diff options
Diffstat (limited to 'debian/patches')
84 files changed, 8579 insertions, 0 deletions
diff --git a/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch new file mode 100644 index 000000000..d8352b861 --- /dev/null +++ b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch @@ -0,0 +1,49 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Thu, 03 Nov 2016 15:25:26 -0600 +Subject: cpupower: Fix checks for CPU existence +Forwarded: https://lore.kernel.org/all/20170418023118.GD4152@decadent.org.uk/ + +Calls to cpufreq_cpu_exists(cpu) were converted to +cpupower_is_cpu_online(cpu) when libcpupower was introduced and the +former function was deleted. However, cpupower_is_cpu_online() does +not distinguish physically absent and offline CPUs, and does not set +errno. + +cpufreq-set has already been fixed (commit c25badc9ceb6). + +In cpufreq-bench, which prints an error message for offline CPUs, +properly distinguish and report the zero and negative cases. + +Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library") +Fixes: 53d1cd6b125f ("cpupowerutils: bench - Fix cpu online check") +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +[carnil: Update/Refresh patch for 4.14.17: The issue with the +incorrect check has been fixed with upstream commit 53d1cd6b125f. +Keep in the patch the distinction and report for the zero and +negative cases.] +--- +--- a/tools/power/cpupower/bench/system.c ++++ b/tools/power/cpupower/bench/system.c +@@ -58,12 +58,19 @@ long long int get_time() + + int set_cpufreq_governor(char *governor, unsigned int cpu) + { ++ int rc; + + dprintf("set %s as cpufreq governor\n", governor); + +- if (cpupower_is_cpu_online(cpu) != 1) { +- perror("cpufreq_cpu_exists"); +- fprintf(stderr, "error: cpu %u does not exist\n", cpu); ++ rc = cpupower_is_cpu_online(cpu); ++ if (rc != 1) { ++ if (rc < 0) ++ fprintf(stderr, "cpupower_is_cpu_online: %s\n", ++ strerror(-rc)); ++ else ++ fprintf(stderr, ++ "error: cpu %u is offline or does not exist\n", ++ cpu); + return -1; + } + diff --git a/debian/patches/bugfix/all/disable-some-marvell-phys.patch b/debian/patches/bugfix/all/disable-some-marvell-phys.patch new file mode 100644 index 000000000..472e54ce5 --- /dev/null +++ b/debian/patches/bugfix/all/disable-some-marvell-phys.patch @@ -0,0 +1,91 @@ +From: Ian Campbell <ijc@hellion.org.uk> +Subject: phy/marvell: disable 4-port phys +Date: Wed, 20 Nov 2013 08:30:14 +0000 +Bug-Debian: https://bugs.debian.org/723177 +Forwarded: https://lore.kernel.org/netdev/1386932764.20787.85.camel@dagon.hellion.org.uk/ + +The Marvell PHY was originally disabled because it can cause networking +failures on some systems. According to Lennert Buytenhek this is because some +of the variants added did not share the same register layout. Since the known +cases are all 4-ports disable those variants (indicated by a 4 in the +penultimate position of the model name) until they can be audited for +correctness. + +[bwh: Also #if-out the init functions for these PHYs to avoid + compiler warnings] + +--- a/drivers/net/phy/marvell.c ++++ b/drivers/net/phy/marvell.c +@@ -1320,6 +1320,7 @@ static int m88e1118_config_init(struct phy_device *phydev) + return genphy_soft_reset(phydev); + } + ++#if 0 + static int m88e1149_config_init(struct phy_device *phydev) + { + int err; +@@ -1345,7 +1346,9 @@ static int m88e1149_config_init(struct phy_device *phydev) + + return genphy_soft_reset(phydev); + } ++#endif + ++#if 0 + static int m88e1145_config_init_rgmii(struct phy_device *phydev) + { + int err; +@@ -1423,6 +1426,7 @@ static int m88e1145_config_init(struct phy_device *phydev) + + return 0; + } ++#endif + + static int m88e1540_get_fld(struct phy_device *phydev, u8 *msecs) + { +@@ -3414,6 +3418,7 @@ static struct phy_driver marvell_drivers[] = { + .led_hw_control_set = m88e1318_led_hw_control_set, + .led_hw_control_get = m88e1318_led_hw_control_get, + }, ++#if 0 + { + .phy_id = MARVELL_PHY_ID_88E1145, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -3434,6 +3439,8 @@ static struct phy_driver marvell_drivers[] = { + .get_tunable = m88e1111_get_tunable, + .set_tunable = m88e1111_set_tunable, + }, ++#endif ++#if 0 + { + .phy_id = MARVELL_PHY_ID_88E1149R, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -3452,6 +3459,8 @@ static struct phy_driver marvell_drivers[] = { + .get_strings = marvell_get_strings, + .get_stats = marvell_get_stats, + }, ++#endif ++#if 0 + { + .phy_id = MARVELL_PHY_ID_88E1240, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -3472,6 +3481,7 @@ static struct phy_driver marvell_drivers[] = { + .get_tunable = m88e1011_get_tunable, + .set_tunable = m88e1011_set_tunable, + }, ++#endif + { + .phy_id = MARVELL_PHY_ID_88E1116R, + .phy_id_mask = MARVELL_PHY_ID_MASK, +@@ -3744,9 +4074,9 @@ static struct mdio_device_id __maybe_unused marvell_tbl[] = { + { MARVELL_PHY_ID_88E1111_FINISAR, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1118, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1121R, MARVELL_PHY_ID_MASK }, +- { MARVELL_PHY_ID_88E1145, MARVELL_PHY_ID_MASK }, +- { MARVELL_PHY_ID_88E1149R, MARVELL_PHY_ID_MASK }, +- { MARVELL_PHY_ID_88E1240, MARVELL_PHY_ID_MASK }, ++/* { MARVELL_PHY_ID_88E1145, MARVELL_PHY_ID_MASK }, */ ++/* { MARVELL_PHY_ID_88E1149R, MARVELL_PHY_ID_MASK }, */ ++/* { MARVELL_PHY_ID_88E1240, MARVELL_PHY_ID_MASK }, */ + { MARVELL_PHY_ID_88E1318S, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1116R, MARVELL_PHY_ID_MASK }, + { MARVELL_PHY_ID_88E1510, MARVELL_PHY_ID_MASK }, diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch new file mode 100644 index 000000000..e6eec33dd --- /dev/null +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -0,0 +1,2396 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: firmware: Remove redundant log messages from drivers +Date: Sun, 09 Dec 2012 16:40:31 +0000 +Forwarded: no + +Now that firmware_class logs every success and failure consistently, +many other log messages can be removed from drivers. + +This will probably need to be split up into multiple patches prior to +upstream submission. + +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -912,10 +912,8 @@ static enum ucode_state request_microcod + if (c->x86 >= 0x15) + snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); + +- if (request_firmware_direct(&fw, (const char *)fw_name, device)) { +- pr_debug("failed to load file %s\n", fw_name); ++ if (request_firmware_direct(&fw, (const char *)fw_name, device)) + goto out; +- } + + ret = UCODE_ERROR; + if (!verify_container(fw->data, fw->size, false)) +--- a/drivers/atm/fore200e.c ++++ b/drivers/atm/fore200e.c +@@ -2398,10 +2398,9 @@ static int fore200e_load_and_start_fw(st + int err; + + sprintf(buf, "%s%s", fore200e->bus->proc_name, FW_EXT); +- if ((err = request_firmware(&firmware, buf, fore200e->dev)) < 0) { +- printk(FORE200E "problem loading firmware image %s\n", fore200e->bus->model_name); ++ err = request_firmware(&firmware, buf, fore200e->dev); ++ if (err) + return err; +- } + + fw_data = (const __le32 *)firmware->data; + fw_size = firmware->size / sizeof(u32); +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -381,10 +381,8 @@ static int ath3k_load_patch(struct usb_d + le32_to_cpu(fw_version.rom_version)); + + ret = request_firmware(&firmware, filename, &udev->dev); +- if (ret < 0) { +- BT_ERR("Patch file not found %s", filename); ++ if (ret) + return ret; +- } + + pt_rom_version = get_unaligned_le32(firmware->data + + firmware->size - 8); +@@ -444,10 +442,8 @@ static int ath3k_load_syscfg(struct usb_ + le32_to_cpu(fw_version.rom_version), clk_value, ".dfu"); + + ret = request_firmware(&firmware, filename, &udev->dev); +- if (ret < 0) { +- BT_ERR("Configuration file not found %s", filename); ++ if (ret) + return ret; +- } + + ret = ath3k_load_fwfile(udev, firmware); + release_firmware(firmware); +--- a/drivers/bluetooth/bcm203x.c ++++ b/drivers/bluetooth/bcm203x.c +@@ -173,7 +173,6 @@ static int bcm203x_probe(struct usb_inte + return -ENOMEM; + + if (request_firmware(&firmware, "BCM2033-MD.hex", &udev->dev) < 0) { +- BT_ERR("Mini driver request failed"); + usb_free_urb(data->urb); + return -EIO; + } +@@ -198,7 +197,6 @@ static int bcm203x_probe(struct usb_inte + release_firmware(firmware); + + if (request_firmware(&firmware, "BCM2033-FW.bin", &udev->dev) < 0) { +- BT_ERR("Firmware request failed"); + usb_free_urb(data->urb); + kfree(data->buffer); + return -EIO; +--- a/drivers/bluetooth/bfusb.c ++++ b/drivers/bluetooth/bfusb.c +@@ -639,10 +639,8 @@ static int bfusb_probe(struct usb_interf + skb_queue_head_init(&data->pending_q); + skb_queue_head_init(&data->completed_q); + +- if (request_firmware(&firmware, "bfubase.frm", &udev->dev) < 0) { +- BT_ERR("Firmware request failed"); ++ if (request_firmware(&firmware, "bfubase.frm", &udev->dev)) + goto done; +- } + + BT_DBG("firmware data %p size %zu", firmware->data, firmware->size); + +--- a/drivers/bluetooth/bt3c_cs.c ++++ b/drivers/bluetooth/bt3c_cs.c +@@ -569,10 +569,8 @@ static int bt3c_open(struct bt3c_info *i + + /* Load firmware */ + err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev); +- if (err < 0) { +- BT_ERR("Firmware request failed"); ++ if (err) + goto error; +- } + + err = bt3c_load_firmware(info, firmware->data, firmware->size); + +--- a/drivers/bluetooth/btmrvl_sdio.c ++++ b/drivers/bluetooth/btmrvl_sdio.c +@@ -470,8 +470,6 @@ static int btmrvl_sdio_download_helper(s + ret = request_firmware(&fw_helper, card->helper, + &card->func->dev); + if ((ret < 0) || !fw_helper) { +- BT_ERR("request_firmware(helper) failed, error code = %d", +- ret); + ret = -ENOENT; + goto done; + } +@@ -570,8 +568,6 @@ static int btmrvl_sdio_download_fw_w_hel + ret = request_firmware(&fw_firmware, card->firmware, + &card->func->dev); + if ((ret < 0) || !fw_firmware) { +- BT_ERR("request_firmware(firmware) failed, error code = %d", +- ret); + ret = -ENOENT; + goto done; + } +--- a/drivers/char/dsp56k.c ++++ b/drivers/char/dsp56k.c +@@ -142,11 +142,8 @@ static int dsp56k_upload(u_char __user * + } + err = request_firmware(&fw, fw_name, &pdev->dev); + platform_device_unregister(pdev); +- if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fw_name, err); ++ if (err) + return err; +- } + if (fw->size % 3) { + printk(KERN_ERR "Bogus length %d in image \"%s\"\n", + fw->size, fw_name); +--- a/drivers/dma/imx-sdma.c ++++ b/drivers/dma/imx-sdma.c +@@ -1933,11 +1933,8 @@ static void sdma_load_firmware(const str + const struct sdma_script_start_addrs *addr; + unsigned short *ram_code; + +- if (!fw) { +- dev_info(sdma->dev, "external firmware not found, using ROM firmware\n"); +- /* In this case we just use the ROM firmware. */ ++ if (!fw) + return; +- } + + if (fw->size < sizeof(*header)) + goto err_firmware; +--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c +@@ -2579,10 +2579,8 @@ gf100_gr_load_fw(struct gf100_gr *gr, co + if (ret) { + snprintf(f, sizeof(f), "nouveau/%s", name); + ret = request_firmware(&fw, f, device->dev); +- if (ret) { +- nvkm_error(subdev, "failed to load %s\n", name); ++ if (ret) + return ret; +- } + } + + blob->size = fw->size; +--- a/drivers/gpu/drm/radeon/ni.c ++++ b/drivers/gpu/drm/radeon/ni.c +@@ -820,9 +820,6 @@ int ni_init_microcode(struct radeon_devi + + out: + if (err) { +- if (err != -EINVAL) +- pr_err("ni_cp: Failed to load firmware \"%s\"\n", +- fw_name); + release_firmware(rdev->pfp_fw); + rdev->pfp_fw = NULL; + release_firmware(rdev->me_fw); +--- a/drivers/gpu/drm/radeon/r100.c ++++ b/drivers/gpu/drm/radeon/r100.c +@@ -1057,9 +1057,7 @@ static int r100_cp_init_microcode(struct + } + + err = request_firmware(&rdev->me_fw, fw_name, rdev->dev); +- if (err) { +- pr_err("radeon_cp: Failed to load firmware \"%s\"\n", fw_name); +- } else if (rdev->me_fw->size % 8) { ++ if (err == 0 && rdev->me_fw->size % 8) { + pr_err("radeon_cp: Bogus length %zu in firmware \"%s\"\n", + rdev->me_fw->size, fw_name); + err = -EINVAL; +--- a/drivers/gpu/drm/radeon/r600.c ++++ b/drivers/gpu/drm/radeon/r600.c +@@ -2600,9 +2600,6 @@ int r600_init_microcode(struct radeon_de + + out: + if (err) { +- if (err != -EINVAL) +- pr_err("r600_cp: Failed to load firmware \"%s\"\n", +- fw_name); + release_firmware(rdev->pfp_fw); + rdev->pfp_fw = NULL; + release_firmware(rdev->me_fw); +--- a/drivers/infiniband/hw/qib/qib_sd7220.c ++++ b/drivers/infiniband/hw/qib/qib_sd7220.c +@@ -406,10 +406,8 @@ int qib_sd7220_init(struct qib_devdata * + } + + ret = request_firmware(&fw, SD7220_FW_NAME, &dd->pcidev->dev); +- if (ret) { +- qib_dev_err(dd, "Failed to load IB SERDES image\n"); ++ if (ret) + goto done; +- } + + /* Substitute our deduced value for was_reset */ + ret = qib_ibsd_ucode_loaded(dd->pport, fw); +--- a/drivers/input/touchscreen/atmel_mxt_ts.c ++++ b/drivers/input/touchscreen/atmel_mxt_ts.c +@@ -2927,10 +2927,8 @@ static int mxt_load_fw(struct device *de + int ret; + + ret = request_firmware(&fw, fn, dev); +- if (ret) { +- dev_err(dev, "Unable to open firmware %s\n", fn); ++ if (ret) + return ret; +- } + + /* Check for incorrect enc file */ + ret = mxt_check_firmware_format(dev, fw); +--- a/drivers/isdn/hardware/mISDN/speedfax.c ++++ b/drivers/isdn/hardware/mISDN/speedfax.c +@@ -379,11 +379,8 @@ setup_instance(struct sfax_hw *card) + card->isar.owner = THIS_MODULE; + + err = request_firmware(&firmware, "isdn/ISAR.BIN", &card->pdev->dev); +- if (err < 0) { +- pr_info("%s: firmware request failed %d\n", +- card->name, err); ++ if (err) + goto error_fw; +- } + if (debug & DEBUG_HW) + pr_notice("%s: got firmware %zu bytes\n", + card->name, firmware->size); +--- a/drivers/media/common/siano/smscoreapi.c ++++ b/drivers/media/common/siano/smscoreapi.c +@@ -1152,10 +1152,8 @@ static int smscore_load_firmware_from_fi + return -EINVAL; + + rc = request_firmware(&fw, fw_filename, coredev->device); +- if (rc < 0) { +- pr_err("failed to open firmware file '%s'\n", fw_filename); ++ if (rc < 0) + return rc; +- } + pr_debug("read fw %s, buffer size=0x%zx\n", fw_filename, fw->size); + fw_buf = kmalloc(ALIGN(fw->size + sizeof(struct sms_firmware), + SMS_ALLOC_ALIGNMENT), GFP_KERNEL | coredev->gfp_buf_flags); +--- a/drivers/media/dvb-frontends/af9013.c ++++ b/drivers/media/dvb-frontends/af9013.c +@@ -1049,14 +1049,8 @@ static int af9013_download_firmware(stru + + /* Request the firmware, will block and timeout */ + ret = request_firmware(&firmware, name, &client->dev); +- if (ret) { +- dev_info(&client->dev, "firmware file '%s' not found %d\n", +- name, ret); ++ if (ret) + goto err; +- } +- +- dev_info(&client->dev, "downloading firmware from file '%s'\n", +- name); + + /* Write firmware checksum & size */ + for (i = 0; i < firmware->size; i++) +--- a/drivers/media/dvb-frontends/bcm3510.c ++++ b/drivers/media/dvb-frontends/bcm3510.c +@@ -636,10 +636,9 @@ static int bcm3510_download_firmware(str + int ret,i; + + deb_info("requesting firmware\n"); +- if ((ret = st->config->request_firmware(fe, &fw, BCM3510_DEFAULT_FIRMWARE)) < 0) { +- err("could not load firmware (%s): %d",BCM3510_DEFAULT_FIRMWARE,ret); ++ ret = st->config->request_firmware(fe, &fw, BCM3510_DEFAULT_FIRMWARE); ++ if (ret) + return ret; +- } + deb_info("got firmware: %zu\n", fw->size); + + b = fw->data; +--- a/drivers/media/dvb-frontends/cx24116.c ++++ b/drivers/media/dvb-frontends/cx24116.c +@@ -479,13 +479,8 @@ static int cx24116_firmware_ondemand(str + __func__, CX24116_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- printk(KERN_INFO "%s: Waiting for firmware upload(2)...\n", +- __func__); +- if (ret) { +- printk(KERN_ERR "%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + /* Make sure we don't recurse back through here + * during loading */ +--- a/drivers/media/dvb-frontends/drxd_hard.c ++++ b/drivers/media/dvb-frontends/drxd_hard.c +@@ -891,10 +891,8 @@ static int load_firmware(struct drxd_sta + { + const struct firmware *fw; + +- if (request_firmware(&fw, fw_name, state->dev) < 0) { +- printk(KERN_ERR "drxd: firmware load failure [%s]\n", fw_name); ++ if (request_firmware(&fw, fw_name, state->dev)) + return -EIO; +- } + + state->microcode = kmemdup(fw->data, fw->size, GFP_KERNEL); + if (!state->microcode) { +--- a/drivers/media/dvb-frontends/drxk_hard.c ++++ b/drivers/media/dvb-frontends/drxk_hard.c +@@ -6228,10 +6228,6 @@ static void load_firmware_cb(const struc + + dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded"); + if (!fw) { +- pr_err("Could not load firmware file %s.\n", +- state->microcode_name); +- pr_info("Copy %s to your hotplug directory!\n", +- state->microcode_name); + state->microcode_name = NULL; + + /* +--- a/drivers/media/dvb-frontends/ds3000.c ++++ b/drivers/media/dvb-frontends/ds3000.c +@@ -348,12 +348,8 @@ static int ds3000_firmware_ondemand(stru + DS3000_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, DS3000_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- printk(KERN_INFO "%s: Waiting for firmware upload(2)...\n", __func__); +- if (ret) { +- printk(KERN_ERR "%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + ret = ds3000_load_firmware(fe, fw); + if (ret) +--- a/drivers/media/dvb-frontends/nxt200x.c ++++ b/drivers/media/dvb-frontends/nxt200x.c +@@ -861,12 +861,8 @@ static int nxt2002_init(struct dvb_front + __func__, NXT2002_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, NXT2002_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- pr_debug("%s: Waiting for firmware upload(2)...\n", __func__); +- if (ret) { +- pr_err("%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + ret = nxt2002_load_firmware(fe, fw); + release_firmware(fw); +@@ -928,12 +924,8 @@ static int nxt2004_init(struct dvb_front + __func__, NXT2004_DEFAULT_FIRMWARE); + ret = request_firmware(&fw, NXT2004_DEFAULT_FIRMWARE, + state->i2c->dev.parent); +- pr_debug("%s: Waiting for firmware upload(2)...\n", __func__); +- if (ret) { +- pr_err("%s: No firmware uploaded (timeout or file not found?)\n", +- __func__); ++ if (ret) + return ret; +- } + + ret = nxt2004_load_firmware(fe, fw); + release_firmware(fw); +--- a/drivers/media/dvb-frontends/or51132.c ++++ b/drivers/media/dvb-frontends/or51132.c +@@ -326,10 +326,8 @@ static int or51132_set_parameters(struct + printk("or51132: Waiting for firmware upload(%s)...\n", + fwname); + ret = request_firmware(&fw, fwname, state->i2c->dev.parent); +- if (ret) { +- printk(KERN_WARNING "or51132: No firmware uploaded(timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + ret = or51132_load_firmware(fe, fw); + release_firmware(fw); + if (ret) { +--- a/drivers/media/dvb-frontends/or51211.c ++++ b/drivers/media/dvb-frontends/or51211.c +@@ -361,11 +361,8 @@ static int or51211_init(struct dvb_front + OR51211_DEFAULT_FIRMWARE); + ret = config->request_firmware(fe, &fw, + OR51211_DEFAULT_FIRMWARE); +- pr_info("Got Hotplug firmware\n"); +- if (ret) { +- pr_warn("No firmware uploaded (timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + + ret = or51211_load_firmware(fe, fw); + release_firmware(fw); +--- a/drivers/media/dvb-frontends/sp887x.c ++++ b/drivers/media/dvb-frontends/sp887x.c +@@ -525,10 +525,8 @@ static int sp887x_init(struct dvb_fronte + /* request the firmware, this will block until someone uploads it */ + printk("sp887x: waiting for firmware upload (%s)...\n", SP887X_DEFAULT_FIRMWARE); + ret = state->config->request_firmware(fe, &fw, SP887X_DEFAULT_FIRMWARE); +- if (ret) { +- printk("sp887x: no firmware upload (timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + + ret = sp887x_initial_setup(fe, fw); + release_firmware(fw); +--- a/drivers/media/dvb-frontends/tda10048.c ++++ b/drivers/media/dvb-frontends/tda10048.c +@@ -483,8 +483,6 @@ static int tda10048_firmware_upload(stru + ret = request_firmware(&fw, TDA10048_DEFAULT_FIRMWARE, + state->i2c->dev.parent); + if (ret) { +- printk(KERN_ERR "%s: Upload failed. (file not found?)\n", +- __func__); + return -EIO; + } else { + printk(KERN_INFO "%s: firmware read %zu bytes.\n", +--- a/drivers/media/dvb-frontends/tda1004x.c ++++ b/drivers/media/dvb-frontends/tda1004x.c +@@ -388,10 +388,8 @@ static int tda10045_fwupload(struct dvb_ + /* request the firmware, this will block until someone uploads it */ + printk(KERN_INFO "tda1004x: waiting for firmware upload (%s)...\n", TDA10045_DEFAULT_FIRMWARE); + ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); +- if (ret) { +- printk(KERN_ERR "tda1004x: no firmware upload (timeout or file not found?)\n"); ++ if (ret) + return ret; +- } + + /* reset chip */ + tda1004x_write_mask(state, TDA1004X_CONFC4, 0x10, 0); +@@ -532,7 +530,6 @@ static int tda10046_fwupload(struct dvb_ + /* remain compatible to old bug: try to load with tda10045 image name */ + ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); + if (ret) { +- printk(KERN_ERR "tda1004x: no firmware upload (timeout or file not found?)\n"); + return ret; + } else { + printk(KERN_INFO "tda1004x: please rename the firmware file to %s\n", +--- a/drivers/media/dvb-frontends/tda10071.c ++++ b/drivers/media/dvb-frontends/tda10071.c +@@ -838,12 +838,8 @@ static int tda10071_init(struct dvb_fron + + /* request the firmware, this will block and timeout */ + ret = request_firmware(&fw, fw_file, &client->dev); +- if (ret) { +- dev_err(&client->dev, +- "did not find the firmware file '%s' (status %d). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware\n", +- fw_file, ret); ++ if (ret) + goto error; +- } + + /* init */ + for (i = 0; i < ARRAY_SIZE(tab2); i++) { +--- a/drivers/media/i2c/cx25840/cx25840-firmware.c ++++ b/drivers/media/i2c/cx25840/cx25840-firmware.c +@@ -113,10 +113,8 @@ int cx25840_loadfw(struct i2c_client *cl + if (is_cx231xx(state) && max_buf_size > 16) + max_buf_size = 16; + +- if (request_firmware(&fw, fwname, FWDEV(client)) != 0) { +- v4l_err(client, "unable to open firmware %s\n", fwname); ++ if (request_firmware(&fw, fwname, FWDEV(client)) != 0) + return -EINVAL; +- } + + start_fw_load(client); + +--- a/drivers/media/pci/bt8xx/bttv-cards.c ++++ b/drivers/media/pci/bt8xx/bttv-cards.c +@@ -3901,10 +3901,8 @@ static int pvr_boot(struct bttv *btv) + int rc; + + rc = request_firmware(&fw_entry, "hcwamc.rbf", &btv->c.pci->dev); +- if (rc != 0) { +- pr_warn("%d: no altera firmware [via hotplug]\n", btv->c.nr); ++ if (rc != 0) + return rc; +- } + rc = pvr_altera_load(btv, fw_entry->data, fw_entry->size); + pr_info("%d: altera firmware upload %s\n", + btv->c.nr, (rc < 0) ? "failed" : "ok"); +--- a/drivers/media/pci/cx18/cx18-av-firmware.c ++++ b/drivers/media/pci/cx18/cx18-av-firmware.c +@@ -70,10 +70,8 @@ int cx18_av_loadfw(struct cx18 *cx) + int i; + int retries1 = 0; + +- if (request_firmware(&fw, FWFILE, &cx->pci_dev->dev) != 0) { +- CX18_ERR_DEV(sd, "unable to open firmware %s\n", FWFILE); ++ if (request_firmware(&fw, FWFILE, &cx->pci_dev->dev) != 0) + return -EINVAL; +- } + + /* The firmware load often has byte errors, so allow for several + retries, both at byte level and at the firmware load level. */ +--- a/drivers/media/pci/cx18/cx18-dvb.c ++++ b/drivers/media/pci/cx18/cx18-dvb.c +@@ -127,9 +127,7 @@ static int yuan_mpc718_mt352_reqfw(struc + int ret; + + ret = request_firmware(fw, fn, &cx->pci_dev->dev); +- if (ret) +- CX18_ERR("Unable to open firmware file %s\n", fn); +- else { ++ if (!ret) { + size_t sz = (*fw)->size; + if (sz < 2 || sz > 64 || (sz % 2) != 0) { + CX18_ERR("Firmware %s has a bad size: %lu bytes\n", +--- a/drivers/media/pci/cx18/cx18-firmware.c ++++ b/drivers/media/pci/cx18/cx18-firmware.c +@@ -92,11 +92,8 @@ static int load_cpu_fw_direct(const char + u32 __iomem *dst = (u32 __iomem *)mem; + const u32 *src; + +- if (request_firmware(&fw, fn, &cx->pci_dev->dev)) { +- CX18_ERR("Unable to open firmware %s\n", fn); +- CX18_ERR("Did you put the firmware in the hotplug firmware directory?\n"); ++ if (request_firmware(&fw, fn, &cx->pci_dev->dev)) + return -ENOMEM; +- } + + src = (const u32 *)fw->data; + +@@ -137,8 +134,6 @@ static int load_apu_fw_direct(const char + int sz; + + if (request_firmware(&fw, fn, &cx->pci_dev->dev)) { +- CX18_ERR("unable to open firmware %s\n", fn); +- CX18_ERR("did you put the firmware in the hotplug firmware directory?\n"); + cx18_setup_page(cx, 0); + return -ENOMEM; + } +--- a/drivers/media/pci/cx23885/cx23885-417.c ++++ b/drivers/media/pci/cx23885/cx23885-417.c +@@ -920,12 +920,8 @@ static int cx23885_load_firmware(struct + retval = request_firmware(&firmware, CX23885_FIRM_IMAGE_NAME, + &dev->pci->dev); + +- if (retval != 0) { +- pr_err("ERROR: Hotplug firmware request failed (%s).\n", +- CX23885_FIRM_IMAGE_NAME); +- pr_err("Please fix your hotplug setup, the board will not work without firmware loaded!\n"); ++ if (retval != 0) + return -1; +- } + + if (firmware->size != CX23885_FIRM_IMAGE_SIZE) { + pr_err("ERROR: Firmware size mismatch (have %zu, expected %d)\n", +--- a/drivers/media/pci/cx23885/cx23885-cards.c ++++ b/drivers/media/pci/cx23885/cx23885-cards.c +@@ -2480,10 +2480,7 @@ void cx23885_card_setup(struct cx23885_d + cinfo.rev, filename); + + ret = request_firmware(&fw, filename, &dev->pci->dev); +- if (ret != 0) +- pr_err("did not find the firmware file '%s'. You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware.", +- filename); +- else ++ if (ret == 0) + altera_init(&netup_config, fw); + + release_firmware(fw); +--- a/drivers/media/pci/cx88/cx88-blackbird.c ++++ b/drivers/media/pci/cx88/cx88-blackbird.c +@@ -462,12 +462,8 @@ static int blackbird_load_firmware(struc + retval = request_firmware(&firmware, CX2341X_FIRM_ENC_FILENAME, + &dev->pci->dev); + +- if (retval != 0) { +- pr_err("Hotplug firmware request failed (%s).\n", +- CX2341X_FIRM_ENC_FILENAME); +- pr_err("Please fix your hotplug setup, the board will not work without firmware loaded!\n"); ++ if (retval != 0) + return -EIO; +- } + + if (firmware->size != BLACKBIRD_FIRM_IMAGE_SIZE) { + pr_err("Firmware size mismatch (have %zd, expected %d)\n", +--- a/drivers/media/pci/ivtv/ivtv-firmware.c ++++ b/drivers/media/pci/ivtv/ivtv-firmware.c +@@ -68,8 +68,6 @@ retry: + release_firmware(fw); + return size; + } +- IVTV_ERR("Unable to open firmware %s (must be %ld bytes)\n", fn, size); +- IVTV_ERR("Did you put the firmware in the hotplug firmware directory?\n"); + return -ENOMEM; + } + +--- a/drivers/media/pci/ngene/ngene-core.c ++++ b/drivers/media/pci/ngene/ngene-core.c +@@ -1236,19 +1236,14 @@ static int ngene_load_firm(struct ngene + break; + } + +- if (request_firmware(&fw, fw_name, &dev->pci_dev->dev) < 0) { +- dev_err(pdev, "Could not load firmware file %s.\n", fw_name); +- dev_info(pdev, "Copy %s to your hotplug directory!\n", +- fw_name); ++ if (request_firmware(&fw, fw_name, &dev->pci_dev->dev)) + return -1; +- } + if (size == 0) + size = fw->size; + if (size != fw->size) { + dev_err(pdev, "Firmware %s has invalid size!", fw_name); + err = -1; + } else { +- dev_info(pdev, "Loading firmware file %s.\n", fw_name); + ngene_fw = (u8 *) fw->data; + err = ngene_command_load_firmware(dev, ngene_fw, size); + } +--- a/drivers/media/pci/saa7164/saa7164-fw.c ++++ b/drivers/media/pci/saa7164/saa7164-fw.c +@@ -405,11 +405,8 @@ int saa7164_downloadfirmware(struct saa7 + __func__, fwname); + + ret = request_firmware(&fw, fwname, &dev->pci->dev); +- if (ret) { +- printk(KERN_ERR "%s() Upload failed. (file not found?)\n", +- __func__); ++ if (ret) + return -ENOMEM; +- } + + printk(KERN_INFO "%s() firmware read %zu bytes.\n", + __func__, fw->size); +--- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_ctrl.c ++++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_ctrl.c +@@ -65,10 +65,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc + } + } + +- if (err != 0) { +- mfc_err("Firmware is not present in the /lib/firmware directory nor compiled in kernel\n"); ++ if (err != 0) + return -EINVAL; +- } + if (fw_blob->size > dev->fw_buf.size) { + mfc_err("MFC firmware is too big to be loaded\n"); + release_firmware(fw_blob); +--- a/drivers/media/radio/radio-wl1273.c ++++ b/drivers/media/radio/radio-wl1273.c +@@ -502,11 +502,8 @@ static int wl1273_fm_upload_firmware_pat + * Uploading the firmware patch is not always necessary, + * so we only print an info message. + */ +- if (request_firmware(&fw_p, fw_name, dev)) { +- dev_info(dev, "%s - %s not found\n", __func__, fw_name); +- ++ if (request_firmware(&fw_p, fw_name, dev)) + return 0; +- } + + ptr = (__u8 *) fw_p->data; + packet_num = ptr[0]; +--- a/drivers/media/radio/wl128x/fmdrv_common.c ++++ b/drivers/media/radio/wl128x/fmdrv_common.c +@@ -1240,10 +1240,8 @@ static int fm_download_firmware(struct f + + ret = request_firmware(&fw_entry, fw_name, + &fmdev->radio_dev->dev); +- if (ret < 0) { +- fmerr("Unable to read firmware(%s) content\n", fw_name); ++ if (ret) + return ret; +- } + fmdbg("Firmware(%s) length : %zu bytes\n", fw_name, fw_entry->size); + + fw_data = (void *)fw_entry->data; +--- a/drivers/media/tuners/xc2028.c ++++ b/drivers/media/tuners/xc2028.c +@@ -1366,7 +1366,6 @@ static void load_firmware_cb(const struc + + tuner_dbg("request_firmware_nowait(): %s\n", fw ? "OK" : "error"); + if (!fw) { +- tuner_err("Could not load firmware %s.\n", priv->fname); + priv->state = XC2028_NODEV; + return; + } +--- a/drivers/media/usb/cx231xx/cx231xx-417.c ++++ b/drivers/media/usb/cx231xx/cx231xx-417.c +@@ -983,11 +983,6 @@ static int cx231xx_load_firmware(struct + dev->dev); + + if (retval != 0) { +- dev_err(dev->dev, +- "ERROR: Hotplug firmware request failed (%s).\n", +- CX231xx_FIRM_IMAGE_NAME); +- dev_err(dev->dev, +- "Please fix your hotplug setup, the board will not work without firmware loaded!\n"); + vfree(p_current_fw); + vfree(p_buffer); + return retval; +--- a/drivers/media/usb/dvb-usb/dib0700_devices.c ++++ b/drivers/media/usb/dvb-usb/dib0700_devices.c +@@ -2401,12 +2401,9 @@ static int stk9090m_frontend_attach(stru + + dib9000_i2c_enumeration(&adap->dev->i2c_adap, 1, 0x10, 0x80); + +- if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) { +- deb_info("%s: Upload failed. (file not found?)\n", __func__); ++ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) + return -ENODEV; +- } else { +- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); +- } ++ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); + stk9090m_config.microcode_B_fe_size = state->frontend_firmware->size; + stk9090m_config.microcode_B_fe_buffer = state->frontend_firmware->data; + +@@ -2471,12 +2468,9 @@ static int nim9090md_frontend_attach(str + msleep(20); + dib0700_set_gpio(adap->dev, GPIO0, GPIO_OUT, 1); + +- if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) { +- deb_info("%s: Upload failed. (file not found?)\n", __func__); ++ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) + return -EIO; +- } else { +- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); +- } ++ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); + nim9090md_config[0].microcode_B_fe_size = state->frontend_firmware->size; + nim9090md_config[0].microcode_B_fe_buffer = state->frontend_firmware->data; + nim9090md_config[1].microcode_B_fe_size = state->frontend_firmware->size; +--- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c ++++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c +@@ -90,13 +90,9 @@ int dvb_usb_download_firmware(struct usb + int ret; + const struct firmware *fw = NULL; + +- if ((ret = request_firmware(&fw, props->firmware, &udev->dev)) != 0) { +- err("did not find the firmware file '%s' (status %d). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware", +- props->firmware,ret); ++ ret = request_firmware(&fw, props->firmware, &udev->dev); ++ if (ret) + return ret; +- } +- +- info("downloading firmware from file '%s'",props->firmware); + + switch (props->usb_ctrl) { + case CYPRESS_AN2135: +--- a/drivers/media/usb/dvb-usb/gp8psk.c ++++ b/drivers/media/usb/dvb-usb/gp8psk.c +@@ -131,19 +131,14 @@ static int gp8psk_load_bcm4500fw(struct + const u8 *ptr; + u8 *buf; + if ((ret = request_firmware(&fw, bcm4500_firmware, +- &d->udev->dev)) != 0) { +- err("did not find the bcm4500 firmware file '%s' (status %d). