return sysctl_perf_event_paranoid > 2; ++} ++ + /* Access to perf_event_open(2) syscall. */ + #define PERF_SECURITY_OPEN 0 + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -408,8 +408,13 @@ static cpumask_var_t perf_online_mask; + * 0 - disallow raw tracepoint access for unpriv + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv ++ * 3 - disallow all unpriv perf event use + */ ++#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT ++int sysctl_perf_event_paranoid __read_mostly = 3; ++#else + int sysctl_perf_event_paranoid __read_mostly = 2; ++#endif + + /* Minimum for 512 kiB + 1 user control page */ + int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ +@@ -11785,6 +11790,9 @@ SYSCALL_DEFINE5(perf_event_open, + if (err) + return err; + ++ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) ++ return -EACCES; ++ + /* Do we allow access to perf_event_open(2) ? */ + err = security_perf_event_open(&attr, PERF_SECURITY_OPEN); + if (err) +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -19,6 +19,15 @@ config SECURITY_DMESG_RESTRICT + + If you are unsure how to answer this question, answer N. + ++config SECURITY_PERF_EVENTS_RESTRICT ++ bool "Restrict unprivileged use of performance events" ++ depends on PERF_EVENTS ++ help ++ If you say Y here, the kernel.perf_event_paranoid sysctl ++ will be set to 3 by default, and no unprivileged use of the ++ perf_event_open syscall will be permitted unless it is ++ changed. ++ + config SECURITY + bool "Enable different security models" + depends on SYSFS diff --git a/debian/patches/features/arm64/arm64-compat-Implement-misalignment-fixups-for-multi.patch b/debian/patches/features/arm64/arm64-compat-Implement-misalignment-fixups-for-multi.patch new file mode 100644 index 000000000..303e69f83 --- /dev/null +++ b/debian/patches/features/arm64/arm64-compat-Implement-misalignment-fixups-for-multi.patch @@ -0,0 +1,480 @@ +From: Ard Biesheuvel +Date: Fri, 1 Jul 2022 15:53:22 +0200 +Subject: arm64: compat: Implement misalignment fixups for multiword loads +Origin: https://git.kernel.org/linus/3fc24ef32d3b9368f4c103dcd21d6a3f959b4870 + +The 32-bit ARM kernel implements fixups on behalf of user space when +using LDM/STM or LDRD/STRD instructions on addresses that are not 32-bit +aligned. This is not something that is supported by the architecture, +but was done anyway to increase compatibility with user space software, +which mostly targeted x86 at the time and did not care about aligned +accesses. + +This feature is one of the remaining impediments to being able to switch +to 64-bit kernels on 64-bit capable hardware running 32-bit user space, +so let's implement it for the arm64 compat layer as well. + +Note that the intent is to implement the exact same handling of +misaligned multi-word loads and stores as the 32-bit kernel does, +including what appears to be missing support for user space programs +that rely on SETEND to switch to a different byte order and back. Also, +like the 32-bit ARM version, we rely on the faulting address reported by +the CPU to infer the memory address, instead of decoding the instruction +fully to obtain this information. + +This implementation is taken from the 32-bit ARM tree, with all pieces +removed that deal with instructions other than LDRD/STRD and LDM/STM, or +that deal with alignment exceptions taken in kernel mode. + +Cc: debian-arm@lists.debian.org +Cc: Vagrant Cascadian +Cc: Riku Voipio +Cc: Steve McIntyre +Signed-off-by: Ard Biesheuvel +Reviewed-by: Arnd Bergmann +Link: https://lore.kernel.org/r/20220701135322.3025321-1-ardb@kernel.org +[catalin.marinas@arm.com: change the option to 'default n'] +Signed-off-by: Catalin Marinas +--- + arch/arm64/Kconfig | 3 + + arch/arm64/include/asm/exception.h | 1 + + arch/arm64/kernel/Makefile | 1 + + arch/arm64/kernel/compat_alignment.c | 387 +++++++++++++++++++++++++++ + arch/arm64/mm/fault.c | 3 + + 5 files changed, 395 insertions(+) + create mode 100644 arch/arm64/kernel/compat_alignment.c + +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -1328,6 +1328,9 @@ config THUMB2_COMPAT_VDSO + Compile the compat vDSO with '-mthumb -fomit-frame-pointer' if y, + otherwise with '-marm'. + ++config COMPAT_ALIGNMENT_FIXUPS ++ bool "Fix up misaligned multi-word loads and stores in user space" ++ + menuconfig ARMV8_DEPRECATED + bool "Emulate deprecated/obsolete ARMv8 instructions" + depends on SYSCTL +--- a/arch/arm64/include/asm/exception.h ++++ b/arch/arm64/include/asm/exception.h +@@ -47,6 +47,7 @@ void do_el0_sys(unsigned long esr, struc + void do_sp_pc_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs); + void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr); + void do_el0_cp15(unsigned long esr, struct pt_regs *regs); ++int do_compat_alignment_fixup(unsigned long addr, struct pt_regs *regs); + void do_el0_svc(struct pt_regs *regs); + void do_el0_svc_compat(struct pt_regs *regs); + void do_el0_fpac(struct pt_regs *regs, unsigned long esr); +--- a/arch/arm64/kernel/Makefile ++++ b/arch/arm64/kernel/Makefile +@@ -28,6 +28,7 @@ $(obj)/%.stub.o: $(obj)/%.o FORCE + obj-$(CONFIG_COMPAT) += sys32.o signal32.o \ + sys_compat.o + obj-$(CONFIG_COMPAT) += sigreturn32.o ++obj-$(CONFIG_COMPAT_ALIGNMENT_FIXUPS) += compat_alignment.o + obj-$(CONFIG_KUSER_HELPERS) += kuser32.o + obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o entry-ftrace.o + obj-$(CONFIG_MODULES) += module.o +--- /dev/null ++++ b/arch/arm64/kernel/compat_alignment.c +@@ -0,0 +1,387 @@ ++// SPDX-License-Identifier: GPL-2.0-only ++// based on arch/arm/mm/alignment.c ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* ++ * 32-bit misaligned trap handler (c) 1998 San Mehat (CCC) -July 1998 ++ * ++ * Speed optimisations and better fault handling by Russell King. ++ */ ++#define CODING_BITS(i) (i & 0x0e000000) ++ ++#define LDST_P_BIT(i) (i & (1 << 24)) /* Preindex */ ++#define LDST_U_BIT(i) (i & (1 << 23)) /* Add offset */ ++#define LDST_W_BIT(i) (i & (1 << 21)) /* Writeback */ ++#define LDST_L_BIT(i) (i & (1 << 20)) /* Load */ ++ ++#define LDST_P_EQ_U(i) ((((i) ^ ((i) >> 1)) & (1 << 23)) == 0) ++ ++#define LDSTHD_I_BIT(i) (i & (1 << 22)) /* double/half-word immed */ ++ ++#define RN_BITS(i) ((i >> 16) & 15) /* Rn */ ++#define RD_BITS(i) ((i >> 12) & 15) /* Rd */ ++#define RM_BITS(i) (i & 15) /* Rm */ ++ ++#define REGMASK_BITS(i) (i & 0xffff) ++ ++#define BAD_INSTR 0xdeadc0de ++ ++/* Thumb-2 32 bit format per ARMv7 DDI0406A A6.3, either f800h,e800h,f800h */ ++#define IS_T32(hi16) \ ++ (((hi16) & 0xe000) == 0xe000 && ((hi16) & 0x1800)) ++ ++union offset_union { ++ unsigned long un; ++ signed long sn; ++}; ++ ++#define TYPE_ERROR 0 ++#define TYPE_FAULT 1 ++#define TYPE_LDST 2 ++#define TYPE_DONE 3 ++ ++static void ++do_alignment_finish_ldst(unsigned long addr, u32 instr, struct pt_regs *regs, ++ union offset_union offset) ++{ ++ if (!LDST_U_BIT(instr)) ++ offset.un = -offset.un; ++ ++ if (!LDST_P_BIT(instr)) ++ addr += offset.un; ++ ++ if (!LDST_P_BIT(instr) || LDST_W_BIT(instr)) ++ regs->regs[RN_BITS(instr)] = addr; ++} ++ ++static int ++do_alignment_ldrdstrd(unsigned long addr, u32 instr, struct pt_regs *regs) ++{ ++ unsigned int rd = RD_BITS(instr); ++ unsigned int rd2; ++ int load; ++ ++ if ((instr & 0xfe000000) == 0xe8000000) { ++ /* ARMv7 Thumb-2 32-bit LDRD/STRD */ ++ rd2 = (instr >> 8) & 0xf; ++ load = !!