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware", +- bcm4500_firmware,ret); ++ &d->udev->dev)) != 0) + return ret; +- } + + ret = -EINVAL; + + if (gp8psk_usb_out_op(d, LOAD_BCM4500,1,0,NULL, 0)) + goto out_rel_fw; + +- info("downloading bcm4500 firmware from file '%s'",bcm4500_firmware); +- + ptr = fw->data; + buf = kmalloc(64, GFP_KERNEL); + if (!buf) { +--- a/drivers/media/usb/dvb-usb/opera1.c ++++ b/drivers/media/usb/dvb-usb/opera1.c +@@ -459,8 +459,6 @@ static int opera1_xilinx_load_firmware(s + info("start downloading fpga firmware %s",filename); + + if ((ret = request_firmware(&fw, filename, &dev->dev)) != 0) { +- err("did not find the firmware file '%s'. You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware", +- filename); + return ret; + } else { + p = kmalloc(fw->size, GFP_KERNEL); +--- a/drivers/media/usb/go7007/go7007-driver.c ++++ b/drivers/media/usb/go7007/go7007-driver.c +@@ -84,10 +84,8 @@ static int go7007_load_encoder(struct go + u16 intr_val, intr_data; + + if (go->boot_fw == NULL) { +- if (request_firmware(&fw_entry, fw_name, go->dev)) { +- v4l2_err(go, "unable to load firmware from file \"%s\"\n", fw_name); ++ if (request_firmware(&fw_entry, fw_name, go->dev)) + return -1; +- } + if (fw_entry->size < 16 || memcmp(fw_entry->data, "WISGO7007FW", 11)) { + v4l2_err(go, "file \"%s\" does not appear to be go7007 firmware\n", fw_name); + release_firmware(fw_entry); +--- a/drivers/media/usb/go7007/go7007-fw.c ++++ b/drivers/media/usb/go7007/go7007-fw.c +@@ -1565,12 +1565,8 @@ int go7007_construct_fw_image(struct go7 + default: + return -1; + } +- if (request_firmware(&fw_entry, GO7007_FW_NAME, go->dev)) { +- dev_err(go->dev, +- "unable to load firmware from file \"%s\"\n", +- GO7007_FW_NAME); ++ if (request_firmware(&fw_entry, GO7007_FW_NAME, go->dev)) + return -1; +- } + code = kcalloc(codespace, 2, GFP_KERNEL); + if (code == NULL) + goto fw_failed; +--- a/drivers/media/usb/go7007/go7007-loader.c ++++ b/drivers/media/usb/go7007/go7007-loader.c +@@ -67,11 +67,8 @@ static int go7007_loader_probe(struct us + + dev_info(&interface->dev, "loading firmware %s\n", fw1); + +- if (request_firmware(&fw, fw1, &usbdev->dev)) { +- dev_err(&interface->dev, +- "unable to load firmware from file \"%s\"\n", fw1); ++ if (request_firmware(&fw, fw1, &usbdev->dev)) + goto failed2; +- } + ret = cypress_load_firmware(usbdev, fw, CYPRESS_FX2); + release_firmware(fw); + if (0 != ret) { +@@ -82,11 +79,8 @@ static int go7007_loader_probe(struct us + if (fw2 == NULL) + return 0; + +- if (request_firmware(&fw, fw2, &usbdev->dev)) { +- dev_err(&interface->dev, +- "unable to load firmware from file \"%s\"\n", fw2); ++ if (request_firmware(&fw, fw2, &usbdev->dev)) + goto failed2; +- } + ret = cypress_load_firmware(usbdev, fw, CYPRESS_FX2); + release_firmware(fw); + if (0 != ret) { +--- a/drivers/media/usb/gspca/vicam.c ++++ b/drivers/media/usb/gspca/vicam.c +@@ -230,10 +230,8 @@ static int sd_init(struct gspca_dev *gsp + + ret = request_ihex_firmware(&fw, VICAM_FIRMWARE, + &gspca_dev->dev->dev); +- if (ret) { +- pr_err("Failed to load \"vicam/firmware.fw\": %d\n", ret); ++ if (ret) + return ret; +- } + + firmware_buf = kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!firmware_buf) { +--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c ++++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c +@@ -1370,25 +1370,6 @@ static int pvr2_locate_firmware(struct p + "request_firmware fatal error with code=%d",ret); + return ret; + } +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "***WARNING*** Device %s firmware seems to be missing.", +- fwtypename); +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "Did you install the pvrusb2 firmware files in their proper location?"); +- if (fwcount == 1) { +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "request_firmware unable to locate %s file %s", +- fwtypename,fwnames[0]); +- } else { +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "request_firmware unable to locate one of the following %s files:", +- fwtypename); +- for (idx = 0; idx < fwcount; idx++) { +- pvr2_trace(PVR2_TRACE_ERROR_LEGS, +- "request_firmware: Failed to find %s", +- fwnames[idx]); +- } +- } + return ret; + } + +--- a/drivers/media/usb/s2255/s2255drv.c ++++ b/drivers/media/usb/s2255/s2255drv.c +@@ -2276,10 +2276,8 @@ static int s2255_probe(struct usb_interf + } + /* load the first chunk */ + if (request_firmware(&dev->fw_data->fw, +- FIRMWARE_FILE_NAME, &dev->udev->dev)) { +- dev_err(&interface->dev, "sensoray 2255 failed to get firmware\n"); ++ FIRMWARE_FILE_NAME, &dev->udev->dev)) + goto errorREQFW; +- } + /* check the firmware is valid */ + fw_size = dev->fw_data->fw->size; + pdata = (__le32 *) &dev->fw_data->fw->data[fw_size - 8]; +--- a/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c ++++ b/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c +@@ -282,10 +282,8 @@ static int ttusb_boot_dsp(struct ttusb * + + err = request_firmware(&fw, "ttusb-budget/dspbootcode.bin", + &ttusb->dev->dev); +- if (err) { +- pr_err("failed to request firmware\n"); ++ if (err) + return err; +- } + + /* BootBlock */ + b[0] = 0xaa; +--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c ++++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c +@@ -1317,11 +1317,8 @@ static int ttusb_dec_boot_dsp(struct ttu + dprintk("%s\n", __func__); + + result = request_firmware(&fw_entry, dec->firmware_name, &dec->udev->dev); +- if (result) { +- printk(KERN_ERR "%s: Firmware (%s) unavailable.\n", +- __func__, dec->firmware_name); ++ if (result) + return result; +- } + + firmware = fw_entry->data; + firmware_size = fw_entry->size; +--- a/drivers/misc/ti-st/st_kim.c ++++ b/drivers/misc/ti-st/st_kim.c +@@ -288,11 +288,8 @@ static long download_firmware(struct kim + request_firmware(&kim_gdata->fw_entry, bts_scr_name, + &kim_gdata->kim_pdev->dev); + if (unlikely((err != 0) || (kim_gdata->fw_entry->data == NULL) || +- (kim_gdata->fw_entry->size == 0))) { +- pr_err(" request_firmware failed(errno %ld) for %s", err, +- bts_scr_name); ++ (kim_gdata->fw_entry->size == 0))) + return -EINVAL; +- } + ptr = (void *)kim_gdata->fw_entry->data; + len = kim_gdata->fw_entry->size; + /* +--- a/drivers/net/can/softing/softing_fw.c ++++ b/drivers/net/can/softing/softing_fw.c +@@ -226,11 +226,8 @@ int softing_load_app_fw(const char *file + int8_t type_end = 0, type_entrypoint = 0; + + ret = request_firmware(&fw, file, &card->pdev->dev); +- if (ret) { +- dev_alert(&card->pdev->dev, "request_firmware(%s) got %i\n", +- file, ret); ++ if (ret) + return ret; +- } + dev_dbg(&card->pdev->dev, "firmware(%s) got %lu bytes\n", + file, (unsigned long)fw->size); + /* parse the firmware */ +--- a/drivers/net/ethernet/3com/typhoon.c ++++ b/drivers/net/ethernet/3com/typhoon.c +@@ -1279,11 +1279,8 @@ typhoon_request_firmware(struct typhoon + return 0; + + err = request_firmware(&typhoon_fw, FIRMWARE_NAME, &tp->pdev->dev); +- if (err) { +- netdev_err(tp->dev, "Failed to load firmware \"%s\"\n", +- FIRMWARE_NAME); ++ if (err) + return err; +- } + + image_data = typhoon_fw->data; + remaining = typhoon_fw->size; +--- a/drivers/net/ethernet/adaptec/starfire.c ++++ b/drivers/net/ethernet/adaptec/starfire.c +@@ -1004,11 +1004,8 @@ static int netdev_open(struct net_device + #endif /* VLAN_SUPPORT */ + + retval = request_firmware(&fw_rx, FIRMWARE_RX, &np->pci_dev->dev); +- if (retval) { +- printk(KERN_ERR "starfire: Failed to load firmware \"%s\"\n", +- FIRMWARE_RX); ++ if (retval) + goto out_init; +- } + if (fw_rx->size % 4) { + printk(KERN_ERR "starfire: bogus length %zu in \"%s\"\n", + fw_rx->size, FIRMWARE_RX); +@@ -1016,11 +1013,8 @@ static int netdev_open(struct net_device + goto out_rx; + } + retval = request_firmware(&fw_tx, FIRMWARE_TX, &np->pci_dev->dev); +- if (retval) { +- printk(KERN_ERR "starfire: Failed to load firmware \"%s\"\n", +- FIRMWARE_TX); ++ if (retval) + goto out_rx; +- } + if (fw_tx->size % 4) { + printk(KERN_ERR "starfire: bogus length %zu in \"%s\"\n", + fw_tx->size, FIRMWARE_TX); +--- a/drivers/net/ethernet/alacritech/slicoss.c ++++ b/drivers/net/ethernet/alacritech/slicoss.c +@@ -1051,11 +1051,8 @@ static int slic_load_rcvseq_firmware(str + file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_RCV_FIRMWARE_OASIS : + SLIC_RCV_FIRMWARE_MOJAVE; + err = request_firmware(&fw, file, &sdev->pdev->dev); +- if (err) { +- dev_err(&sdev->pdev->dev, +- "failed to load receive sequencer firmware %s\n", file); ++ if (err) + return err; +- } + /* Do an initial sanity check concerning firmware size now. A further + * check follows below. + */ +@@ -1126,10 +1123,8 @@ static int slic_load_firmware(struct sli + file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_FIRMWARE_OASIS : + SLIC_FIRMWARE_MOJAVE; + err = request_firmware(&fw, file, &sdev->pdev->dev); +- if (err) { +- dev_err(&sdev->pdev->dev, "failed to load firmware %s\n", file); ++ if (err) + return err; +- } + /* Do an initial sanity check concerning firmware size now. A further + * check follows below. + */ +--- a/drivers/net/ethernet/alteon/acenic.c ++++ b/drivers/net/ethernet/alteon/acenic.c +@@ -2877,11 +2877,8 @@ static int ace_load_firmware(struct net_ + fw_name = "acenic/tg1.bin"; + + ret = request_firmware(&fw, fw_name, &ap->pdev->dev); +- if (ret) { +- printk(KERN_ERR "%s: Failed to load firmware \"%s\"\n", +- ap->name, fw_name); ++ if (ret) + return ret; +- } + + fw_data = (void *)fw->data; + +--- a/drivers/net/ethernet/broadcom/bnx2.c ++++ b/drivers/net/ethernet/broadcom/bnx2.c +@@ -3710,16 +3710,13 @@ static int bnx2_request_uncached_firmwar + } + + rc = request_firmware(&bp->mips_firmware, mips_fw_file, &bp->pdev->dev); +- if (rc) { +- pr_err("Can't load firmware file \"%s\"\n", mips_fw_file); ++ if (rc) + goto out; +- } + + rc = request_firmware(&bp->rv2p_firmware, rv2p_fw_file, &bp->pdev->dev); +- if (rc) { +- pr_err("Can't load firmware file \"%s\"\n", rv2p_fw_file); ++ if (rc) + goto err_release_mips_firmware; +- } ++ + mips_fw = (const struct bnx2_mips_fw_file *) bp->mips_firmware->data; + rv2p_fw = (const struct bnx2_rv2p_fw_file *) bp->rv2p_firmware->data; + if (bp->mips_firmware->size < sizeof(*mips_fw) || +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -11394,11 +11394,8 @@ static int tg3_request_firmware(struct t + { + const struct tg3_firmware_hdr *fw_hdr; + +- if (request_firmware(&tp->fw, tp->fw_needed, &tp->pdev->dev)) { +- netdev_err(tp->dev, "Failed to load firmware \"%s\"\n", +- tp->fw_needed); ++ if (request_firmware(&tp->fw, tp->fw_needed, &tp->pdev->dev)) + return -ENOENT; +- } + + fw_hdr = (struct tg3_firmware_hdr *)tp->fw->data; + +--- a/drivers/net/ethernet/brocade/bna/cna_fwimg.c ++++ b/drivers/net/ethernet/brocade/bna/cna_fwimg.c +@@ -24,10 +24,8 @@ cna_read_firmware(struct pci_dev *pdev, + const struct firmware *fw; + u32 n; + +- if (request_firmware(&fw, fw_name, &pdev->dev)) { +- dev_alert(&pdev->dev, "can't load firmware %s\n", fw_name); ++ if (request_firmware(&fw, fw_name, &pdev->dev)) + goto error; +- } + + *bfi_image = (u32 *)fw->data; + *bfi_image_size = fw->size/sizeof(u32); +--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c ++++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +@@ -1035,12 +1035,8 @@ int t3_get_edc_fw(struct cphy *phy, int + fw_name = get_edc_fw_name(edc_idx); + if (fw_name) + ret = request_firmware(&fw, fw_name, &adapter->pdev->dev); +- if (ret < 0) { +- dev_err(&adapter->pdev->dev, +- "could not upgrade firmware: unable to load %s\n", +- fw_name); ++ if (ret) + return ret; +- } + + /* check size, take checksum in account */ + if (fw->size > size + 4) { +@@ -1077,11 +1073,8 @@ static int upgrade_fw(struct adapter *ad + struct device *dev = &adap->pdev->dev; + + ret = request_firmware(&fw, FW_FNAME, dev); +- if (ret < 0) { +- dev_err(dev, "could not upgrade firmware: unable to load %s\n", +- FW_FNAME); ++ if (ret) + return ret; +- } + ret = t3_load_fw(adap, fw->data, fw->size); + release_firmware(fw); + +@@ -1126,11 +1119,8 @@ static int update_tpsram(struct adapter + snprintf(buf, sizeof(buf), TPSRAM_NAME, rev); + + ret = request_firmware(&tpsram, buf, dev); +- if (ret < 0) { +- dev_err(dev, "could not load TP SRAM: unable to load %s\n", +- buf); ++ if (ret) + return ret; +- } + + ret = t3_check_tpsram(adap, tpsram->data, tpsram->size); + if (ret) +--- a/drivers/net/ethernet/intel/e100.c ++++ b/drivers/net/ethernet/intel/e100.c +@@ -1262,9 +1262,6 @@ static const struct firmware *e100_reque + + if (err) { + if (required) { +- netif_err(nic, probe, nic->netdev, +- "Failed to load firmware \"%s\": %d\n", +- fw_name, err); + return ERR_PTR(err); + } else { + netif_info(nic, probe, nic->netdev, +--- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c ++++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c +@@ -580,8 +580,6 @@ static int myri10ge_load_hotplug_firmwar + unsigned i; + + if (request_firmware(&fw, mgp->fw_name, dev) < 0) { +- dev_err(dev, "Unable to load %s firmware image via hotplug\n", +- mgp->fw_name); + status = -EINVAL; + goto abort_with_nothing; + } +--- a/drivers/net/ethernet/smsc/smc91c92_cs.c ++++ b/drivers/net/ethernet/smsc/smc91c92_cs.c +@@ -651,10 +651,8 @@ static int osi_load_firmware(struct pcmc + int i, err; + + err = request_firmware(&fw, FIRMWARE_NAME, &link->dev); +- if (err) { +- pr_err("Failed to load firmware \"%s\"\n", FIRMWARE_NAME); ++ if (err) + return err; +- } + + /* Download the Seven of Diamonds firmware */ + for (i = 0; i < fw->size; i++) { +--- a/drivers/net/ethernet/sun/cassini.c ++++ b/drivers/net/ethernet/sun/cassini.c +@@ -792,11 +792,8 @@ static void cas_saturn_firmware_init(str + return; + + err = request_firmware(&fw, fw_name, &cp->pdev->dev); +- if (err) { +- pr_err("Failed to load firmware \"%s\"\n", +- fw_name); ++ if (err) + return; +- } + if (fw->size < 2) { + pr_err("bogus length %zu in \"%s\"\n", + fw->size, fw_name); +--- a/drivers/net/hamradio/yam.c ++++ b/drivers/net/hamradio/yam.c +@@ -357,11 +357,8 @@ static unsigned char *add_mcs(unsigned c + } + err = request_firmware(&fw, fw_name[predef], &pdev->dev); + platform_device_unregister(pdev); +- if (err) { +- printk(KERN_ERR "Failed to load firmware \"%s\"\n", +- fw_name[predef]); ++ if (err) + return NULL; +- } + if (fw->size != YAM_FPGA_SIZE) { + printk(KERN_ERR "Bogus length %zu in firmware \"%s\"\n", + fw->size, fw_name[predef]); +--- a/drivers/net/usb/kaweth.c ++++ b/drivers/net/usb/kaweth.c +@@ -305,10 +305,8 @@ static int kaweth_download_firmware(stru + int ret; + + ret = request_firmware(&fw, fwname, &kaweth->dev->dev); +- if (ret) { +- dev_err(&kaweth->intf->dev, "Firmware request failed\n"); ++ if (ret) + return ret; +- } + + if (fw->size > KAWETH_FIRMWARE_BUF_SIZE) { + dev_err(&kaweth->intf->dev, "Firmware too big: %zu\n", +--- a/drivers/net/wireless/ath/ath9k/hif_usb.c ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.c +@@ -1250,9 +1250,6 @@ static void ath9k_hif_usb_firmware_cb(co + if (!ret) + return; + +- dev_err(&hif_dev->udev->dev, +- "ath9k_htc: Failed to get firmware %s\n", +- hif_dev->fw_name); + goto err_fw; + } + +--- a/drivers/net/wireless/ath/carl9170/usb.c ++++ b/drivers/net/wireless/ath/carl9170/usb.c +@@ -1029,7 +1029,6 @@ static void carl9170_usb_firmware_step2( + return; + } + +- dev_err(&ar->udev->dev, "firmware not found.\n"); + carl9170_usb_firmware_failed(ar); + } + +--- a/drivers/net/wireless/atmel/at76c50x-usb.c ++++ b/drivers/net/wireless/atmel/at76c50x-usb.c +@@ -1616,13 +1616,8 @@ static struct fwentry *at76_load_firmwar + + at76_dbg(DBG_FW, "downloading firmware %s", fwe->fwname); + ret = request_firmware(&fwe->fw, fwe->fwname, &udev->dev); +- if (ret < 0) { +- dev_err(&udev->dev, "firmware %s not found!\n", +- fwe->fwname); +- dev_err(&udev->dev, +- "you may need to download the firmware from http://developer.berlios.de/projects/at76c503a/\n"); ++ if (ret) + goto exit; +- } + + at76_dbg(DBG_FW, "got it."); + fwh = (struct at76_fw_header *)(fwe->fw->data); +--- a/drivers/net/wireless/atmel/atmel.c ++++ b/drivers/net/wireless/atmel/atmel.c +@@ -3892,12 +3892,8 @@ static int reset_atmel_card(struct net_d + strcpy(priv->firmware_id, "atmel_at76c502.bin"); + } + err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev); +- if (err != 0) { +- printk(KERN_ALERT +- "%s: firmware %s is missing, cannot continue.\n", +- dev->name, priv->firmware_id); ++ if (err != 0) + return err; +- } + } else { + int fw_index = 0; + int success = 0; +--- a/drivers/net/wireless/broadcom/b43/main.c ++++ b/drivers/net/wireless/broadcom/b43/main.c +@@ -2245,19 +2245,8 @@ int b43_do_request_fw(struct b43_request + } + err = request_firmware(&ctx->blob, ctx->fwname, + ctx->dev->dev->dev); +- if (err == -ENOENT) { +- snprintf(ctx->errors[ctx->req_type], +- sizeof(ctx->errors[ctx->req_type]), +- "Firmware file \"%s\" not found\n", +- ctx->fwname); ++ if (err) + return err; +- } else if (err) { +- snprintf(ctx->errors[ctx->req_type], +- sizeof(ctx->errors[ctx->req_type]), +- "Firmware file \"%s\" request failed (err=%d)\n", +- ctx->fwname, err); +- return err; +- } + fw_ready: + if (ctx->blob->size < sizeof(struct b43_fw_header)) + goto err_format; +--- a/drivers/net/wireless/broadcom/b43legacy/main.c ++++ b/drivers/net/wireless/broadcom/b43legacy/main.c +@@ -1524,11 +1524,8 @@ static int do_request_fw(struct b43legac + } else { + err = request_firmware(fw, path, dev->dev->dev); + } +- if (err) { +- b43legacyerr(dev->wl, "Firmware file \"%s\" not found " +- "or load failed.\n", path); ++ if (err) + return err; +- } + if ((*fw)->size < sizeof(struct b43legacy_fw_header)) + goto err_format; + hdr = (struct b43legacy_fw_header *)((*fw)->data); +--- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c +@@ -376,19 +376,13 @@ static int brcms_request_fw(struct brcms + sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i], + UCODE_LOADER_API_VER); + status = request_firmware(&wl->fw.fw_bin[i], fw_name, device); +- if (status) { +- wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n", +- KBUILD_MODNAME, fw_name); ++ if (status) + return status; +- } + sprintf(fw_name, "%s_hdr-%d.fw", brcms_firmwares[i], + UCODE_LOADER_API_VER); + status = request_firmware(&wl->fw.fw_hdr[i], fw_name, device); +- if (status) { +- wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n", +- KBUILD_MODNAME, fw_name); ++ if (status) + return status; +- } + wl->fw.hdr_num_entries[i] = + wl->fw.fw_hdr[i]->size / (sizeof(struct firmware_hdr)); + } +--- a/drivers/net/wireless/intel/ipw2x00/ipw2100.c ++++ b/drivers/net/wireless/intel/ipw2x00/ipw2100.c +@@ -8359,12 +8359,8 @@ static int ipw2100_get_firmware(struct i + + rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev); + +- if (rc < 0) { +- printk(KERN_ERR DRV_NAME ": " +- "%s: Firmware '%s' not available or load failed.\n", +- priv->net_dev->name, fw_name); ++ if (rc) + return rc; +- } + IPW_DEBUG_INFO("firmware data %p size %zd\n", fw->fw_entry->data, + fw->fw_entry->size); + +--- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c ++++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c +@@ -3350,10 +3350,8 @@ static int ipw_get_fw(struct ipw_priv *p + + /* ask firmware_class module to get the boot firmware off disk */ + rc = request_firmware(raw, name, &priv->pci_dev->dev); +- if (rc < 0) { +- IPW_ERROR("%s request_firmware failed: Reason %d\n", name, rc); ++ if (rc) + return rc; +- } + + if ((*raw)->size < sizeof(*fw)) { + IPW_ERROR("%s is too small (%zd)\n", name, (*raw)->size); +--- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c ++++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c +@@ -1829,7 +1829,6 @@ il3945_read_ucode(struct il_priv *il) + sprintf(buf, "%s%u%s", name_pre, idx, ".ucode"); + ret = request_firmware(&ucode_raw, buf, &il->pci_dev->dev); + if (ret < 0) { +- IL_ERR("%s firmware file req failed: %d\n", buf, ret); + if (ret == -ENOENT) + continue; + else +--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c ++++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c +@@ -241,8 +241,6 @@ static int iwl_request_firmware(struct i + drv->fw_index--; + + if (drv->fw_index < cfg->ucode_api_min) { +- IWL_ERR(drv, "no suitable firmware found!\n"); +- + if (cfg->ucode_api_min == cfg->ucode_api_max) { + IWL_ERR(drv, "%s-%d is required\n", fw_name_pre, + cfg->ucode_api_max); +--- a/drivers/net/wireless/intersil/orinoco/fw.c ++++ b/drivers/net/wireless/intersil/orinoco/fw.c +@@ -132,7 +132,6 @@ orinoco_dl_firmware(struct orinoco_priva + err = request_firmware(&fw_entry, firmware, priv->dev); + + if (err) { +- dev_err(dev, "Cannot find firmware %s\n", firmware); + err = -ENOENT; + goto free; + } +@@ -292,10 +291,8 @@ symbol_dl_firmware(struct orinoco_privat + const struct firmware *fw_entry; + + if (!orinoco_cached_fw_get(priv, true)) { +- if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) { +- dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw); ++ if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) + return -ENOENT; +- } + } else + fw_entry = orinoco_cached_fw_get(priv, true); + +@@ -311,10 +308,8 @@ symbol_dl_firmware(struct orinoco_privat + } + + if (!orinoco_cached_fw_get(priv, false)) { +- if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) { +- dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw); ++ if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) + return -ENOENT; +- } + } else + fw_entry = orinoco_cached_fw_get(priv, false); + +--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c ++++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c +@@ -1708,7 +1708,6 @@ static int ezusb_probe(struct usb_interf + if (ezusb_firmware_download(upriv, &firmware) < 0) + goto error; + } else { +- err("No firmware to download"); + goto error; + } + +--- a/drivers/net/wireless/intersil/p54/p54pci.c ++++ b/drivers/net/wireless/intersil/p54/p54pci.c +@@ -502,7 +502,6 @@ static void p54p_firmware_step2(const st + int err; + + if (!fw) { +- dev_err(&pdev->dev, "Cannot find firmware (isl3886pci)\n"); + err = -ENOENT; + goto out; + } +--- a/drivers/net/wireless/intersil/p54/p54spi.c ++++ b/drivers/net/wireless/intersil/p54/p54spi.c +@@ -158,10 +158,8 @@ static int p54spi_request_firmware(struc + /* FIXME: should driver use it's own struct device? */ + ret = request_firmware(&priv->firmware, "3826.arm", &priv->spi->dev); + +- if (ret < 0) { +- dev_err(&priv->spi->dev, "request_firmware() failed: %d", ret); ++ if (ret) + return ret; +- } + + ret = p54_parse_firmware(dev, priv->firmware); + if (ret) { +--- a/drivers/net/wireless/intersil/p54/p54usb.c ++++ b/drivers/net/wireless/intersil/p54/p54usb.c +@@ -929,7 +929,6 @@ static void p54u_load_firmware_cb(const + err = p54u_start_ops(priv); + } else { + err = -ENOENT; +- dev_err(&udev->dev, "Firmware not found.\n"); + } + + complete(&priv->fw_wait_load); +--- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c ++++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c +@@ -820,8 +820,6 @@ static int if_usb_prog_firmware(struct l + kernel_param_lock(THIS_MODULE); + ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev); + if (ret < 0) { +- pr_err("request_firmware() failed with %#x\n", ret); +- pr_err("firmware %s not found\n", lbtf_fw_name); + kernel_param_unlock(THIS_MODULE); + goto done; + } +--- a/drivers/net/wireless/marvell/mwifiex/main.c ++++ b/drivers/net/wireless/marvell/mwifiex/main.c +@@ -549,11 +549,8 @@ static int _mwifiex_fw_dpc(const struct + struct wireless_dev *wdev; + struct completion *fw_done = adapter->fw_done; + +- if (!firmware) { +- mwifiex_dbg(adapter, ERROR, +- "Failed to get firmware %s\n", adapter->fw_name); ++ if (!firmware) + goto err_dnld_fw; +- } + + memset(&fw, 0, sizeof(struct mwifiex_fw_image)); + adapter->firmware = firmware; +--- a/drivers/net/wireless/marvell/mwl8k.c ++++ b/drivers/net/wireless/marvell/mwl8k.c +@@ -5736,16 +5736,12 @@ static int mwl8k_firmware_load_success(s + static void mwl8k_fw_state_machine(const struct firmware *fw, void *context) + { + struct mwl8k_priv *priv = context; +- struct mwl8k_device_info *di = priv->device_info; + int rc; + + switch (priv->fw_state) { + case FW_STATE_INIT: +- if (!fw) { +- printk(KERN_ERR "%s: Error requesting helper fw %s\n", +- pci_name(priv->pdev), di->helper_image); ++ if (!fw) + goto fail; +- } + priv->fw_helper = fw; + rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode, + true); +@@ -5780,11 +5776,8 @@ static void mwl8k_fw_state_machine(const + break; + + case FW_STATE_LOADING_ALT: +- if (!fw) { +- printk(KERN_ERR "%s: Error requesting alt fw %s\n", +- pci_name(priv->pdev), di->helper_image); ++ if (!fw) + goto fail; +- } + priv->fw_ucode = fw; + rc = mwl8k_firmware_load_success(priv); + if (rc) +@@ -5822,10 +5815,8 @@ retry: + + /* Ask userland hotplug daemon for the device firmware */ + rc = mwl8k_request_firmware(priv, fw_image, nowait); +- if (rc) { +- wiphy_err(hw->wiphy, "Firmware files not found\n"); ++ if (rc) + return rc; +- } + + if (nowait) + return rc; +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c +@@ -38,10 +38,8 @@ static int rt2x00lib_request_firmware(st + rt2x00_info(rt2x00dev, "Loading firmware file '%s'\n", fw_name); + + retval = request_firmware(&fw, fw_name, device); +- if (retval) { +- rt2x00_err(rt2x00dev, "Failed to request Firmware\n"); ++ if (retval) + return retval; +- } + + if (!fw || !fw->size || !fw->data) { + rt2x00_err(rt2x00dev, "Failed to read Firmware\n"); +--- a/drivers/net/wireless/realtek/rtlwifi/core.c ++++ b/drivers/net/wireless/realtek/rtlwifi/core.c +@@ -88,7 +88,6 @@ static void rtl_fw_do_work(const struct + if (!err) + goto found_alt; + } +- pr_err("Selected firmware is not available\n"); + rtlpriv->max_fw_size = 0; + goto exit; + } +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c +@@ -63,13 +63,11 @@ static void rtl92se_fw_cb(const struct f + struct ieee80211_hw *hw = context; + struct rtl_priv *rtlpriv = rtl_priv(hw); + struct rt_firmware *pfirmware = NULL; +- char *fw_name = "rtlwifi/rtl8192sefw.bin"; + + rtl_dbg(rtlpriv, COMP_ERR, DBG_LOUD, + "Firmware callback routine entered!\n"); + complete(&rtlpriv->firmware_loading_complete); + if (!firmware) { +- pr_err("Firmware %s not available\n", fw_name); + rtlpriv->max_fw_size = 0; + return; + } +--- a/drivers/net/wireless/ti/wl1251/main.c ++++ b/drivers/net/wireless/ti/wl1251/main.c +@@ -57,10 +57,8 @@ static int wl1251_fetch_firmware(struct + + ret = request_firmware(&fw, WL1251_FW_NAME, dev); + +- if (ret < 0) { +- wl1251_error("could not get firmware: %d", ret); ++ if (ret) + return ret; +- } + + if (fw->size % 4) { + wl1251_error("firmware size is not multiple of 32 bits: %zu", +@@ -96,10 +94,8 @@ static int wl1251_fetch_nvs(struct wl125 + + ret = request_firmware(&fw, WL1251_NVS_NAME, dev); + +- if (ret < 0) { +- wl1251_error("could not get nvs file: %d", ret); ++ if (ret) + return ret; +- } + + if (fw->size % 4) { + wl1251_error("nvs size is not multiple of 32 bits: %zu", +--- a/drivers/net/wireless/ti/wlcore/main.c ++++ b/drivers/net/wireless/ti/wlcore/main.c +@@ -756,10 +756,8 @@ static int wl12xx_fetch_firmware(struct + + ret = request_firmware(&fw, fw_name, wl->dev); + +- if (ret < 0) { +- wl1271_error("could not get firmware %s: %d", fw_name, ret); ++ if (ret) + return ret; +- } + + if (fw->size % 4) { + wl1271_error("firmware size is not multiple of 32 bits: %zu", +--- a/drivers/net/wireless/zydas/zd1201.c ++++ b/drivers/net/wireless/zydas/zd1201.c +@@ -62,8 +62,6 @@ static int zd1201_fw_upload(struct usb_d + + err = request_firmware(&fw_entry, fwfile, &dev->dev); + if (err) { +- dev_err(&dev->dev, "Failed to load %s firmware file!\n", fwfile); +- dev_err(&dev->dev, "Make sure the hotplug firmware loader is installed.\n"); + dev_err(&dev->dev, "Goto http://linux-lc100020.sourceforge.net for more info.\n"); + return err; + } +--- a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c ++++ b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c +@@ -107,16 +107,9 @@ static void int_urb_complete(struct urb + static int request_fw_file( + const struct firmware **fw, const char *name, struct device *device) + { +- int r; +- + dev_dbg_f(device, "fw name %s\n", name); + +- r = request_firmware(fw, name, device); +- if (r) +- dev_err(device, +- "Could not load firmware file %s. Error number %d\n", +- name, r); +- return r; ++ return request_firmware(fw, name, device); + } + + static inline u16 get_bcdDevice(const struct usb_device *udev) +--- a/drivers/scsi/advansys.c ++++ b/drivers/scsi/advansys.c +@@ -4054,8 +4054,6 @@ static int AscInitAsc1000Driver(ASC_DVC_ + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code |= ASC_IERR_MCODE_CHKSUM; + return err; + } +@@ -4420,8 +4418,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_ + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; + return err; + } +@@ -4920,8 +4916,6 @@ static int AdvInitAsc38C0800Driver(ADV_D + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; + return err; + } +@@ -5408,8 +5402,6 @@ static int AdvInitAsc38C1600Driver(ADV_D + + err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; + return err; + } +--- a/drivers/scsi/aic94xx/aic94xx_init.c ++++ b/drivers/scsi/aic94xx/aic94xx_init.c +@@ -370,8 +370,6 @@ static ssize_t asd_store_update_bios(str + filename_ptr, + &asd_ha->pcidev->dev); + if (err) { +- asd_printk("Failed to load bios image file %s, error %d\n", +- filename_ptr, err); + err = FAIL_OPEN_BIOS_FILE; + goto out1; + } +--- a/drivers/scsi/aic94xx/aic94xx_seq.c ++++ b/drivers/scsi/aic94xx/aic94xx_seq.c +@@ -1302,11 +1302,8 @@ int asd_init_seqs(struct asd_ha_struct * + + err = asd_request_firmware(asd_ha); + +- if (err) { +- asd_printk("Failed to load sequencer firmware file %s, error %d\n", +- SAS_RAZOR_SEQUENCER_FW_FILE, err); ++ if (err) + return err; +- } + + err = asd_seq_download_seqs(asd_ha); + if (err) { +--- a/drivers/scsi/bfa/bfad.c ++++ b/drivers/scsi/bfa/bfad.c +@@ -1737,7 +1737,6 @@ bfad_read_firmware(struct pci_dev *pdev, + const struct firmware *fw; + + if (request_firmware(&fw, fw_name, &pdev->dev)) { +- printk(KERN_ALERT "Can't locate firmware %s\n", fw_name); + *bfi_image = NULL; + goto out; + } +--- a/drivers/scsi/ipr.c ++++ b/drivers/scsi/ipr.c +@@ -4009,10 +4009,8 @@ static ssize_t ipr_store_update_fw(struc + if (endline) + *endline = '\0'; + +- if (request_firmware(&fw_entry, fname, &ioa_cfg->pdev->dev)) { +- dev_err(&ioa_cfg->pdev->dev, "Firmware file %s not found\n", fname); ++ if (request_firmware(&fw_entry, fname, &ioa_cfg->pdev->dev)) + return -EIO; +- } + + image_hdr = (struct ipr_ucode_image_header *)fw_entry->data; + +--- a/drivers/scsi/pm8001/pm8001_ctl.c ++++ b/drivers/scsi/pm8001/pm8001_ctl.c +@@ -842,9 +842,6 @@ static ssize_t pm8001_store_update_fw(st + pm8001_ha->dev); + + if (ret) { +- pm8001_dbg(pm8001_ha, FAIL, +- "Failed to load firmware image file %s, error %d\n", +- filename_ptr, ret); + pm8001_ha->fw_status = FAIL_OPEN_BIOS_FILE; + goto out; + } +--- a/drivers/scsi/qla1280.c ++++ b/drivers/scsi/qla1280.c +@@ -1504,8 +1504,6 @@ qla1280_request_firmware(struct scsi_qla + err = request_firmware(&fw, fwname, &ha->pdev->dev); + + if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); + fw = ERR_PTR(err); + goto unlock; + } +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -8560,10 +8560,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, + /* Load firmware blob. */ + blob = qla2x00_request_firmware(vha); + if (!blob) { +- ql_log(ql_log_info, vha, 0x0083, +- "Firmware image unavailable.\n"); +- ql_log(ql_log_info, vha, 0x0084, +- "Firmware images can be retrieved from: "QLA_FW_URL ".\n"); + return QLA_FUNCTION_FAILED; + } + +@@ -8666,9 +8662,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * + + blob = qla2x00_request_firmware(vha); + if (!blob) { +- ql_log(ql_log_warn, vha, 0x0092, +- "-> Firmware file not found.\n"); +- + return QLA_FUNCTION_FAILED; + } + +--- a/drivers/scsi/qla2xxx/qla_nx.c ++++ b/drivers/scsi/qla2xxx/qla_nx.c +@@ -2427,11 +2427,8 @@ try_blob_fw: + + /* Load firmware blob. */ + blob = ha->hablob = qla2x00_request_firmware(vha); +- if (!blob) { +- ql_log(ql_log_fatal, vha, 0x00a3, +- "Firmware image not present.\n"); ++ if (!blob) + goto fw_load_failed; +- } + + /* Validating firmware blob */ + if (qla82xx_validate_firmware_blob(vha, +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7696,8 +7696,6 @@ qla2x00_request_firmware(scsi_qla_host_t + goto out; + + if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { +- ql_log(ql_log_warn, vha, 0x0063, +- "Failed to load firmware image (%s).\n", blob->name); + blob->fw = NULL; + blob = NULL; + } +--- a/drivers/scsi/qlogicpti.c ++++ b/drivers/scsi/qlogicpti.c +@@ -486,11 +486,8 @@ static int qlogicpti_load_firmware(struc + int i, timeout; + + err = request_firmware(&fw, fwname, &qpti->op->dev); +- if (err) { +- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", +- fwname, err); ++ if (err) + return err; +- } + if (fw->size % 2) { + printk(KERN_ERR "Bogus length %zu in image \"%s\"\n", + fw->size, fwname); +--- a/drivers/staging/rtl8192u/r819xU_firmware.c ++++ b/drivers/staging/rtl8192u/r819xU_firmware.c +@@ -240,10 +240,8 @@ bool init_firmware(struct net_device *de + */ + if (rst_opt == OPT_SYSTEM_RESET) { + rc = request_firmware(&fw_entry, fw_name[init_step], &priv->udev->dev); +- if (rc < 0) { +- RT_TRACE(COMP_ERR, "request firmware fail!\n"); ++ if (rc) + goto download_firmware_fail; +- } + + if (fw_entry->size > sizeof(pfirmware->firmware_buf)) { + RT_TRACE(COMP_ERR, "img file size exceed the container buffer fail!\n"); +--- a/drivers/staging/rtl8712/hal_init.c ++++ b/drivers/staging/rtl8712/hal_init.c +@@ -72,8 +72,6 @@ int rtl871x_load_fw(struct _adapter *pad + dev_info(dev, "r8712u: Loading firmware from \"%s\"\n", firmware_file); + rc = request_firmware_nowait(THIS_MODULE, 1, firmware_file, dev, + GFP_KERNEL, padapter, rtl871x_load_fw_cb); +- if (rc) +- dev_err(dev, "r8712u: Firmware request error %d\n", rc); + return rc; + } + MODULE_FIRMWARE("rtlwifi/rtl8712u.bin"); +--- a/drivers/staging/vt6656/main_usb.c ++++ b/drivers/staging/vt6656/main_usb.c +@@ -107,11 +107,8 @@ static int vnt_download_firmware(struct + dev_dbg(dev, "---->Download firmware\n"); + + ret = request_firmware(&fw, FIRMWARE_NAME, dev); +- if (ret) { +- dev_err(dev, "firmware file %s request failed (%d)\n", +- FIRMWARE_NAME, ret); ++ if (ret) + goto end; +- } + + for (ii = 0; ii < fw->size; ii += FIRMWARE_CHUNK_SIZE) { + length = min_t(int, fw->size - ii, FIRMWARE_CHUNK_SIZE); +--- a/drivers/tty/moxa.c ++++ b/drivers/tty/moxa.c +@@ -1154,13 +1154,8 @@ static int moxa_init_board(struct moxa_b + } + + ret = request_firmware(&fw, file, dev); +- if (ret) { +- printk(KERN_ERR "MOXA: request_firmware failed. Make sure " +- "you've placed '%s' file into your firmware " +- "loader directory (e.g. /lib/firmware)\n", +- file); ++ if (ret) + goto err_free; +- } + + ret = moxa_load_fw(brd, fw); + +--- a/drivers/tty/serial/icom.c ++++ b/drivers/tty/serial/icom.c +@@ -621,7 +621,6 @@ static void load_code(struct icom_port * + + /* Load Call Setup into Adapter */ + if (request_firmware(&fw, "icom_call_setup.bin", &dev->dev) < 0) { +- dev_err(&dev->dev,"Unable to load icom_call_setup.bin firmware image\n"); + status = -1; + goto load_code_exit; + } +@@ -641,7 +640,6 @@ static void load_code(struct icom_port * + + /* Load Resident DCE portion of Adapter */ + if (request_firmware(&fw, "icom_res_dce.bin", &dev->dev) < 0) { +- dev_err(&dev->dev,"Unable to load icom_res_dce.bin firmware image\n"); + status = -1; + goto load_code_exit; + } +@@ -686,7 +684,6 @@ static void load_code(struct icom_port * + } + + if (request_firmware(&fw, "icom_asc.bin", &dev->dev) < 0) { +- dev_err(&dev->dev,"Unable to load icom_asc.bin firmware image\n"); + status = -1; + goto load_code_exit; + } +--- a/drivers/tty/serial/ucc_uart.c ++++ b/drivers/tty/serial/ucc_uart.c +@@ -1149,10 +1149,8 @@ static void uart_firmware_cont(const str + struct device *dev = context; + int ret; + +- if (!fw) { +- dev_err(dev, "firmware not found\n"); ++ if (!fw) + return; +- } + + firmware = (struct qe_firmware *) fw->data; + +--- a/drivers/usb/atm/cxacru.c ++++ b/drivers/usb/atm/cxacru.c +@@ -1084,8 +1084,6 @@ static int cxacru_find_firmware(struct c + return -ENOENT; + } + +- usb_info(usbatm, "found firmware %s\n", buf); +- + return 0; + } + +--- a/drivers/usb/atm/ueagle-atm.c ++++ b/drivers/usb/atm/ueagle-atm.c +@@ -606,10 +606,8 @@ static void uea_upload_pre_firmware(cons + int ret, size; + + uea_enters(usb); +- if (!fw_entry) { +- uea_err(usb, "firmware is not available\n"); ++ if (!fw_entry) + goto err; +- } + + pfw = fw_entry->data; + size = fw_entry->size; +@@ -704,10 +702,6 @@ static int uea_load_firmware(struct usb_ + ret = request_firmware_nowait(THIS_MODULE, 1, fw_name, &usb->dev, + GFP_KERNEL, usb, + uea_upload_pre_firmware); +- if (ret) +- uea_err(usb, "firmware %s is not available\n", fw_name); +- else +- uea_info(usb, "loading firmware %s\n", fw_name); + + uea_leaves(usb); + return ret; +@@ -869,12 +863,8 @@ static int request_dsp(struct uea_softc + } + + ret = request_firmware(&sc->dsp_firm, dsp_name, &sc->usb_dev->dev); +- if (ret < 0) { +- uea_err(INS_TO_USBDEV(sc), +- "requesting firmware %s failed with error %d\n", +- dsp_name, ret); ++ if (ret) + return ret; +- } + + if (UEA_CHIP_VERSION(sc) == EAGLE_IV) + ret = check_dsp_e4(sc->dsp_firm->data, sc->dsp_firm->size); +@@ -1587,12 +1577,8 @@ static int request_cmvs_old(struct uea_s + + cmvs_file_name(sc, cmv_name, 1); + ret = request_firmware(fw, cmv_name, &sc->usb_dev->dev); +- if (ret < 0) { +- uea_err(INS_TO_USBDEV(sc), +- "requesting firmware %s failed with error %d\n", +- cmv_name, ret); ++ if (ret) + return ret; +- } + + data = (u8 *) (*fw)->data; + size = (*fw)->size; +@@ -1629,9 +1615,6 @@ static int request_cmvs(struct uea_softc + "try to get older cmvs\n", cmv_name); + return request_cmvs_old(sc, cmvs, fw); + } +- uea_err(INS_TO_USBDEV(sc), +- "requesting firmware %s failed with error %d\n", +- cmv_name, ret); + return ret; + } + +@@ -1914,11 +1897,8 @@ static int load_XILINX_firmware(struct u + uea_enters(INS_TO_USBDEV(sc)); + + ret = request_firmware(&fw_entry, fw_name, &sc->usb_dev->dev); +- if (ret) { +- uea_err(INS_TO_USBDEV(sc), "firmware %s is not available\n", +- fw_name); ++ if (ret) + goto err0; +- } + + pfw = fw_entry->data; + size = fw_entry->size; +--- a/drivers/usb/misc/emi26.c ++++ b/drivers/usb/misc/emi26.c +@@ -85,21 +85,17 @@ static int emi26_load_firmware (struct u + + err = request_ihex_firmware(&loader_fw, "emi26/loader.fw", &dev->dev); + if (err) +- goto nofw; ++ goto wraperr; + + err = request_ihex_firmware(&bitstream_fw, "emi26/bitstream.fw", + &dev->dev); + if (err) +- goto nofw; ++ goto wraperr; + + err = request_ihex_firmware(&firmware_fw, "emi26/firmware.fw", + &dev->dev); +- if (err) { +- nofw: +- dev_err(&dev->dev, "%s - request_firmware() failed\n", +- __func__); ++ if (err) + goto wraperr; +- } + + /* Assert reset (stop the CPU in the EMI) */ + err = emi26_set_reset(dev,1); +--- a/drivers/usb/misc/ezusb.c ++++ b/drivers/usb/misc/ezusb.c +@@ -64,12 +64,8 @@ static int ezusb_ihex_firmware_download( + const struct ihex_binrec *record; + + if (request_ihex_firmware(&firmware, firmware_path, +- &dev->dev)) { +- dev_err(&dev->dev, +- "%s - request \"%s\" failed\n", +- __func__, firmware_path); ++ &dev->dev)) + goto out; +- } + + ret = ezusb_set_reset(dev, fx.cpucs_reg, 0); + if (ret < 0) +--- a/drivers/usb/misc/isight_firmware.c ++++ b/drivers/usb/misc/isight_firmware.c +@@ -45,7 +45,6 @@ static int isight_firmware_load(struct u + return -ENOMEM; + + if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) { +- printk(KERN_ERR "Unable to load isight firmware\n"); + ret = -ENODEV; + goto out; + } +--- a/drivers/usb/serial/io_edgeport.c ++++ b/drivers/usb/serial/io_edgeport.c +@@ -332,11 +332,8 @@ static void update_edgeport_E2PROM(struc + + response = request_ihex_firmware(&fw, fw_name, + &edge_serial->serial->dev->dev); +- if (response) { +- dev_err(dev, "Failed to load image \"%s\" err %d\n", +- fw_name, response); ++ if (response) + return; +- } + + rec = (const struct ihex_binrec *)fw->data; + BootMajorVersion = rec->data[0]; +--- a/drivers/usb/serial/io_ti.c ++++ b/drivers/usb/serial/io_ti.c +@@ -1009,8 +1009,6 @@ static int download_fw(struct edgeport_s + + status = request_firmware(&fw, fw_name, dev); + if (status) { +- dev_err(dev, "Failed to load image \"%s\" err %d\n", +- fw_name, status); + return status; + } + +--- a/drivers/usb/serial/ti_usb_3410_5052.c ++++ b/drivers/usb/serial/ti_usb_3410_5052.c +@@ -1635,10 +1635,8 @@ static int ti_download_firmware(struct t + } + + check_firmware: +- if (status) { +- dev_err(&dev->dev, "%s - firmware not found\n", __func__); ++ if (status) + return -ENOENT; +- } + if (fw_p->size > TI_FIRMWARE_BUF_SIZE) { + dev_err(&dev->dev, "%s - firmware too large %zu\n", __func__, fw_p->size); + release_firmware(fw_p); +--- a/drivers/video/fbdev/broadsheetfb.c ++++ b/drivers/video/fbdev/broadsheetfb.c +@@ -743,10 +743,8 @@ static ssize_t broadsheet_loadstore_wave + return -EINVAL; + + err = request_firmware(&fw_entry, "broadsheet.wbf", dev); +- if (err < 0) { +- dev_err(dev, "Failed to get broadsheet waveform\n"); ++ if (err) + goto err_failed; +- } + + /* try to enforce reasonable min max on waveform */ + if ((fw_entry->size < 8*1024) || (fw_entry->size > 64*1024)) { +--- a/drivers/video/fbdev/metronomefb.c ++++ b/drivers/video/fbdev/metronomefb.c +@@ -621,10 +621,8 @@ static int metronomefb_probe(struct plat + a) request the waveform file from userspace + b) process waveform and decode into metromem */ + retval = request_firmware(&fw_entry, "metronome.wbf", &dev->dev); +- if (retval < 0) { +- dev_err(&dev->dev, "Failed to get waveform\n"); ++ if (retval) + goto err_csum_table; +- } + + retval = load_waveform((u8 *) fw_entry->data, fw_entry->size, 3, 31, + par); +--- a/sound/drivers/vx/vx_hwdep.c ++++ b/sound/drivers/vx/vx_hwdep.c +@@ -58,10 +58,8 @@ int snd_vx_setup_firmware(struct vx_core + if (! fw_files[chip->type][i]) + continue; + sprintf(path, "vx/%s", fw_files[chip->type][i]); +- if (request_firmware(&fw, path, chip->dev)) { +- snd_printk(KERN_ERR "vx: can't load firmware %s\n", path); ++ if (request_firmware(&fw, path, chip->dev)) + return -ENOENT; +- } + err = chip->ops->load_dsp(chip, i, fw); + if (err < 0) { + release_firmware(fw); +--- a/sound/isa/msnd/msnd_pinnacle.c ++++ b/sound/isa/msnd/msnd_pinnacle.c +@@ -376,15 +376,11 @@ static int upload_dsp_code(struct snd_ca + outb(HPBLKSEL_0, chip->io + HP_BLKS); + + err = request_firmware(&init_fw, INITCODEFILE, card->dev); +- if (err < 0) { +- printk(KERN_ERR LOGNAME ": Error loading " INITCODEFILE); ++ if (err) + goto cleanup1; +- } + err = request_firmware(&perm_fw, PERMCODEFILE, card->dev); +- if (err < 0) { +- printk(KERN_ERR LOGNAME ": Error loading " PERMCODEFILE); ++ if (err) + goto cleanup; +- } + + memcpy_toio(chip->mappedbase, perm_fw->data, perm_fw->size); + if (snd_msnd_upload_host(chip, init_fw->data, init_fw->size) < 0) { +--- a/sound/isa/sscape.c ++++ b/sound/isa/sscape.c +@@ -520,10 +520,8 @@ static int sscape_upload_bootblock(struc + int ret; + + ret = request_firmware(&init_fw, "scope.cod", card->dev); +- if (ret < 0) { +- snd_printk(KERN_ERR "sscape: Error loading scope.cod"); ++ if (ret) + return ret; +- } + ret = upload_dma_data(sscape, init_fw->data, init_fw->size); + + release_firmware(init_fw); +@@ -560,11 +558,8 @@ static int sscape_upload_microcode(struc + scnprintf(name, sizeof(name), "sndscape.co%d", version); + + err = request_firmware(&init_fw, name, card->dev); +- if (err < 0) { +- snd_printk(KERN_ERR "sscape: Error loading sndscape.co%d", +- version); ++ if (err) + return err; +- } + err = upload_dma_data(sscape, init_fw->data, init_fw->size); + if (err == 0) + snd_printk(KERN_INFO "sscape: MIDI firmware loaded %zu KBs\n", +--- a/sound/isa/wavefront/wavefront_synth.c ++++ b/sound/isa/wavefront/wavefront_synth.c +@@ -1970,10 +1970,8 @@ wavefront_download_firmware (snd_wavefro + const struct firmware *firmware; + + err = request_firmware(&firmware, path, dev->card->dev); +- if (err < 0) { +- snd_printk(KERN_ERR "firmware (%s) download failed!!!\n", path); ++ if (err) + return 1; +- } + + len = 0; + buf = firmware->data; +--- a/sound/pci/asihpi/hpidspcd.c ++++ b/sound/pci/asihpi/hpidspcd.c +@@ -35,8 +35,6 @@ short hpi_dsp_code_open(u32 adapter, voi + err = request_firmware(&firmware, fw_name, &dev->dev); + + if (err || !firmware) { +- dev_err(&dev->dev, "%d, request_firmware failed for %s\n", +- err, fw_name); + goto error1; + } + if (firmware->size < sizeof(header)) { +--- a/sound/pci/cs46xx/cs46xx_lib.c ++++ b/sound/pci/cs46xx/cs46xx_lib.c +@@ -3196,11 +3196,8 @@ int snd_cs46xx_start_dsp(struct snd_cs46 + #ifdef CONFIG_SND_CS46XX_NEW_DSP + for (i = 0; i < CS46XX_DSP_MODULES; i++) { + err = load_firmware(chip, &chip->modules[i], module_names[i]); +- if (err < 0) { +- dev_err(chip->card->dev, "firmware load error [%s]\n", +- module_names[i]); ++ if (err < 0) + return err; +- } + err = cs46xx_dsp_load_module(chip, chip->modules[i]); + if (err < 0) { + dev_err(chip->card->dev, "image download error [%s]\n", +--- a/sound/pci/echoaudio/echoaudio.c ++++ b/sound/pci/echoaudio/echoaudio.c +@@ -48,11 +48,8 @@ static int get_firmware(const struct fir + "firmware requested: %s\n", card_fw[fw_index].data); + snprintf(name, sizeof(name), "ea/%s", card_fw[fw_index].data); + err = request_firmware(fw_entry, name, &chip->pci->dev); +- if (err < 0) +- dev_err(chip->card->dev, +- "get_firmware(): Firmware not available (%d)\n", err); + #ifdef CONFIG_PM_SLEEP +- else ++ if (!err) + chip->fw_cache[fw_index] = *fw_entry; + #endif + return err; +--- a/sound/pci/emu10k1/emu10k1_main.c ++++ b/sound/pci/emu10k1/emu10k1_main.c +@@ -864,10 +864,8 @@ static int snd_emu10k1_emu1010_init(stru + dev_info(emu->card->dev, "emu1010: EMU_HANA_ID = 0x%x\n", reg); + + err = snd_emu1010_load_firmware(emu, 0, &emu->firmware); +- if (err < 0) { +- dev_info(emu->card->dev, "emu1010: Loading Firmware failed\n"); ++ if (err < 0) + return err; +- } + + /* ID, should read & 0x7f = 0x55 when FPGA programmed. */ + snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®); +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -2040,8 +2040,6 @@ static void azx_firmware_cb(const struct + + if (fw) + chip->fw = fw; +- else +- dev_err(card->dev, "Cannot load firmware, continue without patching\n"); + if (!chip->disabled) { + /* continue probing */ + azx_probe_continue(chip); +--- a/sound/pci/korg1212/korg1212.c ++++ b/sound/pci/korg1212/korg1212.c +@@ -2232,7 +2232,6 @@ static int snd_korg1212_create(struct sn + + err = request_firmware(&dsp_code, "korg/k1212.dsp", &pci->dev); + if (err < 0) { +- snd_printk(KERN_ERR "firmware not available\n"); + return err; + } + +--- a/sound/pci/mixart/mixart_hwdep.c ++++ b/sound/pci/mixart/mixart_hwdep.c +@@ -566,11 +566,8 @@ int snd_mixart_setup_firmware(struct mix + + for (i = 0; i < 3; i++) { + sprintf(path, "mixart/%s", fw_files[i]); +- if (request_firmware(&fw_entry, path, &mgr->pci->dev)) { +- dev_err(&mgr->pci->dev, +- "miXart: can't load firmware %s\n", path); ++ if (request_firmware(&fw_entry, path, &mgr->pci->dev)) + return -ENOENT; +- } + /* fake hwdep dsp record */ + err = mixart_dsp_load(mgr, i, fw_entry); + release_firmware(fw_entry); +--- a/sound/pci/pcxhr/pcxhr_hwdep.c ++++ b/sound/pci/pcxhr/pcxhr_hwdep.c +@@ -375,12 +375,8 @@ int pcxhr_setup_firmware(struct pcxhr_mg + if (!fw_files[fw_set][i]) + continue; + sprintf(path, "pcxhr/%s", fw_files[fw_set][i]); +- if (request_firmware(&fw_entry, path, &mgr->pci->dev)) { +- dev_err(&mgr->pci->dev, +- "pcxhr: can't load firmware %s\n", +- path); ++ if (request_firmware(&fw_entry, path, &mgr->pci->dev)) + return -ENOENT; +- } + /* fake hwdep dsp record */ + err = pcxhr_dsp_load(mgr, i, fw_entry); + release_firmware(fw_entry); +--- a/sound/pci/riptide/riptide.c ++++ b/sound/pci/riptide/riptide.c +@@ -1222,11 +1222,8 @@ static int try_to_load_firmware(struct c + if (!chip->fw_entry) { + err = request_firmware(&chip->fw_entry, "riptide.hex", + &chip->pci->dev); +- if (err) { +- snd_printk(KERN_ERR +- "Riptide: Firmware not available %d\n", err); ++ if (err) + return -EIO; +- } + } + err = loadfirmware(cif, chip->fw_entry->data, chip->fw_entry->size); + if (err) { +--- a/sound/pci/rme9652/hdsp.c ++++ b/sound/pci/rme9652/hdsp.c +@@ -5171,11 +5171,8 @@ static int hdsp_request_fw_loader(struct + return -EINVAL; + } + +- if (request_firmware(&fw, fwfile, &hdsp->pci->dev)) { +- dev_err(hdsp->card->dev, +- "cannot load firmware %s\n", fwfile); ++ if (request_firmware(&fw, fwfile, &hdsp->pci->dev)) + return -ENOENT; +- } + if (fw->size < HDSP_FIRMWARE_SIZE) { + dev_err(hdsp->card->dev, + "too short firmware size %d (expected %d)\n", +--- a/sound/soc/codecs/wm2000.c ++++ b/sound/soc/codecs/wm2000.c +@@ -891,10 +891,8 @@ static int wm2000_i2c_probe(struct i2c_c + } + + ret = request_firmware(&fw, filename, &i2c->dev); +- if (ret != 0) { +- dev_err(&i2c->dev, "Failed to acquire ANC data: %d\n", ret); ++ if (ret != 0) + goto err_supplies; +- } + + /* Pre-cook the concatenation of the register address onto the image */ + wm2000->anc_download_size = fw->size + 2; +--- a/sound/usb/6fire/firmware.c ++++ b/sound/usb/6fire/firmware.c +@@ -203,8 +203,6 @@ static int usb6fire_fw_ezusb_upload( + ret = request_firmware(&fw, fwname, &device->dev); + if (ret < 0) { + kfree(rec); +- dev_err(&intf->dev, +- "error requesting ezusb firmware %s.\n", fwname); + return ret; + } + ret = usb6fire_fw_ihex_init(fw, rec); +@@ -280,8 +278,6 @@ static int usb6fire_fw_fpga_upload( + + ret = request_firmware(&fw, fwname, &device->dev); + if (ret < 0) { +- dev_err(&intf->dev, "unable to get fpga firmware %s.\n", +- fwname); + kfree(buffer); + return -EIO; + } diff --git a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch new file mode 100644 index 000000000..092a74496 --- /dev/null +++ b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch @@ -0,0 +1,83 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: firmware_class: Log every success and failure against given device +Date: Sun, 09 Dec 2012 16:02:00 +0000 +Forwarded: no + +The hundreds of users of request_firmware() have nearly as many +different log formats for reporting failures. They also have only the +vaguest hint as to what went wrong; only firmware_class really knows +that. Therefore, add specific log messages for the failure modes that +aren't currently logged. + +In case of a driver that tries multiple names, this may result in the +impression that it failed to initialise. Therefore, also log successes. + +This makes many error messages in drivers redundant, which will be +removed in later patches. + +This does not cover the case where we fall back to a user-mode helper +(which is no longer enabled in Debian). + +NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n" +format to detect missing firmware. +--- + drivers/base/firmware_loader/fallback.c | 2 +- + drivers/base/firmware_loader/main.c | 17 ++++++++--------- + 2 files changed, 9 insertions(+), 10 deletions(-) + +--- a/drivers/base/firmware_loader/fallback.c ++++ b/drivers/base/firmware_loader/fallback.c +@@ -558,7 +558,7 @@ static int fw_load_from_user_helper(stru + if (opt_flags & FW_OPT_NOWAIT) { + timeout = usermodehelper_read_lock_wait(timeout); + if (!timeout) { +- dev_dbg(device, "firmware: %s loading timed out\n", ++ dev_err(device, "firmware: %s loading timed out\n", + name); + return -EBUSY; + } +--- a/drivers/base/firmware_loader/main.c ++++ b/drivers/base/firmware_loader/main.c +@@ -535,18 +535,15 @@ fw_get_filesystem_firmware(struct device + file_size_ptr, + READING_FIRMWARE); + if (rc < 0) { +- if (rc != -ENOENT) +- dev_warn(device, "loading %s failed with error %d\n", +- path, rc); +- else +- dev_dbg(device, "loading %s failed for no such file or directory.\n", +- path); ++ dev_dbg(device, "loading %s failed with error %d\n", ++ path, rc); + continue; + } + size = rc; + rc = 0; + +- dev_dbg(device, "Loading firmware from %s\n", path); ++ dev_info(device, "firmware: direct-loading firmware %s\n", ++ fw_priv->fw_name); + if (decompress) { + dev_dbg(device, "f/w decompressing %s\n", + fw_priv->fw_name); +@@ -559,8 +556,6 @@ fw_get_filesystem_firmware(struct device + continue; + } + } else { +- dev_dbg(device, "direct-loading %s\n", +- fw_priv->fw_name); + if (!fw_priv->data) + fw_priv->data = buffer; + fw_priv->size = size; +@@ -570,6 +565,10 @@ fw_get_filesystem_firmware(struct device + } + __putname(path); + ++ if (rc) ++ dev_err(device, "firmware: failed to load %s (%d)\n", ++ fw_priv->fw_name, rc); ++ + return rc; + } + diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch new file mode 100644 index 000000000..91fd2fb9b --- /dev/null +++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch @@ -0,0 +1,61 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Wed, 13 Apr 2016 21:48:06 +0100 +Subject: fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers +Bug-Debian: https://bugs.debian.org/819725 +Forwarded: https://lore.kernel.org/all/20160517133631.GF7555@decadent.org.uk/ + +This helps initramfs builders and other tools to find the full +dependencies of a module. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] +--- + fs/btrfs/super.c | 2 +- + fs/ext4/super.c | 2 +- + fs/f2fs/super.c | 1 + + fs/jbd2/journal.c | 1 + + fs/nfsd/nfsctl.c | 3 +++ + 5 files changed, 7 insertions(+), 2 deletions(-) + +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -2549,7 +2549,7 @@ + module_exit(exit_btrfs_fs) + + MODULE_LICENSE("GPL"); +-MODULE_SOFTDEP("pre: crc32c"); ++MODULE_SOFTDEP("pre: crypto-crc32c"); + MODULE_SOFTDEP("pre: xxhash64"); + MODULE_SOFTDEP("pre: sha256"); + MODULE_SOFTDEP("pre: blake2b-256"); +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -7420,6 +7420,6 @@ + MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"); + MODULE_DESCRIPTION("Fourth Extended Filesystem"); + MODULE_LICENSE("GPL"); +-MODULE_SOFTDEP("pre: crc32c"); ++MODULE_SOFTDEP("pre: crypto-crc32c"); + module_init(ext4_init_fs) + module_exit(ext4_exit_fs) +--- a/fs/jbd2/journal.c ++++ b/fs/jbd2/journal.c +@@ -3168,6 +3168,7 @@ + } + + MODULE_LICENSE("GPL"); ++MODULE_SOFTDEP("pre: crypto-crc32c"); + module_init(journal_init); + module_exit(journal_exit); + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1629,5 +1629,8 @@ + MODULE_AUTHOR("Olaf Kirch <okir@monad.swb.de>"); + MODULE_DESCRIPTION("In-kernel NFS server"); + MODULE_LICENSE("GPL"); ++#ifdef CONFIG_NFSD_V4 ++MODULE_SOFTDEP("pre: crypto-md5"); ++#endif + module_init(init_nfsd) + module_exit(exit_nfsd) diff --git a/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch b/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch new file mode 100644 index 000000000..8f9c21f56 --- /dev/null +++ b/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: kbuild: Fix recordmcount dependency for OOT modules +Date: Mon, 08 Sep 2014 18:31:24 +0100 +Forwarded: no + +We never rebuild anything in-tree when building an out-of-tree +modules, so external modules should not depend on the recordmcount +sources. + +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -210,6 +210,11 @@ cmd_record_mcount = $(if $(findstring $( + $(sub_cmd_record_mcount)) + endif # CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT + ++# Don't require recordmcount source for an OOT build. ++ifdef KBUILD_EXTMOD ++recordmcount_source := ++endif ++ + # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory + # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file + # 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file diff --git a/debian/patches/bugfix/all/libapi-define-_fortify_source-as-2-not-empty.patch b/debian/patches/bugfix/all/libapi-define-_fortify_source-as-2-not-empty.patch new file mode 100644 index 000000000..0412b83aa --- /dev/null +++ b/debian/patches/bugfix/all/libapi-define-_fortify_source-as-2-not-empty.patch @@ -0,0 +1,18 @@ +From: Ben Hutchings <benh@debian.org> +Date: Sat, 15 Jan 2022 22:30:49 +0100 +Subject: libapi: Define _FORTIFY_SOURCE as 2, not empty +Forwarded: https://lore.kernel.org/lkml/20230424102049.58338-1-ukleinek@debian.org/ + +Signed-off-by: Ben Hutchings <benh@debian.org> +--- +--- a/tools/lib/api/Makefile ++++ b/tools/lib/api/Makefile +@@ -29,7 +29,7 @@ endif + endif + + ifeq ($(DEBUG),0) +- CFLAGS += -D_FORTIFY_SOURCE ++ CFLAGS += -D_FORTIFY_SOURCE=2 + endif + + # Treat warnings as errors unless directed not to diff --git a/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch new file mode 100644 index 000000000..8e0a7ee76 --- /dev/null +++ b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 02 Dec 2016 23:06:18 +0000 +Subject: module: Disable matching missing version CRC +Forwarded: not-needed + +This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061. +We want to fail closed if a symbol version CRC is missing, as the +alternative may allow subverting module signing. +--- +--- a/kernel/module/version.c ++++ b/kernel/module/version.c +@@ -46,9 +46,8 @@ int check_version(const struct load_info + goto bad_version; + } + +- /* Broken toolchain. Warn once, then let it go.. */ +- pr_warn_once("%s: no symbol version for %s\n", info->name, symname); +- return 1; ++ pr_warn("%s: no symbol version for %s\n", info->name, symname); ++ return 0; + + bad_version: + pr_warn("%s: disagrees about version of symbol %s\n", info->name, symname); diff --git a/debian/patches/bugfix/all/perf-tools-support-extra-cxxflags.patch b/debian/patches/bugfix/all/perf-tools-support-extra-cxxflags.patch new file mode 100644 index 000000000..a3169e381 --- /dev/null +++ b/debian/patches/bugfix/all/perf-tools-support-extra-cxxflags.patch @@ -0,0 +1,30 @@ +From: Ben Hutchings <benh@debian.org> +Date: Mon, 15 May 2023 15:58:39 +0200 +Subject: perf tools: Support EXTRA_CXXFLAGS + +Add support for an EXTRA_CXXFLAGS variable, used similarly to +EXTRA_CFLAGS. + +Signed-off-by: Ben Hutchings <benh@debian.org> +--- +--- a/tools/perf/Makefile.config ++++ b/tools/perf/Makefile.config +@@ -18,6 +18,7 @@ detected_var = $(shell echo "$(1)=$($(1) + + CFLAGS := $(EXTRA_CFLAGS) $(filter-out -Wnested-externs,$(EXTRA_WARNINGS)) + HOSTCFLAGS := $(filter-out -Wnested-externs,$(EXTRA_WARNINGS)) ++CXXFLAGS := $(EXTRA_CXXFLAGS) + + # Enabled Wthread-safety analysis for clang builds. + ifeq ($(CC_NO_CLANG), 0) +--- a/tools/perf/Makefile.perf ++++ b/tools/perf/Makefile.perf +@@ -33,7 +33,7 @@ include ../scripts/utilities.mak + # + # Define LDFLAGS=-static to build a static binary. + # +-# Define EXTRA_CFLAGS=-m64 or EXTRA_CFLAGS=-m32 as appropriate for cross-builds. ++# Define EXTRA_CFLAGS=-m64 or EXTRA_CFLAGS=-m32 as appropriate for cross-builds, and similarly EXTRA_CXXFLAGS. + # + # Define EXCLUDE_EXTLIBS=-lmylib to exclude libmylib from the auto-generated + # EXTLIBS. diff --git a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch new file mode 100644 index 000000000..9f4d914fe --- /dev/null +++ b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch @@ -0,0 +1,88 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward +Date: Tue, 08 Jan 2013 03:25:52 +0000 +Bug-Debian: https://bugs.debian.org/607194 +Bug-Debian: https://bugs.debian.org/607471 +Bug-Debian: https://bugs.debian.org/610851 +Bug-Debian: https://bugs.debian.org/627497 +Bug-Debian: https://bugs.debian.org/632212 +Bug-Debian: https://bugs.debian.org/637943 +Bug-Debian: https://bugs.debian.org/649448 +Bug-Debian: https://bugs.debian.org/697229 +Bug-Debian: https://bugs.debian.org/1053764 +Forwarded: no +Last-Update: 2023-11-08 + +radeon requires firmware/microcode for the GPU in all chips, but for +newer chips (apparently R600 'Evergreen' onward) it also expects +firmware for the memory controller and other sub-blocks. + +radeon attempts to gracefully fall back and disable some features if +the firmware is not available, but becomes unstable - the framebuffer +and/or system memory may be corrupted, or the display may stay black. + +Therefore, perform a basic check for the existence of +/lib/firmware/radeon when a device is probed, and abort if it +is missing, except for the pre-R600 case. + +Update 2023-11-08: +In bug 1053764 Mario Limonciello <mario.limonciello@amd.com> states +that the patch isn't needed anymore for amdgpu, so remove that part +of the patch +--- + drivers/gpu/drm/radeon/radeon_drv.c | 30 +++++++++++++++++++++++++ + 1 files changed, 30 insertions(+) + +--- a/drivers/gpu/drm/radeon/radeon_drv.c ++++ b/drivers/gpu/drm/radeon/radeon_drv.c +@@ -32,6 +32,8 @@ + + #include <linux/compat.h> + #include <linux/module.h> ++#include <linux/namei.h> ++#include <linux/path.h> + #include <linux/pm_runtime.h> + #include <linux/vga_switcheroo.h> + #include <linux/mmu_notifier.h> +@@ -255,6 +257,28 @@ MODULE_DEVICE_TABLE(pci, pciidlist); + + static const struct drm_driver kms_driver; + ++/* Test that /lib/firmware/radeon is a directory (or symlink to a ++ * directory). We could try to match the udev search path, but let's ++ * keep it simple. ++ */ ++static bool radeon_firmware_installed(void) ++{ ++#if IS_BUILTIN(CONFIG_DRM_RADEON) ++ /* It may be too early to tell. Assume it's there. */ ++ return true; ++#else ++ struct path path; ++ ++ if (kern_path("/lib/firmware/radeon", LOOKUP_DIRECTORY | LOOKUP_FOLLOW, ++ &path) == 0) { ++ path_put(&path); ++ return true; ++ } ++ ++ return false; ++#endif ++} ++ + static int radeon_pci_probe(struct pci_dev *pdev, + const struct pci_device_id *ent) + { +@@ -295,6 +319,12 @@ static int radeon_pci_probe(struct pci_d + if (vga_switcheroo_client_probe_defer(pdev)) + return -EPROBE_DEFER; + ++ if ((ent->driver_data & RADEON_FAMILY_MASK) >= CHIP_R600 && ++ !radeon_firmware_installed()) { ++ DRM_ERROR("radeon kernel modesetting for R600 or later requires firmware installed\n"); ++ return -ENODEV; ++ } ++ + /* Get rid of things like offb */ + ret = drm_aperture_remove_conflicting_pci_framebuffers(pdev, &kms_driver); + if (ret) diff --git a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch new file mode 100644 index 000000000..3818dbb17 --- /dev/null +++ b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sun, 21 Feb 2016 15:33:15 +0000 +Subject: tools/build: Remove bpf() run-time check at build time +Forwarded: no + +It is not correct to test that a syscall works on the build system's +kernel. We might be building on an earlier kernel version or with +security restrictions that block bpf(). + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- +--- a/tools/build/feature/test-bpf.c ++++ b/tools/build/feature/test-bpf.c +@@ -35,8 +35,10 @@ int main(void) + attr.prog_flags = 0; + + /* +- * Test existence of __NR_bpf and BPF_PROG_LOAD. +- * This call should fail if we run the testcase. ++ * bwh: Don't use the bpf() syscall as we might be building on a ++ * much older kernel. Do "use" the attr structure here to avoid ++ * a "set but not used" warning. + */ +- return syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr)); ++ (void)&attr; ++ return 0; + } diff --git a/debian/patches/bugfix/all/tools-perf-fix-missing-ldflags-for-some-programs.patch b/debian/patches/bugfix/all/tools-perf-fix-missing-ldflags-for-some-programs.patch new file mode 100644 index 000000000..2d8f29d25 --- /dev/null +++ b/debian/patches/bugfix/all/tools-perf-fix-missing-ldflags-for-some-programs.patch @@ -0,0 +1,17 @@ +From: Ben Hutchings <benh@debian.org> +Date: Sat, 15 Jan 2022 22:59:11 +0100 +Subject: tools/perf: Fix missing LDFLAGS for some programs + +Signed-off-by: Ben Hutchings <benh@debian.org> +--- +--- a/tools/perf/Makefile.perf ++++ b/tools/perf/Makefile.perf +@@ -785,7 +785,7 @@ $(OUTPUT)dlfilters/%.o: dlfilters/%.c in + .SECONDARY: $(DLFILTERS:.so=.o) + + $(OUTPUT)dlfilters/%.so: $(OUTPUT)dlfilters/%.o +- $(QUIET_LINK)$(CC) $(EXTRA_CFLAGS) -shared -o $@ $< ++ $(QUIET_LINK)$(CC) $(EXTRA_CFLAGS) $(LDFLAGS) -shared -o $@ $< + + ifndef NO_JVMTI + LIBJVMTI_IN := $(OUTPUT)jvmti/jvmti-in.o diff --git a/debian/patches/bugfix/all/tools-perf-man-date.patch b/debian/patches/bugfix/all/tools-perf-man-date.patch new file mode 100644 index 000000000..1ba6488ca --- /dev/null +++ b/debian/patches/bugfix/all/tools-perf-man-date.patch @@ -0,0 +1,44 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 13 Jul 2015 20:29:20 +0100 +Subject: perf tools: Use $KBUILD_BUILD_TIMESTAMP as man page date +Forwarded: https://lore.kernel.org/all/20160517132809.GE7555@decadent.org.uk/ + +This allows man pages to be built reproducibly. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + tools/perf/Documentation/Makefile | 3 +++ + tools/perf/Documentation/asciidoc.conf | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile +index adc5a7e44b98..2161b2e838b7 100644 +--- a/tools/perf/Documentation/Makefile ++++ b/tools/perf/Documentation/Makefile +@@ -132,6 +132,9 @@ endif + ifdef DOCBOOK_SUPPRESS_SP + XMLTO_EXTRA += -m manpage-suppress-sp.xsl + endif ++ifdef KBUILD_BUILD_TIMESTAMP ++ASCIIDOC_EXTRA += -a revdate=$(shell date -u -d '$(KBUILD_BUILD_TIMESTAMP)' +%Y-%m-%d) ++endif + + SHELL_PATH ?= $(SHELL) + # Shell quote; +diff --git a/tools/perf/Documentation/asciidoc.conf b/tools/perf/Documentation/asciidoc.conf +index 2b62ba1e72b7..82d3060177ba 100644 +--- a/tools/perf/Documentation/asciidoc.conf ++++ b/tools/perf/Documentation/asciidoc.conf +@@ -71,6 +71,9 @@ ifdef::backend-docbook[] + [header] + template::[header-declarations] + <refentry> ++<refentryinfo> ++template::[docinfo] ++</refentryinfo> + ifdef::perf_date[] + <refentryinfo><date>{perf_date}</date></refentryinfo> + endif::perf_date[] +-- +2.23.0 + diff --git a/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch b/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch new file mode 100644 index 000000000..9766e0e4a --- /dev/null +++ b/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch @@ -0,0 +1,39 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 25 Sep 2015 20:09:23 +0100 +Subject: tools/perf: Remove shebang lines from perf scripts +Forwarded: no + +perf scripts need to be invoked through perf, not directly through +perl (or other language interpreter). So including shebang lines in +them is useless and possibly misleading. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- +--- a/tools/perf/scripts/perl/rw-by-file.pl ++++ b/tools/perf/scripts/perl/rw-by-file.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2009, Tom Zanussi <tzanussi@gmail.com> + +--- a/tools/perf/scripts/perl/rw-by-pid.pl ++++ b/tools/perf/scripts/perl/rw-by-pid.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2009, Tom Zanussi <tzanussi@gmail.com> + +--- a/tools/perf/scripts/perl/rwtop.pl ++++ b/tools/perf/scripts/perl/rwtop.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2010, Tom Zanussi <tzanussi@gmail.com> + +--- a/tools/perf/scripts/perl/wakeup-latency.pl ++++ b/tools/perf/scripts/perl/wakeup-latency.pl +@@ -1,4 +1,3 @@ +-#!