(LDST_L_BIT(instr)); ++ } else if (((rd & 1) == 1) || (rd == 14)) { ++ return TYPE_ERROR; ++ } else { ++ load = ((instr & 0xf0) == 0xd0); ++ rd2 = rd + 1; ++ } ++ ++ if (load) { ++ unsigned int val, val2; ++ ++ if (get_user(val, (u32 __user *)addr) || ++ get_user(val2, (u32 __user *)(addr + 4))) ++ return TYPE_FAULT; ++ regs->regs[rd] = val; ++ regs->regs[rd2] = val2; ++ } else { ++ if (put_user(regs->regs[rd], (u32 __user *)addr) || ++ put_user(regs->regs[rd2], (u32 __user *)(addr + 4))) ++ return TYPE_FAULT; ++ } ++ return TYPE_LDST; ++} ++ ++/* ++ * LDM/STM alignment handler. ++ * ++ * There are 4 variants of this instruction: ++ * ++ * B = rn pointer before instruction, A = rn pointer after instruction ++ * ------ increasing address -----> ++ * | | r0 | r1 | ... | rx | | ++ * PU = 01 B A ++ * PU = 11 B A ++ * PU = 00 A B ++ * PU = 10 A B ++ */ ++static int ++do_alignment_ldmstm(unsigned long addr, u32 instr, struct pt_regs *regs) ++{ ++ unsigned int rd, rn, nr_regs, regbits; ++ unsigned long eaddr, newaddr; ++ unsigned int val; ++ ++ /* count the number of registers in the mask to be transferred */ ++ nr_regs = hweight16(REGMASK_BITS(instr)) * 4; ++ ++ rn = RN_BITS(instr); ++ newaddr = eaddr = regs->regs[rn]; ++ ++ if (!LDST_U_BIT(instr)) ++ nr_regs = -nr_regs; ++ newaddr += nr_regs; ++ if (!LDST_U_BIT(instr)) ++ eaddr = newaddr; ++ ++ if (LDST_P_EQ_U(instr)) /* U = P */ ++ eaddr += 4; ++ ++ for (regbits = REGMASK_BITS(instr), rd = 0; regbits; ++ regbits >>= 1, rd += 1) ++ if (regbits & 1) { ++ if (LDST_L_BIT(instr)) { ++ if (get_user(val, (u32 __user *)eaddr)) ++ return TYPE_FAULT; ++ if (rd < 15) ++ regs->regs[rd] = val; ++ else ++ regs->pc = val; ++ } else { ++ /* ++ * The PC register has a bias of +8 in ARM mode ++ * and +4 in Thumb mode. This means that a read ++ * of the value of PC should account for this. ++ * Since Thumb does not permit STM instructions ++ * to refer to PC, just add 8 here. ++ */ ++ val = (rd < 15) ? regs->regs[rd] : regs->pc + 8; ++ if (put_user(val, (u32 __user *)eaddr)) ++ return TYPE_FAULT; ++ } ++ eaddr += 4; ++ } ++ ++ if (LDST_W_BIT(instr)) ++ regs->regs[rn] = newaddr; ++ ++ return TYPE_DONE; ++} ++ ++/* ++ * Convert Thumb multi-word load/store instruction forms to equivalent ARM ++ * instructions so we can reuse ARM userland alignment fault fixups for Thumb. ++ * ++ * This implementation was initially based on the algorithm found in ++ * gdb/sim/arm/thumbemu.c. It is basically just a code reduction of same ++ * to convert only Thumb ld/st instruction forms to equivalent ARM forms. ++ * ++ * NOTES: ++ * 1. Comments below refer to ARM ARM DDI0100E Thumb Instruction sections. ++ * 2. If for some reason we're passed an non-ld/st Thumb instruction to ++ * decode, we return 0xdeadc0de. This should never happen under normal ++ * circumstances but if it does, we've got other problems to deal with ++ * elsewhere and we obviously can't fix those problems here. ++ */ ++ ++static unsigned long thumb2arm(u16 tinstr) ++{ ++ u32 L = (tinstr & (1<<11)) >> 11; ++ ++ switch ((tinstr & 0xf800) >> 11) { ++ /* 6.6.1 Format 1: */ ++ case 0xc000 >> 11: /* 7.1.51 STMIA */ ++ case 0xc800 >> 11: /* 7.1.25 LDMIA */ ++ { ++ u32 Rn = (tinstr & (7<<8)) >> 8; ++ u32 W = ((L<> 11: /* 7.1.48 PUSH */ ++ case 0xb800 >> 11: /* 7.1.47 POP */ ++ if ((tinstr & (3 << 9)) == 0x0400) { ++ static const u32 subset[4] = { ++ 0xe92d0000, /* STMDB sp!,{registers} */ ++ 0xe92d4000, /* STMDB sp!,{registers,lr} */ ++ 0xe8bd0000, /* LDMIA sp!,{registers} */ ++ 0xe8bd8000 /* LDMIA sp!,{registers,pc} */ ++ }; ++ return subset[(L<<1) | ((tinstr & (1<<8)) >> 8)] | ++ (tinstr & 255); /* register_list */ ++ } ++ fallthrough; /* for illegal instruction case */ ++ ++ default: ++ return BAD_INSTR; ++ } ++} ++ ++/* ++ * Convert Thumb-2 32 bit LDM, STM, LDRD, STRD to equivalent instruction ++ * handlable by ARM alignment handler, also find the corresponding handler, ++ * so that we can reuse ARM userland alignment fault fixups for Thumb. ++ * ++ * @pinstr: original Thumb-2 instruction; returns new handlable instruction ++ * @regs: register context. ++ * @poffset: return offset from faulted addr for later writeback ++ * ++ * NOTES: ++ * 1. Comments below refer to ARMv7 DDI0406A Thumb Instruction sections. ++ * 2. Register name Rt from ARMv7 is same as Rd from ARMv6 (Rd is Rt) ++ */ ++static void * ++do_alignment_t32_to_handler(u32 *pinstr, struct pt_regs *regs, ++ union offset_union *poffset) ++{ ++ u32 instr = *pinstr; ++ u16 tinst1 = (instr >> 16) & 0xffff; ++ u16 tinst2 = instr & 0xffff; ++ ++ switch (tinst1 & 0xffe0) { ++ /* A6.3.5 Load/Store multiple */ ++ case 0xe880: /* STM/STMIA/STMEA,LDM/LDMIA, PUSH/POP T2 */ ++ case 0xe8a0: /* ...above writeback version */ ++ case 0xe900: /* STMDB/STMFD, LDMDB/LDMEA */ ++ case 0xe920: /* ...above writeback version */ ++ /* no need offset decision since handler calculates it */ ++ return do_alignment_ldmstm; ++ ++ case 0xf840: /* POP/PUSH T3 (single register) */ ++ if (RN_BITS(instr) == 13 && (tinst2 & 0x09ff) == 0x0904) { ++ u32 L = !!(LDST_L_BIT(instr)); ++ const u32 subset[2] = { ++ 0xe92d0000, /* STMDB sp!,{registers} */ ++ 0xe8bd0000, /* LDMIA sp!,{registers} */ ++ }; ++ *pinstr = subset[L] | (1<un = (tinst2 & 0xff) << 2; ++ fallthrough; ++ ++ case 0xe940: ++ case 0xe9c0: ++ return do_alignment_ldrdstrd; ++ ++ /* ++ * No need to handle load/store instructions up to word size ++ * since ARMv6 and later CPUs can perform unaligned accesses. ++ */ ++ default: ++ break; ++ } ++ return NULL; ++} ++ ++static int alignment_get_arm(struct pt_regs *regs, __le32 __user *ip, u32 *inst) ++{ ++ __le32 instr = 0; ++ int fault; ++ ++ fault = get_user(instr, ip); ++ if (fault) ++ return fault; ++ ++ *inst = __le32_to_cpu(instr); ++ return 0; ++} ++ ++static int alignment_get_thumb(struct pt_regs *regs, __le16 __user *ip, u16 *inst) ++{ ++ __le16 instr = 0; ++ int fault; ++ ++ fault = get_user(instr, ip); ++ if (fault) ++ return fault; ++ ++ *inst = __le16_to_cpu(instr); ++ return 0; ++} ++ ++int do_compat_alignment_fixup(unsigned long addr, struct pt_regs *regs) ++{ ++ union offset_union offset; ++ unsigned long instrptr; ++ int (*handler)(unsigned long addr, u32 instr, struct pt_regs *regs); ++ unsigned int type; ++ u32 instr = 0; ++ u16 tinstr = 0; ++ int isize = 4; ++ int thumb2_32b = 0; ++ int fault; ++ ++ instrptr = instruction_pointer(regs); ++ ++ if (compat_thumb_mode(regs)) { ++ __le16 __user *ptr = (__le16 __user *)(instrptr & ~1); ++ ++ fault = alignment_get_thumb(regs, ptr, &tinstr); ++ if (!fault) { ++ if (IS_T32(tinstr)) { ++ /* Thumb-2 32-bit */ ++ u16 tinst2; ++ fault = alignment_get_thumb(regs, ptr + 1, &tinst2); ++ instr = ((u32)tinstr << 16) | tinst2; ++ thumb2_32b = 1; ++ } else { ++ isize = 2; ++ instr = thumb2arm(tinstr); ++ } ++ } ++ } else { ++ fault = alignment_get_arm(regs, (__le32 __user *)instrptr, &instr); ++ } ++ ++ if (fault) ++ return 1; ++ ++ switch (CODING_BITS(instr)) { ++ case 0x00000000: /* 3.13.4 load/store instruction extensions */ ++ if (LDSTHD_I_BIT(instr)) ++ offset.un = (instr & 0xf00) >> 4 | (instr & 15); ++ else ++ offset.un = regs->regs[RM_BITS(instr)]; ++ ++ if ((instr & 0x001000f0) == 0x000000d0 || /* LDRD */ ++ (instr & 0x001000f0) == 0x000000f0) /* STRD */ ++ handler = do_alignment_ldrdstrd; ++ else ++ return 1; ++ break; ++ ++ case 0x08000000: /* ldm or stm, or thumb-2 32bit instruction */ ++ if (thumb2_32b) { ++ offset.un = 0; ++ handler = do_alignment_t32_to_handler(&instr, regs, &offset); ++ } else { ++ offset.un = 0; ++ handler = do_alignment_ldmstm; ++ } ++ break; ++ ++ default: ++ return 1; ++ } ++ ++ type = handler(addr, instr, regs); ++ ++ if (type == TYPE_ERROR || type == TYPE_FAULT) ++ return 1; ++ ++ if (type == TYPE_LDST) ++ do_alignment_finish_ldst(addr, instr, regs, offset); ++ ++ perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, regs, regs->pc); ++ arm64_skip_faulting_instruction(regs, isize); ++ ++ return 0; ++} +--- a/arch/arm64/mm/fault.c ++++ b/arch/arm64/mm/fault.c +@@ -610,6 +610,9 @@ static int __kprobes do_translation_faul + static int do_alignment_fault(unsigned long addr, unsigned int esr, + struct pt_regs *regs) + { ++ if (IS_ENABLED(CONFIG_COMPAT_ALIGNMENT_FIXUPS) && ++ compat_user_mode(regs)) ++ return do_compat_alignment_fixup(addr, regs); + do_bad_area(addr, esr, regs); + return 0; + } diff --git a/debian/patches/features/arm64/arm64-dts-raspberry-Add-support-for-the-CM4.patch b/debian/patches/features/arm64/arm64-dts-raspberry-Add-support-for-the-CM4.patch new file mode 100644 index 000000000..8619cfcdd --- /dev/null +++ b/debian/patches/features/arm64/arm64-dts-raspberry-Add-support-for-the-CM4.patch @@ -0,0 +1,423 @@ +From: Cyril Brulebois +Date: Mon, 03 Jan 2022 21:59:36 +0100 +Subject: arm64: dts: Add support for Raspberry Pi Compute Module 4 IO Board + +It was introduced in mainline during the v5.16 release cycle. Since +many broadcom includes were reworked since v5.10, adding support would +involve more than cherry-picking a DTS addition that uses a few +includes. + +To avoid side effects on other models, introduce a DTS that leverages +some existing includes (bcm2711.dtsi and bcm283x-rpi-usb-host.dtsi) +and describes the rest without re-using parts of the Raspberry Pi 4 B +model. + +To avoid phandle rotation (0x16, 0x17, and 0x18) across 3 nodes +(dma@7e007000, i2c@7e205000, and interrupt-controller@7ef00100), and the +related changes in other nodes referencing them, hardcode 0x16 as the +phandle for interrupt-controller@7ef00100. This leads to an empty dtdiff +between this new DTB and the one produced by a v5.16-rc8 build. + +Authored-by: Uwe Kleine-König +Reviewed-by: Cyril Brulebois + +--- a/arch/arm64/boot/dts/broadcom/Makefile ++++ b/arch/arm64/boot/dts/broadcom/Makefile +@@ -1,5 +1,6 @@ + # SPDX-License-Identifier: GPL-2.0 + dtb-$(CONFIG_ARCH_BCM2835) += bcm2711-rpi-4-b.dtb \ ++ bcm2711-rpi-cm4-io.dtb \ + bcm2837-rpi-3-a-plus.dtb \ + bcm2837-rpi-3-b.dtb \ + bcm2837-rpi-3-b-plus.dtb \ +--- /dev/null ++++ b/arch/arm64/boot/dts/broadcom/bcm2711-rpi-cm4-io.dts +@@ -0,0 +1,2 @@ ++// SPDX-License-Identifier: GPL-2.0 ++#include "arm/bcm2711-rpi-cm4-io.dts" +--- a/arch/arm/boot/dts/Makefile ++++ b/arch/arm/boot/dts/Makefile +@@ -93,6 +93,7 @@ dtb-$(CONFIG_ARCH_BCM2835) += \ + bcm2837-rpi-3-b-plus.dtb \ + bcm2837-rpi-cm3-io3.dtb \ + bcm2711-rpi-4-b.dtb \ ++ bcm2711-rpi-cm4-io.dtb \ + bcm2835-rpi-zero.dtb \ + bcm2835-rpi-zero-w.dtb + dtb-$(CONFIG_ARCH_BCM_5301X) += \ +--- /dev/null ++++ b/arch/arm/boot/dts/bcm2711-rpi-cm4-io.dts +@@ -0,0 +1,373 @@ ++/dts-v1/; ++ ++#include "bcm2711.dtsi" ++#include "bcm283x-rpi-usb-host.dtsi" ++ ++/ { ++ model = "Raspberry Pi Compute Module 4 IO Board"; ++ compatible = "raspberrypi,4-compute-module\0brcm,bcm2711"; ++ ++ aliases { ++ emmc2bus = "/emmc2bus"; ++ ethernet0 = "/scb/ethernet@7d580000"; ++ pcie0 = "/scb/pcie@7d500000"; ++ blconfig = &blconfig; ++ }; ++ ++ chosen { ++ stdout-path = "serial1:115200n8"; ++ }; ++ ++ leds { ++ compatible = "gpio-leds"; ++ ++ led-act { ++ label = "ACT"; ++ default-state = "keep"; ++ linux,default-trigger = "heartbeat"; ++ gpios = <&gpio 42 GPIO_ACTIVE_HIGH>; ++ }; ++ ++ led-pwr { ++ label = "PWR"; ++ gpios = <&expgpio 2 GPIO_ACTIVE_LOW>; ++ default-state = "keep"; ++ linux,default-trigger = "default-on"; ++ }; ++ }; ++ ++ soc { ++ aon_intr: interrupt-controller@7ef00100 { ++ compatible = "brcm,bcm2711-l2-intc", "brcm,l2-intc"; ++ reg = <0x7ef00100 0x30>; ++ phandle = <0x16>; ++ interrupts = ; ++ interrupt-controller; ++ #interrupt-cells = <1>; ++ }; ++ ++ firmware: firmware { ++ compatible = "raspberrypi,bcm2835-firmware\0simple-mfd"; ++ #address-cells = <0x01>; ++ #size-cells = <0x01>; ++ mboxes = <&mailbox>; ++ dma-ranges; ++ ++ firmware_clocks: clocks { ++ compatible = "raspberrypi,firmware-clocks"; ++ #clock-cells = <0x01>; ++ }; ++ ++ expgpio: gpio { ++ compatible = "raspberrypi,firmware-gpio"; ++ gpio-controller; ++ #gpio-cells = <2>; ++ status = "okay"; ++ gpio-line-names = "BT_ON", "WL_ON", "PWR_LED_OFF", "ANT1", "VDD_SD_IO_SEL", "CAM_GPIO", "SD_PWR_ON", "ANT2"; ++ ant1-hog { ++ gpio-hog; ++ gpios = <0x03 0x00>; ++ output-high; ++ line-name = "ant1"; ++ }; ++ ++ ant2-hog { ++ gpio-hog; ++ gpios = <0x07 0x00>; ++ output-low; ++ line-name = "ant2"; ++ }; ++ }; ++ ++ reset { ++ compatible = "raspberrypi,firmware-reset"; ++ #reset-cells = <1>; ++ }; ++ }; ++ ++ power: power { ++ compatible = "raspberrypi,bcm2835-power"; ++ firmware = <&firmware>; ++ #power-domain-cells = <1>; ++ }; ++ ++ mailbox@7e00b840 { ++ compatible = "brcm,bcm2835-vchiq"; ++ reg = <0x7e00b840 0x3c>; ++ interrupts = ; ++ }; ++ ++ vec@7ec13000 { ++ compatible = "brcm,bcm2711-vec"; ++ reg = <0x7ec13000 0x1000>; ++ clocks = <&clocks BCM2835_CLOCK_VEC>; ++ interrupts = ; ++ status = "disabled"; ++ power-domains = <&power /* RPI_POWER_DOMAIN_VEC = */ 7>; ++ }; ++ }; ++ ++ memory@0 { ++ device_type = "memory"; ++ reg = <0x00 0x00 0x00>; ++ }; ++ ++ wifi_pwrseq: wifi-pwrseq { ++ compatible = "mmc-pwrseq-simple"; ++ reset-gpios = <&expgpio 0x01 0x01>; ++ }; ++ ++ sd_io_1v8_reg: sd_io_1v8_reg { ++ compatible = "regulator-gpio"; ++ regulator-name = "vdd-sd-io"; ++ regulator-min-microvolt = <1800000>; ++ regulator-max-microvolt = <3300000>; ++ regulator-boot-on; ++ regulator-always-on; ++ regulator-settling-time-us = <5000>; ++ gpios = <&expgpio 0x04 GPIO_ACTIVE_HIGH>; ++ states = <1800000 0x1>, ++ <3300000 0x0>; ++ status = "okay"; ++ }; ++ ++ sd_vcc_reg: sd_vcc_reg { ++ compatible = "regulator-fixed"; ++ regulator-name = "vcc-sd"; ++ regulator-min-microvolt = <3300000>; ++ regulator-max-microvolt = <3300000>; ++ regulator-boot-on; ++ enable-active-high; ++ gpio = <&expgpio 6 GPIO_ACTIVE_HIGH>; ++ }; ++}; ++ ++&ddc0 { ++ status = "okay"; ++}; ++ ++&ddc1 { ++ status = "okay"; ++}; ++ ++&dsi0 { ++ power-domains = <&power 17>; ++}; ++ ++&dsi1 { ++ compatible = "brcm,bcm2711-dsi1"; ++ power-domains = <&power 18>; ++}; ++ ++&emmc2 { ++ status = "okay"; ++ bus-width = <8>; ++ vqmmc-supply = <&sd_io_1v8_reg>; ++ vmmc-supply = <&sd_vcc_reg>; ++ broken-cd; ++ mmc-hs200-1_8v; ++}; ++ ++&gpio { ++ pinctrl-names = "default"; ++ /* ++ * Parts taken from rpi_SCH_4b_4p0_reduced.pdf and ++ * the official GPU firmware DT blob. ++ * ++ * Legend: ++ * "FOO" = GPIO line named "FOO" on the schematic ++ * "FOO_N" = GPIO line named "FOO" on schematic, active low ++ */ ++ gpio-line-names = "ID_SDA", ++ "ID_SCL", ++ "SDA1", ++ "SCL1", ++ "GPIO_GCLK", ++ "GPIO5", ++ "GPIO6", ++ "SPI_CE1_N", ++ "SPI_CE0_N", ++ "SPI_MISO", ++ "SPI_MOSI", ++ "SPI_SCLK", ++ "GPIO12", ++ "GPIO13", ++ /* Serial port */ ++ "TXD1", ++ "RXD1", ++ "GPIO16", ++ "GPIO17", ++ "GPIO18", ++ "GPIO19", ++ "GPIO20", ++ "GPIO21", ++ "GPIO22", ++ "GPIO23", ++ "GPIO24", ++ "GPIO25", ++ "GPIO26", ++ "GPIO27", ++ "RGMII_MDIO", ++ "RGMIO_MDC", ++ /* Used by BT module */ ++ "CTS0", ++ "RTS0", ++ "TXD0", ++ "RXD0", ++ /* Used by Wifi */ ++ "SD1_CLK", ++ "SD1_CMD", ++ "SD1_DATA0", ++ "SD1_DATA1", ++ "SD1_DATA2", ++ "SD1_DATA3", ++ /* Shared with SPI flash */ ++ "PWM0_MISO", ++ "PWM1_MOSI", ++ "STATUS_LED_G_CLK", ++ "SPIFLASH_CE_N", ++ "SDA0", ++ "SCL0", ++ "RGMII_RXCLK", ++ "RGMII_RXCTL", ++ "RGMII_RXD0", ++ "RGMII_RXD1", ++ "RGMII_RXD2", ++ "RGMII_RXD3", ++ "RGMII_TXCLK", ++ "RGMII_TXCTL", ++ "RGMII_TXD0", ++ "RGMII_TXD1", ++ "RGMII_TXD2", ++ "RGMII_TXD3"; ++ ++ gpioout { ++ brcm,pins = <0x06>; ++ brcm,function = <0x01>; ++ }; ++ ++ alt0 { ++ brcm,pins = <0x04 0x05 0x07 0x08 0x09 0x0a 0x0b>; ++ brcm,function = <0x04>; ++ }; ++}; ++ ++&hdmi0 { ++ status = "okay"; ++ interrupt-parent = <&aon_intr>; ++ interrupts = <0>, <1>, <2>, <3>, <4>, <5>; ++ interrupt-names = "cec-tx", "cec-rx", "cec-low", "wakeup", "hpd-connected", "hpd-removed"; ++ clocks = <&firmware_clocks 13>, <&firmware_clocks 14>, <&dvp 0>, <&clk_27MHz>; ++ wifi-2.4ghz-coexistence; ++}; ++ ++&hdmi1 { ++ status = "okay"; ++ interrupt-parent = <&aon_intr>; ++ interrupts = <8>, <7>, <6>, <9>, <10>, <11>; ++ interrupt-names = "cec-tx", "cec-rx", "cec-low", "wakeup", "hpd-connected", "hpd-removed"; ++ clocks = <&firmware_clocks 13>, <&firmware_clocks 14>, <&dvp 1>, <&clk_27MHz>; ++ wifi-2.4ghz-coexistence; ++}; ++ ++&hvs { ++ clocks = <&firmware_clocks 4>; ++}; ++ ++&i2c0 { ++ status = "okay"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&i2c0_gpio0>; ++ clock-frequency = <100000>; ++}; ++ ++&i2c1 { ++ status = "okay"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&i2c1_gpio2>; ++ clock-frequency = <100000>; ++}; ++ ++&genet { ++ status = "okay"; ++ phy-handle = <ðphy0>; ++ phy-mode = "rgmii-rxid"; ++}; ++ ++&genet_mdio { ++ ethphy0: ethernet-phy@0 { ++ reg = <0>; ++ }; ++}; ++ ++&pixelvalve0 { ++ status = "okay"; ++}; ++ ++&pixelvalve1 { ++ status = "okay"; ++}; ++ ++&pixelvalve2 { ++ status = "okay"; ++}; ++ ++&pixelvalve4 { ++ status = "okay"; ++}; ++ ++&rmem { ++ blconfig: nvram@0 { ++ compatible = "raspberrypi,bootloader-config", "nvmem-rmem"; ++ #address-cells = <0x01>; ++ #size-cells = <0x01>; ++ reg = <0x00 0x00 0x00>; ++ no-map; ++ status = "disabled"; ++ }; ++}; ++ ++&sdhci { ++ status = "okay"; ++ #address-cells = <1>; ++ #size-cells = <0>; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&emmc_gpio34>; ++ bus-width = <4>; ++ non-removable; ++ mmc-pwrseq = <&wifi_pwrseq>; ++ ++ wifi@1 { ++ reg = <0x01>; ++ compatible = "brcm,bcm4329-fmac"; ++ }; ++}; ++ ++&uart0 { ++ status = "okay"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&uart0_ctsrts_gpio30 &uart0_gpio32>; ++ uart-has-rtscts; ++ ++ bluetooth { ++ compatible = "brcm,bcm43438-bt"; ++ max-speed = <0x1e8480>; ++ shutdown-gpios = <&expgpio 0x00 0x00>; ++ }; ++}; ++ ++&uart1 { ++ status = "okay"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&uart1_gpio14>; ++}; ++ ++&usb { ++ power-domains = <&power 6>; ++}; ++ ++&vc4 { ++ status = "okay"; ++}; ++ ++/delete-node/ &vec; diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch b/debian/patches/features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch new file mode 100644 index 000000000..deeed7034 --- /dev/null +++ b/debian/patches/features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch @@ -0,0 +1,419 @@ +From: Uwe Kleine-König +Date: Wed, 14 Oct 2020 22:00:30 +0200 +Subject: arm64: dts: rockchip: Add basic support for Kobol's Helios64 +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=09e006cfb43e8ec38afe28278b210dab72e6cac8 + +The hardware is described in detail on Kobol's wiki at +https://wiki.kobol.io/helios64/intro/. + +Up to now the following peripherals are working: + + - UART + - Micro-SD card + - eMMC + - ethernet port 1 + - status LED + - temperature sensor on i2c bus 2 + +Signed-off-by: Uwe Kleine-König +Link: https://lore.kernel.org/r/20201014200030.845759-3-uwe@kleine-koenig.org +Signed-off-by: Heiko Stuebner +--- + arch/arm64/boot/dts/rockchip/Makefile | 1 + + .../dts/rockchip/rk3399-kobol-helios64.dts | 372 ++++++++++++++++++ + 2 files changed, 373 insertions(+) + create mode 100644 arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts + +diff --git a/arch/arm64/boot/dts/rockchip/Makefile b/arch/arm64/boot/dts/rockchip/Makefile +index 26661c7b736b..28b26a874313 100644 +--- a/arch/arm64/boot/dts/rockchip/Makefile ++++ b/arch/arm64/boot/dts/rockchip/Makefile +@@ -26,6 +26,7 @@ dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-hugsun-x99.dtb + dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-khadas-edge.dtb + dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-khadas-edge-captain.dtb + dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-khadas-edge-v.dtb ++dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-kobol-helios64.dtb + dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-leez-p710.dtb + dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-nanopc-t4.dtb + dtb-$(CONFIG_ARCH_ROCKCHIP) += rk3399-nanopi-m4.dtb +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +new file mode 100644 +index 000000000000..2a561be724b2 +--- /dev/null ++++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +@@ -0,0 +1,372 @@ ++// SPDX-License-Identifier: (GPL-2.0+ OR MIT) ++/* ++ * Copyright (c) 2020 Aditya Prayoga ++ */ ++ ++/* ++ * The Kobol Helios64 is a board designed to operate as a NAS and optionally ++ * ships with an enclosing that can host five 2.5" hard disks. ++ * ++ * See https://wiki.kobol.io/helios64/intro/ for further details. ++ */ ++ ++/dts-v1/; ++#include "rk3399.dtsi" ++#include "rk3399-opp.dtsi" ++ ++/ { ++ model = "Kobol Helios64"; ++ compatible = "kobol,helios64", "rockchip,rk3399"; ++ ++ avdd_1v8_s0: avdd-1v8-s0 { ++ compatible = "regulator-fixed"; ++ regulator-name = "avdd_1v8_s0"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <1800000>; ++ regulator-max-microvolt = <1800000>; ++ vin-supply = <&vcc3v3_sys_s3>; ++ }; ++ ++ clkin_gmac: external-gmac-clock { ++ compatible = "fixed-clock"; ++ clock-frequency = <125000000>; ++ clock-output-names = "clkin_gmac"; ++ #clock-cells = <0>; ++ }; ++ ++ leds { ++ compatible = "gpio-leds"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&sys_grn_led_on &sys_red_led_on>; ++ ++ led-0 { ++ label = "helios64:green:status"; ++ gpios = <&gpio0 RK_PB4 GPIO_ACTIVE_HIGH>; ++ default-state = "on"; ++ }; ++ ++ led-1 { ++ label = "helios64:red:fault"; ++ gpios = <&gpio0 RK_PB5 GPIO_ACTIVE_HIGH>; ++ default-state = "keep"; ++ }; ++ }; ++ ++ vcc1v8_sys_s0: vcc1v8-sys-s0 { ++ compatible = "regulator-fixed"; ++ regulator-name = "vcc1v8_sys_s0"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <1800000>; ++ regulator-max-microvolt = <1800000>; ++ vin-supply = <&vcc1v8_sys_s3>; ++ }; ++ ++ vcc3v0_sd: vcc3v0-sd { ++ compatible = "regulator-fixed"; ++ enable-active-high; ++ gpio = <&gpio0 RK_PA1 GPIO_ACTIVE_HIGH>; ++ regulator-name = "vcc3v0_sd"; ++ regulator-boot-on; ++ regulator-min-microvolt = <3000000>; ++ regulator-max-microvolt = <3000000>; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&sdmmc0_pwr_h>; ++ vin-supply = <&vcc3v3_sys_s3>; ++ }; ++ ++ vcc3v3_sys_s3: vcc_lan: vcc3v3-sys-s3 { ++ compatible = "regulator-fixed"; ++ regulator-name = "vcc3v3_sys_s3"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <3300000>; ++ regulator-max-microvolt = <3300000>; ++ vin-supply = <&vcc5v0_sys>; ++ ++ regulator-state-mem { ++ regulator-on-in-suspend; ++ }; ++ }; ++ ++ vcc5v0_sys: vcc5v0-sys { ++ compatible = "regulator-fixed"; ++ regulator-name = "vcc5v0_sys"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <5000000>; ++ regulator-max-microvolt = <5000000>; ++ vin-supply = <&vcc12v_dcin_bkup>; ++ ++ regulator-state-mem { ++ regulator-on-in-suspend; ++ }; ++ }; ++ ++ vcc12v_dcin: vcc12v-dcin { ++ compatible = "regulator-fixed"; ++ regulator-name = "vcc12v_dcin"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <12000000>; ++ regulator-max-microvolt = <12000000>; ++ }; ++ ++ vcc12v_dcin_bkup: vcc12v-dcin-bkup { ++ compatible = "regulator-fixed"; ++ regulator-name = "vcc12v_dcin_bkup"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <12000000>; ++ regulator-max-microvolt = <12000000>; ++ vin-supply = <&vcc12v_dcin>; ++ }; ++}; ++ ++/* ++ * The system doesn't run stable with cpu freq enabled, so disallow the lower ++ * frequencies until this problem is properly understood and resolved. ++ */ ++&cluster0_opp { ++ /delete-node/ opp00; ++ /delete-node/ opp01; ++ /delete-node/ opp02; ++ /delete-node/ opp03; ++ /delete-node/ opp04; ++}; ++ ++&cluster1_opp { ++ /delete-node/ opp00; ++ /delete-node/ opp01; ++ /delete-node/ opp02; ++ /delete-node/ opp03; ++ /delete-node/ opp04; ++ /delete-node/ opp05; ++ /delete-node/ opp06; ++}; ++ ++&cpu_b0 { ++ cpu-supply = <&vdd_cpu_b>; ++}; ++ ++&cpu_b1 { ++ cpu-supply = <&vdd_cpu_b>; ++}; ++ ++&cpu_l0 { ++ cpu-supply = <&vdd_cpu_l>; ++}; ++ ++&cpu_l1 { ++ cpu-supply = <&vdd_cpu_l>; ++}; ++ ++&cpu_l2 { ++ cpu-supply = <&vdd_cpu_l>; ++}; ++ ++&cpu_l3 { ++ cpu-supply = <&vdd_cpu_l>; ++}; ++ ++&emmc_phy { ++ status = "okay"; ++}; ++ ++&gmac { ++ assigned-clock-parents = <&clkin_gmac>; ++ assigned-clocks = <&cru SCLK_RMII_SRC>; ++ clock_in_out = "input"; ++ phy-mode = "rgmii"; ++ phy-supply = <&vcc_lan>; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&rgmii_pins &gphy_reset>; ++ rx_delay = <0x20>; ++ tx_delay = <0x28>; ++ snps,reset-active-low; ++ snps,reset-delays-us = <0 10000 50000>; ++ snps,reset-gpio = <&gpio3 RK_PB7 GPIO_ACTIVE_LOW>; ++ status = "okay"; ++}; ++ ++&i2c0 { ++ clock-frequency = <400000>; ++ i2c-scl-rising-time-ns = <168>; ++ i2c-scl-falling-time-ns = <4>; ++ status = "okay"; ++ ++ rk808: pmic@1b { ++ compatible = "rockchip,rk808"; ++ reg = <0x1b>; ++ interrupt-parent = <&gpio0>; ++ interrupts = <10 IRQ_TYPE_LEVEL_LOW>; ++ clock-output-names = "xin32k", "rk808-clkout2"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pmic_int_l>; ++ vcc1-supply = <&vcc5v0_sys>; ++ vcc2-supply = <&vcc5v0_sys>; ++ vcc3-supply = <&vcc5v0_sys>; ++ vcc4-supply = <&vcc5v0_sys>; ++ vcc6-supply = <&vcc5v0_sys>; ++ vcc7-supply = <&vcc5v0_sys>; ++ vcc8-supply = <&vcc3v3_sys_s3>; ++ vcc9-supply = <&vcc5v0_sys>; ++ vcc10-supply = <&vcc5v0_sys>; ++ vcc11-supply = <&vcc5v0_sys>; ++ vcc12-supply = <&vcc3v3_sys_s3>; ++ vddio-supply = <&vcc3v0_s3>; ++ wakeup-source; ++ #clock-cells = <1>; ++ ++ regulators { ++ vdd_cpu_l: DCDC_REG2 { ++ regulator-name = "vdd_cpu_l"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <750000>; ++ regulator-max-microvolt = <1350000>; ++ regulator-ramp-delay = <6001>; ++ ++ regulator-state-mem { ++ regulator-off-in-suspend; ++ }; ++ }; ++ ++ vcc1v8_sys_s3: DCDC_REG4 { ++ regulator-name = "vcc1v8_sys_s3"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <1800000>; ++ regulator-max-microvolt = <1800000>; ++ ++ regulator-state-mem { ++ regulator-on-in-suspend; ++ regulator-suspend-microvolt = <1800000>; ++ }; ++ }; ++ ++ vcc_sdio_s0: LDO_REG4 { ++ regulator-name = "vcc_sdio_s0"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <1800000>; ++ regulator-max-microvolt = <3000000>; ++ ++ regulator-state-mem { ++ regulator-on-in-suspend; ++ regulator-suspend-microvolt = <3000000>; ++ }; ++ }; ++ ++ vcc3v0_s3: LDO_REG8 { ++ regulator-name = "vcc3v0_s3"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <3000000>; ++ regulator-max-microvolt = <3000000>; ++ ++ regulator-state-mem { ++ regulator-on-in-suspend; ++ regulator-suspend-microvolt = <3000000>; ++ }; ++ }; ++ }; ++ }; ++ ++ vdd_cpu_b: regulator@40 { ++ compatible = "silergy,syr827"; ++ reg = <0x40>; ++ fcs,suspend-voltage-selector = <1>; ++ regulator-name = "vdd_cpu_b"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <712500>; ++ regulator-max-microvolt = <1500000>; ++ regulator-ramp-delay = <1000>; ++ vin-supply = <&vcc5v0_sys>; ++ ++ regulator-state-mem { ++ regulator-off-in-suspend; ++ }; ++ }; ++}; ++ ++&i2c2 { ++ clock-frequency = <400000>; ++ i2c-scl-rising-time-ns = <160>; ++ i2c-scl-falling-time-ns = <30>; ++ status = "okay"; ++ ++ temp@4c { ++ compatible = "national,lm75"; ++ reg = <0x4c>; ++ }; ++}; ++ ++&io_domains { ++ audio-supply = <&vcc1v8_sys_s0>; ++ bt656-supply = <&vcc1v8_sys_s0>; ++ gpio1830-supply = <&vcc3v0_s3>; ++ sdmmc-supply = <&vcc_sdio_s0>; ++ status = "okay"; ++}; ++ ++&pinctrl { ++ gmac { ++ gphy_reset: gphy-reset { ++ rockchip,pins = <3 RK_PB7 RK_FUNC_GPIO &pcfg_output_low>; ++ }; ++ }; ++ ++ leds { ++ sys_grn_led_on: sys-grn-led-on { ++ rockchip,pins = <0 RK_PB4 RK_FUNC_GPIO &pcfg_pull_down>; ++ }; ++ ++ sys_red_led_on: sys-red-led-on { ++ rockchip,pins = <0 RK_PB5 RK_FUNC_GPIO &pcfg_pull_down>; ++ }; ++ }; ++ ++ pmic { ++ pmic_int_l: pmic-int-l { ++ rockchip,pins = <0 RK_PB2 RK_FUNC_GPIO &pcfg_pull_up>; ++ }; ++ }; ++ ++ vcc3v0-sd { ++ sdmmc0_pwr_h: sdmmc0-pwr-h { ++ rockchip,pins = <0 RK_PA1 RK_FUNC_GPIO &pcfg_pull_up>; ++ }; ++ }; ++}; ++ ++&pmu_io_domains { ++ pmu1830-supply = <&vcc3v0_s3>; ++ status = "okay"; ++}; ++ ++&sdhci { ++ bus-width = <8>; ++ mmc-hs200-1_8v; ++ non-removable; ++ vqmmc-supply = <&vcc1v8_sys_s0>; ++ status = "okay"; ++}; ++ ++&sdmmc { ++ bus-width = <4>; ++ cap-sd-highspeed; ++ cd-gpios = <&gpio0 RK_PA7 GPIO_ACTIVE_LOW>; ++ disable-wp; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>; ++ vmmc-supply = <&vcc3v0_sd>; ++ vqmmc-supply = <&vcc_sdio_s0>; ++ status = "okay"; ++}; ++ ++&uart2 { ++ status = "okay"; ++}; +-- +2.28.0 + diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-PCIe-on-helios64.patch b/debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-PCIe-on-helios64.patch new file mode 100644 index 000000000..6abebd080 --- /dev/null +++ b/debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-PCIe-on-helios64.patch @@ -0,0 +1,113 @@ +From: Uwe Kleine-König +Date: Mon, 10 May 2021 11:09:32 +0200 +Subject: arm64: dts: rockchip: Add support for PCIe on helios64 +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/patch/?id=5a65adfa2ad1542f856fc7de3999d51f3a35d2e2 + +This is enough to make the SATA controller visible: + +# lspci +00:00.0 PCI bridge: Fuzhou Rockchip Electronics Co., Ltd RK3399 PCI Express Root Port +01:00.0 SATA controller: JMicron Technology Corp. JMB58x AHCI SATA controller + +Signed-off-by: Uwe Kleine-König +Link: https://lore.kernel.org/r/20210510090932.970447-1-uwe@kleine-koenig.org +Signed-off-by: Heiko Stuebner +--- + .../dts/rockchip/rk3399-kobol-helios64.dts | 53 +++++++++++++++++++ + 1 file changed, 53 insertions(+) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +index 9d4a0885fd12..037dc5cdc3f3 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +@@ -23,6 +23,16 @@ aliases { + mmc1 = &sdhci; + }; + ++ avdd_0v9_s0: avdd-0v9-s0 { ++ compatible = "regulator-fixed"; ++ regulator-name = "avdd_0v9_s0"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <900000>; ++ regulator-max-microvolt = <900000>; ++ vin-supply = <&vcc1v8_sys_s3>; ++ }; ++ + avdd_1v8_s0: avdd-1v8-s0 { + compatible = "regulator-fixed"; + regulator-name = "avdd_1v8_s0"; +@@ -72,6 +82,18 @@ led-1 { + }; + }; + ++ pcie_power: pcie-power { ++ compatible = "regulator-fixed"; ++ enable-active-high; ++ gpio = <&gpio1 RK_PD0 GPIO_ACTIVE_HIGH>; ++ pinctrl-0 = <&pcie_pwr>; ++ pinctrl-names = "default"; ++ regulator-boot-on; ++ regulator-name = "pcie_power"; ++ startup-delay-us = <10000>; ++ vin-supply = <&vcc5v0_perdev>; ++ }; ++ + vcc1v8_sys_s0: vcc1v8-sys-s0 { + compatible = "regulator-fixed"; + regulator-name = "vcc1v8_sys_s0"; +@@ -109,6 +131,16 @@ regulator-state-mem { + }; + }; + ++ vcc5v0_perdev: vcc5v0-perdev { ++ compatible = "regulator-fixed"; ++ regulator-name = "vcc5v0_perdev"; ++ regulator-always-on; ++ regulator-boot-on; ++ regulator-min-microvolt = <5000000>; ++ regulator-max-microvolt = <5000000>; ++ vin-supply = <&vcc12v_dcin_bkup>; ++ }; ++ + vcc5v0_sys: vcc5v0-sys { + compatible = "regulator-fixed"; + regulator-name = "vcc5v0_sys"; +@@ -331,6 +363,20 @@ &io_domains { + status = "okay"; + }; + ++&pcie_phy { ++ status = "okay"; ++}; ++ ++&pcie0 { ++ num-lanes = <2>; ++ status = "okay"; ++ ++ vpcie12v-supply = <&vcc12v_dcin>; ++ vpcie3v3-supply = <&pcie_power>; ++ vpcie1v8-supply = <&avdd_1v8_s0>; ++ vpcie0v9-supply = <&avdd_0v9_s0>; ++}; ++ + &pinctrl { + gmac { + gphy_reset: gphy-reset { +@@ -348,6 +394,13 @@ sys_red_led_on: sys-red-led-on { + }; + }; + ++ pcie { ++ pcie_pwr: pcie-pwr { ++ rockchip,pins = ++ <1 RK_PD0 RK_FUNC_GPIO &pcfg_pull_none>; ++ }; ++ }; ++ + pmic { + pmic_int_l: pmic-int-l { + rockchip,pins = <0 RK_PB2 RK_FUNC_GPIO &pcfg_pull_none>; +-- +2.30.2 + diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-two-PWM-fans-on-h.patch b/debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-two-PWM-fans-on-h.patch new file mode 100644 index 000000000..9755e0b8c --- /dev/null +++ b/debian/patches/features/arm64/arm64-dts-rockchip-Add-support-for-two-PWM-fans-on-h.patch @@ -0,0 +1,61 @@ +From: Uwe Kleine-König +Date: Mon, 10 May 2021 11:06:07 +0200 +Subject: arm64: dts: rockchip: Add support for two PWM fans on + helios64 +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/patch/?id=271b66414df0b172c936b3cfd1894b7939f84165 + +On the helios64 board the two connectors P6 and P7 are supposed to +power two fans. Add the corresponding pwm-fan devices. + +Signed-off-by: Uwe Kleine-König +Link: https://lore.kernel.org/r/20210510090607.970145-1-uwe@kleine-koenig.org +Signed-off-by: Heiko Stuebner +--- + .../dts/rockchip/rk3399-kobol-helios64.dts | 24 +++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +index 19485b552bc4..9d4a0885fd12 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +@@ -40,6 +40,20 @@ clkin_gmac: external-gmac-clock { + #clock-cells = <0>; + }; + ++ fan1 { ++ /* fan connected to P7 */ ++ compatible = "pwm-fan"; ++ pwms = <&pwm0 0 40000 0>; ++ cooling-levels = <0 80 170 255>; ++ }; ++ ++ fan2 { ++ /* fan connected to P6 */ ++ compatible = "pwm-fan"; ++ pwms = <&pwm1 0 40000 0>; ++ cooling-levels = <0 80 170 255>; ++ }; ++ + leds { + compatible = "gpio-leds"; + pinctrl-names = "default"; +@@ -352,6 +366,16 @@ &pmu_io_domains { + status = "okay"; + }; + ++&pwm0 { ++ /* pwm-fan on P7 */ ++ status = "okay"; ++}; ++ ++&pwm1 { ++ /* pwm-fan on P6 */ ++ status = "okay"; ++}; ++ + &sdhci { + bus-width = <8>; + mmc-hs200-1_8v; +-- +2.30.2 + diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch b/debian/patches/features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch new file mode 100644 index 000000000..ef6dab336 --- /dev/null +++ b/debian/patches/features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch @@ -0,0 +1,32 @@ +From: Uwe Kleine-König +Date: Sun, 24 Jan 2021 22:03:28 +0100 +Subject: arm64: dts: rockchip: Rely on SoC external pull up on pmic-int-l on Helios64 +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e58ba111421375c5948c3e8145bdd84b06ac095 + +According to the schematic there is an external pull up, so there is no +need to enable the internal one additionally. Using no pull up matches +the vendor device tree. + +Signed-off-by: Uwe Kleine-König +Link: https://lore.kernel.org/r/20210124210328.611707-2-uwe@kleine-koenig.org +Signed-off-by: Heiko Stuebner +--- + arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +index 2a561be724b2..66c725a34220 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +@@ -331,7 +331,7 @@ sys_red_led_on: sys-red-led-on { + + pmic { + pmic_int_l: pmic-int-l { +- rockchip,pins = <0 RK_PB2 RK_FUNC_GPIO &pcfg_pull_up>; ++ rockchip,pins = <0 RK_PB2 RK_FUNC_GPIO &pcfg_pull_none>; + }; + }; + +-- +2.30.2 + diff --git a/debian/patches/features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch b/debian/patches/features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch new file mode 100644 index 000000000..ad4b53de9 --- /dev/null +++ b/debian/patches/features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch @@ -0,0 +1,30 @@ +From: Uwe Kleine-König +Date: Wed, 29 Mar 2021 09:45:58 +0100 +Subject: arm64: dts: rockchip: kobol-helios64: Add mmc aliases + +This patch is part of commit 5dcbe7e3862d ("arm64: dts: rockchip: move mmc +aliases to board dts on rk3399") upstream. It is applied here only for Kobol's +helios64 to simplify conflict resolution for some further patches. It currently +is a noop as the same aliases already exist in rk3399.dtsi. + +Link: https://lore.kernel.org/r/20210324122235.1059292-7-heiko@sntech.de +--- +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +index 66c725a34220..19485b552bc4 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3399-kobol-helios64.dts +@@ -18,6 +18,11 @@ / { + model = "Kobol Helios64"; + compatible = "kobol,helios64", "rockchip,rk3399"; + ++ aliases { ++ mmc0 = &sdmmc; ++ mmc1 = &sdhci; ++ }; ++ + avdd_1v8_s0: avdd-1v8-s0 { + compatible = "regulator-fixed"; + regulator-name = "avdd_1v8_s0"; +-- +2.30.2 + diff --git a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch new file mode 100644 index 000000000..1840fc4bd --- /dev/null +++ b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch @@ -0,0 +1,85 @@ +From: Ben Hutchings +Date: Wed, 21 Aug 2019 00:32:16 +0100 +Subject: intel-iommu: Add Kconfig option to exclude iGPU by default +Bug-Debian: https://bugs.debian.org/935270 +Bug-Kali: https://bugs.kali.org/view.php?id=5644 + +There is still laptop firmware that touches the integrated GPU behind +the operating system's back, and doesn't say so in the RMRR table. +Enabling the IOMMU for all devices causes breakage. + +Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice +corresponding to "on", "off", and "on,intgpu_off". + +Signed-off-by: Ben Hutchings +--- +--- a/drivers/iommu/intel/Kconfig ++++ b/drivers/iommu/intel/Kconfig +@@ -45,14 +45,28 @@ config INTEL_IOMMU_SVM + to access DMA resources through process address space by + means of a Process Address Space ID (PASID). + +-config INTEL_IOMMU_DEFAULT_ON +- def_bool y +- prompt "Enable Intel DMA Remapping Devices by default" +- depends on INTEL_IOMMU ++if INTEL_IOMMU ++ ++choice ++ prompt "Default state of Intel DMA Remapping Devices" ++ default INTEL_IOMMU_DEFAULT_ON + help +- Selecting this option will enable a DMAR device at boot time if +- one is found. If this option is not selected, DMAR support can +- be enabled by passing intel_iommu=on to the kernel. ++ Choose whether Intel DMA Remapping Devices should be enabled ++ by default. This can be overridden at boot time using the ++ intel_iommu= kernel parameter. ++ ++config INTEL_IOMMU_DEFAULT_ON ++ bool "Enable" ++ ++config INTEL_IOMMU_DEFAULT_ON_INTGPU_OFF ++ bool "Enable, excluding integrated GPU" ++ ++config INTEL_IOMMU_DEFAULT_OFF ++ bool "Disable" ++ ++endchoice ++ ++endif + + config INTEL_IOMMU_BROKEN_GFX_WA + bool "Workaround broken graphics drivers (going away soon)" +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -338,11 +338,7 @@ static int intel_iommu_attach_device(str + static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain, + dma_addr_t iova); + +-#ifdef CONFIG_INTEL_IOMMU_DEFAULT_ON +-int dmar_disabled = 0; +-#else +-int dmar_disabled = 1; +-#endif /* CONFIG_INTEL_IOMMU_DEFAULT_ON */ ++int dmar_disabled = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_OFF); + + #ifdef CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON + int intel_iommu_sm = 1; +@@ -354,7 +350,7 @@ int intel_iommu_enabled = 0; + EXPORT_SYMBOL_GPL(intel_iommu_enabled); + + static int dmar_map_gfx = 1; +-static int dmar_map_intgpu = 1; ++static int dmar_map_intgpu = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_ON); + static int dmar_forcedac; + static int intel_iommu_strict; + static int intel_iommu_superpage = 1; +@@ -442,6 +438,7 @@ static int __init intel_iommu_setup(char + while (*str) { + if (!strncmp(str, "on", 2)) { + dmar_disabled = 0; ++ dmar_map_intgpu = 1; + pr_info("IOMMU enabled\n"); + } else if (!strncmp(str, "off", 3)) { + dmar_disabled = 1; diff --git a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch new file mode 100644 index 000000000..1717d8fe2 --- /dev/null +++ b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch @@ -0,0 +1,91 @@ +From: Ben Hutchings +Date: Wed, 21 Aug 2019 00:05:30 +0100 +Subject: intel-iommu: Add option to exclude integrated GPU only +Bug-Debian: https://bugs.debian.org/935270 +Bug-Kali: https://bugs.kali.org/view.php?id=5644 + +There is still laptop firmware that touches the integrated GPU behind +the operating system's back, and doesn't say so in the RMRR table. +Enabling the IOMMU for all devices causes breakage, but turning it off +for all graphics devices seems like a major weakness. + +Add an option, intel_iommu=igpu_off, to exclude only integrated GPUs +from remapping. This is a narrower exclusion than igfx_off: it only +affects Intel devices on the root bus. Devices attached through an +external port (Thunderbolt or ExpressCard) won't be on the root bus. + +Signed-off-by: Ben Hutchings +--- + Documentation/admin-guide/kernel-parameters.txt | 2 ++ + drivers/iommu/intel/iommu.c | 14 ++++++++++++++ + 2 files changed, 16 insertions(+) + +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -1837,6 +1837,8 @@ + bypassed by not enabling DMAR with this option. In + this case, gfx device will use physical address for + DMA. ++ intgpu_off [Default Off] ++ Bypass the DMAR unit for an integrated GPU only. + forcedac [X86-64] + With this option iommu will not optimize to look + for io virtual address below 32-bit forcing dual +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -54,6 +54,9 @@ + #define CONTEXT_SIZE VTD_PAGE_SIZE + + #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY) ++#define IS_INTGPU_DEVICE(pdev) (IS_GFX_DEVICE(pdev) && \ ++ (pdev)->vendor == 0x8086 && \ ++ pci_is_root_bus((pdev)->bus)) + #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB) + #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) + #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e) +@@ -351,6 +354,7 @@ int intel_iommu_enabled = 0; + EXPORT_SYMBOL_GPL(intel_iommu_enabled); + + static int dmar_map_gfx = 1; ++static int dmar_map_intgpu = 1; + static int dmar_forcedac; + static int intel_iommu_strict; + static int intel_iommu_superpage = 1; +@@ -360,6 +364,7 @@ static int iommu_skip_te_disable; + + #define IDENTMAP_GFX 2 + #define IDENTMAP_AZALIA 4 ++#define IDENTMAP_INTGPU 8 + + int intel_iommu_gfx_mapped; + EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped); +@@ -445,6 +450,9 @@ static int __init intel_iommu_setup(char + } else if (!strncmp(str, "igfx_off", 8)) { + dmar_map_gfx = 0; + pr_info("Disable GFX device mapping\n"); ++ } else if (!strncmp(str, "intgpu_off", 8)) { ++ dmar_map_intgpu = 0; ++ pr_info("Disable integrated GPU device mapping\n"); + } else if (!strncmp(str, "forcedac", 8)) { + pr_info("Forcing DAC for PCI devices\n"); + dmar_forcedac = 1; +@@ -2890,6 +2898,9 @@ static int device_def_domain_type(struct + + if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev)) + return IOMMU_DOMAIN_IDENTITY; ++ ++ if ((iommu_identity_mapping & IDENTMAP_INTGPU) && IS_INTGPU_DEVICE(pdev)) ++ return IOMMU_DOMAIN_IDENTITY; + } + + return 0; +@@ -3325,6 +3336,9 @@ static int __init init_dmars(void) + if (!dmar_map_gfx) + iommu_identity_mapping |= IDENTMAP_GFX; + ++ if (!dmar_map_intgpu) ++ iommu_identity_mapping |= IDENTMAP_INTGPU; ++ + check_tylersburg_isoch(); + + ret = si_domain_init(hw_pass_through); diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch new file mode 100644 index 000000000..62731a997 --- /dev/null +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -0,0 +1,193 @@ +From: Ben Hutchings +Date: Mon, 12 Feb 2018 23:59:26 +0000 +Subject: x86: Make x32 syscall support conditional on a kernel parameter +Bug-Debian: https://bugs.debian.org/708070 +Forwarded: https://lore.kernel.org/lkml/1415245982.3398.53.camel@decadent.org.uk/T/#u + +Enabling x32 in the standard amd64 kernel would increase its attack +surface while provide no benefit to the vast majority of its users. +No-one seems interested in regularly checking for vulnerabilities +specific to x32 (at least no-one with a white hat). + +Still, adding another flavour just to turn on x32 seems wasteful. And +the only differences on syscall entry are a few instructions that mask +out the x32 flag and compare the syscall number. + +Use a static key to control whether x32 syscalls are really enabled, a +Kconfig parameter to set its default value and a kernel parameter +"syscall.x32" to change it at boot time. + +Signed-off-by: Ben Hutchings +--- + .../admin-guide/kernel-parameters.txt | 4 ++ + arch/x86/Kconfig | 8 ++++ + arch/x86/entry/common.c | 3 +- + arch/x86/entry/syscall_64.c | 46 +++++++++++++++++++ + arch/x86/include/asm/elf.h | 6 ++- + arch/x86/include/asm/syscall.h | 13 ++++++ + 6 files changed, 78 insertions(+), 2 deletions(-) + +Index: debian-kernel/Documentation/admin-guide/kernel-parameters.txt +=================================================================== +--- debian-kernel.orig/Documentation/admin-guide/kernel-parameters.txt ++++ debian-kernel/Documentation/admin-guide/kernel-parameters.txt +@@ -5000,6 +5000,10 @@ + later by a loaded module cannot be set this way. + Example: sysctl.vm.swappiness=40 + ++ syscall.x32= [KNL,x86_64] Enable/disable use of x32 syscalls on ++ an x86_64 kernel where CONFIG_X86_X32 is enabled. ++ Default depends on CONFIG_X86_X32_DISABLED. ++ + sysfs.deprecated=0|1 [KNL] + Enable/disable old style sysfs layout for old udev + on older distributions. When this option is enabled +Index: debian-kernel/arch/x86/Kconfig +=================================================================== +--- debian-kernel.orig/arch/x86/Kconfig ++++ debian-kernel/arch/x86/Kconfig +@@ -2888,6 +2888,14 @@ config COMPAT_32 + select HAVE_UID16 + select OLD_SIGSUSPEND3 + ++config X86_X32_DISABLED ++ bool "x32 ABI disabled by default" ++ depends on X86_X32 ++ default n ++ help ++ Disable the x32 ABI unless explicitly enabled using the ++ kernel paramter "syscall.x32=y". ++ + config COMPAT + def_bool y + depends on IA32_EMULATION || X86_X32 +Index: debian-kernel/arch/x86/entry/common.c +=================================================================== +--- debian-kernel.orig/arch/x86/entry/common.c ++++ debian-kernel/arch/x86/entry/common.c +@@ -383,7 +383,8 @@ __visible noinstr void do_syscall_64(uns + nr = array_index_nospec(nr, NR_syscalls); + regs->ax = sys_call_table[nr](regs); + #ifdef CONFIG_X86_X32_ABI +- } else if (likely((nr & __X32_SYSCALL_BIT) && ++ } else if (x32_enabled && ++ likely((nr & __X32_SYSCALL_BIT) && + (nr & ~__X32_SYSCALL_BIT) < X32_NR_syscalls)) { + nr = array_index_nospec(nr & ~__X32_SYSCALL_BIT, + X32_NR_syscalls); +Index: debian-kernel/arch/x86/entry/syscall_x32.c +=================================================================== +--- debian-kernel.orig/arch/x86/entry/syscall_x32.c ++++ debian-kernel/arch/x86/entry/syscall_x32.c +@@ -4,6 +4,9 @@ + #include + #include + #include ++#include ++#undef MODULE_PARAM_PREFIX ++#define MODULE_PARAM_PREFIX "syscall." + #include + #include + #include +@@ -27,3 +30,46 @@ asmlinkage const sys_call_ptr_t x32_sys_ + [0 ... __NR_x32_syscall_max] = &__x64_sys_ni_syscall, + #include + }; ++ ++/* Maybe enable x32 syscalls */ ++ ++#if defined(CONFIG_X86_X32_DISABLED) ++DEFINE_STATIC_KEY_FALSE(x32_enabled_skey); ++#else ++DEFINE_STATIC_KEY_TRUE(x32_enabled_skey); ++#endif ++ ++static int __init x32_param_set(const char *val, const struct kernel_param *p) ++{ ++ bool enabled; ++ int ret; ++ ++ ret = kstrtobool(val, &enabled); ++ if (ret) ++ return ret; ++ if (IS_ENABLED(CONFIG_X86_X32_DISABLED)) { ++ if (enabled) { ++ static_key_enable(&x32_enabled_skey.key); ++ pr_info("Enabled x32 syscalls\n"); ++ } ++ } else { ++ if (!enabled) { ++ static_key_disable(&x32_enabled_skey.key); ++ pr_info("Disabled x32 syscalls\n"); ++ } ++ } ++ return 0; ++} ++ ++static int x32_param_get(char *buffer, const struct kernel_param *p) ++{ ++ return sprintf(buffer, "%c\n", ++ static_key_enabled(&x32_enabled_skey) ? 'Y' : 'N'); ++} ++ ++static const struct kernel_param_ops x32_param_ops = { ++ .set = x32_param_set, ++ .get = x32_param_get, ++}; ++ ++arch_param_cb(x32, &x32_param_ops, NULL, 0444); +Index: debian-kernel/arch/x86/include/asm/elf.h +=================================================================== +--- debian-kernel.orig/arch/x86/include/asm/elf.h ++++ debian-kernel/arch/x86/include/asm/elf.h +@@ -11,6 +11,9 @@ + #include + #include + #include ++#ifndef COMPILE_OFFSETS /* avoid a circular dependency on asm-offsets.h */ ++#include ++#endif + + typedef unsigned long elf_greg_t; + +@@ -163,7 +166,8 @@ do { \ + + #define compat_elf_check_arch(x) \ + (elf_check_arch_ia32(x) || \ +- (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) ++ (IS_ENABLED(CONFIG_X86_X32_ABI) && x32_enabled && \ ++ (x)->e_machine == EM_X86_64)) + + #if __USER32_DS != __USER_DS + # error "The following code assumes __USER32_DS == __USER_DS" +Index: debian-kernel/arch/x86/include/asm/syscall.h +=================================================================== +--- debian-kernel.orig/arch/x86/include/asm/syscall.h ++++ debian-kernel/arch/x86/include/asm/syscall.h +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include /* for TS_COMPAT */ + #include + +@@ -31,6 +32,18 @@ extern const sys_call_ptr_t ia32_sys_cal + extern const sys_call_ptr_t x32_sys_call_table[]; + #endif + ++#if defined(CONFIG_X86_X32_ABI) ++#if defined(CONFIG_X86_X32_DISABLED) ++DECLARE_STATIC_KEY_FALSE(x32_enabled_skey); ++#define x32_enabled static_branch_unlikely(&x32_enabled_skey) ++#else ++DECLARE_STATIC_KEY_TRUE(x32_enabled_skey); ++#define x32_enabled static_branch_likely(&x32_enabled_skey) ++#endif ++#else ++#define x32_enabled 0 ++#endif ++ + /* + * Only the low 32 bits of orig_ax are meaningful, so we return int. + * This importantly ignores the high bits on 64-bit, so comparisons diff --git a/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch b/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch new file mode 100644 index 000000000..7a7952003 --- /dev/null +++ b/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch @@ -0,0 +1,28 @@ +From: Ben Hutchings +Date: Mon, 5 Dec 2011 04:00:58 +0000 +Subject: x86: memtest: WARN if bad RAM found +Bug-Debian: https://bugs.debian.org/613321 +Forwarded: http://thread.gmane.org/gmane.linux.kernel/1286471 + +Since this is not a particularly thorough test, if we find any bad +bits of RAM then there is a fair chance that there are other bad bits +we fail to detect. + +Signed-off-by: Ben Hutchings +--- + mm/memtest.