/usr/bin/perl -w + # SPDX-License-Identifier: GPL-2.0-only + # (c) 2009, Tom Zanussi <tzanussi@gmail.com> + diff --git a/debian/patches/bugfix/all/tools_lib_symbol_use_d_fortify_source_2_for_non_debug_builds.patch b/debian/patches/bugfix/all/tools_lib_symbol_use_d_fortify_source_2_for_non_debug_builds.patch new file mode 100644 index 000000000..966252041 --- /dev/null +++ b/debian/patches/bugfix/all/tools_lib_symbol_use_d_fortify_source_2_for_non_debug_builds.patch @@ -0,0 +1,31 @@ +From: Uwe Kleine-König <ukleinek@debian.org> +Subject: tools lib symbol: Use -D_FORTIFY_SOURCE=2 for non-debug builds +Date: Mon, 24 Apr 2023 12:28:27 +0200 +Forwarded: https://lore.kernel.org/all/20230424102827.58707-1-ukleinek@debian.org/ + +Commit 160be157eaba ("tool lib symbol: Add Makefile/Build") failed to +define _FORTIFY_SOURCE to 2, probabaly this was cut&pasted from other +Makefiles with the same problem. + +Fixes: 160be157eaba ("tool lib symbol: Add Makefile/Build") +Signed-off-by: Uwe Kleine-König <ukleinek@debian.org> +Acked-by: Ian Rogers <irogers@google.com> +--- + tools/lib/symbol/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/lib/symbol/Makefile b/tools/lib/symbol/Makefile +index 13d43c6f92b4..4a08cc4e19f2 100644 +--- a/tools/lib/symbol/Makefile ++++ b/tools/lib/symbol/Makefile +@@ -39,7 +39,7 @@ endif + endif + + ifeq ($(DEBUG),0) +- CFLAGS += -D_FORTIFY_SOURCE ++ CFLAGS += -D_FORTIFY_SOURCE=2 + endif + + # Treat warnings as errors unless directed not to +-- +2.39.2 diff --git a/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch b/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch new file mode 100644 index 000000000..d9d7b301d --- /dev/null +++ b/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sun, 24 Jun 2012 02:51:39 +0100 +Subject: usbip: Document TCP wrappers +Forwarded: no + +Add references to TCP wrappers configuration in the manual page. + +--- a/tools/usb/usbip/doc/usbipd.8 ++++ b/tools/usb/usbip/doc/usbipd.8 +@@ -14,7 +14,8 @@ Devices have to explicitly be exported u + before usbipd makes them available to other hosts. + + The daemon accepts connections from USB/IP clients +-on TCP port 3240 by default. ++on TCP port 3240 by default. The clients authorised to connect may be ++configured as documented in hosts_access(5). + + .SH OPTIONS + .HP +@@ -69,7 +70,8 @@ Show version. + + .B usbipd + offers no authentication or authorization for USB/IP. Any +-USB/IP client can connect and use exported devices. ++USB/IP client running on an authorised host can connect and ++use exported devices. + + .SH EXAMPLES + diff --git a/debian/patches/bugfix/alpha/alpha-fix-missing-symbol-versions-for-str-n-cat-cpy.patch b/debian/patches/bugfix/alpha/alpha-fix-missing-symbol-versions-for-str-n-cat-cpy.patch new file mode 100644 index 000000000..3da69882e --- /dev/null +++ b/debian/patches/bugfix/alpha/alpha-fix-missing-symbol-versions-for-str-n-cat-cpy.patch @@ -0,0 +1,75 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Thu, 5 Jan 2023 17:04:40 +0100 +Subject: alpha: Fix missing symbol versions for str{,n}{cat,cpy} +Origin: https://marc.info/?l=linux-alpha&m=167364720725291&w=2 + +Now that modpost extracts symbol versions from *.cmd files, it can't +find the versions for these 4 symbols. This is due to the way we link +their objects together ahead of the full vmlinux link. genksyms puts +their symbol CRCs in .str{,n}{cat,cpy}.o.cmd, but modpost only reads +the .sty{,n}cpy.o.cmd files. + +Add assembly sources that bring the appropriate routines together with +include directives instead of using the linker for this. + +Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> +Fixes: f292d875d0dc ("modpost: extract symbol versions from *.cmd files") +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + arch/alpha/lib/Makefile | 14 -------------- + arch/alpha/lib/stycpy.S | 8 ++++++++ + arch/alpha/lib/styncpy.S | 8 ++++++++ + 3 files changed, 16 insertions(+), 14 deletions(-) + create mode 100644 arch/alpha/lib/stycpy.S + create mode 100644 arch/alpha/lib/styncpy.S + +diff --git a/arch/alpha/lib/Makefile b/arch/alpha/lib/Makefile +index 1cc74f7b50ef..8f1c32a25a40 100644 +--- a/arch/alpha/lib/Makefile ++++ b/arch/alpha/lib/Makefile +@@ -45,17 +45,3 @@ AFLAGS___remlu.o = -DREM -DINTSIZE + $(addprefix $(obj)/,__divqu.o __remqu.o __divlu.o __remlu.o): \ + $(src)/$(ev6-y)divide.S FORCE + $(call if_changed_rule,as_o_S) +- +-# There are direct branches between {str*cpy,str*cat} and stx*cpy. +-# Ensure the branches are within range by merging these objects. +- +-LDFLAGS_stycpy.o := -r +-LDFLAGS_styncpy.o := -r +- +-$(obj)/stycpy.o: $(obj)/strcpy.o $(obj)/$(ev67-y)strcat.o \ +- $(obj)/$(ev6-y)stxcpy.o FORCE +- $(call if_changed,ld) +- +-$(obj)/styncpy.o: $(obj)/strncpy.o $(obj)/$(ev67-y)strncat.o \ +- $(obj)/$(ev6-y)stxncpy.o FORCE +- $(call if_changed,ld) +diff --git a/arch/alpha/lib/stycpy.S b/arch/alpha/lib/stycpy.S +new file mode 100644 +index 000000000000..b4376834c91f +--- /dev/null ++++ b/arch/alpha/lib/stycpy.S +@@ -0,0 +1,8 @@ ++#include "strcpy.S" ++#ifdef CONFIG_ALPHA_EV6 ++#include "ev6-strcat.S" ++#include "ev6-stxcpy.S" ++#else ++#include "strcat.S" ++#include "stxcpy.S" ++#endif +diff --git a/arch/alpha/lib/styncpy.S b/arch/alpha/lib/styncpy.S +new file mode 100644 +index 000000000000..c393f816ff98 +--- /dev/null ++++ b/arch/alpha/lib/styncpy.S +@@ -0,0 +1,8 @@ ++#include "strncpy.S" ++#ifdef CONFIG_ALPHA_EV6 ++#include "ev6-strncat.S" ++#include "ev6-stxncpy.S" ++#else ++#include "strncat.S" ++#include "stxncpy.S" ++#endif diff --git a/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch b/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch new file mode 100644 index 000000000..52acb9fb5 --- /dev/null +++ b/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch @@ -0,0 +1,35 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 17 Feb 2017 01:30:30 +0000 +Subject: ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419 +Forwarded: https://lore.kernel.org/all/20170218003251.GC4152@decadent.org.uk/ +Bug-Debian: https://bugs.debian.org/855017 + +The old board code for the TS419 assigns MPP pins 15 and 16 as SATA +activity signals (and none as SATA presence signals). Currently the +device tree assigns the SoC's default pinmux groups for SATA, which +conflict with the second Ethernet port. + +Reported-by: gmbh@gazeta.pl +Tested-by: gmbh@gazeta.pl +References: https://bugs.debian.org/855017 +Cc: stable@vger.kernel.org # 3.15+ +Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419") +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + arch/arm/boot/dts/marvell/kirkwood-ts419.dtsi | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/arch/arm/boot/dts/marvell/kirkwood-ts419.dtsi ++++ b/arch/arm/boot/dts/marvell/kirkwood-ts419.dtsi +@@ -69,3 +69,11 @@ + phy-handle = <ðphy1>; + }; + }; ++ ++&pmx_sata0 { ++ marvell,pins = "mpp15"; ++}; ++ ++&pmx_sata1 { ++ marvell,pins = "mpp16"; ++}; diff --git a/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch b/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch new file mode 100644 index 000000000..cd5b36fa1 --- /dev/null +++ b/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch @@ -0,0 +1,31 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Wed, 11 Jul 2018 23:40:55 +0100 +Subject: ARM: mm: Export __sync_icache_dcache() for xen-privcmd +Forwarded: https://lore.kernel.org/all/20180711225013.GF14131@decadent.org.uk/ + +The xen-privcmd driver, which can be modular, calls set_pte_at() +which in turn may call __sync_icache_dcache(). + +The call to __sync_icache_dcache() may be optimised out because it is +conditional on !pte_special(), and xen-privcmd calls pte_mkspecial(). +However, in a non-LPAE configuration there is no "special" bit and the +call is really unconditional. + +Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE") +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + arch/arm/mm/flush.c | 1 + + 1 file changed, 1 insertion(+) + +Index: debian-kernel/arch/arm/mm/flush.c +=================================================================== +--- debian-kernel.orig/arch/arm/mm/flush.c ++++ debian-kernel/arch/arm/mm/flush.c +@@ -292,6 +292,7 @@ void __sync_icache_dcache(pte_t pteval) + if (pte_exec(pteval)) + __flush_icache_all(); + } ++EXPORT_SYMBOL_GPL(__sync_icache_dcache); + #endif + + /* diff --git a/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch b/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch new file mode 100644 index 000000000..7a866fdc3 --- /dev/null +++ b/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch @@ -0,0 +1,92 @@ +From: Geoff Levand <geoff@infradead.org> +Date: Wed, 13 Jun 2018 10:56:08 -0700 +Subject: arm64/acpi: Add fixup for HPE m400 quirks +Forwarded: https://lore.kernel.org/all/51d3d738-cdf5-2992-bba5-c3e1f34096c2@infradead.org/ + +Adds a new ACPI init routine acpi_fixup_m400_quirks that adds +a work-around for HPE ProLiant m400 APEI firmware problems. + +The work-around disables APEI when CONFIG_ACPI_APEI is set and +m400 firmware is detected. Without this fixup m400 systems +experience errors like these on startup: + + [Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 2 + [Hardware Error]: event severity: fatal + [Hardware Error]: Error 0, type: fatal + [Hardware Error]: section_type: memory error + [Hardware Error]: error_status: 0x0000000000001300 + [Hardware Error]: error_type: 10, invalid address + Kernel panic - not syncing: Fatal hardware error! + +Signed-off-by: Geoff Levand <geoff@infradead.org> +[bwh: Adjust context to apply to Linux 4.19] +--- + arch/arm64/kernel/acpi.c | 40 ++++++++++++++++++++++++++++++++++++---- + 1 file changed, 36 insertions(+), 4 deletions(-) + +Index: linux/arch/arm64/kernel/acpi.c +=================================================================== +--- linux.orig/arch/arm64/kernel/acpi.c ++++ linux/arch/arm64/kernel/acpi.c +@@ -32,6 +32,8 @@ + #include <asm/daifflags.h> + #include <asm/smp_plat.h> + ++#include <acpi/apei.h> ++ + int acpi_noirq = 1; /* skip ACPI IRQ initialization */ + int acpi_disabled = 1; + EXPORT_SYMBOL(acpi_disabled); +@@ -178,6 +180,33 @@ out: + } + + /* ++ * acpi_fixup_m400_quirks - Work-around for HPE ProLiant m400 APEI firmware ++ * problems. ++ */ ++static void __init acpi_fixup_m400_quirks(void) ++{ ++ acpi_status status; ++ struct acpi_table_header *header; ++#if !defined(CONFIG_ACPI_APEI) ++ int hest_disable = HEST_DISABLED; ++#endif ++ ++ if (!IS_ENABLED(CONFIG_ACPI_APEI) || hest_disable != HEST_ENABLED) ++ return; ++ ++ status = acpi_get_table(ACPI_SIG_HEST, 0, &header); ++ ++ if (ACPI_SUCCESS(status) && !strncmp(header->oem_id, "HPE ", 6) && ++ !strncmp(header->oem_table_id, "ProLiant", 8) && ++ MIDR_IMPLEMENTOR(read_cpuid_id()) == ARM_CPU_IMP_APM) { ++ hest_disable = HEST_DISABLED; ++ pr_info("Disabled APEI for m400.\n"); ++ } ++ ++ acpi_put_table(header); ++} ++ ++/* + * acpi_boot_table_init() called from setup_arch(), always. + * 1. find RSDP and get its address, and then find XSDT + * 2. extract all tables and checksums them all +@@ -232,11 +261,14 @@ done: + if (acpi_disabled) { + if (earlycon_acpi_spcr_enable) + early_init_dt_scan_chosen_stdout(); +- } else { +- acpi_parse_spcr(earlycon_acpi_spcr_enable, true); +- if (IS_ENABLED(CONFIG_ACPI_BGRT)) +- acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt); ++ return; + } ++ ++ acpi_parse_spcr(earlycon_acpi_spcr_enable, true); ++ if (IS_ENABLED(CONFIG_ACPI_BGRT)) ++ acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt); ++ ++ acpi_fixup_m400_quirks(); + } + + static pgprot_t __acpi_get_writethrough_mem_attribute(void) diff --git a/debian/patches/bugfix/powerpc/fbdev-offb-Update-expected-device-name.patch b/debian/patches/bugfix/powerpc/fbdev-offb-Update-expected-device-name.patch new file mode 100644 index 000000000..d09035691 --- /dev/null +++ b/debian/patches/bugfix/powerpc/fbdev-offb-Update-expected-device-name.patch @@ -0,0 +1,46 @@ +From: Cyril Brulebois <cyril@debamax.com> +Date: Wed, 12 Apr 2023 11:55:08 +0200 +Subject: fbdev/offb: Update expected device name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit?id=27c74ea74be805ccba1bc1a0a03cc79c51dca6ea + +Since commit 241d2fb56a18 ("of: Make OF framebuffer device names unique"), +as spotted by Frédéric Bonnard, the historical "of-display" device is +gone: the updated logic creates "of-display.0" instead, then as many +"of-display.N" as required. + +This means that offb no longer finds the expected device, which prevents +the Debian Installer from setting up its interface, at least on ppc64el. + +It might be better to iterate on all possible nodes, but updating the +hardcoded device from "of-display" to "of-display.0" is confirmed to fix +the Debian Installer at the very least. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=217328 +Link: https://bugs.debian.org/1033058 +Fixes: 241d2fb56a18 ("of: Make OF framebuffer device names unique") +Cc: stable@vger.kernel.org +Signed-off-by: Cyril Brulebois <cyril@debamax.com> +Signed-off-by: Helge Deller <deller@gmx.de> +--- + drivers/video/fbdev/offb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/video/fbdev/offb.c b/drivers/video/fbdev/offb.c +index 0065a77b6dbc8..b5fdef2b74359 100644 +--- a/drivers/video/fbdev/offb.c ++++ b/drivers/video/fbdev/offb.c +@@ -696,7 +696,7 @@ MODULE_DEVICE_TABLE(of, offb_of_match_display); + + static struct platform_driver offb_driver_display = { + .driver = { +- .name = "of-display", ++ .name = "of-display.0", + .of_match_table = offb_of_match_display, + }, + .probe = offb_probe_display, +-- +2.30.2 + diff --git a/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch b/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch new file mode 100644 index 000000000..a00a2a485 --- /dev/null +++ b/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch @@ -0,0 +1,39 @@ +From: Krzysztof Kozlowski <krzk@kernel.org> +Date: Wed, 29 Aug 2018 09:32:23 +0200 +Subject: powerpc/boot: Fix missing crc32poly.h when building with KERNEL_XZ +Origin: https://patchwork.ozlabs.org/patch/963258/ + +After commit faa16bc404d7 ("lib: Use existing define with +polynomial") the lib/xz/xz_crc32.c includes a header from include/linux +directory thus any other user of this code should define proper include +path. + +This fixes the build error on powerpc with CONFIG_KERNEL_XZ: + + In file included from ../arch/powerpc/boot/../../../lib/decompress_unxz.c:233:0, + from ../arch/powerpc/boot/decompress.c:42: + ../arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:29: fatal error: linux/crc32poly.h: No such file or directory + +Reported-by: Michal Kubecek <mkubecek@suse.cz> +Fixes: faa16bc404d7 ("lib: Use existing define with polynomial") +Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> +Reported-by: kbuild test robot <lkp@intel.com> +Reported-by: Meelis Roos <mroos@linux.ee> +Tested-by: Michal Kubecek <mkubecek@suse.cz> +--- + arch/powerpc/boot/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: linux/arch/powerpc/boot/Makefile +=================================================================== +--- linux.orig/arch/powerpc/boot/Makefile ++++ linux/arch/powerpc/boot/Makefile +@@ -70,7 +70,7 @@ BOOTCFLAGS += -fno-stack-protector + endif + + BOOTCFLAGS += -include $(srctree)/include/linux/compiler_attributes.h +-BOOTCFLAGS += -I$(objtree)/$(obj) -I$(srctree)/$(obj) ++BOOTCFLAGS += -I$(objtree)/$(obj) -I$(srctree)/$(obj) -I$(srctree)/include + + DTC_FLAGS ?= -p 1024 + diff --git a/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch b/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch new file mode 100644 index 000000000..31eb2eb5d --- /dev/null +++ b/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch @@ -0,0 +1,95 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 07 Feb 2022 00:00:26 +0100 +Subject: sh: Do not use hyphen in exported variable names + +arch/sh/Makefile defines and exports ld-bfd to be used by +arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile. However +some shells, including dash, will not pass through environment +variables whose name includes a hyphen. Usually GNU make does not use +a shell to recurse, but if e.g. $(srctree) contains '~' it will use a +shell here. + +Rename the variable to ld_bfd. + +(Another instance of this problem was fixed upstream by commit +82977af93a0d "sh: rename suffix-y to suffix_y".) + +References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0 +Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.") +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + arch/sh/Makefile | 10 +++++----- + arch/sh/boot/compressed/Makefile | 4 ++-- + arch/sh/boot/romimage/Makefile | 4 ++-- + 3 files changed, 9 insertions(+), 9 deletions(-) + +Index: linux/arch/sh/Makefile +=================================================================== +--- linux.orig/arch/sh/Makefile ++++ linux/arch/sh/Makefile +@@ -102,16 +102,16 @@ UTS_MACHINE := sh + LDFLAGS_vmlinux += -e _stext + + ifdef CONFIG_CPU_LITTLE_ENDIAN +-ld-bfd := elf32-sh-linux +-LDFLAGS_vmlinux += --defsym jiffies=jiffies_64 --oformat $(ld-bfd) ++ld_bfd := elf32-sh-linux ++LDFLAGS_vmlinux += --defsym jiffies=jiffies_64 --oformat $(ld_bfd) + KBUILD_LDFLAGS += -EL + else +-ld-bfd := elf32-shbig-linux +-LDFLAGS_vmlinux += --defsym jiffies=jiffies_64+4 --oformat $(ld-bfd) ++ld_bfd := elf32-shbig-linux ++LDFLAGS_vmlinux += --defsym jiffies=jiffies_64+4 --oformat $(ld_bfd) + KBUILD_LDFLAGS += -EB + endif + +-export ld-bfd ++export ld_bfd + + # Mach groups + machdir-$(CONFIG_SOLUTION_ENGINE) += mach-se +Index: linux/arch/sh/boot/compressed/Makefile +=================================================================== +--- linux.orig/arch/sh/boot/compressed/Makefile ++++ linux/arch/sh/boot/compressed/Makefile +@@ -36,7 +36,7 @@ endif + + ccflags-remove-$(CONFIG_MCOUNT) += -pg + +-LDFLAGS_vmlinux := --oformat $(ld-bfd) -Ttext $(IMAGE_OFFSET) -e startup \ ++LDFLAGS_vmlinux := --oformat $(ld_bfd) -Ttext $(IMAGE_OFFSET) -e startup \ + -T $(obj)/../../kernel/vmlinux.lds + + KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING +@@ -60,7 +60,7 @@ $(obj)/vmlinux.bin.lzo: $(obj)/vmlinux.b + + OBJCOPYFLAGS += -R .empty_zero_page + +-LDFLAGS_piggy.o := -r --format binary --oformat $(ld-bfd) -T ++LDFLAGS_piggy.o := -r --format binary --oformat $(ld_bfd) -T + + $(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/vmlinux.bin.$(suffix_y) FORCE + $(call if_changed,ld) +Index: linux/arch/sh/boot/romimage/Makefile +=================================================================== +--- linux.orig/arch/sh/boot/romimage/Makefile ++++ linux/arch/sh/boot/romimage/Makefile +@@ -13,7 +13,7 @@ mmcif-obj-$(CONFIG_CPU_SUBTYPE_SH7724) : + load-$(CONFIG_ROMIMAGE_MMCIF) := $(mmcif-load-y) + obj-$(CONFIG_ROMIMAGE_MMCIF) := $(mmcif-obj-y) + +-LDFLAGS_vmlinux := --oformat $(ld-bfd) -Ttext $(load-y) -e romstart \ ++LDFLAGS_vmlinux := --oformat $(ld_bfd) -Ttext $(load-y) -e romstart \ + -T $(obj)/../../kernel/vmlinux.lds + + $(obj)/vmlinux: $(obj)/head.o $(obj-y) $(obj)/piggy.o FORCE +@@ -24,7 +24,7 @@ OBJCOPYFLAGS += -j .empty_zero_page + $(obj)/zeropage.bin: vmlinux FORCE + $(call if_changed,objcopy) + +-LDFLAGS_piggy.o := -r --format binary --oformat $(ld-bfd) -T ++LDFLAGS_piggy.o := -r --format binary --oformat $(ld_bfd) -T + + $(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/zeropage.bin arch/sh/boot/zImage FORCE + $(call if_changed,ld) diff --git a/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch b/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch new file mode 100644 index 000000000..f9baa7bd3 --- /dev/null +++ b/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch @@ -0,0 +1,35 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sat, 22 Jul 2017 17:37:33 +0100 +Subject: perf tools: Fix unwind build on i386 +Forwarded: no + +EINVAL may not be defined when building unwind-libunwind.c with +REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in +LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks +for a negative return value and doesn't care what it is. So change +-EINVAL to -1. + +Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.") +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + +--- a/tools/perf/arch/x86/util/unwind-libunwind.c ++++ b/tools/perf/arch/x86/util/unwind-libunwind.c +@@ -66,7 +66,7 @@ int LIBUNWIND__ARCH_REG_ID(int regnum) + break; + default: + pr_err("unwind: invalid reg id %d\n", regnum); +- return -EINVAL; ++ return -1; + } + + return id; +@@ -106,7 +106,7 @@ int LIBUNWIND__ARCH_REG_ID(int regnum) + break; + default: + pr_err("unwind: invalid reg id %d\n", regnum); +- return -EINVAL; ++ return -1; + } + + return id; diff --git a/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch b/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch new file mode 100644 index 000000000..cfbf98e82 --- /dev/null +++ b/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch @@ -0,0 +1,22 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 25 Sep 2015 22:50:50 +0100 +Subject: Revert "perf build: Fix libunwind feature detection on 32-bit x86" +Forwarded: no + +This reverts commit 05b41775e2edd69a83f592e3534930c934d4038e. +It broke feature detection that was working just fine for us. +--- + tools/perf/Makefile.config | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/Makefile.config ++++ b/tools/perf/Makefile.config +@@ -38,7 +38,7 @@ ifeq ($(SRCARCH),x86) + LIBUNWIND_LIBS = -lunwind-x86_64 -lunwind -llzma + $(call detected,CONFIG_X86_64) + else +- LIBUNWIND_LIBS = -lunwind-x86 -llzma -lunwind ++ LIBUNWIND_LIBS = -lunwind -lunwind-x86 + endif + NO_PERF_REGS := 0 + endif diff --git a/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch b/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch new file mode 100644 index 000000000..62b4eb7de --- /dev/null +++ b/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch @@ -0,0 +1,34 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sat, 20 Apr 2013 15:52:02 +0100 +Subject: viafb: Autoload on OLPC XO 1.5 only +Bug-Debian: https://bugs.debian.org/705788 +Forwarded: no + +It appears that viafb won't work automatically on all the boards for +which it has a PCI device ID match. Currently, it is blacklisted by +udev along with most other framebuffer drivers, so this doesn't matter +much. + +However, this driver is required for console support on the XO 1.5. +We need to allow it to be autoloaded on this model only, and then +un-blacklist it in udev. + +--- +--- a/drivers/video/fbdev/via/via-core.c ++++ b/drivers/video/fbdev/via/via-core.c +@@ -695,7 +695,14 @@ static const struct pci_device_id via_pc + .driver_data = UNICHROME_VX900 }, + { } + }; +-MODULE_DEVICE_TABLE(pci, via_pci_table); ++ ++static const struct pci_device_id via_pci_autoload_table[] __initconst = { ++ /* OLPC XO 1.5 */ ++ { PCI_DEVICE(PCI_VENDOR_ID_VIA, UNICHROME_VX855_DID), ++ .subvendor = 0x152d, .subdevice = 0x0833 }, ++ { } ++}; ++MODULE_DEVICE_TABLE(pci, via_pci_autoload_table); + + static const struct dev_pm_ops via_pm_ops = { + #ifdef CONFIG_PM_SLEEP diff --git a/debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch b/debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch new file mode 100644 index 000000000..7bfaf99b4 --- /dev/null +++ b/debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch @@ -0,0 +1,295 @@ +From 4f86519c560fd00b2ab58721cf2943e07107437d Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso <carnil@debian.org> +Date: Sun, 4 Feb 2024 21:02:11 +0100 +Subject: [PATCH 2/2] Revert "docs: kernel_feat.py: fix potential command + injection" + +This reverts commit e961f8c6966abbd486ff87549e29e53f3c69b685. +--- + Documentation/admin-guide/features.rst | 2 +- + Documentation/arch/arc/features.rst | 2 +- + Documentation/arch/arm/features.rst | 2 +- + Documentation/arch/arm64/features.rst | 2 +- + Documentation/arch/loongarch/features.rst | 2 +- + Documentation/arch/m68k/features.rst | 2 +- + Documentation/arch/mips/features.rst | 2 +- + Documentation/arch/nios2/features.rst | 2 +- + Documentation/arch/openrisc/features.rst | 2 +- + Documentation/arch/parisc/features.rst | 2 +- + Documentation/arch/s390/features.rst | 2 +- + Documentation/arch/sh/features.rst | 2 +- + Documentation/arch/sparc/features.rst | 2 +- + Documentation/arch/x86/features.rst | 2 +- + Documentation/arch/xtensa/features.rst | 2 +- + Documentation/powerpc/features.rst | 2 +- + Documentation/riscv/features.rst | 2 +- + Documentation/sphinx/kernel_feat.py | 55 +++++++++++++++---- + .../zh_CN/arch/loongarch/features.rst | 2 +- + .../translations/zh_CN/arch/mips/features.rst | 2 +- + 20 files changed, 63 insertions(+), 30 deletions(-) + +diff --git a/Documentation/admin-guide/features.rst b/Documentation/admin-guide/features.rst +index 7651eca38227..8c167082a84f 100644 +--- a/Documentation/admin-guide/features.rst ++++ b/Documentation/admin-guide/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features ++.. kernel-feat:: $srctree/Documentation/features +diff --git a/Documentation/arch/arc/features.rst b/Documentation/arch/arc/features.rst +index 49ff446ff744..b793583d688a 100644 +--- a/Documentation/arch/arc/features.rst ++++ b/Documentation/arch/arc/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features arc ++.. kernel-feat:: $srctree/Documentation/features arc +diff --git a/Documentation/arch/arm/features.rst b/Documentation/arch/arm/features.rst +index 0e76aaf68eca..7414ec03dd15 100644 +--- a/Documentation/arch/arm/features.rst ++++ b/Documentation/arch/arm/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features arm ++.. kernel-feat:: $srctree/Documentation/features arm +diff --git a/Documentation/arch/arm64/features.rst b/Documentation/arch/arm64/features.rst +index 03321f4309d0..dfa4cb3cd3ef 100644 +--- a/Documentation/arch/arm64/features.rst ++++ b/Documentation/arch/arm64/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features arm64 ++.. kernel-feat:: $srctree/Documentation/features arm64 +diff --git a/Documentation/arch/loongarch/features.rst b/Documentation/arch/loongarch/features.rst +index 009f44c7951f..ebacade3ea45 100644 +--- a/Documentation/arch/loongarch/features.rst ++++ b/Documentation/arch/loongarch/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features loongarch ++.. kernel-feat:: $srctree/Documentation/features loongarch +diff --git a/Documentation/arch/m68k/features.rst b/Documentation/arch/m68k/features.rst +index de7f0ccf7fc8..5107a2119472 100644 +--- a/Documentation/arch/m68k/features.rst ++++ b/Documentation/arch/m68k/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features m68k ++.. kernel-feat:: $srctree/Documentation/features m68k +diff --git a/Documentation/arch/mips/features.rst b/Documentation/arch/mips/features.rst +index 6e0ffe3e7354..1973d729b29a 100644 +--- a/Documentation/arch/mips/features.rst ++++ b/Documentation/arch/mips/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features mips ++.. kernel-feat:: $srctree/Documentation/features mips +diff --git a/Documentation/arch/nios2/features.rst b/Documentation/arch/nios2/features.rst +index 89913810ccb5..8449e63f69b2 100644 +--- a/Documentation/arch/nios2/features.rst ++++ b/Documentation/arch/nios2/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features nios2 ++.. kernel-feat:: $srctree/Documentation/features nios2 +diff --git a/Documentation/arch/openrisc/features.rst b/Documentation/arch/openrisc/features.rst +index bae2e25adfd6..3f7c40d219f2 100644 +--- a/Documentation/arch/openrisc/features.rst ++++ b/Documentation/arch/openrisc/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features openrisc ++.. kernel-feat:: $srctree/Documentation/features openrisc +diff --git a/Documentation/arch/parisc/features.rst b/Documentation/arch/parisc/features.rst +index b3aa4d243b93..501d7c450037 100644 +--- a/Documentation/arch/parisc/features.rst ++++ b/Documentation/arch/parisc/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features parisc ++.. kernel-feat:: $srctree/Documentation/features parisc +diff --git a/Documentation/arch/s390/features.rst b/Documentation/arch/s390/features.rst +index 2883dc950681..57c296a9d8f3 100644 +--- a/Documentation/arch/s390/features.rst ++++ b/Documentation/arch/s390/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features s390 ++.. kernel-feat:: $srctree/Documentation/features s390 +diff --git a/Documentation/arch/sh/features.rst b/Documentation/arch/sh/features.rst +index fae48fe81e9b..f722af3b6c99 100644 +--- a/Documentation/arch/sh/features.rst ++++ b/Documentation/arch/sh/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features sh ++.. kernel-feat:: $srctree/Documentation/features sh +diff --git a/Documentation/arch/sparc/features.rst b/Documentation/arch/sparc/features.rst +index 96835b6d598a..c0c92468b0fe 100644 +--- a/Documentation/arch/sparc/features.rst ++++ b/Documentation/arch/sparc/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features sparc ++.. kernel-feat:: $srctree/Documentation/features sparc +diff --git a/Documentation/arch/x86/features.rst b/Documentation/arch/x86/features.rst +index a33616346a38..b663f15053ce 100644 +--- a/Documentation/arch/x86/features.rst ++++ b/Documentation/arch/x86/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features x86 ++.. kernel-feat:: $srctree/Documentation/features x86 +diff --git a/Documentation/arch/xtensa/features.rst b/Documentation/arch/xtensa/features.rst +index 28dcce1759be..6b92c7bfa19d 100644 +--- a/Documentation/arch/xtensa/features.rst ++++ b/Documentation/arch/xtensa/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features xtensa ++.. kernel-feat:: $srctree/Documentation/features xtensa +diff --git a/Documentation/powerpc/features.rst b/Documentation/powerpc/features.rst +index ee4b95e04202..aeae73df86b0 100644 +--- a/Documentation/powerpc/features.rst ++++ b/Documentation/powerpc/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features powerpc ++.. kernel-feat:: $srctree/Documentation/features powerpc +diff --git a/Documentation/riscv/features.rst b/Documentation/riscv/features.rst +index 36e90144adab..c70ef6ac2368 100644 +--- a/Documentation/riscv/features.rst ++++ b/Documentation/riscv/features.rst +@@ -1,3 +1,3 @@ + .. SPDX-License-Identifier: GPL-2.0 + +-.. kernel-feat:: features riscv ++.. kernel-feat:: $srctree/Documentation/features riscv +diff --git a/Documentation/sphinx/kernel_feat.py b/Documentation/sphinx/kernel_feat.py +index bdfaa3e4b202..27b701ed3681 100644 +--- a/Documentation/sphinx/kernel_feat.py ++++ b/Documentation/sphinx/kernel_feat.py +@@ -37,6 +37,8 @@ import re + import subprocess + import sys + ++from os import path ++ + from docutils import nodes, statemachine + from docutils.statemachine import ViewList + from docutils.parsers.rst import directives, Directive +@@ -74,26 +76,33 @@ class KernelFeat(Directive): + self.state.document.settings.env.app.warn(message, prefix="") + + def run(self): ++ + doc = self.state.document + if not doc.settings.file_insertion_enabled: + raise self.warning("docutils: file insertion disabled") + + env = doc.settings.env ++ cwd = path.dirname(doc.current_source) ++ cmd = "get_feat.pl rest --enable-fname --dir " ++ cmd += self.arguments[0] ++ ++ if len(self.arguments) > 1: ++ cmd += " --arch " + self.arguments[1] + +- srctree = os.path.abspath(os.environ["srctree"]) ++ srctree = path.abspath(os.environ["srctree"]) + +- args = [ +- os.path.join(srctree, 'scripts/get_feat.pl'), +- 'rest', +- '--enable-fname', +- '--dir', +- os.path.join(srctree, 'Documentation', self.arguments[0]), +- ] ++ fname = cmd + +- if len(self.arguments) > 1: +- args.extend(['--arch', self.arguments[1]]) ++ # extend PATH with $(srctree)/scripts ++ path_env = os.pathsep.join([ ++ srctree + os.sep + "scripts", ++ os.environ["PATH"] ++ ]) ++ shell_env = os.environ.copy() ++ shell_env["PATH"] = path_env ++ shell_env["srctree"] = srctree + +- lines = subprocess.check_output(args, cwd=os.path.dirname(doc.current_source)).decode('utf-8') ++ lines = self.runCmd(cmd, shell=True, cwd=cwd, env=shell_env) + + line_regex = re.compile("^\.\. FILE (\S+)$") + +@@ -112,6 +121,30 @@ class KernelFeat(Directive): + nodeList = self.nestedParse(out_lines, fname) + return nodeList + ++ def runCmd(self, cmd, **kwargs): ++ u"""Run command ``cmd`` and return its stdout as unicode.""" ++ ++ try: ++ proc = subprocess.Popen( ++ cmd ++ , stdout = subprocess.PIPE ++ , stderr = subprocess.PIPE ++ , **kwargs ++ ) ++ out, err = proc.communicate() ++ ++ out, err = codecs.decode(out, 'utf-8'), codecs.decode(err, 'utf-8') ++ ++ if proc.returncode != 0: ++ raise self.severe( ++ u"command '%s' failed with return code %d" ++ % (cmd, proc.returncode) ++ ) ++ except OSError as exc: ++ raise self.severe(u"problems with '%s' directive: %s." ++ % (self.name, ErrorString(exc))) ++ return out ++ + def nestedParse(self, lines, fname): + content = ViewList() + node = nodes.section() +diff --git a/Documentation/translations/zh_CN/arch/loongarch/features.rst b/Documentation/translations/zh_CN/arch/loongarch/features.rst +index cec38dda8298..82bfac180bdc 100644 +--- a/Documentation/translations/zh_CN/arch/loongarch/features.rst ++++ b/Documentation/translations/zh_CN/arch/loongarch/features.rst +@@ -5,4 +5,4 @@ + :Original: Documentation/arch/loongarch/features.rst + :Translator: Huacai Chen <chenhuacai@loongson.cn> + +-.. kernel-feat:: features loongarch ++.. kernel-feat:: $srctree/Documentation/features loongarch +diff --git a/Documentation/translations/zh_CN/arch/mips/features.rst b/Documentation/translations/zh_CN/arch/mips/features.rst +index 0d6df97db069..da1b956e4a40 100644 +--- a/Documentation/translations/zh_CN/arch/mips/features.rst ++++ b/Documentation/translations/zh_CN/arch/mips/features.rst +@@ -10,4 +10,4 @@ + + .. _cn_features: + +-.. kernel-feat:: features mips ++.. kernel-feat:: $srctree/Documentation/features mips +-- +2.43.0 + diff --git a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch new file mode 100644 index 000000000..205510d6b --- /dev/null +++ b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch @@ -0,0 +1,101 @@ +From: Serge Hallyn <serge.hallyn@canonical.com> +Date: Fri, 31 May 2013 19:12:12 +0000 (+0100) +Subject: add sysctl to disallow unprivileged CLONE_NEWUSER by default +Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8 + +add sysctl to disallow unprivileged CLONE_NEWUSER by default + +This is a short-term patch. Unprivileged use of CLONE_NEWUSER +is certainly an intended feature of user namespaces. However +for at least saucy we want to make sure that, if any security +issues are found, we have a fail-safe. + +Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> +[bwh: Remove unneeded binary sysctl bits] +[bwh: Keep this sysctl, but change the default to enabled] +--- +Index: linux/kernel/fork.c +=================================================================== +--- linux.orig/kernel/fork.c ++++ linux/kernel/fork.c +@@ -108,6 +108,11 @@ + + #define CREATE_TRACE_POINTS + #include <trace/events/task.h> ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#else ++#define unprivileged_userns_clone 0 ++#endif + + /* + * Minimum number of threads to boot the kernel +@@ -2008,6 +2013,10 @@ static __latent_entropy struct task_stru + if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) + return ERR_PTR(-EINVAL); + ++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) ++ if (!capable(CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ + /* + * Thread groups must share signals as well, and detached threads + * can only be started up within the thread group. +@@ -3166,6 +3175,12 @@ int ksys_unshare(unsigned long unshare_f + if (unshare_flags & CLONE_NEWNS) + unshare_flags |= CLONE_FS; + ++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { ++ err = -EPERM; ++ if (!capable(CAP_SYS_ADMIN)) ++ goto bad_unshare_out; ++ } ++ + err = check_unshare_flags(unshare_flags); + if (err) + goto bad_unshare_out; +Index: linux/kernel/sysctl.c +=================================================================== +--- linux.orig/kernel/sysctl.c ++++ linux/kernel/sysctl.c +@@ -136,6 +136,10 @@ static enum sysctl_writes_mode sysctl_wr + int sysctl_legacy_va_layout; + #endif + ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#endif ++ + #endif /* CONFIG_SYSCTL */ + + /* +@@ -1659,6 +1663,15 @@ static struct ctl_table kern_table[] = { + .mode = 0644, + .proc_handler = proc_dointvec, + }, ++#ifdef CONFIG_USER_NS ++ { ++ .procname = "unprivileged_userns_clone", ++ .data = &unprivileged_userns_clone, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, ++ }, ++#endif + #ifdef CONFIG_PROC_SYSCTL + { + .procname = "tainted", +Index: linux/kernel/user_namespace.c +=================================================================== +--- linux.orig/kernel/user_namespace.c ++++ linux/kernel/user_namespace.c +@@ -22,6 +22,9 @@ + #include <linux/bsearch.h> + #include <linux/sort.h> + ++/* sysctl */ ++int unprivileged_userns_clone = 1; ++ + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); + diff --git a/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch b/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch new file mode 100644 index 000000000..3b33f845a --- /dev/null +++ b/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 19 Nov 2010 02:12:48 +0000 +Subject: [PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +Recent review has revealed several bugs in obscure protocol +implementations that can be exploited by local users for denial of +service or privilege escalation. We can mitigate the effect of any +remaining vulnerabilities in such protocols by preventing unprivileged +users from loading the modules, so that they are only exploitable on +systems where the administrator has chosen to load the protocol. + +The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was +not present in the 'lenny' kernel, and seems to receive only sporadic +maintenance. Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + net/ieee802154/socket.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +--- a/net/ieee802154/socket.c ++++ b/net/ieee802154/socket.c +@@ -1122,4 +1122,4 @@ module_init(af_ieee802154_init); + module_exit(af_ieee802154_remove); + + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_IEEE802154); ++/* MODULE_ALIAS_NETPROTO(PF_IEEE802154); */ diff --git a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch new file mode 100644 index 000000000..8a565c6c0 --- /dev/null +++ b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch @@ -0,0 +1,62 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 22 Jun 2018 17:27:00 +0100 +Subject: android: Enable building ashmem and binder as modules +Bug-Debian: https://bugs.debian.org/901492 + +We want to enable use of the Android ashmem and binder drivers to +support Anbox, but they should not be built-in as that would waste +resources and increase security attack surface on systems that don't +need them. + +- Add a MODULE_LICENSE declaration to ashmem +- Change the Makefiles to build each driver as an object with the + "_linux" suffix (which is what Anbox expects) +- Change config symbol types to tristate + +Update: +In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem +driver was removed entirely. Secondary commit message: +"The mainline replacement for ashmem is memfd, so remove the legacy +code from drivers/staging/" +Consequently, the ashmem part of this patch has been removed. +--- + drivers/android/Kconfig | 2 +- + drivers/android/Makefile | 7 ++++--- + drivers/android/binder_alloc.c | 2 +- + 3 files changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/android/Kconfig ++++ b/drivers/android/Kconfig +@@ -2,7 +2,7 @@ + menu "Android" + + config ANDROID_BINDER_IPC +- bool "Android Binder IPC Driver" ++ tristate "Android Binder IPC Driver" + depends on MMU + default n + help +--- a/drivers/android/Makefile ++++ b/drivers/android/Makefile +@@ -1,6 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0-only + ccflags-y += -I$(src) # needed for trace events + +-obj-$(CONFIG_ANDROID_BINDERFS) += binderfs.o +-obj-$(CONFIG_ANDROID_BINDER_IPC) += binder.o binder_alloc.o +-obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o ++obj-$(CONFIG_ANDROID_BINDER_IPC) += binder_linux.o ++binder_linux-y := binder.o binder_alloc.o ++binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o ++binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o +--- a/drivers/android/binder_alloc.c ++++ b/drivers/android/binder_alloc.c +@@ -38,7 +38,7 @@ enum { + }; + static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR; + +-module_param_named(debug_mask, binder_alloc_debug_mask, ++module_param_named(alloc_debug_mask, binder_alloc_debug_mask, + uint, 0644); + + #define binder_alloc_debug(mask, x...) \ diff --git a/debian/patches/debian/arch-sh4-fix-uimage-build.patch b/debian/patches/debian/arch-sh4-fix-uimage-build.patch new file mode 100644 index 000000000..89e626b6b --- /dev/null +++ b/debian/patches/debian/arch-sh4-fix-uimage-build.patch @@ -0,0 +1,26 @@ +From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> +Subject: [sh4] Fix uImage build +Bug-Debian: https://bugs.debian.org/569034 +Forwarded: not-needed + +[bwh: This was added without a description, but I think it is done + only to avoid a build-dependency on u-boot-tools.] +--- + arch/sh/Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/sh/Makefile b/arch/sh/Makefile +index da9cf952f33c..974bbd9dcfcf 100644 +--- a/arch/sh/Makefile ++++ b/arch/sh/Makefile +@@ -85,7 +85,6 @@ OBJCOPYFLAGS := -O binary -R .note -R .note.gnu.build-id -R .comment \ + + # Give the various platforms the opportunity to set default image types + defaultimage-y := zImage +-defaultimage-$(CONFIG_SH_SH7785LCR) := uImage + defaultimage-$(CONFIG_SH_RSK) := uImage + defaultimage-$(CONFIG_SH_URQUELL) := uImage + defaultimage-$(CONFIG_SH_MIGOR) := uImage +-- +2.27.0 + diff --git a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch new file mode 100644 index 000000000..abc4cc2bd --- /dev/null +++ b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch @@ -0,0 +1,37 @@ +From: Adam Borowski <kilobyte@angband.pl> +Date: Tue, 28 Mar 2017 16:55:05 +0200 +Subject: btrfs: warn about RAID5/6 being experimental at mount time +Bug-Debian: https://bugs.debian.org/863290 +Origin: https://bugs.debian.org/863290#5 + +Too many people come complaining about losing their data -- and indeed, +there's no warning outside a wiki and the mailing list tribal knowledge. +Message severity chosen for consistency with XFS -- "alert" makes dmesg +produce nice red background which should get the point across. + +Signed-off-by: Adam Borowski <kilobyte@angband.pl> +[bwh: Also add_taint() so this is flagged in bug reports] +[2023-01-10: still accurate according to btrfs-progs own manpage: +https://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git/commit/?id=922797e15590b836e377d6dc47b828356cafc2a9] +--- + fs/btrfs/disk-io.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -3832,6 +3832,15 @@ int __cold open_ctree(struct super_block *sb, + btrfs_set_and_info(fs_info, SSD, "enabling ssd optimizations"); + } + ++ if ((fs_info->avail_data_alloc_bits | ++ fs_info->avail_metadata_alloc_bits | ++ fs_info->avail_system_alloc_bits) & ++ BTRFS_BLOCK_GROUP_RAID56_MASK) { ++ btrfs_alert(fs_info, ++ "btrfs RAID5/6 is EXPERIMENTAL and has known data-loss bugs"); ++ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); ++ } ++ + /* + * For devices supporting discard turn on discard=async automatically, + * unless it's already set or disabled. This could be turned off by diff --git a/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch b/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch new file mode 100644 index 000000000..70b446860 --- /dev/null +++ b/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: cdc_ncm,cdc_mbim: Use NCM by default +Date: Sun, 31 Mar 2013 03:58:04 +0100 +Forwarded: not-needed + +Devices that support both NCM and MBIM modes should be kept in NCM +mode unless there is userland support for MBIM. + +Set the default value of cdc_ncm.prefer_mbim to false and leave it to +userland (modem-manager) to override this with a modprobe.conf file +once it's ready to speak MBIM. + +--- +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -53,11 +53,7 @@ + #include <linux/usb/cdc.h> + #include <linux/usb/cdc_ncm.h> + +-#if IS_ENABLED(CONFIG_USB_NET_CDC_MBIM) +-static bool prefer_mbim = true; +-#else + static bool prefer_mbim; +-#endif + module_param(prefer_mbim, bool, 0644); + MODULE_PARM_DESC(prefer_mbim, "Prefer MBIM setting on dual NCM/MBIM functions"); + diff --git a/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch new file mode 100644 index 000000000..83583184e --- /dev/null +++ b/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch @@ -0,0 +1,41 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Thu, 16 Feb 2017 19:09:17 +0000 +Subject: dccp: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +We can mitigate the effect of vulnerabilities in obscure protocols by +preventing unprivileged users from loading the modules, so that they +are only exploitable on systems where the administrator has chosen to +load the protocol. + +The 'dccp' protocol is not actively maintained or widely used. +Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- +--- a/net/dccp/ipv4.c ++++ b/net/dccp/ipv4.c +@@ -1071,8 +1071,8 @@ module_exit(dccp_v4_exit); + * values directly, Also cover the case where the protocol is not specified, + * i.e. net-pf-PF_INET-proto-0-type-SOCK_DCCP + */ +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6); +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6); ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6); */ ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6); */ + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>"); + MODULE_DESCRIPTION("DCCP - Datagram Congestion Controlled Protocol"); +--- a/net/dccp/ipv6.c ++++ b/net/dccp/ipv6.c +@@ -1125,8 +1125,8 @@ module_exit(dccp_v6_exit); + * values directly, Also cover the case where the protocol is not specified, + * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP + */ +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); +-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); */ ++/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); */ + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>"); + MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol"); diff --git a/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch b/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch new file mode 100644 index 000000000..0e5176908 --- /dev/null +++ b/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 13 Apr 2009 17:34:00 +0100 +Subject: Remove microcode patches for mgsuvd (not enabled in Debian configs) +Forwarded: not-needed + +diff --git a/arch/powerpc/platforms/8xx/Kconfig b/arch/powerpc/platforms/8xx/Kconfig +index 48a920a..81570b6 100644 +--- a/arch/powerpc/platforms/8xx/Kconfig ++++ b/arch/powerpc/platforms/8xx/Kconfig +@@ -160,16 +160,19 @@ config NO_UCODE_PATCH + + config USB_SOF_UCODE_PATCH + bool "USB SOF patch" ++ depends on BROKEN + help + Help not implemented yet, coming soon. + + config I2C_SPI_UCODE_PATCH + bool "I2C/SPI relocation patch" ++ depends on BROKEN + help + Help not implemented yet, coming soon. + + config I2C_SPI_SMC1_UCODE_PATCH + bool "I2C/SPI/SMC1 relocation patch" ++ depends on BROKEN + help + Help not implemented yet, coming soon. + diff --git a/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch b/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch new file mode 100644 index 000000000..840cf24d7 --- /dev/null +++ b/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch @@ -0,0 +1,18 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sat, 24 Aug 2019 19:00:41 +0100 +Subject: Documentation: Fix broken link to CIPSO draft +Forwarded: not-needed + +We exclude the CIPSO draft text as its licence is not DFSG compliant. +Link to the IETF's online version instead. + +--- +--- a/Documentation/netlabel/draft_ietf.rst ++++ b/Documentation/netlabel/draft_ietf.rst +@@ -1,5 +1,4 @@ + Draft IETF CIPSO IP Security + ---------------------------- + +- .. include:: draft-ietf-cipso-ipsecurity-01.txt +- :literal: ++https://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 diff --git a/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch b/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch new file mode 100644 index 000000000..4e42da9a9 --- /dev/null +++ b/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch @@ -0,0 +1,15 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 17 Aug 2009 02:45:41 +0100 +Subject: dvb-usb-af9005: mark as broken +Forwarded: not-needed + +--- a/drivers/media/usb/dvb-usb/Kconfig ++++ b/drivers/media/usb/dvb-usb/Kconfig +@@ -227,6 +227,7 @@ config DVB_USB_OPERA1 + + config DVB_USB_AF9005 + tristate "Afatech AF9005 DVB-T USB1.1 support" ++ depends on BROKEN + depends on DVB_USB + select MEDIA_TUNER_MT2060 if MEDIA_SUBDRV_AUTOSELECT + select MEDIA_TUNER_QT1010 if MEDIA_SUBDRV_AUTOSELECT diff --git a/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch b/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch new file mode 100644 index 000000000..3bf7ca6b3 --- /dev/null +++ b/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch @@ -0,0 +1,55 @@ +From: Frederik Schüler <fs@debian.org> +Date: Fri, 05 Jan 2007 15:55:24 +0000 +Subject: Add removal patches for: 3c359, smctr, keyspan, cops +Forwarded: not-needed + +--- + drivers/net/appletalk/Kconfig | 26 -------------------------- + drivers/net/appletalk/Makefile | 1 - + 2 files changed, 27 deletions(-) + +--- a/drivers/net/appletalk/Kconfig ++++ b/drivers/net/appletalk/Kconfig +@@ -39,35 +39,6 @@ config DEV_APPLETALK + connect to the AppleTalk network, say Y. + + +-config COPS +- tristate "COPS LocalTalk PC support" +- depends on DEV_APPLETALK && ISA +- depends on NETDEVICES +- select NETDEV_LEGACY_INIT +- help +- This allows you to use COPS AppleTalk cards to connect to LocalTalk +- networks. You also need version 1.3.3 or later of the netatalk +- package. This driver is experimental, which means that it may not +- work. This driver will only work if you choose "AppleTalk DDP" +- networking support, above. +- Please read the file +- <file:Documentation/networking/device_drivers/appletalk/cops.rst>. +- +-config COPS_DAYNA +- bool "Dayna firmware support" +- depends on COPS +- help +- Support COPS compatible cards with Dayna style firmware (Dayna +- DL2000/ Daynatalk/PC (half length), COPS LT-95, Farallon PhoneNET PC +- III, Farallon PhoneNET PC II). +- +-config COPS_TANGENT +- bool "Tangent firmware support" +- depends on COPS +- help +- Support COPS compatible cards with Tangent style firmware (Tangent +- ATB_II, Novell NL-1000, Daystar Digital LT-200. +- + config IPDDP + tristate "Appletalk-IP driver support" + depends on DEV_APPLETALK && ATALK +--- a/drivers/net/appletalk/Makefile ++++ b/drivers/net/appletalk/Makefile +@@ -4,4 +4,3 @@ + # + + obj-$(CONFIG_IPDDP) += ipddp.o +-obj-$(CONFIG_COPS) += cops.o diff --git a/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch b/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch new file mode 100644 index 000000000..cbef215c1 --- /dev/null +++ b/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch @@ -0,0 +1,130 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sat, 2 Jun 2012 19:53:38 +0100 +Subject: video: Remove nvidiafb and rivafb +Bug-Debian: https://bugs.debian.org/383481 +Forwarded: no + +These drivers contain register programming code provided by the +hardware vendor that appears to have been deliberately obfuscated. +This is arguably not the preferred form for modification. + +These drivers are also largely redundant with nouveau. The RIVA 128 +(NV3) is not supported by nouveau but is about 15 years old and +probably discontinued 10 years ago. + +--- +--- a/drivers/video/fbdev/Kconfig ++++ b/drivers/video/fbdev/Kconfig +@@ -882,101 +882,6 @@ config FB_ATMEL + help + This enables support for the AT91 LCD Controller. + +-config FB_NVIDIA +- tristate "nVidia Framebuffer Support" +- depends on FB && PCI +- select FB_BACKLIGHT if FB_NVIDIA_BACKLIGHT +- select FB_MODE_HELPERS +- select FB_CFB_FILLRECT +- select FB_CFB_COPYAREA +- select FB_CFB_IMAGEBLIT +- select BITREVERSE +- select VGASTATE +- select VIDEO_NOMODESET +- help +- This driver supports graphics boards with the nVidia chips, TNT +- and newer. For very old chipsets, such as the RIVA128, then use +- the rivafb. +- Say Y if you have such a graphics board. +- +- To compile this driver as a module, choose M here: the +- module will be called nvidiafb. +- +-config FB_NVIDIA_I2C +- bool "Enable DDC Support" +- depends on FB_NVIDIA +- select FB_DDC +- help +- This enables I2C support for nVidia Chipsets. This is used +- only for getting EDID information from the attached display +- allowing for robust video mode handling and switching. +- +- Because fbdev-2.6 requires that drivers must be able to +- independently validate video mode parameters, you should say Y +- here. +- +-config FB_NVIDIA_DEBUG +- bool "Lots of debug output" +- depends on FB_NVIDIA +- help +- Say Y here if you want the nVidia driver to output all sorts +- of debugging information to provide to the maintainer when +- something goes wrong. +- +-config FB_NVIDIA_BACKLIGHT +- bool "Support for backlight control" +- depends on FB_NVIDIA +- default y +- help +- Say Y here if you want to control the backlight of your display. +- +-config FB_RIVA +- tristate "nVidia Riva support" +- depends on FB && PCI +- select FB_BACKLIGHT if FB_RIVA_BACKLIGHT +- select FB_MODE_HELPERS +- select FB_CFB_FILLRECT +- select FB_CFB_COPYAREA +- select FB_CFB_IMAGEBLIT +- select BITREVERSE +- select VGASTATE +- select VIDEO_NOMODESET +- help +- This driver supports graphics boards with the nVidia Riva/Geforce +- chips. +- Say Y if you have such a graphics board. +- +- To compile this driver as a module, choose M here: the +- module will be called rivafb. +- +-config FB_RIVA_I2C +- bool "Enable DDC Support" +- depends on FB_RIVA +- select FB_DDC +- help +- This enables I2C support for nVidia Chipsets. This is used +- only for getting EDID information from the attached display +- allowing for robust video mode handling and switching. +- +- Because fbdev-2.6 requires that drivers must be able to +- independently validate video mode parameters, you should say Y +- here. +- +-config FB_RIVA_DEBUG +- bool "Lots of debug output" +- depends on FB_RIVA +- help +- Say Y here if you want the Riva driver to output all sorts +- of debugging information to provide to the maintainer when +- something goes wrong. +- +-config FB_RIVA_BACKLIGHT +- bool "Support for backlight control" +- depends on FB_RIVA +- default y +- help +- Say Y here if you want to control the backlight of your display. +- + config FB_I740 + tristate "Intel740 support" + depends on FB && PCI +--- a/drivers/video/fbdev/Makefile ++++ b/drivers/video/fbdev/Makefile +@@ -21,8 +21,6 @@ obj-$(CONFIG_FB_PM3) += pm3fb.o + + obj-$(CONFIG_FB_I740) += i740fb.o + obj-$(CONFIG_FB_MATROX) += matrox/ +-obj-$(CONFIG_FB_RIVA) += riva/ +-obj-$(CONFIG_FB_NVIDIA) += nvidia/ + obj-$(CONFIG_FB_ATY) += aty/ macmodes.o + obj-$(CONFIG_FB_ATY128) += aty/ macmodes.o + obj-$(CONFIG_FB_RADEON) += aty/ diff --git a/debian/patches/debian/documentation-drop-sphinx-version-check.patch b/debian/patches/debian/documentation-drop-sphinx-version-check.patch new file mode 100644 index 000000000..7e1260c93 --- /dev/null +++ b/debian/patches/debian/documentation-drop-sphinx-version-check.patch @@ -0,0 +1,56 @@ +From 252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001 +From: Bastian Blank <waldi@debian.org> +Date: Tue, 4 Aug 2020 09:44:19 +0000 +Subject: [PATCH 1/2] Documentation: Drop sphinx version check +Forwarded: not-needed + +--- + Documentation/Makefile | 6 ------ + 1 file changed, 6 deletions(-) + +--- a/Documentation/Makefile ++++ b/Documentation/Makefile +@@ -98,7 +98,6 @@ quiet_cmd_sphinx = SPHINX $@ --> file://$(abspath $(BUILDDIR)/$3/$4) + fi + + htmldocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,html,$(var),,$(var))) + + # If Rust support is available and .config exists, add rustdoc generated contents. +@@ -112,7 +111,6 @@ endif + endif + + texinfodocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,texinfo,$(var),texinfo,$(var))) + + # Note: the 'info' Make target is generated by sphinx itself when +@@ -124,7 +122,6 @@ linkcheckdocs: + @$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,linkcheck,$(var),,$(var))) + + latexdocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,latex,$(var),latex,$(var))) + + ifeq ($(HAVE_PDFLATEX),0) +@@ -136,7 +133,6 @@ pdfdocs: + else # HAVE_PDFLATEX + + pdfdocs: latexdocs +- @$(srctree)/scripts/sphinx-pre-install --version-check + $(foreach var,$(SPHINXDIRS), \ + $(MAKE) PDFLATEX="$(PDFLATEX)" LATEXOPTS="$(LATEXOPTS)" -C $(BUILDDIR)/$(var)/latex || exit; \ + mkdir -p $(BUILDDIR)/$(var)/pdf; \ +@@ -146,11 +142,9 @@ pdfdocs: latexdocs + endif # HAVE_PDFLATEX + + epubdocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,epub,$(var),epub,$(var))) + + xmldocs: +- @$(srctree)/scripts/sphinx-pre-install --version-check + @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,xml,$(var),xml,$(var))) + + endif # HAVE_SPHINX diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch new file mode 100644 index 000000000..4e4238c31 --- /dev/null +++ b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch @@ -0,0 +1,116 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 07 Sep 2020 02:51:53 +0100 +Subject: Export symbols needed by Android drivers +Bug-Debian: https://bugs.debian.org/901492 + +We want to enable use of the Android ashmem and binder drivers to +support Anbox, but they should not be built-in as that would waste +resources and increase security attack surface on systems that don't +need them. + +Export the currently un-exported symbols they depend on. + +--- + fs/file.c | 1 + + kernel/sched/core.c | 1 + + kernel/sched/wait.c | 1 + + kernel/task_work.c | 1 + + mm/memory.c | 1 + + mm/shmem.c | 1 + + security/security.c | 4 ++++ + 7 files changed, 10 insertions(+) + +--- a/fs/file.c ++++ b/fs/file.c +@@ -816,6 +816,7 @@ struct file *close_fd_get_file(unsigned + + return file; + } ++EXPORT_SYMBOL_GPL(close_fd_get_file); + + void do_close_on_exec(struct files_struct *files) + { +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -7253,6 +7253,7 @@ static bool is_nice_reduction(const stru + + return (nice_rlim <= task_rlimit(p, RLIMIT_NICE)); + } ++EXPORT_SYMBOL_GPL(can_nice); + + /* + * can_nice - check if a task can reduce its nice value +--- a/kernel/sched/wait.c ++++ b/kernel/sched/wait.c +@@ -252,6 +252,7 @@ void __wake_up_pollfree(struct wait_queu + /* POLLFREE must have cleared the queue. */ + WARN_ON_ONCE(waitqueue_active(wq_head)); + } ++EXPORT_SYMBOL_GPL(__wake_up_pollfree); + + /* + * Note: we use "set_current_state()" _after_ the wait-queue add, +--- a/kernel/task_work.c ++++ b/kernel/task_work.c +@@ -73,6 +73,7 @@ int task_work_add(struct task_struct *ta + + return 0; + } ++EXPORT_SYMBOL_GPL(task_work_add); + + /** + * task_work_cancel_match - cancel a pending work added by task_work_add() +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1770,6 +1770,7 @@ void zap_page_range_single(struct vm_area_struc + tlb_finish_mmu(&tlb); + hugetlb_zap_end(vma, details); + } ++EXPORT_SYMBOL_GPL(zap_page_range_single); + + /** + * zap_vma_ptes - remove ptes mapping the vma +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -4871,6 +4871,7 @@ int shmem_zero_setup(struct vm_area_stru + + return 0; + } ++EXPORT_SYMBOL_GPL(shmem_zero_setup); + + /** + * shmem_read_folio_gfp - read into page cache, using specified page allocation flags. +--- a/security/security.c ++++ b/security/security.c +@@ -799,6 +799,7 @@ int security_binder_set_context_mgr(const struct cred *mgr) + { + return call_int_hook(binder_set_context_mgr, 0, mgr); + } ++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); + + /** + * security_binder_transaction() - Check if a binder transaction is allowed +@@ -814,6 +815,7 @@ int security_binder_transaction(const struct cred *from, + { + return call_int_hook(binder_transaction, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transaction); + + /** + * security_binder_transfer_binder() - Check if a binder transfer is allowed +@@ -829,6 +831,7 @@ int security_binder_transfer_binder(const struct cred *from, + { + return call_int_hook(binder_transfer_binder, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_binder); + + /** + * security_binder_transfer_file() - Check if a binder file xfer is allowed +@@ -845,6 +848,7 @@ int security_binder_transfer_file(const struct cred *from, + { + return call_int_hook(binder_transfer_file, 0, from, to, file); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_file); + + /** + * security_ptrace_access_check() - Check if tracing is allowed diff --git a/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch b/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch new file mode 100644 index 000000000..88a2b15b3 --- /dev/null +++ b/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS +Date: Wed, 13 Jul 2016 01:37:22 +0100 +Forwarded: not-needed + +Various free and proprietary AV products use this feature and users +apparently want it. But punting access checks to userland seems like +an easy way to deadlock the system, and there will be nothing we can +do about that. So warn and taint the kernel if this feature is +actually used. + +--- +--- a/fs/notify/fanotify/fanotify_user.c ++++ b/fs/notify/fanotify/fanotify_user.c +@@ -1661,6 +1661,14 @@ static int do_fanotify_mark(int fanotify + umask = FANOTIFY_EVENT_FLAGS; + } + ++#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS ++ if (mask & FANOTIFY_PERM_EVENTS) { ++ pr_warn_once("%s (%d): Using fanotify permission checks may lead to deadlock; tainting kernel\n", ++ current->comm, current->pid); ++ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); ++ } ++#endif ++ + f = fdget(fanotify_fd); + if (unlikely(!f.file)) + return -EBADF; diff --git a/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch b/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch new file mode 100644 index 000000000..208eb1e78 --- /dev/null +++ b/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch @@ -0,0 +1,48 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 12 Mar 2018 01:14:03 +0000 +Subject: firmware_class: Refer to Debian wiki page when logging missing firmware +Bug-Debian: https://bugs.debian.org/888405 +Bug-Debian: https://bugs.debian.org/1053764 +Forwarded: not-needed +Last-Update: 2023-11-08 + +If firmware loading fails due to a missing file, log a second error +message referring to our wiki page about firmware. This will explain +why some firmware is in non-free, or can't be packaged at all. Only +do this once per boot. + +Do something similar in the radeon drivers, where we have an early +check to avoid failing at a point where we cannot display anything. + +Update 2023-11-08: +In bug 1053764 Mario Limonciello <mario.limonciello@amd.com> states +that the patch isn't needed anymore for amdgpu, so remove that part +of the patch + +--- +--- a/drivers/base/firmware_loader/main.c ++++ b/drivers/base/firmware_loader/main.c +@@ -580,9 +580,12 @@ fw_get_filesystem_firmware(struct device + } + __putname(path); + +- if (rc) ++ if (rc) { + dev_err(device, "firmware: failed to load %s (%d)\n", + fw_priv->fw_name, rc); ++ if (rc == -ENOENT) ++ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); ++ } + + return rc; + } +--- a/drivers/gpu/drm/radeon/radeon_drv.c ++++ b/drivers/gpu/drm/radeon/radeon_drv.c +@@ -322,6 +322,7 @@ static int radeon_pci_probe(struct pci_d + if ((ent->driver_data & RADEON_FAMILY_MASK) >= CHIP_R600 && + !radeon_firmware_installed()) { + DRM_ERROR("radeon kernel modesetting for R600 or later requires firmware installed\n"); ++ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); + return -ENODEV; + } + diff --git a/debian/patches/debian/fixdep-allow-overriding-hostcc-and-hostld.patch b/debian/patches/debian/fixdep-allow-overriding-hostcc-and-hostld.patch new file mode 100644 index 000000000..f1d856e0a --- /dev/null +++ b/debian/patches/debian/fixdep-allow-overriding-hostcc-and-hostld.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings <benh@debian.org> +Date: Sat, 13 May 2023 13:03:26 +0200 +Subject: fixdep: Allow overriding HOSTCC and HOSTLD +Forwarded: not-needed + +objtool always uses HOSTCC, HOSTLD, and HOSTAR, so we need to override +these on the command line for cross-builds of linux-kbuild. But it +also builds fixdep which still needs to be native in a cross-build. +Add support for REALHOSTCC and REALHOSTLD variables which, if set, +override HOSTCC and HOSTLD for fixdep only. + +--- +--- a/tools/build/Makefile.include ++++ b/tools/build/Makefile.include +@@ -2,7 +2,7 @@ + build := -f $(srctree)/tools/build/Makefile.build dir=. obj + + fixdep: +- $(Q)$(MAKE) -C $(srctree)/tools/build CFLAGS= LDFLAGS= $(OUTPUT)fixdep ++ $(Q)$(MAKE) -C $(srctree)/tools/build HOSTCC=$(or $(REALHOSTCC),$(HOSTCC)) HOSTLD=$(or $(REALHOSTLD),$(HOSTLD)) CFLAGS= LDFLAGS= $(OUTPUT)fixdep + + fixdep-clean: + $(Q)$(MAKE) -C $(srctree)/tools/build clean diff --git a/debian/patches/debian/fjes-disable-autoload.patch b/debian/patches/debian/fjes-disable-autoload.patch new file mode 100644 index 000000000..873c6906e --- /dev/null +++ b/debian/patches/debian/fjes-disable-autoload.patch @@ -0,0 +1,26 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sat, 18 Mar 2017 20:47:58 +0000 +Subject: fjes: Disable auto-loading +Bug-Debian: https://bugs.debian.org/853976 +Forwarded: no + +fjes matches a generic ACPI device ID, and relies on its probe +function to distinguish whether that really corresponds to a supported +device. Very few system will need the driver and it wastes memory on +all the other systems where the same device ID appears, so disable +auto-loading. + +--- +Index: linux/drivers/net/fjes/fjes_main.c +=================================================================== +--- linux.orig/drivers/net/fjes/fjes_main.c ++++ linux/drivers/net/fjes/fjes_main.c +@@ -36,7 +36,7 @@ static const struct acpi_device_id fjes_ + {ACPI_MOTHERBOARD_RESOURCE_HID, 0}, + {"", 0}, + }; +-MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids); ++/* MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids); */ + + static bool is_extended_socket_device(struct acpi_device *device) + { diff --git a/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch b/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch new file mode 100644 index 000000000..eab0e78ee --- /dev/null +++ b/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch @@ -0,0 +1,22 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: fs: Enable link security restrictions by default +Date: Fri, 02 Nov 2012 05:32:06 +0000 +Bug-Debian: https://bugs.debian.org/609455 +Forwarded: not-needed + +This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415 +('VFS: don't do protected {sym,hard}links by default'). + +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -1020,8 +1020,8 @@ static inline void put_link(struct namei + path_put(&last->link); + } + +-static int sysctl_protected_symlinks __read_mostly; +-static int sysctl_protected_hardlinks __read_mostly; ++static int sysctl_protected_symlinks __read_mostly = 1; ++static int sysctl_protected_hardlinks __read_mostly = 1; + static int sysctl_protected_fifos __read_mostly; + static int sysctl_protected_regular __read_mostly; + diff --git a/debian/patches/debian/gitignore.patch b/debian/patches/debian/gitignore.patch new file mode 100644 index 000000000..4be8009d8 --- /dev/null +++ b/debian/patches/debian/gitignore.patch @@ -0,0 +1,53 @@ +From: Ian Campbell <ijc@hellion.org.uk> +Date: Thu, 17 Jan 2013 08:55:21 +0000 +Subject: Tweak gitignore for Debian pkg-kernel using git +Forwarded: not-needed + +[bwh: Tweak further for pure git] + +Index: linux/.gitignore +=================================================================== +--- linux.orig/.gitignore ++++ linux/.gitignore +@@ -77,11 +77,6 @@ modules.order + /kernel.spec + /rpmbuild/ + +-# +-# Debian directory (make deb-pkg) +-# +-/debian/ +- + # + # Snap directory (make snap-pkg) + # +@@ -92,18 +87,6 @@ modules.order + # + /tar-install/ + +-# +-# We don't want to ignore the following even if they are dot-files +-# +-!.clang-format +-!.cocciconfig +-!.get_maintainer.ignore +-!.gitattributes +-!.gitignore +-!.kunitconfig +-!.mailmap +-!.rustfmt.toml +- + # + # Generated include files + # +@@ -170,3 +153,10 @@ sphinx_*/ + + # Rust analyzer configuration + /rust-project.json ++ ++# ++# Debian packaging: ignore everything at the top level, since it isn't ++# included in our repository ++# ++/* ++!/debian/ diff --git a/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch new file mode 100644 index 000000000..b532d0054 --- /dev/null +++ b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch @@ -0,0 +1,48 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 05 Aug 2019 00:29:11 +0100 +Subject: hamradio: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +We can mitigate the effect of vulnerabilities in obscure protocols by +preventing unprivileged users from loading the modules, so that they +are only exploitable on systems where the administrator has chosen to +load the protocol. + +The 'ham' radio protocols (ax25, netrom, rose) are not actively +maintained or widely used. Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -1986,7 +1986,7 @@ module_init(ax25_init); + MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); + MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_AX25); ++/* MODULE_ALIAS_NETPROTO(PF_AX25); */ + + static void __exit ax25_exit(void) + { +--- a/net/netrom/af_netrom.c ++++ b/net/netrom/af_netrom.c +@@ -1486,7 +1486,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NE + MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); + MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_NETROM); ++/* MODULE_ALIAS_NETPROTO(PF_NETROM); */ + + static void __exit nr_exit(void) + { +--- a/net/rose/af_rose.c ++++ b/net/rose/af_rose.c +@@ -1577,7 +1577,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of + MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); + MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS_NETPROTO(PF_ROSE); ++/* MODULE_ALIAS_NETPROTO(PF_ROSE); */ + + static void __exit rose_exit(void) + { diff --git a/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch new file mode 100644 index 000000000..1b216d0d1 --- /dev/null +++ b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Tue, 16 Feb 2016 02:45:42 +0000 +Subject: [i386/686-pae] PCI: Set pci=nobios by default +Forwarded: not-needed + +CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped +W+X, which is undesirable for security reasons and will result in a +warning at boot now that we enable CONFIG_DEBUG_WX. + +This can be overridden using the kernel parameter "pci=nobios", but we +want to disable W+X by default. Disable PCI BIOS probing by default; +it can still be enabled using "pci=bios". + +--- +--- a/arch/x86/pci/common.c ++++ b/arch/x86/pci/common.c +@@ -21,8 +21,8 @@ + #include <asm/setup.h> + #include <asm/irqdomain.h> + +-unsigned int pci_probe = PCI_PROBE_BIOS | PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | +- PCI_PROBE_MMCONF; ++unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | PCI_PROBE_MMCONF | ++ (IS_ENABLED(CONFIG_X86_64) || IS_ENABLED(CONFIG_X86_PAE) ? 0 : PCI_PROBE_BIOS); + + static int pci_bf_sort; + int pci_routeirq; diff --git a/debian/patches/debian/ia64-hardcode-arch-script-output.patch b/debian/patches/debian/ia64-hardcode-arch-script-output.patch new file mode 100644 index 000000000..79356c490 --- /dev/null +++ b/debian/patches/debian/ia64-hardcode-arch-script-output.patch @@ -0,0 +1,71 @@ +From: dann frazier <dannf@debian.org> +Subject: Hardcode arch script output +Date: Mon, 26 Mar 2007 16:30:51 -0600 +Bug-Debian: https://bugs.debian.org/392592 +Forwarded: not-needed + +Here's a patch that simply uses hardcoded definitions instead of +doing the dynamic tests that require architecture-specific scripts. + +I don't particularly like this approach because it restricts +portability and diverts from upstream. But, it is simpler, and this +really needs to be fixed somehow before etch (along with a rebuild of +linux-modules-extra-2.6), so I'm willing to live with it if my other +patch is deemed unacceptable. + +My primary concern is that, in the future, the output of these scripts +will change and we (or our successors) will either not notice or +forget to update the hardcoded values. + +Including the scripts in linux-kbuild will avoid this manual step +altogether, and allow for the possibility of other archs to provide +their own scripts in the future. +--- + arch/ia64/Makefile | 17 ++--------------- + 1 file changed, 2 insertions(+), 15 deletions(-) + +--- a/arch/ia64/Makefile ++++ b/arch/ia64/Makefile +@@ -26,16 +26,7 @@ cflags-y := -pipe $(EXTRA) -ffixed-r13 - + -frename-registers -fno-optimize-sibling-calls + KBUILD_CFLAGS_KERNEL := -mconstant-gp + +-GAS_STATUS = $(shell $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") +-KBUILD_CPPFLAGS += $(shell $(srctree)/arch/ia64/scripts/toolchain-flags "$(CC)" "$(OBJDUMP)" "$(READELF)") +- +-ifeq ($(GAS_STATUS),buggy) +-$(error Sorry, you need a newer version of the assember, one that is built from \ +- a source-tree that post-dates 18-Dec-2002. You can find a pre-compiled \ +- static binary of such an assembler at: \ +- \ +- ftp://ftp.hpl.hp.com/pub/linux-ia64/gas-030124.tar.gz) +-endif ++KBUILD_CPPFLAGS += -DHAVE_WORKING_TEXT_ALIGN -DHAVE_MODEL_SMALL_ATTRIBUTE -DHAVE_SERIALIZE_DIRECTIVE + + quiet_cmd_gzip = GZIP $@ + cmd_gzip = cat $(real-prereqs) | $(KGZIP) -n -f -9 > $@ +@@ -52,7 +42,7 @@ drivers-y += arch/ia64/pci/ arch/ia64/ + + PHONY += compressed check + +-all: compressed unwcheck ++all: compressed + + compressed: vmlinux.gz + +@@ -64,9 +54,6 @@ vmlinux.gz: vmlinux.bin FORCE + vmlinux.bin: vmlinux FORCE + $(call if_changed,objcopy) + +-unwcheck: vmlinux +- -$(Q)READELF=$(READELF) $(PYTHON3) $(srctree)/arch/ia64/scripts/unwcheck.py $< +- + archheaders: + $(Q)$(MAKE) $(build)=arch/ia64/kernel/syscalls all + +@@ -78,5 +66,4 @@ install: vmlinux.gz + define archhelp + echo '* compressed - Build compressed kernel image' + echo ' install - Install compressed kernel image' +- echo '* unwcheck - Check vmlinux for invalid unwind info' + endef diff --git a/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch b/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch new file mode 100644 index 000000000..c8061436d --- /dev/null +++ b/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch @@ -0,0 +1,26 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: iwlwifi: Do not request unreleased firmware for IWL6000 +Bug-Debian: https://bugs.debian.org/689416 +Forwarded: not-needed + +The iwlwifi driver currently supports firmware API versions 4-6 for +these devices. It will request the file for the latest supported +version and then fall back to earlier versions. However, the latest +version that has actually been released is 4, so we expect the +requests for versions 6 and then 5 to fail. + +The installer appears to report any failed request, and it is probably +not easy to detect that this particular failure is harmless. So stop +requesting the unreleased firmware. + +--- a/drivers/net/wireless/intel/iwlwifi/cfg/6000.c ++++ b/drivers/net/wireless/intel/iwlwifi/cfg/6000.c +@@ -31,7 +31,7 @@ + #include "dvm/commands.h" /* needed for BT for now */ + + /* Highest firmware API version supported */ +-#define IWL6000_UCODE_API_MAX 6 ++#define IWL6000_UCODE_API_MAX 4 /* v5-6 are supported but not released */ + #define IWL6050_UCODE_API_MAX 5 + #define IWL6000G2_UCODE_API_MAX 6 + #define IWL6035_UCODE_API_MAX 6 diff --git a/debian/patches/debian/kbuild-abort-build-if-subdirs-used.patch b/debian/patches/debian/kbuild-abort-build-if-subdirs-used.patch new file mode 100644 index 000000000..ec23040d8 --- /dev/null +++ b/debian/patches/debian/kbuild-abort-build-if-subdirs-used.patch @@ -0,0 +1,37 @@ +From: Ben Hutchings <benh@debian.org> +Date: Mon, 26 Apr 2021 18:27:16 +0200 +Subject: kbuild: Abort build if SUBDIRS used +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/987575 + +DKMS and module-assistant both build OOT modules as root. If they +build an old OOT module that still use SUBDIRS this causes Kbuild +to try building a full kernel, which obviously fails but not before +deleting files from the installed headers package. + +To avoid such mishaps, detect this situation and abort the build. + +The error message is based on that used in commit 0126be38d988 +"kbuild: announce removal of SUBDIRS if used". +--- +--- a/Makefile ++++ b/Makefile +@@ -218,6 +218,18 @@ ifeq ("$(origin M)", "command line") + KBUILD_EXTMOD := $(M) + endif + ++# Old syntax make ... SUBDIRS=$PWD should be rejected to avoid mishaps ++# (see Debian bugs #982334, #987575) ++ifndef KBUILD_EXTMOD ++ ifdef SUBDIRS ++ $(warning =============== ERROR ==============) ++ $(warning 'SUBDIRS' was removed in Linux 5.3) ++ $(warning Use 'M=' or 'KBUILD_EXTMOD=' instead) ++ $(warning ====================================) ++ $(error .) ++ endif ++endif ++ + $(if $(word 2, $(KBUILD_EXTMOD)), \ + $(error building multiple external modules is not supported)) + diff --git a/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch b/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch new file mode 100644 index 000000000..eea69e455 --- /dev/null +++ b/debian/patches/debian/kbuild-look-for-module.lds-under-arch-directory-too.patch @@ -0,0 +1,52 @@ +From: Ben Hutchings <benh@debian.org> +Date: Thu, 10 Dec 2020 17:31:39 +0100 +Subject: kbuild: Look for module.lds under arch directory too +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/975571 + +The module.lds linker script is now built under the scripts directory, +where previously it was under arch/$(SRCARCH). + +However, we package the scripts directory as linux-kbuild, which is +meant to be able to do support native and cross-builds. That means it +shouldn't contain files for a specific target architecture without a +wrapper to select between them, and it doesn't appear that linker +scripts are powerful enough to implement such a wrapper. + +Building module.lds in a different location would require relatively +large changes. Moving it in the package build rules can work, but we +need to support custom kernel builds from the same source so we can't +assume it's moved. + +Therefore, we move module.lds under the arch build directory in +rules.real and change Makefile.modfinal to look for it in both places. + +--- +Index: linux/scripts/Makefile.modfinal +=================================================================== +--- linux.orig/scripts/Makefile.modfinal ++++ linux/scripts/Makefile.modfinal +@@ -29,12 +29,13 @@ quiet_cmd_cc_o_c = CC [M] $@ + $(call if_changed_dep,cc_o_c) + + ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink) ++ARCH_MODULE_LDS := $(word 1,$(wildcard scripts/module.lds arch/$(SRCARCH)/module.lds)) + + quiet_cmd_ld_ko_o = LD [M] $@ + cmd_ld_ko_o += \ + $(LD) -r $(KBUILD_LDFLAGS) \ + $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ +- -T scripts/module.lds -o $@ $(filter %.o, $^); \ ++ -T $(ARCH_MODULE_LDS) -o $@ $(filter %.o, $^); \ + $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) + + quiet_cmd_btf_ko = BTF [M] $@ +@@ -57,7 +58,7 @@ if_changed_except = $(if $(call newer_pr + printf '%s\n' 'savedcmd_$@ := $(make-cmd)' > $(dot-target).cmd, @:) + + # Re-generate module BTFs if either module's .ko or vmlinux changed +-%.ko: %.o %.mod.o scripts/module.lds $(and $(CONFIG_DEBUG_INFO_BTF_MODULES),$(KBUILD_BUILTIN),vmlinux) FORCE ++%.ko: %.o %.mod.o $(ARCH_MODULE_LDS) $(and $(CONFIG_DEBUG_INFO_BTF_MODULES),$(KBUILD_BUILTIN),vmlinux) FORCE + +$(call if_changed_except,ld_ko_o,vmlinux) + ifdef CONFIG_DEBUG_INFO_BTF_MODULES + +$(if $(newer-prereqs),$(call cmd,btf_ko)) diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch new file mode 100644 index 000000000..ef427ab19 --- /dev/null +++ b/debian/patches/debian/kernelvariables.patch @@ -0,0 +1,92 @@ +From: Bastian Blank <waldi@debian.org> +Subject: kbuild: Make the toolchain variables easily overwritable +Date: Sun, 22 Feb 2009 15:39:35 +0100 +Forwarded: not-needed + +Allow make variables to be overridden for each flavour by a file in +the build tree, .kernelvariables. + +We currently use this for ARCH, KERNELRELEASE, CC, and in some cases +also CROSS_COMPILE, KCFLAGS. + +This file can only be read after we establish the build tree, and all +use of $(ARCH) needs to be moved after this. + +[bwh: Updated for 5.3: include .kernelvariables from current directory + rather than using undefined $(obj).] +--- +--- a/Makefile ++++ b/Makefile +@@ -406,36 +406,6 @@ include $(srctree)/scripts/subarch.inclu + # Note: Some architectures assign CROSS_COMPILE in their arch/*/Makefile + ARCH ?= $(SUBARCH) + +-# Architecture as present in compile.h +-UTS_MACHINE := $(ARCH) +-SRCARCH := $(ARCH) +- +-# Additional ARCH settings for x86 +-ifeq ($(ARCH),i386) +- SRCARCH := x86 +-endif +-ifeq ($(ARCH),x86_64) +- SRCARCH := x86 +-endif +- +-# Additional ARCH settings for sparc +-ifeq ($(ARCH),sparc32) +- SRCARCH := sparc +-endif +-ifeq ($(ARCH),sparc64) +- SRCARCH := sparc +-endif +- +-# Additional ARCH settings for parisc +-ifeq ($(ARCH),parisc64) +- SRCARCH := parisc +-endif +- +-export cross_compiling := +-ifneq ($(SRCARCH),$(SUBARCH)) +-cross_compiling := 1 +-endif +- + KCONFIG_CONFIG ?= .config + export KCONFIG_CONFIG + +@@ -551,6 +521,35 @@ RUSTFLAGS_KERNEL = + AFLAGS_KERNEL = + LDFLAGS_vmlinux = + ++-include .kernelvariables ++ ++# Architecture as present in compile.h ++UTS_MACHINE := $(ARCH) ++SRCARCH := $(ARCH) ++ ++# Additional ARCH settings for x86 ++ifeq ($(ARCH),i386) ++ SRCARCH := x86 ++endif ++ifeq ($(ARCH),x86_64) ++ SRCARCH := x86 ++endif ++ ++# Additional ARCH settings for sparc ++ifeq ($(ARCH),sparc64) ++ SRCARCH := sparc ++endif ++ ++# Additional ARCH settings for parisc ++ifeq ($(ARCH),parisc64) ++ SRCARCH := parisc ++endif ++ ++# Additional ARCH settings for sh ++ifeq ($(ARCH),sh64) ++ SRCARCH := sh ++endif ++ + # Use USERINCLUDE when you must reference the UAPI directories only. + USERINCLUDE := \ + -I$(srctree)/arch/$(SRCARCH)/include/uapi \ diff --git a/debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch b/debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch new file mode 100644 index 000000000..f0d5c80d7 --- /dev/null +++ b/debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch @@ -0,0 +1,31 @@ +From: Ben Hutchings <benh@debian.org> +Date: Thu, 15 Sep 2022 02:14:03 +0200 +Subject: Makefile: Make compiler version comparison optional +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/1019749 + +The top-level Makefile warns if the compiler version string changes at +all between the kernel build and an out-of-tree module build. + +We expect that major compiler version changes could introduce ABI +changes, and override the CC variable in out-of-tree module builds to +ensure that the same major compiler version is used. But minor +version changes should not make a difference, so this exact version +comparison produces false warnings. + +Since custom kernel packages don't have that, don't remove the version +comparison. Instead, skip it if $(DEBIAN_KERNEL_NO_CC_VERSION_CHECK) +is non-empty. + +--- +--- a/Makefile ++++ b/Makefile +@@ -1753,7 +1753,7 @@ PHONY += prepare + # now expand this into a simple variable to reduce the cost of shell evaluations + prepare: CC_VERSION_TEXT := $(CC_VERSION_TEXT) + prepare: +- @if [ "$(CC_VERSION_TEXT)" != "$(CONFIG_CC_VERSION_TEXT)" ]; then \ ++ @if [ -z "$(DEBIAN_KERNEL_NO_CC_VERSION_CHECK)" ] && [ "$(CC_VERSION_TEXT)" != "$(CONFIG_CC_VERSION_TEXT)" ]; then \ + echo >&2 "warning: the compiler differs from the one used to build the kernel"; \ + echo >&2 " The kernel was built by: $(CONFIG_CC_VERSION_TEXT)"; \ + echo >&2 " You are using: $(CC_VERSION_TEXT)"; \ diff --git a/debian/patches/debian/mips-boston-disable-its.patch b/debian/patches/debian/mips-boston-disable-its.patch new file mode 100644 index 000000000..ca4de2daa --- /dev/null +++ b/debian/patches/debian/mips-boston-disable-its.patch @@ -0,0 +1,22 @@ +From: YunQiang Su <syq@debian.org> +Date: Mon, 14 May 2018 16:16:18 +0800 +Subject: Disable uImage generation for mips generic +Forwarded: not-needed + +MIPS generic trys to generate uImage when build, which then ask for +u-boot-tools. + +[bwh: Updated for 5.17: + - zload-y is no longer assigned here and appears to default to empty + - Adjust context] + +--- a/arch/mips/generic/Platform ++++ b/arch/mips/generic/Platform +@@ -13,7 +13,6 @@ cflags-$(CONFIG_MACH_INGENIC_SOC) += -I$ + cflags-$(CONFIG_MIPS_GENERIC) += -I$(srctree)/arch/mips/include/asm/mach-generic + + load-$(CONFIG_MIPS_GENERIC) += 0xffffffff80100000 +-all-$(CONFIG_MIPS_GENERIC) += vmlinux.gz.itb + + its-y := vmlinux.its.S + its-$(CONFIG_FIT_IMAGE_FDT_BOSTON) += board-boston.its.S diff --git a/debian/patches/debian/mips-disable-werror.patch b/debian/patches/debian/mips-disable-werror.patch new file mode 100644 index 000000000..52231cc44 --- /dev/null +++ b/debian/patches/debian/mips-disable-werror.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 13 Sep 2010 02:16:18 +0100 +Subject: [PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild" +Forwarded: not-needed + +This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and +5373633cc9253ba82547473e899cab141c54133e. + +We really don't want to add -Werror anywhere. +--- +--- a/arch/mips/Kbuild ++++ b/arch/mips/Kbuild +@@ -1,10 +1,4 @@ + # SPDX-License-Identifier: GPL-2.0 +-# Fail on warnings - also for files referenced in subdirs +-# -Werror can be disabled for specific files using: +-# CFLAGS_<file.o> := -Wno-error +-ifeq ($(W),) +-subdir-ccflags-y := -Werror +-endif + + # platform specific definitions + include $(srctree)/arch/mips/Kbuild.platforms diff --git a/debian/patches/debian/mips-ieee754-relaxed.patch b/debian/patches/debian/mips-ieee754-relaxed.patch new file mode 100644 index 000000000..20dff251c --- /dev/null +++ b/debian/patches/debian/mips-ieee754-relaxed.patch @@ -0,0 +1,32 @@ +From: YunQiang Su <syq@debian.org> +Date: Mon 16 Nov 2020 09:11:00 +0800 +Subject: Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only +Forwarded: not-needed + +There are 2 mode of value of IEEE NaN hardcoded by CPU. +Currently, our mipsel/mips64el port is in so-called lagacy mode. +Loongson 3A 4000 is set as the so-called 2008 mode. + +To make Debian workable on Loongson 3A 4000, we need set the kerenl in +RELAXED mode. + +https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking + +diff --git a/arch/mips/kernel/fpu-probe.c b/arch/mips/kernel/fpu-probe.c +index e689d6a83..667226f94 100644 +--- a/arch/mips/kernel/fpu-probe.c ++++ b/arch/mips/kernel/fpu-probe.c +@@ -144,7 +144,12 @@ static void cpu_set_fpu_2008(struct cpuinfo_mips *c) + * IEEE 754 conformance mode to use. Affects the NaN encoding and the + * ABS.fmt/NEG.fmt execution mode. + */ +-static enum { STRICT, LEGACY, STD2008, RELAXED } ieee754 = STRICT; ++enum ieee754_mode { STRICT, LEGACY, STD2008, RELAXED }; ++#ifdef CONFIG_CPU_LOONGSON64 ++static enum ieee754_mode ieee754 = RELAXED; ++#else ++static enum ieee754_mode ieee754 = STRICT; ++#endif + + /* + * Set the IEEE 754 NaN encodings and the ABS.fmt/NEG.fmt execution modes diff --git a/debian/patches/debian/module-avoid-abi-changes-when-debug-info-is-disabled.patch b/debian/patches/debian/module-avoid-abi-changes-when-debug-info-is-disabled.patch new file mode 100644 index 000000000..3582f4ba3 --- /dev/null +++ b/debian/patches/debian/module-avoid-abi-changes-when-debug-info-is-disabled.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings <benh@debian.org> +Date: Fri, 13 May 2022 21:08:08 +0200 +Subject: module: Avoid ABI changes when debug info is disabled +Forwarded: not-needed + +CI builds are done with debug info disabled, but this removes some +members from struct module. This causes builds to fail if there is an +ABI reference for the current ABI. + +Define these members unconditionally, so that there is no ABI change. + +--- +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -471,7 +471,7 @@ struct module { + unsigned int num_bpf_raw_events; + struct bpf_raw_event_map *bpf_raw_events; + #endif +-#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++#if 1 + unsigned int btf_data_size; + void *btf_data; + #endif diff --git a/debian/patches/debian/ntfs-mark-it-as-broken.patch b/debian/patches/debian/ntfs-mark-it-as-broken.patch new file mode 100644 index 000000000..0f59a9f44 --- /dev/null +++ b/debian/patches/debian/ntfs-mark-it-as-broken.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Thu, 25 Apr 2019 15:31:33 +0100 +Subject: ntfs: mark it as broken +Forwarded: not-needed + +NTFS has unfixed issues CVE-2018-12929, CVE-2018-12930, and +CVE-2018-12931. ntfs-3g is a better supported alternative. + +Make sure it can't be enabled even in custom kernels. + +--- +Index: debian-kernel/fs/ntfs/Kconfig +=================================================================== +--- debian-kernel.orig/fs/ntfs/Kconfig ++++ debian-kernel/fs/ntfs/Kconfig +@@ -1,6 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0-only + config NTFS_FS + tristate "NTFS file system support" ++ depends on BROKEN + select BUFFER_HEAD + select NLS + help diff --git a/debian/patches/debian/perf-traceevent-support-asciidoctor-for-documentatio.patch b/debian/patches/debian/perf-traceevent-support-asciidoctor-for-documentatio.patch new file mode 100644 index 000000000..a1cbb2c0b --- /dev/null +++ b/debian/patches/debian/perf-traceevent-support-asciidoctor-for-documentatio.patch @@ -0,0 +1,40 @@ +From cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001 +From: Bastian Blank <waldi@debian.org> +Date: Tue, 4 Aug 2020 09:44:37 +0000 +Subject: [PATCH 2/2] perf/traceevent: Support asciidoctor for documentation +Forwarded: not-needed + +--- + tools/lib/perf/Documentation/Makefile | 2 +- + tools/perf/Documentation/Makefile | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/lib/perf/Documentation/Makefile b/tools/lib/perf/Documentation/Makefile +index 972754082a85..272d06173a3e 100644 +--- a/tools/lib/perf/Documentation/Makefile ++++ b/tools/lib/perf/Documentation/Makefile +@@ -35,7 +35,7 @@ htmldir = $(docdir)/html + exdir = $(docdir)/examples + + ASCIIDOC = asciidoc +-ASCIIDOC_EXTRA = --unsafe -f asciidoc.conf ++ASCIIDOC_EXTRA = + ASCIIDOC_HTML = xhtml11 + MANPAGE_XSL = manpage-normal.xsl + XMLTO_EXTRA = +diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile +index 6e54979c2124..7bfa6ae971ab 100644 +--- a/tools/perf/Documentation/Makefile ++++ b/tools/perf/Documentation/Makefile +@@ -48,7 +48,7 @@ man5dir=$(mandir)/man5 + man7dir=$(mandir)/man7 + + ASCIIDOC=asciidoc +-ASCIIDOC_EXTRA += --unsafe -f asciidoc.conf ++ASCIIDOC_EXTRA += + ASCIIDOC_HTML = xhtml11 + MANPAGE_XSL = manpage-normal.xsl + XMLTO_EXTRA = +-- +2.28.0 + diff --git a/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch b/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch new file mode 100644 index 000000000..3343aecac --- /dev/null +++ b/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch @@ -0,0 +1,34 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 19 Nov 2010 02:12:48 +0000 +Subject: [PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits +Forwarded: not-needed + +Recent review has revealed several bugs in obscure protocol +implementations that can be exploited by local users for denial of +service or privilege escalation. We can mitigate the effect of any +remaining vulnerabilities in such protocols by preventing unprivileged +users from loading the modules, so that they are only exploitable on +systems where the administrator has chosen to load the protocol. + +The 'rds' protocol is one such protocol that has been found to be +vulnerable, and which was not present in the 'lenny' kernel. +Therefore disable auto-loading. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + net/rds/af_rds.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c +index 98e0538..d8d4525 100644 +--- a/net/rds/af_rds.c ++++ b/net/rds/af_rds.c +@@ -574,4 +574,4 @@ MODULE_DESCRIPTION("RDS: Reliable Datagram Sockets" + " v" DRV_VERSION " (" DRV_RELDATE ")"); + MODULE_VERSION(DRV_VERSION); + MODULE_LICENSE("Dual BSD/GPL"); +-MODULE_ALIAS_NETPROTO(PF_RDS); ++/* MODULE_ALIAS_NETPROTO(PF_RDS); */ +-- +1.7.2.3 + diff --git a/debian/patches/debian/sched-autogroup-disabled.patch b/debian/patches/debian/sched-autogroup-disabled.patch new file mode 100644 index 000000000..c616fa46e --- /dev/null +++ b/debian/patches/debian/sched-autogroup-disabled.patch @@ -0,0 +1,19 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: sched: Do not enable autogrouping by default +Date: Wed, 16 Mar 2011 03:17:06 +0000 +Forwarded: not-needed + +We want to provide the option of autogrouping but without enabling +it by default yet. + +--- a/kernel/sched/autogroup.c ++++ b/kernel/sched/autogroup.c +@@ -4,7 +4,7 @@ + * Auto-group scheduling implementation: + */ + +-unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1; ++unsigned int __read_mostly sysctl_sched_autogroup_enabled = 0; + static struct autogroup autogroup_default; + static atomic_t autogroup_seq_nr; + diff --git a/debian/patches/debian/snd-pcsp-disable-autoload.patch b/debian/patches/debian/snd-pcsp-disable-autoload.patch new file mode 100644 index 000000000..e593f5144 --- /dev/null +++ b/debian/patches/debian/snd-pcsp-disable-autoload.patch @@ -0,0 +1,30 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Wed, 05 Feb 2014 23:01:30 +0000 +Subject: snd-pcsp: Disable autoload +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/697709 + +There are two drivers claiming the platform:pcspkr device: +- pcspkr creates an input(!) device that can only beep +- snd-pcsp creates an equivalent input device plus a PCM device that can + play barely recognisable renditions of sampled sound + +snd-pcsp is blacklisted by the alsa-base package, but not everyone +installs that. On PCs where no sound is wanted at all, both drivers +will still be loaded and one or other will complain that it couldn't +claim the relevant I/O range. + +In case anyone finds snd-pcsp useful, we continue to build it. But +remove the alias, to ensure it's not loaded where it's not wanted. + +--- a/sound/drivers/pcsp/pcsp.c ++++ b/sound/drivers/pcsp/pcsp.c +@@ -22,7 +22,7 @@ + MODULE_AUTHOR("Stas Sergeev <stsp@users.sourceforge.net>"); + MODULE_DESCRIPTION("PC-Speaker driver"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("platform:pcspkr"); ++/*MODULE_ALIAS("platform:pcspkr");*/ + + static int index = SNDRV_DEFAULT_IDX1; /* Index 0-MAX */ + static char *id = SNDRV_DEFAULT_STR1; /* ID for this card */ diff --git a/debian/patches/debian/tools-perf-install-python-bindings.patch b/debian/patches/debian/tools-perf-install-python-bindings.patch new file mode 100644 index 000000000..c3f174741 --- /dev/null +++ b/debian/patches/debian/tools-perf-install-python-bindings.patch @@ -0,0 +1,26 @@ +From: Adriaan Schmidt <adriaan.schmidt@siemens.com> +Date: Mon, 4 Apr 2022 13:38:33 +0200 +Subject: tools: install perf python bindings +Bug-Debian: http://bugs.debian.org/860957 +Forwarded: not-needed + +--- + tools/perf/Makefile.perf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf +index 80522bcfafe0..b011c7aae742 100644 +--- a/tools/perf/Makefile.perf ++++ b/tools/perf/Makefile.perf +@@ -1026,7 +1026,7 @@ install-bin: install-tools install-tests install-traceevent-plugins + install: install-bin try-install-man + + install-python_ext: +- $(PYTHON_WORD) util/setup.py --quiet install --root='/$(DESTDIR_SQ)' ++ $(PYTHON_WORD) util/setup.py --quiet install --root='/$(DESTDIR_SQ)' --install-layout=deb + + # 'make install-doc' should call 'make -C Documentation install' + $(INSTALL_DOC_TARGETS): +-- +2.30.2 + diff --git a/debian/patches/debian/tools-perf-perf-read-vdso-in-libexec.patch b/debian/patches/debian/tools-perf-perf-read-vdso-in-libexec.patch new file mode 100644 index 000000000..044f58469 --- /dev/null +++ b/debian/patches/debian/tools-perf-perf-read-vdso-in-libexec.patch @@ -0,0 +1,32 @@ +From: Ben Hutchings <benh@debian.org> +Date: Mon, 11 May 2015 02:51:07 +0000 +Subject: linux-tools: Install perf-read-vdso{,x}32 in directory under /usr/lib + +--- a/tools/perf/Makefile.perf ++++ b/tools/perf/Makefile.perf +@@ -943,21 +943,21 @@ install-tools: all install-gtk + $(LN) '$(DESTDIR_SQ)$(bindir_SQ)/perf' '$(DESTDIR_SQ)$(bindir_SQ)/trace'; \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(includedir_SQ)/perf'; \ + $(INSTALL) -m 644 include/perf/perf_dlfilter.h -t '$(DESTDIR_SQ)$(includedir_SQ)/perf' ++ $(call QUIET_INSTALL, libexec) \ ++ $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)' + ifndef NO_PERF_READ_VDSO32 + $(call QUIET_INSTALL, perf-read-vdso32) \ +- $(INSTALL) $(OUTPUT)perf-read-vdso32 '$(DESTDIR_SQ)$(bindir_SQ)'; ++ $(INSTALL) $(OUTPUT)perf-read-vdso32 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)'; + endif + ifndef NO_PERF_READ_VDSOX32 + $(call QUIET_INSTALL, perf-read-vdsox32) \ +- $(INSTALL) $(OUTPUT)perf-read-vdsox32 '$(DESTDIR_SQ)$(bindir_SQ)'; ++ $(INSTALL) $(OUTPUT)perf-read-vdsox32 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)'; + endif + ifndef NO_JVMTI + $(call QUIET_INSTALL, $(LIBJVMTI)) \ + $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(libdir_SQ)'; \ + $(INSTALL) $(OUTPUT)$(LIBJVMTI) '$(DESTDIR_SQ)$(libdir_SQ)'; + endif +- $(call QUIET_INSTALL, libexec) \ +- $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)' + $(call QUIET_INSTALL, perf-archive) \ + $(INSTALL) $(OUTPUT)perf-archive -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)' + $(call QUIET_INSTALL, perf-iostat) \ diff --git a/debian/patches/debian/uname-version-timestamp.patch b/debian/patches/debian/uname-version-timestamp.patch new file mode 100644 index 000000000..4be158e09 --- /dev/null +++ b/debian/patches/debian/uname-version-timestamp.patch @@ -0,0 +1,26 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: Make mkcompile_h accept an alternate timestamp string +Date: Tue, 12 May 2015 19:29:22 +0100 +Forwarded: not-needed + +We want to include the Debian version in the utsname::version string +instead of a full timestamp string. However, we still need to provide +a standard timestamp string for gen_initramfs_list.sh to make the +kernel image reproducible. + +Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to +$KBUILD_BUILD_TIMESTAMP. + +Index: linux/init/Makefile +=================================================================== +--- linux.orig/init/Makefile ++++ linux/init/Makefile +@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) : + preempt-flag-$(CONFIG_PREEMPT_RT) := PREEMPT_RT + + build-version = $(or $(KBUILD_BUILD_VERSION), $(build-version-auto)) +-build-timestamp = $(or $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto)) ++build-timestamp = $(or $(KBUILD_BUILD_VERSION_TIMESTAMP), $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto)) + + # Maximum length of UTS_VERSION is 64 chars + filechk_uts_version = \ diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch new file mode 100644 index 000000000..7f80a9dd0 --- /dev/null +++ b/debian/patches/debian/version.patch @@ -0,0 +1,174 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: Include package version along with kernel release in stack traces +Date: Tue, 24 Jul 2012 03:13:10 +0100 +Forwarded: not-needed + +For distribution binary packages we assume +$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION +are set. +--- + Makefile | 15 ++++++++++++++- + arch/ia64/kernel/process.c | 5 +++-- + arch/powerpc/kernel/process.c | 6 ++++-- + arch/x86/um/sysrq_64.c | 6 ++++-- + kernel/hung_task.c | 6 ++++-- + lib/dump_stack.c | 6 ++++-- + 6 files changed, 33 insertions(+), 11 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -1268,7 +1268,8 @@ PHONY += prepare archprepare + + archprepare: outputmakefile archheaders archscripts scripts include/config/kernel.release \ + asm-generic $(version_h) include/generated/utsrelease.h \ +- include/generated/compile.h include/generated/autoconf.h remove-stale-files ++ include/generated/compile.h include/generated/autoconf.h \ ++ include/generated/package.h remove-stale-files + + prepare0: archprepare + $(Q)$(MAKE) $(build)=scripts/mod +@@ -1326,6 +1327,16 @@ define filechk_version.h + echo \#define LINUX_VERSION_SUBLEVEL $(SUBLEVEL) + endef + ++ifneq ($(DISTRIBUTION_OFFICIAL_BUILD),) ++define filechk_package.h ++ echo \#define LINUX_PACKAGE_ID \" $(DISTRIBUTOR) $(DISTRIBUTION_VERSION)\" ++endef ++else ++define filechk_package.h ++ echo \#define LINUX_PACKAGE_ID \"\" ++endef ++endif ++ + $(version_h): PATCHLEVEL := $(or $(PATCHLEVEL), 0) + $(version_h): SUBLEVEL := $(or $(SUBLEVEL), 0) + $(version_h): FORCE +@@ -1340,6 +1351,9 @@ filechk_compile.h = $(srctree)/scripts/m + include/generated/compile.h: FORCE + $(call filechk,compile.h) + ++include/generated/package.h: $(srctree)/Makefile FORCE ++ $(call filechk,package.h) ++ + PHONY += headerdep + headerdep: + $(Q)find $(srctree)/include/ -name '*.h' | xargs --max-args 1 \ +--- a/arch/ia64/kernel/process.c ++++ b/arch/ia64/kernel/process.c +@@ -35,6 +35,7 @@ + #include <linux/utsname.h> + #include <linux/resume_user_mode.h> + #include <linux/rcupdate.h> ++#include <generated/package.h> + + #include <asm/cpu.h> + #include <asm/delay.h> +@@ -102,9 +103,9 @@ show_regs (struct pt_regs *regs) + print_modules(); + printk("\n"); + show_regs_print_info(KERN_DEFAULT); +- printk("psr : %016lx ifs : %016lx ip : [<%016lx>] %s (%s)\n", ++ printk("psr : %016lx ifs : %016lx ip : [<%016lx>] %s (%s%s)\n", + regs->cr_ipsr, regs->cr_ifs, ip, print_tainted(), +- init_utsname()->release); ++ init_utsname()->release, LINUX_PACKAGE_ID); + printk("ip is at %pS\n", (void *)ip); + printk("unat: %016lx pfs : %016lx rsc : %016lx\n", + regs->ar_unat, regs->ar_pfs, regs->ar_rsc); +--- a/arch/powerpc/kernel/process.c ++++ b/arch/powerpc/kernel/process.c +@@ -38,6 +38,7 @@ + #include <linux/uaccess.h> + #include <linux/pkeys.h> + #include <linux/seq_buf.h> ++#include <generated/package.h> + + #include <asm/interrupt.h> + #include <asm/io.h> +@@ -1555,8 +1556,9 @@ static void __show_regs(struct pt_regs * + + printk("NIP: "REG" LR: "REG" CTR: "REG"\n", + regs->nip, regs->link, regs->ctr); +- printk("REGS: %px TRAP: %04lx %s (%s)\n", +- regs, regs->trap, print_tainted(), init_utsname()->release); ++ printk("REGS: %px TRAP: %04lx %s (%s%s)\n", ++ regs, regs->trap, print_tainted(), init_utsname()->release, ++ LINUX_PACKAGE_ID); + printk("MSR: "REG" ", regs->msr); + print_msr_bits(regs->msr); + pr_cont(" CR: %08lx XER: %08lx\n", regs->ccr, regs->xer); +--- a/arch/x86/um/sysrq_64.c ++++ b/arch/x86/um/sysrq_64.c +@@ -9,6 +9,7 @@ + #include <linux/sched.h> + #include <linux/sched/debug.h> + #include <linux/utsname.h> ++#include <generated/package.h> + #include <asm/current.h> + #include <asm/ptrace.h> + #include <asm/sysrq.h> +@@ -17,8 +18,9 @@ void show_regs(struct pt_regs *regs) + { + printk("\n"); + print_modules(); +- printk(KERN_INFO "Pid: %d, comm: %.20s %s %s\n", task_pid_nr(current), +- current->comm, print_tainted(), init_utsname()->release); ++ printk(KERN_INFO "Pid: %d, comm: %.20s %s %s%s\n", task_pid_nr(current), ++ current->comm, print_tainted(), init_utsname()->release, ++ LINUX_PACKAGE_ID); + printk(KERN_INFO "RIP: %04lx:%pS\n", PT_REGS_CS(regs) & 0xffff, + (void *)PT_REGS_IP(regs)); + printk(KERN_INFO "RSP: %016lx EFLAGS: %08lx\n", PT_REGS_SP(regs), +--- a/kernel/hung_task.c ++++ b/kernel/hung_task.c +@@ -24,6 +24,7 @@ + #include <linux/sched/sysctl.h> + + #include <trace/events/sched.h> ++#include <generated/package.h> + + /* + * The number of tasks checked: +@@ -131,10 +132,11 @@ static void check_hung_task(struct task_ + sysctl_hung_task_warnings--; + pr_err("INFO: task %s:%d blocked for more than %ld seconds.