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +--- a/mm/memtest.c ++++ b/mm/memtest.c +@@ -26,6 +26,10 @@ static u64 patterns[] __initdata = { + + static void __init reserve_bad_mem(u64 pattern, phys_addr_t start_bad, phys_addr_t end_bad) + { ++#ifdef CONFIG_X86 ++ WARN_ONCE(1, "Bad RAM detected. Use memtest86+ to perform a thorough test\n" ++ "and the memmap= parameter to reserve the bad areas."); ++#endif + pr_info(" %016llx bad mem addr %pa - %pa reserved\n", + cpu_to_be64(pattern), &start_bad, &end_bad); + memblock_reserve(start_bad, end_bad - start_bad); diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..772b165a1 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,141 @@ +debian/gitignore.patch + +# Disable features broken by exclusion of upstream files +debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch +debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch +debian/dfsg/vs6624-disable.patch +debian/dfsg/drivers-net-appletalk-cops.patch +debian/dfsg/video-remove-nvidiafb-and-rivafb.patch +debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch + +# Changes to support package build system +debian/version.patch +debian/uname-version-timestamp.patch +debian/kernelvariables.patch +debian/ia64-hardcode-arch-script-output.patch +debian/mips-disable-werror.patch +debian/mips-boston-disable-its.patch +debian/mips-ieee754-relaxed.patch +debian/arch-sh4-fix-uimage-build.patch +debian/tools-perf-version.patch +debian/tools-perf-install.patch +debian/wireless-add-debian-wireless-regdb-certificates.patch +debian/export-symbols-needed-by-android-drivers.patch +debian/android-enable-building-ashmem-and-binder-as-modules.patch +debian/documentation-drop-sphinx-version-check.patch +debian/perf-traceevent-support-asciidoctor-for-documentatio.patch +debian/kbuild-look-for-module.lds-under-arch-directory-too.patch +debian/kbuild-abort-build-if-subdirs-used.patch + +# Fixes/improvements to firmware loading +features/all/drivers-media-dvb-usb-af9005-request_firmware.patch +debian/iwlwifi-do-not-request-unreleased-firmware.patch +bugfix/all/firmware_class-log-every-success-and-failure.patch +bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch +debian/firmware_class-refer-to-debian-wiki-firmware-page.patch + +# Patches from aufs5 repository, imported with debian/bin/genpatch-aufs. +# These are only the changes needed to allow aufs to be built out-of-tree. +#features/all/aufs5/aufs5-base.patch +#features/all/aufs5/aufs5-mmap.patch +#features/all/aufs5/aufs5-standalone.patch + +# Change some defaults for security reasons +debian/af_802154-Disable-auto-loading-as-mitigation-against.patch +debian/rds-Disable-auto-loading-as-mitigation-against-local.patch +debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch +debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch +debian/fs-enable-link-security-restrictions-by-default.patch + +# Set various features runtime-disabled by default +debian/sched-autogroup-disabled.patch +debian/yama-disable-by-default.patch +debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch +features/all/security-perf-allow-further-restriction-of-perf_event_open.patch +features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch +features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch + +# Disable autoloading/probing of various drivers by default +debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch +debian/snd-pcsp-disable-autoload.patch +bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch +debian/fjes-disable-autoload.patch + +# Taint if dangerous features are used +debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch +debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch + +# Arch bug fixes +bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch +bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch +bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch +bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch +bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch +bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch +bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch +bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch +bugfix/x86/platform-x86-toshiba_haps-Fix-missing-newline-in-pr_.patch + +# Arch features +features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch +features/arm64/arm64-dts-rockchip-Rely-on-SoC-external-pull-up-on-p.patch +features/arm64/arm64-dts-rockchip-kobol-helios64-Add-mmc-aliases.patch +features/arm64/arm64-dts-rockchip-Add-support-for-two-PWM-fans-on-h.patch +features/arm64/arm64-dts-rockchip-Add-support-for-PCIe-on-helios64.patch +features/arm64/arm64-dts-raspberry-Add-support-for-the-CM4.patch +features/arm64/arm64-compat-Implement-misalignment-fixups-for-multi.patch +features/x86/x86-memtest-WARN-if-bad-RAM-found.patch +features/x86/x86-make-x32-syscall-support-conditional.patch + +# Miscellaneous bug fixes +bugfix/all/disable-some-marvell-phys.patch +bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch +debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch +bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch +bugfix/all/wireguard-ignore-config_android.patch +bugfix/all/stddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch +bugfix/all/smb3-Replace-smb2pdu-1-element-arrays-with-flex-arra.patch + +# Miscellaneous features + +# Lockdown missing pieces +features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch +features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch +features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch + +# Improve integrity platform keyring for kernel modules verification +features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch +features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch +features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch +features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch +features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch + +# Security fixes +debian/i386-686-pae-pci-set-pci-nobios-by-default.patch +debian/ntfs-mark-it-as-broken.patch +bugfix/all/vfs-move-cap_convert_nscap-call-into-vfs_setxattr.patch +bugfix/all/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch +bugfix/all/netfilter-nf_tables-reject-QUEUE-DROP-verdict-parame.patch + +# Fix exported symbol versions +bugfix/all/module-disable-matching-missing-version-crc.patch + +# Tools bug fixes +bugfix/all/usbip-document-tcp-wrappers.patch +bugfix/all/kbuild-fix-recordmcount-dependency.patch +bugfix/all/tools-perf-man-date.patch +bugfix/all/tools-perf-remove-shebangs.patch +bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch +bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch +bugfix/all/cpupower-bump-soname-version.patch +bugfix/all/libcpupower-hide-private-function.patch +bugfix/all/cpupower-fix-checks-for-cpu-existence.patch +bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch +bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch + +# overlay: allow mounting in user namespaces +debian/overlayfs-permit-mounts-in-userns.patch + +# ABI maintenance -- cgit v1.2.3