\n", + t->comm, t->pid, (jiffies - t->last_switch_time) / HZ); +- pr_err(" %s %s %.*s\n", ++ pr_err(" %s %s %.*s%s\n", + print_tainted(), init_utsname()->release, + (int)strcspn(init_utsname()->version, " "), +- init_utsname()->version); ++ init_utsname()->version, ++ LINUX_PACKAGE_ID); + pr_err("\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\"" + " disables this message.\n"); + sched_show_task(t); +--- a/lib/dump_stack.c ++++ b/lib/dump_stack.c +@@ -14,6 +14,7 @@ + #include <linux/kexec.h> + #include <linux/utsname.h> + #include <linux/stop_machine.h> ++#include <generated/package.h> + + static char dump_stack_arch_desc_str[128]; + +@@ -54,13 +55,15 @@ void __init dump_stack_set_arch_desc(con + */ + void dump_stack_print_info(const char *log_lvl) + { +- printk("%sCPU: %d PID: %d Comm: %.20s %s%s %s %.*s" BUILD_ID_FMT "\n", ++ printk("%sCPU: %d PID: %d Comm: %.20s %s%s %s %.*s %s" BUILD_ID_FMT "\n", + log_lvl, raw_smp_processor_id(), current->pid, current->comm, + kexec_crash_loaded() ? "Kdump: loaded " : "", + print_tainted(), + init_utsname()->release, + (int)strcspn(init_utsname()->version, " "), +- init_utsname()->version, BUILD_ID_VAL); ++ init_utsname()->version, ++ LINUX_PACKAGE_ID, ++ BUILD_ID_VAL); + + if (dump_stack_arch_desc_str[0] != '\0') + printk("%sHardware name: %s\n", diff --git a/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch b/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch new file mode 100644 index 000000000..edbf8657f --- /dev/null +++ b/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch @@ -0,0 +1,1452 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 13 Apr 2018 20:10:28 +0100 +Subject: wireless: Add Debian wireless-regdb certificates +Forwarded: not-needed + +This hex dump is generated using: + +{ + for cert in debian/certs/wireless-regdb-*.pem; do + openssl x509 -in $cert -outform der; + done +} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex +--- + net/wireless/certs/debian.hex | 1426 +++++++++++++++++++++++++++++++++ + 1 file changed, 1426 insertions(+) + create mode 100644 net/wireless/certs/debian.hex + +diff --git a/net/wireless/certs/debian.hex b/net/wireless/certs/debian.hex +new file mode 100644 +index 000000000000..c5ab03f8c500 +--- /dev/null ++++ b/net/wireless/certs/debian.hex +@@ -0,0 +1,1426 @@ ++0x30, ++0x82, ++0x02, ++0xbd, ++0x30, ++0x82, ++0x01, ++0xa5, ++0x02, ++0x14, ++0x57, ++0x7e, ++0x02, ++0x1c, ++0xb9, ++0x80, ++0xe0, ++0xe8, ++0x20, ++0x82, ++0x1b, ++0xa7, ++0xb5, ++0x4b, ++0x49, ++0x61, ++0xb8, ++0xb4, ++0xfa, ++0xdf, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x30, ++0x1a, ++0x31, ++0x18, ++0x30, ++0x16, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x0f, ++0x62, ++0x65, ++0x6e, ++0x68, ++0x40, ++0x64, ++0x65, ++0x62, ++0x69, ++0x61, ++0x6e, ++0x2e, ++0x6f, ++0x72, ++0x67, ++0x30, ++0x20, ++0x17, ++0x0d, ++0x32, ++0x30, ++0x30, ++0x31, ++0x33, ++0x30, ++0x31, ++0x33, ++0x32, ++0x36, ++0x31, ++0x33, ++0x5a, ++0x18, ++0x0f, ++0x32, ++0x31, ++0x32, ++0x30, ++0x30, ++0x31, ++0x30, ++0x36, ++0x31, ++0x33, ++0x32, ++0x36, ++0x31, ++0x33, ++0x5a, ++0x30, ++0x1a, ++0x31, ++0x18, ++0x30, ++0x16, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x0f, ++0x62, ++0x65, ++0x6e, ++0x68, ++0x40, ++0x64, ++0x65, ++0x62, ++0x69, ++0x61, ++0x6e, ++0x2e, ++0x6f, ++0x72, ++0x67, ++0x30, ++0x82, ++0x01, ++0x22, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x01, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x0f, ++0x00, ++0x30, ++0x82, ++0x01, ++0x0a, ++0x02, ++0x82, ++0x01, ++0x01, ++0x00, ++0x9d, ++0xe1, ++0x77, ++0xa0, ++0x24, ++0xa0, ++0xd5, ++0x79, ++0x65, ++0x3a, ++0x07, ++0x90, ++0xc9, ++0xf6, ++0xa5, ++0xa6, ++0x1f, ++0x84, ++0x1c, ++0x23, ++0x07, ++0x4b, ++0x4f, ++0xa5, ++0x03, ++0xc6, ++0x0f, ++0xf7, ++0x54, ++0xd5, ++0x8b, ++0x7e, ++0x79, ++0x81, ++0x00, ++0xd2, ++0xe9, ++0x3d, ++0xf4, ++0x97, ++0xfe, ++0x84, ++0xcd, ++0x55, ++0xbd, ++0xc9, ++0x8f, ++0x21, ++0x57, ++0x88, ++0x06, ++0x39, ++0x90, ++0x66, ++0x41, ++0x26, ++0x79, ++0x2c, ++0xca, ++0x3f, ++0x95, ++0x87, ++0x01, ++0x11, ++0x2f, ++0x2f, ++0xb0, ++0xe1, ++0x0b, ++0x43, ++0xfc, ++0x5f, ++0x2f, ++0x4f, ++0x67, ++0x04, ++0xdb, ++0x4d, ++0xb7, ++0x72, ++0x4d, ++0xd1, ++0xc5, ++0x76, ++0x73, ++0x4d, ++0x91, ++0x69, ++0xb0, ++0x71, ++0x17, ++0x36, ++0xea, ++0xab, ++0x0a, ++0x3a, ++0xcd, ++0x95, ++0x9b, ++0x76, ++0x1b, ++0x8e, ++0x21, ++0x17, ++0x8f, ++0xc5, ++0x02, ++0xbf, ++0x24, ++0xc7, ++0xc0, ++0x40, ++0xb1, ++0x3b, ++0xc4, ++0x80, ++0x7c, ++0x71, ++0xa5, ++0x51, ++0xdc, ++0xf7, ++0x3a, ++0x58, ++0x7f, ++0xb1, ++0x07, ++0x81, ++0x8a, ++0x10, ++0xd1, ++0xf6, ++0x93, ++0x17, ++0x71, ++0xe0, ++0xfa, ++0x51, ++0x79, ++0x15, ++0xd4, ++0xd7, ++0x8f, ++0xad, ++0xbd, ++0x6f, ++0x38, ++0xe1, ++0x26, ++0x7d, ++0xbc, ++0xf0, ++0x3e, ++0x80, ++0x89, ++0xb4, ++0xec, ++0x8e, ++0x69, ++0x90, ++0xdb, ++0x97, ++0x8a, ++0xf0, ++0x23, ++0x23, ++0x83, ++0x82, ++0x3b, ++0x6a, ++0xb1, ++0xac, ++0xeb, ++0xe7, ++0x99, ++0x74, ++0x2a, ++0x35, ++0x8e, ++0xa9, ++0x64, ++0xfd, ++0x46, ++0x9e, ++0xe8, ++0xe5, ++0x48, ++0x61, ++0x31, ++0x6e, ++0xe6, ++0xfc, ++0x19, ++0x18, ++0x54, ++0xc3, ++0x1b, ++0x4f, ++0xd6, ++0x00, ++0x44, ++0x87, ++0x1c, ++0x37, ++0x45, ++0xea, ++0xf5, ++0xc9, ++0xcb, ++0x0f, ++0x0c, ++0x55, ++0xec, ++0xcf, ++0x6a, ++0xc2, ++0x45, ++0x26, ++0x23, ++0xa2, ++0x31, ++0x52, ++0x4d, ++0xee, ++0x21, ++0x7d, ++0xfd, ++0x58, ++0x72, ++0xc2, ++0x28, ++0xc5, ++0x8e, ++0xa9, ++0xd0, ++0xee, ++0x01, ++0x77, ++0x08, ++0xa5, ++0xf0, ++0x22, ++0x2b, ++0x47, ++0x79, ++0x2b, ++0xcf, ++0x9a, ++0x46, ++0xb5, ++0x8f, ++0xfd, ++0x64, ++0xa2, ++0xb5, ++0xed, ++0x02, ++0x03, ++0x01, ++0x00, ++0x01, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x01, ++0x00, ++0x20, ++0x44, ++0xfe, ++0xa9, ++0x9e, ++0xdd, ++0x9b, ++0xea, ++0xce, ++0x25, ++0x75, ++0x08, ++0xf0, ++0x2b, ++0x53, ++0xf7, ++0x5a, ++0x36, ++0x1c, ++0x4a, ++0x23, ++0x7f, ++0xd0, ++0x41, ++0x3c, ++0x12, ++0x2b, ++0xb9, ++0x80, ++0x4e, ++0x8a, ++0x15, ++0x5d, ++0x1f, ++0x40, ++0xa7, ++0x26, ++0x28, ++0x32, ++0xc3, ++0x5b, ++0x06, ++0x28, ++0x2d, ++0x3d, ++0x08, ++0x09, ++0x1e, ++0x01, ++0xe9, ++0x67, ++0xe3, ++0x33, ++0xe6, ++0x15, ++0x45, ++0x39, ++0xee, ++0x17, ++0x83, ++0xdb, ++0x42, ++0xff, ++0x7f, ++0x35, ++0xf4, ++0xac, ++0x16, ++0xdb, ++0xba, ++0xb8, ++0x1a, ++0x20, ++0x21, ++0x41, ++0xff, ++0xf3, ++0x92, ++0xff, ++0x65, ++0x6e, ++0x29, ++0x16, ++0xd0, ++0xbf, ++0x8d, ++0xdf, ++0x48, ++0x2c, ++0x73, ++0x36, ++0x7f, ++0x22, ++0xe6, ++0xee, ++0x78, ++0xb4, ++0x63, ++0x83, ++0x0e, ++0x39, ++0xeb, ++0xaf, ++0x10, ++0x2a, ++0x90, ++0xd3, ++0xfc, ++0xe6, ++0xc3, ++0x8f, ++0x97, ++0x5b, ++0x76, ++0xbf, ++0x9b, ++0xf5, ++0x98, ++0xd2, ++0x53, ++0x06, ++0x8b, ++0xf8, ++0xa4, ++0x04, ++0x9b, ++0x1b, ++0x62, ++0x6a, ++0x9d, ++0xac, ++0xe6, ++0x4b, ++0x0d, ++0xc9, ++0xd7, ++0x56, ++0x63, ++0x15, ++0x01, ++0x38, ++0x8c, ++0xbe, ++0xf1, ++0x44, ++0xc4, ++0x38, ++0x27, ++0xe0, ++0xcf, ++0x72, ++0xd6, ++0x3d, ++0xe4, ++0xf7, ++0x4b, ++0x3b, ++0xd2, ++0xb1, ++0x0c, ++0xd5, ++0x83, ++0x6d, ++0x1e, ++0x10, ++0x04, ++0x69, ++0x29, ++0x88, ++0x69, ++0xe0, ++0x7d, ++0xd7, ++0xdb, ++0xb4, ++0x59, ++0x72, ++0x8d, ++0x9d, ++0x3c, ++0x43, ++0xaf, ++0xc6, ++0x7d, ++0xb7, ++0x21, ++0x15, ++0x52, ++0x8a, ++0xe9, ++0x9b, ++0x6b, ++0x2e, ++0xe8, ++0x27, ++0x3c, ++0x3f, ++0x2d, ++0x84, ++0xfb, ++0x9a, ++0x22, ++0x0a, ++0x9f, ++0x6a, ++0x25, ++0xe6, ++0x39, ++0xe4, ++0x74, ++0x73, ++0xb6, ++0x2a, ++0x70, ++0xaa, ++0x1d, ++0xcb, ++0xcc, ++0xd4, ++0xa0, ++0x1b, ++0x26, ++0x71, ++0x63, ++0x04, ++0xc5, ++0x12, ++0x21, ++0x48, ++0xba, ++0x92, ++0x27, ++0x06, ++0xa8, ++0x3e, ++0x6d, ++0xa1, ++0x43, ++0xa5, ++0xd2, ++0x2a, ++0xf7, ++0xca, ++0xc4, ++0x26, ++0xe8, ++0x5b, ++0x1f, ++0xe4, ++0xdc, ++0x89, ++0xdc, ++0x1f, ++0x04, ++0x79, ++0x3f, ++0x30, ++0x82, ++0x02, ++0xcd, ++0x30, ++0x82, ++0x01, ++0xb5, ++0x02, ++0x14, ++0x3a, ++0xbb, ++0xc6, ++0xec, ++0x14, ++0x6e, ++0x09, ++0xd1, ++0xb6, ++0x01, ++0x6a, ++0xb9, ++0xd6, ++0xcf, ++0x71, ++0xdd, ++0x23, ++0x3f, ++0x03, ++0x28, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x30, ++0x22, ++0x31, ++0x20, ++0x30, ++0x1e, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x17, ++0x72, ++0x6f, ++0x6d, ++0x61, ++0x69, ++0x6e, ++0x2e, ++0x70, ++0x65, ++0x72, ++0x69, ++0x65, ++0x72, ++0x40, ++0x67, ++0x6d, ++0x61, ++0x69, ++0x6c, ++0x2e, ++0x63, ++0x6f, ++0x6d, ++0x30, ++0x20, ++0x17, ++0x0d, ++0x32, ++0x30, ++0x30, ++0x32, ++0x32, ++0x34, ++0x31, ++0x39, ++0x30, ++0x31, ++0x34, ++0x34, ++0x5a, ++0x18, ++0x0f, ++0x32, ++0x31, ++0x32, ++0x30, ++0x30, ++0x31, ++0x33, ++0x31, ++0x31, ++0x39, ++0x30, ++0x31, ++0x34, ++0x34, ++0x5a, ++0x30, ++0x22, ++0x31, ++0x20, ++0x30, ++0x1e, ++0x06, ++0x03, ++0x55, ++0x04, ++0x03, ++0x0c, ++0x17, ++0x72, ++0x6f, ++0x6d, ++0x61, ++0x69, ++0x6e, ++0x2e, ++0x70, ++0x65, ++0x72, ++0x69, ++0x65, ++0x72, ++0x40, ++0x67, ++0x6d, ++0x61, ++0x69, ++0x6c, ++0x2e, ++0x63, ++0x6f, ++0x6d, ++0x30, ++0x82, ++0x01, ++0x22, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x01, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x0f, ++0x00, ++0x30, ++0x82, ++0x01, ++0x0a, ++0x02, ++0x82, ++0x01, ++0x01, ++0x00, ++0xf0, ++0xb8, ++0x4f, ++0x3f, ++0x70, ++0x78, ++0xf8, ++0x74, ++0x45, ++0xa2, ++0x28, ++0xaf, ++0x04, ++0x75, ++0x04, ++0xa3, ++0xf3, ++0xa7, ++0xc7, ++0x04, ++0xac, ++0xb6, ++0xe1, ++0xfc, ++0xe1, ++0xc0, ++0x3d, ++0xe0, ++0x26, ++0x90, ++0x8a, ++0x45, ++0x60, ++0xc4, ++0x75, ++0xf3, ++0x1a, ++0x33, ++0x37, ++0x56, ++0x7d, ++0x30, ++0x07, ++0x75, ++0x0e, ++0xa6, ++0x79, ++0x06, ++0x95, ++0x9d, ++0x17, ++0x3c, ++0x09, ++0xa9, ++0x7f, ++0xab, ++0x95, ++0x5d, ++0xed, ++0xe0, ++0x75, ++0x26, ++0x2f, ++0x65, ++0x65, ++0xcd, ++0x61, ++0xb1, ++0x33, ++0x27, ++0x67, ++0x41, ++0xa1, ++0x01, ++0x13, ++0xe9, ++0x13, ++0x6a, ++0x6d, ++0x4e, ++0x98, ++0xe1, ++0x9e, ++0x7b, ++0x0b, ++0x5b, ++0x44, ++0xef, ++0x68, ++0x5a, ++0x6f, ++0x7d, ++0x97, ++0xa1, ++0x33, ++0x22, ++0x97, ++0x12, ++0x21, ++0x09, ++0x8f, ++0x90, ++0xe0, ++0x25, ++0x94, ++0xdd, ++0x8a, ++0x3a, ++0xf7, ++0x4a, ++0x60, ++0x04, ++0x26, ++0x6d, ++0x00, ++0x82, ++0xe4, ++0xcf, ++0x64, ++0x1c, ++0x79, ++0x15, ++0x24, ++0xf2, ++0x42, ++0x86, ++0xf5, ++0x10, ++0x86, ++0xac, ++0x20, ++0x88, ++0x90, ++0x87, ++0xdf, ++0x8c, ++0x37, ++0x7c, ++0xbf, ++0x35, ++0xd5, ++0x6f, ++0x9f, ++0x77, ++0xc3, ++0xcd, ++0x69, ++0x25, ++0x06, ++0xc2, ++0x65, ++0x51, ++0x71, ++0x89, ++0x7f, ++0x6e, ++0x4d, ++0xe5, ++0xd5, ++0x8a, ++0x36, ++0x1a, ++0xad, ++0xc1, ++0x18, ++0xd6, ++0x14, ++0x42, ++0x87, ++0xf0, ++0x93, ++0x83, ++0xf1, ++0x99, ++0x74, ++0xc4, ++0x13, ++0xaa, ++0x3b, ++0x66, ++0x85, ++0x6f, ++0xe0, ++0xbc, ++0x5f, ++0xb6, ++0x40, ++0xa6, ++0x41, ++0x06, ++0x0a, ++0xba, ++0x0e, ++0xe9, ++0x32, ++0x44, ++0x10, ++0x39, ++0x53, ++0xcd, ++0xbf, ++0xf3, ++0xd3, ++0x26, ++0xf6, ++0xb6, ++0x2b, ++0x40, ++0x2e, ++0xb9, ++0x88, ++0xc1, ++0xf4, ++0xe3, ++0xa0, ++0x28, ++0x77, ++0x4f, ++0xba, ++0xa8, ++0xca, ++0x9c, ++0x05, ++0xba, ++0x88, ++0x96, ++0x99, ++0x54, ++0x89, ++0xa2, ++0x8d, ++0xf3, ++0x73, ++0xa1, ++0x8c, ++0x4a, ++0xa8, ++0x71, ++0xee, ++0x2e, ++0xd2, ++0x83, ++0x14, ++0x48, ++0xbd, ++0x98, ++0xc6, ++0xce, ++0xdc, ++0xa8, ++0xa3, ++0x97, ++0x2e, ++0x40, ++0x16, ++0x2f, ++0x02, ++0x03, ++0x01, ++0x00, ++0x01, ++0x30, ++0x0d, ++0x06, ++0x09, ++0x2a, ++0x86, ++0x48, ++0x86, ++0xf7, ++0x0d, ++0x01, ++0x01, ++0x0b, ++0x05, ++0x00, ++0x03, ++0x82, ++0x01, ++0x01, ++0x00, ++0x76, ++0x5d, ++0x03, ++0x3d, ++0xb6, ++0x96, ++0x00, ++0x1b, ++0x6e, ++0x0c, ++0xdd, ++0xbb, ++0xc8, ++0xdf, ++0xbc, ++0xeb, ++0x6c, ++0x01, ++0x40, ++0x1a, ++0x2b, ++0x07, ++0x60, ++0xa1, ++0x1a, ++0xe1, ++0x43, ++0x57, ++0xfa, ++0xbe, ++0xde, ++0xbb, ++0x8f, ++0x73, ++0xf3, ++0x92, ++0xa2, ++0xaa, ++0x83, ++0x01, ++0xc1, ++0x17, ++0xe4, ++0x9d, ++0x09, ++0x41, ++0xe0, ++0x32, ++0x33, ++0x97, ++0x4b, ++0xf2, ++0xdc, ++0x0f, ++0x8b, ++0xa8, ++0xb8, ++0x5a, ++0x04, ++0x86, ++0xf6, ++0x71, ++0xa1, ++0x97, ++0xd0, ++0x54, ++0x56, ++0x10, ++0x8e, ++0x54, ++0x99, ++0x0d, ++0x2a, ++0xa9, ++0xaf, ++0x1b, ++0x55, ++0x59, ++0x06, ++0x2b, ++0xa4, ++0x5f, ++0xb1, ++0x54, ++0xa6, ++0xec, ++0xc7, ++0xd6, ++0x43, ++0xee, ++0x86, ++0x2c, ++0x9b, ++0x18, ++0x9d, ++0x8f, ++0x00, ++0x82, ++0xc1, ++0x88, ++0x61, ++0x16, ++0x85, ++0x3c, ++0x17, ++0x56, ++0xfe, ++0x6a, ++0xa0, ++0x7a, ++0x68, ++0xc5, ++0x7b, ++0x3d, ++0x3c, ++0xb6, ++0x13, ++0x18, ++0x99, ++0x6d, ++0x74, ++0x65, ++0x13, ++0x67, ++0xb7, ++0xfc, ++0x5a, ++0x44, ++0x48, ++0x72, ++0xa0, ++0x73, ++0xb8, ++0xff, ++0x02, ++0x9d, ++0x7c, ++0x5b, ++0xf9, ++0x7c, ++0x75, ++0x0a, ++0x3c, ++0x81, ++0x80, ++0x3c, ++0x41, ++0xf2, ++0xd5, ++0xfa, ++0x3d, ++0x1f, ++0xe3, ++0xda, ++0x8c, ++0xa5, ++0x17, ++0x1f, ++0x53, ++0x1a, ++0x75, ++0xad, ++0x4e, ++0x11, ++0x1c, ++0x07, ++0xec, ++0x0a, ++0x69, ++0xfd, ++0x33, ++0xfa, ++0x32, ++0x7e, ++0x66, ++0xf5, ++0x29, ++0xe8, ++0x4d, ++0x8a, ++0xfa, ++0x0d, ++0x4b, ++0x68, ++0xc3, ++0x95, ++0x11, ++0xba, ++0x6f, ++0x1e, ++0x07, ++0x8c, ++0x85, ++0xc7, ++0xc7, ++0xc9, ++0xc1, ++0x30, ++0xa3, ++0x70, ++0xb0, ++0xa1, ++0xe0, ++0xd5, ++0x85, ++0x15, ++0x94, ++0x77, ++0xc1, ++0x1c, ++0x91, ++0xf1, ++0x5f, ++0x50, ++0xcd, ++0x2c, ++0x57, ++0x4b, ++0x22, ++0x4f, ++0xee, ++0x95, ++0xd7, ++0xa7, ++0xa4, ++0x59, ++0x62, ++0xae, ++0xb9, ++0xbf, ++0xd7, ++0x63, ++0x5a, ++0x04, ++0xfc, ++0x24, ++0x11, ++0xae, ++0x34, ++0x4b, ++0xf4, ++0x0c, ++0x9f, ++0x0b, ++0x59, ++0x7d, ++0x27, ++0x39, ++0x54, ++0x69, ++0x4f, ++0xfd, ++0x6e, ++0x44, ++0x9f, ++0x21, +-- +2.25.1 + diff --git a/debian/patches/debian/yama-disable-by-default.patch b/debian/patches/debian/yama-disable-by-default.patch new file mode 100644 index 000000000..c33ac0c9d --- /dev/null +++ b/debian/patches/debian/yama-disable-by-default.patch @@ -0,0 +1,32 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: yama: Disable by default +Date: Wed, 19 Jun 2013 04:35:28 +0100 +Bug-Debian: https://bugs.debian.org/712740 +Forwarded: not-needed + +--- + security/yama/yama_lsm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c +index efac68556b45..95ff3e778a17 100644 +--- a/security/yama/yama_lsm.c ++++ b/security/yama/yama_lsm.c +@@ -28,7 +28,7 @@ + #define YAMA_SCOPE_CAPABILITY 2 + #define YAMA_SCOPE_NO_ATTACH 3 + +-static int ptrace_scope = YAMA_SCOPE_RELATIONAL; ++static int ptrace_scope = YAMA_SCOPE_DISABLED; + + /* describe a ptrace relationship for potential exception */ + struct ptrace_relation { +@@ -481,7 +481,7 @@ static inline void yama_init_sysctl(void) { } + + static int __init yama_init(void) + { +- pr_info("Yama: becoming mindful.\n"); ++ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + yama_init_sysctl(); + return 0; diff --git a/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch b/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch new file mode 100644 index 000000000..f2278ce63 --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch @@ -0,0 +1,130 @@ +From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com> +Date: Tue, 13 Mar 2018 18:38:02 +0800 +Subject: [PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a + kernel module +Origin: https://lore.kernel.org/patchwork/patch/933175/ + +This patch adds the logic for checking the kernel module's hash +base on blacklist. The hash must be generated by sha256 and enrolled +to dbx/mokx. + +For example: + sha256sum sample.ko + mokutil --mokx --import-hash $HASH_RESULT + +Whether the signature on ko file is stripped or not, the hash can be +compared by kernel. + +Cc: David Howells <dhowells@redhat.com> +Cc: Josh Boyer <jwboyer@fedoraproject.org> +Cc: James Bottomley <James.Bottomley@HansenPartnership.com> +Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com> +[Rebased by Luca Boccassi] +[bwh: Forward-ported to 5.19: + - The type parameter to is_hash_blacklisted() is now an enumeration + rather than a string + - Adjust filename, context] +--- + kernel/module/signing.c | 59 +++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 57 insertions(+), 2 deletions(-) + +--- a/kernel/module/signing.c ++++ b/kernel/module/signing.c +@@ -13,6 +13,8 @@ + #include <linux/verification.h> + #include <linux/security.h> + #include <crypto/public_key.h> ++#include <crypto/hash.h> ++#include <keys/system_keyring.h> + #include <uapi/linux/module.h> + #include "internal.h" + +@@ -37,13 +39,60 @@ + sig_enforce = true; + } + ++static int mod_is_hash_blacklisted(const void *mod, size_t verifylen) ++{ ++ struct crypto_shash *tfm; ++ struct shash_desc *desc; ++ size_t digest_size, desc_size; ++ u8 *digest; ++ int ret; ++ ++ tfm = crypto_alloc_shash("sha256", 0, 0); ++ if (IS_ERR(tfm)) { ++ ret = PTR_ERR(tfm); ++ goto error_return; ++ } ++ ++ desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); ++ digest_size = crypto_shash_digestsize(tfm); ++ digest = kzalloc(digest_size + desc_size, GFP_KERNEL); ++ if (!digest) { ++ pr_err("digest memory buffer allocate fail\n"); ++ ret = -ENOMEM; ++ goto error_digest; ++ } ++ desc = (void *)digest + digest_size; ++ desc->tfm = tfm; ++ ret = crypto_shash_init(desc); ++ if (ret < 0) ++ goto error_shash; ++ ++ ret = crypto_shash_finup(desc, mod, verifylen, digest); ++ if (ret < 0) ++ goto error_shash; ++ ++ pr_debug("%ld digest: %*phN\n", verifylen, (int) digest_size, digest); ++ ++ ret = is_hash_blacklisted(digest, digest_size, BLACKLIST_HASH_BINARY); ++ if (ret == -EKEYREJECTED) ++ pr_err("Module hash %*phN is blacklisted\n", ++ (int) digest_size, digest); ++ ++error_shash: ++ kfree(digest); ++error_digest: ++ crypto_free_shash(tfm); ++error_return: ++ return ret; ++} ++ + /* + * Verify the signature on a module. + */ + int mod_verify_sig(const void *mod, struct load_info *info) + { + struct module_signature ms; +- size_t sig_len, modlen = info->len; ++ size_t sig_len, modlen = info->len, wholelen; + int ret; + + pr_devel("==>%s(,%zu)\n", __func__, modlen); +@@ -51,6 +100,7 @@ + if (modlen <= sizeof(ms)) + return -EBADMSG; + ++ wholelen = modlen + sizeof(MODULE_SIG_STRING) - 1; + memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms)); + + ret = mod_check_sig(&ms, modlen, "module"); +@@ -61,10 +111,17 @@ + modlen -= sig_len + sizeof(ms); + info->len = modlen; + +- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + VERIFY_USE_SECONDARY_KEYRING, + VERIFYING_MODULE_SIGNATURE, + NULL, NULL); ++ pr_devel("verify_pkcs7_signature() = %d\n", ret); ++ ++ /* checking hash of module is in blacklist */ ++ if (!ret) ++ ret = mod_is_hash_blacklisted(mod, wholelen); ++ ++ return ret; + } + + int module_sig_check(struct load_info *info, int flags) diff --git a/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch b/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch new file mode 100644 index 000000000..e46aefe4d --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch @@ -0,0 +1,33 @@ +From: Robert Holmes <robeholmes@gmail.com> +Date: Tue, 23 Apr 2019 07:39:29 +0000 +Subject: [PATCH] KEYS: Make use of platform keyring for module signature + verify +Bug-Debian: https://bugs.debian.org/935945 +Bug-Debian: https://bugs.debian.org/1030200 +Origin: https://src.fedoraproject.org/rpms/kernel/raw/master/f/KEYS-Make-use-of-platform-keyring-for-module-signature.patch +Forwarded: https://lore.kernel.org/linux-modules/qvgp2il2co4iyxkzxvcs4p2bpyilqsbfgcprtpfrsajwae2etc@3z2s2o52i3xg/t/#u + +This allows a cert in DB to be used to sign modules, +in addition to certs in the MoK and built-in keyrings. + +Signed-off-by: Robert Holmes <robeholmes@gmail.com> +Signed-off-by: Jeremy Cline <jcline@redhat.com> +[bwh: Forward-ported to 5.19: adjust filename] +[наб: reinstate for 6.1, re-write description] +--- +--- a/kernel/module/signing.c ++++ b/kernel/module/signing.c +@@ -116,6 +116,13 @@ int mod_verify_sig(const void *mod, stru + VERIFYING_MODULE_SIGNATURE, + NULL, NULL); + pr_devel("verify_pkcs7_signature() = %d\n", ret); ++ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ VERIFY_USE_PLATFORM_KEYRING, ++ VERIFYING_MODULE_SIGNATURE, ++ NULL, NULL); ++ pr_devel("verify_pkcs7_signature() = %d\n", ret); ++ } + + /* checking hash of module is in blacklist */ + if (!ret) diff --git a/debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch b/debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch new file mode 100644 index 000000000..c814c6d7f --- /dev/null +++ b/debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch @@ -0,0 +1,29 @@ +From 585cbcb982bffc4a8cee2f3d8d099fc64f9a74b9 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Fri, 14 Oct 2022 00:22:06 +0200 +Subject: [PATCH] trust machine keyring (MoK) by default +Forwarded: not-needed + +Debian always trusted keys in MoK by default. Upstream made it +conditional on a new EFI variable being set. +To keep backward compatibility skip this check. +--- + security/integrity/platform_certs/machine_keyring.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c +index a401640a63cd..0627f14eacbe 100644 +--- a/security/integrity/platform_certs/machine_keyring.c ++++ b/security/integrity/platform_certs/machine_keyring.c +@@ -68,10 +68,7 @@ static bool __init trust_moklist(void) + + if (!initialized) { + initialized = true; +- trust_mok = false; +- +- if (uefi_check_trust_mok_keys()) +- trust_mok = true; ++ trust_mok = true; + } + + return trust_mok; diff --git a/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch b/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch new file mode 100644 index 000000000..a24ba17ef --- /dev/null +++ b/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch @@ -0,0 +1,149 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 24 Aug 2009 23:19:58 +0100 +Subject: af9005: Use request_firmware() to load register init script +Forwarded: no + +Read the register init script from the Windows driver. This is sick +but should avoid the potential copyright infringement in distributing +a version of the script which is directly derived from the driver. +--- + drivers/media/dvb/dvb-usb/Kconfig | 2 +- + drivers/media/dvb/dvb-usb/af9005-fe.c | 66 ++++++++++++++++++++++++++------ + 2 files changed, 54 insertions(+), 14 deletions(-) + +Index: debian-kernel/drivers/media/usb/dvb-usb/Kconfig +=================================================================== +--- debian-kernel.orig/drivers/media/usb/dvb-usb/Kconfig ++++ debian-kernel/drivers/media/usb/dvb-usb/Kconfig +@@ -260,10 +260,10 @@ config DVB_USB_OPERA1 + + config DVB_USB_AF9005 + tristate "Afatech AF9005 DVB-T USB1.1 support" +- depends on BROKEN + depends on DVB_USB + select MEDIA_TUNER_MT2060 if MEDIA_SUBDRV_AUTOSELECT + select MEDIA_TUNER_QT1010 if MEDIA_SUBDRV_AUTOSELECT ++ select FW_LOADER + help + Say Y here to support the Afatech AF9005 based DVB-T USB1.1 receiver + and the TerraTec Cinergy T USB XE (Rev.1) +Index: debian-kernel/drivers/media/usb/dvb-usb/af9005-fe.c +=================================================================== +--- debian-kernel.orig/drivers/media/usb/dvb-usb/af9005-fe.c ++++ debian-kernel/drivers/media/usb/dvb-usb/af9005-fe.c +@@ -9,10 +9,26 @@ + * see Documentation/driver-api/media/drivers/dvb-usb.rst for more information + */ + #include "af9005.h" +-#include "af9005-script.h" + #include "mt2060.h" + #include "qt1010.h" + #include <asm/div64.h> ++#include <linux/firmware.h> ++ ++/* Register initialisation script to be extracted from the Windows driver */ ++ ++typedef struct { ++ __le16 reg; ++ u8 pos; ++ u8 len; ++ u8 val; ++ u8 pad; ++} __packed RegDesc; ++ ++#define WIN_DRV_NAME "AF05BDA.sys" ++#define WIN_DRV_VERSION "6.3.2.1" ++#define WIN_DRV_SIZE 133504 ++#define WIN_DRV_SCRIPT_OFFSET 88316 ++#define WIN_DRV_SCRIPT_SIZE 1110 + + struct af9005_fe_state { + struct dvb_usb_device *d; +@@ -804,6 +820,8 @@ static int af9005_fe_init(struct dvb_fro + { + struct af9005_fe_state *state = fe->demodulator_priv; + struct dvb_usb_adapter *adap = fe->dvb->priv; ++ const struct firmware *fw; ++ const RegDesc *script; + int ret, i, scriptlen; + u8 temp, temp0 = 0, temp1 = 0, temp2 = 0; + u8 buf[2]; +@@ -956,37 +974,55 @@ static int af9005_fe_init(struct dvb_fro + if ((ret = af9005_write_ofdm_register(state->d, 0xaefb, 0x01))) + return ret; + +- /* load init script */ +- deb_info("load init script\n"); +- scriptlen = sizeof(script) / sizeof(RegDesc); ++ /* load and validate init script */ ++ deb_info("load init script from Windows driver\n"); ++ ret = request_firmware(&fw, WIN_DRV_NAME, &state->d->udev->dev); ++ if (ret) ++ return ret; ++ BUILD_BUG_ON(sizeof(RegDesc) != 6); ++ if (fw->size != WIN_DRV_SIZE || ++ memcmp(fw->data + WIN_DRV_SCRIPT_OFFSET, ++ "\x80\xa1\x00\x08\x0a\x00", 6) || ++ memcmp(fw->data + WIN_DRV_SCRIPT_OFFSET + WIN_DRV_SCRIPT_SIZE - 6, ++ "\x49\xa3\x00\x06\x02\x00", 6)) { ++ err("%s is invalid - should be version %s, size %u bytes\n", ++ WIN_DRV_NAME, WIN_DRV_VERSION, WIN_DRV_SIZE); ++ ret = -EINVAL; ++ goto fail_release; ++ } ++ ++ script = (const RegDesc *)(fw->data + WIN_DRV_SCRIPT_OFFSET); ++ scriptlen = WIN_DRV_SCRIPT_SIZE / sizeof(RegDesc); + for (i = 0; i < scriptlen; i++) { ++ u16 reg = le16_to_cpu(script[i].reg); + if ((ret = +- af9005_write_register_bits(state->d, script[i].reg, ++ af9005_write_register_bits(state->d, reg, + script[i].pos, + script[i].len, script[i].val))) +- return ret; ++ goto fail_release; + /* save 3 bytes of original fcw */ +- if (script[i].reg == 0xae18) ++ if (reg == 0xae18) + temp2 = script[i].val; +- if (script[i].reg == 0xae19) ++ if (reg == 0xae19) + temp1 = script[i].val; +- if (script[i].reg == 0xae1a) ++ if (reg == 0xae1a) + temp0 = script[i].val; + + /* save original unplug threshold */ +- if (script[i].reg == xd_p_reg_unplug_th) ++ if (reg == xd_p_reg_unplug_th) + state->original_if_unplug_th = script[i].val; +- if (script[i].reg == xd_p_reg_unplug_rf_gain_th) ++ if (reg == xd_p_reg_unplug_rf_gain_th) + state->original_rf_unplug_th = script[i].val; +- if (script[i].reg == xd_p_reg_unplug_dtop_if_gain_th) ++ if (reg == xd_p_reg_unplug_dtop_if_gain_th) + state->original_dtop_if_unplug_th = script[i].val; +- if (script[i].reg == xd_p_reg_unplug_dtop_rf_gain_th) ++ if (reg == xd_p_reg_unplug_dtop_rf_gain_th) + state->original_dtop_rf_unplug_th = script[i].val; + + } + state->original_fcw = + ((u32) temp2 << 16) + ((u32) temp1 << 8) + (u32) temp0; + ++ release_firmware(fw); + + /* save original TOPs */ + deb_info("save original TOPs\n"); +@@ -1066,6 +1102,10 @@ static int af9005_fe_init(struct dvb_fro + + deb_info("profit!\n"); + return 0; ++ ++fail_release: ++ release_firmware(fw); ++ return ret; + } + + static int af9005_fe_sleep(struct dvb_frontend *fe) diff --git a/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch new file mode 100644 index 000000000..6f1ba8e5a --- /dev/null +++ b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch @@ -0,0 +1,153 @@ +From: Linn Crosetto <linn@hpe.com> +Date: Tue, 30 Aug 2016 11:54:38 -0600 +Subject: arm64: add kernel config option to lock down when in Secure Boot mode +Bug-Debian: https://bugs.debian.org/831827 +Forwarded: no + +Add a kernel configuration option to lock down the kernel, to restrict +userspace's ability to modify the running kernel when UEFI Secure Boot is +enabled. Based on the x86 patch by Matthew Garrett. + +Determine the state of Secure Boot in the EFI stub and pass this to the +kernel using the FDT. + +Signed-off-by: Linn Crosetto <linn@hpe.com> +[bwh: Forward-ported to 4.10: adjust context] +[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] +[bwh: Forward-ported to 4.15 and lockdown patch set: + - Pass result of efi_get_secureboot() in stub through to + efi_set_secure_boot() in main kernel + - Use lockdown API and naming] +[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()] +[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection] +[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this] +[bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a + sys_table parameter] +[bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so: + - Add Secure Boot mode to the parameter enumeration in fdtparams.c + - Add a parameter to efi_get_fdt_params() to return the Secure Boot mode + - Since Xen does not have a property name defined for Secure Boot mode, + change efi_get_fdt_prop() to handle a missing property name by clearing + the output variable] +[Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename +arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c] +--- + drivers/firmware/efi/efi-init.c | 5 ++++- + drivers/firmware/efi/fdtparams.c | 12 +++++++++++- + drivers/firmware/efi/libstub/fdt.c | 6 ++++++ + include/linux/efi.h | 3 ++- + 4 files changed, 23 insertions(+), 3 deletions(-) + +--- a/drivers/firmware/efi/efi-init.c ++++ b/drivers/firmware/efi/efi-init.c +@@ -210,9 +210,10 @@ void __init efi_init(void) + { + struct efi_memory_map_data data; + u64 efi_system_table; ++ u32 secure_boot; + + /* Grab UEFI information placed in FDT by stub */ +- efi_system_table = efi_get_fdt_params(&data); ++ efi_system_table = efi_get_fdt_params(&data, &secure_boot); + if (!efi_system_table) + return; + +@@ -234,6 +235,8 @@ void __init efi_init(void) + return; + } + ++ efi_set_secure_boot(secure_boot); ++ + reserve_regions(); + /* + * For memblock manipulation, the cap should come after the memblock_add(). +--- a/drivers/firmware/efi/fdtparams.c ++++ b/drivers/firmware/efi/fdtparams.c +@@ -16,6 +16,7 @@ enum { + MMSIZE, + DCSIZE, + DCVERS, ++ SBMODE, + + PARAMCOUNT + }; +@@ -26,6 +27,7 @@ static __initconst const char name[][22] + [MMSIZE] = "MemMap Size ", + [DCSIZE] = "MemMap Desc. Size ", + [DCVERS] = "MemMap Desc. Version ", ++ [SBMODE] = "Secure Boot Enabled ", + }; + + static __initconst const struct { +@@ -41,6 +43,7 @@ static __initconst const struct { + [MMSIZE] = "xen,uefi-mmap-size", + [DCSIZE] = "xen,uefi-mmap-desc-size", + [DCVERS] = "xen,uefi-mmap-desc-ver", ++ [SBMODE] = "", + } + }, { + #endif +@@ -51,6 +54,7 @@ static __initconst const struct { + [MMSIZE] = "linux,uefi-mmap-size", + [DCSIZE] = "linux,uefi-mmap-desc-size", + [DCVERS] = "linux,uefi-mmap-desc-ver", ++ [SBMODE] = "linux,uefi-secure-boot", + } + } + }; +@@ -62,6 +66,11 @@ static int __init efi_get_fdt_prop(const + int len; + u64 val; + ++ if (!pname[0]) { ++ memset(var, 0, size); ++ return 0; ++ } ++ + prop = fdt_getprop(fdt, node, pname, &len); + if (!prop) + return 1; +@@ -79,7 +88,7 @@ static int __init efi_get_fdt_prop(const + return 0; + } + +-u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm) ++u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm, u32 *secure_boot) + { + const void *fdt = initial_boot_params; + unsigned long systab; +@@ -93,6 +102,7 @@ u64 __init efi_get_fdt_params(struct efi + [MMSIZE] = { &mm->size, sizeof(mm->size) }, + [DCSIZE] = { &mm->desc_size, sizeof(mm->desc_size) }, + [DCVERS] = { &mm->desc_version, sizeof(mm->desc_version) }, ++ [SBMODE] = { secure_boot, sizeof(*secure_boot) }, + }; + + BUILD_BUG_ON(ARRAY_SIZE(target) != ARRAY_SIZE(name)); +--- a/drivers/firmware/efi/libstub/fdt.c ++++ b/drivers/firmware/efi/libstub/fdt.c +@@ -148,6 +148,12 @@ static efi_status_t update_fdt(void *ori + } + } + ++ fdt_val32 = cpu_to_fdt32(efi_get_secureboot()); ++ status = fdt_setprop(fdt, node, "linux,uefi-secure-boot", ++ &fdt_val32, sizeof(fdt_val32)); ++ if (status) ++ goto fdt_set_fail; ++ + /* Shrink the FDT back to its minimum size: */ + fdt_pack(fdt); + +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -662,7 +662,8 @@ extern void efi_mem_reserve(phys_addr_t + extern int efi_mem_reserve_persistent(phys_addr_t addr, u64 size); + extern void efi_initialize_iomem_resources(struct resource *code_resource, + struct resource *data_resource, struct resource *bss_resource); +-extern u64 efi_get_fdt_params(struct efi_memory_map_data *data); ++extern u64 efi_get_fdt_params(struct efi_memory_map_data *data, ++ u32 *secure_boot); + extern struct kobject *efi_kobj; + + extern int efi_reboot_quirk_mode; diff --git a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch new file mode 100644 index 000000000..822beab21 --- /dev/null +++ b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch @@ -0,0 +1,153 @@ +From: David Howells <dhowells@redhat.com> +Date: Mon, 18 Feb 2019 12:45:03 +0000 +Subject: [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28 + +UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT +flag that can be passed to efi_enabled() to find out whether secure boot is +enabled. + +Move the switch-statement in x86's setup_arch() that inteprets the +secure_boot boot parameter to generic code and set the bit there. + +Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Signed-off-by: David Howells <dhowells@redhat.com> +Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +cc: linux-efi@vger.kernel.org +[rperier: Forward-ported to 5.5: + - Use pr_warn() + - Adjust context] +[bwh: Forward-ported to 5.6: adjust context] +[bwh: Forward-ported to 5.7: + - Use the next available bit in efi.flags + - Adjust context] +--- + arch/x86/kernel/setup.c | 14 +---------- + drivers/firmware/efi/Makefile | 1 + + drivers/firmware/efi/secureboot.c | 39 +++++++++++++++++++++++++++++++ + include/linux/efi.h | 16 ++++++++----- + 4 files changed, 51 insertions(+), 19 deletions(-) + create mode 100644 drivers/firmware/efi/secureboot.c + +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -1193,19 +1193,7 @@ void __init setup_arch(char **cmdline_p) + /* Allocate bigger log buffer */ + setup_log_buf(1); + +- if (efi_enabled(EFI_BOOT)) { +- switch (boot_params.secure_boot) { +- case efi_secureboot_mode_disabled: +- pr_info("Secure boot disabled\n"); +- break; +- case efi_secureboot_mode_enabled: +- pr_info("Secure boot enabled\n"); +- break; +- default: +- pr_info("Secure boot could not be determined\n"); +- break; +- } +- } ++ efi_set_secure_boot(boot_params.secure_boot); + + reserve_initrd(); + +--- a/drivers/firmware/efi/Makefile ++++ b/drivers/firmware/efi/Makefile +@@ -25,6 +25,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_m + obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o + obj-$(CONFIG_EFI_TEST) += test/ + obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o ++obj-$(CONFIG_EFI) += secureboot.o + obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o + obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o + obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE) += embedded-firmware.o +--- /dev/null ++++ b/drivers/firmware/efi/secureboot.c +@@ -0,0 +1,39 @@ ++ ++/* Core kernel secure boot support. ++ * ++ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt ++ ++#include <linux/efi.h> ++#include <linux/kernel.h> ++#include <linux/printk.h> ++ ++/* ++ * Decide what to do when UEFI secure boot mode is enabled. ++ */ ++void __init efi_set_secure_boot(enum efi_secureboot_mode mode) ++{ ++ if (efi_enabled(EFI_BOOT)) { ++ switch (mode) { ++ case efi_secureboot_mode_disabled: ++ pr_info("Secure boot disabled\n"); ++ break; ++ case efi_secureboot_mode_enabled: ++ set_bit(EFI_SECURE_BOOT, &efi.flags); ++ pr_info("Secure boot enabled\n"); ++ break; ++ default: ++ pr_warn("Secure boot could not be determined (mode %u)\n", ++ mode); ++ break; ++ } ++ } ++} +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -871,6 +871,14 @@ extern int __init efi_setup_pcdp_console + #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ + #define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */ + #define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */ ++#define EFI_SECURE_BOOT 13 /* Are we in Secure Boot mode? */ ++ ++enum efi_secureboot_mode { ++ efi_secureboot_mode_unset, ++ efi_secureboot_mode_unknown, ++ efi_secureboot_mode_disabled, ++ efi_secureboot_mode_enabled, ++}; + + #ifdef CONFIG_EFI + /* +@@ -895,6 +903,7 @@ static inline bool efi_rt_services_suppo + return (efi.runtime_supported_mask & mask) == mask; + } + extern void efi_find_mirror(void); ++extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); + #else + static inline bool efi_enabled(int feature) + { +@@ -914,6 +923,7 @@ static inline bool efi_rt_services_suppo + } + + static inline void efi_find_mirror(void) {} ++static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} + #endif + + extern int efi_status_to_err(efi_status_t status); +@@ -1133,13 +1143,6 @@ static inline bool efi_runtime_disabled( + extern void efi_call_virt_check_flags(unsigned long flags, const void *caller); + extern unsigned long efi_call_virt_save_flags(void); + +-enum efi_secureboot_mode { +- efi_secureboot_mode_unset, +- efi_secureboot_mode_unknown, +- efi_secureboot_mode_disabled, +- efi_secureboot_mode_enabled, +-}; +- + static inline + enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var) + { diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch new file mode 100644 index 000000000..3d8bdf066 --- /dev/null +++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -0,0 +1,121 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Tue, 10 Sep 2019 11:54:28 +0100 +Subject: efi: Lock down the kernel if booted in secure boot mode + +Based on an earlier patch by David Howells, who wrote the following +description: + +> UEFI Secure Boot provides a mechanism for ensuring that the firmware will +> only load signed bootloaders and kernels. Certain use cases may also +> require that all kernel modules also be signed. Add a configuration option +> that to lock down the kernel - which includes requiring validly signed +> modules - if the kernel is secure-booted. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +[Salvatore Bonaccorso: After fixing https://bugs.debian.org/956197 the +help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that +lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)] +Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> +--- + arch/x86/kernel/setup.c | 4 ++-- + drivers/firmware/efi/secureboot.c | 3 +++ + include/linux/security.h | 6 ++++++ + security/lockdown/Kconfig | 15 +++++++++++++++ + security/lockdown/lockdown.c | 2 +- + 5 files changed, 27 insertions(+), 3 deletions(-) + +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -1031,6 +1031,8 @@ void __init setup_arch(char **cmdline_p) + if (efi_enabled(EFI_BOOT)) + efi_init(); + ++ efi_set_secure_boot(boot_params.secure_boot); ++ + reserve_ibft_region(); + dmi_setup(); + +@@ -1192,8 +1194,6 @@ void __init setup_arch(char **cmdline_p) + /* Allocate bigger log buffer */ + setup_log_buf(1); + +- efi_set_secure_boot(boot_params.secure_boot); +- + reserve_initrd(); + + acpi_table_upgrade(); +--- a/drivers/firmware/efi/secureboot.c ++++ b/drivers/firmware/efi/secureboot.c +@@ -15,6 +15,7 @@ + #include <linux/efi.h> + #include <linux/kernel.h> + #include <linux/printk.h> ++#include <linux/security.h> + + /* + * Decide what to do when UEFI secure boot mode is enabled. +@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi + break; + case efi_secureboot_mode_enabled: + set_bit(EFI_SECURE_BOOT, &efi.flags); ++#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT ++ lock_kernel_down("EFI Secure Boot", ++ LOCKDOWN_INTEGRITY_MAX); ++#endif + pr_info("Secure boot enabled\n"); + break; + default: +--- a/include/linux/security.h ++++ b/include/linux/security.h +@@ -482,6 +482,7 @@ int security_inode_notifysecctx(struct i + int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); + int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); + int security_locked_down(enum lockdown_reason what); ++int lock_kernel_down(const char *where, enum lockdown_reason level); + #else /* CONFIG_SECURITY */ + + static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) +@@ -1388,6 +1389,11 @@ static inline int security_locked_down(e + { + return 0; + } ++static inline int ++lock_kernel_down(const char *where, enum lockdown_reason level) ++{ ++ return -EOPNOTSUPP; ++} + #endif /* CONFIG_SECURITY */ + + #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) +--- a/security/lockdown/Kconfig ++++ b/security/lockdown/Kconfig +@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI + disabled. + + endchoice ++ ++config LOCK_DOWN_IN_EFI_SECURE_BOOT ++ bool "Lock down the kernel in EFI Secure Boot mode" ++ default n ++ depends on SECURITY_LOCKDOWN_LSM ++ depends on EFI ++ select SECURITY_LOCKDOWN_LSM_EARLY ++ help ++ UEFI Secure Boot provides a mechanism for ensuring that the firmware ++ will only load signed bootloaders and kernels. Secure boot mode may ++ be determined from EFI variables provided by the system firmware if ++ not indicated by the boot parameters. ++ ++ Enabling this option results in kernel lockdown being ++ triggered in integrity mode if EFI Secure Boot is set. +--- a/security/lockdown/lockdown.c ++++ b/security/lockdown/lockdown.c +@@ -23,7 +23,7 @@ static const enum lockdown_reason lockdo + /* + * Put the kernel into lock-down mode. + */ +-static int lock_kernel_down(const char *where, enum lockdown_reason level) ++int lock_kernel_down(const char *where, enum lockdown_reason level) + { + if (kernel_locked_down >= level) + return -EPERM; diff --git a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch new file mode 100644 index 000000000..c718e7e2f --- /dev/null +++ b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch @@ -0,0 +1,75 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 30 Aug 2019 15:54:24 +0100 +Subject: mtd: phram,slram: Disable when the kernel is locked down +Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/ + +These drivers allow mapping arbitrary memory ranges as MTD devices. +This should be disabled to preserve the kernel's integrity when it is +locked down. + +* Add the HWPARAM flag to the module parameters +* When slram is built-in, it uses __setup() to read kernel parameters, + so add an explicit check security_locked_down() check + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +Cc: Matthew Garrett <mjg59@google.com> +Cc: David Howells <dhowells@redhat.com> +Cc: Joern Engel <joern@lazybastard.org> +Cc: linux-mtd@lists.infradead.org +--- + drivers/mtd/devices/phram.c | 6 +++++- + drivers/mtd/devices/slram.c | 9 ++++++++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +--- a/drivers/mtd/devices/phram.c ++++ b/drivers/mtd/devices/phram.c +@@ -364,7 +364,11 @@ static int phram_param_call(const char * + #endif + } + +-module_param_call(phram, phram_param_call, NULL, NULL, 0200); ++static const struct kernel_param_ops phram_param_ops = { ++ .set = phram_param_call ++}; ++__module_param_call(MODULE_PARAM_PREFIX, phram, &phram_param_ops, NULL, ++ 0200, -1, KERNEL_PARAM_FL_HWPARAM | hwparam_iomem); + MODULE_PARM_DESC(phram, "Memory region to map. \"phram=<name>,<start>,<length>[,<erasesize>]\""); + + #ifdef CONFIG_OF +--- a/drivers/mtd/devices/slram.c ++++ b/drivers/mtd/devices/slram.c +@@ -43,6 +43,7 @@ + #include <linux/ioctl.h> + #include <linux/init.h> + #include <linux/io.h> ++#include <linux/security.h> + + #include <linux/mtd/mtd.h> + +@@ -65,7 +66,7 @@ typedef struct slram_mtd_list { + #ifdef MODULE + static char *map[SLRAM_MAX_DEVICES_PARAMS]; + +-module_param_array(map, charp, NULL, 0); ++module_param_hw_array(map, charp, iomem, NULL, 0); + MODULE_PARM_DESC(map, "List of memory regions to map. \"map=<name>, <start>, <length / end>\""); + #else + static char *map; +@@ -281,11 +282,17 @@ static int __init init_slram(void) + #ifndef MODULE + char *devstart; + char *devlength; ++ int ret; + + if (!map) { + E("slram: not enough parameters.\n"); + return(-EINVAL); + } ++ ++ ret = security_locked_down(LOCKDOWN_MODULE_PARAMETERS); ++ if (ret) ++ return ret; ++ + while (map) { + devname = devstart = devlength = NULL; + diff --git a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch new file mode 100644 index 000000000..9ca780375 --- /dev/null +++ b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch @@ -0,0 +1,80 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 11 Jan 2016 15:23:55 +0000 +Subject: security,perf: Allow further restriction of perf_event_open +Forwarded: https://lore.kernel.org/all/20160111152355.GS28542@decadent.org.uk/ + +When kernel.perf_event_open is set to 3 (or greater), disallow all +access to performance events by users without CAP_SYS_ADMIN. +Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that +makes this value the default. + +This is based on a similar feature in grsecurity +(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making +the variable read-only. It also allows enabling further restriction +at run-time regardless of whether the default is changed. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + include/linux/perf_event.h | 5 +++++ + kernel/events/core.c | 8 ++++++++ + security/Kconfig | 9 +++++++++ + 3 files changed, 22 insertions(+) + +--- a/include/linux/perf_event.h ++++ b/include/linux/perf_event.h +@@ -1387,6 +1387,11 @@ int perf_cpu_time_max_percent_handler(st + int perf_event_max_stack_handler(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos); + ++static inline bool perf_paranoid_any(void) ++{ ++ return sysctl_perf_event_paranoid > 2; ++} ++ + /* Access to perf_event_open(2) syscall. */ + #define PERF_SECURITY_OPEN 0 + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -415,8 +415,13 @@ static struct kmem_cache *perf_event_cac + * 0 - disallow raw tracepoint access for unpriv + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv ++ * 3 - disallow all unpriv perf event use + */ ++#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT ++int sysctl_perf_event_paranoid __read_mostly = 3; ++#else + int sysctl_perf_event_paranoid __read_mostly = 2; ++#endif + + /* Minimum for 512 kiB + 1 user control page */ + int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ +@@ -12325,6 +12330,9 @@ SYSCALL_DEFINE5(perf_event_open, + if (err) + return err; + ++ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) ++ return -EACCES; ++ + /* Do we allow access to perf_event_open(2) ? */ + err = security_perf_event_open(&attr, PERF_SECURITY_OPEN); + if (err) +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -19,6 +19,15 @@ config SECURITY_DMESG_RESTRICT + + If you are unsure how to answer this question, answer N. + ++config SECURITY_PERF_EVENTS_RESTRICT ++ bool "Restrict unprivileged use of performance events" ++ depends on PERF_EVENTS ++ help ++ If you say Y here, the kernel.perf_event_paranoid sysctl ++ will be set to 3 by default, and no unprivileged use of the ++ perf_event_open syscall will be permitted unless it is ++ changed. ++ + config SECURITY + bool "Enable different security models" + depends on SYSFS diff --git a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch new file mode 100644 index 000000000..16cac663c --- /dev/null +++ b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch @@ -0,0 +1,76 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Wed, 21 Aug 2019 00:32:16 +0100 +Subject: intel-iommu: Add Kconfig option to exclude iGPU by default +Bug-Debian: https://bugs.debian.org/935270 +Bug-Kali: https://bugs.kali.org/view.php?id=5644 + +There is still laptop firmware that touches the integrated GPU behind +the operating system's back, and doesn't say so in the RMRR table. +Enabling the IOMMU for all devices causes breakage. + +Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice +corresponding to "on", "off", and "on,intgpu_off". + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- +--- a/drivers/iommu/intel/Kconfig ++++ b/drivers/iommu/intel/Kconfig +@@ -56,14 +56,25 @@ config INTEL_IOMMU_SVM + to access DMA resources through process address space by + means of a Process Address Space ID (PASID). + +-config INTEL_IOMMU_DEFAULT_ON +- bool "Enable Intel DMA Remapping Devices by default" +- default y ++choice ++ prompt "Default state of Intel DMA Remapping Devices" ++ default INTEL_IOMMU_DEFAULT_ON + help +- Selecting this option will enable a DMAR device at boot time if +- one is found. If this option is not selected, DMAR support can +- be enabled by passing intel_iommu=on to the kernel. ++ Choose whether Intel DMA Remapping Devices should be enabled ++ by default. This can be overridden at boot time using the ++ intel_iommu= kernel parameter. ++ ++config INTEL_IOMMU_DEFAULT_ON ++ bool "Enable" ++ ++config INTEL_IOMMU_DEFAULT_ON_INTGPU_OFF ++ bool "Enable, excluding integrated GPU" ++ ++config INTEL_IOMMU_DEFAULT_OFF ++ bool "Disable" + ++endchoice ++ + config INTEL_IOMMU_BROKEN_GFX_WA + bool "Workaround broken graphics drivers (going away soon)" + depends on BROKEN && X86 +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -283,14 +283,14 @@ static LIST_HEAD(dmar_satc_units); + static void device_block_translation(struct device *dev); + static void intel_iommu_domain_free(struct iommu_domain *domain); + +-int dmar_disabled = !IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_ON); ++int dmar_disabled = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_OFF); + int intel_iommu_sm = IS_ENABLED(CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON); + + int intel_iommu_enabled = 0; + EXPORT_SYMBOL_GPL(intel_iommu_enabled); + + static int dmar_map_gfx = 1; +-static int dmar_map_intgpu = 1; ++static int dmar_map_intgpu = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_ON); + static int intel_iommu_superpage = 1; + static int iommu_identity_mapping; + static int iommu_skip_te_disable; +@@ -328,6 +328,7 @@ static int __init intel_iommu_setup(char + while (*str) { + if (!strncmp(str, "on", 2)) { + dmar_disabled = 0; ++ dmar_map_intgpu = 1; + pr_info("IOMMU enabled\n"); + } else if (!strncmp(str, "off", 3)) { + dmar_disabled = 1; diff --git a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch new file mode 100644 index 000000000..a3543d90e --- /dev/null +++ b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch @@ -0,0 +1,90 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Wed, 21 Aug 2019 00:05:30 +0100 +Subject: intel-iommu: Add option to exclude integrated GPU only +Bug-Debian: https://bugs.debian.org/935270 +Bug-Kali: https://bugs.kali.org/view.php?id=5644 + +There is still laptop firmware that touches the integrated GPU behind +the operating system's back, and doesn't say so in the RMRR table. +Enabling the IOMMU for all devices causes breakage, but turning it off +for all graphics devices seems like a major weakness. + +Add an option, intel_iommu=intgpu_off, to exclude only integrated GPUs +from remapping. This is a narrower exclusion than igfx_off: it only +affects Intel devices on the root bus. Devices attached through an +external port (Thunderbolt or ExpressCard) won't be on the root bus. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + Documentation/admin-guide/kernel-parameters.txt | 2 ++ + drivers/iommu/intel/iommu.c | 14 ++++++++++++++ + 2 files changed, 16 insertions(+) + +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -2053,6 +2053,8 @@ + bypassed by not enabling DMAR with this option. In + this case, gfx device will use physical address for + DMA. ++ intgpu_off [Default Off] ++ Bypass the DMAR unit for an integrated GPU only. + strict [Default Off] + Deprecated, equivalent to iommu.strict=1. + sp_off [Default Off] +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -35,6 +35,9 @@ + #define CONTEXT_SIZE VTD_PAGE_SIZE + + #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY) ++#define IS_INTGPU_DEVICE(pdev) (IS_GFX_DEVICE(pdev) && \ ++ (pdev)->vendor == 0x8086 && \ ++ pci_is_root_bus((pdev)->bus)) + #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB) + #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) + #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e) +@@ -293,12 +296,14 @@ int intel_iommu_enabled = 0; + EXPORT_SYMBOL_GPL(intel_iommu_enabled); + + static int dmar_map_gfx = 1; ++static int dmar_map_intgpu = 1; + static int intel_iommu_superpage = 1; + static int iommu_identity_mapping; + static int iommu_skip_te_disable; + + #define IDENTMAP_GFX 2 + #define IDENTMAP_AZALIA 4 ++#define IDENTMAP_INTGPU 8 + + const struct iommu_ops intel_iommu_ops; + +@@ -337,6 +342,9 @@ static int __init intel_iommu_setup(char + } else if (!strncmp(str, "igfx_off", 8)) { + dmar_map_gfx = 0; + pr_info("Disable GFX device mapping\n"); ++ } else if (!strncmp(str, "intgpu_off", 10)) { ++ dmar_map_intgpu = 0; ++ pr_info("Disable integrated GPU device mapping\n"); + } else if (!strncmp(str, "forcedac", 8)) { + pr_warn("intel_iommu=forcedac deprecated; use iommu.forcedac instead\n"); + iommu_dma_forcedac = true; +@@ -2582,6 +2590,9 @@ static int device_def_domain_type(struct + + if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev)) + return IOMMU_DOMAIN_IDENTITY; ++ ++ if ((iommu_identity_mapping & IDENTMAP_INTGPU) && IS_INTGPU_DEVICE(pdev)) ++ return IOMMU_DOMAIN_IDENTITY; + } + + return 0; +@@ -2985,6 +2996,9 @@ static int __init init_dmars(void) + if (!dmar_map_gfx) + iommu_identity_mapping |= IDENTMAP_GFX; + ++ if (!dmar_map_intgpu) ++ iommu_identity_mapping |= IDENTMAP_INTGPU; ++ + check_tylersburg_isoch(); + + ret = si_domain_init(hw_pass_through); diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch new file mode 100644 index 000000000..010fa5910 --- /dev/null +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -0,0 +1,180 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 12 Feb 2018 23:59:26 +0000 +Subject: x86: Make x32 syscall support conditional on a kernel parameter +Bug-Debian: https://bugs.debian.org/708070 +Forwarded: https://lore.kernel.org/lkml/1415245982.3398.53.camel@decadent.org.uk/T/#u + +Enabling x32 in the standard amd64 kernel would increase its attack +surface while provide no benefit to the vast majority of its users. +No-one seems interested in regularly checking for vulnerabilities +specific to x32 (at least no-one with a white hat). + +Still, adding another flavour just to turn on x32 seems wasteful. And +the only differences on syscall entry are a few instructions that mask +out the x32 flag and compare the syscall number. + +Use a static key to control whether x32 syscalls are really enabled, a +Kconfig parameter to set its default value and a kernel parameter +"syscall.x32" to change it at boot time. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + .../admin-guide/kernel-parameters.txt | 4 ++ + arch/x86/Kconfig | 8 ++++ + arch/x86/entry/common.c | 3 +- + arch/x86/entry/syscall_64.c | 46 +++++++++++++++++++ + arch/x86/include/asm/elf.h | 6 ++- + arch/x86/include/asm/syscall.h | 13 ++++++ + 6 files changed, 78 insertions(+), 2 deletions(-) + +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -6172,6 +6172,10 @@ + later by a loaded module cannot be set this way. + Example: sysctl.vm.swappiness=40 + ++ syscall.x32= [KNL,x86_64] Enable/disable use of x32 syscalls on ++ an x86_64 kernel where CONFIG_X86_X32 is enabled. ++ Default depends on CONFIG_X86_X32_DISABLED. ++ + sysrq_always_enabled + [KNL] + Ignore sysrq setting - this boot parameter will +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -3058,6 +3058,14 @@ config COMPAT_32 + select HAVE_UID16 + select OLD_SIGSUSPEND3 + ++config X86_X32_DISABLED ++ bool "x32 ABI disabled by default" ++ depends on X86_X32_ABI ++ default n ++ help ++ Disable the x32 ABI unless explicitly enabled using the ++ kernel paramter "syscall.x32=y". ++ + config COMPAT + def_bool y + depends on IA32_EMULATION || X86_X32_ABI +--- a/arch/x86/entry/common.c ++++ b/arch/x86/entry/common.c +@@ -62,7 +62,7 @@ static __always_inline bool do_syscall_x + */ + unsigned int xnr = nr - __X32_SYSCALL_BIT; + +- if (IS_ENABLED(CONFIG_X86_X32_ABI) && likely(xnr < X32_NR_syscalls)) { ++ if (IS_ENABLED(CONFIG_X86_X32_ABI) && unlikely(x32_enabled) && likely(xnr < X32_NR_syscalls)) { + xnr = array_index_nospec(xnr, X32_NR_syscalls); + regs->ax = x32_sys_call_table[xnr](regs); + return true; +--- a/arch/x86/entry/syscall_x32.c ++++ b/arch/x86/entry/syscall_x32.c +@@ -4,6 +4,9 @@ + #include <linux/linkage.h> + #include <linux/sys.h> + #include <linux/cache.h> ++#include <linux/moduleparam.h> ++#undef MODULE_PARAM_PREFIX ++#define MODULE_PARAM_PREFIX "syscall." + #include <linux/syscalls.h> + #include <asm/syscall.h> + +@@ -16,3 +19,46 @@ + asmlinkage const sys_call_ptr_t x32_sys_call_table[] = { + #include <asm/syscalls_x32.h> + }; ++ ++/* Maybe enable x32 syscalls */ ++ ++#if defined(CONFIG_X86_X32_DISABLED) ++DEFINE_STATIC_KEY_FALSE(x32_enabled_skey); ++#else ++DEFINE_STATIC_KEY_TRUE(x32_enabled_skey); ++#endif ++ ++static int __init x32_param_set(const char *val, const struct kernel_param *p) ++{ ++ bool enabled; ++ int ret; ++ ++ ret = kstrtobool(val, &enabled); ++ if (ret) ++ return ret; ++ if (IS_ENABLED(CONFIG_X86_X32_DISABLED)) { ++ if (enabled) { ++ static_key_enable(&x32_enabled_skey.key); ++ pr_info("Enabled x32 syscalls\n"); ++ } ++ } else { ++ if (!enabled) { ++ static_key_disable(&x32_enabled_skey.key); ++ pr_info("Disabled x32 syscalls\n"); ++ } ++ } ++ return 0; ++} ++ ++static int x32_param_get(char *buffer, const struct kernel_param *p) ++{ ++ return sprintf(buffer, "%c\n", ++ static_key_enabled(&x32_enabled_skey) ? 'Y' : 'N'); ++} ++ ++static const struct kernel_param_ops x32_param_ops = { ++ .set = x32_param_set, ++ .get = x32_param_get, ++}; ++ ++arch_param_cb(x32, &x32_param_ops, NULL, 0444); +--- a/arch/x86/include/asm/elf.h ++++ b/arch/x86/include/asm/elf.h +@@ -11,6 +11,9 @@ + #include <asm/user.h> + #include <asm/auxvec.h> + #include <asm/fsgsbase.h> ++#ifndef COMPILE_OFFSETS /* avoid a circular dependency on asm-offsets.h */ ++#include <asm/syscall.h> ++#endif + + typedef unsigned long elf_greg_t; + +@@ -150,7 +153,8 @@ do { \ + + #define compat_elf_check_arch(x) \ + (elf_check_arch_ia32(x) || \ +- (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) ++ (IS_ENABLED(CONFIG_X86_X32_ABI) && x32_enabled && \ ++ (x)->e_machine == EM_X86_64)) + + static inline void elf_common_init(struct thread_struct *t, + struct pt_regs *regs, const u16 ds) +--- a/arch/x86/include/asm/syscall.h ++++ b/arch/x86/include/asm/syscall.h +@@ -13,6 +13,7 @@ + #include <uapi/linux/audit.h> + #include <linux/sched.h> + #include <linux/err.h> ++#include <linux/jump_label.h> + #include <asm/thread_info.h> /* for TS_COMPAT */ + #include <asm/unistd.h> + +@@ -30,6 +31,18 @@ extern const sys_call_ptr_t ia32_sys_cal + extern const sys_call_ptr_t x32_sys_call_table[]; + #endif + ++#if defined(CONFIG_X86_X32_ABI) ++#if defined(CONFIG_X86_X32_DISABLED) ++DECLARE_STATIC_KEY_FALSE(x32_enabled_skey); ++#define x32_enabled static_branch_unlikely(&x32_enabled_skey) ++#else ++DECLARE_STATIC_KEY_TRUE(x32_enabled_skey); ++#define x32_enabled static_branch_likely(&x32_enabled_skey) ++#endif ++#else ++#define x32_enabled 0 ++#endif ++ + /* + * Only the low 32 bits of orig_ax are meaningful, so we return int. + * This importantly ignores the high bits on 64-bit, so comparisons diff --git a/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch b/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch new file mode 100644 index 000000000..e8bc1b049 --- /dev/null +++ b/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch @@ -0,0 +1,28 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Mon, 5 Dec 2011 04:00:58 +0000 +Subject: x86: memtest: WARN if bad RAM found +Bug-Debian: https://bugs.debian.org/613321 +Forwarded: https://lore.kernel.org/all/20120402150522.GA4980@burratino/ + +Since this is not a particularly thorough test, if we find any bad +bits of RAM then there is a fair chance that there are other bad bits +we fail to detect. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + mm/memtest.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +--- a/mm/memtest.c ++++ b/mm/memtest.c +@@ -26,6 +26,10 @@ static u64 patterns[] __initdata = { + + static void __init reserve_bad_mem(u64 pattern, phys_addr_t start_bad, phys_addr_t end_bad) + { ++#ifdef CONFIG_X86 ++ WARN_ONCE(1, "Bad RAM detected. Use memtest86+ to perform a thorough test\n" ++ "and the memmap= parameter to reserve the bad areas."); ++#endif + pr_info(" %016llx bad mem addr %pa - %pa reserved\n", + cpu_to_be64(pattern), &start_bad, &end_bad); + memblock_reserve(start_bad, end_bad - start_bad); diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..9401d26da --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,119 @@ +debian/gitignore.patch + +# Disable features broken by exclusion of upstream files +debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch +debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch +debian/dfsg/drivers-net-appletalk-cops.patch +debian/dfsg/video-remove-nvidiafb-and-rivafb.patch +debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch + +# Changes to support package build system +debian/version.patch +debian/uname-version-timestamp.patch +debian/kernelvariables.patch +debian/ia64-hardcode-arch-script-output.patch +debian/mips-disable-werror.patch +debian/mips-boston-disable-its.patch +debian/mips-ieee754-relaxed.patch +debian/arch-sh4-fix-uimage-build.patch +debian/tools-perf-perf-read-vdso-in-libexec.patch +debian/tools-perf-install-python-bindings.patch +debian/wireless-add-debian-wireless-regdb-certificates.patch +debian/export-symbols-needed-by-android-drivers.patch +debian/android-enable-building-ashmem-and-binder-as-modules.patch +debian/documentation-drop-sphinx-version-check.patch +debian/perf-traceevent-support-asciidoctor-for-documentatio.patch +debian/kbuild-look-for-module.lds-under-arch-directory-too.patch +debian/kbuild-abort-build-if-subdirs-used.patch +debian/module-avoid-abi-changes-when-debug-info-is-disabled.patch +debian/makefile-make-compiler-version-comparison-optional.patch +debian/fixdep-allow-overriding-hostcc-and-hostld.patch + +# Fixes/improvements to firmware loading +features/all/drivers-media-dvb-usb-af9005-request_firmware.patch +debian/iwlwifi-do-not-request-unreleased-firmware.patch +bugfix/all/firmware_class-log-every-success-and-failure.patch +bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch +debian/firmware_class-refer-to-debian-wiki-firmware-page.patch + +# Change some defaults for security reasons +debian/af_802154-Disable-auto-loading-as-mitigation-against.patch +debian/rds-Disable-auto-loading-as-mitigation-against-local.patch +debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch +debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch +debian/fs-enable-link-security-restrictions-by-default.patch + +# Set various features runtime-disabled by default +debian/sched-autogroup-disabled.patch +debian/yama-disable-by-default.patch +debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch +features/all/security-perf-allow-further-restriction-of-perf_event_open.patch +features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch +features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch + +# Disable autoloading/probing of various drivers by default +debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch +debian/snd-pcsp-disable-autoload.patch +bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch +debian/fjes-disable-autoload.patch + +# Taint if dangerous features are used +debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch +debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch + +# Arch bug fixes +bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch +bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch +bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch +bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch +bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch +bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch +bugfix/alpha/alpha-fix-missing-symbol-versions-for-str-n-cat-cpy.patch + +# Arch features +features/x86/x86-memtest-WARN-if-bad-RAM-found.patch +features/x86/x86-make-x32-syscall-support-conditional.patch + +# Miscellaneous bug fixes +bugfix/all/disable-some-marvell-phys.patch +bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch +debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch + +# Miscellaneous features + +# Lockdown missing pieces +features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch +features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch +features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch + +# Improve integrity platform keyring for kernel modules verification +features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch +features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch +features/all/db-mok-keyring/trust-machine-keyring-by-default.patch + +# Security fixes +debian/i386-686-pae-pci-set-pci-nobios-by-default.patch +debian/ntfs-mark-it-as-broken.patch + +# Fix exported symbol versions +bugfix/all/module-disable-matching-missing-version-crc.patch + +# Tools bug fixes +bugfix/all/usbip-document-tcp-wrappers.patch +bugfix/all/kbuild-fix-recordmcount-dependency.patch +bugfix/all/tools-perf-man-date.patch +bugfix/all/tools-perf-remove-shebangs.patch +bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch +bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch +bugfix/all/cpupower-fix-checks-for-cpu-existence.patch +bugfix/all/libapi-define-_fortify_source-as-2-not-empty.patch +bugfix/all/tools-perf-fix-missing-ldflags-for-some-programs.patch +bugfix/all/tools_lib_symbol_use_d_fortify_source_2_for_non_debug_builds.patch +bugfix/all/perf-tools-support-extra-cxxflags.patch + +# debian-installer fixes +bugfix/powerpc/fbdev-offb-Update-expected-device-name.patch + +# ABI maintenance |